/src/openssl/crypto/evp/bio_enc.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #define OPENSSL_SUPPRESS_DEPRECATED /* for BIO_get_callback */ |
11 | | |
12 | | #include <stdio.h> |
13 | | #include <errno.h> |
14 | | #include "internal/cryptlib.h" |
15 | | #include <openssl/buffer.h> |
16 | | #include <openssl/evp.h> |
17 | | #include "internal/bio.h" |
18 | | |
19 | | static int enc_write(BIO *h, const char *buf, int num); |
20 | | static int enc_read(BIO *h, char *buf, int size); |
21 | | static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
22 | | static int enc_new(BIO *h); |
23 | | static int enc_free(BIO *data); |
24 | | static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); |
25 | 0 | #define ENC_BLOCK_SIZE (1024*4) |
26 | 0 | #define ENC_MIN_CHUNK (256) |
27 | 0 | #define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) |
28 | | |
29 | | typedef struct enc_struct { |
30 | | int buf_len; |
31 | | int buf_off; |
32 | | int cont; /* <= 0 when finished */ |
33 | | int finished; |
34 | | int ok; /* bad decrypt */ |
35 | | EVP_CIPHER_CTX *cipher; |
36 | | unsigned char *read_start, *read_end; |
37 | | /* |
38 | | * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return |
39 | | * up to a block more data than is presented to it |
40 | | */ |
41 | | unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; |
42 | | } BIO_ENC_CTX; |
43 | | |
44 | | static const BIO_METHOD methods_enc = { |
45 | | BIO_TYPE_CIPHER, |
46 | | "cipher", |
47 | | bwrite_conv, |
48 | | enc_write, |
49 | | bread_conv, |
50 | | enc_read, |
51 | | NULL, /* enc_puts, */ |
52 | | NULL, /* enc_gets, */ |
53 | | enc_ctrl, |
54 | | enc_new, |
55 | | enc_free, |
56 | | enc_callback_ctrl, |
57 | | }; |
58 | | |
59 | | const BIO_METHOD *BIO_f_cipher(void) |
60 | 0 | { |
61 | 0 | return &methods_enc; |
62 | 0 | } |
63 | | |
64 | | static int enc_new(BIO *bi) |
65 | 0 | { |
66 | 0 | BIO_ENC_CTX *ctx; |
67 | |
|
68 | 0 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) |
69 | 0 | return 0; |
70 | | |
71 | 0 | ctx->cipher = EVP_CIPHER_CTX_new(); |
72 | 0 | if (ctx->cipher == NULL) { |
73 | 0 | OPENSSL_free(ctx); |
74 | 0 | return 0; |
75 | 0 | } |
76 | 0 | ctx->cont = 1; |
77 | 0 | ctx->ok = 1; |
78 | 0 | ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); |
79 | 0 | BIO_set_data(bi, ctx); |
80 | 0 | BIO_set_init(bi, 1); |
81 | |
|
82 | 0 | return 1; |
83 | 0 | } |
84 | | |
85 | | static int enc_free(BIO *a) |
86 | 0 | { |
87 | 0 | BIO_ENC_CTX *b; |
88 | |
|
89 | 0 | if (a == NULL) |
90 | 0 | return 0; |
91 | | |
92 | 0 | b = BIO_get_data(a); |
93 | 0 | if (b == NULL) |
94 | 0 | return 0; |
95 | | |
96 | 0 | EVP_CIPHER_CTX_free(b->cipher); |
97 | 0 | OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); |
98 | 0 | BIO_set_data(a, NULL); |
99 | 0 | BIO_set_init(a, 0); |
100 | |
|
101 | 0 | return 1; |
102 | 0 | } |
103 | | |
104 | | static int enc_read(BIO *b, char *out, int outl) |
105 | 0 | { |
106 | 0 | int ret = 0, i, blocksize; |
107 | 0 | BIO_ENC_CTX *ctx; |
108 | 0 | BIO *next; |
109 | |
|
110 | 0 | if (out == NULL) |
111 | 0 | return 0; |
112 | 0 | ctx = BIO_get_data(b); |
113 | |
|
114 | 0 | next = BIO_next(b); |
115 | 0 | if ((ctx == NULL) || (next == NULL)) |
116 | 0 | return 0; |
117 | | |
118 | | /* First check if there are bytes decoded/encoded */ |
119 | 0 | if (ctx->buf_len > 0) { |
120 | 0 | i = ctx->buf_len - ctx->buf_off; |
121 | 0 | if (i > outl) |
122 | 0 | i = outl; |
123 | 0 | memcpy(out, &(ctx->buf[ctx->buf_off]), i); |
124 | 0 | ret = i; |
125 | 0 | out += i; |
126 | 0 | outl -= i; |
127 | 0 | ctx->buf_off += i; |
128 | 0 | if (ctx->buf_len == ctx->buf_off) { |
129 | 0 | ctx->buf_len = 0; |
130 | 0 | ctx->buf_off = 0; |
131 | 0 | } |
132 | 0 | } |
133 | |
|
134 | 0 | blocksize = EVP_CIPHER_CTX_get_block_size(ctx->cipher); |
135 | |
|
136 | 0 | if (blocksize == 0) |
137 | 0 | return 0; |
138 | | |
139 | 0 | if (blocksize == 1) |
140 | 0 | blocksize = 0; |
141 | | |
142 | | /* |
143 | | * At this point, we have room of outl bytes and an empty buffer, so we |
144 | | * should read in some more. |
145 | | */ |
146 | |
|
147 | 0 | while (outl > 0) { |
148 | 0 | if (ctx->cont <= 0) |
149 | 0 | break; |
150 | | |
151 | 0 | if (ctx->read_start == ctx->read_end) { /* time to read more data */ |
152 | 0 | ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); |
153 | 0 | i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); |
154 | 0 | if (i > 0) |
155 | 0 | ctx->read_end += i; |
156 | 0 | } else { |
157 | 0 | i = ctx->read_end - ctx->read_start; |
158 | 0 | } |
159 | |
|
160 | 0 | if (i <= 0) { |
161 | | /* Should be continue next time we are called? */ |
162 | 0 | if (!BIO_should_retry(next)) { |
163 | 0 | ctx->cont = i; |
164 | 0 | ctx->finished = 1; |
165 | 0 | i = EVP_CipherFinal_ex(ctx->cipher, |
166 | 0 | ctx->buf, &(ctx->buf_len)); |
167 | 0 | ctx->ok = i; |
168 | 0 | ctx->buf_off = 0; |
169 | 0 | } else { |
170 | 0 | ret = (ret == 0) ? i : ret; |
171 | 0 | break; |
172 | 0 | } |
173 | 0 | } else { |
174 | 0 | if (outl > ENC_MIN_CHUNK) { |
175 | | /* |
176 | | * Depending on flags block cipher decrypt can write |
177 | | * one extra block and then back off, i.e. output buffer |
178 | | * has to accommodate extra block... |
179 | | */ |
180 | 0 | int j = outl - blocksize, buf_len; |
181 | |
|
182 | 0 | if (!EVP_CipherUpdate(ctx->cipher, |
183 | 0 | (unsigned char *)out, &buf_len, |
184 | 0 | ctx->read_start, i > j ? j : i)) { |
185 | 0 | BIO_clear_retry_flags(b); |
186 | 0 | return 0; |
187 | 0 | } |
188 | 0 | ret += buf_len; |
189 | 0 | out += buf_len; |
190 | 0 | outl -= buf_len; |
191 | |
|
192 | 0 | if ((i -= j) <= 0) { |
193 | 0 | ctx->read_start = ctx->read_end; |
194 | 0 | continue; |
195 | 0 | } |
196 | 0 | ctx->read_start += j; |
197 | 0 | } |
198 | 0 | if (i > ENC_MIN_CHUNK) |
199 | 0 | i = ENC_MIN_CHUNK; |
200 | 0 | if (!EVP_CipherUpdate(ctx->cipher, |
201 | 0 | ctx->buf, &ctx->buf_len, |
202 | 0 | ctx->read_start, i)) { |
203 | 0 | BIO_clear_retry_flags(b); |
204 | 0 | ctx->ok = 0; |
205 | 0 | return 0; |
206 | 0 | } |
207 | 0 | ctx->read_start += i; |
208 | 0 | ctx->cont = 1; |
209 | | /* |
210 | | * Note: it is possible for EVP_CipherUpdate to decrypt zero |
211 | | * bytes because this is or looks like the final block: if this |
212 | | * happens we should retry and either read more data or decrypt |
213 | | * the final block |
214 | | */ |
215 | 0 | if (ctx->buf_len == 0) |
216 | 0 | continue; |
217 | 0 | } |
218 | | |
219 | 0 | if (ctx->buf_len <= outl) |
220 | 0 | i = ctx->buf_len; |
221 | 0 | else |
222 | 0 | i = outl; |
223 | 0 | if (i <= 0) |
224 | 0 | break; |
225 | 0 | memcpy(out, ctx->buf, i); |
226 | 0 | ret += i; |
227 | 0 | ctx->buf_off = i; |
228 | 0 | outl -= i; |
229 | 0 | out += i; |
230 | 0 | } |
231 | | |
232 | 0 | BIO_clear_retry_flags(b); |
233 | 0 | BIO_copy_next_retry(b); |
234 | 0 | return ((ret == 0) ? ctx->cont : ret); |
235 | 0 | } |
236 | | |
237 | | static int enc_write(BIO *b, const char *in, int inl) |
238 | 0 | { |
239 | 0 | int ret = 0, n, i; |
240 | 0 | BIO_ENC_CTX *ctx; |
241 | 0 | BIO *next; |
242 | |
|
243 | 0 | ctx = BIO_get_data(b); |
244 | 0 | next = BIO_next(b); |
245 | 0 | if ((ctx == NULL) || (next == NULL)) |
246 | 0 | return 0; |
247 | | |
248 | 0 | ret = inl; |
249 | |
|
250 | 0 | BIO_clear_retry_flags(b); |
251 | 0 | n = ctx->buf_len - ctx->buf_off; |
252 | 0 | while (n > 0) { |
253 | 0 | i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); |
254 | 0 | if (i <= 0) { |
255 | 0 | BIO_copy_next_retry(b); |
256 | 0 | return i; |
257 | 0 | } |
258 | 0 | ctx->buf_off += i; |
259 | 0 | n -= i; |
260 | 0 | } |
261 | | /* at this point all pending data has been written */ |
262 | | |
263 | 0 | if ((in == NULL) || (inl <= 0)) |
264 | 0 | return 0; |
265 | | |
266 | 0 | ctx->buf_off = 0; |
267 | 0 | while (inl > 0) { |
268 | 0 | n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; |
269 | 0 | if (!EVP_CipherUpdate(ctx->cipher, |
270 | 0 | ctx->buf, &ctx->buf_len, |
271 | 0 | (const unsigned char *)in, n)) { |
272 | 0 | BIO_clear_retry_flags(b); |
273 | 0 | ctx->ok = 0; |
274 | 0 | return 0; |
275 | 0 | } |
276 | 0 | inl -= n; |
277 | 0 | in += n; |
278 | |
|
279 | 0 | ctx->buf_off = 0; |
280 | 0 | n = ctx->buf_len; |
281 | 0 | while (n > 0) { |
282 | 0 | i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); |
283 | 0 | if (i <= 0) { |
284 | 0 | BIO_copy_next_retry(b); |
285 | 0 | return (ret == inl) ? i : ret - inl; |
286 | 0 | } |
287 | 0 | n -= i; |
288 | 0 | ctx->buf_off += i; |
289 | 0 | } |
290 | 0 | ctx->buf_len = 0; |
291 | 0 | ctx->buf_off = 0; |
292 | 0 | } |
293 | 0 | BIO_copy_next_retry(b); |
294 | 0 | return ret; |
295 | 0 | } |
296 | | |
297 | | static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) |
298 | 0 | { |
299 | 0 | BIO *dbio; |
300 | 0 | BIO_ENC_CTX *ctx, *dctx; |
301 | 0 | long ret = 1; |
302 | 0 | int i; |
303 | 0 | EVP_CIPHER_CTX **c_ctx; |
304 | 0 | BIO *next; |
305 | 0 | int pend; |
306 | |
|
307 | 0 | ctx = BIO_get_data(b); |
308 | 0 | next = BIO_next(b); |
309 | 0 | if (ctx == NULL) |
310 | 0 | return 0; |
311 | | |
312 | 0 | switch (cmd) { |
313 | 0 | case BIO_CTRL_RESET: |
314 | 0 | ctx->ok = 1; |
315 | 0 | ctx->finished = 0; |
316 | 0 | if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, |
317 | 0 | EVP_CIPHER_CTX_is_encrypting(ctx->cipher))) |
318 | 0 | return 0; |
319 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
320 | 0 | break; |
321 | 0 | case BIO_CTRL_EOF: /* More to read */ |
322 | 0 | if (ctx->cont <= 0) |
323 | 0 | ret = 1; |
324 | 0 | else |
325 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
326 | 0 | break; |
327 | 0 | case BIO_CTRL_WPENDING: |
328 | 0 | ret = ctx->buf_len - ctx->buf_off; |
329 | 0 | if (ret <= 0) |
330 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
331 | 0 | break; |
332 | 0 | case BIO_CTRL_PENDING: /* More to read in buffer */ |
333 | 0 | ret = ctx->buf_len - ctx->buf_off; |
334 | 0 | if (ret <= 0) |
335 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
336 | 0 | break; |
337 | 0 | case BIO_CTRL_FLUSH: |
338 | | /* do a final write */ |
339 | 0 | again: |
340 | 0 | while (ctx->buf_len != ctx->buf_off) { |
341 | 0 | pend = ctx->buf_len - ctx->buf_off; |
342 | 0 | i = enc_write(b, NULL, 0); |
343 | | /* |
344 | | * i should never be > 0 here because we didn't ask to write any |
345 | | * new data. We stop if we get an error or we failed to make any |
346 | | * progress writing pending data. |
347 | | */ |
348 | 0 | if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend) |
349 | 0 | return i; |
350 | 0 | } |
351 | | |
352 | 0 | if (!ctx->finished) { |
353 | 0 | ctx->finished = 1; |
354 | 0 | ctx->buf_off = 0; |
355 | 0 | ret = EVP_CipherFinal_ex(ctx->cipher, |
356 | 0 | (unsigned char *)ctx->buf, |
357 | 0 | &(ctx->buf_len)); |
358 | 0 | ctx->ok = (int)ret; |
359 | 0 | if (ret <= 0) |
360 | 0 | break; |
361 | | |
362 | | /* push out the bytes */ |
363 | 0 | goto again; |
364 | 0 | } |
365 | | |
366 | | /* Finally flush the underlying BIO */ |
367 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
368 | 0 | BIO_copy_next_retry(b); |
369 | 0 | break; |
370 | 0 | case BIO_C_GET_CIPHER_STATUS: |
371 | 0 | ret = (long)ctx->ok; |
372 | 0 | break; |
373 | 0 | case BIO_C_DO_STATE_MACHINE: |
374 | 0 | BIO_clear_retry_flags(b); |
375 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
376 | 0 | BIO_copy_next_retry(b); |
377 | 0 | break; |
378 | 0 | case BIO_C_GET_CIPHER_CTX: |
379 | 0 | c_ctx = (EVP_CIPHER_CTX **)ptr; |
380 | 0 | *c_ctx = ctx->cipher; |
381 | 0 | BIO_set_init(b, 1); |
382 | 0 | break; |
383 | 0 | case BIO_CTRL_DUP: |
384 | 0 | dbio = (BIO *)ptr; |
385 | 0 | dctx = BIO_get_data(dbio); |
386 | 0 | dctx->cipher = EVP_CIPHER_CTX_new(); |
387 | 0 | if (dctx->cipher == NULL) |
388 | 0 | return 0; |
389 | 0 | ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); |
390 | 0 | if (ret) |
391 | 0 | BIO_set_init(dbio, 1); |
392 | 0 | break; |
393 | 0 | default: |
394 | 0 | ret = BIO_ctrl(next, cmd, num, ptr); |
395 | 0 | break; |
396 | 0 | } |
397 | 0 | return ret; |
398 | 0 | } |
399 | | |
400 | | static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) |
401 | 0 | { |
402 | 0 | BIO *next = BIO_next(b); |
403 | |
|
404 | 0 | if (next == NULL) |
405 | 0 | return 0; |
406 | | |
407 | 0 | return BIO_callback_ctrl(next, cmd, fp); |
408 | 0 | } |
409 | | |
410 | | int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, |
411 | | const unsigned char *i, int e) |
412 | 0 | { |
413 | 0 | BIO_ENC_CTX *ctx; |
414 | 0 | BIO_callback_fn_ex callback_ex; |
415 | 0 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
416 | 0 | long (*callback) (struct bio_st *, int, const char *, int, long, long) = NULL; |
417 | 0 | #endif |
418 | |
|
419 | 0 | ctx = BIO_get_data(b); |
420 | 0 | if (ctx == NULL) |
421 | 0 | return 0; |
422 | | |
423 | 0 | if ((callback_ex = BIO_get_callback_ex(b)) != NULL) { |
424 | 0 | if (callback_ex(b, BIO_CB_CTRL, (const char *)c, 0, BIO_CTRL_SET, |
425 | 0 | e, 1, NULL) <= 0) |
426 | 0 | return 0; |
427 | 0 | } |
428 | 0 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
429 | 0 | else { |
430 | 0 | callback = BIO_get_callback(b); |
431 | |
|
432 | 0 | if ((callback != NULL) && |
433 | 0 | (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, |
434 | 0 | 0L) <= 0)) |
435 | 0 | return 0; |
436 | 0 | } |
437 | 0 | #endif |
438 | | |
439 | 0 | BIO_set_init(b, 1); |
440 | |
|
441 | 0 | if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) |
442 | 0 | return 0; |
443 | | |
444 | 0 | if (callback_ex != NULL) |
445 | 0 | return callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, (const char *)c, 0, |
446 | 0 | BIO_CTRL_SET, e, 1, NULL); |
447 | 0 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
448 | 0 | else if (callback != NULL) |
449 | 0 | return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); |
450 | 0 | #endif |
451 | 0 | return 1; |
452 | 0 | } |