Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/freebl/gcm.c

Issue 13327005: PK11_DecryptWithSymKey and PK11_EncryptWithSymKey have been (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/freebl/ecl/ecp_256_32.c ('k') | mozilla/security/nss/lib/pk11wrap/pk11obj.c » ('j') | mozilla/security/nss/lib/pk11wrap/pk11obj.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 #ifdef FREEBL_NO_DEPEND 5 #ifdef FREEBL_NO_DEPEND
6 #include "stubs.h" 6 #include "stubs.h"
7 #endif 7 #endif
8 #include "blapii.h" 8 #include "blapii.h"
9 #include "blapit.h" 9 #include "blapit.h"
10 #include "gcm.h" 10 #include "gcm.h"
(...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after
446 { 446 {
447 unsigned int blocks; 447 unsigned int blocks;
448 SECStatus rv; 448 SECStatus rv;
449 449
450 ghash->cLen += (len*PR_BITS_PER_BYTE); 450 ghash->cLen += (len*PR_BITS_PER_BYTE);
451 451
452 /* first deal with the current buffer of data. Try to fill it out so 452 /* first deal with the current buffer of data. Try to fill it out so
453 * we can hash it */ 453 * we can hash it */
454 if (ghash->bufLen) { 454 if (ghash->bufLen) {
455 unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen); 455 unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen);
456 » PORT_Memcpy(ghash->buffer+ghash->bufLen, buf, needed); 456 » if (needed != 0) {
457 » PORT_Memcpy(ghash->buffer+ghash->bufLen, buf, needed);
458 » }
457 buf += needed; 459 buf += needed;
458 len -= needed; 460 len -= needed;
459 ghash->bufLen += needed; 461 ghash->bufLen += needed;
460 if (len == 0) { 462 if (len == 0) {
461 /* didn't add enough to hash the data, nothing more do do */ 463 /* didn't add enough to hash the data, nothing more do do */
462 return SECSuccess; 464 return SECSuccess;
463 } 465 }
464 PORT_Assert(ghash->bufLen == blocksize); 466 PORT_Assert(ghash->bufLen == blocksize);
465 /* hash the buffer and clear it */ 467 /* hash the buffer and clear it */
466 rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize); 468 rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after
807 SECStatus rv; 809 SECStatus rv;
808 unsigned int tagBytes; 810 unsigned int tagBytes;
809 unsigned char tag[MAX_BLOCK_SIZE]; 811 unsigned char tag[MAX_BLOCK_SIZE];
810 const unsigned char *intag; 812 const unsigned char *intag;
811 unsigned int len; 813 unsigned int len;
812 814
813 tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE; 815 tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
814 816
815 /* get the authentication block */ 817 /* get the authentication block */
816 if (inlen < tagBytes) { 818 if (inlen < tagBytes) {
817 » PORT_SetError(SEC_ERROR_INVALID_ARGS); 819 » PORT_SetError(SEC_ERROR_INPUT_LEN);
818 return SECFailure; 820 return SECFailure;
819 } 821 }
820 822
821 inlen -= tagBytes; 823 inlen -= tagBytes;
822 intag = inbuf + inlen; 824 intag = inbuf + inlen;
823 825
824 /* verify the block */ 826 /* verify the block */
825 rv = gcmHash_Update(&gcm->ghash_context, inbuf, inlen, blocksize); 827 rv = gcmHash_Update(&gcm->ghash_context, inbuf, inlen, blocksize);
826 if (rv != SECSuccess) { 828 if (rv != SECSuccess) {
827 return SECFailure; 829 return SECFailure;
828 } 830 }
829 rv = gcm_GetTag(gcm, tag, &len, blocksize, blocksize); 831 rv = gcm_GetTag(gcm, tag, &len, blocksize, blocksize);
830 if (rv != SECSuccess) { 832 if (rv != SECSuccess) {
831 return SECFailure; 833 return SECFailure;
832 } 834 }
833 /* Don't decrypt if we can't authenticate the encrypted data! 835 /* Don't decrypt if we can't authenticate the encrypted data!
834 * This assumes that if tagBits is not a multiple of 8, intag will 836 * This assumes that if tagBits is not a multiple of 8, intag will
835 * preserve the masked off missing bits. */ 837 * preserve the masked off missing bits. */
836 if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) { 838 if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) {
837 /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ 839 /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
838 PORT_SetError(SEC_ERROR_BAD_DATA); 840 PORT_SetError(SEC_ERROR_BAD_DATA);
839 return SECFailure; 841 return SECFailure;
840 } 842 }
841 /* finish the decryption */ 843 /* finish the decryption */
842 return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, 844 return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
843 inbuf, inlen, blocksize); 845 inbuf, inlen, blocksize);
844 } 846 }
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/freebl/ecl/ecp_256_32.c ('k') | mozilla/security/nss/lib/pk11wrap/pk11obj.c » ('j') | mozilla/security/nss/lib/pk11wrap/pk11obj.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698