sync with OpenBSD -current

This commit is contained in:
purplerain 2023-12-18 23:55:01 +00:00
parent da785accdf
commit 659ea2942e
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
39 changed files with 1318 additions and 384 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: cmac.c,v 1.17 2023/12/15 13:45:05 tb Exp $ */
/* $OpenBSD: cmac.c,v 1.18 2023/12/18 21:15:00 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@ -90,21 +90,21 @@ struct CMAC_CTX_st {
* and R64 = (1 << 64) | 0x1b for the only supported block sizes 128 and 64.
*/
static void
make_kn(unsigned char *kn, const unsigned char *l, int bl)
make_kn(unsigned char *kn, const unsigned char *l, int block_size)
{
unsigned char mask, Rb;
int i;
/* Choose Rb according to the block size in bytes. */
Rb = bl == 16 ? 0x87 : 0x1b;
Rb = block_size == 16 ? 0x87 : 0x1b;
/* Compute l << 1 up to last byte. */
for (i = 0; i < bl - 1; i++)
for (i = 0; i < block_size - 1; i++)
kn[i] = (l[i] << 1) | (l[i + 1] >> 7);
/* Only xor with Rb if the MSB is one. */
mask = 0 - (l[0] >> 7);
kn[bl - 1] = (l[bl - 1] << 1) ^ (Rb & mask);
kn[block_size - 1] = (l[block_size - 1] << 1) ^ (Rb & mask);
}
CMAC_CTX *
@ -154,17 +154,17 @@ LCRYPTO_ALIAS(CMAC_CTX_free);
int
CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
{
int bl;
int block_size;
if (in->nlast_block == -1)
return 0;
if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
return 0;
bl = EVP_CIPHER_CTX_block_size(&in->cctx);
memcpy(out->k1, in->k1, bl);
memcpy(out->k2, in->k2, bl);
memcpy(out->tbl, in->tbl, bl);
memcpy(out->last_block, in->last_block, bl);
block_size = EVP_CIPHER_CTX_block_size(&in->cctx);
memcpy(out->k1, in->k1, block_size);
memcpy(out->k2, in->k2, block_size);
memcpy(out->tbl, in->tbl, block_size);
memcpy(out->last_block, in->last_block, block_size);
out->nlast_block = in->nlast_block;
return 1;
}
@ -175,7 +175,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl)
{
static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
int bl;
int block_size;
/* All zeros means restart */
if (key == NULL && cipher == NULL && keylen == 0) {
@ -208,8 +208,8 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
return 0;
/* make_kn() only supports block sizes of 8 and 16 bytes. */
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
if (bl != 8 && bl != 16)
block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx);
if (block_size != 8 && block_size != 16)
return 0;
/*
@ -220,13 +220,13 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
return 0;
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, block_size))
return 0;
/* Section 6.1, step 2: compute k1 from intermediate secret. */
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k1, ctx->tbl, block_size);
/* Section 6.1, step 3: compute k2 from k1. */
make_kn(ctx->k2, ctx->k1, bl);
make_kn(ctx->k2, ctx->k1, block_size);
/* Destroy intermediate secret and reset last block count. */
explicit_bzero(ctx->tbl, sizeof(ctx->tbl));
@ -245,18 +245,18 @@ int
CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
{
const unsigned char *data = in;
size_t bl;
size_t block_size;
if (ctx->nlast_block == -1)
return 0;
if (dlen == 0)
return 1;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx);
/* Copy into partial block if we need to */
if (ctx->nlast_block > 0) {
size_t nleft;
nleft = bl - ctx->nlast_block;
nleft = block_size - ctx->nlast_block;
if (dlen < nleft)
nleft = dlen;
memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
@ -267,15 +267,16 @@ CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
return 1;
data += nleft;
/* Else not final block so encrypt it */
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl))
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block,
block_size))
return 0;
}
/* Encrypt all but one of the complete blocks left */
while (dlen > bl) {
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
while (dlen > block_size) {
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, block_size))
return 0;
dlen -= bl;
data += bl;
dlen -= block_size;
data += block_size;
}
/* Copy any data left to last block buffer */
memcpy(ctx->last_block, data, dlen);
@ -287,28 +288,28 @@ LCRYPTO_ALIAS(CMAC_Update);
int
CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
{
int i, bl, lb;
int i, block_size, lb;
if (ctx->nlast_block == -1)
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
*poutlen = (size_t)bl;
block_size = EVP_CIPHER_CTX_block_size(&ctx->cctx);
*poutlen = (size_t)block_size;
if (!out)
return 1;
lb = ctx->nlast_block;
/* Is last block complete? */
if (lb == bl) {
for (i = 0; i < bl; i++)
if (lb == block_size) {
for (i = 0; i < block_size; i++)
out[i] = ctx->last_block[i] ^ ctx->k1[i];
} else {
ctx->last_block[lb] = 0x80;
if (bl - lb > 1)
memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
for (i = 0; i < bl; i++)
if (block_size - lb > 1)
memset(ctx->last_block + lb + 1, 0, block_size - lb - 1);
for (i = 0; i < block_size; i++)
out[i] = ctx->last_block[i] ^ ctx->k2[i];
}
if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
explicit_bzero(out, bl);
if (!EVP_Cipher(&ctx->cctx, out, out, block_size)) {
explicit_bzero(out, block_size);
return 0;
}
return 1;

View file

@ -1,4 +1,4 @@
/* $OpenBSD: evp_pbe.c,v 1.33 2023/12/16 14:09:33 tb Exp $ */
/* $OpenBSD: evp_pbe.c,v 1.34 2023/12/18 13:12:43 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -269,43 +269,35 @@ int
EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
{
const EVP_CIPHER *cipher;
const EVP_MD *md;
int cipher_nid, md_nid;
const EVP_CIPHER *cipher = NULL;
const EVP_MD *md = NULL;
int pbe_nid, cipher_nid, md_nid;
EVP_PBE_KEYGEN *keygen;
if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
&cipher_nid, &md_nid, &keygen)) {
char obj_tmp[80];
if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj)
strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
else
i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
ERR_asprintf_error_data("TYPE=%s", obj_tmp);
return 0;
}
if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, pbe_nid, &cipher_nid, &md_nid,
&keygen)) {
EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
ERR_asprintf_error_data("NID=%d", pbe_nid);
return 0;
}
if (!pass)
if (pass == NULL)
passlen = 0;
else if (passlen == -1)
if (passlen == -1)
passlen = strlen(pass);
if (cipher_nid == -1)
cipher = NULL;
else {
cipher = EVP_get_cipherbynid(cipher_nid);
if (!cipher) {
if (cipher_nid != -1) {
if ((cipher = EVP_get_cipherbynid(cipher_nid)) == NULL) {
EVPerror(EVP_R_UNKNOWN_CIPHER);
return 0;
}
}
if (md_nid == -1)
md = NULL;
else {
md = EVP_get_digestbynid(md_nid);
if (!md) {
if (md_nid != -1) {
if ((md = EVP_get_digestbynid(md_nid)) == NULL) {
EVPerror(EVP_R_UNKNOWN_DIGEST);
return 0;
}
@ -315,6 +307,7 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
EVPerror(EVP_R_KEYGEN_FAILURE);
return 0;
}
return 1;
}