diff options
| author | beck <> | 2017-01-29 17:49:23 +0000 |
|---|---|---|
| committer | beck <> | 2017-01-29 17:49:23 +0000 |
| commit | 957b11334a7afb14537322f0e4795b2e368b3f59 (patch) | |
| tree | 1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/evp/e_chacha20poly1305.c | |
| parent | df96e020e729c6c37a8c7fe311fdd1fe6a8718c5 (diff) | |
| download | openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.gz openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.tar.bz2 openbsd-957b11334a7afb14537322f0e4795b2e368b3f59.zip | |
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/evp/e_chacha20poly1305.c')
| -rw-r--r-- | src/lib/libcrypto/evp/e_chacha20poly1305.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c index e5395ad8ca..e135f9a104 100644 --- a/src/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_chacha20poly1305.c,v 1.14 2016/04/28 16:06:53 jsing Exp $ */ | 1 | /* $OpenBSD: e_chacha20poly1305.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org> | 4 | * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org> |
| @@ -59,7 +59,7 @@ aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const unsigned char *key, | |||
| 59 | tag_len = POLY1305_TAG_LEN; | 59 | tag_len = POLY1305_TAG_LEN; |
| 60 | 60 | ||
| 61 | if (tag_len > POLY1305_TAG_LEN) { | 61 | if (tag_len > POLY1305_TAG_LEN) { |
| 62 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_INIT, EVP_R_TOO_LARGE); | 62 | EVPerror(EVP_R_TOO_LARGE); |
| 63 | return 0; | 63 | return 0; |
| 64 | } | 64 | } |
| 65 | 65 | ||
| @@ -142,18 +142,17 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, | |||
| 142 | * Casting to uint64_t inside the conditional is not sufficient to stop | 142 | * Casting to uint64_t inside the conditional is not sufficient to stop |
| 143 | * the warning. */ | 143 | * the warning. */ |
| 144 | if (in_len_64 >= (1ULL << 32) * 64 - 64) { | 144 | if (in_len_64 >= (1ULL << 32) * 64 - 64) { |
| 145 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_TOO_LARGE); | 145 | EVPerror(EVP_R_TOO_LARGE); |
| 146 | return 0; | 146 | return 0; |
| 147 | } | 147 | } |
| 148 | 148 | ||
| 149 | if (max_out_len < in_len + c20_ctx->tag_len) { | 149 | if (max_out_len < in_len + c20_ctx->tag_len) { |
| 150 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, | 150 | EVPerror(EVP_R_BUFFER_TOO_SMALL); |
| 151 | EVP_R_BUFFER_TOO_SMALL); | ||
| 152 | return 0; | 151 | return 0; |
| 153 | } | 152 | } |
| 154 | 153 | ||
| 155 | if (nonce_len != ctx->aead->nonce_len) { | 154 | if (nonce_len != ctx->aead->nonce_len) { |
| 156 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_SEAL, EVP_R_IV_TOO_LARGE); | 155 | EVPerror(EVP_R_IV_TOO_LARGE); |
| 157 | return 0; | 156 | return 0; |
| 158 | } | 157 | } |
| 159 | 158 | ||
| @@ -216,7 +215,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, | |||
| 216 | uint64_t ctr = 0; | 215 | uint64_t ctr = 0; |
| 217 | 216 | ||
| 218 | if (in_len < c20_ctx->tag_len) { | 217 | if (in_len < c20_ctx->tag_len) { |
| 219 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT); | 218 | EVPerror(EVP_R_BAD_DECRYPT); |
| 220 | return 0; | 219 | return 0; |
| 221 | } | 220 | } |
| 222 | 221 | ||
| @@ -228,20 +227,19 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, | |||
| 228 | * Casting to uint64_t inside the conditional is not sufficient to stop | 227 | * Casting to uint64_t inside the conditional is not sufficient to stop |
| 229 | * the warning. */ | 228 | * the warning. */ |
| 230 | if (in_len_64 >= (1ULL << 32) * 64 - 64) { | 229 | if (in_len_64 >= (1ULL << 32) * 64 - 64) { |
| 231 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_TOO_LARGE); | 230 | EVPerror(EVP_R_TOO_LARGE); |
| 232 | return 0; | 231 | return 0; |
| 233 | } | 232 | } |
| 234 | 233 | ||
| 235 | if (nonce_len != ctx->aead->nonce_len) { | 234 | if (nonce_len != ctx->aead->nonce_len) { |
| 236 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_IV_TOO_LARGE); | 235 | EVPerror(EVP_R_IV_TOO_LARGE); |
| 237 | return 0; | 236 | return 0; |
| 238 | } | 237 | } |
| 239 | 238 | ||
| 240 | plaintext_len = in_len - c20_ctx->tag_len; | 239 | plaintext_len = in_len - c20_ctx->tag_len; |
| 241 | 240 | ||
| 242 | if (max_out_len < plaintext_len) { | 241 | if (max_out_len < plaintext_len) { |
| 243 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, | 242 | EVPerror(EVP_R_BUFFER_TOO_SMALL); |
| 244 | EVP_R_BUFFER_TOO_SMALL); | ||
| 245 | return 0; | 243 | return 0; |
| 246 | } | 244 | } |
| 247 | 245 | ||
| @@ -276,7 +274,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, | |||
| 276 | CRYPTO_poly1305_finish(&poly1305, mac); | 274 | CRYPTO_poly1305_finish(&poly1305, mac); |
| 277 | 275 | ||
| 278 | if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { | 276 | if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { |
| 279 | EVPerr(EVP_F_AEAD_CHACHA20_POLY1305_OPEN, EVP_R_BAD_DECRYPT); | 277 | EVPerror(EVP_R_BAD_DECRYPT); |
| 280 | return 0; | 278 | return 0; |
| 281 | } | 279 | } |
| 282 | 280 | ||