mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
51356a066e
The asm modules may assume an input length > 0. Fixes: #9262 Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10323)
427 lines
13 KiB
C
427 lines
13 KiB
C
/*
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
/*
|
|
* Generic dispatch table functions for ciphers.
|
|
*/
|
|
|
|
#include "cipher_local.h"
|
|
#include "prov/provider_ctx.h"
|
|
#include "prov/providercommonerr.h"
|
|
|
|
/*-
|
|
* Generic cipher functions for OSSL_PARAM gettables and settables
|
|
*/
|
|
static const OSSL_PARAM cipher_known_gettable_params[] = {
|
|
OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
|
|
OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL),
|
|
OSSL_PARAM_END
|
|
};
|
|
const OSSL_PARAM *cipher_generic_gettable_params(void)
|
|
{
|
|
return cipher_known_gettable_params;
|
|
}
|
|
|
|
int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
|
|
unsigned long flags,
|
|
size_t kbits, size_t blkbits, size_t ivbits)
|
|
{
|
|
OSSL_PARAM *p;
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
|
|
if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_FLAGS);
|
|
if (p != NULL && !OSSL_PARAM_set_ulong(p, flags)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic)
|
|
CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic)
|
|
|
|
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_generic)
|
|
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_generic)
|
|
|
|
/*
|
|
* Variable key length cipher functions for OSSL_PARAM settables
|
|
*/
|
|
|
|
int cipher_var_keylen_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
const OSSL_PARAM *p;
|
|
|
|
if (!cipher_generic_set_ctx_params(vctx, params))
|
|
return 0;
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
|
|
if (p != NULL) {
|
|
size_t keylen;
|
|
|
|
if (!OSSL_PARAM_get_size_t(p, &keylen)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
return 0;
|
|
}
|
|
ctx->keylen = keylen;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(cipher_var_keylen)
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
|
|
CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(cipher_var_keylen)
|
|
|
|
/*-
|
|
* AEAD cipher functions for OSSL_PARAM gettables and settables
|
|
*/
|
|
static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
|
|
OSSL_PARAM_END
|
|
};
|
|
const OSSL_PARAM *cipher_aead_gettable_ctx_params(void)
|
|
{
|
|
return cipher_aead_known_gettable_ctx_params;
|
|
}
|
|
|
|
static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = {
|
|
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL),
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
|
|
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
|
|
OSSL_PARAM_END
|
|
};
|
|
const OSSL_PARAM *cipher_aead_settable_ctx_params(void)
|
|
{
|
|
return cipher_aead_known_settable_ctx_params;
|
|
}
|
|
|
|
static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx,
|
|
const unsigned char *key, size_t keylen,
|
|
const unsigned char *iv, size_t ivlen,
|
|
int enc)
|
|
{
|
|
ctx->enc = enc ? 1 : 0;
|
|
|
|
if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
|
|
if (!cipher_generic_initiv(ctx, iv, ivlen))
|
|
return 0;
|
|
}
|
|
if (key != NULL) {
|
|
if ((ctx->flags & EVP_CIPH_VARIABLE_LENGTH) == 0) {
|
|
if (keylen != ctx->keylen) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
|
|
return 0;
|
|
}
|
|
} else {
|
|
ctx->keylen = keylen;
|
|
}
|
|
return ctx->hw->init(ctx, key, ctx->keylen);
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int cipher_generic_einit(void *vctx, const unsigned char *key, size_t keylen,
|
|
const unsigned char *iv, size_t ivlen)
|
|
{
|
|
return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
|
|
iv, ivlen, 1);
|
|
}
|
|
|
|
int cipher_generic_dinit(void *vctx, const unsigned char *key, size_t keylen,
|
|
const unsigned char *iv, size_t ivlen)
|
|
{
|
|
return cipher_generic_init_internal((PROV_CIPHER_CTX *)vctx, key, keylen,
|
|
iv, ivlen, 0);
|
|
}
|
|
|
|
int cipher_generic_block_update(void *vctx, unsigned char *out, size_t *outl,
|
|
size_t outsize, const unsigned char *in,
|
|
size_t inl)
|
|
{
|
|
size_t outlint = 0;
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
size_t blksz = ctx->blocksize;
|
|
size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, blksz, &in, &inl);
|
|
|
|
/*
|
|
* If we're decrypting and we end an update on a block boundary we hold
|
|
* the last block back in case this is the last update call and the last
|
|
* block is padded.
|
|
*/
|
|
if (ctx->bufsz == blksz && (ctx->enc || inl > 0 || !ctx->pad)) {
|
|
if (outsize < blksz) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
return 0;
|
|
}
|
|
ctx->bufsz = 0;
|
|
outlint = blksz;
|
|
out += blksz;
|
|
}
|
|
if (nextblocks > 0) {
|
|
if (!ctx->enc && ctx->pad && nextblocks == inl) {
|
|
if (!ossl_assert(inl >= blksz)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
nextblocks -= blksz;
|
|
}
|
|
outlint += nextblocks;
|
|
if (outsize < outlint) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
}
|
|
if (nextblocks > 0) {
|
|
if (!ctx->hw->cipher(ctx, out, in, nextblocks)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
return 0;
|
|
}
|
|
in += nextblocks;
|
|
inl -= nextblocks;
|
|
}
|
|
if (!trailingdata(ctx->buf, &ctx->bufsz, blksz, &in, &inl)) {
|
|
/* ERR_raise already called */
|
|
return 0;
|
|
}
|
|
|
|
*outl = outlint;
|
|
return inl == 0;
|
|
}
|
|
|
|
int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl,
|
|
size_t outsize)
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
size_t blksz = ctx->blocksize;
|
|
|
|
if (ctx->enc) {
|
|
if (ctx->pad) {
|
|
padblock(ctx->buf, &ctx->bufsz, blksz);
|
|
} else if (ctx->bufsz == 0) {
|
|
*outl = 0;
|
|
return 1;
|
|
} else if (ctx->bufsz != blksz) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
|
|
return 0;
|
|
}
|
|
|
|
if (outsize < blksz) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
if (!ctx->hw->cipher(ctx, out, ctx->buf, blksz)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
return 0;
|
|
}
|
|
ctx->bufsz = 0;
|
|
*outl = blksz;
|
|
return 1;
|
|
}
|
|
|
|
/* Decrypting */
|
|
if (ctx->bufsz != blksz) {
|
|
if (ctx->bufsz == 0 && !ctx->pad) {
|
|
*outl = 0;
|
|
return 1;
|
|
}
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
|
|
return 0;
|
|
}
|
|
|
|
if (!ctx->hw->cipher(ctx, ctx->buf, ctx->buf, blksz)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
return 0;
|
|
}
|
|
|
|
if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, blksz)) {
|
|
/* ERR_raise already called */
|
|
return 0;
|
|
}
|
|
|
|
if (outsize < ctx->bufsz) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
memcpy(out, ctx->buf, ctx->bufsz);
|
|
*outl = ctx->bufsz;
|
|
ctx->bufsz = 0;
|
|
return 1;
|
|
}
|
|
|
|
int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl,
|
|
size_t outsize, const unsigned char *in,
|
|
size_t inl)
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
|
|
if (outsize < inl) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
|
|
if (!ctx->hw->cipher(ctx, out, in, inl)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
return 0;
|
|
}
|
|
|
|
*outl = inl;
|
|
return 1;
|
|
}
|
|
int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl,
|
|
size_t outsize)
|
|
{
|
|
*outl = 0;
|
|
return 1;
|
|
}
|
|
|
|
int cipher_generic_cipher(void *vctx,
|
|
unsigned char *out, size_t *outl, size_t outsize,
|
|
const unsigned char *in, size_t inl)
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
|
|
if (outsize < inl) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
|
|
if (!ctx->hw->cipher(ctx, out, in, inl)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
|
|
return 0;
|
|
}
|
|
|
|
*outl = inl;
|
|
return 1;
|
|
}
|
|
|
|
int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
OSSL_PARAM *p;
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
|
|
if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
|
|
if (p != NULL
|
|
&& !OSSL_PARAM_set_octet_ptr(p, &ctx->oiv, ctx->ivlen)
|
|
&& !OSSL_PARAM_set_octet_string(p, &ctx->oiv, ctx->ivlen)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
|
|
if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
|
|
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
const OSSL_PARAM *p;
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
|
|
if (p != NULL) {
|
|
unsigned int pad;
|
|
|
|
if (!OSSL_PARAM_get_uint(p, &pad)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
return 0;
|
|
}
|
|
ctx->pad = pad ? 1 : 0;
|
|
}
|
|
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM);
|
|
if (p != NULL) {
|
|
unsigned int num;
|
|
|
|
if (!OSSL_PARAM_get_uint(p, &num)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
|
|
return 0;
|
|
}
|
|
ctx->num = num;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int cipher_generic_initiv(PROV_CIPHER_CTX *ctx, const unsigned char *iv,
|
|
size_t ivlen)
|
|
{
|
|
if (ivlen != ctx->ivlen
|
|
|| ivlen > sizeof(ctx->iv)) {
|
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
|
|
return 0;
|
|
}
|
|
ctx->iv_set = 1;
|
|
memcpy(ctx->iv, iv, ivlen);
|
|
memcpy(ctx->oiv, iv, ivlen);
|
|
return 1;
|
|
}
|
|
|
|
void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
|
|
size_t ivbits, unsigned int mode, uint64_t flags,
|
|
const PROV_CIPHER_HW *hw, void *provctx)
|
|
{
|
|
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
|
|
|
|
ctx->flags = flags;
|
|
ctx->pad = 1;
|
|
ctx->keylen = ((kbits) / 8);
|
|
ctx->ivlen = ((ivbits) / 8);
|
|
ctx->hw = hw;
|
|
ctx->mode = mode;
|
|
ctx->blocksize = blkbits / 8;
|
|
if (provctx != NULL)
|
|
ctx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); /* used for rand */
|
|
}
|