#include "eap_fast_crypto.h"
+# define DEBUG if (fr_debug_lvl && fr_log_fp) fr_printf_log
+
static void debug_errors(void)
{
unsigned long errCode;
- while((errCode = ERR_get_error()))
- {
+ while((errCode = ERR_get_error())) {
char *err = ERR_error_string(errCode, NULL);
DEBUG("EAP-FAST error in OpenSSL - %s", err);
}
};
/* Initialise the encryption operation. */
- if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- {
+ if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
debug_errors();
return -1;
};
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
- {
+ if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
debug_errors();
return -1;
};
/* Provide any AAD data. This can be called zero or more times as
* required
*/
- if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len))
- {
+ if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) {
debug_errors();
return -1;
};
/* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
- if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
- {
+ if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
debug_errors();
return -1;
};
ciphertext_len += len;
/* Get the tag */
- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
- {
+ if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
debug_errors();
return -1;
};
};
/* Initialise the decryption operation. */
- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- {
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
debug_errors();
return -1;
};
/* Set IV length. Not necessary if this is 12 bytes (96 bits) */
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
- {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
debug_errors();
return -1;
};
/* Provide any AAD data. This can be called zero or more times as
* required
*/
- if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len))
- {
+ if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) {
debug_errors();
return -1;
};
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
- {
+ if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
debug_errors();
return -1;
};
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
- if (ret > 0)
- {
- /* Success */
- plaintext_len += len;
- return plaintext_len;
- }
- else
- {
- /* Verify failed */
- return -1;
- }
+ if (ret < 0) return -1;
+
+ /* Success */
+ plaintext_len += len;
+ return plaintext_len;
}
projects / thirdparty / freeradius-server.git / commitdiff
