Merge pull request #121 from golang-fips/errmsg

qmuntal · web-flow · commit 251d5fd9efa6 · 2023-09-26T15:30:27.000+02:00
Reconcile AES and DES error messages with upstream
diff --git a/aes.go b/aes.go
@@ -56,11 +56,17 @@ func (c *aesCipher) BlockSize() int {
 }
 
 func (c *aesCipher) Encrypt(dst, src []byte) {
-	c.encrypt(dst, src)
+	if err := c.encrypt(dst, src); err != nil {
+		// crypto/aes expects that the panic message starts with "crypto/aes: ".
+		panic("crypto/aes: " + err.Error())
+	}
 }
 
 func (c *aesCipher) Decrypt(dst, src []byte) {
-	c.decrypt(dst, src)
+	if err := c.decrypt(dst, src); err != nil {
+		// crypto/aes expects that the panic message starts with "crypto/aes: ".
+		panic("crypto/aes: " + err.Error())
+	}
 }
 
 func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {
diff --git a/aes_test.go b/aes_test.go
@@ -9,6 +9,31 @@ import (
 	"github.com/golang-fips/openssl/v2"
 )
 
+func TestAESShortBlocks(t *testing.T) {
+	bytes := func(n int) []byte { return make([]byte, n) }
+
+	c, _ := openssl.NewAESCipher(bytes(16))
+
+	mustPanic(t, "crypto/aes: input not full block", func() { c.Encrypt(bytes(1), bytes(1)) })
+	mustPanic(t, "crypto/aes: input not full block", func() { c.Decrypt(bytes(1), bytes(1)) })
+	mustPanic(t, "crypto/aes: input not full block", func() { c.Encrypt(bytes(100), bytes(1)) })
+	mustPanic(t, "crypto/aes: input not full block", func() { c.Decrypt(bytes(100), bytes(1)) })
+	mustPanic(t, "crypto/aes: output not full block", func() { c.Encrypt(bytes(1), bytes(100)) })
+	mustPanic(t, "crypto/aes: output not full block", func() { c.Decrypt(bytes(1), bytes(100)) })
+}
+
+func mustPanic(t *testing.T, msg string, f func()) {
+	defer func() {
+		err := recover()
+		if err == nil {
+			t.Errorf("function did not panic, wanted %q", msg)
+		} else if err != msg {
+			t.Errorf("got panic %v, wanted %q", err, msg)
+		}
+	}()
+	f()
+}
+
 func TestNewGCMNonce(t *testing.T) {
 	key := []byte("D249BF6DEC97B1EBD69BC4D6B3A3C49D")
 	ci, err := openssl.NewAESCipher(key)
diff --git a/cipher.go b/cipher.go
@@ -166,57 +166,59 @@ func (c *evpCipher) finalize() {
 	}
 }
 
-func (c *evpCipher) encrypt(dst, src []byte) {
+func (c *evpCipher) encrypt(dst, src []byte) error {
 	if len(src) < c.blockSize {
-		panic("crypto/cipher: input not full block")
+		return errors.New("input not full block")
 	}
 	if len(dst) < c.blockSize {
-		panic("crypto/cipher: output not full block")
+		return errors.New("output not full block")
 	}
 	// Only check for overlap between the parts of src and dst that will actually be used.
 	// This matches Go standard library behavior.
 	if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) {
-		panic("crypto/cipher: invalid buffer overlap")
+		return errors.New("invalid buffer overlap")
 	}
 	if c.enc_ctx == nil {
 		var err error
 		c.enc_ctx, err = newCipherCtx(c.kind, cipherModeECB, cipherOpEncrypt, c.key, nil)
 		if err != nil {
-			panic(err)
+			return err
 		}
 	}
 
 	if C.go_openssl_EVP_EncryptUpdate_wrapper(c.enc_ctx, base(dst), base(src), C.int(c.blockSize)) != 1 {
-		panic("crypto/cipher: EncryptUpdate failed")
+		return errors.New("EncryptUpdate failed")
 	}
 	runtime.KeepAlive(c)
+	return nil
 }
 
-func (c *evpCipher) decrypt(dst, src []byte) {
+func (c *evpCipher) decrypt(dst, src []byte) error {
 	if len(src) < c.blockSize {
-		panic("crypto/cipher: input not full block")
+		return errors.New("input not full block")
 	}
 	if len(dst) < c.blockSize {
-		panic("crypto/cipher: output not full block")
+		return errors.New("output not full block")
 	}
 	// Only check for overlap between the parts of src and dst that will actually be used.
 	// This matches Go standard library behavior.
 	if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) {
-		panic("crypto/cipher: invalid buffer overlap")
+		return errors.New("invalid buffer overlap")
 	}
 	if c.dec_ctx == nil {
 		var err error
 		c.dec_ctx, err = newCipherCtx(c.kind, cipherModeECB, cipherOpDecrypt, c.key, nil)
 		if err != nil {
-			panic(err)
+			return err
 		}
 		if C.go_openssl_EVP_CIPHER_CTX_set_padding(c.dec_ctx, 0) != 1 {
-			panic("crypto/cipher: could not disable cipher padding")
+			return errors.New("could not disable cipher padding")
 		}
 	}
 
 	C.go_openssl_EVP_DecryptUpdate_wrapper(c.dec_ctx, base(dst), base(src), C.int(c.blockSize))
 	runtime.KeepAlive(c)
+	return nil
 }
 
 type cipherCBC struct {
diff --git a/des.go b/des.go
@@ -75,11 +75,17 @@ func (c *desCipher) BlockSize() int {
 }
 
 func (c *desCipher) Encrypt(dst, src []byte) {
-	c.encrypt(dst, src)
+	if err := c.encrypt(dst, src); err != nil {
+		// crypto/des expects that the panic message starts with "crypto/des: ".
+		panic("crypto/des: " + err.Error())
+	}
 }
 
 func (c *desCipher) Decrypt(dst, src []byte) {
-	c.decrypt(dst, src)
+	if err := c.decrypt(dst, src); err != nil {
+		// crypto/des expects that the panic message starts with "crypto/des: ".
+		panic("crypto/des: " + err.Error())
+	}
 }
 
 func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {

Original file line number	Diff line number	Diff line change
`@@ -56,11 +56,17 @@ func (c *aesCipher) BlockSize() int {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`func (c *aesCipher) Encrypt(dst, src []byte) {`
`59`		`- c.encrypt(dst, src)`
	`59`	`+ if err := c.encrypt(dst, src); err != nil {`
	`60`	`+ // crypto/aes expects that the panic message starts with "crypto/aes: ".`
	`61`	`+ panic("crypto/aes: " + err.Error())`
	`62`	`+ }`
`60`	`63`	`}`
`61`	`64`
`62`	`65`	`func (c *aesCipher) Decrypt(dst, src []byte) {`
`63`		`- c.decrypt(dst, src)`
	`66`	`+ if err := c.decrypt(dst, src); err != nil {`
	`67`	`+ // crypto/aes expects that the panic message starts with "crypto/aes: ".`
	`68`	`+ panic("crypto/aes: " + err.Error())`
	`69`	`+ }`
`64`	`70`	`}`
`65`	`71`
`66`	`72`	`func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {`
Original file line number	Diff line number	Diff line change
`@@ -166,57 +166,59 @@ func (c *evpCipher) finalize() {`
`166`	`166`	`}`
`167`	`167`	`}`
`168`	`168`
`169`		`-func (c *evpCipher) encrypt(dst, src []byte) {`
	`169`	`+func (c *evpCipher) encrypt(dst, src []byte) error {`
`170`	`170`	`if len(src) < c.blockSize {`
`171`		`- panic("crypto/cipher: input not full block")`
	`171`	`+ return errors.New("input not full block")`
`172`	`172`	`}`
`173`	`173`	`if len(dst) < c.blockSize {`
`174`		`- panic("crypto/cipher: output not full block")`
	`174`	`+ return errors.New("output not full block")`
`175`	`175`	`}`
`176`	`176`	`// Only check for overlap between the parts of src and dst that will actually be used.`
`177`	`177`	`// This matches Go standard library behavior.`
`178`	`178`	`if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) {`
`179`		`- panic("crypto/cipher: invalid buffer overlap")`
	`179`	`+ return errors.New("invalid buffer overlap")`
`180`	`180`	`}`
`181`	`181`	`if c.enc_ctx == nil {`
`182`	`182`	`var err error`
`183`	`183`	`c.enc_ctx, err = newCipherCtx(c.kind, cipherModeECB, cipherOpEncrypt, c.key, nil)`
`184`	`184`	`if err != nil {`
`185`		`- panic(err)`
	`185`	`+ return err`
`186`	`186`	`}`
`187`	`187`	`}`
`188`	`188`
`189`	`189`	`if C.go_openssl_EVP_EncryptUpdate_wrapper(c.enc_ctx, base(dst), base(src), C.int(c.blockSize)) != 1 {`
`190`		`- panic("crypto/cipher: EncryptUpdate failed")`
	`190`	`+ return errors.New("EncryptUpdate failed")`
`191`	`191`	`}`
`192`	`192`	`runtime.KeepAlive(c)`
	`193`	`+ return nil`
`193`	`194`	`}`
`194`	`195`
`195`		`-func (c *evpCipher) decrypt(dst, src []byte) {`
	`196`	`+func (c *evpCipher) decrypt(dst, src []byte) error {`
`196`	`197`	`if len(src) < c.blockSize {`
`197`		`- panic("crypto/cipher: input not full block")`
	`198`	`+ return errors.New("input not full block")`
`198`	`199`	`}`
`199`	`200`	`if len(dst) < c.blockSize {`
`200`		`- panic("crypto/cipher: output not full block")`
	`201`	`+ return errors.New("output not full block")`
`201`	`202`	`}`
`202`	`203`	`// Only check for overlap between the parts of src and dst that will actually be used.`
`203`	`204`	`// This matches Go standard library behavior.`
`204`	`205`	`if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) {`
`205`		`- panic("crypto/cipher: invalid buffer overlap")`
	`206`	`+ return errors.New("invalid buffer overlap")`
`206`	`207`	`}`
`207`	`208`	`if c.dec_ctx == nil {`
`208`	`209`	`var err error`
`209`	`210`	`c.dec_ctx, err = newCipherCtx(c.kind, cipherModeECB, cipherOpDecrypt, c.key, nil)`
`210`	`211`	`if err != nil {`
`211`		`- panic(err)`
	`212`	`+ return err`
`212`	`213`	`}`
`213`	`214`	`if C.go_openssl_EVP_CIPHER_CTX_set_padding(c.dec_ctx, 0) != 1 {`
`214`		`- panic("crypto/cipher: could not disable cipher padding")`
	`215`	`+ return errors.New("could not disable cipher padding")`
`215`	`216`	`}`
`216`	`217`	`}`
`217`	`218`
`218`	`219`	`C.go_openssl_EVP_DecryptUpdate_wrapper(c.dec_ctx, base(dst), base(src), C.int(c.blockSize))`
`219`	`220`	`runtime.KeepAlive(c)`
	`221`	`+ return nil`
`220`	`222`	`}`
`221`	`223`
`222`	`224`	`type cipherCBC struct {`
Original file line number	Diff line number	Diff line change
`@@ -75,11 +75,17 @@ func (c *desCipher) BlockSize() int {`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`func (c *desCipher) Encrypt(dst, src []byte) {`
`78`		`- c.encrypt(dst, src)`
	`78`	`+ if err := c.encrypt(dst, src); err != nil {`
	`79`	`+ // crypto/des expects that the panic message starts with "crypto/des: ".`
	`80`	`+ panic("crypto/des: " + err.Error())`
	`81`	`+ }`
`79`	`82`	`}`
`80`	`83`
`81`	`84`	`func (c *desCipher) Decrypt(dst, src []byte) {`
`82`		`- c.decrypt(dst, src)`
	`85`	`+ if err := c.decrypt(dst, src); err != nil {`
	`86`	`+ // crypto/des expects that the panic message starts with "crypto/des: ".`
	`87`	`+ panic("crypto/des: " + err.Error())`
	`88`	`+ }`
`83`	`89`	`}`
`84`	`90`
`85`	`91`	`func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode {`