/src/libressl/crypto/evp/evp_aead.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* $OpenBSD: evp_aead.c,v 1.7 2022/01/07 21:58:17 tb Exp $ */ |
2 | | /* |
3 | | * Copyright (c) 2014, Google Inc. |
4 | | * |
5 | | * Permission to use, copy, modify, and/or distribute this software for any |
6 | | * purpose with or without fee is hereby granted, provided that the above |
7 | | * copyright notice and this permission notice appear in all copies. |
8 | | * |
9 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
10 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
11 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
12 | | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
13 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
14 | | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
15 | | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | | */ |
17 | | |
18 | | #include <limits.h> |
19 | | #include <string.h> |
20 | | |
21 | | #include <openssl/evp.h> |
22 | | #include <openssl/err.h> |
23 | | |
24 | | #include "evp_locl.h" |
25 | | |
26 | | size_t |
27 | | EVP_AEAD_key_length(const EVP_AEAD *aead) |
28 | 0 | { |
29 | 0 | return aead->key_len; |
30 | 0 | } |
31 | | |
32 | | size_t |
33 | | EVP_AEAD_nonce_length(const EVP_AEAD *aead) |
34 | 0 | { |
35 | 0 | return aead->nonce_len; |
36 | 0 | } |
37 | | |
38 | | size_t |
39 | | EVP_AEAD_max_overhead(const EVP_AEAD *aead) |
40 | 0 | { |
41 | 0 | return aead->overhead; |
42 | 0 | } |
43 | | |
44 | | size_t |
45 | | EVP_AEAD_max_tag_len(const EVP_AEAD *aead) |
46 | 0 | { |
47 | 0 | return aead->max_tag_len; |
48 | 0 | } |
49 | | |
50 | | int |
51 | | EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, |
52 | | const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl) |
53 | 0 | { |
54 | 0 | ctx->aead = aead; |
55 | 0 | if (key_len != aead->key_len) { |
56 | 0 | EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE); |
57 | 0 | return 0; |
58 | 0 | } |
59 | 0 | return aead->init(ctx, key, key_len, tag_len); |
60 | 0 | } |
61 | | |
62 | | void |
63 | | EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) |
64 | 0 | { |
65 | 0 | if (ctx->aead == NULL) |
66 | 0 | return; |
67 | 0 | ctx->aead->cleanup(ctx); |
68 | 0 | ctx->aead = NULL; |
69 | 0 | } |
70 | | |
71 | | EVP_AEAD_CTX * |
72 | | EVP_AEAD_CTX_new(void) |
73 | 0 | { |
74 | 0 | return calloc(1, sizeof(EVP_AEAD_CTX)); |
75 | 0 | } |
76 | | |
77 | | void |
78 | | EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx) |
79 | 0 | { |
80 | 0 | if (ctx == NULL) |
81 | 0 | return; |
82 | | |
83 | 0 | EVP_AEAD_CTX_cleanup(ctx); |
84 | 0 | free(ctx); |
85 | 0 | } |
86 | | |
87 | | /* check_alias returns 0 if out points within the buffer determined by in |
88 | | * and in_len and 1 otherwise. |
89 | | * |
90 | | * When processing, there's only an issue if out points within in[:in_len] |
91 | | * and isn't equal to in. If that's the case then writing the output will |
92 | | * stomp input that hasn't been read yet. |
93 | | * |
94 | | * This function checks for that case. */ |
95 | | static int |
96 | | check_alias(const unsigned char *in, size_t in_len, const unsigned char *out) |
97 | 0 | { |
98 | 0 | if (out <= in) |
99 | 0 | return 1; |
100 | 0 | if (in + in_len <= out) |
101 | 0 | return 1; |
102 | 0 | return 0; |
103 | 0 | } |
104 | | |
105 | | int |
106 | | EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, |
107 | | size_t max_out_len, const unsigned char *nonce, size_t nonce_len, |
108 | | const unsigned char *in, size_t in_len, const unsigned char *ad, |
109 | | size_t ad_len) |
110 | 0 | { |
111 | 0 | size_t possible_out_len = in_len + ctx->aead->overhead; |
112 | | |
113 | | /* Overflow. */ |
114 | 0 | if (possible_out_len < in_len) { |
115 | 0 | EVPerror(EVP_R_TOO_LARGE); |
116 | 0 | goto error; |
117 | 0 | } |
118 | | |
119 | 0 | if (!check_alias(in, in_len, out)) { |
120 | 0 | EVPerror(EVP_R_OUTPUT_ALIASES_INPUT); |
121 | 0 | goto error; |
122 | 0 | } |
123 | | |
124 | 0 | if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len, |
125 | 0 | in, in_len, ad, ad_len)) { |
126 | 0 | return 1; |
127 | 0 | } |
128 | | |
129 | 0 | error: |
130 | | /* In the event of an error, clear the output buffer so that a caller |
131 | | * that doesn't check the return value doesn't send raw data. */ |
132 | 0 | memset(out, 0, max_out_len); |
133 | 0 | *out_len = 0; |
134 | 0 | return 0; |
135 | 0 | } |
136 | | |
137 | | int |
138 | | EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, |
139 | | size_t max_out_len, const unsigned char *nonce, size_t nonce_len, |
140 | | const unsigned char *in, size_t in_len, const unsigned char *ad, |
141 | | size_t ad_len) |
142 | 0 | { |
143 | 0 | if (!check_alias(in, in_len, out)) { |
144 | 0 | EVPerror(EVP_R_OUTPUT_ALIASES_INPUT); |
145 | 0 | goto error; |
146 | 0 | } |
147 | | |
148 | 0 | if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, |
149 | 0 | in, in_len, ad, ad_len)) { |
150 | 0 | return 1; |
151 | 0 | } |
152 | | |
153 | 0 | error: |
154 | | /* In the event of an error, clear the output buffer so that a caller |
155 | | * that doesn't check the return value doesn't try and process bad |
156 | | * data. */ |
157 | 0 | memset(out, 0, max_out_len); |
158 | 0 | *out_len = 0; |
159 | 0 | return 0; |
160 | 0 | } |