X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fbio_enc.c;h=f6ac94c6e1bba4464a6f6c7239cd42bde6fb9dfc;hp=e1443d684da113484ffe17a09068de318f934f08;hb=f3dea9a5958b576345bae710c0acd2e52ecde0c8;hpb=e778802f53c8d47e96a6e4cbc776eb6e1d4c461a diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index e1443d684d..f6ac94c6e1 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -59,28 +59,19 @@ #include #include #include "cryptlib.h" -#include "buffer.h" -#include "evp.h" - -#ifndef NOPROTO -static int enc_write(BIO *h,char *buf,int num); -static int enc_read(BIO *h,char *buf,int size); -/*static int enc_puts(BIO *h,char *str); */ -/*static int enc_gets(BIO *h,char *str,int size); */ -static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2); +#include +#include + +static int enc_write(BIO *h, const char *buf, int num); +static int enc_read(BIO *h, char *buf, int size); +/*static int enc_puts(BIO *h, const char *str); */ +/*static int enc_gets(BIO *h, char *str, int size); */ +static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); -#else -static int enc_write(); -static int enc_read(); -/*static int enc_puts(); */ -/*static int enc_gets(); */ -static long enc_ctrl(); -static int enc_new(); -static int enc_free(); -#endif - +static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) +#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) typedef struct enc_struct { @@ -90,7 +81,10 @@ typedef struct enc_struct int finished; int ok; /* bad decrypt */ EVP_CIPHER_CTX cipher; - char buf[ENC_BLOCK_SIZE+10]; + /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate + * can return up to a block more data than is presented to it + */ + char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2]; } BIO_ENC_CTX; static BIO_METHOD methods_enc= @@ -103,21 +97,21 @@ static BIO_METHOD methods_enc= enc_ctrl, enc_new, enc_free, + enc_callback_ctrl, }; -BIO_METHOD *BIO_f_cipher() +BIO_METHOD *BIO_f_cipher(void) { return(&methods_enc); } -static int enc_new(bi) -BIO *bi; +static int enc_new(BIO *bi) { BIO_ENC_CTX *ctx; - ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX)); - EVP_CIPHER_CTX_init(&ctx->cipher); + ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); if (ctx == NULL) return(0); + EVP_CIPHER_CTX_init(&ctx->cipher); ctx->buf_len=0; ctx->buf_off=0; @@ -131,26 +125,22 @@ BIO *bi; return(1); } -static int enc_free(a) -BIO *a; +static int enc_free(BIO *a) { BIO_ENC_CTX *b; if (a == NULL) return(0); b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - memset(a->ptr,0,sizeof(BIO_ENC_CTX)); - Free(a->ptr); + OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); + OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; a->flags=0; return(1); } -static int enc_read(b,out,outl) -BIO *b; -char *out; -int outl; +static int enc_read(BIO *b, char *out, int outl) { int ret=0,i; BIO_ENC_CTX *ctx; @@ -184,9 +174,9 @@ int outl; { if (ctx->cont <= 0) break; - /* read in at offset 8, read the EVP_Cipher + /* read in at IV offset, read the EVP_Cipher * documentation about why */ - i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE); + i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); if (i <= 0) { @@ -194,29 +184,37 @@ int outl; if (!BIO_should_retry(b->next_bio)) { ctx->cont=i; - i=EVP_CipherFinal(&(ctx->cipher), + i=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=i; ctx->buf_off=0; } - else + else + { ret=(ret == 0)?i:ret; - break; + break; + } } else { EVP_CipherUpdate(&(ctx->cipher), (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)&(ctx->buf[8]),i); + (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); ctx->cont=1; + /* Note: it is possible for EVP_CipherUpdate to + * decrypt zero bytes because this is or looks like + * the final block: if this happens we should retry + * and either read more data or decrypt the final + * block + */ + if(ctx->buf_len == 0) continue; } if (ctx->buf_len <= outl) i=ctx->buf_len; else i=outl; - if (i <= 0) break; memcpy(out,ctx->buf,i); ret+=i; @@ -230,10 +228,7 @@ int outl; return((ret == 0)?ctx->cont:ret); } -static int enc_write(b,in,inl) -BIO *b; -char *in; -int inl; +static int enc_write(BIO *b, const char *in, int inl) { int ret=0,n,i; BIO_ENC_CTX *ctx; @@ -276,7 +271,7 @@ int inl; if (i <= 0) { BIO_copy_next_retry(b); - return(i); + return (ret == inl) ? i : ret - inl; } n-=i; ctx->buf_off+=i; @@ -288,11 +283,7 @@ int inl; return(ret); } -static long enc_ctrl(b,cmd,num,ptr) -BIO *b; -int cmd; -long num; -char *ptr; +static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO *dbio; BIO_ENC_CTX *ctx,*dctx; @@ -307,7 +298,7 @@ char *ptr; case BIO_CTRL_RESET: ctx->ok=1; ctx->finished=0; - EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, + EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, ctx->cipher.encrypt); ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; @@ -334,17 +325,14 @@ again: { i=enc_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (!ctx->finished) { ctx->finished=1; ctx->buf_off=0; - ret=EVP_CipherFinal(&(ctx->cipher), + ret=EVP_CipherFinal_ex(&(ctx->cipher), (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok=(int)ret; @@ -383,6 +371,20 @@ again: return(ret); } +static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret=1; + + if (b->next_bio == NULL) return(0); + switch (cmd) + { + default: + ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + break; + } + return(ret); + } + /* void BIO_set_cipher_ctx(b,c) BIO *b; @@ -403,12 +405,8 @@ EVP_CIPHER_ctx *c; } */ -void BIO_set_cipher(b,c,k,i,e) -BIO *b; -const EVP_CIPHER *c; -unsigned char *k; -unsigned char *i; -int e; +void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int e) { BIO_ENC_CTX *ctx; @@ -420,7 +418,7 @@ int e; b->init=1; ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit(&(ctx->cipher),c,k,i,e); + EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); if (b->callback != NULL) b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);