diff options
Diffstat (limited to 'src/mongo/crypto')
| -rw-r--r-- | src/mongo/crypto/aead_encryption.cpp | 27 | ||||
| -rw-r--r-- | src/mongo/crypto/mechanism_scram.h | 9 | ||||
| -rw-r--r-- | src/mongo/crypto/sha_block.h | 10 | ||||
| -rw-r--r-- | src/mongo/crypto/symmetric_crypto_apple.cpp | 4 | ||||
| -rw-r--r-- | src/mongo/crypto/symmetric_crypto_openssl.cpp | 9 |
5 files changed, 23 insertions, 36 deletions
diff --git a/src/mongo/crypto/aead_encryption.cpp b/src/mongo/crypto/aead_encryption.cpp index 030758850c1..b5e0ae4ce1c 100644 --- a/src/mongo/crypto/aead_encryption.cpp +++ b/src/mongo/crypto/aead_encryption.cpp @@ -101,9 +101,7 @@ Status _aesEncrypt(const SymmetricKey& key, if (len != aesCBCCipherOutputLength(inLen)) { return {ErrorCodes::BadValue, str::stream() << "Encrypt error, expected cipher text of length " - << aesCBCCipherOutputLength(inLen) - << " but found " - << len}; + << aesCBCCipherOutputLength(inLen) << " but found " << len}; } return Status::OK(); @@ -117,12 +115,11 @@ Status _aesDecrypt(const SymmetricKey& key, std::size_t outLen, std::size_t* resultLen) try { // Check the plaintext buffer can fit the product of decryption - auto[lowerBound, upperBound] = aesCBCExpectedPlaintextLen(in.length()); + auto [lowerBound, upperBound] = aesCBCExpectedPlaintextLen(in.length()); if (upperBound > outLen) { return {ErrorCodes::BadValue, str::stream() << "Cleartext buffer of size " << outLen - << " too small for output which can be as large as " - << upperBound + << " too small for output which can be as large as " << upperBound << "]"}; } @@ -145,13 +142,8 @@ Status _aesDecrypt(const SymmetricKey& key, if (*resultLen < lowerBound || *resultLen > upperBound) { return {ErrorCodes::BadValue, str::stream() << "Decrypt error, expected clear text length in interval" - << "[" - << lowerBound - << "," - << upperBound - << "]" - << "but found " - << *resultLen}; + << "[" << lowerBound << "," << upperBound << "]" + << "but found " << *resultLen}; } /* Check that padding was removed. @@ -211,8 +203,7 @@ Status aeadEncrypt(const SymmetricKey& key, return Status(ErrorCodes::BadValue, str::stream() << "AssociatedData for encryption is too large. Cannot be larger than " - << kMaxAssociatedDataLength - << " bytes."); + << kMaxAssociatedDataLength << " bytes."); } // According to the rfc on AES encryption, the associatedDataLength is defined as the @@ -292,8 +283,7 @@ Status aeadEncryptWithIV(ConstDataRange key, return Status(ErrorCodes::BadValue, str::stream() << "AssociatedData for encryption is too large. Cannot be larger than " - << kMaxAssociatedDataLength - << " bytes."); + << kMaxAssociatedDataLength << " bytes."); } const uint8_t* macKey = reinterpret_cast<const uint8_t*>(key.data()); @@ -357,8 +347,7 @@ Status aeadDecrypt(const SymmetricKey& key, return Status(ErrorCodes::BadValue, str::stream() << "AssociatedData for encryption is too large. Cannot be larger than " - << kMaxAssociatedDataLength - << " bytes."); + << kMaxAssociatedDataLength << " bytes."); } const uint8_t* macKey = key.getKey(); diff --git a/src/mongo/crypto/mechanism_scram.h b/src/mongo/crypto/mechanism_scram.h index ab3c39273fb..fcb16331830 100644 --- a/src/mongo/crypto/mechanism_scram.h +++ b/src/mongo/crypto/mechanism_scram.h @@ -291,11 +291,10 @@ public: Presecrets<HashBlock>(password, salt, iterationCount)); const auto encodedSalt = base64::encode(reinterpret_cast<const char*>(salt.data()), salt.size()); - return BSON(kIterationCountFieldName << iterationCount << kSaltFieldName << encodedSalt - << kStoredKeyFieldName - << secrets.storedKey().toString() - << kServerKeyFieldName - << secrets.serverKey().toString()); + return BSON(kIterationCountFieldName + << iterationCount << kSaltFieldName << encodedSalt << kStoredKeyFieldName + << secrets.storedKey().toString() << kServerKeyFieldName + << secrets.serverKey().toString()); } const HashBlock& clientKey() const { diff --git a/src/mongo/crypto/sha_block.h b/src/mongo/crypto/sha_block.h index 2d2c3684e07..78308bb568b 100644 --- a/src/mongo/crypto/sha_block.h +++ b/src/mongo/crypto/sha_block.h @@ -67,9 +67,9 @@ public: */ static StatusWith<SHABlock> fromBuffer(const uint8_t* input, size_t inputLen) { if (inputLen != kHashLength) { - return { - ErrorCodes::InvalidLength, - str::stream() << "Unsupported " << Traits::name << " hash length: " << inputLen}; + return {ErrorCodes::InvalidLength, + str::stream() << "Unsupported " << Traits::name + << " hash length: " << inputLen}; } HashType newHash; @@ -157,8 +157,8 @@ public: if (binData.length != kHashLength) { return {ErrorCodes::UnsupportedFormat, - str::stream() << "Unsupported " << Traits::name << " hash length: " - << binData.length}; + str::stream() << "Unsupported " << Traits::name + << " hash length: " << binData.length}; } HashType newHash; diff --git a/src/mongo/crypto/symmetric_crypto_apple.cpp b/src/mongo/crypto/symmetric_crypto_apple.cpp index 9ca5c9c0b1e..216e33b8fa8 100644 --- a/src/mongo/crypto/symmetric_crypto_apple.cpp +++ b/src/mongo/crypto/symmetric_crypto_apple.cpp @@ -66,9 +66,7 @@ public: // Therefore we expect a 128 bit block length. uassert(ErrorCodes::BadValue, str::stream() << "Invalid ivlen for selected algorithm, expected " - << kCCBlockSizeAES128 - << ", got " - << ivLen, + << kCCBlockSizeAES128 << ", got " << ivLen, ivLen == kCCBlockSizeAES128); CCCryptorRef context = nullptr; diff --git a/src/mongo/crypto/symmetric_crypto_openssl.cpp b/src/mongo/crypto/symmetric_crypto_openssl.cpp index 6329331a511..4e661b98bbd 100644 --- a/src/mongo/crypto/symmetric_crypto_openssl.cpp +++ b/src/mongo/crypto/symmetric_crypto_openssl.cpp @@ -63,8 +63,8 @@ void initCipherContext( } } uassert(ErrorCodes::BadValue, - str::stream() << "Unrecognized AES key size/cipher mode. Size: " << keySize << " Mode: " - << getStringFromCipherMode(mode), + str::stream() << "Unrecognized AES key size/cipher mode. Size: " << keySize + << " Mode: " << getStringFromCipherMode(mode), cipher); const bool initOk = (1 == init(ctx, cipher, nullptr, key.getKey(), iv)); @@ -188,8 +188,9 @@ public: // validateEncryptionOption asserts that platforms without GCM will never start in GCM mode if (_mode == aesMode::gcm) { #ifdef EVP_CTRL_GCM_GET_TAG - if (1 != EVP_CIPHER_CTX_ctrl( - _ctx.get(), EVP_CTRL_GCM_SET_TAG, tagLen, const_cast<uint8_t*>(tag))) { + if (1 != + EVP_CIPHER_CTX_ctrl( + _ctx.get(), EVP_CTRL_GCM_SET_TAG, tagLen, const_cast<uint8_t*>(tag))) { return Status(ErrorCodes::UnknownError, str::stream() << "Unable to set GCM tag: " |