diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-04-03 04:27:03 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-04-03 15:36:57 +1100 |
commit | eba523f0a130f1cce829e6aecdcefa841f526a1a (patch) | |
tree | af27de3afbd97d4fdcbc2515f0ee5a608bd32af2 /cipher.c | |
parent | ebd29e90129cf18fedfcfe1de86e324228669295 (diff) |
upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as
part of a larger diff at a2k20
OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd
Diffstat (limited to 'cipher.c')
-rw-r--r-- | cipher.c | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.116 2020/03/13 03:17:07 djm Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.117 2020/04/03 04:27:03 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -59,7 +59,7 @@ struct sshcipher_ctx { | |||
59 | int plaintext; | 59 | int plaintext; |
60 | int encrypt; | 60 | int encrypt; |
61 | EVP_CIPHER_CTX *evp; | 61 | EVP_CIPHER_CTX *evp; |
62 | struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ | 62 | struct chachapoly_ctx *cp_ctx; |
63 | struct aesctr_ctx ac_ctx; /* XXX union with evp? */ | 63 | struct aesctr_ctx ac_ctx; /* XXX union with evp? */ |
64 | const struct sshcipher *cipher; | 64 | const struct sshcipher *cipher; |
65 | }; | 65 | }; |
@@ -273,7 +273,8 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, | |||
273 | 273 | ||
274 | cc->cipher = cipher; | 274 | cc->cipher = cipher; |
275 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { | 275 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { |
276 | ret = chachapoly_init(&cc->cp_ctx, key, keylen); | 276 | cc->cp_ctx = chachapoly_new(key, keylen); |
277 | ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT; | ||
277 | goto out; | 278 | goto out; |
278 | } | 279 | } |
279 | if ((cc->cipher->flags & CFLAG_NONE) != 0) { | 280 | if ((cc->cipher->flags & CFLAG_NONE) != 0) { |
@@ -349,7 +350,7 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, | |||
349 | const u_char *src, u_int len, u_int aadlen, u_int authlen) | 350 | const u_char *src, u_int len, u_int aadlen, u_int authlen) |
350 | { | 351 | { |
351 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { | 352 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { |
352 | return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, | 353 | return chachapoly_crypt(cc->cp_ctx, seqnr, dest, src, |
353 | len, aadlen, authlen, cc->encrypt); | 354 | len, aadlen, authlen, cc->encrypt); |
354 | } | 355 | } |
355 | if ((cc->cipher->flags & CFLAG_NONE) != 0) { | 356 | if ((cc->cipher->flags & CFLAG_NONE) != 0) { |
@@ -412,7 +413,7 @@ cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr, | |||
412 | const u_char *cp, u_int len) | 413 | const u_char *cp, u_int len) |
413 | { | 414 | { |
414 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) | 415 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) |
415 | return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr, | 416 | return chachapoly_get_length(cc->cp_ctx, plenp, seqnr, |
416 | cp, len); | 417 | cp, len); |
417 | if (len < 4) | 418 | if (len < 4) |
418 | return SSH_ERR_MESSAGE_INCOMPLETE; | 419 | return SSH_ERR_MESSAGE_INCOMPLETE; |
@@ -425,9 +426,10 @@ cipher_free(struct sshcipher_ctx *cc) | |||
425 | { | 426 | { |
426 | if (cc == NULL) | 427 | if (cc == NULL) |
427 | return; | 428 | return; |
428 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) | 429 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { |
429 | explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); | 430 | chachapoly_free(cc->cp_ctx); |
430 | else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) | 431 | cc->cp_ctx = NULL; |
432 | } else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) | ||
431 | explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); | 433 | explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); |
432 | #ifdef WITH_OPENSSL | 434 | #ifdef WITH_OPENSSL |
433 | EVP_CIPHER_CTX_free(cc->evp); | 435 | EVP_CIPHER_CTX_free(cc->evp); |