1 | /* |
2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include <errno.h> |
12 | #include "internal/cryptlib.h" |
13 | #include <openssl/buffer.h> |
14 | #include <openssl/evp.h> |
15 | #include "internal/bio.h" |
16 | |
17 | static int enc_write(BIO *h, const char *buf, int num); |
18 | static int enc_read(BIO *h, char *buf, int size); |
19 | static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
20 | static int enc_new(BIO *h); |
21 | static int enc_free(BIO *data); |
22 | static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); |
23 | #define ENC_BLOCK_SIZE (1024*4) |
24 | #define ENC_MIN_CHUNK (256) |
25 | #define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) |
26 | |
27 | typedef struct enc_struct { |
28 | int buf_len; |
29 | int buf_off; |
30 | int cont; /* <= 0 when finished */ |
31 | int finished; |
32 | int ok; /* bad decrypt */ |
33 | EVP_CIPHER_CTX *cipher; |
34 | unsigned char *read_start, *read_end; |
35 | /* |
36 | * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return |
37 | * up to a block more data than is presented to it |
38 | */ |
39 | unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; |
40 | } BIO_ENC_CTX; |
41 | |
42 | static const BIO_METHOD methods_enc = { |
43 | BIO_TYPE_CIPHER, |
44 | "cipher" , |
45 | /* TODO: Convert to new style write function */ |
46 | bwrite_conv, |
47 | enc_write, |
48 | /* TODO: Convert to new style read function */ |
49 | bread_conv, |
50 | enc_read, |
51 | NULL, /* enc_puts, */ |
52 | NULL, /* enc_gets, */ |
53 | enc_ctrl, |
54 | enc_new, |
55 | enc_free, |
56 | enc_callback_ctrl, |
57 | }; |
58 | |
59 | const BIO_METHOD *BIO_f_cipher(void) |
60 | { |
61 | return &methods_enc; |
62 | } |
63 | |
64 | static int enc_new(BIO *bi) |
65 | { |
66 | BIO_ENC_CTX *ctx; |
67 | |
68 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { |
69 | EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE); |
70 | return 0; |
71 | } |
72 | |
73 | ctx->cipher = EVP_CIPHER_CTX_new(); |
74 | if (ctx->cipher == NULL) { |
75 | OPENSSL_free(ctx); |
76 | return 0; |
77 | } |
78 | ctx->cont = 1; |
79 | ctx->ok = 1; |
80 | ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); |
81 | BIO_set_data(bi, ctx); |
82 | BIO_set_init(bi, 1); |
83 | |
84 | return 1; |
85 | } |
86 | |
87 | static int enc_free(BIO *a) |
88 | { |
89 | BIO_ENC_CTX *b; |
90 | |
91 | if (a == NULL) |
92 | return 0; |
93 | |
94 | b = BIO_get_data(a); |
95 | if (b == NULL) |
96 | return 0; |
97 | |
98 | EVP_CIPHER_CTX_free(b->cipher); |
99 | OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); |
100 | BIO_set_data(a, NULL); |
101 | BIO_set_init(a, 0); |
102 | |
103 | return 1; |
104 | } |
105 | |
106 | static int enc_read(BIO *b, char *out, int outl) |
107 | { |
108 | int ret = 0, i, blocksize; |
109 | BIO_ENC_CTX *ctx; |
110 | BIO *next; |
111 | |
112 | if (out == NULL) |
113 | return 0; |
114 | ctx = BIO_get_data(b); |
115 | |
116 | next = BIO_next(b); |
117 | if ((ctx == NULL) || (next == NULL)) |
118 | return 0; |
119 | |
120 | /* First check if there are bytes decoded/encoded */ |
121 | if (ctx->buf_len > 0) { |
122 | i = ctx->buf_len - ctx->buf_off; |
123 | if (i > outl) |
124 | i = outl; |
125 | memcpy(out, &(ctx->buf[ctx->buf_off]), i); |
126 | ret = i; |
127 | out += i; |
128 | outl -= i; |
129 | ctx->buf_off += i; |
130 | if (ctx->buf_len == ctx->buf_off) { |
131 | ctx->buf_len = 0; |
132 | ctx->buf_off = 0; |
133 | } |
134 | } |
135 | |
136 | blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); |
137 | if (blocksize == 1) |
138 | blocksize = 0; |
139 | |
140 | /* |
141 | * At this point, we have room of outl bytes and an empty buffer, so we |
142 | * should read in some more. |
143 | */ |
144 | |
145 | while (outl > 0) { |
146 | if (ctx->cont <= 0) |
147 | break; |
148 | |
149 | if (ctx->read_start == ctx->read_end) { /* time to read more data */ |
150 | ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); |
151 | i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); |
152 | if (i > 0) |
153 | ctx->read_end += i; |
154 | } else { |
155 | i = ctx->read_end - ctx->read_start; |
156 | } |
157 | |
158 | if (i <= 0) { |
159 | /* Should be continue next time we are called? */ |
160 | if (!BIO_should_retry(next)) { |
161 | ctx->cont = i; |
162 | i = EVP_CipherFinal_ex(ctx->cipher, |
163 | ctx->buf, &(ctx->buf_len)); |
164 | ctx->ok = i; |
165 | ctx->buf_off = 0; |
166 | } else { |
167 | ret = (ret == 0) ? i : ret; |
168 | break; |
169 | } |
170 | } else { |
171 | if (outl > ENC_MIN_CHUNK) { |
172 | /* |
173 | * Depending on flags block cipher decrypt can write |
174 | * one extra block and then back off, i.e. output buffer |
175 | * has to accommodate extra block... |
176 | */ |
177 | int j = outl - blocksize, buf_len; |
178 | |
179 | if (!EVP_CipherUpdate(ctx->cipher, |
180 | (unsigned char *)out, &buf_len, |
181 | ctx->read_start, i > j ? j : i)) { |
182 | BIO_clear_retry_flags(b); |
183 | return 0; |
184 | } |
185 | ret += buf_len; |
186 | out += buf_len; |
187 | outl -= buf_len; |
188 | |
189 | if ((i -= j) <= 0) { |
190 | ctx->read_start = ctx->read_end; |
191 | continue; |
192 | } |
193 | ctx->read_start += j; |
194 | } |
195 | if (i > ENC_MIN_CHUNK) |
196 | i = ENC_MIN_CHUNK; |
197 | if (!EVP_CipherUpdate(ctx->cipher, |
198 | ctx->buf, &ctx->buf_len, |
199 | ctx->read_start, i)) { |
200 | BIO_clear_retry_flags(b); |
201 | ctx->ok = 0; |
202 | return 0; |
203 | } |
204 | ctx->read_start += i; |
205 | ctx->cont = 1; |
206 | /* |
207 | * Note: it is possible for EVP_CipherUpdate to decrypt zero |
208 | * bytes because this is or looks like the final block: if this |
209 | * happens we should retry and either read more data or decrypt |
210 | * the final block |
211 | */ |
212 | if (ctx->buf_len == 0) |
213 | continue; |
214 | } |
215 | |
216 | if (ctx->buf_len <= outl) |
217 | i = ctx->buf_len; |
218 | else |
219 | i = outl; |
220 | if (i <= 0) |
221 | break; |
222 | memcpy(out, ctx->buf, i); |
223 | ret += i; |
224 | ctx->buf_off = i; |
225 | outl -= i; |
226 | out += i; |
227 | } |
228 | |
229 | BIO_clear_retry_flags(b); |
230 | BIO_copy_next_retry(b); |
231 | return ((ret == 0) ? ctx->cont : ret); |
232 | } |
233 | |
234 | static int enc_write(BIO *b, const char *in, int inl) |
235 | { |
236 | int ret = 0, n, i; |
237 | BIO_ENC_CTX *ctx; |
238 | BIO *next; |
239 | |
240 | ctx = BIO_get_data(b); |
241 | next = BIO_next(b); |
242 | if ((ctx == NULL) || (next == NULL)) |
243 | return 0; |
244 | |
245 | ret = inl; |
246 | |
247 | BIO_clear_retry_flags(b); |
248 | n = ctx->buf_len - ctx->buf_off; |
249 | while (n > 0) { |
250 | i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); |
251 | if (i <= 0) { |
252 | BIO_copy_next_retry(b); |
253 | return i; |
254 | } |
255 | ctx->buf_off += i; |
256 | n -= i; |
257 | } |
258 | /* at this point all pending data has been written */ |
259 | |
260 | if ((in == NULL) || (inl <= 0)) |
261 | return 0; |
262 | |
263 | ctx->buf_off = 0; |
264 | while (inl > 0) { |
265 | n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; |
266 | if (!EVP_CipherUpdate(ctx->cipher, |
267 | ctx->buf, &ctx->buf_len, |
268 | (const unsigned char *)in, n)) { |
269 | BIO_clear_retry_flags(b); |
270 | ctx->ok = 0; |
271 | return 0; |
272 | } |
273 | inl -= n; |
274 | in += n; |
275 | |
276 | ctx->buf_off = 0; |
277 | n = ctx->buf_len; |
278 | while (n > 0) { |
279 | i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); |
280 | if (i <= 0) { |
281 | BIO_copy_next_retry(b); |
282 | return (ret == inl) ? i : ret - inl; |
283 | } |
284 | n -= i; |
285 | ctx->buf_off += i; |
286 | } |
287 | ctx->buf_len = 0; |
288 | ctx->buf_off = 0; |
289 | } |
290 | BIO_copy_next_retry(b); |
291 | return ret; |
292 | } |
293 | |
294 | static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) |
295 | { |
296 | BIO *dbio; |
297 | BIO_ENC_CTX *ctx, *dctx; |
298 | long ret = 1; |
299 | int i; |
300 | EVP_CIPHER_CTX **c_ctx; |
301 | BIO *next; |
302 | |
303 | ctx = BIO_get_data(b); |
304 | next = BIO_next(b); |
305 | if (ctx == NULL) |
306 | return 0; |
307 | |
308 | switch (cmd) { |
309 | case BIO_CTRL_RESET: |
310 | ctx->ok = 1; |
311 | ctx->finished = 0; |
312 | if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, |
313 | EVP_CIPHER_CTX_encrypting(ctx->cipher))) |
314 | return 0; |
315 | ret = BIO_ctrl(next, cmd, num, ptr); |
316 | break; |
317 | case BIO_CTRL_EOF: /* More to read */ |
318 | if (ctx->cont <= 0) |
319 | ret = 1; |
320 | else |
321 | ret = BIO_ctrl(next, cmd, num, ptr); |
322 | break; |
323 | case BIO_CTRL_WPENDING: |
324 | ret = ctx->buf_len - ctx->buf_off; |
325 | if (ret <= 0) |
326 | ret = BIO_ctrl(next, cmd, num, ptr); |
327 | break; |
328 | case BIO_CTRL_PENDING: /* More to read in buffer */ |
329 | ret = ctx->buf_len - ctx->buf_off; |
330 | if (ret <= 0) |
331 | ret = BIO_ctrl(next, cmd, num, ptr); |
332 | break; |
333 | case BIO_CTRL_FLUSH: |
334 | /* do a final write */ |
335 | again: |
336 | while (ctx->buf_len != ctx->buf_off) { |
337 | i = enc_write(b, NULL, 0); |
338 | if (i < 0) |
339 | return i; |
340 | } |
341 | |
342 | if (!ctx->finished) { |
343 | ctx->finished = 1; |
344 | ctx->buf_off = 0; |
345 | ret = EVP_CipherFinal_ex(ctx->cipher, |
346 | (unsigned char *)ctx->buf, |
347 | &(ctx->buf_len)); |
348 | ctx->ok = (int)ret; |
349 | if (ret <= 0) |
350 | break; |
351 | |
352 | /* push out the bytes */ |
353 | goto again; |
354 | } |
355 | |
356 | /* Finally flush the underlying BIO */ |
357 | ret = BIO_ctrl(next, cmd, num, ptr); |
358 | break; |
359 | case BIO_C_GET_CIPHER_STATUS: |
360 | ret = (long)ctx->ok; |
361 | break; |
362 | case BIO_C_DO_STATE_MACHINE: |
363 | BIO_clear_retry_flags(b); |
364 | ret = BIO_ctrl(next, cmd, num, ptr); |
365 | BIO_copy_next_retry(b); |
366 | break; |
367 | case BIO_C_GET_CIPHER_CTX: |
368 | c_ctx = (EVP_CIPHER_CTX **)ptr; |
369 | *c_ctx = ctx->cipher; |
370 | BIO_set_init(b, 1); |
371 | break; |
372 | case BIO_CTRL_DUP: |
373 | dbio = (BIO *)ptr; |
374 | dctx = BIO_get_data(dbio); |
375 | dctx->cipher = EVP_CIPHER_CTX_new(); |
376 | if (dctx->cipher == NULL) |
377 | return 0; |
378 | ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); |
379 | if (ret) |
380 | BIO_set_init(dbio, 1); |
381 | break; |
382 | default: |
383 | ret = BIO_ctrl(next, cmd, num, ptr); |
384 | break; |
385 | } |
386 | return ret; |
387 | } |
388 | |
389 | static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) |
390 | { |
391 | long ret = 1; |
392 | BIO *next = BIO_next(b); |
393 | |
394 | if (next == NULL) |
395 | return 0; |
396 | switch (cmd) { |
397 | default: |
398 | ret = BIO_callback_ctrl(next, cmd, fp); |
399 | break; |
400 | } |
401 | return ret; |
402 | } |
403 | |
404 | int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, |
405 | const unsigned char *i, int e) |
406 | { |
407 | BIO_ENC_CTX *ctx; |
408 | long (*callback) (struct bio_st *, int, const char *, int, long, long); |
409 | |
410 | ctx = BIO_get_data(b); |
411 | if (ctx == NULL) |
412 | return 0; |
413 | |
414 | callback = BIO_get_callback(b); |
415 | |
416 | if ((callback != NULL) && |
417 | (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, |
418 | 0L) <= 0)) |
419 | return 0; |
420 | |
421 | BIO_set_init(b, 1); |
422 | |
423 | if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) |
424 | return 0; |
425 | |
426 | if (callback != NULL) |
427 | return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); |
428 | return 1; |
429 | } |
430 | |