1 /* $OpenBSD: evp_enc.c,v 1.44 2021/02/18 19:12:29 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <limits.h>
60 #include <stdio.h>
61 #include <stdlib.h>
62 #include <string.h>
63
64 #include <sys/types.h>
65
66 #include <openssl/opensslconf.h>
67
68 #include <openssl/err.h>
69 #include <openssl/evp.h>
70
71 #ifndef OPENSSL_NO_ENGINE
72 #include <openssl/engine.h>
73 #endif
74
75 #include "evp_locl.h"
76
77 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
78
79 int
EVP_CipherInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc)80 EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
81 const unsigned char *key, const unsigned char *iv, int enc)
82 {
83 if (cipher)
84 EVP_CIPHER_CTX_init(ctx);
85 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
86 }
87
88 int
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)89 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
90 const unsigned char *key, const unsigned char *iv, int enc)
91 {
92 if (enc == -1)
93 enc = ctx->encrypt;
94 else {
95 if (enc)
96 enc = 1;
97 ctx->encrypt = enc;
98 }
99 #ifndef OPENSSL_NO_ENGINE
100 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
101 * so this context may already have an ENGINE! Try to avoid releasing
102 * the previous handle, re-querying for an ENGINE, and having a
103 * reinitialisation, when it may all be unecessary. */
104 if (ctx->engine && ctx->cipher &&
105 (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
106 goto skip_to_init;
107 #endif
108 if (cipher) {
109 /* Ensure a context left lying around from last time is cleared
110 * (the previous check attempted to avoid this if the same
111 * ENGINE and EVP_CIPHER could be used). */
112 if (ctx->cipher) {
113 unsigned long flags = ctx->flags;
114 EVP_CIPHER_CTX_cleanup(ctx);
115 /* Restore encrypt and flags */
116 ctx->encrypt = enc;
117 ctx->flags = flags;
118 }
119 #ifndef OPENSSL_NO_ENGINE
120 if (impl) {
121 if (!ENGINE_init(impl)) {
122 EVPerror(EVP_R_INITIALIZATION_ERROR);
123 return 0;
124 }
125 } else
126 /* Ask if an ENGINE is reserved for this job */
127 impl = ENGINE_get_cipher_engine(cipher->nid);
128 if (impl) {
129 /* There's an ENGINE for this job ... (apparently) */
130 const EVP_CIPHER *c =
131 ENGINE_get_cipher(impl, cipher->nid);
132 if (!c) {
133 EVPerror(EVP_R_INITIALIZATION_ERROR);
134 return 0;
135 }
136 /* We'll use the ENGINE's private cipher definition */
137 cipher = c;
138 /* Store the ENGINE functional reference so we know
139 * 'cipher' came from an ENGINE and we need to release
140 * it when done. */
141 ctx->engine = impl;
142 } else
143 ctx->engine = NULL;
144 #endif
145
146 ctx->cipher = cipher;
147 if (ctx->cipher->ctx_size) {
148 ctx->cipher_data = calloc(1, ctx->cipher->ctx_size);
149 if (ctx->cipher_data == NULL) {
150 EVPerror(ERR_R_MALLOC_FAILURE);
151 return 0;
152 }
153 } else {
154 ctx->cipher_data = NULL;
155 }
156 ctx->key_len = cipher->key_len;
157 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
158 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
159 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
160 EVPerror(EVP_R_INITIALIZATION_ERROR);
161 return 0;
162 }
163 }
164 } else if (!ctx->cipher) {
165 EVPerror(EVP_R_NO_CIPHER_SET);
166 return 0;
167 }
168 #ifndef OPENSSL_NO_ENGINE
169 skip_to_init:
170 #endif
171 /* we assume block size is a power of 2 in *cryptUpdate */
172 if (ctx->cipher->block_size != 1 &&
173 ctx->cipher->block_size != 8 &&
174 ctx->cipher->block_size != 16) {
175 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
176 return 0;
177 }
178
179 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) &&
180 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
181 EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED);
182 return 0;
183 }
184
185 if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
186 switch (EVP_CIPHER_CTX_mode(ctx)) {
187
188 case EVP_CIPH_STREAM_CIPHER:
189 case EVP_CIPH_ECB_MODE:
190 break;
191
192 case EVP_CIPH_CFB_MODE:
193 case EVP_CIPH_OFB_MODE:
194
195 ctx->num = 0;
196 /* fall-through */
197
198 case EVP_CIPH_CBC_MODE:
199
200 if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) >
201 sizeof(ctx->iv)) {
202 EVPerror(EVP_R_IV_TOO_LARGE);
203 return 0;
204 }
205 if (iv)
206 memcpy(ctx->oiv, iv,
207 EVP_CIPHER_CTX_iv_length(ctx));
208 memcpy(ctx->iv, ctx->oiv,
209 EVP_CIPHER_CTX_iv_length(ctx));
210 break;
211
212 case EVP_CIPH_CTR_MODE:
213 ctx->num = 0;
214 /* Don't reuse IV for CTR mode */
215 if (iv)
216 memcpy(ctx->iv, iv,
217 EVP_CIPHER_CTX_iv_length(ctx));
218 break;
219
220 default:
221 return 0;
222 break;
223 }
224 }
225
226 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
227 if (!ctx->cipher->init(ctx, key, iv, enc))
228 return 0;
229 }
230 ctx->buf_len = 0;
231 ctx->final_used = 0;
232 ctx->block_mask = ctx->cipher->block_size - 1;
233 return 1;
234 }
235
236 int
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)237 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
238 const unsigned char *in, int inl)
239 {
240 if (ctx->encrypt)
241 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
242 else
243 return EVP_DecryptUpdate(ctx, out, outl, in, inl);
244 }
245
246 int
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)247 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
248 {
249 if (ctx->encrypt)
250 return EVP_EncryptFinal_ex(ctx, out, outl);
251 else
252 return EVP_DecryptFinal_ex(ctx, out, outl);
253 }
254
255 __warn_references(EVP_CipherFinal,
256 "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup");
257
258 int
EVP_CipherFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)259 EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
260 {
261 int ret;
262 if (ctx->encrypt)
263 ret = EVP_EncryptFinal_ex(ctx, out, outl);
264 else
265 ret = EVP_DecryptFinal_ex(ctx, out, outl);
266 return ret;
267 }
268
269 int
EVP_EncryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)270 EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
271 const unsigned char *key, const unsigned char *iv)
272 {
273 return EVP_CipherInit(ctx, cipher, key, iv, 1);
274 }
275
276 int
EVP_EncryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)277 EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
278 const unsigned char *key, const unsigned char *iv)
279 {
280 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
281 }
282
283 int
EVP_DecryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)284 EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
285 const unsigned char *key, const unsigned char *iv)
286 {
287 return EVP_CipherInit(ctx, cipher, key, iv, 0);
288 }
289
290 int
EVP_DecryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)291 EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
292 const unsigned char *key, const unsigned char *iv)
293 {
294 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
295 }
296
297 int
EVP_EncryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)298 EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
299 const unsigned char *in, int inl)
300 {
301 int i, j, bl;
302
303 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
304 i = M_do_cipher(ctx, out, in, inl);
305 if (i < 0)
306 return 0;
307 else
308 *outl = i;
309 return 1;
310 }
311
312 if (inl <= 0) {
313 *outl = 0;
314 return inl == 0;
315 }
316
317 if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) {
318 if (M_do_cipher(ctx, out, in, inl)) {
319 *outl = inl;
320 return 1;
321 } else {
322 *outl = 0;
323 return 0;
324 }
325 }
326 i = ctx->buf_len;
327 bl = ctx->cipher->block_size;
328 if ((size_t)bl > sizeof(ctx->buf)) {
329 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
330 *outl = 0;
331 return 0;
332 }
333 if (i != 0) {
334 if (bl - i > inl) {
335 memcpy(&(ctx->buf[i]), in, inl);
336 ctx->buf_len += inl;
337 *outl = 0;
338 return 1;
339 } else {
340 j = bl - i;
341
342 /*
343 * Once we've processed the first j bytes from in, the
344 * amount of data left that is a multiple of the block
345 * length is (inl - j) & ~(bl - 1). Ensure this plus
346 * the block processed from ctx-buf doesn't overflow.
347 */
348 if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
349 EVPerror(EVP_R_TOO_LARGE);
350 return 0;
351 }
352 memcpy(&(ctx->buf[i]), in, j);
353 if (!M_do_cipher(ctx, out, ctx->buf, bl))
354 return 0;
355 inl -= j;
356 in += j;
357 out += bl;
358 *outl = bl;
359 }
360 } else
361 *outl = 0;
362 i = inl&(bl - 1);
363 inl -= i;
364 if (inl > 0) {
365 if (!M_do_cipher(ctx, out, in, inl))
366 return 0;
367 *outl += inl;
368 }
369
370 if (i != 0)
371 memcpy(ctx->buf, &(in[inl]), i);
372 ctx->buf_len = i;
373 return 1;
374 }
375
376 __warn_references(EVP_EncryptFinal,
377 "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup");
378
379 int
EVP_EncryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)380 EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
381 {
382 int ret;
383
384 ret = EVP_EncryptFinal_ex(ctx, out, outl);
385 return ret;
386 }
387
388 int
EVP_EncryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)389 EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
390 {
391 int n, ret;
392 unsigned int i, b, bl;
393
394 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
395 ret = M_do_cipher(ctx, out, NULL, 0);
396 if (ret < 0)
397 return 0;
398 else
399 *outl = ret;
400 return 1;
401 }
402
403 b = ctx->cipher->block_size;
404 if (b > sizeof ctx->buf) {
405 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
406 return 0;
407 }
408 if (b == 1) {
409 *outl = 0;
410 return 1;
411 }
412 bl = ctx->buf_len;
413 if (ctx->flags & EVP_CIPH_NO_PADDING) {
414 if (bl) {
415 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
416 return 0;
417 }
418 *outl = 0;
419 return 1;
420 }
421
422 n = b - bl;
423 for (i = bl; i < b; i++)
424 ctx->buf[i] = n;
425 ret = M_do_cipher(ctx, out, ctx->buf, b);
426
427
428 if (ret)
429 *outl = b;
430
431 return ret;
432 }
433
434 int
EVP_DecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)435 EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
436 const unsigned char *in, int inl)
437 {
438 int fix_len;
439 unsigned int b;
440
441 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
442 fix_len = M_do_cipher(ctx, out, in, inl);
443 if (fix_len < 0) {
444 *outl = 0;
445 return 0;
446 } else
447 *outl = fix_len;
448 return 1;
449 }
450
451 if (inl <= 0) {
452 *outl = 0;
453 return inl == 0;
454 }
455
456 if (ctx->flags & EVP_CIPH_NO_PADDING)
457 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
458
459 b = ctx->cipher->block_size;
460 if (b > sizeof ctx->final) {
461 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
462 return 0;
463 }
464
465 if (ctx->final_used) {
466 /*
467 * final_used is only ever set if buf_len is 0. Therefore the
468 * maximum length output we will ever see from EVP_EncryptUpdate
469 * is inl & ~(b - 1). Since final_used is set, the final output
470 * length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow.
471 */
472 if ((inl & ~(b - 1)) > INT_MAX - b) {
473 EVPerror(EVP_R_TOO_LARGE);
474 return 0;
475 }
476 memcpy(out, ctx->final, b);
477 out += b;
478 fix_len = 1;
479 } else
480 fix_len = 0;
481
482
483 if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
484 return 0;
485
486 /* if we have 'decrypted' a multiple of block size, make sure
487 * we have a copy of this last block */
488 if (b > 1 && !ctx->buf_len) {
489 *outl -= b;
490 ctx->final_used = 1;
491 memcpy(ctx->final, &out[*outl], b);
492 } else
493 ctx->final_used = 0;
494
495 if (fix_len)
496 *outl += b;
497
498 return 1;
499 }
500
501 __warn_references(EVP_DecryptFinal,
502 "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup");
503
504 int
EVP_DecryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)505 EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
506 {
507 int ret;
508
509 ret = EVP_DecryptFinal_ex(ctx, out, outl);
510 return ret;
511 }
512
513 int
EVP_DecryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)514 EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
515 {
516 int i, n;
517 unsigned int b;
518 *outl = 0;
519
520 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
521 i = M_do_cipher(ctx, out, NULL, 0);
522 if (i < 0)
523 return 0;
524 else
525 *outl = i;
526 return 1;
527 }
528
529 b = ctx->cipher->block_size;
530 if (ctx->flags & EVP_CIPH_NO_PADDING) {
531 if (ctx->buf_len) {
532 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
533 return 0;
534 }
535 *outl = 0;
536 return 1;
537 }
538 if (b > 1) {
539 if (ctx->buf_len || !ctx->final_used) {
540 EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH);
541 return (0);
542 }
543 if (b > sizeof ctx->final) {
544 EVPerror(EVP_R_BAD_BLOCK_LENGTH);
545 return 0;
546 }
547 n = ctx->final[b - 1];
548 if (n == 0 || n > (int)b) {
549 EVPerror(EVP_R_BAD_DECRYPT);
550 return (0);
551 }
552 for (i = 0; i < n; i++) {
553 if (ctx->final[--b] != n) {
554 EVPerror(EVP_R_BAD_DECRYPT);
555 return (0);
556 }
557 }
558 n = ctx->cipher->block_size - n;
559 for (i = 0; i < n; i++)
560 out[i] = ctx->final[i];
561 *outl = n;
562 } else
563 *outl = 0;
564 return (1);
565 }
566
567 EVP_CIPHER_CTX *
EVP_CIPHER_CTX_new(void)568 EVP_CIPHER_CTX_new(void)
569 {
570 return calloc(1, sizeof(EVP_CIPHER_CTX));
571 }
572
573 void
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * ctx)574 EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
575 {
576 if (ctx == NULL)
577 return;
578
579 EVP_CIPHER_CTX_cleanup(ctx);
580
581 free(ctx);
582 }
583
584 void
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX * ctx)585 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
586 {
587 memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
588 }
589
590 int
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX * a)591 EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a)
592 {
593 return EVP_CIPHER_CTX_cleanup(a);
594 }
595
596 int
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX * c)597 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
598 {
599 if (c->cipher != NULL) {
600 if (c->cipher->cleanup && !c->cipher->cleanup(c))
601 return 0;
602 /* Cleanse cipher context data */
603 if (c->cipher_data)
604 explicit_bzero(c->cipher_data, c->cipher->ctx_size);
605 }
606 /* XXX - store size of cipher_data so we can always freezero(). */
607 free(c->cipher_data);
608 #ifndef OPENSSL_NO_ENGINE
609 ENGINE_finish(c->engine);
610 #endif
611 explicit_bzero(c, sizeof(EVP_CIPHER_CTX));
612 return 1;
613 }
614
615 int
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int keylen)616 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
617 {
618 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
619 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH,
620 keylen, NULL);
621 if (c->key_len == keylen)
622 return 1;
623 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
624 c->key_len = keylen;
625 return 1;
626 }
627 EVPerror(EVP_R_INVALID_KEY_LENGTH);
628 return 0;
629 }
630
631 int
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX * ctx,int pad)632 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
633 {
634 if (pad)
635 ctx->flags &= ~EVP_CIPH_NO_PADDING;
636 else
637 ctx->flags |= EVP_CIPH_NO_PADDING;
638 return 1;
639 }
640
641 int
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)642 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
643 {
644 int ret;
645
646 if (!ctx->cipher) {
647 EVPerror(EVP_R_NO_CIPHER_SET);
648 return 0;
649 }
650
651 if (!ctx->cipher->ctrl) {
652 EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED);
653 return 0;
654 }
655
656 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
657 if (ret == -1) {
658 EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
659 return 0;
660 }
661 return ret;
662 }
663
664 int
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,unsigned char * key)665 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
666 {
667 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
668 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
669 arc4random_buf(key, ctx->key_len);
670 return 1;
671 }
672
673 int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * out,const EVP_CIPHER_CTX * in)674 EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
675 {
676 if ((in == NULL) || (in->cipher == NULL)) {
677 EVPerror(EVP_R_INPUT_NOT_INITIALIZED);
678 return 0;
679 }
680 #ifndef OPENSSL_NO_ENGINE
681 /* Make sure it's safe to copy a cipher context using an ENGINE */
682 if (in->engine && !ENGINE_init(in->engine)) {
683 EVPerror(ERR_R_ENGINE_LIB);
684 return 0;
685 }
686 #endif
687
688 EVP_CIPHER_CTX_cleanup(out);
689 memcpy(out, in, sizeof *out);
690
691 if (in->cipher_data && in->cipher->ctx_size) {
692 out->cipher_data = calloc(1, in->cipher->ctx_size);
693 if (out->cipher_data == NULL) {
694 EVPerror(ERR_R_MALLOC_FAILURE);
695 return 0;
696 }
697 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
698 }
699
700 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) {
701 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY,
702 0, out)) {
703 /*
704 * If the custom copy control failed, assume that there
705 * may still be pointers copied in the cipher_data that
706 * we do not own. This may result in a leak from a bad
707 * custom copy control, but that's preferable to a
708 * double free...
709 */
710 freezero(out->cipher_data, in->cipher->ctx_size);
711 out->cipher_data = NULL;
712 return 0;
713 }
714 }
715
716 return 1;
717 }
718