1 /* $OpenBSD: evp_enc.c,v 1.47 2022/09/13 04:59:18 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <limits.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <string.h>
63
64 #include <sys/types.h>
65
66 #include <openssl/opensslconf.h>
67
68 #include <openssl/err.h>
69 #include <openssl/evp.h>
70
71 #ifndef OPENSSL_NO_ENGINE
72 #include <openssl/engine.h>
73 #endif
74
75 #include "evp_locl.h"
76
77 int
EVP_CipherInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc)78 EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
79 const unsigned char *key, const unsigned char *iv, int enc)
80 {
81 if (cipher)
82 EVP_CIPHER_CTX_init(ctx);
83 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
84 }
85
86 int
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)87 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
88 const unsigned char *key, const unsigned char *iv, int enc)
89 {
90 if (enc == -1)
91 enc = ctx->encrypt;
92 else {
93 if (enc)
94 enc = 1;
95 ctx->encrypt = enc;
96 }
97 #ifndef OPENSSL_NO_ENGINE
98 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
99 * so this context may already have an ENGINE! Try to avoid releasing
100 * the previous handle, re-querying for an ENGINE, and having a
101 * reinitialisation, when it may all be unecessary. */
102 if (ctx->engine && ctx->cipher &&
103 (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
104 goto skip_to_init;
105 #endif
106 if (cipher) {
107 /* Ensure a context left lying around from last time is cleared
108 * (the previous check attempted to avoid this if the same
109 * ENGINE and EVP_CIPHER could be used). */
110 if (ctx->cipher) {
111 unsigned long flags = ctx->flags;
112 EVP_CIPHER_CTX_cleanup(ctx);
113 /* Restore encrypt and flags */
114 ctx->encrypt = enc;
115 ctx->flags = flags;
116 }
117 #ifndef OPENSSL_NO_ENGINE
118 if (impl) {
119 if (!ENGINE_init(impl)) {
120 EVPerror(EVP_R_INITIALIZATION_ERROR);
121 return 0;
122 }
123 } else
124 /* Ask if an ENGINE is reserved for this job */
125 impl = ENGINE_get_cipher_engine(cipher->nid);
126 if (impl) {
127 /* There's an ENGINE for this job ... (apparently) */
128 const EVP_CIPHER *c =
129 ENGINE_get_cipher(impl, cipher->nid);
130 if (!c) {
131 EVPerror(EVP_R_INITIALIZATION_ERROR);
132 return 0;
133 }
134 /* We'll use the ENGINE's private cipher definition */
135 cipher = c;
136 /* Store the ENGINE functional reference so we know
137 * 'cipher' came from an ENGINE and we need to release
138 * it when done. */
139 ctx->engine = impl;
140 } else
141 ctx->engine = NULL;
142 #endif
143
144 ctx->cipher = cipher;
145 if (ctx->cipher->ctx_size) {
146 ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);
147 if (ctx->cipher_data == NULL) {
148 EVPerror(ERR_R_MALLOC_FAILURE);
149 return 0;
150 }
151 } else {
152 ctx->cipher_data = NULL;
153 }
154 ctx->key_len = cipher->key_len;
155 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
156 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
157 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
158 EVPerror(EVP_R_INITIALIZATION_ERROR);
159 return 0;
160 }
161 }
162 } else if (!ctx->cipher) {
163 EVPerror(EVP_R_NO_CIPHER_SET);
164 return 0;
165 }
166 #ifndef OPENSSL_NO_ENGINE
167 skip_to_init:
168 #endif
169 /* we assume block size is a power of 2 in *cryptUpdate */
170 if (ctx->cipher->block_size != 1 &&
171 ctx->cipher->block_size != 8 &&
172 ctx->cipher->block_size != 16) {
173 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
174 return 0;
175 }
176
177 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) &&
178 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
179 EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED);
180 return 0;
181 }
182
183 if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
184 switch (EVP_CIPHER_CTX_mode(ctx)) {
185
186 case EVP_CIPH_STREAM_CIPHER:
187 case EVP_CIPH_ECB_MODE:
188 break;
189
190 case EVP_CIPH_CFB_MODE:
191 case EVP_CIPH_OFB_MODE:
192
193 ctx->num = 0;
194 /* fall-through */
195
196 case EVP_CIPH_CBC_MODE:
197
198 if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
199 sizeof(ctx->iv)) {
200 EVPerror(EVP_R_IV_TOO_LARGE);
201 return 0;
202 }
203 if (iv)
204 memcpy(ctx->oiv, iv,
205 EVP_CIPHER_CTX_iv_length(ctx));
206 memcpy(ctx->iv, ctx->oiv,
207 EVP_CIPHER_CTX_iv_length(ctx));
208 break;
209
210 case EVP_CIPH_CTR_MODE:
211 ctx->num = 0;
212 /* Don't reuse IV for CTR mode */
213 if (iv)
214 memcpy(ctx->iv, iv,
215 EVP_CIPHER_CTX_iv_length(ctx));
216 break;
217
218 default:
219 return 0;
220 break;
221 }
222 }
223
224 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
225 if (!ctx->cipher->init(ctx, key, iv, enc))
226 return 0;
227 }
228 ctx->buf_len = 0;
229 ctx->final_used = 0;
230 ctx->block_mask = ctx->cipher->block_size - 1;
231 return 1;
232 }
233
234 int
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)235 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
236 const unsigned char *in, int inl)
237 {
238 if (ctx->encrypt)
239 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
240 else
241 return EVP_DecryptUpdate(ctx, out, outl, in, inl);
242 }
243
244 int
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)245 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
246 {
247 if (ctx->encrypt)
248 return EVP_EncryptFinal_ex(ctx, out, outl);
249 else
250 return EVP_DecryptFinal_ex(ctx, out, outl);
251 }
252
253 __warn_references(EVP_CipherFinal,
254 "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup");
255
256 int
EVP_CipherFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)257 EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
258 {
259 int ret;
260 if (ctx->encrypt)
261 ret = EVP_EncryptFinal_ex(ctx, out, outl);
262 else
263 ret = EVP_DecryptFinal_ex(ctx, out, outl);
264 return ret;
265 }
266
267 int
EVP_EncryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)268 EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
269 const unsigned char *key, const unsigned char *iv)
270 {
271 return EVP_CipherInit(ctx, cipher, key, iv, 1);
272 }
273
274 int
EVP_EncryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)275 EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
276 const unsigned char *key, const unsigned char *iv)
277 {
278 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
279 }
280
281 int
EVP_DecryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)282 EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
283 const unsigned char *key, const unsigned char *iv)
284 {
285 return EVP_CipherInit(ctx, cipher, key, iv, 0);
286 }
287
288 int
EVP_DecryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)289 EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
290 const unsigned char *key, const unsigned char *iv)
291 {
292 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
293 }
294
295 int
EVP_EncryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)296 EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
297 const unsigned char *in, int inl)
298 {
299 int i, j, bl;
300
301 *outl = 0;
302
303 if (inl < 0)
304 return 0;
305
306 if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
307 return 1;
308
309 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
310 i = ctx->cipher->do_cipher(ctx, out, in, inl);
311 if (i < 0)
312 return 0;
313 else
314 *outl = i;
315 return 1;
316 }
317
318 if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) {
319 if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
320 *outl = inl;
321 return 1;
322 } else {
323 *outl = 0;
324 return 0;
325 }
326 }
327 i = ctx->buf_len;
328 bl = ctx->cipher->block_size;
329 if ((size_t)bl > sizeof(ctx->buf)) {
330 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
331 *outl = 0;
332 return 0;
333 }
334 if (i != 0) {
335 if (bl - i > inl) {
336 memcpy(&(ctx->buf[i]), in, inl);
337 ctx->buf_len += inl;
338 *outl = 0;
339 return 1;
340 } else {
341 j = bl - i;
342
343 /*
344 * Once we've processed the first j bytes from in, the
345 * amount of data left that is a multiple of the block
346 * length is (inl - j) & ~(bl - 1). Ensure this plus
347 * the block processed from ctx-buf doesn't overflow.
348 */
349 if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
350 EVPerror(EVP_R_TOO_LARGE);
351 return 0;
352 }
353 memcpy(&(ctx->buf[i]), in, j);
354 if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
355 return 0;
356 inl -= j;
357 in += j;
358 out += bl;
359 *outl = bl;
360 }
361 } else
362 *outl = 0;
363 i = inl&(bl - 1);
364 inl -= i;
365 if (inl > 0) {
366 if (!ctx->cipher->do_cipher(ctx, out, in, inl))
367 return 0;
368 *outl += inl;
369 }
370
371 if (i != 0)
372 memcpy(ctx->buf, &(in[inl]), i);
373 ctx->buf_len = i;
374 return 1;
375 }
376
377 __warn_references(EVP_EncryptFinal,
378 "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup");
379
380 int
EVP_EncryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)381 EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
382 {
383 int ret;
384
385 ret = EVP_EncryptFinal_ex(ctx, out, outl);
386 return ret;
387 }
388
389 int
EVP_EncryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)390 EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
391 {
392 int n, ret;
393 unsigned int i, b, bl;
394
395 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
396 ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
397 if (ret < 0)
398 return 0;
399 else
400 *outl = ret;
401 return 1;
402 }
403
404 b = ctx->cipher->block_size;
405 if (b > sizeof ctx->buf) {
406 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
407 return 0;
408 }
409 if (b == 1) {
410 *outl = 0;
411 return 1;
412 }
413 bl = ctx->buf_len;
414 if (ctx->flags & EVP_CIPH_NO_PADDING) {
415 if (bl) {
416 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
417 return 0;
418 }
419 *outl = 0;
420 return 1;
421 }
422
423 n = b - bl;
424 for (i = bl; i < b; i++)
425 ctx->buf[i] = n;
426 ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
427
428
429 if (ret)
430 *outl = b;
431
432 return ret;
433 }
434
435 int
EVP_DecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)436 EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
437 const unsigned char *in, int inl)
438 {
439 int fix_len;
440 unsigned int b;
441
442 *outl = 0;
443
444 if (inl < 0)
445 return 0;
446
447 if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)
448 return 1;
449
450 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
451 fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
452 if (fix_len < 0) {
453 *outl = 0;
454 return 0;
455 } else
456 *outl = fix_len;
457 return 1;
458 }
459
460 if (ctx->flags & EVP_CIPH_NO_PADDING)
461 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
462
463 b = ctx->cipher->block_size;
464 if (b > sizeof ctx->final) {
465 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
466 return 0;
467 }
468
469 if (ctx->final_used) {
470 /*
471 * final_used is only ever set if buf_len is 0. Therefore the
472 * maximum length output we will ever see from EVP_EncryptUpdate
473 * is inl & ~(b - 1). Since final_used is set, the final output
474 * length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow.
475 */
476 if ((inl & ~(b - 1)) > INT_MAX - b) {
477 EVPerror(EVP_R_TOO_LARGE);
478 return 0;
479 }
480 memcpy(out, ctx->final, b);
481 out += b;
482 fix_len = 1;
483 } else
484 fix_len = 0;
485
486
487 if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
488 return 0;
489
490 /* if we have 'decrypted' a multiple of block size, make sure
491 * we have a copy of this last block */
492 if (b > 1 && !ctx->buf_len) {
493 *outl -= b;
494 ctx->final_used = 1;
495 memcpy(ctx->final, &out[*outl], b);
496 } else
497 ctx->final_used = 0;
498
499 if (fix_len)
500 *outl += b;
501
502 return 1;
503 }
504
505 __warn_references(EVP_DecryptFinal,
506 "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup");
507
508 int
EVP_DecryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)509 EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
510 {
511 int ret;
512
513 ret = EVP_DecryptFinal_ex(ctx, out, outl);
514 return ret;
515 }
516
517 int
EVP_DecryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)518 EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
519 {
520 int i, n;
521 unsigned int b;
522 *outl = 0;
523
524 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
525 i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
526 if (i < 0)
527 return 0;
528 else
529 *outl = i;
530 return 1;
531 }
532
533 b = ctx->cipher->block_size;
534 if (ctx->flags & EVP_CIPH_NO_PADDING) {
535 if (ctx->buf_len) {
536 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
537 return 0;
538 }
539 *outl = 0;
540 return 1;
541 }
542 if (b > 1) {
543 if (ctx->buf_len || !ctx->final_used) {
544 EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
545 return (0);
546 }
547 if (b > sizeof ctx->final) {
548 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
549 return 0;
550 }
551 n = ctx->final[b - 1];
552 if (n == 0 || n > (int)b) {
553 EVPerror(EVP_R_BAD_DECRYPT);
554 return (0);
555 }
556 for (i = 0; i < n; i++) {
557 if (ctx->final[--b] != n) {
558 EVPerror(EVP_R_BAD_DECRYPT);
559 return (0);
560 }
561 }
562 n = ctx->cipher->block_size - n;
563 for (i = 0; i < n; i++)
564 out[i] = ctx->final[i];
565 *outl = n;
566 } else
567 *outl = 0;
568 return (1);
569 }
570
571 EVP_CIPHER_CTX *
EVP_CIPHER_CTX_new(void)572 EVP_CIPHER_CTX_new(void)
573 {
574 return calloc(1, sizeof(EVP_CIPHER_CTX));
575 }
576
577 void
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * ctx)578 EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
579 {
580 if (ctx == NULL)
581 return;
582
583 EVP_CIPHER_CTX_cleanup(ctx);
584
585 free(ctx);
586 }
587
588 void
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX * ctx)589 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
590 {
591 memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
592 }
593
594 int
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX * a)595 EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a)
596 {
597 return EVP_CIPHER_CTX_cleanup(a);
598 }
599
600 int
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX * c)601 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
602 {
603 if (c->cipher != NULL) {
604 if (c->cipher->cleanup != NULL)
605 c->cipher->cleanup(c);
606 if (c->cipher_data != NULL)
607 explicit_bzero(c->cipher_data, c->cipher->ctx_size);
608 }
609
610 /* XXX - store size of cipher_data so we can always freezero(). */
611 free(c->cipher_data);
612
613 #ifndef OPENSSL_NO_ENGINE
614 ENGINE_finish(c->engine);
615 #endif
616
617 explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
618
619 return 1;
620 }
621
622 int
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int keylen)623 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
624 {
625 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
626 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH,
627 keylen, NULL);
628 if (c->key_len == keylen)
629 return 1;
630 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
631 c->key_len = keylen;
632 return 1;
633 }
634 EVPerror(EVP_R_INVALID_KEY_LENGTH);
635 return 0;
636 }
637
638 int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX * ctx,int pad)639 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
640 {
641 if (pad)
642 ctx->flags &= ~EVP_CIPH_NO_PADDING;
643 else
644 ctx->flags |= EVP_CIPH_NO_PADDING;
645 return 1;
646 }
647
648 int
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)649 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
650 {
651 int ret;
652
653 if (!ctx->cipher) {
654 EVPerror(EVP_R_NO_CIPHER_SET);
655 return 0;
656 }
657
658 if (!ctx->cipher->ctrl) {
659 EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
660 return 0;
661 }
662
663 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
664 if (ret == -1) {
665 EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
666 return 0;
667 }
668 return ret;
669 }
670
671 int
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,unsigned char * key)672 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
673 {
674 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
675 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
676 arc4random_buf(key, ctx->key_len);
677 return 1;
678 }
679
680 int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * out,const EVP_CIPHER_CTX * in)681 EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
682 {
683 if ((in == NULL) || (in->cipher == NULL)) {
684 EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
685 return 0;
686 }
687 #ifndef OPENSSL_NO_ENGINE
688 /* Make sure it's safe to copy a cipher context using an ENGINE */
689 if (in->engine && !ENGINE_init(in->engine)) {
690 EVPerror(ERR_R_ENGINE_LIB);
691 return 0;
692 }
693 #endif
694
695 EVP_CIPHER_CTX_cleanup(out);
696 memcpy(out, in, sizeof *out);
697
698 if (in->cipher_data && in->cipher->ctx_size) {
699 out->cipher_data = calloc(1, in->cipher->ctx_size);
700 if (out->cipher_data == NULL) {
701 EVPerror(ERR_R_MALLOC_FAILURE);
702 return 0;
703 }
704 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
705 }
706
707 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) {
708 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY,
709 0, out)) {
710 /*
711 * If the custom copy control failed, assume that there
712 * may still be pointers copied in the cipher_data that
713 * we do not own. This may result in a leak from a bad
714 * custom copy control, but that's preferable to a
715 * double free...
716 */
717 freezero(out->cipher_data, in->cipher->ctx_size);
718 out->cipher_data = NULL;
719 return 0;
720 }
721 }
722
723 return 1;
724 }
725