#include "internal/evp_int.h"
#include "modes_lcl.h"
#include <openssl/rand.h>
+#include "evp_locl.h"
typedef struct {
union {
const unsigned char ivec[AES_BLOCK_SIZE]);
#endif
#ifdef AES_XTS_ASM
-void AES_xts_encrypt(const char *inp, char *out, size_t len,
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]);
-void AES_xts_decrypt(const char *inp, char *out, size_t len,
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]);
#endif
# define HWAES_decrypt aes_p8_decrypt
# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
#endif
#if defined(AES_ASM) && !defined(I386_ONLY) && ( \
# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
# define HWAES_encrypt aes_fx_encrypt
# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
const unsigned char ivec[16]);
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+ size_t len, const AES_KEY *key1,
+ const AES_KEY *key2, const unsigned char iv[16]);
#endif
#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+ if (gctx == NULL)
+ return 0;
OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
OPENSSL_free(gctx->iv);
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
| EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
/* Correct length for explicit IV */
+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
- if (!EVP_CIPHER_CTX_encrypting(c))
+ if (!EVP_CIPHER_CTX_encrypting(c)) {
+ if (len < EVP_GCM_TLS_TAG_LEN)
+ return 0;
len -= EVP_GCM_TLS_TAG_LEN;
+ }
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
}
EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) HWAES_encrypt;
+# ifdef HWAES_xts_encrypt
+ xctx->stream = HWAES_xts_encrypt;
+# endif
} else {
HWAES_set_decrypt_key(key,
EVP_CIPHER_CTX_key_length(ctx) * 4,
&xctx->ks1.ks);
xctx->xts.block1 = (block128_f) HWAES_decrypt;
+# ifdef HWAES_xts_decrypt
+ xctx->stream = HWAES_xts_decrypt;
+#endif
}
HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
| EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
/* Correct length for explicit IV */
+ if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
- if (!EVP_CIPHER_CTX_encrypting(c))
+ if (!EVP_CIPHER_CTX_encrypting(c)) {
+ if (len < cctx->M)
+ return 0;
len -= cctx->M;
+ }
EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
}
case EVP_CTRL_AEAD_SET_IVLEN:
arg = 15 - arg;
+ /* fall thru */
case EVP_CTRL_CCM_SET_L:
if (arg < 2 || arg > 8)
return 0;
if (cctx->tls_aad_len >= 0)
return aes_ccm_tls_cipher(ctx, out, in, len);
+ /* EVP_*Final() doesn't return any data */
+ if (in == NULL && out != NULL)
+ return 0;
+
if (!cctx->iv_set)
return -1;
CRYPTO_ccm128_aad(ccm, in, len);
return len;
}
- /* EVP_*Final() doesn't return any data */
- if (!in)
- return 0;
/* If not set length yet do it */
if (!cctx->len_set) {
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
/* If not padding input must be multiple of 8 */
if (!pad && inlen & 0x7)
return -1;
+ if (is_partially_overlapping(out, in, inlen)) {
+ EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
if (!out) {
if (EVP_CIPHER_CTX_encrypting(ctx)) {
/* If padding round up to multiple of 8 */
const unsigned char L_[][16],
unsigned char checksum[16]);
# else
-# define HWAES_ocb_encrypt NULL
+# define HWAES_ocb_encrypt ((ocb128_f)NULL)
# endif
# ifdef HWAES_ocb_decrypt
void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
const unsigned char L_[][16],
unsigned char checksum[16]);
# else
-# define HWAES_ocb_decrypt NULL
+# define HWAES_ocb_decrypt ((ocb128_f)NULL)
# endif
# endif
if (!octx->key_set)
return -1;
- if (in) {
+ if (in != NULL) {
/*
* Need to ensure we are only passing full blocks to low level OCB
* routines. We do it here rather than in EVP_EncryptUpdate/
} else {
buf = octx->data_buf;
buf_len = &(octx->data_buf_len);
+
+ if (is_partially_overlapping(out + *buf_len, in, len)) {
+ EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+ return 0;
+ }
}
/*
* If we've got a partially filled buffer from a previous call then
* use that data first
*/
- if (*buf_len) {
+ if (*buf_len > 0) {
unsigned int remaining;
- remaining = 16 - (*buf_len);
+ remaining = AES_BLOCK_SIZE - (*buf_len);
if (remaining > len) {
memcpy(buf + (*buf_len), in, len);
*(buf_len) += len;
len -= remaining;
in += remaining;
if (out == NULL) {
- if (!CRYPTO_ocb128_aad(&octx->ocb, buf, 16))
+ if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
return -1;
} else if (EVP_CIPHER_CTX_encrypting(ctx)) {
- if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, 16))
+ if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
+ AES_BLOCK_SIZE))
return -1;
} else {
- if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out, 16))
+ if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
+ AES_BLOCK_SIZE))
return -1;
}
- written_len = 16;
+ written_len = AES_BLOCK_SIZE;
*buf_len = 0;
+ if (out != NULL)
+ out += AES_BLOCK_SIZE;
}
/* Do we have a partial block to handle at the end? */
- trailing_len = len % 16;
+ trailing_len = len % AES_BLOCK_SIZE;
/*
* If we've got some full blocks to handle, then process these first
}
/* Handle any trailing partial block */
- if (trailing_len) {
+ if (trailing_len > 0) {
memcpy(buf, in, trailing_len);
*buf_len = trailing_len;
}
* First of all empty the buffer of any partial block that we might
* have been provided - both for data and AAD
*/
- if (octx->data_buf_len) {
+ if (octx->data_buf_len > 0) {
if (EVP_CIPHER_CTX_encrypting(ctx)) {
if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
octx->data_buf_len))
written_len = octx->data_buf_len;
octx->data_buf_len = 0;
}
- if (octx->aad_buf_len) {
+ if (octx->aad_buf_len > 0) {
if (!CRYPTO_ocb128_aad
(&octx->ocb, octx->aad_buf, octx->aad_buf_len))
return -1;
projects / openssl.git / blobdiff