1 /* $OpenBSD: evp_aead.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ 2 /* 3 * Copyright (c) 2014, Google Inc. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <limits.h> 19 #include <string.h> 20 21 #include <openssl/evp.h> 22 #include <openssl/err.h> 23 24 #include "evp_locl.h" 25 26 size_t 27 EVP_AEAD_key_length(const EVP_AEAD *aead) 28 { 29 return aead->key_len; 30 } 31 32 size_t 33 EVP_AEAD_nonce_length(const EVP_AEAD *aead) 34 { 35 return aead->nonce_len; 36 } 37 38 size_t 39 EVP_AEAD_max_overhead(const EVP_AEAD *aead) 40 { 41 return aead->overhead; 42 } 43 44 size_t 45 EVP_AEAD_max_tag_len(const EVP_AEAD *aead) 46 { 47 return aead->max_tag_len; 48 } 49 50 int 51 EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, 52 const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl) 53 { 54 ctx->aead = aead; 55 if (key_len != aead->key_len) { 56 EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE); 57 return 0; 58 } 59 return aead->init(ctx, key, key_len, tag_len); 60 } 61 62 void 63 EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) 64 { 65 if (ctx->aead == NULL) 66 return; 67 ctx->aead->cleanup(ctx); 68 ctx->aead = NULL; 69 } 70 71 /* check_alias returns 0 if out points within the buffer determined by in 72 * and in_len and 1 otherwise. 73 * 74 * When processing, there's only an issue if out points within in[:in_len] 75 * and isn't equal to in. If that's the case then writing the output will 76 * stomp input that hasn't been read yet. 77 * 78 * This function checks for that case. */ 79 static int 80 check_alias(const unsigned char *in, size_t in_len, const unsigned char *out) 81 { 82 if (out <= in) 83 return 1; 84 if (in + in_len <= out) 85 return 1; 86 return 0; 87 } 88 89 int 90 EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, 91 size_t max_out_len, const unsigned char *nonce, size_t nonce_len, 92 const unsigned char *in, size_t in_len, const unsigned char *ad, 93 size_t ad_len) 94 { 95 size_t possible_out_len = in_len + ctx->aead->overhead; 96 97 /* Overflow. */ 98 if (possible_out_len < in_len) { 99 EVPerror(EVP_R_TOO_LARGE); 100 goto error; 101 } 102 103 if (!check_alias(in, in_len, out)) { 104 EVPerror(EVP_R_OUTPUT_ALIASES_INPUT); 105 goto error; 106 } 107 108 if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len, 109 in, in_len, ad, ad_len)) { 110 return 1; 111 } 112 113 error: 114 /* In the event of an error, clear the output buffer so that a caller 115 * that doesn't check the return value doesn't send raw data. */ 116 memset(out, 0, max_out_len); 117 *out_len = 0; 118 return 0; 119 } 120 121 int 122 EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, 123 size_t max_out_len, const unsigned char *nonce, size_t nonce_len, 124 const unsigned char *in, size_t in_len, const unsigned char *ad, 125 size_t ad_len) 126 { 127 if (!check_alias(in, in_len, out)) { 128 EVPerror(EVP_R_OUTPUT_ALIASES_INPUT); 129 goto error; 130 } 131 132 if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, 133 in, in_len, ad, ad_len)) { 134 return 1; 135 } 136 137 error: 138 /* In the event of an error, clear the output buffer so that a caller 139 * that doesn't check the return value doesn't try and process bad 140 * data. */ 141 memset(out, 0, max_out_len); 142 *out_len = 0; 143 return 0; 144 } 145