{
continue;
}
- crypter->decrypt(crypter,
- chunk_create(buffer, sizeof(buffer) / bs * bs),
- chunk_create(iv, crypter->get_iv_size(crypter)), NULL);
+ if (!crypter->decrypt(crypter,
+ chunk_create(buffer, sizeof(buffer) / bs * bs),
+ chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
+ {
+ continue;
+ }
if (limit && ++i == limit)
{
break;
private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
chunk_t *plain)
{
- this->crypter->decrypt(this->crypter, encrypted, iv, plain);
- return TRUE;
+ return this->crypter->decrypt(this->crypter, encrypted, iv, plain);
}
METHOD(aead_t, get_block_size, size_t,
eap_type_names, this->hdr->type);
return FALSE;
}
-
- crypter->decrypt(crypter, this->encr, this->iv, &plain);
+ if (!crypter->decrypt(crypter, this->encr, this->iv, &plain))
+ {
+ return FALSE;
+ }
this->encrypted = TRUE;
success = parse_attributes(this, plain);
DBG1(DBG_LIB, "MAC verification failed");
return FALSE;
}
- this->crypter->decrypt(this->crypter, encrypted, iv, plain);
- return TRUE;
+ return this->crypter->decrypt(this->crypter, encrypted, iv, plain);
}
METHOD(aead_t, get_block_size, size_t,
* @param data data to decrypt
* @param iv initializing vector
* @param encrypted chunk to allocate decrypted data, or NULL
+ * @return TRUE if decryption successful
*/
- void (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv,
+ __attribute__((warn_unused_result))
+ bool (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *decrypted);
/**
{
runs++;
}
- crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL);
- runs++;
+ if (crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL))
+ {
+ runs++;
+ }
}
free(buf.ptr);
crypter->destroy(crypter);
failed = TRUE;
}
/* inline decryption */
- crypter->decrypt(crypter, cipher, iv, NULL);
+ if (!crypter->decrypt(crypter, cipher, iv, NULL))
+ {
+ failed = TRUE;
+ }
if (!memeq(vector->plain, cipher.ptr, cipher.len))
{
failed = TRUE;
free(cipher.ptr);
/* allocated decryption */
cipher = chunk_create(vector->cipher, vector->len);
- crypter->decrypt(crypter, cipher, iv, &plain);
+ if (!crypter->decrypt(crypter, cipher, iv, &plain))
+ {
+ failed = TRUE;
+ }
if (!memeq(vector->plain, plain.ptr, plain.len))
{
failed = TRUE;
/* decrypt the content */
crypter->set_key(crypter, symmetric_key);
- crypter->decrypt(crypter, encrypted_content, iv, &this->data);
+ if (!crypter->decrypt(crypter, encrypted_content, iv, &this->data))
+ {
+ success = FALSE;
+ goto failed;
+ }
DBG4(DBG_LIB, "decrypted content with padding: %B", &this->data);
/* remove the padding */
state_out(out_blk, b0);
}
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
int pos;
out-=16;
pos-=16;
}
+ return TRUE;
}
METHOD(crypter_t, encrypt, bool,
return 0;
}
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_af_alg_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
if (dst)
{
this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, data.ptr);
}
+ return TRUE;
}
METHOD(crypter_t, encrypt, bool,
u_int32_t key_size;
};
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *decrypted)
{
BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 0);
free(iv.ptr);
+
+ return TRUE;
}
METHOD(crypter_t, encrypt, bool,
tin[0]=tin[1]=0;
}
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
memcpy(&ivb, iv.ptr, sizeof(des_cblock));
des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks, &ivb, DES_DECRYPT);
+ return TRUE;
}
return TRUE;
}
-METHOD(crypter_t, decrypt_ecb, void,
+METHOD(crypter_t, decrypt_ecb, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
u_int8_t *out;
}
des_ecb_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks, DES_DECRYPT);
+ return TRUE;
}
METHOD(crypter_t, encrypt_ecb, bool,
return TRUE;
}
-METHOD(crypter_t, decrypt3, void,
+METHOD(crypter_t, decrypt3, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks3[0], this->ks3[1], this->ks3[2],
&ivb, DES_DECRYPT);
+ return TRUE;
}
METHOD(crypter_t, encrypt3, bool,
return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
}
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- set_iv(this, iv);
-
- if (dst)
+ if (!set_iv(this, iv))
{
- *dst = chunk_alloc(data.len);
- gcry_cipher_decrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
+ return FALSE;
}
- else
+ if (dst)
{
- gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0);
+ *dst = chunk_alloc(data.len);
+ return gcry_cipher_decrypt(this->h, dst->ptr, dst->len,
+ data.ptr, data.len) == 0;
}
+ return gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0) == 0;
}
METHOD(crypter_t, encrypt, bool,
EVP_CIPHER_CTX_cleanup(&ctx);
}
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- crypt(this, data, iv, dst, 0);
+ return crypt(this, data, iv, dst, 0);
}
METHOD(crypter_t, encrypt, bool,
memwipe(key_aligned, sizeof(key_aligned));
}
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, TRUE);
+ return TRUE;
}
METHOD(crypter_t, encrypt, bool,
DBG1(DBG_ASN, " data size is not multiple of block size");
return PARSE_ERROR;
}
- crypter->decrypt(crypter, *blob, iv, &decrypted);
+ if (!crypter->decrypt(crypter, *blob, iv, &decrypted))
+ {
+ crypter->destroy(crypter);
+ return FAILED;
+ }
crypter->destroy(crypter);
memcpy(blob->ptr, decrypted.ptr, blob->len);
chunk_free(&decrypted);
}
crypter->set_key(crypter, key);
- crypter->decrypt(crypter, blob, iv, &decrypted);
+ if (!crypter->decrypt(crypter, blob, iv, &decrypted))
+ {
+ continue;
+ }
if (verify_padding(&decrypted))
{
private_key = parse_private_key(decrypted);
return NEED_MORE;
}
}
- this->crypter_in->decrypt(this->crypter_in, data, iv, NULL);
+ if (!this->crypter_in->decrypt(this->crypter_in, data, iv, NULL))
+ {
+ free(next_iv.ptr);
+ this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
+ return NEED_MORE;
+ }
if (next_iv.len)
{ /* next record IV is last ciphertext block of this record */
projects / thirdparty / strongswan.git / commitdiff
