#include "eap_fast_crypto.h"
-// http://stackoverflow.com/a/29838852
-static void NEVER_RETURNS handleErrors(void)
+static void debug_errors(void)
{
unsigned long errCode;
- fprintf(stderr, "An error occurred\n");
while((errCode = ERR_get_error()))
{
char *err = ERR_error_string(errCode, NULL);
- fprintf(stderr, "%s\n", err);
+ DEBUG("EAP-FAST error in OpenSSL - %s", err);
}
- abort();
}
// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
/* Create and initialise the context */
- if (!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
+ if (!(ctx = EVP_CIPHER_CTX_new())) {
+ debug_errors();
+ return -1;
+ };
/* Initialise the encryption operation. */
if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Initialise key and IV */
- if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors();
+ if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
+ debug_errors();
+ return -1;
+ };
/* Provide any AAD data. This can be called zero or more times as
* required
*/
if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
ciphertext_len = len;
/* Finalise the encryption. Normally ciphertext bytes may be written at
* this stage, but this does not occur in GCM mode
*/
- if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
+ if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
+ debug_errors();
+ return -1;
+ };
ciphertext_len += len;
/* Get the tag */
if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
int ret;
/* Create and initialise the context */
- if (!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
+ if (!(ctx = EVP_CIPHER_CTX_new())) {
+ debug_errors();
+ return -1;
+ };
/* Initialise the decryption operation. */
if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Set IV length. Not necessary if this is 12 bytes (96 bits) */
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Initialise key and IV */
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors();
+ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
+ debug_errors();
+ return -1;
+ };
/* Provide any AAD data. This can be called zero or more times as
* required
*/
if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
- handleErrors();
+ {
+ debug_errors();
+ return -1;
+ };
plaintext_len = len;
{
memcpy(&tmp, &tag, sizeof(tmp));
/* Set expected tag value. Works in OpenSSL 1.0.1d and later */
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tmp)) handleErrors();
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tmp)) {
+ debug_errors();
+ return -1;
+ };
}
/* Finalise the decryption. A positive return value indicates success,
projects / thirdparty / freeradius-server.git / commitdiff
