kovidgoyal/kitty
1
1
Fork 0
mirror of https://github.com/kovidgoyal/kitty.git synced 2024-11-13 03:12:37 +03:00
Code Issues Projects Releases Wiki Activity

OpenSSL 3.0 apparently has API to get rid of the tag length magic number. Lets hope it works

Browse Source
This commit is contained in:
Kovid Goyal 2022-08-05 14:28:56 +05:30
parent 3270c9a527
commit f06a72b418
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
kitty/crypto.c
View File

@ -371,7 +371,12 @@ new_aes256gcmdecrypt(PyTypeObject *type, PyObject *args, PyObject *kwds UNUSED)
if (!(self->ctx = EVP_CIPHER_CTX_new())) { Py_CLEAR(self); return set_error_from_openssl("Failed to allocate decryption context"); }
if (1 != EVP_DecryptInit_ex(self->ctx, EVP_aes_256_gcm(), NULL, key->secret, iv)) {
Py_CLEAR(self); return set_error_from_openssl("Failed to initialize encryption context"); }
// Ensure tag length is 16 because the OpenSSL verification routines will happily pass even if you set a truncated tag.
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (tag_len != EVP_CIPHER_CTX_tag_length(self->ctx)) { PyErr_Format(PyExc_ValueError, "Tag length for AES 256 GCM must be %d", EVP_CIPHER_CTX_tag_length(self->ctx)); return NULL; }
#else
if (tag_len != 16) { PyErr_SetString(PyExc_ValueError, "Tag length for AES 256 GCM must be 16"); return NULL; }
#endif
if (!EVP_CIPHER_CTX_ctrl(self->ctx, EVP_CTRL_GCM_SET_TAG, tag_len, tag)) { Py_CLEAR(self); return set_error_from_openssl("Failed to set the tag"); }
return (PyObject*)self;
}