sync with OpenBSD -current
This commit is contained in:
parent
da785accdf
commit
659ea2942e
39 changed files with 1318 additions and 384 deletions
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cmac.c,v 1.17 2023/12/15 13:45:05 tb Exp $ */
|
||||
/* $OpenBSD: cmac.c,v 1.18 2023/12/18 21:15:00 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project.
|
||||
*/
|
||||
|
@ -90,21 +90,21 @@ struct CMAC_CTX_st {
|
|||
* and R64 = (1 << 64) | 0x1b for the only supported block sizes 128 and 64.
|
||||
*/
|
||||
static void
|
||||
make_kn(unsigned char *kn, const unsigned char *l, int bl)
|
||||
make_kn(unsigned char *kn, const unsigned char *l, int block_size)
|
||||
{
|
||||
unsigned char mask, Rb;
|
||||
int i;
|
||||
|
||||
/* Choose Rb according to the block size in bytes. */
|
||||
Rb = bl == 16 ? 0x87 : 0x1b;
|
||||
Rb = block_size == 16 ? 0x87 : 0x1b;
|
||||
|
||||
/* Compute l << 1 up to last byte. */
|
||||
for (i = 0; i < bl - 1; i++)
|
||||
for (i = 0; i < block_size - 1; i++)
|
||||
kn[i] = (l[i] << 1) | (l[i + 1] >> 7);
|
||||
|
||||
/* Only xor with Rb if the MSB is one. */
|
||||
mask = 0 - (l[0] >> 7);
|
||||
kn[bl - 1] = (l[bl - 1] << 1) ^ (Rb & mask);
|
||||
kn[block_size - 1] = (l[block_size - 1] << 1) ^ (Rb & mask);
|
||||
}
|
||||
|
||||
CMAC_CTX *
|
||||
|
@ -154,17 +154,17 @@ LCRYPTO_ALIAS(CMAC_CTX_free);
|
|||
int
|
||||
CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
|
||||
{
|
||||
int bl;
|
||||
int block_size;
|
||||
|
||||
if (in->nlast_block == -1)
|
||||
return 0;
|
||||
if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
|
||||
return 0;
|
||||
bl = EVP_CIPHER_CTX_block_size(&in->cctx);
|
||||
memcpy(out->k1, in->k1, bl);
|
||||
memcpy(out->k2, in->k2, bl);
|
||||
memcpy(out->tbl, in->tbl, bl);
|
||||
memcpy(out->last_block, in->last_block, bl);
|
||||
block_size = EVP_CIPHER_CTX_block_size(&in->cctx);
|
||||
memcpy(out->k1, in->k1, block_size);
|
||||
memcpy(out->k2, in->k2, block_size);
|
||||
memcpy(out->tbl, in->tbl, block_size);
|
||||
memcpy(out->last_block, in->last_block, block_size);
|
||||
out->nlast_block = in->nlast_block;
|
||||
return 1;
|
||||
}
|
||||
|
@ -175,7 +175,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
|
|||
const EVP_CIPHER *cipher, ENGINE *impl)
|
||||
{
|
||||
static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
|
||||
int bl;
|
||||
int block_size;
|
||||
|
||||
/* All zeros means restart */
|
||||
if (key == NULL && cipher == NULL && keylen == 0) {
|
||||
|
@ -208,8 +208,8 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
|
|||
return 0;
|
||||
|
||||
/* make_kn() only supports block sizes of 8 and 16 bytes. */
|
||||
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
if (bl != 8 && bl != 16)
|
||||
block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
if (block_size != 8 && block_size != 16)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
|
@ -220,13 +220,13 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
|
|||
return 0;
|
||||
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
|
||||
return 0;
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, block_size))
|
||||
return 0;
|
||||
|
||||
/* Section 6.1, step 2: compute k1 from intermediate secret. */
|
||||
make_kn(ctx->k1, ctx->tbl, bl);
|
||||
make_kn(ctx->k1, ctx->tbl, block_size);
|
||||
/* Section 6.1, step 3: compute k2 from k1. */
|
||||
make_kn(ctx->k2, ctx->k1, bl);
|
||||
make_kn(ctx->k2, ctx->k1, block_size);
|
||||
|
||||
/* Destroy intermediate secret and reset last block count. */
|
||||
explicit_bzero(ctx->tbl, sizeof(ctx->tbl));
|
||||
|
@ -245,18 +245,18 @@ int
|
|||
CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
|
||||
{
|
||||
const unsigned char *data = in;
|
||||
size_t bl;
|
||||
size_t block_size;
|
||||
|
||||
if (ctx->nlast_block == -1)
|
||||
return 0;
|
||||
if (dlen == 0)
|
||||
return 1;
|
||||
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
/* Copy into partial block if we need to */
|
||||
if (ctx->nlast_block > 0) {
|
||||
size_t nleft;
|
||||
|
||||
nleft = bl - ctx->nlast_block;
|
||||
nleft = block_size - ctx->nlast_block;
|
||||
if (dlen < nleft)
|
||||
nleft = dlen;
|
||||
memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
|
||||
|
@ -267,15 +267,16 @@ CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
|
|||
return 1;
|
||||
data += nleft;
|
||||
/* Else not final block so encrypt it */
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl))
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block,
|
||||
block_size))
|
||||
return 0;
|
||||
}
|
||||
/* Encrypt all but one of the complete blocks left */
|
||||
while (dlen > bl) {
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
|
||||
while (dlen > block_size) {
|
||||
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, block_size))
|
||||
return 0;
|
||||
dlen -= bl;
|
||||
data += bl;
|
||||
dlen -= block_size;
|
||||
data += block_size;
|
||||
}
|
||||
/* Copy any data left to last block buffer */
|
||||
memcpy(ctx->last_block, data, dlen);
|
||||
|
@ -287,28 +288,28 @@ LCRYPTO_ALIAS(CMAC_Update);
|
|||
int
|
||||
CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
|
||||
{
|
||||
int i, bl, lb;
|
||||
int i, block_size, lb;
|
||||
|
||||
if (ctx->nlast_block == -1)
|
||||
return 0;
|
||||
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
*poutlen = (size_t)bl;
|
||||
block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx);
|
||||
*poutlen = (size_t)block_size;
|
||||
if (!out)
|
||||
return 1;
|
||||
lb = ctx->nlast_block;
|
||||
/* Is last block complete? */
|
||||
if (lb == bl) {
|
||||
for (i = 0; i < bl; i++)
|
||||
if (lb == block_size) {
|
||||
for (i = 0; i < block_size; i++)
|
||||
out[i] = ctx->last_block[i] ^ ctx->k1[i];
|
||||
} else {
|
||||
ctx->last_block[lb] = 0x80;
|
||||
if (bl - lb > 1)
|
||||
memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
|
||||
for (i = 0; i < bl; i++)
|
||||
if (block_size - lb > 1)
|
||||
memset(ctx->last_block + lb + 1, 0, block_size - lb - 1);
|
||||
for (i = 0; i < block_size; i++)
|
||||
out[i] = ctx->last_block[i] ^ ctx->k2[i];
|
||||
}
|
||||
if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
|
||||
explicit_bzero(out, bl);
|
||||
if (!EVP_Cipher(&ctx->cctx, out, out, block_size)) {
|
||||
explicit_bzero(out, block_size);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: evp_pbe.c,v 1.33 2023/12/16 14:09:33 tb Exp $ */
|
||||
/* $OpenBSD: evp_pbe.c,v 1.34 2023/12/18 13:12:43 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999.
|
||||
*/
|
||||
|
@ -269,43 +269,35 @@ int
|
|||
EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
||||
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
|
||||
{
|
||||
const EVP_CIPHER *cipher;
|
||||
const EVP_MD *md;
|
||||
int cipher_nid, md_nid;
|
||||
const EVP_CIPHER *cipher = NULL;
|
||||
const EVP_MD *md = NULL;
|
||||
int pbe_nid, cipher_nid, md_nid;
|
||||
EVP_PBE_KEYGEN *keygen;
|
||||
|
||||
if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
|
||||
&cipher_nid, &md_nid, &keygen)) {
|
||||
char obj_tmp[80];
|
||||
if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
|
||||
EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
|
||||
if (!pbe_obj)
|
||||
strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
|
||||
else
|
||||
i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
|
||||
ERR_asprintf_error_data("TYPE=%s", obj_tmp);
|
||||
return 0;
|
||||
}
|
||||
if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, pbe_nid, &cipher_nid, &md_nid,
|
||||
&keygen)) {
|
||||
EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
|
||||
ERR_asprintf_error_data("NID=%d", pbe_nid);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!pass)
|
||||
if (pass == NULL)
|
||||
passlen = 0;
|
||||
else if (passlen == -1)
|
||||
if (passlen == -1)
|
||||
passlen = strlen(pass);
|
||||
|
||||
if (cipher_nid == -1)
|
||||
cipher = NULL;
|
||||
else {
|
||||
cipher = EVP_get_cipherbynid(cipher_nid);
|
||||
if (!cipher) {
|
||||
if (cipher_nid != -1) {
|
||||
if ((cipher = EVP_get_cipherbynid(cipher_nid)) == NULL) {
|
||||
EVPerror(EVP_R_UNKNOWN_CIPHER);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (md_nid == -1)
|
||||
md = NULL;
|
||||
else {
|
||||
md = EVP_get_digestbynid(md_nid);
|
||||
if (!md) {
|
||||
if (md_nid != -1) {
|
||||
if ((md = EVP_get_digestbynid(md_nid)) == NULL) {
|
||||
EVPerror(EVP_R_UNKNOWN_DIGEST);
|
||||
return 0;
|
||||
}
|
||||
|
@ -315,6 +307,7 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
|||
EVPerror(EVP_R_KEYGEN_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue