X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fbio_enc.c;h=366e2e928b51e62058432bfe0bc2e347112ff633;hp=faaed4de923111709e613eeeda595f0f727c2912;hb=27ab91951c96364351f1ea0652dbf14622440345;hpb=0f113f3ee4d629ef9a4a30911b22b224772085e5 diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index faaed4de92..366e2e928b 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -1,81 +1,28 @@ -/* crypto/evp/bio_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include +#include "internal/bio.h" static int enc_write(BIO *h, const char *buf, int num); static int enc_read(BIO *h, char *buf, int size); -/* - * static int enc_puts(BIO *h, const char *str); - */ -/* - * static int enc_gets(BIO *h, char *str, int size); - */ static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) -#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) +#define ENC_MIN_CHUNK (256) +#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) typedef struct enc_struct { int buf_len; @@ -83,17 +30,23 @@ typedef struct enc_struct { int cont; /* <= 0 when finished */ int finished; int ok; /* bad decrypt */ - EVP_CIPHER_CTX cipher; + EVP_CIPHER_CTX *cipher; + unsigned char *read_start, *read_end; /* * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return * up to a block more data than is presented to it */ - char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; + unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; } BIO_ENC_CTX; -static BIO_METHOD methods_enc = { - BIO_TYPE_CIPHER, "cipher", +static const BIO_METHOD methods_enc = { + BIO_TYPE_CIPHER, + "cipher", + /* TODO: Convert to new style write function */ + bwrite_conv, enc_write, + /* TODO: Convert to new style read function */ + bread_conv, enc_read, NULL, /* enc_puts, */ NULL, /* enc_gets, */ @@ -103,30 +56,31 @@ static BIO_METHOD methods_enc = { enc_callback_ctrl, }; -BIO_METHOD *BIO_f_cipher(void) +const BIO_METHOD *BIO_f_cipher(void) { - return (&methods_enc); + return &methods_enc; } static int enc_new(BIO *bi) { BIO_ENC_CTX *ctx; - ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) - return (0); - EVP_CIPHER_CTX_init(&ctx->cipher); + return 0; - ctx->buf_len = 0; - ctx->buf_off = 0; + ctx->cipher = EVP_CIPHER_CTX_new(); + if (ctx->cipher == NULL) { + OPENSSL_free(ctx); + return 0; + } ctx->cont = 1; - ctx->finished = 0; ctx->ok = 1; + ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); + BIO_set_data(bi, ctx); + BIO_set_init(bi, 1); - bi->init = 0; - bi->ptr = (char *)ctx; - bi->flags = 0; - return (1); + return 1; } static int enc_free(BIO *a) @@ -134,28 +88,33 @@ static int enc_free(BIO *a) BIO_ENC_CTX *b; if (a == NULL) - return (0); - b = (BIO_ENC_CTX *)a->ptr; - EVP_CIPHER_CTX_cleanup(&(b->cipher)); - OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return (1); + return 0; + + b = BIO_get_data(a); + if (b == NULL) + return 0; + + EVP_CIPHER_CTX_free(b->cipher); + OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); + BIO_set_data(a, NULL); + BIO_set_init(a, 0); + + return 1; } static int enc_read(BIO *b, char *out, int outl) { - int ret = 0, i; + int ret = 0, i, blocksize; BIO_ENC_CTX *ctx; + BIO *next; if (out == NULL) - return (0); - ctx = (BIO_ENC_CTX *)b->ptr; + return 0; + ctx = BIO_get_data(b); - if ((ctx == NULL) || (b->next_bio == NULL)) - return (0); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; /* First check if there are bytes decoded/encoded */ if (ctx->buf_len > 0) { @@ -173,6 +132,10 @@ static int enc_read(BIO *b, char *out, int outl) } } + blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); + if (blocksize == 1) + blocksize = 0; + /* * At this point, we have room of outl bytes and an empty buffer, so we * should read in some more. @@ -182,18 +145,21 @@ static int enc_read(BIO *b, char *out, int outl) if (ctx->cont <= 0) break; - /* - * read in at IV offset, read the EVP_Cipher documentation about why - */ - i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); + if (ctx->read_start == ctx->read_end) { /* time to read more data */ + ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); + i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); + if (i > 0) + ctx->read_end += i; + } else { + i = ctx->read_end - ctx->read_start; + } if (i <= 0) { /* Should be continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) { + if (!BIO_should_retry(next)) { ctx->cont = i; - i = EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); + i = EVP_CipherFinal_ex(ctx->cipher, + ctx->buf, &(ctx->buf_len)); ctx->ok = i; ctx->buf_off = 0; } else { @@ -201,13 +167,40 @@ static int enc_read(BIO *b, char *out, int outl) break; } } else { - if (!EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)&(ctx->buf[BUF_OFFSET]), - i)) { + if (outl > ENC_MIN_CHUNK) { + /* + * Depending on flags block cipher decrypt can write + * one extra block and then back off, i.e. output buffer + * has to accommodate extra block... + */ + int j = outl - blocksize, buf_len; + + if (!EVP_CipherUpdate(ctx->cipher, + (unsigned char *)out, &buf_len, + ctx->read_start, i > j ? j : i)) { + BIO_clear_retry_flags(b); + return 0; + } + ret += buf_len; + out += buf_len; + outl -= buf_len; + + if ((i -= j) <= 0) { + ctx->read_start = ctx->read_end; + continue; + } + ctx->read_start += j; + } + if (i > ENC_MIN_CHUNK) + i = ENC_MIN_CHUNK; + if (!EVP_CipherUpdate(ctx->cipher, + ctx->buf, &ctx->buf_len, + ctx->read_start, i)) { BIO_clear_retry_flags(b); + ctx->ok = 0; return 0; } + ctx->read_start += i; ctx->cont = 1; /* * Note: it is possible for EVP_CipherUpdate to decrypt zero @@ -241,17 +234,22 @@ static int enc_write(BIO *b, const char *in, int inl) { int ret = 0, n, i; BIO_ENC_CTX *ctx; + BIO *next; + + ctx = BIO_get_data(b); + next = BIO_next(b); + if ((ctx == NULL) || (next == NULL)) + return 0; - ctx = (BIO_ENC_CTX *)b->ptr; ret = inl; BIO_clear_retry_flags(b); n = ctx->buf_len - ctx->buf_off; while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); - return (i); + return i; } ctx->buf_off += i; n -= i; @@ -259,15 +257,16 @@ static int enc_write(BIO *b, const char *in, int inl) /* at this point all pending data has been written */ if ((in == NULL) || (inl <= 0)) - return (0); + return 0; ctx->buf_off = 0; while (inl > 0) { n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; - if (!EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n)) { + if (!EVP_CipherUpdate(ctx->cipher, + ctx->buf, &ctx->buf_len, + (const unsigned char *)in, n)) { BIO_clear_retry_flags(b); + ctx->ok = 0; return 0; } inl -= n; @@ -276,7 +275,7 @@ static int enc_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; n = ctx->buf_len; while (n > 0) { - i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); if (i <= 0) { BIO_copy_next_retry(b); return (ret == inl) ? i : ret - inl; @@ -288,7 +287,7 @@ static int enc_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; } BIO_copy_next_retry(b); - return (ret); + return ret; } static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) @@ -298,33 +297,37 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int i; EVP_CIPHER_CTX **c_ctx; + BIO *next; - ctx = (BIO_ENC_CTX *)b->ptr; + ctx = BIO_get_data(b); + next = BIO_next(b); + if (ctx == NULL) + return 0; switch (cmd) { case BIO_CTRL_RESET: ctx->ok = 1; ctx->finished = 0; - if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, - ctx->cipher.encrypt)) + if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, + EVP_CIPHER_CTX_encrypting(ctx->cipher))) return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) ret = 1; else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_WPENDING: ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ @@ -338,7 +341,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) if (!ctx->finished) { ctx->finished = 1; ctx->buf_off = 0; - ret = EVP_CipherFinal_ex(&(ctx->cipher), + ret = EVP_CipherFinal_ex(ctx->cipher, (unsigned char *)ctx->buf, &(ctx->buf_len)); ctx->ok = (int)ret; @@ -350,90 +353,76 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) } /* Finally flush the underlying BIO */ - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; case BIO_C_GET_CIPHER_STATUS: ret = (long)ctx->ok; break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_C_GET_CIPHER_CTX: c_ctx = (EVP_CIPHER_CTX **)ptr; - (*c_ctx) = &(ctx->cipher); - b->init = 1; + *c_ctx = ctx->cipher; + BIO_set_init(b, 1); break; case BIO_CTRL_DUP: dbio = (BIO *)ptr; - dctx = (BIO_ENC_CTX *)dbio->ptr; - EVP_CIPHER_CTX_init(&dctx->cipher); - ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); + dctx = BIO_get_data(dbio); + dctx->cipher = EVP_CIPHER_CTX_new(); + if (dctx->cipher == NULL) + return 0; + ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); if (ret) - dbio->init = 1; + BIO_set_init(dbio, 1); break; default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + ret = BIO_ctrl(next, cmd, num, ptr); break; } - return (ret); + return ret; } static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { long ret = 1; + BIO *next = BIO_next(b); - if (b->next_bio == NULL) - return (0); + if (next == NULL) + return 0; switch (cmd) { default: - ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + ret = BIO_callback_ctrl(next, cmd, fp); break; } - return (ret); + return ret; } -/*- -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, const unsigned char *i, int e) { BIO_ENC_CTX *ctx; + long (*callback) (struct bio_st *, int, const char *, int, long, long); - if (b == NULL) + ctx = BIO_get_data(b); + if (ctx == NULL) return 0; - if ((b->callback != NULL) && - (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= - 0)) + callback = BIO_get_callback(b); + + if ((callback != NULL) && + (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, + 0L) <= 0)) return 0; - b->init = 1; - ctx = (BIO_ENC_CTX *)b->ptr; - if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e)) + BIO_set_init(b, 1); + + if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) return 0; - if (b->callback != NULL) - return b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, - 1L); + if (callback != NULL) + return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); return 1; }