xref: /openbsd/lib/libcrypto/evp/evp_aead.c (revision 9e6efb0a) 
1 /* $OpenBSD: evp_aead.c,v 1.11 2024/04/09 13:52:41 beck Exp $ */
2 /*
3  * Copyright (c) 2014, Google Inc.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <limits.h>
19 #include <string.h>
20 
21 #include <openssl/evp.h>
22 #include <openssl/err.h>
23 
24 #include "evp_local.h"
25 
26 size_t
27 EVP_AEAD_key_length(const EVP_AEAD *aead)
28 {
29 	return aead->key_len;
30 }
31 LCRYPTO_ALIAS(EVP_AEAD_key_length);
32 
33 size_t
34 EVP_AEAD_nonce_length(const EVP_AEAD *aead)
35 {
36 	return aead->nonce_len;
37 }
38 LCRYPTO_ALIAS(EVP_AEAD_nonce_length);
39 
40 size_t
41 EVP_AEAD_max_overhead(const EVP_AEAD *aead)
42 {
43 	return aead->overhead;
44 }
45 LCRYPTO_ALIAS(EVP_AEAD_max_overhead);
46 
47 size_t
48 EVP_AEAD_max_tag_len(const EVP_AEAD *aead)
49 {
50 	return aead->max_tag_len;
51 }
52 LCRYPTO_ALIAS(EVP_AEAD_max_tag_len);
53 
54 int
55 EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
56     const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl)
57 {
58 	ctx->aead = aead;
59 	if (key_len != aead->key_len) {
60 		EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
61 		return 0;
62 	}
63 	return aead->init(ctx, key, key_len, tag_len);
64 }
65 LCRYPTO_ALIAS(EVP_AEAD_CTX_init);
66 
67 void
68 EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx)
69 {
70 	if (ctx->aead == NULL)
71 		return;
72 	ctx->aead->cleanup(ctx);
73 	ctx->aead = NULL;
74 }
75 LCRYPTO_ALIAS(EVP_AEAD_CTX_cleanup);
76 
77 EVP_AEAD_CTX *
78 EVP_AEAD_CTX_new(void)
79 {
80 	return calloc(1, sizeof(EVP_AEAD_CTX));
81 }
82 LCRYPTO_ALIAS(EVP_AEAD_CTX_new);
83 
84 void
85 EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx)
86 {
87 	if (ctx == NULL)
88 		return;
89 
90 	EVP_AEAD_CTX_cleanup(ctx);
91 	free(ctx);
92 }
93 LCRYPTO_ALIAS(EVP_AEAD_CTX_free);
94 
95 /* check_alias returns 0 if out points within the buffer determined by in
96  * and in_len and 1 otherwise.
97  *
98  * When processing, there's only an issue if out points within in[:in_len]
99  * and isn't equal to in. If that's the case then writing the output will
100  * stomp input that hasn't been read yet.
101  *
102  * This function checks for that case. */
103 static int
104 check_alias(const unsigned char *in, size_t in_len, const unsigned char *out)
105 {
106 	if (out <= in)
107 		return 1;
108 	if (in + in_len <= out)
109 		return 1;
110 	return 0;
111 }
112 
113 int
114 EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
115     size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
116     const unsigned char *in, size_t in_len, const unsigned char *ad,
117     size_t ad_len)
118 {
119 	size_t possible_out_len = in_len + ctx->aead->overhead;
120 
121 	/* Overflow. */
122 	if (possible_out_len < in_len) {
123 		EVPerror(EVP_R_TOO_LARGE);
124 		goto error;
125 	}
126 
127 	if (!check_alias(in, in_len, out)) {
128 		EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
129 		goto error;
130 	}
131 
132 	if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len,
133 	    in, in_len, ad, ad_len)) {
134 		return 1;
135 	}
136 
137 error:
138 	/* In the event of an error, clear the output buffer so that a caller
139 	 * that doesn't check the return value doesn't send raw data. */
140 	memset(out, 0, max_out_len);
141 	*out_len = 0;
142 	return 0;
143 }
144 LCRYPTO_ALIAS(EVP_AEAD_CTX_seal);
145 
146 int
147 EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len,
148     size_t max_out_len, const unsigned char *nonce, size_t nonce_len,
149     const unsigned char *in, size_t in_len, const unsigned char *ad,
150     size_t ad_len)
151 {
152 	if (!check_alias(in, in_len, out)) {
153 		EVPerror(EVP_R_OUTPUT_ALIASES_INPUT);
154 		goto error;
155 	}
156 
157 	if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len,
158 	    in, in_len, ad, ad_len)) {
159 		return 1;
160 	}
161 
162 error:
163 	/* In the event of an error, clear the output buffer so that a caller
164 	 * that doesn't check the return value doesn't try and process bad
165 	 * data. */
166 	memset(out, 0, max_out_len);
167 	*out_len = 0;
168 	return 0;
169 }
170 LCRYPTO_ALIAS(EVP_AEAD_CTX_open);
171