diff options
| author | heretic <heretic@yandex-team.ru> | 2022-02-10 16:45:46 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:45:46 +0300 |
| commit | 81eddc8c0b55990194e112b02d127b87d54164a9 (patch) | |
| tree | 9142afc54d335ea52910662635b898e79e192e49 /contrib/libs/openssl/crypto/rand/drbg_ctr.c | |
| parent | 397cbe258b9e064f49c4ca575279f02f39fef76e (diff) | |
| download | ydb-81eddc8c0b55990194e112b02d127b87d54164a9.tar.gz | |
Restoring authorship annotation for <heretic@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'contrib/libs/openssl/crypto/rand/drbg_ctr.c')
| -rw-r--r-- | contrib/libs/openssl/crypto/rand/drbg_ctr.c | 258 |
1 files changed, 129 insertions, 129 deletions
diff --git a/contrib/libs/openssl/crypto/rand/drbg_ctr.c b/contrib/libs/openssl/crypto/rand/drbg_ctr.c index 39a3a08345..c8b3bd79bb 100644 --- a/contrib/libs/openssl/crypto/rand/drbg_ctr.c +++ b/contrib/libs/openssl/crypto/rand/drbg_ctr.c @@ -15,7 +15,7 @@ #include "modes_local.h" #include "internal/thread_once.h" #include "rand_local.h" -#include "sanitizers.h" +#include "sanitizers.h" /* * Implementation of NIST SP 800-90A CTR DRBG. @@ -64,15 +64,15 @@ static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 */ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, - const unsigned char *in, int len) + const unsigned char *in, int len) { int i, outlen = AES_BLOCK_SIZE; - for (i = 0; i < len; i++) + for (i = 0; i < len; i++) out[i] ^= in[i]; - if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len) - || outlen != len) + if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len) + || outlen != len) return 0; return 1; } @@ -83,16 +83,16 @@ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, */ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) { - unsigned char in_tmp[48]; - unsigned char num_of_blk = 2; - - memcpy(in_tmp, in, 16); - memcpy(in_tmp + 16, in, 16); - if (ctr->keylen != 16) { - memcpy(in_tmp + 32, in, 16); - num_of_blk = 3; - } - return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk); + unsigned char in_tmp[48]; + unsigned char num_of_blk = 2; + + memcpy(in_tmp, in, 16); + memcpy(in_tmp + 16, in, 16); + if (ctr->keylen != 16) { + memcpy(in_tmp + 32, in, 16); + num_of_blk = 3; + } + return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk); } /* @@ -101,14 +101,14 @@ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) */ __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) { - unsigned char bltmp[48] = {0}; - unsigned char num_of_blk; - + unsigned char bltmp[48] = {0}; + unsigned char num_of_blk; + memset(ctr->KX, 0, 48); - num_of_blk = ctr->keylen == 16 ? 2 : 3; - bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1; - bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2; - return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE); + num_of_blk = ctr->keylen == 16 ? 2 : 3; + bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1; + bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2; + return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE); } /* @@ -197,20 +197,20 @@ __owur static int ctr_df(RAND_DRBG_CTR *ctr, || !ctr_BCC_final(ctr)) return 0; /* Set up key K */ - if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1)) return 0; /* X follows key K */ - if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; - if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (ctr->keylen != 16) - if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, - ctr->KX + 16, AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, + ctr->KX + 16, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; return 1; @@ -229,25 +229,25 @@ __owur static int ctr_update(RAND_DRBG *drbg, { RAND_DRBG_CTR *ctr = &drbg->data.ctr; int outlen = AES_BLOCK_SIZE; - unsigned char V_tmp[48], out[48]; - unsigned char len; + unsigned char V_tmp[48], out[48]; + unsigned char len; /* correct key is already set up. */ - memcpy(V_tmp, ctr->V, 16); + memcpy(V_tmp, ctr->V, 16); inc_128(ctr); - memcpy(V_tmp + 16, ctr->V, 16); - if (ctr->keylen == 16) { - len = 32; - } else { + memcpy(V_tmp + 16, ctr->V, 16); + if (ctr->keylen == 16) { + len = 32; + } else { inc_128(ctr); - memcpy(V_tmp + 32, ctr->V, 16); - len = 48; + memcpy(V_tmp + 32, ctr->V, 16); + len = 48; } - if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) - || outlen != len) + if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) + || outlen != len) return 0; - memcpy(ctr->K, out, ctr->keylen); - memcpy(ctr->V, out + ctr->keylen, 16); + memcpy(ctr->K, out, ctr->keylen); + memcpy(ctr->V, out + ctr->keylen, 16); if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { /* If no input reuse existing derived value */ @@ -262,8 +262,8 @@ __owur static int ctr_update(RAND_DRBG *drbg, ctr_XOR(ctr, in2, in2len); } - if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1) - || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1)) return 0; return 1; } @@ -280,10 +280,10 @@ __owur static int drbg_ctr_instantiate(RAND_DRBG *drbg, memset(ctr->K, 0, sizeof(ctr->K)); memset(ctr->V, 0, sizeof(ctr->V)); - if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)) return 0; - - inc_128(ctr); + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) return 0; return 1; @@ -293,40 +293,40 @@ __owur static int drbg_ctr_reseed(RAND_DRBG *drbg, const unsigned char *entropy, size_t entropylen, const unsigned char *adin, size_t adinlen) { - RAND_DRBG_CTR *ctr = &drbg->data.ctr; - + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + if (entropy == NULL) return 0; - - inc_128(ctr); + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) return 0; return 1; } -static void ctr96_inc(unsigned char *counter) -{ - u32 n = 12, c = 1; - - do { - --n; - c += counter[n]; - counter[n] = (u8)c; - c >>= 8; - } while (n); -} - +static void ctr96_inc(unsigned char *counter) +{ + u32 n = 12, c = 1; + + do { + --n; + c += counter[n]; + counter[n] = (u8)c; + c >>= 8; + } while (n); +} + __owur static int drbg_ctr_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, const unsigned char *adin, size_t adinlen) { RAND_DRBG_CTR *ctr = &drbg->data.ctr; - unsigned int ctr32, blocks; - int outl, buflen; + unsigned int ctr32, blocks; + int outl, buflen; if (adin != NULL && adinlen != 0) { - inc_128(ctr); - + inc_128(ctr); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; /* This means we reuse derived value */ @@ -338,54 +338,54 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, adinlen = 0; } - inc_128(ctr); + inc_128(ctr); - if (outlen == 0) { + if (outlen == 0) { inc_128(ctr); - - if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) + + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; - return 1; + return 1; } - memset(out, 0, outlen); - __msan_unpoison(ctr->V, 16 * sizeof(char)); - - do { - if (!EVP_CipherInit_ex(ctr->ctx_ctr, - NULL, NULL, NULL, ctr->V, -1)) - return 0; - - /*- - * outlen has type size_t while EVP_CipherUpdate takes an - * int argument and thus cannot be guaranteed to process more - * than 2^31-1 bytes at a time. We process such huge generate - * requests in 2^30 byte chunks, which is the greatest multiple - * of AES block size lower than or equal to 2^31-1. - */ - buflen = outlen > (1U << 30) ? (1U << 30) : outlen; - blocks = (buflen + 15) / 16; - - ctr32 = GETU32(ctr->V + 12) + blocks; - if (ctr32 < blocks) { - /* 32-bit counter overflow into V. */ - if (ctr32 != 0) { - blocks -= ctr32; - buflen = blocks * 16; - ctr32 = 0; - } - ctr96_inc(ctr->V); - } - PUTU32(ctr->V + 12, ctr32); - - if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen) - || outl != buflen) - return 0; - - out += buflen; - outlen -= buflen; - } while (outlen); - + memset(out, 0, outlen); + __msan_unpoison(ctr->V, 16 * sizeof(char)); + + do { + if (!EVP_CipherInit_ex(ctr->ctx_ctr, + NULL, NULL, NULL, ctr->V, -1)) + return 0; + + /*- + * outlen has type size_t while EVP_CipherUpdate takes an + * int argument and thus cannot be guaranteed to process more + * than 2^31-1 bytes at a time. We process such huge generate + * requests in 2^30 byte chunks, which is the greatest multiple + * of AES block size lower than or equal to 2^31-1. + */ + buflen = outlen > (1U << 30) ? (1U << 30) : outlen; + blocks = (buflen + 15) / 16; + + ctr32 = GETU32(ctr->V + 12) + blocks; + if (ctr32 < blocks) { + /* 32-bit counter overflow into V. */ + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } + ctr96_inc(ctr->V); + } + PUTU32(ctr->V + 12, ctr32); + + if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen) + || outl != buflen) + return 0; + + out += buflen; + outlen -= buflen; + } while (outlen); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; return 1; @@ -393,8 +393,8 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) { - EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb); - EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); return 1; @@ -418,36 +418,36 @@ int drbg_ctr_init(RAND_DRBG *drbg) return 0; case NID_aes_128_ctr: keylen = 16; - ctr->cipher_ecb = EVP_aes_128_ecb(); - ctr->cipher_ctr = EVP_aes_128_ctr(); + ctr->cipher_ecb = EVP_aes_128_ecb(); + ctr->cipher_ctr = EVP_aes_128_ctr(); break; case NID_aes_192_ctr: keylen = 24; - ctr->cipher_ecb = EVP_aes_192_ecb(); - ctr->cipher_ctr = EVP_aes_192_ctr(); + ctr->cipher_ecb = EVP_aes_192_ecb(); + ctr->cipher_ctr = EVP_aes_192_ctr(); break; case NID_aes_256_ctr: keylen = 32; - ctr->cipher_ecb = EVP_aes_256_ecb(); - ctr->cipher_ctr = EVP_aes_256_ctr(); + ctr->cipher_ecb = EVP_aes_256_ecb(); + ctr->cipher_ctr = EVP_aes_256_ctr(); break; } drbg->meth = &drbg_ctr_meth; ctr->keylen = keylen; - if (ctr->ctx_ecb == NULL) - ctr->ctx_ecb = EVP_CIPHER_CTX_new(); - if (ctr->ctx_ctr == NULL) - ctr->ctx_ctr = EVP_CIPHER_CTX_new(); - if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL - || !EVP_CipherInit_ex(ctr->ctx_ecb, - ctr->cipher_ecb, NULL, NULL, NULL, 1) - || !EVP_CipherInit_ex(ctr->ctx_ctr, - ctr->cipher_ctr, NULL, NULL, NULL, 1)) + if (ctr->ctx_ecb == NULL) + ctr->ctx_ecb = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ctr == NULL) + ctr->ctx_ctr = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL + || !EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) return 0; - - drbg->meth = &drbg_ctr_meth; + + drbg->meth = &drbg_ctr_meth; drbg->strength = keylen * 8; drbg->seedlen = keylen + 16; @@ -465,8 +465,8 @@ int drbg_ctr_init(RAND_DRBG *drbg) if (ctr->ctx_df == NULL) return 0; /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, - ctr->cipher_ecb, NULL, df_key, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) return 0; drbg->min_entropylen = ctr->keylen; |