From a04d78d392463df4e69a64360c952ffa5abd22f7 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 25 Sep 2015 00:26:37 +0000 Subject: Revert "external/boringssl: sync with upstream." This reverts commit 1e4884f615b20946411a74e41eb9c6aa65e2d5f3. This breaks some x86 builds. Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25 --- src/crypto/cipher/e_aes.c | 108 ++++++++++++++++++++++++++++------------------ 1 file changed, 67 insertions(+), 41 deletions(-) (limited to 'src/crypto/cipher/e_aes.c') diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index e8905f6..41d0aec 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -64,7 +64,7 @@ #include "../modes/internal.h" #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include +#include "../arm_arch.h" #endif @@ -98,6 +98,8 @@ typedef struct { #if !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) #define VPAES +extern unsigned int OPENSSL_ia32cap_P[]; + static char vpaes_capable(void) { return (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) != 0; } @@ -111,6 +113,7 @@ static char bsaes_capable(void) { #elif !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) +#include "../arm_arch.h" #if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7 #define BSAES @@ -335,7 +338,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aes_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -708,7 +711,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } else { if (!ctx->encrypt) { if (gctx->taglen < 0 || - !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) { + !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) { return -1; } gctx->iv_set = 0; @@ -850,7 +853,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aesni_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1063,7 +1066,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1072,7 +1075,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_TAG_TOO_LARGE); return 0; } @@ -1105,12 +1108,12 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, GCM128_CONTEXT gcm; if (in_len + gcm_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -1149,14 +1152,14 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, GCM128_CONTEXT gcm; if (in_len < gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - gcm_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -1182,7 +1185,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1236,7 +1239,7 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1245,13 +1248,14 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, + CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } kw_ctx = OPENSSL_malloc(sizeof(struct aead_aes_key_wrap_ctx)); if (kw_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, ERR_R_MALLOC_FAILURE); return 0; } @@ -1289,7 +1293,8 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1299,12 +1304,14 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1313,29 +1320,32 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-16 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); return 0; } n = in_len / 8; if (n < 2) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } if (in_len + 8 < in_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_encrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, + CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1378,7 +1388,8 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1388,12 +1399,14 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1402,24 +1415,26 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-8 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_TOO_LARGE); return 0; } if (in_len < 24) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); return 0; } n = (in_len / 8) - 1; if (max_out_len < in_len - 8) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_decrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, + CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1442,7 +1457,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (CRYPTO_memcmp(A, nonce, 8) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1526,13 +1541,15 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static const size_t hmac_key_len = 32; if (key_len < hmac_key_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } const size_t aes_key_len = key_len - hmac_key_len; if (aes_key_len != 16 && aes_key_len != 32) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1541,13 +1558,15 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + CIPHER_R_TAG_TOO_LARGE); return 0; } aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx)); if (aes_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, + ERR_R_MALLOC_FAILURE); return 0; } @@ -1647,17 +1666,20 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (in_len + aes_ctx->tag_len < in_len || /* This input is so large it would overflow the 32-bit block counter. */ in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1681,19 +1703,22 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t plaintext_len; if (in_len < aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - aes_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1702,7 +1727,8 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, &aes_ctx->outer_init_state, ad, ad_len, nonce, in, plaintext_len); if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, + CIPHER_R_BAD_DECRYPT); return 0; } -- cgit v1.1