From 550320535c89a189516838ad3e67506f98e46d08 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Tue, 3 Mar 2015 20:11:28 +0100 Subject: [PATCH] crypto.pyx: cosmetic changes, added comments --- attic/crypto.pyx | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/attic/crypto.pyx b/attic/crypto.pyx index 6a75dcaa2..20e6c05cd 100644 --- a/attic/crypto.pyx +++ b/attic/crypto.pyx @@ -8,7 +8,7 @@ from libc.stdlib cimport malloc, free API_VERSION = 2 cdef extern from "openssl/rand.h": - int RAND_bytes(unsigned char *buf,int num) + int RAND_bytes(unsigned char *buf, int num) cdef extern from "openssl/evp.h": @@ -26,18 +26,16 @@ cdef extern from "openssl/evp.h": void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a) void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a) - int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv) - int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv) - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in_, int inl) - int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in_, int inl) - int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl) - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl) + int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in_, int inl) + int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in_, int inl) + int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int PKCS5_PBKDF2_HMAC(const char *password, int passwordlen, const unsigned char *salt, int saltlen, int iter, @@ -55,7 +53,8 @@ long_to_bytes = lambda x: _long.pack(x) def num_aes_blocks(length): - """Return the number of AES blocks required to encrypt/decrypt *length* bytes of data + """Return the number of AES blocks required to encrypt/decrypt *length* bytes of data. + Note: this is only correct for modes without padding, like AES-CTR. """ return (length + 15) // 16 @@ -160,7 +159,10 @@ cdef class AES: if not EVP_DecryptUpdate(&self.ctx, out, &outl, data, inl): raise Exception('EVP_DecryptUpdate failed') ptl = outl - if EVP_DecryptFinal_ex(&self.ctx, out+outl, &outl) <= 0: + if EVP_DecryptFinal_ex(&self.ctx, out+ptl, &outl) <= 0: + # this error check is very important for modes with padding or + # authentication. for them, a failure here means corrupted data. + # CTR mode does not use padding nor authentication. raise Exception('EVP_DecryptFinal failed') ptl += outl return out[:ptl]