1 /*
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <limits.h>
15 #include <assert.h>
16 #include <openssl/evp.h>
17 #include <openssl/err.h>
18 #include <openssl/rand.h>
19 #ifndef FIPS_MODULE
20 # include <openssl/engine.h>
21 #endif
22 #include <openssl/params.h>
23 #include <openssl/core_names.h>
24 #include "internal/cryptlib.h"
25 #include "internal/provider.h"
26 #include "internal/core.h"
27 #include "crypto/evp.h"
28 #include "evp_local.h"
29
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX * ctx)30 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
31 {
32 if (ctx == NULL)
33 return 1;
34
35 if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
36 goto legacy;
37
38 if (ctx->algctx != NULL) {
39 if (ctx->cipher->freectx != NULL)
40 ctx->cipher->freectx(ctx->algctx);
41 ctx->algctx = NULL;
42 }
43 if (ctx->fetched_cipher != NULL)
44 EVP_CIPHER_free(ctx->fetched_cipher);
45 memset(ctx, 0, sizeof(*ctx));
46 ctx->iv_len = -1;
47
48 return 1;
49
50 /* Remove legacy code below when legacy support is removed. */
51 legacy:
52
53 if (ctx->cipher != NULL) {
54 if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx))
55 return 0;
56 /* Cleanse cipher context data */
57 if (ctx->cipher_data && ctx->cipher->ctx_size)
58 OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
59 }
60 OPENSSL_free(ctx->cipher_data);
61 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
62 ENGINE_finish(ctx->engine);
63 #endif
64 memset(ctx, 0, sizeof(*ctx));
65 ctx->iv_len = -1;
66 return 1;
67 }
68
EVP_CIPHER_CTX_new(void)69 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
70 {
71 return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
72 }
73
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * ctx)74 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
75 {
76 if (ctx == NULL)
77 return;
78 EVP_CIPHER_CTX_reset(ctx);
79 OPENSSL_free(ctx);
80 }
81
evp_cipher_init_internal(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc,const OSSL_PARAM params[])82 static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
83 const EVP_CIPHER *cipher,
84 ENGINE *impl, const unsigned char *key,
85 const unsigned char *iv, int enc,
86 const OSSL_PARAM params[])
87 {
88 int n;
89 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
90 ENGINE *tmpimpl = NULL;
91 #endif
92
93 ctx->iv_len = -1;
94
95 /*
96 * enc == 1 means we are encrypting.
97 * enc == 0 means we are decrypting.
98 * enc == -1 means, use the previously initialised value for encrypt/decrypt
99 */
100 if (enc == -1) {
101 enc = ctx->encrypt;
102 } else {
103 if (enc)
104 enc = 1;
105 ctx->encrypt = enc;
106 }
107
108 if (cipher == NULL && ctx->cipher == NULL) {
109 ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
110 return 0;
111 }
112
113 /* Code below to be removed when legacy support is dropped. */
114
115 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
116 /*
117 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
118 * this context may already have an ENGINE! Try to avoid releasing the
119 * previous handle, re-querying for an ENGINE, and having a
120 * reinitialisation, when it may all be unnecessary.
121 */
122 if (ctx->engine && ctx->cipher
123 && (cipher == NULL || cipher->nid == ctx->cipher->nid))
124 goto skip_to_init;
125
126 if (cipher != NULL && impl == NULL) {
127 /* Ask if an ENGINE is reserved for this job */
128 tmpimpl = ENGINE_get_cipher_engine(cipher->nid);
129 }
130 #endif
131
132 /*
133 * If there are engines involved then we should use legacy handling for now.
134 */
135 if (ctx->engine != NULL
136 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
137 || tmpimpl != NULL
138 #endif
139 || impl != NULL
140 || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
141 || (cipher == NULL && ctx->cipher != NULL
142 && ctx->cipher->origin == EVP_ORIG_METH)) {
143 if (ctx->cipher == ctx->fetched_cipher)
144 ctx->cipher = NULL;
145 EVP_CIPHER_free(ctx->fetched_cipher);
146 ctx->fetched_cipher = NULL;
147 goto legacy;
148 }
149 /*
150 * Ensure a context left lying around from last time is cleared
151 * (legacy code)
152 */
153 if (cipher != NULL && ctx->cipher != NULL) {
154 if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx))
155 return 0;
156 OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size);
157 ctx->cipher_data = NULL;
158 }
159
160 /* Start of non-legacy code below */
161
162 /* Ensure a context left lying around from last time is cleared */
163 if (cipher != NULL && ctx->cipher != NULL) {
164 unsigned long flags = ctx->flags;
165
166 EVP_CIPHER_CTX_reset(ctx);
167 /* Restore encrypt and flags */
168 ctx->encrypt = enc;
169 ctx->flags = flags;
170 }
171
172 if (cipher == NULL)
173 cipher = ctx->cipher;
174
175 if (cipher->prov == NULL) {
176 #ifdef FIPS_MODULE
177 /* We only do explicit fetches inside the FIPS module */
178 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
179 return 0;
180 #else
181 EVP_CIPHER *provciph =
182 EVP_CIPHER_fetch(NULL,
183 cipher->nid == NID_undef ? "NULL"
184 : OBJ_nid2sn(cipher->nid),
185 "");
186
187 if (provciph == NULL)
188 return 0;
189 cipher = provciph;
190 EVP_CIPHER_free(ctx->fetched_cipher);
191 ctx->fetched_cipher = provciph;
192 #endif
193 }
194
195 if (cipher->prov != NULL) {
196 if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
197 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
198 return 0;
199 }
200 EVP_CIPHER_free(ctx->fetched_cipher);
201 ctx->fetched_cipher = (EVP_CIPHER *)cipher;
202 }
203 ctx->cipher = cipher;
204 if (ctx->algctx == NULL) {
205 ctx->algctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
206 if (ctx->algctx == NULL) {
207 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
208 return 0;
209 }
210 }
211
212 if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
213 /*
214 * If this ctx was already set up for no padding then we need to tell
215 * the new cipher about it.
216 */
217 if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
218 return 0;
219 }
220
221 if (enc) {
222 if (ctx->cipher->einit == NULL) {
223 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
224 return 0;
225 }
226
227 return ctx->cipher->einit(ctx->algctx,
228 key,
229 key == NULL ? 0
230 : EVP_CIPHER_CTX_get_key_length(ctx),
231 iv,
232 iv == NULL ? 0
233 : EVP_CIPHER_CTX_get_iv_length(ctx),
234 params);
235 }
236
237 if (ctx->cipher->dinit == NULL) {
238 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
239 return 0;
240 }
241
242 return ctx->cipher->dinit(ctx->algctx,
243 key,
244 key == NULL ? 0
245 : EVP_CIPHER_CTX_get_key_length(ctx),
246 iv,
247 iv == NULL ? 0
248 : EVP_CIPHER_CTX_get_iv_length(ctx),
249 params);
250
251 /* Code below to be removed when legacy support is dropped. */
252 legacy:
253
254 if (cipher != NULL) {
255 /*
256 * Ensure a context left lying around from last time is cleared (we
257 * previously attempted to avoid this if the same ENGINE and
258 * EVP_CIPHER could be used).
259 */
260 if (ctx->cipher) {
261 unsigned long flags = ctx->flags;
262 EVP_CIPHER_CTX_reset(ctx);
263 /* Restore encrypt and flags */
264 ctx->encrypt = enc;
265 ctx->flags = flags;
266 }
267 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
268 if (impl != NULL) {
269 if (!ENGINE_init(impl)) {
270 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
271 return 0;
272 }
273 } else {
274 impl = tmpimpl;
275 }
276 if (impl != NULL) {
277 /* There's an ENGINE for this job ... (apparently) */
278 const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
279
280 if (c == NULL) {
281 /*
282 * One positive side-effect of US's export control history,
283 * is that we should at least be able to avoid using US
284 * misspellings of "initialisation"?
285 */
286 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
287 return 0;
288 }
289 /* We'll use the ENGINE's private cipher definition */
290 cipher = c;
291 /*
292 * Store the ENGINE functional reference so we know 'cipher' came
293 * from an ENGINE and we need to release it when done.
294 */
295 ctx->engine = impl;
296 } else {
297 ctx->engine = NULL;
298 }
299 #endif
300
301 ctx->cipher = cipher;
302 if (ctx->cipher->ctx_size) {
303 ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
304 if (ctx->cipher_data == NULL) {
305 ctx->cipher = NULL;
306 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
307 return 0;
308 }
309 } else {
310 ctx->cipher_data = NULL;
311 }
312 ctx->key_len = cipher->key_len;
313 /* Preserve wrap enable flag, zero everything else */
314 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
315 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
316 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
317 ctx->cipher = NULL;
318 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
319 return 0;
320 }
321 }
322 }
323 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
324 skip_to_init:
325 #endif
326 if (ctx->cipher == NULL)
327 return 0;
328
329 /* we assume block size is a power of 2 in *cryptUpdate */
330 OPENSSL_assert(ctx->cipher->block_size == 1
331 || ctx->cipher->block_size == 8
332 || ctx->cipher->block_size == 16);
333
334 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
335 && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) {
336 ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED);
337 return 0;
338 }
339
340 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
341 & EVP_CIPH_CUSTOM_IV) == 0) {
342 switch (EVP_CIPHER_CTX_get_mode(ctx)) {
343
344 case EVP_CIPH_STREAM_CIPHER:
345 case EVP_CIPH_ECB_MODE:
346 break;
347
348 case EVP_CIPH_CFB_MODE:
349 case EVP_CIPH_OFB_MODE:
350
351 ctx->num = 0;
352 /* fall-through */
353
354 case EVP_CIPH_CBC_MODE:
355 n = EVP_CIPHER_CTX_get_iv_length(ctx);
356 if (n < 0 || n > (int)sizeof(ctx->iv)) {
357 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
358 return 0;
359 }
360 if (iv != NULL)
361 memcpy(ctx->oiv, iv, n);
362 memcpy(ctx->iv, ctx->oiv, n);
363 break;
364
365 case EVP_CIPH_CTR_MODE:
366 ctx->num = 0;
367 /* Don't reuse IV for CTR mode */
368 if (iv != NULL) {
369 n = EVP_CIPHER_CTX_get_iv_length(ctx);
370 if (n <= 0 || n > (int)sizeof(ctx->iv)) {
371 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
372 return 0;
373 }
374 memcpy(ctx->iv, iv, n);
375 }
376 break;
377
378 default:
379 return 0;
380 }
381 }
382
383 if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
384 if (!ctx->cipher->init(ctx, key, iv, enc))
385 return 0;
386 }
387 ctx->buf_len = 0;
388 ctx->final_used = 0;
389 ctx->block_mask = ctx->cipher->block_size - 1;
390 return 1;
391 }
392
EVP_CipherInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc,const OSSL_PARAM params[])393 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
394 const unsigned char *key, const unsigned char *iv,
395 int enc, const OSSL_PARAM params[])
396 {
397 return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params);
398 }
399
EVP_CipherInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc)400 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
401 const unsigned char *key, const unsigned char *iv, int enc)
402 {
403 if (cipher != NULL)
404 EVP_CIPHER_CTX_reset(ctx);
405 return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, NULL);
406 }
407
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)408 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
409 ENGINE *impl, const unsigned char *key,
410 const unsigned char *iv, int enc)
411 {
412 return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL);
413 }
414
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)415 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
416 const unsigned char *in, int inl)
417 {
418 if (ctx->encrypt)
419 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
420 else
421 return EVP_DecryptUpdate(ctx, out, outl, in, inl);
422 }
423
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)424 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
425 {
426 if (ctx->encrypt)
427 return EVP_EncryptFinal_ex(ctx, out, outl);
428 else
429 return EVP_DecryptFinal_ex(ctx, out, outl);
430 }
431
EVP_CipherFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)432 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
433 {
434 if (ctx->encrypt)
435 return EVP_EncryptFinal(ctx, out, outl);
436 else
437 return EVP_DecryptFinal(ctx, out, outl);
438 }
439
EVP_EncryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)440 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
441 const unsigned char *key, const unsigned char *iv)
442 {
443 return EVP_CipherInit(ctx, cipher, key, iv, 1);
444 }
445
EVP_EncryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)446 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
447 ENGINE *impl, const unsigned char *key,
448 const unsigned char *iv)
449 {
450 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
451 }
452
EVP_EncryptInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,const OSSL_PARAM params[])453 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
454 const unsigned char *key, const unsigned char *iv,
455 const OSSL_PARAM params[])
456 {
457 return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params);
458 }
459
EVP_DecryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)460 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
461 const unsigned char *key, const unsigned char *iv)
462 {
463 return EVP_CipherInit(ctx, cipher, key, iv, 0);
464 }
465
EVP_DecryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)466 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
467 ENGINE *impl, const unsigned char *key,
468 const unsigned char *iv)
469 {
470 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
471 }
472
EVP_DecryptInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,const OSSL_PARAM params[])473 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
474 const unsigned char *key, const unsigned char *iv,
475 const OSSL_PARAM params[])
476 {
477 return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params);
478 }
479
480 /*
481 * According to the letter of standard difference between pointers
482 * is specified to be valid only within same object. This makes
483 * it formally challenging to determine if input and output buffers
484 * are not partially overlapping with standard pointer arithmetic.
485 */
486 #ifdef PTRDIFF_T
487 # undef PTRDIFF_T
488 #endif
489 #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
490 /*
491 * Then we have VMS that distinguishes itself by adhering to
492 * sizeof(size_t)==4 even in 64-bit builds, which means that
493 * difference between two pointers might be truncated to 32 bits.
494 * In the context one can even wonder how comparison for
495 * equality is implemented. To be on the safe side we adhere to
496 * PTRDIFF_T even for comparison for equality.
497 */
498 # define PTRDIFF_T uint64_t
499 #else
500 # define PTRDIFF_T size_t
501 #endif
502
ossl_is_partially_overlapping(const void * ptr1,const void * ptr2,int len)503 int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
504 {
505 PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
506 /*
507 * Check for partially overlapping buffers. [Binary logical
508 * operations are used instead of boolean to minimize number
509 * of conditional branches.]
510 */
511 int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
512 (diff > (0 - (PTRDIFF_T)len)));
513
514 return overlapped;
515 }
516
evp_EncryptDecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)517 static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
518 unsigned char *out, int *outl,
519 const unsigned char *in, int inl)
520 {
521 int i, j, bl, cmpl = inl;
522
523 if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
524 cmpl = (cmpl + 7) / 8;
525
526 bl = ctx->cipher->block_size;
527
528 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
529 /* If block size > 1 then the cipher will have to do this check */
530 if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
531 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
532 return 0;
533 }
534
535 i = ctx->cipher->do_cipher(ctx, out, in, inl);
536 if (i < 0)
537 return 0;
538 else
539 *outl = i;
540 return 1;
541 }
542
543 if (inl <= 0) {
544 *outl = 0;
545 return inl == 0;
546 }
547 if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
548 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
549 return 0;
550 }
551
552 if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
553 if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
554 *outl = inl;
555 return 1;
556 } else {
557 *outl = 0;
558 return 0;
559 }
560 }
561 i = ctx->buf_len;
562 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
563 if (i != 0) {
564 if (bl - i > inl) {
565 memcpy(&(ctx->buf[i]), in, inl);
566 ctx->buf_len += inl;
567 *outl = 0;
568 return 1;
569 } else {
570 j = bl - i;
571
572 /*
573 * Once we've processed the first j bytes from in, the amount of
574 * data left that is a multiple of the block length is:
575 * (inl - j) & ~(bl - 1)
576 * We must ensure that this amount of data, plus the one block that
577 * we process from ctx->buf does not exceed INT_MAX
578 */
579 if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
580 ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
581 return 0;
582 }
583 memcpy(&(ctx->buf[i]), in, j);
584 inl -= j;
585 in += j;
586 if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
587 return 0;
588 out += bl;
589 *outl = bl;
590 }
591 } else
592 *outl = 0;
593 i = inl & (bl - 1);
594 inl -= i;
595 if (inl > 0) {
596 if (!ctx->cipher->do_cipher(ctx, out, in, inl))
597 return 0;
598 *outl += inl;
599 }
600
601 if (i != 0)
602 memcpy(ctx->buf, &(in[inl]), i);
603 ctx->buf_len = i;
604 return 1;
605 }
606
607
EVP_EncryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)608 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
609 const unsigned char *in, int inl)
610 {
611 int ret;
612 size_t soutl, inl_ = (size_t)inl;
613 int blocksize;
614
615 if (outl != NULL) {
616 *outl = 0;
617 } else {
618 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
619 return 0;
620 }
621
622 /* Prevent accidental use of decryption context when encrypting */
623 if (!ctx->encrypt) {
624 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
625 return 0;
626 }
627
628 if (ctx->cipher == NULL) {
629 ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
630 return 0;
631 }
632
633 if (ctx->cipher->prov == NULL)
634 goto legacy;
635
636 blocksize = ctx->cipher->block_size;
637
638 if (ctx->cipher->cupdate == NULL || blocksize < 1) {
639 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
640 return 0;
641 }
642
643 ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
644 inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
645 in, inl_);
646
647 if (ret) {
648 if (soutl > INT_MAX) {
649 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
650 return 0;
651 }
652 *outl = soutl;
653 }
654
655 return ret;
656
657 /* Code below to be removed when legacy support is dropped. */
658 legacy:
659
660 return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
661 }
662
EVP_EncryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)663 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
664 {
665 int ret;
666 ret = EVP_EncryptFinal_ex(ctx, out, outl);
667 return ret;
668 }
669
EVP_EncryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)670 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
671 {
672 int n, ret;
673 unsigned int i, b, bl;
674 size_t soutl;
675 int blocksize;
676
677 if (outl != NULL) {
678 *outl = 0;
679 } else {
680 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
681 return 0;
682 }
683
684 /* Prevent accidental use of decryption context when encrypting */
685 if (!ctx->encrypt) {
686 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
687 return 0;
688 }
689
690 if (ctx->cipher == NULL) {
691 ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
692 return 0;
693 }
694 if (ctx->cipher->prov == NULL)
695 goto legacy;
696
697 blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
698
699 if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
700 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
701 return 0;
702 }
703
704 ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
705 blocksize == 1 ? 0 : blocksize);
706
707 if (ret) {
708 if (soutl > INT_MAX) {
709 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
710 return 0;
711 }
712 *outl = soutl;
713 }
714
715 return ret;
716
717 /* Code below to be removed when legacy support is dropped. */
718 legacy:
719
720 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
721 ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
722 if (ret < 0)
723 return 0;
724 else
725 *outl = ret;
726 return 1;
727 }
728
729 b = ctx->cipher->block_size;
730 OPENSSL_assert(b <= sizeof(ctx->buf));
731 if (b == 1) {
732 *outl = 0;
733 return 1;
734 }
735 bl = ctx->buf_len;
736 if (ctx->flags & EVP_CIPH_NO_PADDING) {
737 if (bl) {
738 ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
739 return 0;
740 }
741 *outl = 0;
742 return 1;
743 }
744
745 n = b - bl;
746 for (i = bl; i < b; i++)
747 ctx->buf[i] = n;
748 ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
749
750 if (ret)
751 *outl = b;
752
753 return ret;
754 }
755
EVP_DecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)756 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
757 const unsigned char *in, int inl)
758 {
759 int fix_len, cmpl = inl, ret;
760 unsigned int b;
761 size_t soutl, inl_ = (size_t)inl;
762 int blocksize;
763
764 if (outl != NULL) {
765 *outl = 0;
766 } else {
767 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
768 return 0;
769 }
770
771 /* Prevent accidental use of encryption context when decrypting */
772 if (ctx->encrypt) {
773 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
774 return 0;
775 }
776
777 if (ctx->cipher == NULL) {
778 ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
779 return 0;
780 }
781 if (ctx->cipher->prov == NULL)
782 goto legacy;
783
784 blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
785
786 if (ctx->cipher->cupdate == NULL || blocksize < 1) {
787 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
788 return 0;
789 }
790 ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
791 inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
792 in, inl_);
793
794 if (ret) {
795 if (soutl > INT_MAX) {
796 ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
797 return 0;
798 }
799 *outl = soutl;
800 }
801
802 return ret;
803
804 /* Code below to be removed when legacy support is dropped. */
805 legacy:
806
807 b = ctx->cipher->block_size;
808
809 if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
810 cmpl = (cmpl + 7) / 8;
811
812 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
813 if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
814 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
815 return 0;
816 }
817
818 fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
819 if (fix_len < 0) {
820 *outl = 0;
821 return 0;
822 } else
823 *outl = fix_len;
824 return 1;
825 }
826
827 if (inl <= 0) {
828 *outl = 0;
829 return inl == 0;
830 }
831
832 if (ctx->flags & EVP_CIPH_NO_PADDING)
833 return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
834
835 OPENSSL_assert(b <= sizeof(ctx->final));
836
837 if (ctx->final_used) {
838 /* see comment about PTRDIFF_T comparison above */
839 if (((PTRDIFF_T)out == (PTRDIFF_T)in)
840 || ossl_is_partially_overlapping(out, in, b)) {
841 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
842 return 0;
843 }
844 /*
845 * final_used is only ever set if buf_len is 0. Therefore the maximum
846 * length output we will ever see from evp_EncryptDecryptUpdate is
847 * the maximum multiple of the block length that is <= inl, or just:
848 * inl & ~(b - 1)
849 * Since final_used has been set then the final output length is:
850 * (inl & ~(b - 1)) + b
851 * This must never exceed INT_MAX
852 */
853 if ((inl & ~(b - 1)) > INT_MAX - b) {
854 ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
855 return 0;
856 }
857 memcpy(out, ctx->final, b);
858 out += b;
859 fix_len = 1;
860 } else
861 fix_len = 0;
862
863 if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
864 return 0;
865
866 /*
867 * if we have 'decrypted' a multiple of block size, make sure we have a
868 * copy of this last block
869 */
870 if (b > 1 && !ctx->buf_len) {
871 *outl -= b;
872 ctx->final_used = 1;
873 memcpy(ctx->final, &out[*outl], b);
874 } else
875 ctx->final_used = 0;
876
877 if (fix_len)
878 *outl += b;
879
880 return 1;
881 }
882
EVP_DecryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)883 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
884 {
885 int ret;
886 ret = EVP_DecryptFinal_ex(ctx, out, outl);
887 return ret;
888 }
889
EVP_DecryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)890 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
891 {
892 int i, n;
893 unsigned int b;
894 size_t soutl;
895 int ret;
896 int blocksize;
897
898 if (outl != NULL) {
899 *outl = 0;
900 } else {
901 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
902 return 0;
903 }
904
905 /* Prevent accidental use of encryption context when decrypting */
906 if (ctx->encrypt) {
907 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
908 return 0;
909 }
910
911 if (ctx->cipher == NULL) {
912 ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
913 return 0;
914 }
915
916 if (ctx->cipher->prov == NULL)
917 goto legacy;
918
919 blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
920
921 if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
922 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
923 return 0;
924 }
925
926 ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
927 blocksize == 1 ? 0 : blocksize);
928
929 if (ret) {
930 if (soutl > INT_MAX) {
931 ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
932 return 0;
933 }
934 *outl = soutl;
935 }
936
937 return ret;
938
939 /* Code below to be removed when legacy support is dropped. */
940 legacy:
941
942 *outl = 0;
943 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
944 i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
945 if (i < 0)
946 return 0;
947 else
948 *outl = i;
949 return 1;
950 }
951
952 b = ctx->cipher->block_size;
953 if (ctx->flags & EVP_CIPH_NO_PADDING) {
954 if (ctx->buf_len) {
955 ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
956 return 0;
957 }
958 *outl = 0;
959 return 1;
960 }
961 if (b > 1) {
962 if (ctx->buf_len || !ctx->final_used) {
963 ERR_raise(ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
964 return 0;
965 }
966 OPENSSL_assert(b <= sizeof(ctx->final));
967
968 /*
969 * The following assumes that the ciphertext has been authenticated.
970 * Otherwise it provides a padding oracle.
971 */
972 n = ctx->final[b - 1];
973 if (n == 0 || n > (int)b) {
974 ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
975 return 0;
976 }
977 for (i = 0; i < n; i++) {
978 if (ctx->final[--b] != n) {
979 ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
980 return 0;
981 }
982 }
983 n = ctx->cipher->block_size - n;
984 for (i = 0; i < n; i++)
985 out[i] = ctx->final[i];
986 *outl = n;
987 } else
988 *outl = 0;
989 return 1;
990 }
991
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int keylen)992 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
993 {
994 if (c->cipher->prov != NULL) {
995 int ok;
996 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
997 size_t len = keylen;
998
999 if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1000 return 1;
1001
1002 /* Check the cipher actually understands this parameter */
1003 if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
1004 OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
1005 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1006 return 0;
1007 }
1008
1009 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
1010 ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
1011
1012 return ok > 0 ? 1 : 0;
1013 }
1014
1015 /* Code below to be removed when legacy support is dropped. */
1016
1017 /*
1018 * Note there have never been any built-in ciphers that define this flag
1019 * since it was first introduced.
1020 */
1021 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
1022 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
1023 if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1024 return 1;
1025 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
1026 c->key_len = keylen;
1027 return 1;
1028 }
1029 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1030 return 0;
1031 }
1032
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX * ctx,int pad)1033 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
1034 {
1035 int ok;
1036 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1037 unsigned int pd = pad;
1038
1039 if (pad)
1040 ctx->flags &= ~EVP_CIPH_NO_PADDING;
1041 else
1042 ctx->flags |= EVP_CIPH_NO_PADDING;
1043
1044 if (ctx->cipher != NULL && ctx->cipher->prov == NULL)
1045 return 1;
1046 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd);
1047 ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1048
1049 return ok != 0;
1050 }
1051
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)1052 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1053 {
1054 int ret = EVP_CTRL_RET_UNSUPPORTED;
1055 int set_params = 1;
1056 size_t sz = arg;
1057 unsigned int i;
1058 OSSL_PARAM params[4] = {
1059 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
1060 };
1061
1062 if (ctx == NULL || ctx->cipher == NULL) {
1063 ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
1064 return 0;
1065 }
1066
1067 if (ctx->cipher->prov == NULL)
1068 goto legacy;
1069
1070 switch (type) {
1071 case EVP_CTRL_SET_KEY_LENGTH:
1072 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
1073 break;
1074 case EVP_CTRL_RAND_KEY: /* Used by DES */
1075 set_params = 0;
1076 params[0] =
1077 OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
1078 ptr, sz);
1079 break;
1080
1081 case EVP_CTRL_INIT:
1082 /*
1083 * EVP_CTRL_INIT is purely legacy, no provider counterpart.
1084 * As a matter of fact, this should be dead code, but some caller
1085 * might still do a direct control call with this command, so...
1086 * Legacy methods return 1 except for exceptional circumstances, so
1087 * we do the same here to not be disruptive.
1088 */
1089 return 1;
1090 case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
1091 default:
1092 goto end;
1093 case EVP_CTRL_AEAD_SET_IVLEN:
1094 if (arg < 0)
1095 return 0;
1096 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1097 ctx->iv_len = -1;
1098 break;
1099 case EVP_CTRL_CCM_SET_L:
1100 if (arg < 2 || arg > 8)
1101 return 0;
1102 sz = 15 - arg;
1103 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1104 ctx->iv_len = -1;
1105 break;
1106 case EVP_CTRL_AEAD_SET_IV_FIXED:
1107 params[0] = OSSL_PARAM_construct_octet_string(
1108 OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz);
1109 break;
1110 case EVP_CTRL_GCM_IV_GEN:
1111 set_params = 0;
1112 if (arg < 0)
1113 sz = 0; /* special case that uses the iv length */
1114 params[0] = OSSL_PARAM_construct_octet_string(
1115 OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz);
1116 break;
1117 case EVP_CTRL_GCM_SET_IV_INV:
1118 if (arg < 0)
1119 return 0;
1120 params[0] = OSSL_PARAM_construct_octet_string(
1121 OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz);
1122 break;
1123 case EVP_CTRL_GET_RC5_ROUNDS:
1124 set_params = 0; /* Fall thru */
1125 case EVP_CTRL_SET_RC5_ROUNDS:
1126 if (arg < 0)
1127 return 0;
1128 i = (unsigned int)arg;
1129 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i);
1130 break;
1131 case EVP_CTRL_SET_SPEED:
1132 if (arg < 0)
1133 return 0;
1134 i = (unsigned int)arg;
1135 params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_SPEED, &i);
1136 break;
1137 case EVP_CTRL_AEAD_GET_TAG:
1138 set_params = 0; /* Fall thru */
1139 case EVP_CTRL_AEAD_SET_TAG:
1140 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
1141 ptr, sz);
1142 break;
1143 case EVP_CTRL_AEAD_TLS1_AAD:
1144 /* This one does a set and a get - since it returns a size */
1145 params[0] =
1146 OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1147 ptr, sz);
1148 ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1149 if (ret <= 0)
1150 goto end;
1151 params[0] =
1152 OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
1153 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1154 if (ret <= 0)
1155 goto end;
1156 return sz;
1157 #ifndef OPENSSL_NO_RC2
1158 case EVP_CTRL_GET_RC2_KEY_BITS:
1159 set_params = 0; /* Fall thru */
1160 case EVP_CTRL_SET_RC2_KEY_BITS:
1161 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz);
1162 break;
1163 #endif /* OPENSSL_NO_RC2 */
1164 #if !defined(OPENSSL_NO_MULTIBLOCK)
1165 case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
1166 params[0] = OSSL_PARAM_construct_size_t(
1167 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz);
1168 ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1169 if (ret <= 0)
1170 return 0;
1171
1172 params[0] = OSSL_PARAM_construct_size_t(
1173 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz);
1174 params[1] = OSSL_PARAM_construct_end();
1175 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1176 if (ret <= 0)
1177 return 0;
1178 return sz;
1179 case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: {
1180 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1181 (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1182
1183 if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
1184 return 0;
1185
1186 params[0] = OSSL_PARAM_construct_octet_string(
1187 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len);
1188 params[1] = OSSL_PARAM_construct_uint(
1189 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1190 ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1191 if (ret <= 0)
1192 return ret;
1193 /* Retrieve the return values changed by the set */
1194 params[0] = OSSL_PARAM_construct_size_t(
1195 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz);
1196 params[1] = OSSL_PARAM_construct_uint(
1197 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1198 params[2] = OSSL_PARAM_construct_end();
1199 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1200 if (ret <= 0)
1201 return 0;
1202 return sz;
1203 }
1204 case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: {
1205 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1206 (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1207
1208 params[0] = OSSL_PARAM_construct_octet_string(
1209 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len);
1210
1211 params[1] = OSSL_PARAM_construct_octet_string(
1212 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp,
1213 p->len);
1214 params[2] = OSSL_PARAM_construct_uint(
1215 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1216 ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1217 if (ret <= 0)
1218 return ret;
1219 params[0] = OSSL_PARAM_construct_size_t(
1220 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz);
1221 params[1] = OSSL_PARAM_construct_end();
1222 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1223 if (ret <= 0)
1224 return 0;
1225 return sz;
1226 }
1227 #endif /* OPENSSL_NO_MULTIBLOCK */
1228 case EVP_CTRL_AEAD_SET_MAC_KEY:
1229 if (arg < 0)
1230 return -1;
1231 params[0] = OSSL_PARAM_construct_octet_string(
1232 OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz);
1233 break;
1234 }
1235
1236 if (set_params)
1237 ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1238 else
1239 ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1240 goto end;
1241
1242 /* Code below to be removed when legacy support is dropped. */
1243 legacy:
1244 if (ctx->cipher->ctrl == NULL) {
1245 ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
1246 return 0;
1247 }
1248
1249 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
1250
1251 end:
1252 if (ret == EVP_CTRL_RET_UNSUPPORTED) {
1253 ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
1254 return 0;
1255 }
1256 return ret;
1257 }
1258
EVP_CIPHER_get_params(EVP_CIPHER * cipher,OSSL_PARAM params[])1259 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
1260 {
1261 if (cipher != NULL && cipher->get_params != NULL)
1262 return cipher->get_params(params);
1263 return 0;
1264 }
1265
EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX * ctx,const OSSL_PARAM params[])1266 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
1267 {
1268 if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) {
1269 ctx->iv_len = -1;
1270 return ctx->cipher->set_ctx_params(ctx->algctx, params);
1271 }
1272 return 0;
1273 }
1274
EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX * ctx,OSSL_PARAM params[])1275 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
1276 {
1277 if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL)
1278 return ctx->cipher->get_ctx_params(ctx->algctx, params);
1279 return 0;
1280 }
1281
EVP_CIPHER_gettable_params(const EVP_CIPHER * cipher)1282 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
1283 {
1284 if (cipher != NULL && cipher->gettable_params != NULL)
1285 return cipher->gettable_params(
1286 ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)));
1287 return NULL;
1288 }
1289
EVP_CIPHER_settable_ctx_params(const EVP_CIPHER * cipher)1290 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher)
1291 {
1292 void *provctx;
1293
1294 if (cipher != NULL && cipher->settable_ctx_params != NULL) {
1295 provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1296 return cipher->settable_ctx_params(NULL, provctx);
1297 }
1298 return NULL;
1299 }
1300
EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER * cipher)1301 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher)
1302 {
1303 void *provctx;
1304
1305 if (cipher != NULL && cipher->gettable_ctx_params != NULL) {
1306 provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1307 return cipher->gettable_ctx_params(NULL, provctx);
1308 }
1309 return NULL;
1310 }
1311
EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX * cctx)1312 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx)
1313 {
1314 void *alg;
1315
1316 if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) {
1317 alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1318 return cctx->cipher->settable_ctx_params(cctx->algctx, alg);
1319 }
1320 return NULL;
1321 }
1322
EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX * cctx)1323 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx)
1324 {
1325 void *provctx;
1326
1327 if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) {
1328 provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1329 return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx);
1330 }
1331 return NULL;
1332 }
1333
1334 #ifndef FIPS_MODULE
EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX * ctx)1335 static OSSL_LIB_CTX *EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX *ctx)
1336 {
1337 const EVP_CIPHER *cipher = ctx->cipher;
1338 const OSSL_PROVIDER *prov;
1339
1340 if (cipher == NULL)
1341 return NULL;
1342
1343 prov = EVP_CIPHER_get0_provider(cipher);
1344 return ossl_provider_libctx(prov);
1345 }
1346 #endif
1347
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,unsigned char * key)1348 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
1349 {
1350 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1351 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1352
1353 #ifdef FIPS_MODULE
1354 return 0;
1355 #else
1356 {
1357 int kl;
1358 OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
1359
1360 kl = EVP_CIPHER_CTX_get_key_length(ctx);
1361 if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
1362 return 0;
1363 return 1;
1364 }
1365 #endif /* FIPS_MODULE */
1366 }
1367
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * out,const EVP_CIPHER_CTX * in)1368 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
1369 {
1370 if ((in == NULL) || (in->cipher == NULL)) {
1371 ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED);
1372 return 0;
1373 }
1374
1375 if (in->cipher->prov == NULL)
1376 goto legacy;
1377
1378 if (in->cipher->dupctx == NULL) {
1379 ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1380 return 0;
1381 }
1382
1383 EVP_CIPHER_CTX_reset(out);
1384
1385 *out = *in;
1386 out->algctx = NULL;
1387
1388 if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) {
1389 out->fetched_cipher = NULL;
1390 return 0;
1391 }
1392
1393 out->algctx = in->cipher->dupctx(in->algctx);
1394 if (out->algctx == NULL) {
1395 ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1396 return 0;
1397 }
1398
1399 return 1;
1400
1401 /* Code below to be removed when legacy support is dropped. */
1402 legacy:
1403
1404 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
1405 /* Make sure it's safe to copy a cipher context using an ENGINE */
1406 if (in->engine && !ENGINE_init(in->engine)) {
1407 ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
1408 return 0;
1409 }
1410 #endif
1411
1412 EVP_CIPHER_CTX_reset(out);
1413 memcpy(out, in, sizeof(*out));
1414
1415 if (in->cipher_data && in->cipher->ctx_size) {
1416 out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
1417 if (out->cipher_data == NULL) {
1418 out->cipher = NULL;
1419 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
1420 return 0;
1421 }
1422 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
1423 }
1424
1425 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
1426 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
1427 out->cipher = NULL;
1428 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
1429 return 0;
1430 }
1431 return 1;
1432 }
1433
evp_cipher_new(void)1434 EVP_CIPHER *evp_cipher_new(void)
1435 {
1436 EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
1437
1438 if (cipher != NULL) {
1439 cipher->lock = CRYPTO_THREAD_lock_new();
1440 if (cipher->lock == NULL) {
1441 OPENSSL_free(cipher);
1442 return NULL;
1443 }
1444 cipher->refcnt = 1;
1445 }
1446 return cipher;
1447 }
1448
1449 /*
1450 * FIPS module note: since internal fetches will be entirely
1451 * provider based, we know that none of its code depends on legacy
1452 * NIDs or any functionality that use them.
1453 */
1454 #ifndef FIPS_MODULE
1455 /* After removal of legacy support get rid of the need for legacy NIDs */
set_legacy_nid(const char * name,void * vlegacy_nid)1456 static void set_legacy_nid(const char *name, void *vlegacy_nid)
1457 {
1458 int nid;
1459 int *legacy_nid = vlegacy_nid;
1460 /*
1461 * We use lowest level function to get the associated method, because
1462 * higher level functions such as EVP_get_cipherbyname() have changed
1463 * to look at providers too.
1464 */
1465 const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
1466
1467 if (*legacy_nid == -1) /* We found a clash already */
1468 return;
1469 if (legacy_method == NULL)
1470 return;
1471 nid = EVP_CIPHER_get_nid(legacy_method);
1472 if (*legacy_nid != NID_undef && *legacy_nid != nid) {
1473 *legacy_nid = -1;
1474 return;
1475 }
1476 *legacy_nid = nid;
1477 }
1478 #endif
1479
evp_cipher_from_algorithm(const int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)1480 static void *evp_cipher_from_algorithm(const int name_id,
1481 const OSSL_ALGORITHM *algodef,
1482 OSSL_PROVIDER *prov)
1483 {
1484 const OSSL_DISPATCH *fns = algodef->implementation;
1485 EVP_CIPHER *cipher = NULL;
1486 int fnciphcnt = 0, fnctxcnt = 0;
1487
1488 if ((cipher = evp_cipher_new()) == NULL) {
1489 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
1490 return NULL;
1491 }
1492
1493 #ifndef FIPS_MODULE
1494 cipher->nid = NID_undef;
1495 if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid)
1496 || cipher->nid == -1) {
1497 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
1498 EVP_CIPHER_free(cipher);
1499 return NULL;
1500 }
1501 #endif
1502
1503 cipher->name_id = name_id;
1504 if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
1505 EVP_CIPHER_free(cipher);
1506 return NULL;
1507 }
1508 cipher->description = algodef->algorithm_description;
1509
1510 for (; fns->function_id != 0; fns++) {
1511 switch (fns->function_id) {
1512 case OSSL_FUNC_CIPHER_NEWCTX:
1513 if (cipher->newctx != NULL)
1514 break;
1515 cipher->newctx = OSSL_FUNC_cipher_newctx(fns);
1516 fnctxcnt++;
1517 break;
1518 case OSSL_FUNC_CIPHER_ENCRYPT_INIT:
1519 if (cipher->einit != NULL)
1520 break;
1521 cipher->einit = OSSL_FUNC_cipher_encrypt_init(fns);
1522 fnciphcnt++;
1523 break;
1524 case OSSL_FUNC_CIPHER_DECRYPT_INIT:
1525 if (cipher->dinit != NULL)
1526 break;
1527 cipher->dinit = OSSL_FUNC_cipher_decrypt_init(fns);
1528 fnciphcnt++;
1529 break;
1530 case OSSL_FUNC_CIPHER_UPDATE:
1531 if (cipher->cupdate != NULL)
1532 break;
1533 cipher->cupdate = OSSL_FUNC_cipher_update(fns);
1534 fnciphcnt++;
1535 break;
1536 case OSSL_FUNC_CIPHER_FINAL:
1537 if (cipher->cfinal != NULL)
1538 break;
1539 cipher->cfinal = OSSL_FUNC_cipher_final(fns);
1540 fnciphcnt++;
1541 break;
1542 case OSSL_FUNC_CIPHER_CIPHER:
1543 if (cipher->ccipher != NULL)
1544 break;
1545 cipher->ccipher = OSSL_FUNC_cipher_cipher(fns);
1546 break;
1547 case OSSL_FUNC_CIPHER_FREECTX:
1548 if (cipher->freectx != NULL)
1549 break;
1550 cipher->freectx = OSSL_FUNC_cipher_freectx(fns);
1551 fnctxcnt++;
1552 break;
1553 case OSSL_FUNC_CIPHER_DUPCTX:
1554 if (cipher->dupctx != NULL)
1555 break;
1556 cipher->dupctx = OSSL_FUNC_cipher_dupctx(fns);
1557 break;
1558 case OSSL_FUNC_CIPHER_GET_PARAMS:
1559 if (cipher->get_params != NULL)
1560 break;
1561 cipher->get_params = OSSL_FUNC_cipher_get_params(fns);
1562 break;
1563 case OSSL_FUNC_CIPHER_GET_CTX_PARAMS:
1564 if (cipher->get_ctx_params != NULL)
1565 break;
1566 cipher->get_ctx_params = OSSL_FUNC_cipher_get_ctx_params(fns);
1567 break;
1568 case OSSL_FUNC_CIPHER_SET_CTX_PARAMS:
1569 if (cipher->set_ctx_params != NULL)
1570 break;
1571 cipher->set_ctx_params = OSSL_FUNC_cipher_set_ctx_params(fns);
1572 break;
1573 case OSSL_FUNC_CIPHER_GETTABLE_PARAMS:
1574 if (cipher->gettable_params != NULL)
1575 break;
1576 cipher->gettable_params = OSSL_FUNC_cipher_gettable_params(fns);
1577 break;
1578 case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS:
1579 if (cipher->gettable_ctx_params != NULL)
1580 break;
1581 cipher->gettable_ctx_params =
1582 OSSL_FUNC_cipher_gettable_ctx_params(fns);
1583 break;
1584 case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS:
1585 if (cipher->settable_ctx_params != NULL)
1586 break;
1587 cipher->settable_ctx_params =
1588 OSSL_FUNC_cipher_settable_ctx_params(fns);
1589 break;
1590 }
1591 }
1592 if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
1593 || (fnciphcnt == 0 && cipher->ccipher == NULL)
1594 || fnctxcnt != 2) {
1595 /*
1596 * In order to be a consistent set of functions we must have at least
1597 * a complete set of "encrypt" functions, or a complete set of "decrypt"
1598 * functions, or a single "cipher" function. In all cases we need both
1599 * the "newctx" and "freectx" functions.
1600 */
1601 EVP_CIPHER_free(cipher);
1602 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
1603 return NULL;
1604 }
1605 cipher->prov = prov;
1606 if (prov != NULL)
1607 ossl_provider_up_ref(prov);
1608
1609 if (!evp_cipher_cache_constants(cipher)) {
1610 EVP_CIPHER_free(cipher);
1611 ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
1612 cipher = NULL;
1613 }
1614
1615 return cipher;
1616 }
1617
evp_cipher_up_ref(void * cipher)1618 static int evp_cipher_up_ref(void *cipher)
1619 {
1620 return EVP_CIPHER_up_ref(cipher);
1621 }
1622
evp_cipher_free(void * cipher)1623 static void evp_cipher_free(void *cipher)
1624 {
1625 EVP_CIPHER_free(cipher);
1626 }
1627
EVP_CIPHER_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)1628 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
1629 const char *properties)
1630 {
1631 EVP_CIPHER *cipher =
1632 evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties,
1633 evp_cipher_from_algorithm, evp_cipher_up_ref,
1634 evp_cipher_free);
1635
1636 return cipher;
1637 }
1638
EVP_CIPHER_up_ref(EVP_CIPHER * cipher)1639 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher)
1640 {
1641 int ref = 0;
1642
1643 if (cipher->origin == EVP_ORIG_DYNAMIC)
1644 CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
1645 return 1;
1646 }
1647
evp_cipher_free_int(EVP_CIPHER * cipher)1648 void evp_cipher_free_int(EVP_CIPHER *cipher)
1649 {
1650 OPENSSL_free(cipher->type_name);
1651 ossl_provider_free(cipher->prov);
1652 CRYPTO_THREAD_lock_free(cipher->lock);
1653 OPENSSL_free(cipher);
1654 }
1655
EVP_CIPHER_free(EVP_CIPHER * cipher)1656 void EVP_CIPHER_free(EVP_CIPHER *cipher)
1657 {
1658 int i;
1659
1660 if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC)
1661 return;
1662
1663 CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
1664 if (i > 0)
1665 return;
1666 evp_cipher_free_int(cipher);
1667 }
1668
EVP_CIPHER_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_CIPHER * mac,void * arg),void * arg)1669 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
1670 void (*fn)(EVP_CIPHER *mac, void *arg),
1671 void *arg)
1672 {
1673 evp_generic_do_all(libctx, OSSL_OP_CIPHER,
1674 (void (*)(void *, void *))fn, arg,
1675 evp_cipher_from_algorithm, evp_cipher_up_ref,
1676 evp_cipher_free);
1677 }
1678