diff options
| author | orivej <orivej@yandex-team.ru> | 2022-02-10 16:45:01 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:01 +0300 |
| commit | 2d37894b1b037cf24231090eda8589bbb44fb6fc (patch) | |
| tree | be835aa92c6248212e705f25388ebafcf84bc7a1 /contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto | |
| parent | 718c552901d703c502ccbefdfc3c9028d608b947 (diff) | |
| download | ydb-2d37894b1b037cf24231090eda8589bbb44fb6fc.tar.gz | |
Restoring authorship annotation for <orivej@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto')
12 files changed, 433 insertions, 433 deletions
diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Cipher.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Cipher.cpp index 03a518f073..1c844273f4 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Cipher.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Cipher.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/Cipher.h> #include <aws/core/utils/crypto/Factories.h> @@ -27,31 +27,31 @@ namespace Aws //swap byte ordering template<class T> typename std::enable_if<std::is_unsigned<T>::value, T>::type - bswap(T i, T j = 0u, std::size_t n = 0u) + bswap(T i, T j = 0u, std::size_t n = 0u) { return n == sizeof(T) ? j : bswap<T>(i >> CHAR_BIT, (j << CHAR_BIT) | (i & (T)(unsigned char)(-1)), n + 1); } CryptoBuffer IncrementCTRCounter(const CryptoBuffer& counter, uint32_t numberOfBlocks) - { + { // minium counter size is 12 bytes. This isn't a variable because some compilers // are stupid and thing that variable is unused. assert(counter.GetLength() >= 12); - CryptoBuffer incrementedCounter(counter); + CryptoBuffer incrementedCounter(counter); //get the last 4 bytes and manipulate them as an integer. - uint32_t* ctrPtr = (uint32_t*)(incrementedCounter.GetUnderlyingData() + incrementedCounter.GetLength() - sizeof(int32_t)); + uint32_t* ctrPtr = (uint32_t*)(incrementedCounter.GetUnderlyingData() + incrementedCounter.GetLength() - sizeof(int32_t)); if(IS_BIG_ENDIAN) { //you likely are not Big Endian, but //if it's big endian, just go ahead and increment it... done - *ctrPtr += numberOfBlocks; + *ctrPtr += numberOfBlocks; } else { - //otherwise, swap the byte ordering of the integer we loaded from the buffer (because it is backwards). However, the number of blocks is already properly + //otherwise, swap the byte ordering of the integer we loaded from the buffer (because it is backwards). However, the number of blocks is already properly //aligned. Once we compute the new value, swap it back so that the mirroring operation goes back to the actual buffer. *ctrPtr = bswap<uint32_t>(bswap<uint32_t>(*ctrPtr) + numberOfBlocks); } @@ -65,14 +65,14 @@ namespace Aws CryptoBuffer bytes(lengthBytes); size_t lengthToGenerate = ctrMode ? (3 * bytes.GetLength()) / 4 : bytes.GetLength(); - + rng->GetBytes(bytes.GetUnderlyingData(), lengthToGenerate); if(!*rng) { AWS_LOGSTREAM_FATAL(LOG_TAG, "Random Number generation failed. Abort all crypto operations."); assert(false); - abort(); + abort(); } return bytes; diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoMaterial.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoMaterial.cpp index 38542bef76..3036bd70eb 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoMaterial.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoMaterial.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/ContentCryptoMaterial.h> #include <aws/core/utils/crypto/Cipher.h> diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoScheme.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoScheme.cpp index 7bd0fd8d75..f39a75df2c 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoScheme.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/ContentCryptoScheme.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/ContentCryptoScheme.h> #include <aws/core/utils/HashingUtils.h> #include <aws/core/utils/EnumParseOverflowContainer.h> diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoBuf.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoBuf.cpp index 9e000ad1b4..2b47097679 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoBuf.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoBuf.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/CryptoBuf.h> @@ -94,7 +94,7 @@ namespace Aws if (cryptoBuffer.GetLength() && m_cipher) { CryptoBuffer putBackArea(m_putBack); - + m_isBuf = CryptoBuffer({&putBackArea, &cryptoBuffer}); //in the very unlikely case that the cipher had less output than the source stream. assert(seekTo <= index); @@ -294,19 +294,19 @@ namespace Aws if(cryptoBuf.GetLength()) { //allow mid block decryption. We have to decrypt it, but we don't have to write it to the stream. - //the assumption here is that tellp() will always be 0 or >= 16 bytes. The block offset should only + //the assumption here is that tellp() will always be 0 or >= 16 bytes. The block offset should only //be the offset of the first block read. - size_t len = cryptoBuf.GetLength(); - size_t blockOffset = m_stream.tellp() > m_blockOffset ? 0 : m_blockOffset; - if (len > blockOffset) - { - m_stream.write(reinterpret_cast<char*>(cryptoBuf.GetUnderlyingData() + blockOffset), len - blockOffset); - m_blockOffset = 0; - } - else - { - m_blockOffset -= static_cast<int16_t>(len); - } + size_t len = cryptoBuf.GetLength(); + size_t blockOffset = m_stream.tellp() > m_blockOffset ? 0 : m_blockOffset; + if (len > blockOffset) + { + m_stream.write(reinterpret_cast<char*>(cryptoBuf.GetUnderlyingData() + blockOffset), len - blockOffset); + m_blockOffset = 0; + } + else + { + m_blockOffset -= static_cast<int16_t>(len); + } } return true; } diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoStream.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoStream.cpp index 7d46b9d9ea..2d645f7427 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoStream.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/CryptoStream.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/CryptoStream.h> namespace Aws @@ -44,7 +44,7 @@ namespace Aws void SymmetricCryptoStream::Finalize() { - assert(m_cryptoBuf); + assert(m_cryptoBuf); m_cryptoBuf->Finalize(); } } diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/EncryptionMaterials.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/EncryptionMaterials.cpp index 7ea98027ff..d000c86baa 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/EncryptionMaterials.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/EncryptionMaterials.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/EncryptionMaterials.h> namespace Aws diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/KeyWrapAlgorithm.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/KeyWrapAlgorithm.cpp index 9b9b5b144f..b9e098775c 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/KeyWrapAlgorithm.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/KeyWrapAlgorithm.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/KeyWrapAlgorithm.h> #include <aws/core/utils/HashingUtils.h> #include <aws/core/utils/EnumParseOverflowContainer.h> @@ -18,9 +18,9 @@ namespace Aws namespace KeyWrapAlgorithmMapper { static const int keyWrapAlgorithm_KMS_HASH = HashingUtils::HashString("kms"); - static const int keyWrapAlgorithm_KMS_CONTEXT_HASH = HashingUtils::HashString("kms+context"); + static const int keyWrapAlgorithm_KMS_CONTEXT_HASH = HashingUtils::HashString("kms+context"); static const int keyWrapAlgorithm_KeyWrap_HASH = HashingUtils::HashString("AESWrap"); - static const int keyWrapAlgorithm_AES_GCM_HASH = HashingUtils::HashString("AES/GCM"); + static const int keyWrapAlgorithm_AES_GCM_HASH = HashingUtils::HashString("AES/GCM"); KeyWrapAlgorithm GetKeyWrapAlgorithmForName(const Aws::String& name) { @@ -29,17 +29,17 @@ namespace Aws { return KeyWrapAlgorithm::KMS; } - else if (hashcode == keyWrapAlgorithm_KMS_CONTEXT_HASH) - { - return KeyWrapAlgorithm::KMS_CONTEXT; - } + else if (hashcode == keyWrapAlgorithm_KMS_CONTEXT_HASH) + { + return KeyWrapAlgorithm::KMS_CONTEXT; + } else if (hashcode == keyWrapAlgorithm_KeyWrap_HASH) { return KeyWrapAlgorithm::AES_KEY_WRAP; - } - else if (hashcode == keyWrapAlgorithm_AES_GCM_HASH) - { - return KeyWrapAlgorithm::AES_GCM; + } + else if (hashcode == keyWrapAlgorithm_AES_GCM_HASH) + { + return KeyWrapAlgorithm::AES_GCM; } assert(0); return KeyWrapAlgorithm::NONE; @@ -51,12 +51,12 @@ namespace Aws { case KeyWrapAlgorithm::KMS: return "kms"; - case KeyWrapAlgorithm::KMS_CONTEXT: - return "kms+context"; + case KeyWrapAlgorithm::KMS_CONTEXT: + return "kms+context"; case KeyWrapAlgorithm::AES_KEY_WRAP: return "AESWrap"; - case KeyWrapAlgorithm::AES_GCM: - return "AES/GCM"; + case KeyWrapAlgorithm::AES_GCM: + return "AES/GCM"; default: assert(0); } @@ -65,4 +65,4 @@ namespace Aws }//namespace KeyWrapAlgorithmMapper }//namespace Crypto }//namespace Utils -}//namespace Aws +}//namespace Aws diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/MD5.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/MD5.cpp index 3a26004c79..bf14ace1ad 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/MD5.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/MD5.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/MD5.h> diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256.cpp index a9a36e6b3b..178df00d37 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/Sha256.h> diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256HMAC.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256HMAC.cpp index a1a362bb9c..ecc1f06529 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256HMAC.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/Sha256HMAC.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/Sha256HMAC.h> diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/factory/Factories.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/factory/Factories.cpp index 220968cffc..bff0382241 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/factory/Factories.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/factory/Factories.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <aws/core/utils/crypto/Factories.h> @@ -9,11 +9,11 @@ #include <aws/core/utils/crypto/HMAC.h> #if ENABLE_BCRYPT_ENCRYPTION - #error #include <aws/core/utils/crypto/bcrypt/CryptoImpl.h> + #error #include <aws/core/utils/crypto/bcrypt/CryptoImpl.h> #elif ENABLE_OPENSSL_ENCRYPTION #include <aws/core/utils/crypto/openssl/CryptoImpl.h> #elif ENABLE_COMMONCRYPTO_ENCRYPTION - #error #include <aws/core/utils/crypto/commoncrypto/CryptoImpl.h> + #error #include <aws/core/utils/crypto/commoncrypto/CryptoImpl.h> #include <aws/core/utils/logging/LogMacros.h> #else // if you don't have any encryption you still need to pull in the interface definitions @@ -29,60 +29,60 @@ using namespace Aws::Utils::Crypto; static const char *s_allocationTag = "CryptoFactory"; -static std::shared_ptr<HashFactory>& GetMD5Factory() -{ - static std::shared_ptr<HashFactory> s_MD5Factory(nullptr); - return s_MD5Factory; -} - -static std::shared_ptr<HashFactory>& GetSha256Factory() -{ - static std::shared_ptr<HashFactory> s_Sha256Factory(nullptr); - return s_Sha256Factory; -} - -static std::shared_ptr<HMACFactory>& GetSha256HMACFactory() -{ - static std::shared_ptr<HMACFactory> s_Sha256HMACFactory(nullptr); - return s_Sha256HMACFactory; -} - -static std::shared_ptr<SymmetricCipherFactory>& GetAES_CBCFactory() -{ - static std::shared_ptr<SymmetricCipherFactory> s_AES_CBCFactory(nullptr); - return s_AES_CBCFactory; -} - -static std::shared_ptr<SymmetricCipherFactory>& GetAES_CTRFactory() -{ - static std::shared_ptr<SymmetricCipherFactory> s_AES_CTRFactory(nullptr); - return s_AES_CTRFactory; -} - -static std::shared_ptr<SymmetricCipherFactory>& GetAES_GCMFactory() -{ - static std::shared_ptr<SymmetricCipherFactory> s_AES_GCMFactory(nullptr); - return s_AES_GCMFactory; -} - -static std::shared_ptr<SymmetricCipherFactory>& GetAES_KeyWrapFactory() -{ - static std::shared_ptr<SymmetricCipherFactory> s_AES_KeyWrapFactory(nullptr); - return s_AES_KeyWrapFactory; -} - -static std::shared_ptr<SecureRandomFactory>& GetSecureRandomFactory() -{ - static std::shared_ptr<SecureRandomFactory> s_SecureRandomFactory(nullptr); - return s_SecureRandomFactory; -} - -static std::shared_ptr<SecureRandomBytes>& GetSecureRandom() -{ - static std::shared_ptr<SecureRandomBytes> s_SecureRandom(nullptr); - return s_SecureRandom; -} - +static std::shared_ptr<HashFactory>& GetMD5Factory() +{ + static std::shared_ptr<HashFactory> s_MD5Factory(nullptr); + return s_MD5Factory; +} + +static std::shared_ptr<HashFactory>& GetSha256Factory() +{ + static std::shared_ptr<HashFactory> s_Sha256Factory(nullptr); + return s_Sha256Factory; +} + +static std::shared_ptr<HMACFactory>& GetSha256HMACFactory() +{ + static std::shared_ptr<HMACFactory> s_Sha256HMACFactory(nullptr); + return s_Sha256HMACFactory; +} + +static std::shared_ptr<SymmetricCipherFactory>& GetAES_CBCFactory() +{ + static std::shared_ptr<SymmetricCipherFactory> s_AES_CBCFactory(nullptr); + return s_AES_CBCFactory; +} + +static std::shared_ptr<SymmetricCipherFactory>& GetAES_CTRFactory() +{ + static std::shared_ptr<SymmetricCipherFactory> s_AES_CTRFactory(nullptr); + return s_AES_CTRFactory; +} + +static std::shared_ptr<SymmetricCipherFactory>& GetAES_GCMFactory() +{ + static std::shared_ptr<SymmetricCipherFactory> s_AES_GCMFactory(nullptr); + return s_AES_GCMFactory; +} + +static std::shared_ptr<SymmetricCipherFactory>& GetAES_KeyWrapFactory() +{ + static std::shared_ptr<SymmetricCipherFactory> s_AES_KeyWrapFactory(nullptr); + return s_AES_KeyWrapFactory; +} + +static std::shared_ptr<SecureRandomFactory>& GetSecureRandomFactory() +{ + static std::shared_ptr<SecureRandomFactory> s_SecureRandomFactory(nullptr); + return s_SecureRandomFactory; +} + +static std::shared_ptr<SecureRandomBytes>& GetSecureRandom() +{ + static std::shared_ptr<SecureRandomBytes> s_SecureRandom(nullptr); + return s_SecureRandom; +} + static bool s_InitCleanupOpenSSLFlag(false); class DefaultMD5Factory : public HashFactory @@ -240,7 +240,7 @@ public: /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer&, const CryptoBuffer&) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer&, const CryptoBuffer&) const override { #if ENABLE_BCRYPT_ENCRYPTION return Aws::MakeShared<AES_CBC_Cipher_BCrypt>(s_allocationTag, key, iv); @@ -258,7 +258,7 @@ public: /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&&, CryptoBuffer&&) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&&, CryptoBuffer&&) const override { #if ENABLE_BCRYPT_ENCRYPTION return Aws::MakeShared<AES_CBC_Cipher_BCrypt>(s_allocationTag, key, iv); @@ -322,7 +322,7 @@ public: /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer&, const CryptoBuffer&) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer&, const CryptoBuffer&) const override { #if ENABLE_BCRYPT_ENCRYPTION return Aws::MakeShared<AES_CTR_Cipher_BCrypt>(s_allocationTag, key, iv); @@ -340,7 +340,7 @@ public: /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&&, CryptoBuffer&&) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&&, CryptoBuffer&&) const override { #if ENABLE_BCRYPT_ENCRYPTION return Aws::MakeShared<AES_CTR_Cipher_BCrypt>(s_allocationTag, key, iv); @@ -395,64 +395,64 @@ public: #elif ENABLE_OPENSSL_ENCRYPTION return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, key); #elif ENABLE_COMMONCRYPTO_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, key); -#else + return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, key); +#else AWS_UNREFERENCED_PARAM(key); - + return nullptr; -#endif - } - - std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer* aad) const override - { -#if ENABLE_BCRYPT_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_BCrypt>(s_allocationTag, key, aad); -#elif ENABLE_OPENSSL_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, key, aad); -#elif ENABLE_COMMONCRYPTO_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, key, aad); +#endif + } + + std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer* aad) const override + { +#if ENABLE_BCRYPT_ENCRYPTION + return Aws::MakeShared<AES_GCM_Cipher_BCrypt>(s_allocationTag, key, aad); +#elif ENABLE_OPENSSL_ENCRYPTION + return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, key, aad); +#elif ENABLE_COMMONCRYPTO_ENCRYPTION + return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, key, aad); #else AWS_UNREFERENCED_PARAM(key); - AWS_UNREFERENCED_PARAM(aad); + AWS_UNREFERENCED_PARAM(aad); return nullptr; #endif } - + /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer& tag, const CryptoBuffer& aad) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer& tag, const CryptoBuffer& aad) const override { #if ENABLE_BCRYPT_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_BCrypt>(s_allocationTag, key, iv, tag, aad); + return Aws::MakeShared<AES_GCM_Cipher_BCrypt>(s_allocationTag, key, iv, tag, aad); #elif ENABLE_OPENSSL_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, key, iv, tag, aad); + return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, key, iv, tag, aad); #elif ENABLE_COMMONCRYPTO_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, key, iv, tag, aad); + return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, key, iv, tag, aad); #else AWS_UNREFERENCED_PARAM(key); AWS_UNREFERENCED_PARAM(iv); AWS_UNREFERENCED_PARAM(tag); - AWS_UNREFERENCED_PARAM(aad); + AWS_UNREFERENCED_PARAM(aad); return nullptr; #endif } /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&& tag, CryptoBuffer&& aad) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&& tag, CryptoBuffer&& aad) const override { #if ENABLE_BCRYPT_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_BCrypt>(s_allocationTag, std::move(key), std::move(iv), std::move(tag), std::move(aad)); + return Aws::MakeShared<AES_GCM_Cipher_BCrypt>(s_allocationTag, std::move(key), std::move(iv), std::move(tag), std::move(aad)); #elif ENABLE_OPENSSL_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, std::move(key), std::move(iv), std::move(tag), std::move(aad)); + return Aws::MakeShared<AES_GCM_Cipher_OpenSSL>(s_allocationTag, std::move(key), std::move(iv), std::move(tag), std::move(aad)); #elif ENABLE_COMMONCRYPTO_ENCRYPTION - return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, std::move(key), std::move(iv), std::move(tag), std::move(aad)); + return Aws::MakeShared<AES_GCM_Cipher_CommonCrypto>(s_allocationTag, std::move(key), std::move(iv), std::move(tag), std::move(aad)); #else AWS_UNREFERENCED_PARAM(key); AWS_UNREFERENCED_PARAM(iv); AWS_UNREFERENCED_PARAM(tag); - AWS_UNREFERENCED_PARAM(aad); + AWS_UNREFERENCED_PARAM(aad); return nullptr; #endif } @@ -505,7 +505,7 @@ public: /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer& tag, const CryptoBuffer&) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer& tag, const CryptoBuffer&) const override { AWS_UNREFERENCED_PARAM(key); AWS_UNREFERENCED_PARAM(iv); @@ -515,7 +515,7 @@ public: /** * Factory method. Returns cipher implementation. See the SymmetricCipher class for more details. */ - std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&& tag, CryptoBuffer&&) const override + std::shared_ptr<SymmetricCipher> CreateImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&& tag, CryptoBuffer&&) const override { AWS_UNREFERENCED_PARAM(key); AWS_UNREFERENCED_PARAM(iv); @@ -606,190 +606,190 @@ void Aws::Utils::Crypto::SetInitCleanupOpenSSLFlag(bool initCleanupFlag) void Aws::Utils::Crypto::InitCrypto() { - if(GetMD5Factory()) + if(GetMD5Factory()) { - GetMD5Factory()->InitStaticState(); + GetMD5Factory()->InitStaticState(); } else { - GetMD5Factory() = Aws::MakeShared<DefaultMD5Factory>(s_allocationTag); - GetMD5Factory()->InitStaticState(); + GetMD5Factory() = Aws::MakeShared<DefaultMD5Factory>(s_allocationTag); + GetMD5Factory()->InitStaticState(); } - if(GetSha256Factory()) + if(GetSha256Factory()) { - GetSha256Factory()->InitStaticState(); + GetSha256Factory()->InitStaticState(); } else { - GetSha256Factory() = Aws::MakeShared<DefaultSHA256Factory>(s_allocationTag); - GetSha256Factory()->InitStaticState(); + GetSha256Factory() = Aws::MakeShared<DefaultSHA256Factory>(s_allocationTag); + GetSha256Factory()->InitStaticState(); } - if(GetSha256HMACFactory()) + if(GetSha256HMACFactory()) { - GetSha256HMACFactory()->InitStaticState(); + GetSha256HMACFactory()->InitStaticState(); } else { - GetSha256HMACFactory() = Aws::MakeShared<DefaultSHA256HmacFactory>(s_allocationTag); - GetSha256HMACFactory()->InitStaticState(); + GetSha256HMACFactory() = Aws::MakeShared<DefaultSHA256HmacFactory>(s_allocationTag); + GetSha256HMACFactory()->InitStaticState(); } - if(GetAES_CBCFactory()) + if(GetAES_CBCFactory()) { - GetAES_CBCFactory()->InitStaticState(); + GetAES_CBCFactory()->InitStaticState(); } else { - GetAES_CBCFactory() = Aws::MakeShared<DefaultAES_CBCFactory>(s_allocationTag); - GetAES_CBCFactory()->InitStaticState(); + GetAES_CBCFactory() = Aws::MakeShared<DefaultAES_CBCFactory>(s_allocationTag); + GetAES_CBCFactory()->InitStaticState(); } - if(GetAES_CTRFactory()) + if(GetAES_CTRFactory()) { - GetAES_CTRFactory()->InitStaticState(); + GetAES_CTRFactory()->InitStaticState(); } else { - GetAES_CTRFactory() = Aws::MakeShared<DefaultAES_CTRFactory>(s_allocationTag); - GetAES_CTRFactory()->InitStaticState(); + GetAES_CTRFactory() = Aws::MakeShared<DefaultAES_CTRFactory>(s_allocationTag); + GetAES_CTRFactory()->InitStaticState(); } - if(GetAES_GCMFactory()) + if(GetAES_GCMFactory()) { - GetAES_GCMFactory()->InitStaticState(); + GetAES_GCMFactory()->InitStaticState(); } else { - GetAES_GCMFactory() = Aws::MakeShared<DefaultAES_GCMFactory>(s_allocationTag); - GetAES_GCMFactory()->InitStaticState(); + GetAES_GCMFactory() = Aws::MakeShared<DefaultAES_GCMFactory>(s_allocationTag); + GetAES_GCMFactory()->InitStaticState(); } - if (!GetAES_KeyWrapFactory()) + if (!GetAES_KeyWrapFactory()) { - GetAES_KeyWrapFactory() = Aws::MakeShared<DefaultAES_KeyWrapFactory>(s_allocationTag); + GetAES_KeyWrapFactory() = Aws::MakeShared<DefaultAES_KeyWrapFactory>(s_allocationTag); } - GetAES_KeyWrapFactory()->InitStaticState(); + GetAES_KeyWrapFactory()->InitStaticState(); - if(GetSecureRandomFactory()) + if(GetSecureRandomFactory()) { - GetSecureRandomFactory()->InitStaticState(); + GetSecureRandomFactory()->InitStaticState(); } else { - GetSecureRandomFactory() = Aws::MakeShared<DefaultSecureRandFactory>(s_allocationTag); - GetSecureRandomFactory()->InitStaticState(); - } - - GetSecureRandom() = GetSecureRandomFactory()->CreateImplementation(); + GetSecureRandomFactory() = Aws::MakeShared<DefaultSecureRandFactory>(s_allocationTag); + GetSecureRandomFactory()->InitStaticState(); + } + + GetSecureRandom() = GetSecureRandomFactory()->CreateImplementation(); } void Aws::Utils::Crypto::CleanupCrypto() { - if(GetMD5Factory()) + if(GetMD5Factory()) { - GetMD5Factory()->CleanupStaticState(); - GetMD5Factory() = nullptr; + GetMD5Factory()->CleanupStaticState(); + GetMD5Factory() = nullptr; } - if(GetSha256Factory()) + if(GetSha256Factory()) { - GetSha256Factory()->CleanupStaticState(); - GetSha256Factory() = nullptr; + GetSha256Factory()->CleanupStaticState(); + GetSha256Factory() = nullptr; } - if(GetSha256HMACFactory()) + if(GetSha256HMACFactory()) { - GetSha256HMACFactory()->CleanupStaticState(); - GetSha256HMACFactory() = nullptr; + GetSha256HMACFactory()->CleanupStaticState(); + GetSha256HMACFactory() = nullptr; } - if(GetAES_CBCFactory()) + if(GetAES_CBCFactory()) { - GetAES_CBCFactory()->CleanupStaticState(); - GetAES_CBCFactory() = nullptr; + GetAES_CBCFactory()->CleanupStaticState(); + GetAES_CBCFactory() = nullptr; } - if(GetAES_CTRFactory()) + if(GetAES_CTRFactory()) { - GetAES_CTRFactory()->CleanupStaticState(); - GetAES_CTRFactory() = nullptr; + GetAES_CTRFactory()->CleanupStaticState(); + GetAES_CTRFactory() = nullptr; } - if(GetAES_GCMFactory()) + if(GetAES_GCMFactory()) { - GetAES_GCMFactory()->CleanupStaticState(); - GetAES_GCMFactory() = nullptr; + GetAES_GCMFactory()->CleanupStaticState(); + GetAES_GCMFactory() = nullptr; } - if(GetAES_KeyWrapFactory()) + if(GetAES_KeyWrapFactory()) { - GetAES_KeyWrapFactory()->CleanupStaticState(); - GetAES_KeyWrapFactory() = nullptr; + GetAES_KeyWrapFactory()->CleanupStaticState(); + GetAES_KeyWrapFactory() = nullptr; } - if(GetSecureRandomFactory()) + if(GetSecureRandomFactory()) { - GetSecureRandom() = nullptr; - GetSecureRandomFactory()->CleanupStaticState(); - GetSecureRandomFactory() = nullptr; - } + GetSecureRandom() = nullptr; + GetSecureRandomFactory()->CleanupStaticState(); + GetSecureRandomFactory() = nullptr; + } } void Aws::Utils::Crypto::SetMD5Factory(const std::shared_ptr<HashFactory>& factory) { - GetMD5Factory() = factory; + GetMD5Factory() = factory; } void Aws::Utils::Crypto::SetSha256Factory(const std::shared_ptr<HashFactory>& factory) { - GetSha256Factory() = factory; + GetSha256Factory() = factory; } void Aws::Utils::Crypto::SetSha256HMACFactory(const std::shared_ptr<HMACFactory>& factory) { - GetSha256HMACFactory() = factory; + GetSha256HMACFactory() = factory; } void Aws::Utils::Crypto::SetAES_CBCFactory(const std::shared_ptr<SymmetricCipherFactory>& factory) { - GetAES_CBCFactory() = factory; + GetAES_CBCFactory() = factory; } void Aws::Utils::Crypto::SetAES_CTRFactory(const std::shared_ptr<SymmetricCipherFactory>& factory) { - GetAES_CTRFactory() = factory; + GetAES_CTRFactory() = factory; } void Aws::Utils::Crypto::SetAES_GCMFactory(const std::shared_ptr<SymmetricCipherFactory>& factory) { - GetAES_GCMFactory() = factory; + GetAES_GCMFactory() = factory; } void Aws::Utils::Crypto::SetAES_KeyWrapFactory(const std::shared_ptr<SymmetricCipherFactory>& factory) { - GetAES_KeyWrapFactory() = factory; + GetAES_KeyWrapFactory() = factory; } void Aws::Utils::Crypto::SetSecureRandomFactory(const std::shared_ptr<SecureRandomFactory>& factory) { - GetSecureRandomFactory() = factory; + GetSecureRandomFactory() = factory; } std::shared_ptr<Hash> Aws::Utils::Crypto::CreateMD5Implementation() { - return GetMD5Factory()->CreateImplementation(); + return GetMD5Factory()->CreateImplementation(); } std::shared_ptr<Hash> Aws::Utils::Crypto::CreateSha256Implementation() { - return GetSha256Factory()->CreateImplementation(); + return GetSha256Factory()->CreateImplementation(); } std::shared_ptr<Aws::Utils::Crypto::HMAC> Aws::Utils::Crypto::CreateSha256HMACImplementation() { - return GetSha256HMACFactory()->CreateImplementation(); + return GetSha256HMACFactory()->CreateImplementation(); } #ifdef _WIN32 @@ -802,7 +802,7 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CBCImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_CBCFactory()->CreateImplementation(key); + return GetAES_CBCFactory()->CreateImplementation(key); } std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CBCImplementation(const CryptoBuffer& key, const CryptoBuffer& iv) @@ -810,7 +810,7 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CBCImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_CBCFactory()->CreateImplementation(key, iv); + return GetAES_CBCFactory()->CreateImplementation(key, iv); } std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CBCImplementation(CryptoBuffer&& key, CryptoBuffer&& iv) @@ -818,7 +818,7 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CBCImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_CBCFactory()->CreateImplementation(std::move(key), std::move(iv)); + return GetAES_CBCFactory()->CreateImplementation(std::move(key), std::move(iv)); } std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CTRImplementation(const CryptoBuffer& key) @@ -826,7 +826,7 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CTRImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_CTRFactory()->CreateImplementation(key); + return GetAES_CTRFactory()->CreateImplementation(key); } std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CTRImplementation(const CryptoBuffer& key, const CryptoBuffer& iv) @@ -834,7 +834,7 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CTRImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_CTRFactory()->CreateImplementation(key, iv); + return GetAES_CTRFactory()->CreateImplementation(key, iv); } std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CTRImplementation(CryptoBuffer&& key, CryptoBuffer&& iv) @@ -842,7 +842,7 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_CTRImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_CTRFactory()->CreateImplementation(std::move(key), std::move(iv)); + return GetAES_CTRFactory()->CreateImplementation(std::move(key), std::move(iv)); } std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(const CryptoBuffer& key) @@ -850,39 +850,39 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_GCMFactory()->CreateImplementation(key); + return GetAES_GCMFactory()->CreateImplementation(key); +} + +std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(const CryptoBuffer& key, const CryptoBuffer* aad) +{ +#ifdef NO_SYMMETRIC_ENCRYPTION + return nullptr; +#endif + return GetAES_GCMFactory()->CreateImplementation(key, aad); } -std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(const CryptoBuffer& key, const CryptoBuffer* aad) +std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer& tag, const CryptoBuffer& aad) { #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_GCMFactory()->CreateImplementation(key, aad); + return GetAES_GCMFactory()->CreateImplementation(key, iv, tag, aad); } -std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(const CryptoBuffer& key, const CryptoBuffer& iv, const CryptoBuffer& tag, const CryptoBuffer& aad) +std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&& tag, CryptoBuffer&& aad) { #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_GCMFactory()->CreateImplementation(key, iv, tag, aad); + return GetAES_GCMFactory()->CreateImplementation(std::move(key), std::move(iv), std::move(tag), std::move(aad)); } -std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_GCMImplementation(CryptoBuffer&& key, CryptoBuffer&& iv, CryptoBuffer&& tag, CryptoBuffer&& aad) -{ -#ifdef NO_SYMMETRIC_ENCRYPTION - return nullptr; -#endif - return GetAES_GCMFactory()->CreateImplementation(std::move(key), std::move(iv), std::move(tag), std::move(aad)); -} - std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_KeyWrapImplementation(const CryptoBuffer& key) { #ifdef NO_SYMMETRIC_ENCRYPTION return nullptr; #endif - return GetAES_KeyWrapFactory()->CreateImplementation(key); + return GetAES_KeyWrapFactory()->CreateImplementation(key); } #ifdef _WIN32 @@ -891,5 +891,5 @@ std::shared_ptr<SymmetricCipher> Aws::Utils::Crypto::CreateAES_KeyWrapImplementa std::shared_ptr<SecureRandomBytes> Aws::Utils::Crypto::CreateSecureRandomBytesImplementation() { - return GetSecureRandom(); + return GetSecureRandom(); } diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/openssl/CryptoImpl.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/openssl/CryptoImpl.cpp index b76930d1fc..911838864b 100644 --- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/openssl/CryptoImpl.cpp +++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/utils/crypto/openssl/CryptoImpl.cpp @@ -1,7 +1,7 @@ -/** - * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0. - */ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ #include <cstring> @@ -9,21 +9,21 @@ #include <aws/core/utils/crypto/openssl/CryptoImpl.h> #include <aws/core/utils/Outcome.h> #include <openssl/md5.h> - -#ifdef OPENSSL_IS_BORINGSSL -#ifdef _MSC_VER -AWS_SUPPRESS_WARNING_PUSH(4201) -#else -AWS_SUPPRESS_WARNING_PUSH("-Wpedantic") -#endif -#endif - + +#ifdef OPENSSL_IS_BORINGSSL +#ifdef _MSC_VER +AWS_SUPPRESS_WARNING_PUSH(4201) +#else +AWS_SUPPRESS_WARNING_PUSH("-Wpedantic") +#endif +#endif + #include <openssl/sha.h> - -#ifdef OPENSSL_IS_BORINGSSL -AWS_SUPPRESS_WARNING_POP -#endif - + +#ifdef OPENSSL_IS_BORINGSSL +AWS_SUPPRESS_WARNING_POP +#endif + #include <openssl/err.h> #include <aws/core/utils/logging/LogMacros.h> #include <thread> @@ -41,7 +41,7 @@ namespace Aws { /** * openssl with OPENSSL_VERSION_NUMBER < 0x10100003L made data type details unavailable - * libressl use openssl with data type details available, but mandatorily set + * libressl use openssl with data type details available, but mandatorily set * OPENSSL_VERSION_NUMBER = 0x20000000L, insane! * https://github.com/aws/aws-sdk-cpp/pull/507/commits/2c99f1fe0c4b4683280caeb161538d4724d6a179 */ @@ -60,14 +60,14 @@ namespace Aws void init_static_state() { -#if OPENSSL_VERSION_LESS_1_1 || defined(OPENSSL_IS_BORINGSSL) - ERR_load_crypto_strings(); -#else - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS /*options*/ ,NULL /* OpenSSL init settings*/ ); -#endif -#if !defined(OPENSSL_IS_BORINGSSL) +#if OPENSSL_VERSION_LESS_1_1 || defined(OPENSSL_IS_BORINGSSL) + ERR_load_crypto_strings(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS /*options*/ ,NULL /* OpenSSL init settings*/ ); +#endif +#if !defined(OPENSSL_IS_BORINGSSL) OPENSSL_add_all_algorithms_noconf(); -#endif +#endif #if OPENSSL_VERSION_LESS_1_1 if (!CRYPTO_get_locking_callback()) { @@ -122,22 +122,22 @@ namespace Aws #endif } - static const char* OPENSSL_LOG_TAG = "OpenSSLCipher"; - + static const char* OPENSSL_LOG_TAG = "OpenSSLCipher"; + void SecureRandomBytes_OpenSSLImpl::GetBytes(unsigned char* buffer, size_t bufferSize) { - if (!bufferSize) - { - return; - } - - if (!buffer) - { - AWS_LOGSTREAM_FATAL(OPENSSL_LOG_TAG, "Secure Random Bytes generator can't generate: " << bufferSize << " bytes with nullptr buffer."); - assert(buffer); - return; - } - + if (!bufferSize) + { + return; + } + + if (!buffer) + { + AWS_LOGSTREAM_FATAL(OPENSSL_LOG_TAG, "Secure Random Bytes generator can't generate: " << bufferSize << " bytes with nullptr buffer."); + assert(buffer); + return; + } + int success = RAND_bytes(buffer, static_cast<int>(bufferSize)); if (success != 1) { @@ -145,22 +145,22 @@ namespace Aws } } - class OpensslCtxRAIIGuard + class OpensslCtxRAIIGuard { - public: - OpensslCtxRAIIGuard() + public: + OpensslCtxRAIIGuard() { m_ctx = EVP_MD_CTX_create(); assert(m_ctx != nullptr); } - ~OpensslCtxRAIIGuard() + ~OpensslCtxRAIIGuard() { EVP_MD_CTX_destroy(m_ctx); m_ctx = nullptr; } - EVP_MD_CTX* getResource() + EVP_MD_CTX* getResource() { return m_ctx; } @@ -172,9 +172,9 @@ namespace Aws { OpensslCtxRAIIGuard guard; auto ctx = guard.getResource(); -#if !defined(OPENSSL_IS_BORINGSSL) +#if !defined(OPENSSL_IS_BORINGSSL) EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -#endif +#endif EVP_DigestInit_ex(ctx, EVP_md5(), nullptr); EVP_DigestUpdate(ctx, str.c_str(), str.size()); @@ -188,9 +188,9 @@ namespace Aws { OpensslCtxRAIIGuard guard; auto ctx = guard.getResource(); -#if !defined(OPENSSL_IS_BORINGSSL) +#if !defined(OPENSSL_IS_BORINGSSL) EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -#endif +#endif EVP_DigestInit_ex(ctx, EVP_md5(), nullptr); auto currentPos = stream.tellg(); @@ -304,7 +304,7 @@ namespace Aws unsigned int length = SHA256_DIGEST_LENGTH; ByteBuffer digest(length); memset(digest.GetUnderlyingData(), 0, length); - + HMACRAIIGuard guard; HMAC_CTX* m_ctx = guard.getResource(); @@ -381,11 +381,11 @@ namespace Aws void OpenSSLCipher::Init() { - if (m_failure) - { - return; - } - + if (m_failure) + { + return; + } + if (!m_encryptor_ctx) { // EVP_CIPHER_CTX_init() will be called inside EVP_CIPHER_CTX_new(). @@ -406,7 +406,7 @@ namespace Aws { // _init is the same as _reset after openssl 1.1 EVP_CIPHER_CTX_init(m_decryptor_ctx); } - m_emptyPlaintext = false; + m_emptyPlaintext = false; } CryptoBuffer OpenSSLCipher::EncryptBuffer(const CryptoBuffer& unEncryptedData) @@ -440,7 +440,7 @@ namespace Aws { if (m_failure) { - AWS_LOGSTREAM_FATAL(OPENSSL_LOG_TAG, "Cipher not properly initialized for encryption finalization. Aborting"); + AWS_LOGSTREAM_FATAL(OPENSSL_LOG_TAG, "Cipher not properly initialized for encryption finalization. Aborting"); return CryptoBuffer(); } @@ -475,10 +475,10 @@ namespace Aws return CryptoBuffer(); } - if (lengthWritten == 0) - { - m_emptyPlaintext = true; - } + if (lengthWritten == 0) + { + m_emptyPlaintext = true; + } if (static_cast<size_t>(lengthWritten) < decryptedText.GetLength()) { return CryptoBuffer(decryptedText.GetUnderlyingData(), static_cast<size_t>(lengthWritten)); @@ -490,18 +490,18 @@ namespace Aws { if (m_failure) { - AWS_LOGSTREAM_FATAL(OPENSSL_LOG_TAG, "Cipher not properly initialized for decryption finalization. Aborting"); + AWS_LOGSTREAM_FATAL(OPENSSL_LOG_TAG, "Cipher not properly initialized for decryption finalization. Aborting"); return CryptoBuffer(); } CryptoBuffer finalBlock(GetBlockSizeBytes()); int writtenSize = static_cast<int>(finalBlock.GetLength()); - int ret = EVP_DecryptFinal_ex(m_decryptor_ctx, finalBlock.GetUnderlyingData(), &writtenSize); -#if OPENSSL_VERSION_NUMBER > 0x1010104fL //1.1.1d - if (ret <= 0) -#else - if (ret <= 0 && !m_emptyPlaintext) // see details why making exception for empty string at: https://github.com/aws/aws-sdk-cpp/issues/1413 -#endif + int ret = EVP_DecryptFinal_ex(m_decryptor_ctx, finalBlock.GetUnderlyingData(), &writtenSize); +#if OPENSSL_VERSION_NUMBER > 0x1010104fL //1.1.1d + if (ret <= 0) +#else + if (ret <= 0 && !m_emptyPlaintext) // see details why making exception for empty string at: https://github.com/aws/aws-sdk-cpp/issues/1413 +#endif { m_failure = true; LogErrors(); @@ -519,18 +519,18 @@ namespace Aws void OpenSSLCipher::Cleanup() { m_failure = false; - if (m_encryptor_ctx) EVP_CIPHER_CTX_cleanup(m_encryptor_ctx); - if (m_decryptor_ctx) EVP_CIPHER_CTX_cleanup(m_decryptor_ctx); - } + if (m_encryptor_ctx) EVP_CIPHER_CTX_cleanup(m_encryptor_ctx); + if (m_decryptor_ctx) EVP_CIPHER_CTX_cleanup(m_decryptor_ctx); + } - bool OpenSSLCipher::CheckKeyAndIVLength(size_t expectedKeyLength, size_t expectedIVLength) - { - if (!m_failure && ((m_key.GetLength() != expectedKeyLength) || m_initializationVector.GetLength() != expectedIVLength)) - { - AWS_LOGSTREAM_ERROR(OPENSSL_LOG_TAG, "Expected Key size is: " << expectedKeyLength << " and expected IV size is: " << expectedIVLength); - m_failure = true; - } - return !m_failure; + bool OpenSSLCipher::CheckKeyAndIVLength(size_t expectedKeyLength, size_t expectedIVLength) + { + if (!m_failure && ((m_key.GetLength() != expectedKeyLength) || m_initializationVector.GetLength() != expectedIVLength)) + { + AWS_LOGSTREAM_ERROR(OPENSSL_LOG_TAG, "Expected Key size is: " << expectedKeyLength << " and expected IV size is: " << expectedIVLength); + m_failure = true; + } + return !m_failure; } size_t AES_CBC_Cipher_OpenSSL::BlockSizeBytes = 16; @@ -557,11 +557,11 @@ namespace Aws void AES_CBC_Cipher_OpenSSL::InitCipher() { - if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, BlockSizeBytes)) - { - return; - } - + if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, BlockSizeBytes)) + { + return; + } + if (!EVP_EncryptInit_ex(m_encryptor_ctx, EVP_aes_256_cbc(), nullptr, m_key.GetUnderlyingData(), m_initializationVector.GetUnderlyingData()) || !EVP_DecryptInit_ex(m_decryptor_ctx, EVP_aes_256_cbc(), nullptr, m_key.GetUnderlyingData(), @@ -582,12 +582,12 @@ namespace Aws return KeyLengthBits; } - void AES_CBC_Cipher_OpenSSL::Reset() - { - OpenSSLCipher::Reset(); - InitCipher(); - } - + void AES_CBC_Cipher_OpenSSL::Reset() + { + OpenSSLCipher::Reset(); + InitCipher(); + } + size_t AES_CTR_Cipher_OpenSSL::BlockSizeBytes = 16; size_t AES_CTR_Cipher_OpenSSL::KeyLengthBits = 256; static const char* CTR_LOG_TAG = "AES_CTR_Cipher_OpenSSL"; @@ -613,11 +613,11 @@ namespace Aws void AES_CTR_Cipher_OpenSSL::InitCipher() { - if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, BlockSizeBytes)) - { - return; - } - + if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, BlockSizeBytes)) + { + return; + } + if (!(EVP_EncryptInit_ex(m_encryptor_ctx, EVP_aes_256_ctr(), nullptr, m_key.GetUnderlyingData(), m_initializationVector.GetUnderlyingData()) && EVP_CIPHER_CTX_set_padding(m_encryptor_ctx, 0)) || @@ -640,12 +640,12 @@ namespace Aws return KeyLengthBits; } - void AES_CTR_Cipher_OpenSSL::Reset() - { - OpenSSLCipher::Reset(); - InitCipher(); - } - + void AES_CTR_Cipher_OpenSSL::Reset() + { + OpenSSLCipher::Reset(); + InitCipher(); + } + size_t AES_GCM_Cipher_OpenSSL::BlockSizeBytes = 16; size_t AES_GCM_Cipher_OpenSSL::KeyLengthBits = 256; size_t AES_GCM_Cipher_OpenSSL::IVLengthBytes = 12; @@ -653,62 +653,62 @@ namespace Aws static const char* GCM_LOG_TAG = "AES_GCM_Cipher_OpenSSL"; - AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(const CryptoBuffer& key) - : OpenSSLCipher(key, IVLengthBytes) + AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(const CryptoBuffer& key) + : OpenSSLCipher(key, IVLengthBytes) + { + InitCipher(); + } + + AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(const CryptoBuffer& key, const CryptoBuffer* aad) + : OpenSSLCipher(key, IVLengthBytes), m_aad(*aad) { InitCipher(); } - AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(const CryptoBuffer& key, const CryptoBuffer* aad) - : OpenSSLCipher(key, IVLengthBytes), m_aad(*aad) - { - InitCipher(); - } - AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(CryptoBuffer&& key, CryptoBuffer&& initializationVector, - CryptoBuffer&& tag, CryptoBuffer&& aad) : - OpenSSLCipher(std::move(key), std::move(initializationVector), std::move(tag)), m_aad(std::move(aad)) + CryptoBuffer&& tag, CryptoBuffer&& aad) : + OpenSSLCipher(std::move(key), std::move(initializationVector), std::move(tag)), m_aad(std::move(aad)) { InitCipher(); } - AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(const CryptoBuffer& key, const CryptoBuffer& initializationVector, - const CryptoBuffer& tag, const CryptoBuffer& aad) : - OpenSSLCipher(key, initializationVector, tag), m_aad(std::move(aad)) + AES_GCM_Cipher_OpenSSL::AES_GCM_Cipher_OpenSSL(const CryptoBuffer& key, const CryptoBuffer& initializationVector, + const CryptoBuffer& tag, const CryptoBuffer& aad) : + OpenSSLCipher(key, initializationVector, tag), m_aad(std::move(aad)) { InitCipher(); } CryptoBuffer AES_GCM_Cipher_OpenSSL::FinalizeEncryption() { - if (m_failure) - { - AWS_LOGSTREAM_FATAL(GCM_LOG_TAG, "Cipher not properly initialized for encryption finalization. Aborting"); - return CryptoBuffer(); - } - - int writtenSize = 0; - CryptoBuffer finalBlock(GetBlockSizeBytes()); - EVP_EncryptFinal_ex(m_encryptor_ctx, finalBlock.GetUnderlyingData(), &writtenSize); - + if (m_failure) + { + AWS_LOGSTREAM_FATAL(GCM_LOG_TAG, "Cipher not properly initialized for encryption finalization. Aborting"); + return CryptoBuffer(); + } + + int writtenSize = 0; + CryptoBuffer finalBlock(GetBlockSizeBytes()); + EVP_EncryptFinal_ex(m_encryptor_ctx, finalBlock.GetUnderlyingData(), &writtenSize); + m_tag = CryptoBuffer(TagLengthBytes); - if (!EVP_CIPHER_CTX_ctrl(m_encryptor_ctx, EVP_CTRL_GCM_GET_TAG, static_cast<int>(m_tag.GetLength()), + if (!EVP_CIPHER_CTX_ctrl(m_encryptor_ctx, EVP_CTRL_GCM_GET_TAG, static_cast<int>(m_tag.GetLength()), m_tag.GetUnderlyingData())) { m_failure = true; LogErrors(GCM_LOG_TAG); } - return CryptoBuffer(); + return CryptoBuffer(); } void AES_GCM_Cipher_OpenSSL::InitCipher() { - if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, IVLengthBytes)) - { - return; - } - + if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, IVLengthBytes)) + { + return; + } + if (!(EVP_EncryptInit_ex(m_encryptor_ctx, EVP_aes_256_gcm(), nullptr, nullptr, nullptr) && EVP_EncryptInit_ex(m_encryptor_ctx, nullptr, nullptr, m_key.GetUnderlyingData(), m_initializationVector.GetUnderlyingData()) && @@ -723,29 +723,29 @@ namespace Aws return; } - if (m_aad.GetLength() > 0) - { - int outLen = 0; - if(!EVP_EncryptUpdate(m_encryptor_ctx, nullptr, &outLen, m_aad.GetUnderlyingData(), m_aad.GetLength()) - || !EVP_DecryptUpdate(m_decryptor_ctx, nullptr, &outLen, m_aad.GetUnderlyingData(), m_aad.GetLength())) - { - m_failure = true; - LogErrors(GCM_LOG_TAG); - return; - } - } - + if (m_aad.GetLength() > 0) + { + int outLen = 0; + if(!EVP_EncryptUpdate(m_encryptor_ctx, nullptr, &outLen, m_aad.GetUnderlyingData(), m_aad.GetLength()) + || !EVP_DecryptUpdate(m_decryptor_ctx, nullptr, &outLen, m_aad.GetUnderlyingData(), m_aad.GetLength())) + { + m_failure = true; + LogErrors(GCM_LOG_TAG); + return; + } + } + //tag should always be set in GCM decrypt mode if (m_tag.GetLength() > 0) { if (m_tag.GetLength() < TagLengthBytes) { - AWS_LOGSTREAM_ERROR(GCM_LOG_TAG, "Illegal attempt to decrypt an AES GCM payload without a valid tag set: tag length=" << m_tag.GetLength()); + AWS_LOGSTREAM_ERROR(GCM_LOG_TAG, "Illegal attempt to decrypt an AES GCM payload without a valid tag set: tag length=" << m_tag.GetLength()); m_failure = true; return; } - if (!EVP_CIPHER_CTX_ctrl(m_decryptor_ctx, EVP_CTRL_GCM_SET_TAG, static_cast<int>(m_tag.GetLength()), m_tag.GetUnderlyingData())) + if (!EVP_CIPHER_CTX_ctrl(m_decryptor_ctx, EVP_CTRL_GCM_SET_TAG, static_cast<int>(m_tag.GetLength()), m_tag.GetUnderlyingData())) { m_failure = true; LogErrors(GCM_LOG_TAG); @@ -768,12 +768,12 @@ namespace Aws return TagLengthBytes; } - void AES_GCM_Cipher_OpenSSL::Reset() - { - OpenSSLCipher::Reset(); - InitCipher(); - } - + void AES_GCM_Cipher_OpenSSL::Reset() + { + OpenSSLCipher::Reset(); + InitCipher(); + } + size_t AES_KeyWrap_Cipher_OpenSSL::KeyLengthBits = 256; size_t AES_KeyWrap_Cipher_OpenSSL::BlockSizeBytes = 8; static const unsigned char INTEGRITY_VALUE = 0xA6; @@ -788,10 +788,10 @@ namespace Aws CryptoBuffer AES_KeyWrap_Cipher_OpenSSL::EncryptBuffer(const CryptoBuffer& plainText) { - if (!m_failure) - { - m_workingKeyBuffer = CryptoBuffer({&m_workingKeyBuffer, (CryptoBuffer*) &plainText}); - } + if (!m_failure) + { + m_workingKeyBuffer = CryptoBuffer({&m_workingKeyBuffer, (CryptoBuffer*) &plainText}); + } return CryptoBuffer(); } @@ -811,7 +811,7 @@ namespace Aws } //the following is an in place implementation of - //RFC 3394 using the alternate in-place implementation. + //RFC 3394 using the alternate in-place implementation. //we use one in-place buffer instead of the copy at the end. //the one letter variable names are meant to directly reflect the variables in the RFC CryptoBuffer cipherText(m_workingKeyBuffer.GetLength() + BlockSizeBytes); @@ -869,10 +869,10 @@ namespace Aws CryptoBuffer AES_KeyWrap_Cipher_OpenSSL::DecryptBuffer(const CryptoBuffer& cipherText) { - if (!m_failure) - { - m_workingKeyBuffer = CryptoBuffer({&m_workingKeyBuffer, (CryptoBuffer*)&cipherText}); - } + if (!m_failure) + { + m_workingKeyBuffer = CryptoBuffer({&m_workingKeyBuffer, (CryptoBuffer*)&cipherText}); + } return CryptoBuffer(); } @@ -961,11 +961,11 @@ namespace Aws void AES_KeyWrap_Cipher_OpenSSL::InitCipher() { - if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, 0)) - { - return; - } - + if (m_failure || !CheckKeyAndIVLength(KeyLengthBits/8, 0)) + { + return; + } + if (!(EVP_EncryptInit_ex(m_encryptor_ctx, EVP_aes_256_ecb(), nullptr, m_key.GetUnderlyingData(), nullptr) && EVP_CIPHER_CTX_set_padding(m_encryptor_ctx, 0)) || !(EVP_DecryptInit_ex(m_decryptor_ctx, EVP_aes_256_ecb(), nullptr, m_key.GetUnderlyingData(), nullptr) && @@ -975,13 +975,13 @@ namespace Aws LogErrors(KEY_WRAP_TAG); } } - - void AES_KeyWrap_Cipher_OpenSSL::Reset() - { - m_workingKeyBuffer = CryptoBuffer(); - OpenSSLCipher::Reset(); - InitCipher(); - } + + void AES_KeyWrap_Cipher_OpenSSL::Reset() + { + m_workingKeyBuffer = CryptoBuffer(); + OpenSSLCipher::Reset(); + InitCipher(); + } } } } |