diff options
Diffstat (limited to 'src/crypto/cipher')
| -rw-r--r-- | src/crypto/cipher/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/crypto/cipher/aead.c | 15 | ||||
| -rw-r--r-- | src/crypto/cipher/aead_test.cc | 62 | ||||
| -rw-r--r-- | src/crypto/cipher/cipher.c | 41 | ||||
| -rw-r--r-- | src/crypto/cipher/cipher_test.cc | 57 | ||||
| -rw-r--r-- | src/crypto/cipher/e_aes.c | 108 | ||||
| -rw-r--r-- | src/crypto/cipher/e_chacha20poly1305.c | 22 | ||||
| -rw-r--r-- | src/crypto/cipher/e_des.c | 78 | ||||
| -rw-r--r-- | src/crypto/cipher/e_rc2.c | 27 | ||||
| -rw-r--r-- | src/crypto/cipher/e_rc4.c | 22 | ||||
| -rw-r--r-- | src/crypto/cipher/e_ssl3.c | 56 | ||||
| -rw-r--r-- | src/crypto/cipher/e_tls.c | 56 | ||||
| -rw-r--r-- | src/crypto/cipher/test/aes_128_gcm_tests.txt | 6 | ||||
| -rw-r--r-- | src/crypto/cipher/test/cipher_test.txt | 60 |
14 files changed, 205 insertions, 407 deletions
diff --git a/src/crypto/cipher/CMakeLists.txt b/src/crypto/cipher/CMakeLists.txt index 6b4c729..2775698 100644 --- a/src/crypto/cipher/CMakeLists.txt +++ b/src/crypto/cipher/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(../../include) +include_directories(. .. ../../include) add_library( cipher diff --git a/src/crypto/cipher/aead.c b/src/crypto/cipher/aead.c index 7e747f8..20d699d 100644 --- a/src/crypto/cipher/aead.c +++ b/src/crypto/cipher/aead.c @@ -30,15 +30,11 @@ size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; } size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; } -void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) { - memset(ctx, 0, sizeof(EVP_AEAD_CTX)); -} - int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl) { if (!aead->init) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_DIRECTION_SET); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_NO_DIRECTION_SET); ctx->aead = NULL; return 0; } @@ -51,7 +47,8 @@ int EVP_AEAD_CTX_init_with_direction(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, size_t tag_len, enum evp_aead_direction_t dir) { if (key_len != aead->key_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_KEY_SIZE); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init_with_direction, + CIPHER_R_UNSUPPORTED_KEY_SIZE); ctx->aead = NULL; return 0; } @@ -104,12 +101,12 @@ int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t possible_out_len = in_len + ctx->aead->overhead; if (possible_out_len < in_len /* overflow */) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_seal, CIPHER_R_TOO_LARGE); goto error; } if (!check_alias(in, in_len, out)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_seal, CIPHER_R_OUTPUT_ALIASES_INPUT); goto error; } @@ -131,7 +128,7 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len) { if (!check_alias(in, in_len, out)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_open, CIPHER_R_OUTPUT_ALIASES_INPUT); goto error; } diff --git a/src/crypto/cipher/aead_test.cc b/src/crypto/cipher/aead_test.cc index baaee9e..e4b75d6 100644 --- a/src/crypto/cipher/aead_test.cc +++ b/src/crypto/cipher/aead_test.cc @@ -22,7 +22,6 @@ #include <openssl/err.h> #include "../test/file_test.h" -#include "../test/scoped_types.h" #include "../test/stl_compat.h" @@ -36,6 +35,18 @@ // CT: 5294265a60 // TAG: 1d45758621762e061368e68868e2f929 +// EVP_AEAD_CTX lacks a zero state, so it doesn't fit easily into +// ScopedOpenSSLContext. +class EVP_AEAD_CTXScoper { + public: + EVP_AEAD_CTXScoper(EVP_AEAD_CTX *ctx) : ctx_(ctx) {} + ~EVP_AEAD_CTXScoper() { + EVP_AEAD_CTX_cleanup(ctx_); + } + private: + EVP_AEAD_CTX *ctx_; +}; + static bool TestAEAD(FileTest *t, void *arg) { const EVP_AEAD *aead = reinterpret_cast<const EVP_AEAD*>(arg); @@ -49,19 +60,20 @@ static bool TestAEAD(FileTest *t, void *arg) { return false; } - ScopedEVP_AEAD_CTX ctx; - if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, - bssl::vector_data(&key), key.size(), - tag.size(), evp_aead_seal)) { + EVP_AEAD_CTX ctx; + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_seal)) { t->PrintLine("Failed to init AEAD."); return false; } + EVP_AEAD_CTXScoper cleanup(&ctx); std::vector<uint8_t> out(in.size() + EVP_AEAD_max_overhead(aead)); if (!t->HasAttribute("NO_SEAL")) { size_t out_len; - if (!EVP_AEAD_CTX_seal(ctx.get(), bssl::vector_data(&out), &out_len, - out.size(), bssl::vector_data(&nonce), nonce.size(), + if (!EVP_AEAD_CTX_seal(&ctx, bssl::vector_data(&out), &out_len, out.size(), + bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&in), in.size(), bssl::vector_data(&ad), ad.size())) { t->PrintLine("Failed to run AEAD."); @@ -89,17 +101,17 @@ static bool TestAEAD(FileTest *t, void *arg) { // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // reset after each operation. - ctx.Reset(); - if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, - bssl::vector_data(&key), key.size(), - tag.size(), evp_aead_open)) { + EVP_AEAD_CTX_cleanup(&ctx); + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_open)) { t->PrintLine("Failed to init AEAD."); return false; } std::vector<uint8_t> out2(out.size()); size_t out2_len; - int ret = EVP_AEAD_CTX_open(ctx.get(), + int ret = EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&out), out.size(), @@ -125,10 +137,10 @@ static bool TestAEAD(FileTest *t, void *arg) { // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // reset after each operation. - ctx.Reset(); - if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, - bssl::vector_data(&key), key.size(), - tag.size(), evp_aead_open)) { + EVP_AEAD_CTX_cleanup(&ctx); + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_open)) { t->PrintLine("Failed to init AEAD."); return false; } @@ -136,8 +148,8 @@ static bool TestAEAD(FileTest *t, void *arg) { // Garbage at the end isn't ignored. out.push_back(0); out2.resize(out.size()); - if (EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len, - out2.size(), bssl::vector_data(&nonce), nonce.size(), + if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), + bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&out), out.size(), bssl::vector_data(&ad), ad.size())) { t->PrintLine("Decrypted bad data with trailing garbage."); @@ -147,10 +159,10 @@ static bool TestAEAD(FileTest *t, void *arg) { // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // reset after each operation. - ctx.Reset(); - if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, - bssl::vector_data(&key), key.size(), - tag.size(), evp_aead_open)) { + EVP_AEAD_CTX_cleanup(&ctx); + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), + key.size(), tag.size(), + evp_aead_open)) { t->PrintLine("Failed to init AEAD."); return false; } @@ -159,8 +171,8 @@ static bool TestAEAD(FileTest *t, void *arg) { out[0] ^= 0x80; out.resize(out.size() - 1); out2.resize(out.size()); - if (EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len, - out2.size(), bssl::vector_data(&nonce), nonce.size(), + if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), + bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&out), out.size(), bssl::vector_data(&ad), ad.size())) { t->PrintLine("Decrypted bad data with corrupted byte."); @@ -188,7 +200,6 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) { fprintf(stderr, "A silly tag length didn't trigger an error!\n"); return 0; } - ERR_clear_error(); /* Running a second, failed _init should not cause a memory leak. */ if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len, @@ -197,7 +208,6 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) { fprintf(stderr, "A silly tag length didn't trigger an error!\n"); return 0; } - ERR_clear_error(); /* Calling _cleanup on an |EVP_AEAD_CTX| after a failed _init should be a * no-op. */ diff --git a/src/crypto/cipher/cipher.c b/src/crypto/cipher/cipher.c index 4401867..400c3f5 100644 --- a/src/crypto/cipher/cipher.c +++ b/src/crypto/cipher/cipher.c @@ -68,18 +68,12 @@ const EVP_CIPHER *EVP_get_cipherbynid(int nid) { switch (nid) { - case NID_rc2_cbc: - return EVP_rc2_cbc(); - case NID_rc2_40_cbc: - return EVP_rc2_40_cbc(); case NID_des_ede3_cbc: return EVP_des_ede3_cbc(); case NID_des_ede_cbc: return EVP_des_cbc(); case NID_aes_128_cbc: return EVP_aes_128_cbc(); - case NID_aes_192_cbc: - return EVP_aes_192_cbc(); case NID_aes_256_cbc: return EVP_aes_256_cbc(); default: @@ -121,7 +115,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { if (in == NULL || in->cipher == NULL) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INPUT_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_copy, CIPHER_R_INPUT_NOT_INITIALIZED); return 0; } @@ -131,7 +125,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); if (!out->cipher_data) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_copy, ERR_R_MALLOC_FAILURE); return 0; } memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); @@ -171,7 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { ctx->cipher = NULL; - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, ERR_R_MALLOC_FAILURE); return 0; } } else { @@ -184,12 +178,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INITIALIZATION_ERROR); + OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_INITIALIZATION_ERROR); return 0; } } } else if (!ctx->cipher) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET); + OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_NO_CIPHER_SET); return 0; } @@ -344,7 +338,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { bl = ctx->buf_len; if (ctx->flags & EVP_CIPH_NO_PADDING) { if (bl) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, EVP_EncryptFinal_ex, + CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *out_len = 0; @@ -439,7 +434,8 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { b = ctx->cipher->block_size; if (ctx->flags & EVP_CIPH_NO_PADDING) { if (ctx->buf_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, + CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *out_len = 0; @@ -448,7 +444,8 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { if (b > 1) { if (ctx->buf_len || !ctx->final_used) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_WRONG_FINAL_BLOCK_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, + CIPHER_R_WRONG_FINAL_BLOCK_LENGTH); return 0; } assert(b <= sizeof(ctx->final)); @@ -457,13 +454,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { * Otherwise it provides a padding oracle. */ n = ctx->final[b - 1]; if (n == 0 || n > (int)b) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, CIPHER_R_BAD_DECRYPT); return 0; } for (i = 0; i < n; i++) { if (ctx->final[--b] != n) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, CIPHER_R_BAD_DECRYPT); return 0; } } @@ -541,18 +538,19 @@ uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) { int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command, int arg, void *ptr) { int ret; if (!ctx->cipher) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET); + OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, CIPHER_R_NO_CIPHER_SET); return 0; } if (!ctx->cipher->ctrl) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, CIPHER_R_CTRL_NOT_IMPLEMENTED); return 0; } ret = ctx->cipher->ctrl(ctx, command, arg, ptr); if (ret == -1) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, + CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; } @@ -574,7 +572,8 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, unsigned key_len) { } if (key_len == 0 || !(c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_set_key_length, + CIPHER_R_INVALID_KEY_LENGTH); return 0; } @@ -631,7 +630,7 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { return EVP_rc4(); } else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) { return EVP_des_cbc(); - } else if (OPENSSL_strcasecmp(name, "des-ede3-cbc") == 0 || + } else if (OPENSSL_strcasecmp(name, "3des-cbc") == 0 || OPENSSL_strcasecmp(name, "3des") == 0) { return EVP_des_ede3_cbc(); } else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) { diff --git a/src/crypto/cipher/cipher_test.cc b/src/crypto/cipher/cipher_test.cc index 5f04178..97a84e0 100644 --- a/src/crypto/cipher/cipher_test.cc +++ b/src/crypto/cipher/cipher_test.cc @@ -69,12 +69,6 @@ static const EVP_CIPHER *GetCipher(const std::string &name) { if (name == "DES-CBC") { return EVP_des_cbc(); - } else if (name == "DES-ECB") { - return EVP_des_ecb(); - } else if (name == "DES-EDE") { - return EVP_des_ede(); - } else if (name == "DES-EDE-CBC") { - return EVP_des_ede_cbc(); } else if (name == "DES-EDE3-CBC") { return EVP_des_ede3_cbc(); } else if (name == "RC4") { @@ -110,7 +104,6 @@ static const EVP_CIPHER *GetCipher(const std::string &name) { static bool TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt, - bool streaming, const std::vector<uint8_t> &key, const std::vector<uint8_t> &iv, const std::vector<uint8_t> &plaintext, @@ -167,29 +160,11 @@ static bool TestOperation(FileTest *t, (!aad.empty() && !EVP_CipherUpdate(ctx.get(), nullptr, &unused, bssl::vector_data(&aad), aad.size())) || - !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) { - t->PrintLine("Operation failed."); - return false; - } - if (streaming) { - for (size_t i = 0; i < in->size(); i++) { - uint8_t c = (*in)[i]; - int len; - if (!EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result) + result_len1, - &len, &c, 1)) { - t->PrintLine("Operation failed."); - return false; - } - result_len1 += len; - } - } else if (!in->empty() && - !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), - &result_len1, bssl::vector_data(in), - in->size())) { - t->PrintLine("Operation failed."); - return false; - } - if (!EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1, + !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) || + (!in->empty() && + !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), &result_len1, + bssl::vector_data(in), in->size())) || + !EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1, &result_len2)) { t->PrintLine("Operation failed."); return false; @@ -261,21 +236,15 @@ static bool TestCipher(FileTest *t, void *arg) { } // By default, both directions are run, unless overridden by the operation. - if (operation != kDecrypt) { - if (!TestOperation(t, cipher, true /* encrypt */, false /* single-shot */, - key, iv, plaintext, ciphertext, aad, tag) || - !TestOperation(t, cipher, true /* encrypt */, true /* streaming */, key, - iv, plaintext, ciphertext, aad, tag)) { - return false; - } + if (operation != kDecrypt && + !TestOperation(t, cipher, true /* encrypt */, key, iv, plaintext, + ciphertext, aad, tag)) { + return false; } - if (operation != kEncrypt) { - if (!TestOperation(t, cipher, false /* decrypt */, false /* single-shot */, - key, iv, plaintext, ciphertext, aad, tag) || - !TestOperation(t, cipher, false /* decrypt */, true /* streaming */, - key, iv, plaintext, ciphertext, aad, tag)) { - return false; - } + if (operation != kEncrypt && + !TestOperation(t, cipher, false /* decrypt */, key, iv, plaintext, + ciphertext, aad, tag)) { + return false; } return true; diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index e8905f6..41d0aec 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -64,7 +64,7 @@ #include "../modes/internal.h" #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include <openssl/arm_arch.h> +#include "../arm_arch.h" #endif @@ -98,6 +98,8 @@ typedef struct { #if !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) #define VPAES +extern unsigned int OPENSSL_ia32cap_P[]; + static char vpaes_capable(void) { return (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) != 0; } @@ -111,6 +113,7 @@ static char bsaes_capable(void) { #elif !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) +#include "../arm_arch.h" #if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7 #define BSAES @@ -335,7 +338,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aes_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -708,7 +711,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } else { if (!ctx->encrypt) { if (gctx->taglen < 0 || - !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) { + !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) { return -1; } gctx->iv_set = 0; @@ -850,7 +853,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aesni_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1063,7 +1066,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1072,7 +1075,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_TAG_TOO_LARGE); return 0; } @@ -1105,12 +1108,12 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, GCM128_CONTEXT gcm; if (in_len + gcm_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -1149,14 +1152,14 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, GCM128_CONTEXT gcm; if (in_len < gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - gcm_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -1182,7 +1185,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1236,7 +1239,7 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1245,13 +1248,14 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, + CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } kw_ctx = OPENSSL_malloc(sizeof(struct aead_aes_key_wrap_ctx)); if (kw_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, ERR_R_MALLOC_FAILURE); return 0; } @@ -1289,7 +1293,8 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1299,12 +1304,14 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1313,29 +1320,32 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-16 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); return 0; } n = in_len / 8; if (n < 2) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } if (in_len + 8 < in_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_encrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1378,7 +1388,8 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1388,12 +1399,14 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1402,24 +1415,26 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-8 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_TOO_LARGE); return 0; } if (in_len < 24) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); return 0; } n = (in_len / 8) - 1; if (max_out_len < in_len - 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_decrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1442,7 +1457,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (CRYPTO_memcmp(A, nonce, 8) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1526,13 +1541,15 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static const size_t hmac_key_len = 32; if (key_len < hmac_key_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } const size_t aes_key_len = key_len - hmac_key_len; if (aes_key_len != 16 && aes_key_len != 32) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1541,13 +1558,15 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_TAG_TOO_LARGE); return 0; } aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx)); if (aes_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + ERR_R_MALLOC_FAILURE); return 0; } @@ -1647,17 +1666,20 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (in_len + aes_ctx->tag_len < in_len || /* This input is so large it would overflow the 32-bit block counter. */ in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1681,19 +1703,22 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t plaintext_len; if (in_len < aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - aes_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1702,7 +1727,8 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, &aes_ctx->outer_init_state, ad, ad_len, nonce, in, plaintext_len); if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BAD_DECRYPT); return 0; } diff --git a/src/crypto/cipher/e_chacha20poly1305.c b/src/crypto/cipher/e_chacha20poly1305.c index 9dda1b0..ebf0088 100644 --- a/src/crypto/cipher/e_chacha20poly1305.c +++ b/src/crypto/cipher/e_chacha20poly1305.c @@ -42,7 +42,7 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > POLY1305_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_init, CIPHER_R_TOO_LARGE); return 0; } @@ -107,22 +107,23 @@ static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, * Casting to uint64_t inside the conditional is not sufficient to stop * the warning. */ if (in_len_64 >= (1ull << 32) * 64 - 64) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_TOO_LARGE); return 0; } if (in_len + c20_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + c20_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != CHACHA20_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_IV_TOO_LARGE); return 0; } @@ -155,7 +156,7 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint64_t in_len_64 = in_len; if (in_len < c20_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -167,19 +168,20 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out, * Casting to uint64_t inside the conditional is not sufficient to stop * the warning. */ if (in_len_64 >= (1ull << 32) * 64 - 64) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_TOO_LARGE); return 0; } if (nonce_len != CHACHA20_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_IV_TOO_LARGE); return 0; } plaintext_len = in_len - c20_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -193,7 +195,7 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out, CRYPTO_poly1305_finish(&poly1305, mac); if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_BAD_DECRYPT); return 0; } diff --git a/src/crypto/cipher/e_des.c b/src/crypto/cipher/e_des.c index b1d312c..74e1fce 100644 --- a/src/crypto/cipher/e_des.c +++ b/src/crypto/cipher/e_des.c @@ -96,31 +96,6 @@ static const EVP_CIPHER des_cbc = { const EVP_CIPHER *EVP_des_cbc(void) { return &des_cbc; } -static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, - size_t in_len) { - if (in_len < ctx->cipher->block_size) { - return 1; - } - in_len -= ctx->cipher->block_size; - - EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; - size_t i; - for (i = 0; i <= in_len; i += ctx->cipher->block_size) { - DES_ecb_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i), - &dat->ks.ks, ctx->encrypt); - } - return 1; -} - -static const EVP_CIPHER des_ecb = { - NID_des_ecb, 8 /* block_size */, 8 /* key_size */, - 0 /* iv_len */, sizeof(EVP_DES_KEY), EVP_CIPH_ECB_MODE, - NULL /* app_data */, des_init_key, des_ecb_cipher, - NULL /* cleanup */, NULL /* ctrl */, }; - -const EVP_CIPHER *EVP_des_ecb(void) { return &des_ecb; } - - typedef struct { union { double align; @@ -151,57 +126,10 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, return 1; } -static const EVP_CIPHER des_ede3_cbc = { - NID_des_ede3_cbc, 8 /* block_size */, 24 /* key_size */, +static const EVP_CIPHER des3_cbc = { + NID_des_cbc, 8 /* block_size */, 24 /* key_size */, 8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE, NULL /* app_data */, des_ede3_init_key, des_ede3_cbc_cipher, NULL /* cleanup */, NULL /* ctrl */, }; -const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des_ede3_cbc; } - - -static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, - const uint8_t *iv, int enc) { - DES_cblock *deskey = (DES_cblock *) key; - DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data; - - DES_set_key(&deskey[0], &dat->ks.ks[0]); - DES_set_key(&deskey[1], &dat->ks.ks[1]); - DES_set_key(&deskey[0], &dat->ks.ks[2]); - - return 1; -} - -static const EVP_CIPHER des_ede_cbc = { - NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */, - 8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE, - NULL /* app_data */, des_ede_init_key , des_ede3_cbc_cipher, - NULL /* cleanup */, NULL /* ctrl */, }; - -const EVP_CIPHER *EVP_des_ede_cbc(void) { return &des_ede_cbc; } - - -static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, - const uint8_t *in, size_t in_len) { - if (in_len < ctx->cipher->block_size) { - return 1; - } - in_len -= ctx->cipher->block_size; - - DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data; - size_t i; - for (i = 0; i <= in_len; i += ctx->cipher->block_size) { - DES_ecb3_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i), - &dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2], - ctx->encrypt); - } - return 1; -} - -static const EVP_CIPHER des_ede_ecb = { - NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */, - 0 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_ECB_MODE, - NULL /* app_data */, des_ede_init_key , des_ede_ecb_cipher, - NULL /* cleanup */, NULL /* ctrl */, }; - -const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; } +const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des3_cbc; } diff --git a/src/crypto/cipher/e_rc2.c b/src/crypto/cipher/e_rc2.c index 8ca7bba..c90ab93 100644 --- a/src/crypto/cipher/e_rc2.c +++ b/src/crypto/cipher/e_rc2.c @@ -395,18 +395,13 @@ static int rc2_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { case EVP_CTRL_INIT: key->key_bits = EVP_CIPHER_CTX_key_length(ctx) * 8; return 1; - case EVP_CTRL_SET_RC2_KEY_BITS: - /* Should be overridden by later call to |EVP_CTRL_INIT|, but - * people call it, so it may as well work. */ - key->key_bits = arg; - return 1; default: return -1; } } -static const EVP_CIPHER rc2_40_cbc = { +static const EVP_CIPHER rc2_40_cbc_cipher = { NID_rc2_40_cbc, 8 /* block size */, 5 /* 40 bit */, @@ -421,23 +416,5 @@ static const EVP_CIPHER rc2_40_cbc = { }; const EVP_CIPHER *EVP_rc2_40_cbc(void) { - return &rc2_40_cbc; -} - -static const EVP_CIPHER rc2_cbc = { - NID_rc2_cbc, - 8 /* block size */, - 16 /* 128 bit */, - 8 /* iv len */, - sizeof(EVP_RC2_KEY), - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - NULL /* app_data */, - rc2_init_key, - rc2_cbc_cipher, - NULL, - rc2_ctrl, -}; - -const EVP_CIPHER *EVP_rc2_cbc(void) { - return &rc2_cbc; + return &rc2_40_cbc_cipher; } diff --git a/src/crypto/cipher/e_rc4.c b/src/crypto/cipher/e_rc4.c index e05b9fd..80dea36 100644 --- a/src/crypto/cipher/e_rc4.c +++ b/src/crypto/cipher/e_rc4.c @@ -115,20 +115,20 @@ aead_rc4_md5_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, } if (tag_len > MD5_DIGEST_LENGTH) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, CIPHER_R_TOO_LARGE); return 0; } /* The keys consists of |MD5_DIGEST_LENGTH| bytes of HMAC(MD5) key followed * by some number of bytes of RC4 key. */ if (key_len <= MD5_DIGEST_LENGTH) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, CIPHER_R_BAD_KEY_LENGTH); return 0; } rc4_ctx = OPENSSL_malloc(sizeof(struct aead_rc4_md5_tls_ctx)); if (rc4_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, ERR_R_MALLOC_FAILURE); return 0; } memset(rc4_ctx, 0, sizeof(struct aead_rc4_md5_tls_ctx)); @@ -185,22 +185,22 @@ static int aead_rc4_md5_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t digest[MD5_DIGEST_LENGTH]; if (in_len + rc4_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_TOO_LARGE); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_IV_TOO_LARGE); return 0; } if (max_out_len < in_len + rc4_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_TOO_LARGE); return 0; } @@ -288,21 +288,21 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t digest[MD5_DIGEST_LENGTH]; if (in_len < rc4_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - rc4_ctx->tag_len; if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len) { /* This requires that the caller provide space for the MAC, even though it * will always be removed on return. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -366,7 +366,7 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, MD5_Final(digest, &md); if (CRYPTO_memcmp(out + plaintext_len, digest, rc4_ctx->tag_len)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BAD_DECRYPT); return 0; } diff --git a/src/crypto/cipher/e_ssl3.c b/src/crypto/cipher/e_ssl3.c index 389c52f..1031d9b 100644 --- a/src/crypto/cipher/e_ssl3.c +++ b/src/crypto/cipher/e_ssl3.c @@ -85,12 +85,12 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, const EVP_CIPHER *cipher, const EVP_MD *md) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } if (key_len != EVP_AEAD_key_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_BAD_KEY_LENGTH); return 0; } @@ -102,7 +102,7 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, AEAD_SSL3_CTX *ssl3_ctx = OPENSSL_malloc(sizeof(AEAD_SSL3_CTX)); if (ssl3_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, ERR_R_MALLOC_FAILURE); return 0; } EVP_CIPHER_CTX_init(&ssl3_ctx->cipher_ctx); @@ -133,29 +133,29 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (!ssl3_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_OPERATION); return 0; } if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_IV_TOO_LARGE); return 0; } if (ad_len != 11 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_AD_SIZE); return 0; } @@ -217,36 +217,36 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (ssl3_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_OPERATION); return 0; } size_t mac_len = EVP_MD_CTX_size(&ssl3_ctx->md_ctx); if (in_len < mac_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); return 0; } if (max_out_len < in_len) { /* This requires that the caller provide space for the MAC, even though it * will always be removed on return. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_TOO_LARGE); return 0; } if (ad_len != 11 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_AD_SIZE); return 0; } if (in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_TOO_LARGE); return 0; } @@ -270,12 +270,12 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (EVP_CIPHER_CTX_mode(&ssl3_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE) { unsigned padding_length = out[total - 1]; if (total < padding_length + 1 + mac_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); return 0; } /* The padding must be minimal. */ if (padding_length + 1 > EVP_CIPHER_CTX_block_size(&ssl3_ctx->cipher_ctx)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); return 0; } data_len = total - padding_length - 1 - mac_len; @@ -289,7 +289,7 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } if (CRYPTO_memcmp(&out[data_len], mac, mac_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -340,13 +340,6 @@ static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, EVP_sha1()); } -static int aead_null_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len, - enum evp_aead_direction_t dir) { - return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(), - EVP_sha1()); -} - static const EVP_AEAD aead_rc4_md5_ssl3 = { MD5_DIGEST_LENGTH + 16, /* key len (MD5 + RC4) */ 0, /* nonce len */ @@ -412,19 +405,6 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { NULL, /* get_rc4_state */ }; -static const EVP_AEAD aead_null_sha1_ssl3 = { - SHA_DIGEST_LENGTH, /* key len */ - 0, /* nonce len */ - SHA_DIGEST_LENGTH, /* overhead (SHA1) */ - SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ - aead_null_sha1_ssl3_init, - aead_ssl3_cleanup, - aead_ssl3_seal, - aead_ssl3_open, - NULL, /* get_rc4_state */ -}; - const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; } const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void) { return &aead_rc4_sha1_ssl3; } @@ -440,5 +420,3 @@ const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void) { const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void) { return &aead_des_ede3_cbc_sha1_ssl3; } - -const EVP_AEAD *EVP_aead_null_sha1_ssl3(void) { return &aead_null_sha1_ssl3; } diff --git a/src/crypto/cipher/e_tls.c b/src/crypto/cipher/e_tls.c index 2778881..bed02cb 100644 --- a/src/crypto/cipher/e_tls.c +++ b/src/crypto/cipher/e_tls.c @@ -57,12 +57,12 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, char implicit_iv) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } if (key_len != EVP_AEAD_key_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_BAD_KEY_LENGTH); return 0; } @@ -75,7 +75,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, AEAD_TLS_CTX *tls_ctx = OPENSSL_malloc(sizeof(AEAD_TLS_CTX)); if (tls_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, ERR_R_MALLOC_FAILURE); return 0; } EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx); @@ -109,7 +109,7 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (!tls_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_OPERATION); return 0; } @@ -117,22 +117,22 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_NONCE_SIZE); return 0; } if (ad_len != 13 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_AD_SIZE); return 0; } @@ -214,36 +214,36 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (tls_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_OPERATION); return 0; } if (in_len < HMAC_size(&tls_ctx->hmac_ctx)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); return 0; } if (max_out_len < in_len) { /* This requires that the caller provide space for the MAC, even though it * will always be removed on return. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_NONCE_SIZE); return 0; } if (ad_len != 13 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_AD_SIZE); return 0; } if (in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_TOO_LARGE); return 0; } @@ -278,7 +278,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, (unsigned)HMAC_size(&tls_ctx->hmac_ctx)); /* Publicly invalid. This can be rejected in non-constant time. */ if (padding_ok == 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); return 0; } } else { @@ -312,7 +312,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (!EVP_tls_cbc_digest_record(tls_ctx->hmac_ctx.md, mac, &mac_len, ad_fixed, out, data_plus_mac_len, total, tls_ctx->mac_key, tls_ctx->mac_key_len)) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); return 0; } assert(mac_len == HMAC_size(&tls_ctx->hmac_ctx)); @@ -349,7 +349,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, 0); good &= constant_time_eq_int(padding_ok, 1); if (!good) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -444,13 +444,6 @@ static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx, return 1; } -static int aead_null_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len, - enum evp_aead_direction_t dir) { - return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(), - EVP_sha1(), 1 /* implicit iv */); -} - static const EVP_AEAD aead_rc4_sha1_tls = { SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */ 0, /* nonce len */ @@ -581,19 +574,6 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { NULL, /* get_rc4_state */ }; -static const EVP_AEAD aead_null_sha1_tls = { - SHA_DIGEST_LENGTH, /* key len */ - 0, /* nonce len */ - SHA_DIGEST_LENGTH, /* overhead (SHA1) */ - SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ - aead_null_sha1_tls_init, - aead_tls_cleanup, - aead_tls_seal, - aead_tls_open, - NULL, /* get_rc4_state */ -}; - const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; } const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void) { @@ -631,5 +611,3 @@ const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void) { const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void) { return &aead_des_ede3_cbc_sha1_tls_implicit_iv; } - -const EVP_AEAD *EVP_aead_null_sha1_tls(void) { return &aead_null_sha1_tls; } diff --git a/src/crypto/cipher/test/aes_128_gcm_tests.txt b/src/crypto/cipher/test/aes_128_gcm_tests.txt index 75466fe..5f7ad35 100644 --- a/src/crypto/cipher/test/aes_128_gcm_tests.txt +++ b/src/crypto/cipher/test/aes_128_gcm_tests.txt @@ -418,9 +418,3 @@ AD: 18e2ed6d500b176e49f7e1b5074c0b7dbfdefdf00a63d9fa2fea8c5e78a1c4ae00f17b234429 CT: 5f3627bd53f8da0bbe6f3c9246d6f96fe9abb91cdecf66ddd42f833d98f4d4634c2e1e1ad4088c84c22191bdb9d99ef227320e455dd112c4a9e9cca95724fcc9ae024ed12bf60a802d0b87b99d9bf22590786567c2962171d2b05bec9754c627608e9eba7bccc70540aa4da72e1e04b26d8f968b10230f707501c0091a8ac118f86e87aae1ac00257aee29c3345bd3839154977acd378fc1b2197f5c1fd8e12262f9c2974fb92dc481eeb51aadd44a8851f61b93a84ba57f2870df0423d289bfdcfe634f9ecb7d7c6110a95b49418a2dd6663377690275c205b3efa79a0a77c92567fb429d8ee437312a39df7516dc238f7b9414938223d7ec24d256d3fb3a5954a7c75dbd79486d49ba6bb38a7ccce0f58700260b71319adf98ab8684e34913abe2d9d97193e2 TAG: e690e89af39ff367f5d40a1b7c7ccd4f -KEY: 31323334353637383930313233343536 -NONCE: 31323334353637383930313233343536 -IN: 48656c6c6f2c20576f726c64 -AD: -CT: cec189d0e8419b90fb16d555 -TAG: 32893832a8d609224d77c2e56a922282 diff --git a/src/crypto/cipher/test/cipher_test.txt b/src/crypto/cipher/test/cipher_test.txt index 21fffdb..93cb8f3 100644 --- a/src/crypto/cipher/test/cipher_test.txt +++ b/src/crypto/cipher/test/cipher_test.txt @@ -38,22 +38,6 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 -# DES EDE CBC tests -Cipher = DES-EDE-CBC -Key = 0123456789abcdeff1e0d3c2b5a49786 -IV = fedcba9876543210 -Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 -Ciphertext = 7948C0DA4FE91CD815DCA96DBC9B60A857EB954F4DEB08EB98722642AE69257B - - -# DES EDE tests -Cipher = DES-EDE -Key = 0123456789abcdeff1e0d3c2b5a49786 -IV = fedcba9876543210 -Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 -Ciphertext = 22E889402E28422F8167AD279D90A566DA75B734E12C671FC2669AECB3E4FE8F - - # AES 128 ECB tests (from FIPS-197 test vectors, encrypt) Cipher = AES-128-ECB Key = 000102030405060708090A0B0C0D0E0F @@ -376,13 +360,6 @@ Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3d AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d -Cipher = AES-128-GCM -Key = 31323334353637383930313233343536 -IV = 31323334353637383930313233343536 -Plaintext = 48656c6c6f2c20576f726c64 -Ciphertext = cec189d0e8419b90fb16d555 -Tag = 32893832a8d609224d77c2e56a922282 -AAD = # OFB tests from OpenSSL upstream. @@ -558,40 +535,3 @@ Cipher = AES-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E - -# DES ECB tests - -Cipher = DES-ECB -Key = 0000000000000000 -Plaintext = 0000000000000000 -Ciphertext = 8CA64DE9C1B123A7 - -Cipher = DES-ECB -Key = FFFFFFFFFFFFFFFF -Plaintext = FFFFFFFFFFFFFFFF -Ciphertext = 7359B2163E4EDC58 - -Cipher = DES-ECB -Key = 3000000000000000 -Plaintext = 1000000000000001 -Ciphertext = 958E6E627A05557B - -Cipher = DES-ECB -Key = 1111111111111111 -Plaintext = 1111111111111111 -Ciphertext = F40379AB9E0EC533 - -Cipher = DES-ECB -Key = 0123456789ABCDEF -Plaintext = 1111111111111111 -Ciphertext = 17668DFC7292532D - -Cipher = DES-ECB -Key = 1111111111111111 -Plaintext = 0123456789ABCDEF -Ciphertext = 8A5AE1F81AB8F2DD - -Cipher = DES-ECB -Key = FEDCBA9876543210 -Plaintext = 0123456789ABCDEF -Ciphertext = ED39D950FA74BCC4 |