summaryrefslogtreecommitdiff
path: root/cipher.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2020-04-03 04:27:03 +0000
committerDamien Miller <djm@mindrot.org>2020-04-03 15:36:57 +1100
commiteba523f0a130f1cce829e6aecdcefa841f526a1a (patch)
treeaf27de3afbd97d4fdcbc2515f0ee5a608bd32af2 /cipher.c
parentebd29e90129cf18fedfcfe1de86e324228669295 (diff)
upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as
part of a larger diff at a2k20 OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/cipher.c b/cipher.c
index cd6e6def0..8195199b3 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.116 2020/03/13 03:17:07 djm Exp $ */ 1/* $OpenBSD: cipher.c,v 1.117 2020/04/03 04:27:03 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -59,7 +59,7 @@ struct sshcipher_ctx {
59 int plaintext; 59 int plaintext;
60 int encrypt; 60 int encrypt;
61 EVP_CIPHER_CTX *evp; 61 EVP_CIPHER_CTX *evp;
62 struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ 62 struct chachapoly_ctx *cp_ctx;
63 struct aesctr_ctx ac_ctx; /* XXX union with evp? */ 63 struct aesctr_ctx ac_ctx; /* XXX union with evp? */
64 const struct sshcipher *cipher; 64 const struct sshcipher *cipher;
65}; 65};
@@ -273,7 +273,8 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
273 273
274 cc->cipher = cipher; 274 cc->cipher = cipher;
275 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { 275 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
276 ret = chachapoly_init(&cc->cp_ctx, key, keylen); 276 cc->cp_ctx = chachapoly_new(key, keylen);
277 ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
277 goto out; 278 goto out;
278 } 279 }
279 if ((cc->cipher->flags & CFLAG_NONE) != 0) { 280 if ((cc->cipher->flags & CFLAG_NONE) != 0) {
@@ -349,7 +350,7 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
349 const u_char *src, u_int len, u_int aadlen, u_int authlen) 350 const u_char *src, u_int len, u_int aadlen, u_int authlen)
350{ 351{
351 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { 352 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
352 return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, 353 return chachapoly_crypt(cc->cp_ctx, seqnr, dest, src,
353 len, aadlen, authlen, cc->encrypt); 354 len, aadlen, authlen, cc->encrypt);
354 } 355 }
355 if ((cc->cipher->flags & CFLAG_NONE) != 0) { 356 if ((cc->cipher->flags & CFLAG_NONE) != 0) {
@@ -412,7 +413,7 @@ cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr,
412 const u_char *cp, u_int len) 413 const u_char *cp, u_int len)
413{ 414{
414 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 415 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
415 return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, 416 return chachapoly_get_length(cc->cp_ctx, plenp, seqnr,
416 cp, len); 417 cp, len);
417 if (len < 4) 418 if (len < 4)
418 return SSH_ERR_MESSAGE_INCOMPLETE; 419 return SSH_ERR_MESSAGE_INCOMPLETE;
@@ -425,9 +426,10 @@ cipher_free(struct sshcipher_ctx *cc)
425{ 426{
426 if (cc == NULL) 427 if (cc == NULL)
427 return; 428 return;
428 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 429 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
429 explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); 430 chachapoly_free(cc->cp_ctx);
430 else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) 431 cc->cp_ctx = NULL;
432 } else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
431 explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); 433 explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
432#ifdef WITH_OPENSSL 434#ifdef WITH_OPENSSL
433 EVP_CIPHER_CTX_free(cc->evp); 435 EVP_CIPHER_CTX_free(cc->evp);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 12:23:32 +0000