/src/libzip/lib/zip_crypto_openssl.c
Line | Count | Source |
1 | | /* |
2 | | zip_crypto_openssl.c -- OpenSSL wrapper. |
3 | | Copyright (C) 2018-2023 Dieter Baron and Thomas Klausner |
4 | | |
5 | | This file is part of libzip, a library to manipulate ZIP archives. |
6 | | The authors can be contacted at <info@libzip.org> |
7 | | |
8 | | Redistribution and use in source and binary forms, with or without |
9 | | modification, are permitted provided that the following conditions |
10 | | are met: |
11 | | 1. Redistributions of source code must retain the above copyright |
12 | | notice, this list of conditions and the following disclaimer. |
13 | | 2. Redistributions in binary form must reproduce the above copyright |
14 | | notice, this list of conditions and the following disclaimer in |
15 | | the documentation and/or other materials provided with the |
16 | | distribution. |
17 | | 3. The names of the authors may not be used to endorse or promote |
18 | | products derived from this software without specific prior |
19 | | written permission. |
20 | | |
21 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS |
22 | | OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
23 | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | | ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
25 | | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE |
27 | | GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
28 | | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER |
29 | | IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
30 | | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
31 | | IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 | | */ |
33 | | |
34 | | #include <stdlib.h> |
35 | | |
36 | | #include "zipint.h" |
37 | | |
38 | | #include "zip_crypto.h" |
39 | | |
40 | | #include <limits.h> |
41 | | #include <openssl/rand.h> |
42 | | |
43 | | #ifdef USE_OPENSSL_3_API |
44 | | static _zip_crypto_hmac_t* hmac_new() { |
45 | | _zip_crypto_hmac_t *hmac = (_zip_crypto_hmac_t*)malloc(sizeof(*hmac)); |
46 | | if (hmac != NULL) { |
47 | | hmac->mac = NULL; |
48 | | hmac->ctx = NULL; |
49 | | } |
50 | | return hmac; |
51 | | } |
52 | | static void hmac_free(_zip_crypto_hmac_t* hmac) { |
53 | | if (hmac != NULL) { |
54 | | if (hmac->ctx != NULL) { |
55 | | EVP_MAC_CTX_free(hmac->ctx); |
56 | | } |
57 | | if (hmac->mac != NULL) { |
58 | | EVP_MAC_free(hmac->mac); |
59 | | } |
60 | | free(hmac); |
61 | | } |
62 | | } |
63 | | #endif |
64 | | |
65 | | _zip_crypto_aes_t * |
66 | 868 | _zip_crypto_aes_new(const zip_uint8_t *key, zip_uint16_t key_size, zip_error_t *error) { |
67 | 868 | _zip_crypto_aes_t *aes; |
68 | 868 | const EVP_CIPHER* cipher_type; |
69 | | |
70 | 868 | switch (key_size) { |
71 | 281 | case 128: |
72 | 281 | cipher_type = EVP_aes_128_ecb(); |
73 | 281 | break; |
74 | 61 | case 192: |
75 | 61 | cipher_type = EVP_aes_192_ecb(); |
76 | 61 | break; |
77 | 526 | case 256: |
78 | 526 | cipher_type = EVP_aes_256_ecb(); |
79 | 526 | break; |
80 | 0 | default: |
81 | 0 | zip_error_set(error, ZIP_ER_INTERNAL, 0); |
82 | 0 | return NULL; |
83 | 868 | } |
84 | | |
85 | | #ifdef USE_OPENSSL_1_0_API |
86 | | if ((aes = (_zip_crypto_aes_t *)malloc(sizeof(*aes))) == NULL) { |
87 | | zip_error_set(error, ZIP_ER_MEMORY, 0); |
88 | | return NULL; |
89 | | } |
90 | | memset(aes, 0, sizeof(*aes)); |
91 | | #else |
92 | 868 | if ((aes = EVP_CIPHER_CTX_new()) == NULL) { |
93 | 0 | zip_error_set(error, ZIP_ER_MEMORY, 0); |
94 | 0 | return NULL; |
95 | 0 | } |
96 | 868 | #endif |
97 | | |
98 | 868 | if (EVP_EncryptInit_ex(aes, cipher_type, NULL, key, NULL) != 1) { |
99 | | #ifdef USE_OPENSSL_1_0_API |
100 | | free(aes); |
101 | | #else |
102 | 0 | EVP_CIPHER_CTX_free(aes); |
103 | 0 | #endif |
104 | 0 | zip_error_set(error, ZIP_ER_INTERNAL, 0); |
105 | 0 | return NULL; |
106 | 0 | } |
107 | | |
108 | 868 | return aes; |
109 | 868 | } |
110 | | |
111 | | void |
112 | 868 | _zip_crypto_aes_free(_zip_crypto_aes_t *aes) { |
113 | 868 | if (aes == NULL) { |
114 | 0 | return; |
115 | 0 | } |
116 | | |
117 | | #ifdef USE_OPENSSL_1_0_API |
118 | | EVP_CIPHER_CTX_cleanup(aes); |
119 | | _zip_crypto_clear(aes, sizeof(*aes)); |
120 | | free(aes); |
121 | | #else |
122 | 868 | EVP_CIPHER_CTX_free(aes); |
123 | 868 | #endif |
124 | 868 | } |
125 | | |
126 | | |
127 | | bool |
128 | 5.16M | _zip_crypto_aes_encrypt_block(_zip_crypto_aes_t *aes, const zip_uint8_t *in, zip_uint8_t *out) { |
129 | 5.16M | int len = 0; |
130 | 5.16M | if (EVP_EncryptUpdate(aes, out, &len, in, ZIP_CRYPTO_AES_BLOCK_LENGTH) != 1 |
131 | 5.16M | || len != ZIP_CRYPTO_AES_BLOCK_LENGTH) { |
132 | 0 | return false; |
133 | 0 | } |
134 | 5.16M | return true; |
135 | 5.16M | } |
136 | | |
137 | | |
138 | | _zip_crypto_hmac_t * |
139 | 868 | _zip_crypto_hmac_new(const zip_uint8_t *secret, zip_uint64_t secret_length, zip_error_t *error) { |
140 | 868 | _zip_crypto_hmac_t *hmac; |
141 | | |
142 | 868 | if (secret_length > INT_MAX) { |
143 | 0 | zip_error_set(error, ZIP_ER_INVAL, 0); |
144 | 0 | return NULL; |
145 | 0 | } |
146 | | |
147 | | #ifdef USE_OPENSSL_3_API |
148 | | if ((hmac = hmac_new()) == NULL |
149 | | || (hmac->mac = EVP_MAC_fetch(NULL, "HMAC", "provider=default")) == NULL |
150 | | || (hmac->ctx = EVP_MAC_CTX_new(hmac->mac)) == NULL) { |
151 | | hmac_free(hmac); |
152 | | zip_error_set(error, ZIP_ER_MEMORY, 0); |
153 | | return NULL; |
154 | | } |
155 | | |
156 | | { |
157 | | OSSL_PARAM params[2]; |
158 | | params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0); |
159 | | params[1] = OSSL_PARAM_construct_end(); |
160 | | |
161 | | if (!EVP_MAC_init(hmac->ctx, (const unsigned char *)secret, secret_length, params)) { |
162 | | zip_error_set(error, ZIP_ER_INTERNAL, 0); |
163 | | hmac_free(hmac); |
164 | | return NULL; |
165 | | } |
166 | | } |
167 | | #else |
168 | | #ifdef USE_OPENSSL_1_0_API |
169 | | if ((hmac = (_zip_crypto_hmac_t *)malloc(sizeof(*hmac))) == NULL) { |
170 | | zip_error_set(error, ZIP_ER_MEMORY, 0); |
171 | | return NULL; |
172 | | } |
173 | | |
174 | | HMAC_CTX_init(hmac); |
175 | | #else |
176 | 868 | if ((hmac = HMAC_CTX_new()) == NULL) { |
177 | 0 | zip_error_set(error, ZIP_ER_MEMORY, 0); |
178 | 0 | return NULL; |
179 | 0 | } |
180 | 868 | #endif |
181 | | |
182 | 868 | if (HMAC_Init_ex(hmac, secret, (int)secret_length, EVP_sha1(), NULL) != 1) { |
183 | 0 | zip_error_set(error, ZIP_ER_INTERNAL, 0); |
184 | | #ifdef USE_OPENSSL_1_0_API |
185 | | free(hmac); |
186 | | #else |
187 | 0 | HMAC_CTX_free(hmac); |
188 | 0 | #endif |
189 | 0 | return NULL; |
190 | 0 | } |
191 | 868 | #endif |
192 | | |
193 | 868 | return hmac; |
194 | 868 | } |
195 | | |
196 | | |
197 | | void |
198 | 868 | _zip_crypto_hmac_free(_zip_crypto_hmac_t *hmac) { |
199 | 868 | if (hmac == NULL) { |
200 | 0 | return; |
201 | 0 | } |
202 | | |
203 | | #if defined(USE_OPENSSL_3_API) |
204 | | hmac_free(hmac); |
205 | | #elif defined(USE_OPENSSL_1_0_API) |
206 | | HMAC_CTX_cleanup(hmac); |
207 | | _zip_crypto_clear(hmac, sizeof(*hmac)); |
208 | | free(hmac); |
209 | | #else |
210 | 868 | HMAC_CTX_free(hmac); |
211 | 868 | #endif |
212 | 868 | } |
213 | | |
214 | | |
215 | | bool |
216 | 587 | _zip_crypto_hmac_output(_zip_crypto_hmac_t *hmac, zip_uint8_t *data) { |
217 | | #ifdef USE_OPENSSL_3_API |
218 | | size_t length = 0; |
219 | | return EVP_MAC_final(hmac->ctx, data, &length, ZIP_CRYPTO_SHA1_LENGTH) == 1 && length == ZIP_CRYPTO_SHA1_LENGTH; |
220 | | #else |
221 | 587 | unsigned int length = 0; |
222 | 587 | return HMAC_Final(hmac, data, &length) == 1 && length == ZIP_CRYPTO_SHA1_LENGTH; |
223 | 587 | #endif |
224 | 587 | } |
225 | | |
226 | | |
227 | | ZIP_EXTERN bool |
228 | 1.94k | zip_secure_random(zip_uint8_t *buffer, zip_uint16_t length) { |
229 | 1.94k | return RAND_bytes(buffer, length) == 1; |
230 | 1.94k | } |