Coverage Report

Created: 2024-11-21 07:03

/src/openssl/crypto/evp/bio_enc.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#define OPENSSL_SUPPRESS_DEPRECATED /* for BIO_get_callback */
11
12
#include <stdio.h>
13
#include <errno.h>
14
#include "internal/cryptlib.h"
15
#include <openssl/buffer.h>
16
#include <openssl/evp.h>
17
#include "internal/bio.h"
18
19
static int enc_write(BIO *h, const char *buf, int num);
20
static int enc_read(BIO *h, char *buf, int size);
21
static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
22
static int enc_new(BIO *h);
23
static int enc_free(BIO *data);
24
static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
25
7
#define ENC_BLOCK_SIZE  (1024*4)
26
16
#define ENC_MIN_CHUNK   (256)
27
11
#define BUF_OFFSET      (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
28
29
typedef struct enc_struct {
30
    int buf_len;
31
    int buf_off;
32
    int cont;                   /* <= 0 when finished */
33
    int finished;
34
    int ok;                     /* bad decrypt */
35
    EVP_CIPHER_CTX *cipher;
36
    unsigned char *read_start, *read_end;
37
    /*
38
     * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
39
     * up to a block more data than is presented to it
40
     */
41
    unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE];
42
} BIO_ENC_CTX;
43
44
static const BIO_METHOD methods_enc = {
45
    BIO_TYPE_CIPHER,
46
    "cipher",
47
    bwrite_conv,
48
    enc_write,
49
    bread_conv,
50
    enc_read,
51
    NULL,                       /* enc_puts, */
52
    NULL,                       /* enc_gets, */
53
    enc_ctrl,
54
    enc_new,
55
    enc_free,
56
    enc_callback_ctrl,
57
};
58
59
const BIO_METHOD *BIO_f_cipher(void)
60
4
{
61
4
    return &methods_enc;
62
4
}
63
64
static int enc_new(BIO *bi)
65
4
{
66
4
    BIO_ENC_CTX *ctx;
67
68
4
    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
69
0
        return 0;
70
71
4
    ctx->cipher = EVP_CIPHER_CTX_new();
72
4
    if (ctx->cipher == NULL) {
73
0
        OPENSSL_free(ctx);
74
0
        return 0;
75
0
    }
76
4
    ctx->cont = 1;
77
4
    ctx->ok = 1;
78
4
    ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
79
4
    BIO_set_data(bi, ctx);
80
4
    BIO_set_init(bi, 1);
81
82
4
    return 1;
83
4
}
84
85
static int enc_free(BIO *a)
86
4
{
87
4
    BIO_ENC_CTX *b;
88
89
4
    if (a == NULL)
90
0
        return 0;
91
92
4
    b = BIO_get_data(a);
93
4
    if (b == NULL)
94
0
        return 0;
95
96
4
    EVP_CIPHER_CTX_free(b->cipher);
97
4
    OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX));
98
4
    BIO_set_data(a, NULL);
99
4
    BIO_set_init(a, 0);
100
101
4
    return 1;
102
4
}
103
104
static int enc_read(BIO *b, char *out, int outl)
105
8
{
106
8
    int ret = 0, i, blocksize;
107
8
    BIO_ENC_CTX *ctx;
108
8
    BIO *next;
109
110
8
    if (out == NULL)
111
0
        return 0;
112
8
    ctx = BIO_get_data(b);
113
114
8
    next = BIO_next(b);
115
8
    if ((ctx == NULL) || (next == NULL))
116
0
        return 0;
117
118
    /* First check if there are bytes decoded/encoded */
119
8
    if (ctx->buf_len > 0) {
120
1
        i = ctx->buf_len - ctx->buf_off;
121
1
        if (i > outl)
122
1
            i = outl;
123
1
        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
124
1
        ret = i;
125
1
        out += i;
126
1
        outl -= i;
127
1
        ctx->buf_off += i;
128
1
        if (ctx->buf_len == ctx->buf_off) {
129
0
            ctx->buf_len = 0;
130
0
            ctx->buf_off = 0;
131
0
        }
132
1
    }
133
134
8
    blocksize = EVP_CIPHER_CTX_get_block_size(ctx->cipher);
135
136
8
    if (blocksize == 0)
137
0
        return 0;
138
139
8
    if (blocksize == 1)
140
8
        blocksize = 0;
141
142
    /*
143
     * At this point, we have room of outl bytes and an empty buffer, so we
144
     * should read in some more.
145
     */
146
147
12
    while (outl > 0) {
148
10
        if (ctx->cont <= 0)
149
3
            break;
150
151
7
        if (ctx->read_start == ctx->read_end) { /* time to read more data */
152
7
            ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
153
7
            i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
154
7
            if (i > 0)
155
4
                ctx->read_end += i;
156
7
        } else {
157
0
            i = ctx->read_end - ctx->read_start;
158
0
        }
159
160
7
        if (i <= 0) {
161
            /* Should be continue next time we are called? */
162
3
            if (!BIO_should_retry(next)) {
163
3
                ctx->cont = i;
164
3
                i = EVP_CipherFinal_ex(ctx->cipher,
165
3
                                       ctx->buf, &(ctx->buf_len));
166
3
                ctx->ok = i;
167
3
                ctx->buf_off = 0;
168
3
            } else {
169
0
                ret = (ret == 0) ? i : ret;
170
0
                break;
171
0
            }
172
4
        } else {
173
4
            if (outl > ENC_MIN_CHUNK) {
174
                /*
175
                 * Depending on flags block cipher decrypt can write
176
                 * one extra block and then back off, i.e. output buffer
177
                 * has to accommodate extra block...
178
                 */
179
3
                int j = outl - blocksize, buf_len;
180
181
3
                if (!EVP_CipherUpdate(ctx->cipher,
182
3
                                      (unsigned char *)out, &buf_len,
183
3
                                      ctx->read_start, i > j ? j : i)) {
184
0
                    BIO_clear_retry_flags(b);
185
0
                    return 0;
186
0
                }
187
3
                ret += buf_len;
188
3
                out += buf_len;
189
3
                outl -= buf_len;
190
191
3
                if ((i -= j) <= 0) {
192
3
                    ctx->read_start = ctx->read_end;
193
3
                    continue;
194
3
                }
195
0
                ctx->read_start += j;
196
0
            }
197
1
            if (i > ENC_MIN_CHUNK)
198
0
                i = ENC_MIN_CHUNK;
199
1
            if (!EVP_CipherUpdate(ctx->cipher,
200
1
                                  ctx->buf, &ctx->buf_len,
201
1
                                  ctx->read_start, i)) {
202
0
                BIO_clear_retry_flags(b);
203
0
                ctx->ok = 0;
204
0
                return 0;
205
0
            }
206
1
            ctx->read_start += i;
207
1
            ctx->cont = 1;
208
            /*
209
             * Note: it is possible for EVP_CipherUpdate to decrypt zero
210
             * bytes because this is or looks like the final block: if this
211
             * happens we should retry and either read more data or decrypt
212
             * the final block
213
             */
214
1
            if (ctx->buf_len == 0)
215
0
                continue;
216
1
        }
217
218
4
        if (ctx->buf_len <= outl)
219
3
            i = ctx->buf_len;
220
1
        else
221
1
            i = outl;
222
4
        if (i <= 0)
223
3
            break;
224
1
        memcpy(out, ctx->buf, i);
225
1
        ret += i;
226
1
        ctx->buf_off = i;
227
1
        outl -= i;
228
1
        out += i;
229
1
    }
230
231
8
    BIO_clear_retry_flags(b);
232
8
    BIO_copy_next_retry(b);
233
8
    return ((ret == 0) ? ctx->cont : ret);
234
8
}
235
236
static int enc_write(BIO *b, const char *in, int inl)
237
0
{
238
0
    int ret = 0, n, i;
239
0
    BIO_ENC_CTX *ctx;
240
0
    BIO *next;
241
242
0
    ctx = BIO_get_data(b);
243
0
    next = BIO_next(b);
244
0
    if ((ctx == NULL) || (next == NULL))
245
0
        return 0;
246
247
0
    ret = inl;
248
249
0
    BIO_clear_retry_flags(b);
250
0
    n = ctx->buf_len - ctx->buf_off;
251
0
    while (n > 0) {
252
0
        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
253
0
        if (i <= 0) {
254
0
            BIO_copy_next_retry(b);
255
0
            return i;
256
0
        }
257
0
        ctx->buf_off += i;
258
0
        n -= i;
259
0
    }
260
    /* at this point all pending data has been written */
261
262
0
    if ((in == NULL) || (inl <= 0))
263
0
        return 0;
264
265
0
    ctx->buf_off = 0;
266
0
    while (inl > 0) {
267
0
        n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
268
0
        if (!EVP_CipherUpdate(ctx->cipher,
269
0
                              ctx->buf, &ctx->buf_len,
270
0
                              (const unsigned char *)in, n)) {
271
0
            BIO_clear_retry_flags(b);
272
0
            ctx->ok = 0;
273
0
            return 0;
274
0
        }
275
0
        inl -= n;
276
0
        in += n;
277
278
0
        ctx->buf_off = 0;
279
0
        n = ctx->buf_len;
280
0
        while (n > 0) {
281
0
            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
282
0
            if (i <= 0) {
283
0
                BIO_copy_next_retry(b);
284
0
                return (ret == inl) ? i : ret - inl;
285
0
            }
286
0
            n -= i;
287
0
            ctx->buf_off += i;
288
0
        }
289
0
        ctx->buf_len = 0;
290
0
        ctx->buf_off = 0;
291
0
    }
292
0
    BIO_copy_next_retry(b);
293
0
    return ret;
294
0
}
295
296
static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
297
4
{
298
4
    BIO *dbio;
299
4
    BIO_ENC_CTX *ctx, *dctx;
300
4
    long ret = 1;
301
4
    int i;
302
4
    EVP_CIPHER_CTX **c_ctx;
303
4
    BIO *next;
304
4
    int pend;
305
306
4
    ctx = BIO_get_data(b);
307
4
    next = BIO_next(b);
308
4
    if (ctx == NULL)
309
0
        return 0;
310
311
4
    switch (cmd) {
312
0
    case BIO_CTRL_RESET:
313
0
        ctx->ok = 1;
314
0
        ctx->finished = 0;
315
0
        if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
316
0
                               EVP_CIPHER_CTX_is_encrypting(ctx->cipher)))
317
0
            return 0;
318
0
        ret = BIO_ctrl(next, cmd, num, ptr);
319
0
        break;
320
0
    case BIO_CTRL_EOF:         /* More to read */
321
0
        if (ctx->cont <= 0)
322
0
            ret = 1;
323
0
        else
324
0
            ret = BIO_ctrl(next, cmd, num, ptr);
325
0
        break;
326
0
    case BIO_CTRL_WPENDING:
327
0
        ret = ctx->buf_len - ctx->buf_off;
328
0
        if (ret <= 0)
329
0
            ret = BIO_ctrl(next, cmd, num, ptr);
330
0
        break;
331
0
    case BIO_CTRL_PENDING:     /* More to read in buffer */
332
0
        ret = ctx->buf_len - ctx->buf_off;
333
0
        if (ret <= 0)
334
0
            ret = BIO_ctrl(next, cmd, num, ptr);
335
0
        break;
336
0
    case BIO_CTRL_FLUSH:
337
        /* do a final write */
338
0
 again:
339
0
        while (ctx->buf_len != ctx->buf_off) {
340
0
            pend = ctx->buf_len - ctx->buf_off;
341
0
            i = enc_write(b, NULL, 0);
342
            /*
343
             * i should never be > 0 here because we didn't ask to write any
344
             * new data. We stop if we get an error or we failed to make any
345
             * progress writing pending data.
346
             */
347
0
            if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend)
348
0
                return i;
349
0
        }
350
351
0
        if (!ctx->finished) {
352
0
            ctx->finished = 1;
353
0
            ctx->buf_off = 0;
354
0
            ret = EVP_CipherFinal_ex(ctx->cipher,
355
0
                                     (unsigned char *)ctx->buf,
356
0
                                     &(ctx->buf_len));
357
0
            ctx->ok = (int)ret;
358
0
            if (ret <= 0)
359
0
                break;
360
361
            /* push out the bytes */
362
0
            goto again;
363
0
        }
364
365
        /* Finally flush the underlying BIO */
366
0
        ret = BIO_ctrl(next, cmd, num, ptr);
367
0
        BIO_copy_next_retry(b);
368
0
        break;
369
0
    case BIO_C_GET_CIPHER_STATUS:
370
0
        ret = (long)ctx->ok;
371
0
        break;
372
0
    case BIO_C_DO_STATE_MACHINE:
373
0
        BIO_clear_retry_flags(b);
374
0
        ret = BIO_ctrl(next, cmd, num, ptr);
375
0
        BIO_copy_next_retry(b);
376
0
        break;
377
0
    case BIO_C_GET_CIPHER_CTX:
378
0
        c_ctx = (EVP_CIPHER_CTX **)ptr;
379
0
        *c_ctx = ctx->cipher;
380
0
        BIO_set_init(b, 1);
381
0
        break;
382
0
    case BIO_CTRL_DUP:
383
0
        dbio = (BIO *)ptr;
384
0
        dctx = BIO_get_data(dbio);
385
0
        dctx->cipher = EVP_CIPHER_CTX_new();
386
0
        if (dctx->cipher == NULL)
387
0
            return 0;
388
0
        ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
389
0
        if (ret)
390
0
            BIO_set_init(dbio, 1);
391
0
        break;
392
4
    default:
393
4
        ret = BIO_ctrl(next, cmd, num, ptr);
394
4
        break;
395
4
    }
396
4
    return ret;
397
4
}
398
399
static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
400
0
{
401
0
    BIO *next = BIO_next(b);
402
403
0
    if (next == NULL)
404
0
        return 0;
405
406
0
    return BIO_callback_ctrl(next, cmd, fp);
407
0
}
408
409
int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
410
                   const unsigned char *i, int e)
411
4
{
412
4
    BIO_ENC_CTX *ctx;
413
4
    BIO_callback_fn_ex callback_ex;
414
4
#ifndef OPENSSL_NO_DEPRECATED_3_0
415
4
    long (*callback) (struct bio_st *, int, const char *, int, long, long) = NULL;
416
4
#endif
417
418
4
    ctx = BIO_get_data(b);
419
4
    if (ctx == NULL)
420
0
        return 0;
421
422
4
    if ((callback_ex = BIO_get_callback_ex(b)) != NULL) {
423
0
        if (callback_ex(b, BIO_CB_CTRL, (const char *)c, 0, BIO_CTRL_SET,
424
0
                        e, 1, NULL) <= 0)
425
0
            return 0;
426
0
    }
427
4
#ifndef OPENSSL_NO_DEPRECATED_3_0
428
4
    else {
429
4
        callback = BIO_get_callback(b);
430
431
4
        if ((callback != NULL) &&
432
4
            (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
433
0
                      0L) <= 0))
434
0
            return 0;
435
4
    }
436
4
#endif
437
438
4
    BIO_set_init(b, 1);
439
440
4
    if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
441
0
        return 0;
442
443
4
    if (callback_ex != NULL)
444
0
        return callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, (const char *)c, 0,
445
0
                           BIO_CTRL_SET, e, 1, NULL);
446
4
#ifndef OPENSSL_NO_DEPRECATED_3_0
447
4
    else if (callback != NULL)
448
0
        return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
449
4
#endif
450
4
    return 1;
451
4
}