Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chunked update_into #5419

Merged
merged 3 commits into from
Aug 24, 2020
Merged

chunked update_into #5419

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3fe555d
chunked update_into
reaperhulk Jul 19, 2020
f7038e6
all pointer arithmetic all the time
reaperhulk Aug 24, 2020
d63ca55
review feedback
reaperhulk Aug 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
37 changes: 24 additions & 13 deletions src/cryptography/hazmat/backends/openssl/ciphers.py
View file
Open in desktop
Expand Up @@ -17,6 +17,7 @@
class _CipherContext(object):
_ENCRYPT = 1
_DECRYPT = 0
_MAX_CHUNK_SIZE = 2 ** 31

def __init__(self, backend, cipher, mode, operation):
self._backend = backend
Expand Down Expand Up @@ -124,25 +125,35 @@ def update(self, data):
return bytes(buf[:n])

def update_into(self, data, buf):
if len(buf) < (len(data) + self._block_size_bytes - 1):
data_processed = 0
total_out = 0
reaperhulk marked this conversation as resolved.
Show resolved Hide resolved
total_data_len = len(data)
if len(buf) < (total_data_len + self._block_size_bytes - 1):
raise ValueError(
"buffer must be at least {} bytes for this "
"payload".format(len(data) + self._block_size_bytes - 1)
)

buf = self._backend._ffi.cast(
"unsigned char *", self._backend._ffi.from_buffer(buf)
)
outlen = self._backend._ffi.new("int *")
res = self._backend._lib.EVP_CipherUpdate(
self._ctx,
buf,
outlen,
self._backend._ffi.from_buffer(data),
len(data),
)
self._backend.openssl_assert(res != 0)
return outlen[0]
baseoutbuf = self._backend._ffi.from_buffer(buf)
baseinbuf = self._backend._ffi.from_buffer(data)

while data_processed != total_data_len:
outbuf = baseoutbuf + total_out
inbuf = baseinbuf + data_processed
if total_data_len - data_processed > self._MAX_CHUNK_SIZE:
inlen = self._MAX_CHUNK_SIZE
else:
inlen = total_data_len - data_processed
reaperhulk marked this conversation as resolved.
Show resolved Hide resolved

res = self._backend._lib.EVP_CipherUpdate(
self._ctx, outbuf, outlen, inbuf, inlen
)
self._backend.openssl_assert(res != 0)
data_processed += inlen
total_out += outlen[0]

return total_out

def finalize(self):
if (
Expand Down
17 changes: 17 additions & 0 deletions tests/hazmat/primitives/test_ciphers.py
View file
Open in desktop
Expand Up @@ -316,3 +316,20 @@ def test_update_into_buffer_too_small_gcm(self, backend):
buf = bytearray(5)
with pytest.raises(ValueError):
encryptor.update_into(b"testing", buf)

def test_update_into_auto_chunking(self, backend, monkeypatch):
key = b"\x00" * 16
c = ciphers.Cipher(AES(key), modes.ECB(), backend)
encryptor = c.encryptor()
# Lower max chunk size so we can test chunking
alex marked this conversation as resolved.
Show resolved Hide resolved
monkeypatch.setattr(encryptor._ctx, "_MAX_CHUNK_SIZE", 40)
buf = bytearray(527)
pt = b"abcdefghijklmnopqrstuvwxyz012345" * 16 # 512 bytes
processed = encryptor.update_into(pt, buf)
assert processed == 512
decryptor = c.decryptor()
# Change max chunk size to verify alternate boundaries don't matter
monkeypatch.setattr(decryptor._ctx, "_MAX_CHUNK_SIZE", 73)
decbuf = bytearray(527)
decprocessed = decryptor.update_into(buf[:processed], decbuf)
assert decbuf[:decprocessed] == pt