]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/packet.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
AES CTR-DRGB: do not leak timing information
[thirdparty/openssl.git] / crypto / packet.c
1 /*
2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include "internal/packet.h"
12 #include <openssl/sslerr.h>
13
14 #define DEFAULT_BUF_SIZE 256
15
16 int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
17 {
18 if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
19 return 0;
20
21 pkt->written += len;
22 pkt->curr += len;
23 return 1;
24 }
25
26 int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
27 unsigned char **allocbytes, size_t lenbytes)
28 {
29 if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
30 || !WPACKET_allocate_bytes(pkt, len, allocbytes)
31 || !WPACKET_close(pkt))
32 return 0;
33
34 return 1;
35 }
36
37 #define GETBUF(p) (((p)->staticbuf != NULL) \
38 ? (p)->staticbuf \
39 : ((p)->buf != NULL \
40 ? (unsigned char *)(p)->buf->data \
41 : NULL))
42
43 int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
44 {
45 /* Internal API, so should not fail */
46 if (!ossl_assert(pkt->subs != NULL && len != 0))
47 return 0;
48
49 if (pkt->maxsize - pkt->written < len)
50 return 0;
51
52 if (pkt->buf != NULL && (pkt->buf->length - pkt->written < len)) {
53 size_t newlen;
54 size_t reflen;
55
56 reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
57
58 if (reflen > SIZE_MAX / 2) {
59 newlen = SIZE_MAX;
60 } else {
61 newlen = reflen * 2;
62 if (newlen < DEFAULT_BUF_SIZE)
63 newlen = DEFAULT_BUF_SIZE;
64 }
65 if (BUF_MEM_grow(pkt->buf, newlen) == 0)
66 return 0;
67 }
68 if (allocbytes != NULL) {
69 *allocbytes = WPACKET_get_curr(pkt);
70 if (pkt->endfirst && *allocbytes != NULL)
71 *allocbytes -= len;
72 }
73
74 return 1;
75 }
76
77 int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
78 unsigned char **allocbytes, size_t lenbytes)
79 {
80 if (pkt->endfirst && lenbytes > 0)
81 return 0;
82
83 if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
84 return 0;
85
86 if (*allocbytes != NULL)
87 *allocbytes += lenbytes;
88
89 return 1;
90 }
91
92 static size_t maxmaxsize(size_t lenbytes)
93 {
94 if (lenbytes >= sizeof(size_t) || lenbytes == 0)
95 return SIZE_MAX;
96
97 return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
98 }
99
100 static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
101 {
102 unsigned char *lenchars;
103
104 pkt->curr = 0;
105 pkt->written = 0;
106
107 if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
108 SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE);
109 return 0;
110 }
111
112 if (lenbytes == 0)
113 return 1;
114
115 pkt->subs->pwritten = lenbytes;
116 pkt->subs->lenbytes = lenbytes;
117
118 if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
119 OPENSSL_free(pkt->subs);
120 pkt->subs = NULL;
121 return 0;
122 }
123 pkt->subs->packet_len = 0;
124
125 return 1;
126 }
127
128 int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
129 size_t lenbytes)
130 {
131 size_t max = maxmaxsize(lenbytes);
132
133 /* Internal API, so should not fail */
134 if (!ossl_assert(buf != NULL && len > 0))
135 return 0;
136
137 pkt->staticbuf = buf;
138 pkt->buf = NULL;
139 pkt->maxsize = (max < len) ? max : len;
140 pkt->endfirst = 0;
141
142 return wpacket_intern_init_len(pkt, lenbytes);
143 }
144
145 int WPACKET_init_der(WPACKET *pkt, unsigned char *buf, size_t len)
146 {
147 /* Internal API, so should not fail */
148 if (!ossl_assert(buf != NULL && len > 0))
149 return 0;
150
151 pkt->staticbuf = buf;
152 pkt->buf = NULL;
153 pkt->maxsize = len;
154 pkt->endfirst = 1;
155
156 return wpacket_intern_init_len(pkt, 0);
157 }
158
159 int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
160 {
161 /* Internal API, so should not fail */
162 if (!ossl_assert(buf != NULL))
163 return 0;
164
165 pkt->staticbuf = NULL;
166 pkt->buf = buf;
167 pkt->maxsize = maxmaxsize(lenbytes);
168 pkt->endfirst = 0;
169
170 return wpacket_intern_init_len(pkt, lenbytes);
171 }
172
173 int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
174 {
175 return WPACKET_init_len(pkt, buf, 0);
176 }
177
178 int WPACKET_init_null(WPACKET *pkt, size_t lenbytes)
179 {
180 pkt->staticbuf = NULL;
181 pkt->buf = NULL;
182 pkt->maxsize = maxmaxsize(lenbytes);
183 pkt->endfirst = 0;
184
185 return wpacket_intern_init_len(pkt, 0);
186 }
187
188 int WPACKET_init_null_der(WPACKET *pkt)
189 {
190 pkt->staticbuf = NULL;
191 pkt->buf = NULL;
192 pkt->maxsize = SIZE_MAX;
193 pkt->endfirst = 1;
194
195 return wpacket_intern_init_len(pkt, 0);
196 }
197
198 int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
199 {
200 /* Internal API, so should not fail */
201 if (!ossl_assert(pkt->subs != NULL))
202 return 0;
203
204 pkt->subs->flags = flags;
205
206 return 1;
207 }
208
209 /* Store the |value| of length |len| at location |data| */
210 static int put_value(unsigned char *data, size_t value, size_t len)
211 {
212 if (data == NULL)
213 return 1;
214
215 for (data += len - 1; len > 0; len--) {
216 *data = (unsigned char)(value & 0xff);
217 data--;
218 value >>= 8;
219 }
220
221 /* Check whether we could fit the value in the assigned number of bytes */
222 if (value > 0)
223 return 0;
224
225 return 1;
226 }
227
228
229 /*
230 * Internal helper function used by WPACKET_close(), WPACKET_finish() and
231 * WPACKET_fill_lengths() to close a sub-packet and write out its length if
232 * necessary. If |doclose| is 0 then it goes through the motions of closing
233 * (i.e. it fills in all the lengths), but doesn't actually close anything.
234 */
235 static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
236 {
237 size_t packlen = pkt->written - sub->pwritten;
238
239 if (packlen == 0
240 && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
241 return 0;
242
243 if (packlen == 0
244 && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
245 /* We can't handle this case. Return an error */
246 if (!doclose)
247 return 0;
248
249 /* Deallocate any bytes allocated for the length of the WPACKET */
250 if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
251 pkt->written -= sub->lenbytes;
252 pkt->curr -= sub->lenbytes;
253 }
254
255 /* Don't write out the packet length */
256 sub->packet_len = 0;
257 sub->lenbytes = 0;
258 }
259
260 /* Write out the WPACKET length if needed */
261 if (sub->lenbytes > 0) {
262 unsigned char *buf = GETBUF(pkt);
263
264 if (buf != NULL
265 && !put_value(&buf[sub->packet_len], packlen,
266 sub->lenbytes))
267 return 0;
268 } else if (pkt->endfirst && sub->parent != NULL) {
269 size_t tmplen = packlen;
270 size_t numlenbytes = 1;
271
272 while ((tmplen = tmplen >> 8) > 0)
273 numlenbytes++;
274 if (!WPACKET_put_bytes__(pkt, packlen, numlenbytes))
275 return 0;
276 if (packlen > 0x7f) {
277 numlenbytes |= 0x80;
278 if (!WPACKET_put_bytes_u8(pkt, numlenbytes))
279 return 0;
280 }
281 }
282
283 if (doclose) {
284 pkt->subs = sub->parent;
285 OPENSSL_free(sub);
286 }
287
288 return 1;
289 }
290
291 int WPACKET_fill_lengths(WPACKET *pkt)
292 {
293 WPACKET_SUB *sub;
294
295 if (!ossl_assert(pkt->subs != NULL))
296 return 0;
297
298 for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
299 if (!wpacket_intern_close(pkt, sub, 0))
300 return 0;
301 }
302
303 return 1;
304 }
305
306 int WPACKET_close(WPACKET *pkt)
307 {
308 /*
309 * Internal API, so should not fail - but we do negative testing of this
310 * so no assert (otherwise the tests fail)
311 */
312 if (pkt->subs == NULL || pkt->subs->parent == NULL)
313 return 0;
314
315 return wpacket_intern_close(pkt, pkt->subs, 1);
316 }
317
318 int WPACKET_finish(WPACKET *pkt)
319 {
320 int ret;
321
322 /*
323 * Internal API, so should not fail - but we do negative testing of this
324 * so no assert (otherwise the tests fail)
325 */
326 if (pkt->subs == NULL || pkt->subs->parent != NULL)
327 return 0;
328
329 ret = wpacket_intern_close(pkt, pkt->subs, 1);
330 if (ret) {
331 OPENSSL_free(pkt->subs);
332 pkt->subs = NULL;
333 }
334
335 return ret;
336 }
337
338 int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
339 {
340 WPACKET_SUB *sub;
341 unsigned char *lenchars;
342
343 /* Internal API, so should not fail */
344 if (!ossl_assert(pkt->subs != NULL))
345 return 0;
346
347 /* We don't support lenbytes greater than 0 when doing endfirst writing */
348 if (lenbytes > 0 && pkt->endfirst)
349 return 0;
350
351 if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
352 SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE);
353 return 0;
354 }
355
356 sub->parent = pkt->subs;
357 pkt->subs = sub;
358 sub->pwritten = pkt->written + lenbytes;
359 sub->lenbytes = lenbytes;
360
361 if (lenbytes == 0) {
362 sub->packet_len = 0;
363 return 1;
364 }
365
366 sub->packet_len = pkt->written;
367
368 if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
369 return 0;
370
371 return 1;
372 }
373
374 int WPACKET_start_sub_packet(WPACKET *pkt)
375 {
376 return WPACKET_start_sub_packet_len__(pkt, 0);
377 }
378
379 int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size)
380 {
381 unsigned char *data;
382
383 /* Internal API, so should not fail */
384 if (!ossl_assert(size <= sizeof(unsigned int))
385 || !WPACKET_allocate_bytes(pkt, size, &data)
386 || !put_value(data, val, size))
387 return 0;
388
389 return 1;
390 }
391
392 int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
393 {
394 WPACKET_SUB *sub;
395 size_t lenbytes;
396
397 /* Internal API, so should not fail */
398 if (!ossl_assert(pkt->subs != NULL))
399 return 0;
400
401 /* Find the WPACKET_SUB for the top level */
402 for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
403 continue;
404
405 lenbytes = sub->lenbytes;
406 if (lenbytes == 0)
407 lenbytes = sizeof(pkt->maxsize);
408
409 if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
410 return 0;
411
412 pkt->maxsize = maxsize;
413
414 return 1;
415 }
416
417 int WPACKET_memset(WPACKET *pkt, int ch, size_t len)
418 {
419 unsigned char *dest;
420
421 if (len == 0)
422 return 1;
423
424 if (!WPACKET_allocate_bytes(pkt, len, &dest))
425 return 0;
426
427 if (dest != NULL)
428 memset(dest, ch, len);
429
430 return 1;
431 }
432
433 int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
434 {
435 unsigned char *dest;
436
437 if (len == 0)
438 return 1;
439
440 if (!WPACKET_allocate_bytes(pkt, len, &dest))
441 return 0;
442
443 if (dest != NULL)
444 memcpy(dest, src, len);
445
446 return 1;
447 }
448
449 int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
450 size_t lenbytes)
451 {
452 if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
453 || !WPACKET_memcpy(pkt, src, len)
454 || !WPACKET_close(pkt))
455 return 0;
456
457 return 1;
458 }
459
460 int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
461 {
462 /* Internal API, so should not fail */
463 if (!ossl_assert(written != NULL))
464 return 0;
465
466 *written = pkt->written;
467
468 return 1;
469 }
470
471 int WPACKET_get_length(WPACKET *pkt, size_t *len)
472 {
473 /* Internal API, so should not fail */
474 if (!ossl_assert(pkt->subs != NULL && len != NULL))
475 return 0;
476
477 *len = pkt->written - pkt->subs->pwritten;
478
479 return 1;
480 }
481
482 unsigned char *WPACKET_get_curr(WPACKET *pkt)
483 {
484 unsigned char *buf = GETBUF(pkt);
485
486 if (buf == NULL)
487 return NULL;
488
489 if (pkt->endfirst)
490 return buf + pkt->maxsize - pkt->curr;
491
492 return buf + pkt->curr;
493 }
494
495 int WPACKET_is_null_buf(WPACKET *pkt)
496 {
497 return pkt->buf == NULL && pkt->staticbuf == NULL;
498 }
499
500 void WPACKET_cleanup(WPACKET *pkt)
501 {
502 WPACKET_SUB *sub, *parent;
503
504 for (sub = pkt->subs; sub != NULL; sub = parent) {
505 parent = sub->parent;
506 OPENSSL_free(sub);
507 }
508 pkt->subs = NULL;
509 }
A mirror of the official openssl repository