1 /* crypto/evp/evp_enc.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdio.h>
60 #include <limits.h>
61 #include "cryptlib.h"
62 #include <openssl/evp.h>
63 #include <openssl/err.h>
64 #include <openssl/rand.h>
65 #ifndef OPENSSL_NO_ENGINE
66 # include <openssl/engine.h>
67 #endif
68 #ifdef OPENSSL_FIPS
69 # include <openssl/fips.h>
70 #endif
71 #include "evp_locl.h"
72
73 #ifdef OPENSSL_FIPS
74 # define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
75 #else
76 # define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
77 #endif
78
79 const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
80
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX * ctx)81 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
82 {
83 memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
84 /* ctx->cipher=NULL; */
85 }
86
EVP_CIPHER_CTX_new(void)87 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
88 {
89 EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
90 if (ctx)
91 EVP_CIPHER_CTX_init(ctx);
92 return ctx;
93 }
94
EVP_CipherInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc)95 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
96 const unsigned char *key, const unsigned char *iv, int enc)
97 {
98 if (cipher)
99 EVP_CIPHER_CTX_init(ctx);
100 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
101 }
102
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)103 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
104 ENGINE *impl, const unsigned char *key,
105 const unsigned char *iv, int enc)
106 {
107 if (enc == -1)
108 enc = ctx->encrypt;
109 else {
110 if (enc)
111 enc = 1;
112 ctx->encrypt = enc;
113 }
114 #ifndef OPENSSL_NO_ENGINE
115 /*
116 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
117 * this context may already have an ENGINE! Try to avoid releasing the
118 * previous handle, re-querying for an ENGINE, and having a
119 * reinitialisation, when it may all be unecessary.
120 */
121 if (ctx->engine && ctx->cipher && (!cipher ||
122 (cipher
123 && (cipher->nid ==
124 ctx->cipher->nid))))
125 goto skip_to_init;
126 #endif
127 if (cipher) {
128 /*
129 * Ensure a context left lying around from last time is cleared (the
130 * previous check attempted to avoid this if the same ENGINE and
131 * EVP_CIPHER could be used).
132 */
133 if (ctx->cipher) {
134 unsigned long flags = ctx->flags;
135 EVP_CIPHER_CTX_cleanup(ctx);
136 /* Restore encrypt and flags */
137 ctx->encrypt = enc;
138 ctx->flags = flags;
139 }
140 #ifndef OPENSSL_NO_ENGINE
141 if (impl) {
142 if (!ENGINE_init(impl)) {
143 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
144 return 0;
145 }
146 } else
147 /* Ask if an ENGINE is reserved for this job */
148 impl = ENGINE_get_cipher_engine(cipher->nid);
149 if (impl) {
150 /* There's an ENGINE for this job ... (apparently) */
151 const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
152 if (!c) {
153 /*
154 * One positive side-effect of US's export control history,
155 * is that we should at least be able to avoid using US
156 * mispellings of "initialisation"?
157 */
158 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
159 return 0;
160 }
161 /* We'll use the ENGINE's private cipher definition */
162 cipher = c;
163 /*
164 * Store the ENGINE functional reference so we know 'cipher' came
165 * from an ENGINE and we need to release it when done.
166 */
167 ctx->engine = impl;
168 } else
169 ctx->engine = NULL;
170 #endif
171
172 #ifdef OPENSSL_FIPS
173 if (FIPS_mode()) {
174 const EVP_CIPHER *fcipher = NULL;
175 if (cipher)
176 fcipher = evp_get_fips_cipher(cipher);
177 if (fcipher)
178 cipher = fcipher;
179 return FIPS_cipherinit(ctx, cipher, key, iv, enc);
180 }
181 #endif
182 ctx->cipher = cipher;
183 if (ctx->cipher->ctx_size) {
184 ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
185 if (!ctx->cipher_data) {
186 ctx->cipher = NULL;
187 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
188 return 0;
189 }
190 } else {
191 ctx->cipher_data = NULL;
192 }
193 ctx->key_len = cipher->key_len;
194 /* Preserve wrap enable flag, zero everything else */
195 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
196 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
197 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
198 ctx->cipher = NULL;
199 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
200 return 0;
201 }
202 }
203 } else if (!ctx->cipher) {
204 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
205 return 0;
206 }
207 #ifndef OPENSSL_NO_ENGINE
208 skip_to_init:
209 #endif
210 #ifdef OPENSSL_FIPS
211 if (FIPS_mode())
212 return FIPS_cipherinit(ctx, cipher, key, iv, enc);
213 #endif
214 /* we assume block size is a power of 2 in *cryptUpdate */
215 OPENSSL_assert(ctx->cipher->block_size == 1
216 || ctx->cipher->block_size == 8
217 || ctx->cipher->block_size == 16);
218
219 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
220 && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
221 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
222 return 0;
223 }
224
225 if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
226 switch (EVP_CIPHER_CTX_mode(ctx)) {
227
228 case EVP_CIPH_STREAM_CIPHER:
229 case EVP_CIPH_ECB_MODE:
230 break;
231
232 case EVP_CIPH_CFB_MODE:
233 case EVP_CIPH_OFB_MODE:
234
235 ctx->num = 0;
236 /* fall-through */
237
238 case EVP_CIPH_CBC_MODE:
239
240 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
241 (int)sizeof(ctx->iv));
242 if (iv)
243 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
244 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
245 break;
246
247 case EVP_CIPH_CTR_MODE:
248 ctx->num = 0;
249 /* Don't reuse IV for CTR mode */
250 if (iv)
251 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
252 break;
253
254 default:
255 return 0;
256 break;
257 }
258 }
259
260 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
261 if (!ctx->cipher->init(ctx, key, iv, enc))
262 return 0;
263 }
264 ctx->buf_len = 0;
265 ctx->final_used = 0;
266 ctx->block_mask = ctx->cipher->block_size - 1;
267 return 1;
268 }
269
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)270 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
271 const unsigned char *in, int inl)
272 {
273 if (ctx->encrypt)
274 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
275 else
276 return EVP_DecryptUpdate(ctx, out, outl, in, inl);
277 }
278
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)279 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
280 {
281 if (ctx->encrypt)
282 return EVP_EncryptFinal_ex(ctx, out, outl);
283 else
284 return EVP_DecryptFinal_ex(ctx, out, outl);
285 }
286
EVP_CipherFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)287 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
288 {
289 if (ctx->encrypt)
290 return EVP_EncryptFinal(ctx, out, outl);
291 else
292 return EVP_DecryptFinal(ctx, out, outl);
293 }
294
EVP_EncryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)295 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
296 const unsigned char *key, const unsigned char *iv)
297 {
298 return EVP_CipherInit(ctx, cipher, key, iv, 1);
299 }
300
EVP_EncryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)301 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
302 ENGINE *impl, const unsigned char *key,
303 const unsigned char *iv)
304 {
305 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
306 }
307
EVP_DecryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)308 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
309 const unsigned char *key, const unsigned char *iv)
310 {
311 return EVP_CipherInit(ctx, cipher, key, iv, 0);
312 }
313
EVP_DecryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)314 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
315 ENGINE *impl, const unsigned char *key,
316 const unsigned char *iv)
317 {
318 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
319 }
320
evp_EncryptDecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)321 static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
322 unsigned char *out, int *outl,
323 const unsigned char *in, int inl)
324 {
325 int i, j, bl;
326
327 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
328 i = M_do_cipher(ctx, out, in, inl);
329 if (i < 0)
330 return 0;
331 else
332 *outl = i;
333 return 1;
334 }
335
336 if (inl <= 0) {
337 *outl = 0;
338 return inl == 0;
339 }
340
341 if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
342 if (M_do_cipher(ctx, out, in, inl)) {
343 *outl = inl;
344 return 1;
345 } else {
346 *outl = 0;
347 return 0;
348 }
349 }
350 i = ctx->buf_len;
351 bl = ctx->cipher->block_size;
352 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
353 if (i != 0) {
354 if (bl - i > inl) {
355 memcpy(&(ctx->buf[i]), in, inl);
356 ctx->buf_len += inl;
357 *outl = 0;
358 return 1;
359 } else {
360 j = bl - i;
361
362 /*
363 * Once we've processed the first j bytes from in, the amount of
364 * data left that is a multiple of the block length is:
365 * (inl - j) & ~(bl - 1)
366 * We must ensure that this amount of data, plus the one block that
367 * we process from ctx->buf does not exceed INT_MAX
368 */
369 if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
370 EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
371 EVP_R_OUTPUT_WOULD_OVERFLOW);
372 return 0;
373 }
374 memcpy(&(ctx->buf[i]), in, j);
375 if (!M_do_cipher(ctx, out, ctx->buf, bl))
376 return 0;
377 inl -= j;
378 in += j;
379 out += bl;
380 *outl = bl;
381 }
382 } else
383 *outl = 0;
384 i = inl & (bl - 1);
385 inl -= i;
386 if (inl > 0) {
387 if (!M_do_cipher(ctx, out, in, inl))
388 return 0;
389 *outl += inl;
390 }
391
392 if (i != 0)
393 memcpy(ctx->buf, &(in[inl]), i);
394 ctx->buf_len = i;
395 return 1;
396 }
397
EVP_EncryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)398 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
399 const unsigned char *in, int inl)
400 {
401 /* Prevent accidental use of decryption context when encrypting */
402 if (!ctx->encrypt) {
403 EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
404 return 0;
405 }
406
407 return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
408 }
409
EVP_EncryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)410 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
411 {
412 int ret;
413 ret = EVP_EncryptFinal_ex(ctx, out, outl);
414 return ret;
415 }
416
EVP_EncryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)417 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
418 {
419 int n, ret;
420 unsigned int i, b, bl;
421
422 /* Prevent accidental use of decryption context when encrypting */
423 if (!ctx->encrypt) {
424 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
425 return 0;
426 }
427
428 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
429 ret = M_do_cipher(ctx, out, NULL, 0);
430 if (ret < 0)
431 return 0;
432 else
433 *outl = ret;
434 return 1;
435 }
436
437 b = ctx->cipher->block_size;
438 OPENSSL_assert(b <= sizeof(ctx->buf));
439 if (b == 1) {
440 *outl = 0;
441 return 1;
442 }
443 bl = ctx->buf_len;
444 if (ctx->flags & EVP_CIPH_NO_PADDING) {
445 if (bl) {
446 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
447 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
448 return 0;
449 }
450 *outl = 0;
451 return 1;
452 }
453
454 n = b - bl;
455 for (i = bl; i < b; i++)
456 ctx->buf[i] = n;
457 ret = M_do_cipher(ctx, out, ctx->buf, b);
458
459 if (ret)
460 *outl = b;
461
462 return ret;
463 }
464
EVP_DecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)465 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
466 const unsigned char *in, int inl)
467 {
468 int fix_len;
469 unsigned int b;
470
471 /* Prevent accidental use of encryption context when decrypting */
472 if (ctx->encrypt) {
473 EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
474 return 0;
475 }
476
477 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
478 fix_len = M_do_cipher(ctx, out, in, inl);
479 if (fix_len < 0) {
480 *outl = 0;
481 return 0;
482 } else
483 *outl = fix_len;
484 return 1;
485 }
486
487 if (inl <= 0) {
488 *outl = 0;
489 return inl == 0;
490 }
491
492 if (ctx->flags & EVP_CIPH_NO_PADDING)
493 return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
494
495 b = ctx->cipher->block_size;
496 OPENSSL_assert(b <= sizeof(ctx->final));
497
498 if (ctx->final_used) {
499 /*
500 * final_used is only ever set if buf_len is 0. Therefore the maximum
501 * length output we will ever see from evp_EncryptDecryptUpdate is
502 * the maximum multiple of the block length that is <= inl, or just:
503 * inl & ~(b - 1)
504 * Since final_used has been set then the final output length is:
505 * (inl & ~(b - 1)) + b
506 * This must never exceed INT_MAX
507 */
508 if ((inl & ~(b - 1)) > INT_MAX - b) {
509 EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
510 return 0;
511 }
512 memcpy(out, ctx->final, b);
513 out += b;
514 fix_len = 1;
515 } else
516 fix_len = 0;
517
518 if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
519 return 0;
520
521 /*
522 * if we have 'decrypted' a multiple of block size, make sure we have a
523 * copy of this last block
524 */
525 if (b > 1 && !ctx->buf_len) {
526 *outl -= b;
527 ctx->final_used = 1;
528 memcpy(ctx->final, &out[*outl], b);
529 } else
530 ctx->final_used = 0;
531
532 if (fix_len)
533 *outl += b;
534
535 return 1;
536 }
537
EVP_DecryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)538 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
539 {
540 int ret;
541 ret = EVP_DecryptFinal_ex(ctx, out, outl);
542 return ret;
543 }
544
EVP_DecryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)545 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
546 {
547 int i, n;
548 unsigned int b;
549
550 /* Prevent accidental use of encryption context when decrypting */
551 if (ctx->encrypt) {
552 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
553 return 0;
554 }
555
556 *outl = 0;
557
558 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
559 i = M_do_cipher(ctx, out, NULL, 0);
560 if (i < 0)
561 return 0;
562 else
563 *outl = i;
564 return 1;
565 }
566
567 b = ctx->cipher->block_size;
568 if (ctx->flags & EVP_CIPH_NO_PADDING) {
569 if (ctx->buf_len) {
570 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
571 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
572 return 0;
573 }
574 *outl = 0;
575 return 1;
576 }
577 if (b > 1) {
578 if (ctx->buf_len || !ctx->final_used) {
579 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
580 return (0);
581 }
582 OPENSSL_assert(b <= sizeof(ctx->final));
583
584 /*
585 * The following assumes that the ciphertext has been authenticated.
586 * Otherwise it provides a padding oracle.
587 */
588 n = ctx->final[b - 1];
589 if (n == 0 || n > (int)b) {
590 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
591 return (0);
592 }
593 for (i = 0; i < n; i++) {
594 if (ctx->final[--b] != n) {
595 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
596 return (0);
597 }
598 }
599 n = ctx->cipher->block_size - n;
600 for (i = 0; i < n; i++)
601 out[i] = ctx->final[i];
602 *outl = n;
603 } else
604 *outl = 0;
605 return (1);
606 }
607
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * ctx)608 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
609 {
610 if (ctx) {
611 EVP_CIPHER_CTX_cleanup(ctx);
612 OPENSSL_free(ctx);
613 }
614 }
615
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX * c)616 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
617 {
618 #ifndef OPENSSL_FIPS
619 if (c->cipher != NULL) {
620 if (c->cipher->cleanup && !c->cipher->cleanup(c))
621 return 0;
622 /* Cleanse cipher context data */
623 if (c->cipher_data)
624 OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
625 }
626 if (c->cipher_data)
627 OPENSSL_free(c->cipher_data);
628 #endif
629 #ifndef OPENSSL_NO_ENGINE
630 if (c->engine)
631 /*
632 * The EVP_CIPHER we used belongs to an ENGINE, release the
633 * functional reference we held for this reason.
634 */
635 ENGINE_finish(c->engine);
636 #endif
637 #ifdef OPENSSL_FIPS
638 FIPS_cipher_ctx_cleanup(c);
639 #endif
640 memset(c, 0, sizeof(EVP_CIPHER_CTX));
641 return 1;
642 }
643
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int keylen)644 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
645 {
646 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
647 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
648 if (c->key_len == keylen)
649 return 1;
650 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
651 c->key_len = keylen;
652 return 1;
653 }
654 EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
655 return 0;
656 }
657
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX * ctx,int pad)658 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
659 {
660 if (pad)
661 ctx->flags &= ~EVP_CIPH_NO_PADDING;
662 else
663 ctx->flags |= EVP_CIPH_NO_PADDING;
664 return 1;
665 }
666
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)667 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
668 {
669 int ret;
670 if (!ctx->cipher) {
671 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
672 return 0;
673 }
674
675 if (!ctx->cipher->ctrl) {
676 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
677 return 0;
678 }
679
680 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
681 if (ret == -1) {
682 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
683 EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
684 return 0;
685 }
686 return ret;
687 }
688
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,unsigned char * key)689 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
690 {
691 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
692 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
693 if (RAND_bytes(key, ctx->key_len) <= 0)
694 return 0;
695 return 1;
696 }
697
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * out,const EVP_CIPHER_CTX * in)698 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
699 {
700 if ((in == NULL) || (in->cipher == NULL)) {
701 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
702 return 0;
703 }
704 #ifndef OPENSSL_NO_ENGINE
705 /* Make sure it's safe to copy a cipher context using an ENGINE */
706 if (in->engine && !ENGINE_init(in->engine)) {
707 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
708 return 0;
709 }
710 #endif
711
712 EVP_CIPHER_CTX_cleanup(out);
713 memcpy(out, in, sizeof(*out));
714
715 if (in->cipher_data && in->cipher->ctx_size) {
716 out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
717 if (!out->cipher_data) {
718 out->cipher = NULL;
719 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
720 return 0;
721 }
722 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
723 }
724
725 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
726 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
727 out->cipher = NULL;
728 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
729 return 0;
730 }
731 return 1;
732 }
733