shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

reformat libcrypto.c

Browse Source 
Signed-off-by: Shreyas Mahajan <shreyasmahajan05@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Shreyas Mahajan
2026-01-21 16:54:44 +05:30
committed by Jakub Jelen
parent f47d1c797a
commit 6c5459e7fc
1 changed files with 226 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
src/libcrypto.c
View File

@@ -572,8 +572,7 @@ static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
}
}
static int
evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
static int evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
void *in,
uint8_t *out,
size_t len,
@@ -588,8 +587,7 @@ evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
return SSH_OK;
}
static void
evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
static void evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
void *in,
void *out,
size_t len,
@@ -608,10 +606,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
authlen = cipher->tag_size;
/* increment IV */
rc = EVP_CIPHER_CTX_ctrl(cipher->ctx,
EVP_CTRL_GCM_IV_GEN,
1,
lastiv);
rc = EVP_CIPHER_CTX_ctrl(cipher->ctx, EVP_CTRL_GCM_IV_GEN, 1, lastiv);
if (rc == 0) {
SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
return;
@@ -643,9 +638,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
}
/* compute tag */
rc = EVP_EncryptFinal(cipher->ctx,
NULL,
&tmplen);
rc = EVP_EncryptFinal(cipher->ctx, NULL, &tmplen);
if (rc < 0) {
SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal failed: Failed to create a tag");
return;
@@ -661,8 +654,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
}
}
static int
evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
static int evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
void *complete_packet,
uint8_t *out,
size_t encrypted_size,
@@ -679,10 +671,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
authlen = cipher->tag_size;
/* increment IV */
rc = EVP_CIPHER_CTX_ctrl(cipher->ctx,
EVP_CTRL_GCM_IV_GEN,
1,
lastiv);
rc = EVP_CIPHER_CTX_ctrl(cipher->ctx, EVP_CTRL_GCM_IV_GEN, 1, lastiv);
if (rc == 0) {
SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
return SSH_ERROR;
@@ -692,7 +681,8 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
rc = EVP_CIPHER_CTX_ctrl(cipher->ctx,
EVP_CTRL_GCM_SET_TAG,
(int)authlen,
(unsigned char *)complete_packet + aadlen + encrypted_size);
(unsigned char *)complete_packet + aadlen +
encrypted_size);
if (rc == 0) {
SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_TAG failed");
return SSH_ERROR;
@@ -731,11 +721,10 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
}
/* verify tag */
rc = EVP_DecryptFinal(cipher->ctx,
NULL,
&outlen);
rc = EVP_DecryptFinal(cipher->ctx, NULL, &outlen);
if (rc < 0) {
SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptFinal failed: Failed authentication");
SSH_LOG(SSH_LOG_TRACE,
"EVP_DecryptFinal failed: Failed authentication");
return SSH_ERROR;
}
@@ -762,8 +751,7 @@ struct chacha20_poly1305_keysched {
#endif /* OPENSSL_VERSION_NUMBER */
};
static void
chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
static void chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
{
struct chacha20_poly1305_keysched *ctx = NULL;
@@ -791,8 +779,7 @@ chacha20_poly1305_cleanup(struct ssh_cipher_struct *cipher)
SAFE_FREE(cipher->chacha20_schedule);
}
static int
chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
static int chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
void *key,
UNUSED_PARAM(void *IV))
{
@@ -873,8 +860,7 @@ out:
static const uint8_t zero_block[CHACHA20_BLOCKSIZE] = {0};
static int
chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
static int chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
uint64_t seq,
int do_encrypt)
{
@@ -906,8 +892,7 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
return SSH_OK;
}
static int
chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
static int chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
uint64_t seq,
int do_encrypt)
{
@@ -939,8 +924,10 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ctx->key == NULL) {
/* Poly1305 Initialization needs to know the actual key */
ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305, NULL,
poly_key, POLY1305_KEYLEN);
ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305,
NULL,
poly_key,
POLY1305_KEYLEN);
if (ctx->key == NULL) {
SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_new_mac_key failed");
goto out;
@@ -952,9 +939,12 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
}
} else {
/* Updating the key is easier but less obvious */
rv = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_SIGNCTX,
rv = EVP_PKEY_CTX_ctrl(ctx->pctx,
-1,
EVP_PKEY_OP_SIGNCTX,
EVP_PKEY_CTRL_SET_MAC_KEY,
POLY1305_KEYLEN, (void *)poly_key);
POLY1305_KEYLEN,
(void *)poly_key);
if (rv <= 0) {
SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_CTX_ctrl failed");
goto out;
@@ -1017,16 +1007,15 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
return SSH_OK;
}
static int
chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
void *complete_packet,
uint8_t *out,
size_t encrypted_size,
uint64_t seq)
{
struct chacha20_poly1305_keysched *ctx = cipher->chacha20_schedule;
uint8_t *mac = (uint8_t *)complete_packet + sizeof(uint32_t) +
encrypted_size;
uint8_t *mac =
(uint8_t *)complete_packet + sizeof(uint32_t) + encrypted_size;
uint8_t tag[POLY1305_TAGLEN] = {0};
int ret = SSH_ERROR;
int rv, cmp, len = 0;
@@ -1058,7 +1047,8 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
goto out;
}
#else
rv = EVP_MAC_update(ctx->mctx, complete_packet,
rv = EVP_MAC_update(ctx->mctx,
complete_packet,
encrypted_size + sizeof(uint32_t));
if (rv != 1) {
SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
@@ -1106,8 +1096,7 @@ out:
return ret;
}
static void
chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
void *in,
void *out,
size_t len,
@@ -1128,7 +1117,8 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
#ifdef DEBUG_CRYPTO
ssh_log_hexdump("plaintext length",
(unsigned char *)&in_packet->length, sizeof(uint32_t));
(unsigned char *)&in_packet->length,
sizeof(uint32_t));
#endif /* DEBUG_CRYPTO */
/* step 2, encrypt length field */
ret = EVP_CipherUpdate(ctx->header_evp,
@@ -1142,7 +1132,8 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
}
#ifdef DEBUG_CRYPTO
ssh_log_hexdump("encrypted length",
(unsigned char *)&out_packet->length, outlen);
(unsigned char *)&out_packet->length,
outlen);
#endif /* DEBUG_CRYPTO */
ret = EVP_CipherFinal_ex(ctx->header_evp, (uint8_t *)out + outlen, &outlen);
if (ret != 1 || outlen != 0) {
@@ -1175,7 +1166,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
return;
}
#else
ret = EVP_MAC_update(ctx->mctx, (void*)out_packet, len);
ret = EVP_MAC_update(ctx->mctx, (void *)out_packet, len);
if (ret != 1) {
SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
return;
@@ -1191,8 +1182,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
#endif /* HAVE_OPENSSL_EVP_CHACHA20 */
#ifdef WITH_INSECURE_NONE
static void
none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
static void none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
void *in,
void *out,
size_t len)
@@ -1215,7 +1205,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
#endif /* HAVE_BLOWFISH */
#ifdef HAS_AES
@@ -1228,7 +1218,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes192-ctr",
@@ -1239,7 +1229,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes256-ctr",
@@ -1250,7 +1240,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes128-cbc",
@@ -1261,7 +1251,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes192-cbc",
@@ -1272,7 +1262,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes256-cbc",
@@ -1283,7 +1273,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes128-gcm@openssh.com",
@@ -1297,7 +1287,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.aead_encrypt = evp_cipher_aead_encrypt,
.aead_decrypt_length = evp_cipher_aead_get_length,
.aead_decrypt = evp_cipher_aead_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
{
.name = "aes256-gcm@openssh.com",
@@ -1311,7 +1301,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.aead_encrypt = evp_cipher_aead_encrypt,
.aead_decrypt_length = evp_cipher_aead_get_length,
.aead_decrypt = evp_cipher_aead_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
#endif /* HAS_AES */
#ifdef HAS_DES
@@ -1324,14 +1314,14 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.set_decrypt_key = evp_cipher_set_decrypt_key,
.encrypt = evp_cipher_encrypt,
.decrypt = evp_cipher_decrypt,
.cleanup = evp_cipher_cleanup
.cleanup = evp_cipher_cleanup,
},
#endif /* HAS_DES */
{
#ifdef HAVE_OPENSSL_EVP_CHACHA20
.ciphertype = SSH_AEAD_CHACHA20_POLY1305,
.name = "chacha20-poly1305@openssh.com",
.blocksize = CHACHA20_BLOCKSIZE/8,
.blocksize = CHACHA20_BLOCKSIZE / 8,
.lenfield_blocksize = 4,
.keylen = sizeof(struct chacha20_poly1305_keysched),
.keysize = 2 * CHACHA20_KEYLEN * 8,
@@ -1356,8 +1346,8 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
},
#endif /* WITH_INSECURE_NONE */
{
.name = NULL
}
.name = NULL,
},
};
struct ssh_cipher_struct *ssh_get_ciphertab(void)
@@ -1378,19 +1368,19 @@ int ssh_crypto_init(void)
if (libcrypto_initialized) {
return SSH_OK;
}
if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER){
SSH_LOG(SSH_LOG_DEBUG, "libssh compiled with %s "
if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) {
SSH_LOG(SSH_LOG_DEBUG,
"libssh compiled with %s "
"headers, currently running with %s.",
OPENSSL_VERSION_TEXT,
OpenSSL_version(OpenSSL_version_num())
);
OpenSSL_version(OpenSSL_version_num()));
}
#ifdef CAN_DISABLE_AESNI
/*
* disable AES-NI when running within Valgrind, because they generate
* too many "uninitialized memory access" false positives
*/
if (RUNNING_ON_VALGRIND){
if (RUNNING_ON_VALGRIND) {
SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, disabling AES-NI");
/* Bit #57 denotes AES-NI instruction set extension */
OPENSSL_ia32cap &= ~(1LL << 57);
@@ -1453,7 +1443,8 @@ void ssh_crypto_finalize(void)
* @internal
* @brief Create EVP_PKEY from parameters
*
* @param[in] name Algorithm to use. For more info see manpage of EVP_PKEY_CTX_new_from_name
* @param[in] name Algorithm to use. For more info see manpage of
* EVP_PKEY_CTX_new_from_name
*
* @param[in] param_bld Constructed param builder for the pkey
*
@@ -1463,8 +1454,10 @@ void ssh_crypto_finalize(void)
*
* @return 0 on success, -1 on error
*/
int evp_build_pkey(const char* name, OSSL_PARAM_BLD *param_bld,
EVP_PKEY **pkey, int selection)
int evp_build_pkey(const char *name,
OSSL_PARAM_BLD *param_bld,
EVP_PKEY **pkey,
int selection)
{
int rc;
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, name, NULL);
@@ -1596,8 +1589,7 @@ int evp_dup_ed25519_pkey(const ssh_key key, ssh_key new_key, int demote)
#endif /* OPENSSL_VERSION_NUMBER */
ssh_string
pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p)
ssh_string pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p)
{
ssh_string s = NULL;
size_t len;