diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-07 10:41:55 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-07 10:41:55 +1100 |
| commit | bcd00abd8451f36142ae2ee10cc657202149201e (patch) | |
| tree | 946db23f1ec607d9260e46b9f6f2422e0e9c970c /cipher.c | |
| parent | f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d (diff) | |
- markus@cvs.openbsd.org 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 18 |
1 files changed, 9 insertions, 9 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cipher.c,v 1.92 2013/12/02 03:13:14 djm Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.93 2013/12/06 13:34:54 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -344,17 +344,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher, | |||
| 344 | * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. | 344 | * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. |
| 345 | * This tag is written on encryption and verified on decryption. | 345 | * This tag is written on encryption and verified on decryption. |
| 346 | * Both 'aadlen' and 'authlen' can be set to 0. | 346 | * Both 'aadlen' and 'authlen' can be set to 0. |
| 347 | * cipher_crypt() returns 0 on success and -1 if the decryption integrity | ||
| 348 | * check fails. | ||
| 347 | */ | 349 | */ |
| 348 | void | 350 | int |
| 349 | cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, | 351 | cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, |
| 350 | u_int len, u_int aadlen, u_int authlen) | 352 | u_int len, u_int aadlen, u_int authlen) |
| 351 | { | 353 | { |
| 352 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { | 354 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) |
| 353 | if (chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, | 355 | return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, |
| 354 | authlen, cc->encrypt) != 0) | 356 | aadlen, authlen, cc->encrypt); |
| 355 | fatal("Decryption integrity check failed"); | ||
| 356 | return; | ||
| 357 | } | ||
| 358 | if (authlen) { | 357 | if (authlen) { |
| 359 | u_char lastiv[1]; | 358 | u_char lastiv[1]; |
| 360 | 359 | ||
| @@ -387,13 +386,14 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, | |||
| 387 | if (cc->encrypt) | 386 | if (cc->encrypt) |
| 388 | fatal("%s: EVP_Cipher(final) failed", __func__); | 387 | fatal("%s: EVP_Cipher(final) failed", __func__); |
| 389 | else | 388 | else |
| 390 | fatal("Decryption integrity check failed"); | 389 | return -1; |
| 391 | } | 390 | } |
| 392 | if (cc->encrypt && | 391 | if (cc->encrypt && |
| 393 | !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, | 392 | !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, |
| 394 | authlen, dest + aadlen + len)) | 393 | authlen, dest + aadlen + len)) |
| 395 | fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); | 394 | fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); |
| 396 | } | 395 | } |
| 396 | return 0; | ||
| 397 | } | 397 | } |
| 398 | 398 | ||
| 399 | /* Extract the packet length, including any decryption necessary beforehand */ | 399 | /* Extract the packet length, including any decryption necessary beforehand */ |