KittyPatch/kitty
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DRYer

Browse Source
This commit is contained in:
Kovid Goyal 2022-08-11 12:50:17 +05:30
parent b2d8f24499
commit 1e0e32e282
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
kitty/crypto.c
View File

@ -270,7 +270,7 @@ new_aes256gcmencrypt(PyTypeObject *type, PyObject *args, PyObject *kwds UNUSED)
if (!(self->iv = PyBytes_FromStringAndSize(NULL, EVP_CIPHER_iv_length(cipher)))) { Py_CLEAR(self); return NULL; } if (!(self->iv = PyBytes_FromStringAndSize(NULL, EVP_CIPHER_iv_length(cipher)))) { Py_CLEAR(self); return NULL; }
if (!secure_random_bytes((unsigned char*)PyBytes_AS_STRING(self->iv), PyBytes_GET_SIZE(self->iv))) { Py_CLEAR(self); return NULL; } if (!secure_random_bytes((unsigned char*)PyBytes_AS_STRING(self->iv), PyBytes_GET_SIZE(self->iv))) { Py_CLEAR(self); return NULL; }
if (!(self->tag = PyBytes_FromStringAndSize(NULL, 0))) { Py_CLEAR(self); return NULL; } if (!(self->tag = PyBytes_FromStringAndSize(NULL, 0))) { Py_CLEAR(self); return NULL; }
if (1 != EVP_EncryptInit_ex(self->ctx, EVP_aes_256_gcm(), NULL, key->secret, (const unsigned char*)PyBytes_AS_STRING(self->iv))) { if (1 != EVP_EncryptInit_ex(self->ctx, cipher, NULL, key->secret, (const unsigned char*)PyBytes_AS_STRING(self->iv))) {
Py_CLEAR(self); return set_error_from_openssl("Failed to initialize encryption context"); } Py_CLEAR(self); return set_error_from_openssl("Failed to initialize encryption context"); }
return (PyObject*)self; return (PyObject*)self;
} }
@ -292,6 +292,16 @@ add_authenticated_but_unencrypted_data(AES256GCMEncrypt *self, PyObject *args) {
Py_RETURN_NONE; Py_RETURN_NONE;
} }
static int
cipher_ctx_tag_length(const EVP_CIPHER_CTX *ctx) {
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
return EVP_CIPHER_CTX_tag_length(ctx);
#else
(void)ctx;
return 16;
#endif
}
static PyObject* static PyObject*
add_data_to_be_encrypted(AES256GCMEncrypt *self, PyObject *args) { add_data_to_be_encrypted(AES256GCMEncrypt *self, PyObject *args) {
if (self->state > 1) { PyErr_SetString(Crypto_Exception, "Encryption has been finished"); return NULL; } if (self->state > 1) { PyErr_SetString(Crypto_Exception, "Encryption has been finished"); return NULL; }
@ -315,10 +325,10 @@ add_data_to_be_encrypted(AES256GCMEncrypt *self, PyObject *args) {
offset += len; offset += len;
self->state = 2; self->state = 2;
PyObject *tag = PyBytes_FromStringAndSize(NULL, 16); PyObject *tag = PyBytes_FromStringAndSize(NULL, cipher_ctx_tag_length(self->ctx));
if (!tag) { Py_CLEAR(ciphertext); return NULL; } if (!tag) { Py_CLEAR(ciphertext); return NULL; }
Py_CLEAR(self->tag); self->tag = tag; Py_CLEAR(self->tag); self->tag = tag;
if (1 != EVP_CIPHER_CTX_ctrl(self->ctx, EVP_CTRL_GCM_GET_TAG, PyBytes_GET_SIZE(self->tag), PyBytes_AS_STRING(tag))) { if (1 != EVP_CIPHER_CTX_ctrl(self->ctx, EVP_CTRL_AEAD_GET_TAG, PyBytes_GET_SIZE(self->tag), PyBytes_AS_STRING(tag))) {
Py_CLEAR(ciphertext); return NULL; Py_CLEAR(ciphertext); return NULL;
} }
} }
@ -370,15 +380,11 @@ new_aes256gcmdecrypt(PyTypeObject *type, PyObject *args, PyObject *kwds UNUSED)
AES256GCMDecrypt *self = (AES256GCMDecrypt *)type->tp_alloc(type, 0); AES256GCMDecrypt *self = (AES256GCMDecrypt *)type->tp_alloc(type, 0);
if (!self) return NULL; if (!self) return NULL;
if (!(self->ctx = EVP_CIPHER_CTX_new())) { Py_CLEAR(self); return set_error_from_openssl("Failed to allocate decryption context"); } if (!(self->ctx = EVP_CIPHER_CTX_new())) { Py_CLEAR(self); return set_error_from_openssl("Failed to allocate decryption context"); }
if (1 != EVP_DecryptInit_ex(self->ctx, EVP_aes_256_gcm(), NULL, key->secret, iv)) { if (1 != EVP_DecryptInit_ex(self->ctx, cipher, NULL, key->secret, iv)) {
Py_CLEAR(self); return set_error_from_openssl("Failed to initialize encryption context"); } Py_CLEAR(self); return set_error_from_openssl("Failed to initialize encryption context"); }
// Ensure tag length is 16 because the OpenSSL verification routines will happily pass even if you set a truncated tag. // Ensure tag length is 16 because the OpenSSL verification routines will happily pass even if you set a truncated tag.
#if OPENSSL_VERSION_NUMBER >= 0x30000000L if (tag_len != cipher_ctx_tag_length(self->ctx)) { PyErr_Format(PyExc_ValueError, "Tag length for AES 256 GCM must be %d", cipher_ctx_tag_length(self->ctx)); return NULL; }
if (tag_len != EVP_CIPHER_CTX_tag_length(self->ctx)) { PyErr_Format(PyExc_ValueError, "Tag length for AES 256 GCM must be %d", EVP_CIPHER_CTX_tag_length(self->ctx)); return NULL; } if (!EVP_CIPHER_CTX_ctrl(self->ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag)) { Py_CLEAR(self); return set_error_from_openssl("Failed to set the tag"); }
#else
if (tag_len != 16) { PyErr_SetString(PyExc_ValueError, "Tag length for AES 256 GCM must be 16"); return NULL; }
#endif
if (!EVP_CIPHER_CTX_ctrl(self->ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag)) { Py_CLEAR(self); return set_error_from_openssl("Failed to set the tag"); }
return (PyObject*)self; return (PyObject*)self;
} }