[BACK]Return to cipher.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/cipher.c between version 1.92 and 1.93

version 1.92, 2013/12/02 03:13:14 version 1.93, 2013/12/06 13:34:54
Line 324 
Line 324 
  * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.   * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
  * This tag is written on encryption and verified on decryption.   * This tag is written on encryption and verified on decryption.
  * Both 'aadlen' and 'authlen' can be set to 0.   * Both 'aadlen' and 'authlen' can be set to 0.
    * cipher_crypt() returns 0 on success and -1 if the decryption integrity
    * check fails.
  */   */
 void  int
 cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,  cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,
     u_int len, u_int aadlen, u_int authlen)      u_int len, u_int aadlen, u_int authlen)
 {  {
         if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {          if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
                 if (chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen,                  return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,
                     authlen, cc->encrypt) != 0)                      aadlen, authlen, cc->encrypt);
                         fatal("Decryption integrity check failed");  
                 return;  
         }  
         if (authlen) {          if (authlen) {
                 u_char lastiv[1];                  u_char lastiv[1];
   
Line 367 
Line 366 
                         if (cc->encrypt)                          if (cc->encrypt)
                                 fatal("%s: EVP_Cipher(final) failed", __func__);                                  fatal("%s: EVP_Cipher(final) failed", __func__);
                         else                          else
                                 fatal("Decryption integrity check failed");                                  return -1;
                 }                  }
                 if (cc->encrypt &&                  if (cc->encrypt &&
                     !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,                      !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
                     authlen, dest + aadlen + len))                      authlen, dest + aadlen + len))
                         fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);                          fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
         }          }
           return 0;
 }  }
   
 /* Extract the packet length, including any decryption necessary beforehand */  /* Extract the packet length, including any decryption necessary beforehand */
Legend:
Removed from v.1.92  
changed lines
  Added in v.1.93