+#ifdef _WIN32
+#include <winsock.h>
+#else
#include <arpa/inet.h>
+#endif
#include <string.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
+#include <openssl/buffer.h>
#include "gost_lcl.h"
#include "e_gost_err.h"
+int omac_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr);
/*
* Function expects that out is a preallocated buffer of length
* defined as sum of shared_len and mac length defined by mac_nid
goto err;
}
+ if (shared_len + mac_len > (unsigned int)(*out_len)) {
+ GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
/* we expect IV of half length */
memset(iv_full, 0, 16);
memcpy(iv_full, iv, ivlen);
}
if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0
- || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0
- || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0
+ || omac_imit_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0
+ || omac_imit_ctrl(mac, EVP_MD_CTRL_XOF_LEN, mac_len, NULL) <= 0
|| EVP_DigestUpdate(mac, iv, ivlen) <= 0
|| EVP_DigestUpdate(mac, shared_key, shared_len) <= 0
/* As we set MAC length directly, we should not allow overwriting it */
- || EVP_DigestFinal_ex(mac, mac_buf, NULL) <= 0) {
+ || EVP_DigestFinalXOF(mac, mac_buf, mac_len) <= 0) {
GOSTerr(GOST_F_GOST_KEXP15, ERR_R_INTERNAL_ERROR);
goto err;
}
/*
* Function expects that shared_key is a preallocated buffer
- * with length defined as expkeylen - mac_len defined by mac_nid
+ * with length defined as expkeylen + mac_len defined by mac_nid
* */
int gost_kimp15(const unsigned char *expkey, const size_t expkeylen,
int cipher_nid, const unsigned char *cipher_key,
goto err;
}
+ if (expkeylen > sizeof(out)) {
+ GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (ivlen > 16) {
+ GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
/* we expect IV of half length */
memset(iv_full, 0, 16);
memcpy(iv_full, iv, ivlen);
}
if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0
- || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0
- || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0
+ || omac_imit_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0
+ || omac_imit_ctrl(mac, EVP_MD_CTRL_XOF_LEN, mac_len, NULL) <= 0
|| EVP_DigestUpdate(mac, iv, ivlen) <= 0
|| EVP_DigestUpdate(mac, out, shared_len) <= 0
/* As we set MAC length directly, we should not allow overwriting it */
- || EVP_DigestFinal_ex(mac, mac_buf, NULL) <= 0) {
+ || EVP_DigestFinalXOF(mac, mac_buf, mac_len) <= 0) {
GOSTerr(GOST_F_GOST_KIMP15, ERR_R_INTERNAL_ERROR);
goto err;
}
int iters, i = 0;
unsigned char zero = 0;
unsigned char *ptr = keyout;
- HMAC_CTX *ctx = NULL;
+ HMAC_CTX *ctx;
unsigned char *len_ptr = NULL;
uint32_t len_repr = htonl(keyout_len * 8);
size_t len_repr_len = 4;
int gost_tlstree(int cipher_nid, const unsigned char *in, unsigned char *out,
const unsigned char *tlsseq)
{
-#ifndef L_ENDIAN
- uint64_t gh_c1 = 0xFFFFFFFF00000000, gh_c2 = 0xFFFFFFFFFFF80000,
- gh_c3 = 0xFFFFFFFFFFFFFFC0;
- uint64_t mg_c1 = 0xFFFFFFC000000000, mg_c2 = 0xFFFFFFFFFE000000,
- mg_c3 = 0xFFFFFFFFFFFFF000;
-#else
uint64_t gh_c1 = 0x00000000FFFFFFFF, gh_c2 = 0x0000F8FFFFFFFFFF,
gh_c3 = 0xC0FFFFFFFFFFFFFF;
uint64_t mg_c1 = 0x00000000C0FFFFFF, mg_c2 = 0x000000FEFFFFFFFF,
mg_c3 = 0x00F0FFFFFFFFFFFF;
-#endif
uint64_t c1, c2, c3;
uint64_t seed1, seed2, seed3;
uint64_t seq;
default:
return 0;
}
+#ifndef L_ENDIAN
+ BUF_reverse((unsigned char *)&seq, tlsseq, 8);
+#else
memcpy(&seq, tlsseq, 8);
+#endif
seed1 = seq & c1;
seed2 = seq & c2;
seed3 = seq & c3;
projects / openssl-gost / engine.git / blobdiff