Coverage Report

Created: 2024-11-21 07:03

/src/openssl/providers/implementations/ciphers/ciphercommon.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
/*
11
 * Generic dispatch table functions for ciphers.
12
 */
13
14
/* For SSL3_VERSION */
15
#include <openssl/prov_ssl.h>
16
#include <openssl/proverr.h>
17
#include "ciphercommon_local.h"
18
#include "prov/provider_ctx.h"
19
#include "prov/providercommon.h"
20
21
/*-
22
 * Generic cipher functions for OSSL_PARAM gettables and settables
23
 */
24
static const OSSL_PARAM cipher_known_gettable_params[] = {
25
    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
26
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
27
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
28
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
29
    OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
30
    OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
31
    OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
32
    OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL),
33
    OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL),
34
    OSSL_PARAM_END
35
};
36
const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx)
37
0
{
38
0
    return cipher_known_gettable_params;
39
0
}
40
41
int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
42
                                   uint64_t flags,
43
                                   size_t kbits, size_t blkbits, size_t ivbits)
44
256
{
45
256
    OSSL_PARAM *p;
46
47
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
48
256
    if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
49
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
50
0
        return 0;
51
0
    }
52
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD);
53
256
    if (p != NULL
54
256
        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) {
55
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
56
0
        return 0;
57
0
    }
58
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
59
256
    if (p != NULL
60
256
        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
61
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
62
0
        return 0;
63
0
    }
64
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS);
65
256
    if (p != NULL
66
256
        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CTS) != 0)) {
67
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
68
0
        return 0;
69
0
    }
70
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK);
71
256
    if (p != NULL
72
256
        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_TLS1_MULTIBLOCK) != 0)) {
73
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
74
0
        return 0;
75
0
    }
76
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY);
77
256
    if (p != NULL
78
256
        && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) {
79
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
80
0
        return 0;
81
0
    }
82
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
83
256
    if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
84
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
85
0
        return 0;
86
0
    }
87
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
88
256
    if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
89
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
90
0
        return 0;
91
0
    }
92
256
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
93
256
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
94
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
95
0
        return 0;
96
0
    }
97
256
    return 1;
98
256
}
99
100
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
101
{ OSSL_CIPHER_PARAM_TLS_MAC, OSSL_PARAM_OCTET_PTR, NULL, 0, OSSL_PARAM_UNMODIFIED },
102
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
103
104
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic)
105
OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL),
106
OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL),
107
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL),
108
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic)
109
110
/*
111
 * Variable key length cipher functions for OSSL_PARAM settables
112
 */
113
int ossl_cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
114
0
{
115
0
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
116
0
    const OSSL_PARAM *p;
117
118
0
    if (ossl_param_is_empty(params))
119
0
        return 1;
120
121
0
    if (!ossl_cipher_generic_set_ctx_params(vctx, params))
122
0
        return 0;
123
0
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
124
0
    if (p != NULL) {
125
0
        size_t keylen;
126
127
0
        if (!OSSL_PARAM_get_size_t(p, &keylen)) {
128
0
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
129
0
            return 0;
130
0
        }
131
0
        if (ctx->keylen != keylen) {
132
0
            ctx->keylen = keylen;
133
0
            ctx->key_set = 0;
134
0
        }
135
0
    }
136
0
    return 1;
137
0
}
138
139
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_var_keylen)
140
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
141
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_var_keylen)
142
143
/*-
144
 * AEAD cipher functions for OSSL_PARAM gettables and settables
145
 */
146
static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
147
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
148
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
149
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
150
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
151
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
152
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
153
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
154
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
155
    OSSL_PARAM_uint(OSSL_CIPHER_PARAM_AEAD_IV_GENERATED, NULL),
156
    OSSL_PARAM_END
157
};
158
const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
159
        ossl_unused void *cctx, ossl_unused void *provctx
160
    )
161
28
{
162
28
    return cipher_aead_known_gettable_ctx_params;
163
28
}
164
165
static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
166
    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
167
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
168
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
169
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
170
    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, NULL, 0),
171
    OSSL_PARAM_END
172
};
173
const OSSL_PARAM *ossl_cipher_aead_settable_ctx_params(
174
        ossl_unused void *cctx, ossl_unused void *provctx
175
    )
176
114
{
177
114
    return cipher_aead_known_settable_ctx_params;
178
114
}
179
180
void ossl_cipher_generic_reset_ctx(PROV_CIPHER_CTX *ctx)
181
114k
{
182
114k
    if (ctx != NULL && ctx->alloced) {
183
0
        OPENSSL_free(ctx->tlsmac);
184
0
        ctx->alloced = 0;
185
0
        ctx->tlsmac = NULL;
186
0
    }
187
114k
}
188
189
static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
190
                                        const unsigned char *key, size_t keylen,
191
                                        const unsigned char *iv, size_t ivlen,
192
                                        const OSSL_PARAM params[], int enc)
193
387k
{
194
387k
    ctx->num = 0;
195
387k
    ctx->bufsz = 0;
196
387k
    ctx->updated = 0;
197
387k
    ctx->enc = enc ? 1 : 0;
198
199
387k
    if (!ossl_prov_is_running())
200
0
        return 0;
201
202
387k
    if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
203
130k
        if (!ossl_cipher_generic_initiv(ctx, iv, ivlen))
204
0
            return 0;
205
130k
    }
206
387k
    if (iv == NULL && ctx->iv_set
207
387k
        && (ctx->mode == EVP_CIPH_CBC_MODE
208
125k
            || ctx->mode == EVP_CIPH_CFB_MODE
209
125k
            || ctx->mode == EVP_CIPH_OFB_MODE))
210
        /* reset IV for these modes to keep compatibility with 1.1.1 */
211
0
        memcpy(ctx->iv, ctx->oiv, ctx->ivlen);
212
213
387k
    if (key != NULL) {
214
254k
        if (ctx->variable_keylength == 0) {
215
254k
            if (keylen != ctx->keylen) {
216
0
                ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
217
0
                return 0;
218
0
            }
219
254k
        } else {
220
0
            ctx->keylen = keylen;
221
0
        }
222
254k
        if (!ctx->hw->init(ctx, key, ctx->keylen))
223
0
            return 0;
224
254k
        ctx->key_set = 1;
225
254k
    }
226
387k
    return ossl_cipher_generic_set_ctx_params(ctx, params);
227
387k
}
228
229
int ossl_cipher_generic_einit(void *vctx, const unsigned char *key,
230
                              size_t keylen, const unsigned char *iv,
231
                              size_t ivlen, const OSSL_PARAM params[])
232
387k
{
233
387k
    return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
234
387k
                                        iv, ivlen, params, 1);
235
387k
}
236
237
int ossl_cipher_generic_dinit(void *vctx, const unsigned char *key,
238
                              size_t keylen, const unsigned char *iv,
239
                              size_t ivlen, const OSSL_PARAM params[])
240
72
{
241
72
    return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
242
72
                                        iv, ivlen, params, 0);
243
72
}
244
245
/* Max padding including padding length byte */
246
0
#define MAX_PADDING 256
247
248
int ossl_cipher_generic_block_update(void *vctx, unsigned char *out,
249
                                     size_t *outl, size_t outsize,
250
                                     const unsigned char *in, size_t inl)
251
126k
{
252
126k
    size_t outlint = 0;
253
126k
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
254
126k
    size_t blksz = ctx->blocksize;
255
126k
    size_t nextblocks;
256
257
126k
    if (!ctx->key_set) {
258
0
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
259
0
        return 0;
260
0
    }
261
262
126k
    if (ctx->tlsversion > 0) {
263
        /*
264
         * Each update call corresponds to a TLS record and is individually
265
         * padded
266
         */
267
268
        /* Sanity check inputs */
269
0
        if (in == NULL
270
0
                || in != out
271
0
                || outsize < inl
272
0
                || !ctx->pad) {
273
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
274
0
            return 0;
275
0
        }
276
277
0
        if (ctx->enc) {
278
0
            unsigned char padval;
279
0
            size_t padnum, loop;
280
281
            /* Add padding */
282
283
0
            padnum = blksz - (inl % blksz);
284
285
0
            if (outsize < inl + padnum) {
286
0
                ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
287
0
                return 0;
288
0
            }
289
290
0
            if (padnum > MAX_PADDING) {
291
0
                ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
292
0
                return 0;
293
0
            }
294
0
            padval = (unsigned char)(padnum - 1);
295
0
            if (ctx->tlsversion == SSL3_VERSION) {
296
0
                if (padnum > 1)
297
0
                    memset(out + inl, 0, padnum - 1);
298
0
                *(out + inl + padnum - 1) = padval;
299
0
            } else {
300
                /* we need to add 'padnum' padding bytes of value padval */
301
0
                for (loop = inl; loop < inl + padnum; loop++)
302
0
                    out[loop] = padval;
303
0
            }
304
0
            inl += padnum;
305
0
        }
306
307
0
        if ((inl % blksz) != 0) {
308
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
309
0
            return 0;
310
0
        }
311
312
313
        /* Shouldn't normally fail */
314
0
        if (!ctx->hw->cipher(ctx, out, in, inl)) {
315
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
316
0
            return 0;
317
0
        }
318
319
0
        if (ctx->alloced) {
320
0
            OPENSSL_free(ctx->tlsmac);
321
0
            ctx->alloced = 0;
322
0
            ctx->tlsmac = NULL;
323
0
        }
324
325
        /* This only fails if padding is publicly invalid */
326
0
        *outl = inl;
327
0
        if (!ctx->enc
328
0
            && !ossl_cipher_tlsunpadblock(ctx->libctx, ctx->tlsversion,
329
0
                                          out, outl,
330
0
                                          blksz, &ctx->tlsmac, &ctx->alloced,
331
0
                                          ctx->tlsmacsize, 0)) {
332
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
333
0
            return 0;
334
0
        }
335
0
        return 1;
336
0
    }
337
338
126k
    if (ctx->bufsz != 0)
339
0
        nextblocks = ossl_cipher_fillblock(ctx->buf, &ctx->bufsz, blksz,
340
0
                                           &in, &inl);
341
126k
    else
342
126k
        nextblocks = inl & ~(blksz-1);
343
344
    /*
345
     * If we're decrypting and we end an update on a block boundary we hold
346
     * the last block back in case this is the last update call and the last
347
     * block is padded.
348
     */
349
126k
    if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
350
0
        if (outsize < blksz) {
351
0
            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
352
0
            return 0;
353
0
        }
354
0
        if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
355
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
356
0
            return 0;
357
0
        }
358
0
        ctx->bufsz = 0;
359
0
        outlint = blksz;
360
0
        out += blksz;
361
0
    }
362
126k
    if (nextblocks > 0) {
363
126k
        if (!ctx->enc && ctx->pad && nextblocks == inl) {
364
0
            if (!ossl_assert(inl >= blksz)) {
365
0
                ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
366
0
                return 0;
367
0
            }
368
0
            nextblocks -= blksz;
369
0
        }
370
126k
        outlint += nextblocks;
371
126k
        if (outsize < outlint) {
372
0
            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
373
0
            return 0;
374
0
        }
375
126k
    }
376
126k
    if (nextblocks > 0) {
377
126k
        if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
378
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
379
0
            return 0;
380
0
        }
381
126k
        in += nextblocks;
382
126k
        inl -= nextblocks;
383
126k
    }
384
126k
    if (inl != 0
385
126k
        && !ossl_cipher_trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
386
        /* ERR_raise already called */
387
0
        return 0;
388
0
    }
389
390
126k
    *outl = outlint;
391
126k
    return inl == 0;
392
126k
}
393
394
int ossl_cipher_generic_block_final(void *vctx, unsigned char *out,
395
                                    size_t *outl, size_t outsize)
396
0
{
397
0
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
398
0
    size_t blksz = ctx->blocksize;
399
400
0
    if (!ossl_prov_is_running())
401
0
        return 0;
402
403
0
    if (!ctx->key_set) {
404
0
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
405
0
        return 0;
406
0
    }
407
408
0
    if (ctx->tlsversion > 0) {
409
        /* We never finalize TLS, so this is an error */
410
0
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
411
0
        return 0;
412
0
    }
413
414
0
    if (ctx->enc) {
415
0
        if (ctx->pad) {
416
0
            ossl_cipher_padblock(ctx->buf, &ctx->bufsz, blksz);
417
0
        } else if (ctx->bufsz == 0) {
418
0
            *outl = 0;
419
0
            return 1;
420
0
        } else if (ctx->bufsz != blksz) {
421
0
            ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
422
0
            return 0;
423
0
        }
424
425
0
        if (outsize < blksz) {
426
0
            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
427
0
            return 0;
428
0
        }
429
0
        if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
430
0
            ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
431
0
            return 0;
432
0
        }
433
0
        ctx->bufsz = 0;
434
0
        *outl = blksz;
435
0
        return 1;
436
0
    }
437
438
    /* Decrypting */
439
0
    if (ctx->bufsz != blksz) {
440
0
        if (ctx->bufsz == 0 && !ctx->pad) {
441
0
            *outl = 0;
442
0
            return 1;
443
0
        }
444
0
        ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
445
0
        return 0;
446
0
    }
447
448
0
    if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
449
0
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
450
0
        return 0;
451
0
    }
452
453
0
    if (ctx->pad && !ossl_cipher_unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
454
        /* ERR_raise already called */
455
0
        return 0;
456
0
    }
457
458
0
    if (outsize < ctx->bufsz) {
459
0
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
460
0
        return 0;
461
0
    }
462
0
    memcpy(out, ctx->buf, ctx->bufsz);
463
0
    *outl = ctx->bufsz;
464
0
    ctx->bufsz = 0;
465
0
    return 1;
466
0
}
467
468
int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
469
                                      size_t *outl, size_t outsize,
470
                                      const unsigned char *in, size_t inl)
471
126k
{
472
126k
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
473
474
126k
    if (!ctx->key_set) {
475
0
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
476
0
        return 0;
477
0
    }
478
479
126k
    if (inl == 0) {
480
108
        *outl = 0;
481
108
        return 1;
482
108
    }
483
484
125k
    if (outsize < inl) {
485
0
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
486
0
        return 0;
487
0
    }
488
489
125k
    if (!ctx->hw->cipher(ctx, out, in, inl)) {
490
0
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
491
0
        return 0;
492
0
    }
493
494
125k
    *outl = inl;
495
125k
    if (!ctx->enc && ctx->tlsversion > 0) {
496
        /*
497
        * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
498
        * cipher_aes_cbc_hmac_sha256_hw.c
499
        */
500
0
        if (ctx->removetlspad) {
501
            /*
502
             * We should have already failed in the cipher() call above if this
503
             * isn't true.
504
             */
505
0
            if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
506
0
                return 0;
507
            /* The actual padding length */
508
0
            *outl -= out[inl - 1] + 1;
509
0
        }
510
511
        /* TLS MAC and explicit IV if relevant. We should have already failed
512
         * in the cipher() call above if *outl is too short.
513
         */
514
0
        if (!ossl_assert(*outl >= ctx->removetlsfixed))
515
0
            return 0;
516
0
        *outl -= ctx->removetlsfixed;
517
518
        /* Extract the MAC if there is one */
519
0
        if (ctx->tlsmacsize > 0) {
520
0
            if (*outl < ctx->tlsmacsize)
521
0
                return 0;
522
523
0
            ctx->tlsmac = out + *outl - ctx->tlsmacsize;
524
0
            *outl -= ctx->tlsmacsize;
525
0
        }
526
0
    }
527
528
125k
    return 1;
529
125k
}
530
int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out,
531
                                     size_t *outl, size_t outsize)
532
11
{
533
11
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
534
535
11
    if (!ossl_prov_is_running())
536
0
        return 0;
537
538
11
    if (!ctx->key_set) {
539
0
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
540
0
        return 0;
541
0
    }
542
543
11
    *outl = 0;
544
11
    return 1;
545
11
}
546
547
int ossl_cipher_generic_cipher(void *vctx, unsigned char *out, size_t *outl,
548
                               size_t outsize, const unsigned char *in,
549
                               size_t inl)
550
12.3k
{
551
12.3k
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
552
553
12.3k
    if (!ossl_prov_is_running())
554
0
        return 0;
555
556
12.3k
    if (!ctx->key_set) {
557
0
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
558
0
        return 0;
559
0
    }
560
561
12.3k
    if (outsize < inl) {
562
0
        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
563
0
        return 0;
564
0
    }
565
566
12.3k
    if (!ctx->hw->cipher(ctx, out, in, inl)) {
567
0
        ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
568
0
        return 0;
569
0
    }
570
571
12.3k
    *outl = inl;
572
12.3k
    return 1;
573
12.3k
}
574
575
int ossl_cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
576
6.14k
{
577
6.14k
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
578
6.14k
    OSSL_PARAM *p;
579
580
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
581
6.14k
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
582
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
583
0
        return 0;
584
0
    }
585
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
586
6.14k
    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
587
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
588
0
        return 0;
589
0
    }
590
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
591
6.14k
    if (p != NULL
592
6.14k
        && !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
593
6.14k
        && !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
594
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
595
0
        return 0;
596
0
    }
597
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
598
6.14k
    if (p != NULL
599
6.14k
        && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
600
6.14k
        && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
601
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
602
0
        return 0;
603
0
    }
604
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
605
6.14k
    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
606
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
607
0
        return 0;
608
0
    }
609
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
610
6.14k
    if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
611
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
612
0
        return 0;
613
0
    }
614
6.14k
    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_TLS_MAC);
615
6.14k
    if (p != NULL
616
6.14k
        && !OSSL_PARAM_set_octet_ptr(p, ctx->tlsmac, ctx->tlsmacsize)) {
617
0
        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
618
0
        return 0;
619
0
    }
620
6.14k
    return 1;
621
6.14k
}
622
623
int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
624
388k
{
625
388k
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
626
388k
    const OSSL_PARAM *p;
627
628
388k
    if (ossl_param_is_empty(params))
629
388k
        return 1;
630
631
0
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
632
0
    if (p != NULL) {
633
0
        unsigned int pad;
634
635
0
        if (!OSSL_PARAM_get_uint(p, &pad)) {
636
0
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
637
0
            return 0;
638
0
        }
639
0
        ctx->pad = pad ? 1 : 0;
640
0
    }
641
0
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_USE_BITS);
642
0
    if (p != NULL) {
643
0
        unsigned int bits;
644
645
0
        if (!OSSL_PARAM_get_uint(p, &bits)) {
646
0
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
647
0
            return 0;
648
0
        }
649
0
        ctx->use_bits = bits ? 1 : 0;
650
0
    }
651
0
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION);
652
0
    if (p != NULL) {
653
0
        if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) {
654
0
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
655
0
            return 0;
656
0
        }
657
0
    }
658
0
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_MAC_SIZE);
659
0
    if (p != NULL) {
660
0
        if (!OSSL_PARAM_get_size_t(p, &ctx->tlsmacsize)) {
661
0
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
662
0
            return 0;
663
0
        }
664
0
    }
665
0
    p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
666
0
    if (p != NULL) {
667
0
        unsigned int num;
668
669
0
        if (!OSSL_PARAM_get_uint(p, &num)) {
670
0
            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
671
0
            return 0;
672
0
        }
673
0
        ctx->num = num;
674
0
    }
675
0
    return 1;
676
0
}
677
678
int ossl_cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
679
                               size_t ivlen)
680
131k
{
681
131k
    if (ivlen != ctx->ivlen
682
131k
        || ivlen > sizeof(ctx->iv)) {
683
0
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
684
0
        return 0;
685
0
    }
686
131k
    ctx->iv_set = 1;
687
131k
    memcpy(ctx->iv, iv, ivlen);
688
131k
    memcpy(ctx->oiv, iv, ivlen);
689
131k
    return 1;
690
131k
}
691
692
void ossl_cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
693
                                 size_t ivbits, unsigned int mode,
694
                                 uint64_t flags, const PROV_CIPHER_HW *hw,
695
                                 void *provctx)
696
5.41k
{
697
5.41k
    PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
698
699
5.41k
    if ((flags & PROV_CIPHER_FLAG_INVERSE_CIPHER) != 0)
700
0
        ctx->inverse_cipher = 1;
701
5.41k
    if ((flags & PROV_CIPHER_FLAG_VARIABLE_LENGTH) != 0)
702
0
        ctx->variable_keylength = 1;
703
704
5.41k
    ctx->pad = 1;
705
5.41k
    ctx->keylen = ((kbits) / 8);
706
5.41k
    ctx->ivlen = ((ivbits) / 8);
707
5.41k
    ctx->hw = hw;
708
5.41k
    ctx->mode = mode;
709
5.41k
    ctx->blocksize = blkbits / 8;
710
5.41k
    if (provctx != NULL)
711
4.85k
        ctx->libctx = PROV_LIBCTX_OF(provctx); /* used for rand */
712
5.41k
}