summaryrefslogtreecommitdiffstats
path: root/src/crypto/cipher/e_aes.c
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2015-09-25 02:46:08 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-09-25 02:46:08 +0000
commit217603a4384148cd37c60a42f945449641617d27 (patch)
treedd743d9d64af3145fe96b8d5fc2f3427544794bd /src/crypto/cipher/e_aes.c
parente246de8f184e644debf965ecdca552f006b56881 (diff)
parentd947d006e7a7ebcfdfe642e686250caf2028c2c1 (diff)
downloadexternal_boringssl-217603a4384148cd37c60a42f945449641617d27.zip
external_boringssl-217603a4384148cd37c60a42f945449641617d27.tar.gz
external_boringssl-217603a4384148cd37c60a42f945449641617d27.tar.bz2
am d947d006: am b8494591: Revert "Revert "external/boringssl: sync with upstream.""
* commit 'd947d006e7a7ebcfdfe642e686250caf2028c2c1': Revert "Revert "external/boringssl: sync with upstream.""
Diffstat (limited to 'src/crypto/cipher/e_aes.c')
-rw-r--r--src/crypto/cipher/e_aes.c108
1 files changed, 41 insertions, 67 deletions
diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c
index 41d0aec..e8905f6 100644
--- a/src/crypto/cipher/e_aes.c
+++ b/src/crypto/cipher/e_aes.c
@@ -64,7 +64,7 @@
#include "../modes/internal.h"
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
-#include "../arm_arch.h"
+#include <openssl/arm_arch.h>
#endif
@@ -98,8 +98,6 @@ typedef struct {
#if !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_X86_64) || defined(OPENSSL_X86))
#define VPAES
-extern unsigned int OPENSSL_ia32cap_P[];
-
static char vpaes_capable(void) {
return (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) != 0;
}
@@ -113,7 +111,6 @@ static char bsaes_capable(void) {
#elif !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
-#include "../arm_arch.h"
#if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7
#define BSAES
@@ -338,7 +335,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
}
if (ret < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aes_init_key, CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -711,7 +708,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
} else {
if (!ctx->encrypt) {
if (gctx->taglen < 0 ||
- !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) {
+ !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) {
return -1;
}
gctx->iv_set = 0;
@@ -853,7 +850,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
}
if (ret < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aesni_init_key, CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -1066,7 +1063,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
const size_t key_bits = key_len * 8;
if (key_bits != 128 && key_bits != 256) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
@@ -1075,7 +1072,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_TAG_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE);
return 0;
}
@@ -1108,12 +1105,12 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
GCM128_CONTEXT gcm;
if (in_len + gcm_ctx->tag_len < in_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + gcm_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -1152,14 +1149,14 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
GCM128_CONTEXT gcm;
if (in_len < gcm_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
plaintext_len = in_len - gcm_ctx->tag_len;
if (max_out_len < plaintext_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
@@ -1185,7 +1182,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -1239,7 +1236,7 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
const size_t key_bits = key_len * 8;
if (key_bits != 128 && key_bits != 256) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
@@ -1248,14 +1245,13 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len != 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init,
- CIPHER_R_UNSUPPORTED_TAG_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE);
return 0;
}
kw_ctx = OPENSSL_malloc(sizeof(struct aead_aes_key_wrap_ctx));
if (kw_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -1293,8 +1289,7 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t A[AES_BLOCK_SIZE];
if (ad_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE);
return 0;
}
@@ -1304,14 +1299,12 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
if (nonce_len != 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
if (in_len % 8 != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_INPUT_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE);
return 0;
}
@@ -1320,32 +1313,29 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
* conservatively cap it to 2^32-16 to stop 32-bit platforms complaining that
* a comparison is always true. */
if (in_len > 0xfffffff0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
n = in_len / 8;
if (n < 2) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_UNSUPPORTED_INPUT_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE);
return 0;
}
if (in_len + 8 < in_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (AES_set_encrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal,
- CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -1388,8 +1378,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t A[AES_BLOCK_SIZE];
if (ad_len != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_UNSUPPORTED_AD_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE);
return 0;
}
@@ -1399,14 +1388,12 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
if (nonce_len != 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
if (in_len % 8 != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_UNSUPPORTED_INPUT_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE);
return 0;
}
@@ -1415,26 +1402,24 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
* conservatively cap it to 2^32-8 to stop 32-bit platforms complaining that
* a comparison is always true. */
if (in_len > 0xfffffff8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (in_len < 24) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
n = (in_len / 8) - 1;
if (max_out_len < in_len - 8) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (AES_set_decrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open,
- CIPHER_R_AES_KEY_SETUP_FAILED);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
return 0;
}
@@ -1457,7 +1442,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
if (CRYPTO_memcmp(A, nonce, 8) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -1541,15 +1526,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
static const size_t hmac_key_len = 32;
if (key_len < hmac_key_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
const size_t aes_key_len = key_len - hmac_key_len;
if (aes_key_len != 16 && aes_key_len != 32) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- CIPHER_R_BAD_KEY_LENGTH);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; /* EVP_AEAD_CTX_init should catch this. */
}
@@ -1558,15 +1541,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- CIPHER_R_TAG_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE);
return 0;
}
aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx));
if (aes_ctx == NULL) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init,
- ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -1666,20 +1647,17 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
if (in_len + aes_ctx->tag_len < in_len ||
/* This input is so large it would overflow the 32-bit block counter. */
in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal,
- CIPHER_R_TOO_LARGE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + aes_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
@@ -1703,22 +1681,19 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t plaintext_len;
if (in_len < aes_ctx->tag_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
plaintext_len = in_len - aes_ctx->tag_len;
if (max_out_len < plaintext_len) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_BUFFER_TOO_SMALL);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
@@ -1727,8 +1702,7 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
&aes_ctx->outer_init_state, ad, ad_len, nonce, in,
plaintext_len);
if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) {
- OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open,
- CIPHER_R_BAD_DECRYPT);
+ OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}