Revert "Cumulative patch from commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950"
This reverts commit 78a5dac804c22aa6e4ec8226a864d3b0d6ccddbb.
Test: None
diff --git a/src/crypto/aes-ctr.c b/src/crypto/aes-ctr.c
index e27f3bb..d4d874d 100644
--- a/src/crypto/aes-ctr.c
+++ b/src/crypto/aes-ctr.c
@@ -1,5 +1,5 @@
/*
- * AES-128/192/256 CTR
+ * AES-128 CTR
*
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
*
@@ -14,16 +14,15 @@
#include "aes_wrap.h"
/**
- * aes_ctr_encrypt - AES-128/192/256 CTR mode encryption
- * @key: Key for encryption (key_len bytes)
- * @key_len: Length of the key (16, 24, or 32 bytes)
+ * aes_128_ctr_encrypt - AES-128 CTR mode encryption
+ * @key: Key for encryption (16 bytes)
* @nonce: Nonce for counter mode (16 bytes)
* @data: Data to encrypt in-place
* @data_len: Length of data in bytes
* Returns: 0 on success, -1 on failure
*/
-int aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
- u8 *data, size_t data_len)
+int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
+ u8 *data, size_t data_len)
{
void *ctx;
size_t j, len, left = data_len;
@@ -31,7 +30,7 @@
u8 *pos = data;
u8 counter[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
- ctx = aes_encrypt_init(key, key_len);
+ ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memcpy(counter, nonce, AES_BLOCK_SIZE);
@@ -54,18 +53,3 @@
aes_encrypt_deinit(ctx);
return 0;
}
-
-
-/**
- * aes_128_ctr_encrypt - AES-128 CTR mode encryption
- * @key: Key for encryption (key_len bytes)
- * @nonce: Nonce for counter mode (16 bytes)
- * @data: Data to encrypt in-place
- * @data_len: Length of data in bytes
- * Returns: 0 on success, -1 on failure
- */
-int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
- u8 *data, size_t data_len)
-{
- return aes_ctr_encrypt(key, 16, nonce, data, data_len);
-}
diff --git a/src/crypto/aes-siv.c b/src/crypto/aes-siv.c
index 2bb79b5..5ac82c2 100644
--- a/src/crypto/aes-siv.c
+++ b/src/crypto/aes-siv.c
@@ -61,33 +61,26 @@
}
-static int aes_s2v(const u8 *key, size_t key_len,
- size_t num_elem, const u8 *addr[], size_t *len, u8 *mac)
+static int aes_s2v(const u8 *key, size_t num_elem, const u8 *addr[],
+ size_t *len, u8 *mac)
{
u8 tmp[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
u8 *buf = NULL;
int ret;
size_t i;
- const u8 *data[1];
- size_t data_len[1];
if (!num_elem) {
os_memcpy(tmp, zero, sizeof(zero));
tmp[AES_BLOCK_SIZE - 1] = 1;
- data[0] = tmp;
- data_len[0] = sizeof(tmp);
- return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
+ return omac1_aes_128(key, tmp, sizeof(tmp), mac);
}
- data[0] = zero;
- data_len[0] = sizeof(zero);
- ret = omac1_aes_vector(key, key_len, 1, data, data_len, tmp);
+ ret = omac1_aes_128(key, zero, sizeof(zero), tmp);
if (ret)
return ret;
for (i = 0; i < num_elem - 1; i++) {
- ret = omac1_aes_vector(key, key_len, 1, &addr[i], &len[i],
- tmp2);
+ ret = omac1_aes_128(key, addr[i], len[i], tmp2);
if (ret)
return ret;
@@ -101,8 +94,7 @@
os_memcpy(buf, addr[i], len[i]);
xorend(buf, len[i], tmp, AES_BLOCK_SIZE);
- data[0] = buf;
- ret = omac1_aes_vector(key, key_len, 1, data, &len[i], mac);
+ ret = omac1_aes_128(key, buf, len[i], mac);
bin_clear_free(buf, len[i]);
return ret;
}
@@ -111,32 +103,24 @@
pad_block(tmp2, addr[i], len[i]);
xor(tmp, tmp2);
- data[0] = tmp;
- data_len[0] = sizeof(tmp);
- return omac1_aes_vector(key, key_len, 1, data, data_len, mac);
+ return omac1_aes_128(key, tmp, sizeof(tmp), mac);
}
-int aes_siv_encrypt(const u8 *key, size_t key_len,
- const u8 *pw, size_t pwlen,
- size_t num_elem, const u8 *addr[], const size_t *len,
- u8 *out)
+int aes_siv_encrypt(const u8 *key, const u8 *pw,
+ size_t pwlen, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *out)
{
const u8 *_addr[6];
size_t _len[6];
- const u8 *k1, *k2;
+ const u8 *k1 = key, *k2 = key + 16;
u8 v[AES_BLOCK_SIZE];
size_t i;
u8 *iv, *crypt_pw;
- if (num_elem > ARRAY_SIZE(_addr) - 1 ||
- (key_len != 32 && key_len != 48 && key_len != 64))
+ if (num_elem > ARRAY_SIZE(_addr) - 1)
return -1;
- key_len /= 2;
- k1 = key;
- k2 = key + key_len;
-
for (i = 0; i < num_elem; i++) {
_addr[i] = addr[i];
_len[i] = len[i];
@@ -144,7 +128,7 @@
_addr[num_elem] = pw;
_len[num_elem] = pwlen;
- if (aes_s2v(k1, key_len, num_elem + 1, _addr, _len, v))
+ if (aes_s2v(k1, num_elem + 1, _addr, _len, v))
return -1;
iv = out;
@@ -156,31 +140,26 @@
/* zero out 63rd and 31st bits of ctr (from right) */
v[8] &= 0x7f;
v[12] &= 0x7f;
- return aes_ctr_encrypt(k2, key_len, v, crypt_pw, pwlen);
+ return aes_128_ctr_encrypt(k2, v, crypt_pw, pwlen);
}
-int aes_siv_decrypt(const u8 *key, size_t key_len,
- const u8 *iv_crypt, size_t iv_c_len,
+int aes_siv_decrypt(const u8 *key, const u8 *iv_crypt, size_t iv_c_len,
size_t num_elem, const u8 *addr[], const size_t *len,
u8 *out)
{
const u8 *_addr[6];
size_t _len[6];
- const u8 *k1, *k2;
+ const u8 *k1 = key, *k2 = key + 16;
size_t crypt_len;
size_t i;
int ret;
u8 iv[AES_BLOCK_SIZE];
u8 check[AES_BLOCK_SIZE];
- if (iv_c_len < AES_BLOCK_SIZE || num_elem > ARRAY_SIZE(_addr) - 1 ||
- (key_len != 32 && key_len != 48 && key_len != 64))
+ if (iv_c_len < AES_BLOCK_SIZE || num_elem > ARRAY_SIZE(_addr) - 1)
return -1;
crypt_len = iv_c_len - AES_BLOCK_SIZE;
- key_len /= 2;
- k1 = key;
- k2 = key + key_len;
for (i = 0; i < num_elem; i++) {
_addr[i] = addr[i];
@@ -195,11 +174,11 @@
iv[8] &= 0x7f;
iv[12] &= 0x7f;
- ret = aes_ctr_encrypt(k2, key_len, iv, out, crypt_len);
+ ret = aes_128_ctr_encrypt(k2, iv, out, crypt_len);
if (ret)
return ret;
- ret = aes_s2v(k1, key_len, num_elem + 1, _addr, _len, check);
+ ret = aes_s2v(k1, num_elem + 1, _addr, _len, check);
if (ret)
return ret;
if (os_memcmp(check, iv_crypt, AES_BLOCK_SIZE) == 0)
diff --git a/src/crypto/aes_siv.h b/src/crypto/aes_siv.h
index fb05d80..463cf65 100644
--- a/src/crypto/aes_siv.h
+++ b/src/crypto/aes_siv.h
@@ -9,12 +9,10 @@
#ifndef AES_SIV_H
#define AES_SIV_H
-int aes_siv_encrypt(const u8 *key, size_t key_len,
- const u8 *pw, size_t pwlen,
- size_t num_elem, const u8 *addr[], const size_t *len,
- u8 *out);
-int aes_siv_decrypt(const u8 *key, size_t key_len,
- const u8 *iv_crypt, size_t iv_c_len,
+int aes_siv_encrypt(const u8 *key, const u8 *pw,
+ size_t pwlen, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *out);
+int aes_siv_decrypt(const u8 *key, const u8 *iv_crypt, size_t iv_c_len,
size_t num_elem, const u8 *addr[], const size_t *len,
u8 *out);
diff --git a/src/crypto/aes_wrap.h b/src/crypto/aes_wrap.h
index b70b1d2..4a14209 100644
--- a/src/crypto/aes_wrap.h
+++ b/src/crypto/aes_wrap.h
@@ -3,7 +3,7 @@
*
* - AES Key Wrap Algorithm (RFC3394)
* - One-Key CBC MAC (OMAC1) hash with AES-128 and AES-256
- * - AES-128/192/256 CTR mode encryption
+ * - AES-128 CTR mode encryption
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
* - AES-GCM
@@ -33,8 +33,6 @@
int __must_check omac1_aes_256(const u8 *key, const u8 *data, size_t data_len,
u8 *mac);
int __must_check aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
-int __must_check aes_ctr_encrypt(const u8 *key, size_t key_len, const u8 *nonce,
- u8 *data, size_t data_len);
int __must_check aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
u8 *data, size_t data_len);
int __must_check aes_128_eax_encrypt(const u8 *key,
diff --git a/src/crypto/crypto_module_tests.c b/src/crypto/crypto_module_tests.c
index fb91ab4..ffd2394 100644
--- a/src/crypto/crypto_module_tests.c
+++ b/src/crypto/crypto_module_tests.c
@@ -92,7 +92,7 @@
addr[0] = ad;
len[0] = sizeof(ad);
- if (aes_siv_encrypt(key, sizeof(key), plaintext, sizeof(plaintext),
+ if (aes_siv_encrypt(key, plaintext, sizeof(plaintext),
1, addr, len, out)) {
wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
return 1;
@@ -103,8 +103,7 @@
return 1;
}
- if (aes_siv_decrypt(key, sizeof(key), iv_c, sizeof(iv_c),
- 1, addr, len, out)) {
+ if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) {
wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
return 1;
}
@@ -122,8 +121,7 @@
addr[2] = nonce_2;
len[2] = sizeof(nonce_2);
- if (aes_siv_encrypt(key_2, sizeof(key_2),
- plaintext_2, sizeof(plaintext_2),
+ if (aes_siv_encrypt(key_2, plaintext_2, sizeof(plaintext_2),
3, addr, len, out)) {
wpa_printf(MSG_ERROR, "AES-SIV mode encryption failed");
return 1;
@@ -134,8 +132,7 @@
return 1;
}
- if (aes_siv_decrypt(key_2, sizeof(key_2), iv_c_2, sizeof(iv_c_2),
- 3, addr, len, out)) {
+ if (aes_siv_decrypt(key_2, iv_c_2, sizeof(iv_c_2), 3, addr, len, out)) {
wpa_printf(MSG_ERROR, "AES-SIV mode decryption failed");
return 1;
}
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index b3d1b07..19e0e2b 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -611,7 +611,7 @@
void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
DH *dh;
struct wpabuf *pubkey = NULL, *privkey = NULL;
size_t publen, privlen;
@@ -712,7 +712,7 @@
void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
DH *dh;
dh = DH_new();
diff --git a/src/crypto/sha512-internal.c b/src/crypto/sha512-internal.c
index 76c4fe7..66ef331 100644
--- a/src/crypto/sha512-internal.c
+++ b/src/crypto/sha512-internal.c
@@ -242,7 +242,7 @@
md->curlen = 0;
}
- /* pad up to 120 bytes of zeroes
+ /* pad upto 120 bytes of zeroes
* note: that from 112 to 120 is the 64 MSB of the length. We assume
* that you won't hash > 2^64 bits of data... :-)
*/
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a7d4880..23ac64b 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -919,7 +919,7 @@
}
#endif /* OPENSSL_FIPS */
#endif /* CONFIG_FIPS */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
SSL_library_init();
#ifndef OPENSSL_NO_SHA256
@@ -1043,7 +1043,7 @@
tls_openssl_ref_count--;
if (tls_openssl_ref_count == 0) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif /* OPENSSL_NO_ENGINE */
@@ -2334,7 +2334,7 @@
return 0;
#ifdef PKCS12_FUNCS
-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
/*
* Clear previously set extra chain certificates, if any, from PKCS#12
* processing in tls_parse_pkcs12() to allow OpenSSL to build a new
@@ -3976,7 +3976,7 @@
engine_id = "pkcs11";
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (params->flags & TLS_CONN_EAP_FAST) {
wpa_printf(MSG_DEBUG,
"OpenSSL: Use TLSv1_method() for EAP-FAST");