izackp/mosh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stop using deprecated Nettle functions

Browse Source 
Previously, ocb_internal.cc supported different key sizes, by way of
the deprecated aes_* function family. However, in practice, mosh
always uses AES-128. In Nettle, the explicit key-size APIs are not
deprecated, so switch to AES-128 directly.

Fixes: 1202
This commit is contained in:
Alex Chernyakhovsky
2022-06-27 20:10:05 -04:00
committed by Alex Chernyakhovsky
parent db49808ac3
commit 5ad20dbc50
1 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/crypto/ocb_internal.cc
+10 -12
View File
@@ -496,14 +496,12 @@ static void ecb_decrypt_blks(block *blks, unsigned nblks, KEY *key) {
#elif USE_NETTLE_AES #elif USE_NETTLE_AES
/*-------------------*/ /*-------------------*/
// TODO(Issue 1202): Stop using deprecated nettle APIs
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#include <nettle/aes.h> #include <nettle/aes.h>
#include <fatal_assert.h>
namespace ocb_aes { namespace ocb_aes {
typedef struct aes_ctx KEY; typedef struct aes128_ctx KEY;
static KEY *KEY_new() { return new KEY; } static KEY *KEY_new() { return new KEY; }
@@ -511,34 +509,34 @@ static void KEY_delete(KEY *key) { delete key; }
static void set_encrypt_key(const unsigned char *handle, const int bits, KEY *key) static void set_encrypt_key(const unsigned char *handle, const int bits, KEY *key)
{ {
nettle_aes_set_encrypt_key(key, bits/8, (const uint8_t *)handle); fatal_assert(bits == 128);
nettle_aes128_set_encrypt_key(key, (const uint8_t *)handle);
} }
static void set_decrypt_key(const unsigned char *handle, const int bits, KEY *key) static void set_decrypt_key(const unsigned char *handle, const int bits, KEY *key)
{ {
nettle_aes_set_decrypt_key(key, bits/8, (const uint8_t *)handle); fatal_assert(bits == 128);
nettle_aes128_set_decrypt_key(key, (const uint8_t *)handle);
} }
static void encrypt(unsigned char *src, unsigned char *dst, KEY *key) { static void encrypt(unsigned char *src, unsigned char *dst, KEY *key) {
nettle_aes_encrypt(key, AES_BLOCK_SIZE, dst, src); nettle_aes128_encrypt(key, AES_BLOCK_SIZE, dst, src);
} }
#if 0 #if 0
/* unused */ /* unused */
static void decrypt(unsigned char *src, unsigned char *dst, KEY *key) { static void decrypt(unsigned char *src, unsigned char *dst, KEY *key) {
nettle_aes_decrypt(key, AES_BLOCK_SIZE, dst, src); nettle_aes128_decrypt(key, AES_BLOCK_SIZE, dst, src);
} }
#endif #endif
static void ecb_encrypt_blks(block *blks, unsigned nblks, KEY *key) { static void ecb_encrypt_blks(block *blks, unsigned nblks, KEY *key) {
nettle_aes_encrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks); nettle_aes128_encrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
} }
static void ecb_decrypt_blks(block *blks, unsigned nblks, KEY *key) { static void ecb_decrypt_blks(block *blks, unsigned nblks, KEY *key) {
nettle_aes_decrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks); nettle_aes128_decrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
} }
} // namespace ocb_aes } // namespace ocb_aes
#define BPI 4 /* Number of blocks in buffer per ECB call */ #define BPI 4 /* Number of blocks in buffer per ECB call */
#pragma GCC diagnostic pop
#else #else
#error "No AES implementation selected." #error "No AES implementation selected."
#endif #endif