diff options
Diffstat (limited to 'openssl/crypto/evp')
-rw-r--r-- | openssl/crypto/evp/Makefile | 2 | ||||
-rw-r--r-- | openssl/crypto/evp/e_des3.c | 22 | ||||
-rw-r--r-- | openssl/crypto/evp/evp_enc.c | 58 |
3 files changed, 41 insertions, 41 deletions
diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile index fa25bff6b..5d0c6b7db 100644 --- a/openssl/crypto/evp/Makefile +++ b/openssl/crypto/evp/Makefile @@ -383,7 +383,7 @@ evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_enc.o: ../constant_time_locl.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h diff --git a/openssl/crypto/evp/e_des3.c b/openssl/crypto/evp/e_des3.c index 8d7b7de29..7e1e8b309 100644 --- a/openssl/crypto/evp/e_des3.c +++ b/openssl/crypto/evp/e_des3.c @@ -124,12 +124,11 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #ifdef KSSL_DEBUG { int i; - char *cp; - printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); - printf("\t iv= "); + fprintf(stderr,"des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ctx->buf_len); + fprintf(stderr,"\t iv= "); for(i=0;i<8;i++) - printf("%02X",ctx->iv[i]); - printf("\n"); + fprintf(stderr,"%02X",ctx->iv[i]); + fprintf(stderr,"\n"); } #endif /* KSSL_DEBUG */ while (inl>=EVP_MAXCHUNK) @@ -260,11 +259,14 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef KSSL_DEBUG { int i; - printf("des_ede3_init_key(ctx=%lx)\n", ctx); - printf("\tKEY= "); - for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); - printf("\t IV= "); - for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); + fprintf(stderr,"des_ede3_init_key(ctx=%p)\n", ctx); + fprintf(stderr,"\tKEY= "); + for(i=0;i<24;i++) fprintf(stderr,"%02X",key[i]); fprintf(stderr,"\n"); + if (iv) + { + fprintf(stderr,"\t IV= "); + for(i=0;i<8;i++) fprintf(stderr,"%02X",iv[i]); fprintf(stderr,"\n"); + } } #endif /* KSSL_DEBUG */ diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c index 7b1842a52..2e863ac54 100644 --- a/openssl/crypto/evp/evp_enc.c +++ b/openssl/crypto/evp/evp_enc.c @@ -67,7 +67,6 @@ #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif -#include "constant_time_locl.h" #include "evp_locl.h" #ifdef OPENSSL_FIPS @@ -501,21 +500,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - unsigned int i, b; - unsigned char pad, padding_good; + int i,n; + unsigned int b; *outl=0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - int ret = M_do_cipher(ctx, out, NULL, 0); - if (ret < 0) + i = M_do_cipher(ctx, out, NULL, 0); + if (i < 0) return 0; else - *outl = ret; + *outl = i; return 1; } - b=(unsigned int)(ctx->cipher->block_size); + b=ctx->cipher->block_size; if (ctx->flags & EVP_CIPH_NO_PADDING) { if(ctx->buf_len) @@ -534,34 +533,33 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) return(0); } OPENSSL_assert(b <= sizeof ctx->final); - pad=ctx->final[b-1]; - - padding_good = (unsigned char)(~constant_time_is_zero_8(pad)); - padding_good &= constant_time_ge_8(b, pad); - - for (i = 1; i < b; ++i) - { - unsigned char is_pad_index = constant_time_lt_8(i, pad); - unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad); - padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff); - } /* - * At least 1 byte is always padding, so we always write b - 1 - * bytes to avoid a timing leak. The caller is required to have |b| - * bytes space in |out| by the API contract. + * The following assumes that the ciphertext has been authenticated. + * Otherwise it provides a padding oracle. */ - for (i = 0; i < b - 1; ++i) - out[i] = ctx->final[i] & padding_good; - /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */ - *outl = padding_good & ((unsigned char)(b - pad)); - return padding_good & 1; + n=ctx->final[b-1]; + if (n == 0 || n > (int)b) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); + return(0); + } + for (i=0; i<n; i++) + { + if (ctx->final[--b] != n) + { + EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); + return(0); + } + } + n=ctx->cipher->block_size-n; + for (i=0; i<n; i++) + out[i]=ctx->final[i]; + *outl=n; } else - { - *outl = 0; - return 1; - } + *outl=0; + return(1); } void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) |