summaryrefslogtreecommitdiff
path: root/cipher.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-12-07 10:41:55 +1100
committerDamien Miller <djm@mindrot.org>2013-12-07 10:41:55 +1100
commitbcd00abd8451f36142ae2ee10cc657202149201e (patch)
tree946db23f1ec607d9260e46b9f6f2422e0e9c970c /cipher.c
parentf0e9060d236c0e38bec2fa1c6579fb0a2ea6458d (diff)
downloadopenssh-git-bcd00abd8451f36142ae2ee10cc657202149201e.tar.gz
- markus@cvs.openbsd.org 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by default; details in PROTOCOL.key; feedback and lots help from djm; ok djm@
Diffstat (limited to 'cipher.c')
-rw-r--r--cipher.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/cipher.c b/cipher.c
index fbb73014..76e6c596 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.92 2013/12/02 03:13:14 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.93 2013/12/06 13:34:54 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -344,17 +344,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
* Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
* This tag is written on encryption and verified on decryption.
* Both 'aadlen' and 'authlen' can be set to 0.
+ * cipher_crypt() returns 0 on success and -1 if the decryption integrity
+ * check fails.
*/
-void
+int
cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
u_int len, u_int aadlen, u_int authlen)
{
- if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
- if (chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen,
- authlen, cc->encrypt) != 0)
- fatal("Decryption integrity check failed");
- return;
- }
+ if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
+ return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
+ aadlen, authlen, cc->encrypt);
if (authlen) {
u_char lastiv[1];
@@ -387,13 +386,14 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
if (cc->encrypt)
fatal("%s: EVP_Cipher(final) failed", __func__);
else
- fatal("Decryption integrity check failed");
+ return -1;
}
if (cc->encrypt &&
!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
authlen, dest + aadlen + len))
fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
}
+ return 0;
}
/* Extract the packet length, including any decryption necessary beforehand */