1 /* $OpenBSD: evp_enc.c,v 1.47 2022/09/13 04:59:18 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <limits.h> 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 64 #include <sys/types.h> 65 66 #include <openssl/opensslconf.h> 67 68 #include <openssl/err.h> 69 #include <openssl/evp.h> 70 71 #ifndef OPENSSL_NO_ENGINE 72 #include <openssl/engine.h> 73 #endif 74 75 #include "evp_locl.h" 76 77 int 78 EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 79 const unsigned char *key, const unsigned char *iv, int enc) 80 { 81 if (cipher) 82 EVP_CIPHER_CTX_init(ctx); 83 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); 84 } 85 86 int 87 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 88 const unsigned char *key, const unsigned char *iv, int enc) 89 { 90 if (enc == -1) 91 enc = ctx->encrypt; 92 else { 93 if (enc) 94 enc = 1; 95 ctx->encrypt = enc; 96 } 97 #ifndef OPENSSL_NO_ENGINE 98 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts 99 * so this context may already have an ENGINE! Try to avoid releasing 100 * the previous handle, re-querying for an ENGINE, and having a 101 * reinitialisation, when it may all be unecessary. */ 102 if (ctx->engine && ctx->cipher && 103 (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) 104 goto skip_to_init; 105 #endif 106 if (cipher) { 107 /* Ensure a context left lying around from last time is cleared 108 * (the previous check attempted to avoid this if the same 109 * ENGINE and EVP_CIPHER could be used). */ 110 if (ctx->cipher) { 111 unsigned long flags = ctx->flags; 112 EVP_CIPHER_CTX_cleanup(ctx); 113 /* Restore encrypt and flags */ 114 ctx->encrypt = enc; 115 ctx->flags = flags; 116 } 117 #ifndef OPENSSL_NO_ENGINE 118 if (impl) { 119 if (!ENGINE_init(impl)) { 120 EVPerror(EVP_R_INITIALIZATION_ERROR); 121 return 0; 122 } 123 } else 124 /* Ask if an ENGINE is reserved for this job */ 125 impl = ENGINE_get_cipher_engine(cipher->nid); 126 if (impl) { 127 /* There's an ENGINE for this job ... (apparently) */ 128 const EVP_CIPHER *c = 129 ENGINE_get_cipher(impl, cipher->nid); 130 if (!c) { 131 EVPerror(EVP_R_INITIALIZATION_ERROR); 132 return 0; 133 } 134 /* We'll use the ENGINE's private cipher definition */ 135 cipher = c; 136 /* Store the ENGINE functional reference so we know 137 * 'cipher' came from an ENGINE and we need to release 138 * it when done. */ 139 ctx->engine = impl; 140 } else 141 ctx->engine = NULL; 142 #endif 143 144 ctx->cipher = cipher; 145 if (ctx->cipher->ctx_size) { 146 ctx->cipher_data = calloc(1, ctx->cipher->ctx_size); 147 if (ctx->cipher_data == NULL) { 148 EVPerror(ERR_R_MALLOC_FAILURE); 149 return 0; 150 } 151 } else { 152 ctx->cipher_data = NULL; 153 } 154 ctx->key_len = cipher->key_len; 155 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; 156 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { 157 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { 158 EVPerror(EVP_R_INITIALIZATION_ERROR); 159 return 0; 160 } 161 } 162 } else if (!ctx->cipher) { 163 EVPerror(EVP_R_NO_CIPHER_SET); 164 return 0; 165 } 166 #ifndef OPENSSL_NO_ENGINE 167 skip_to_init: 168 #endif 169 /* we assume block size is a power of 2 in *cryptUpdate */ 170 if (ctx->cipher->block_size != 1 && 171 ctx->cipher->block_size != 8 && 172 ctx->cipher->block_size != 16) { 173 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 174 return 0; 175 } 176 177 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) && 178 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { 179 EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED); 180 return 0; 181 } 182 183 if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { 184 switch (EVP_CIPHER_CTX_mode(ctx)) { 185 186 case EVP_CIPH_STREAM_CIPHER: 187 case EVP_CIPH_ECB_MODE: 188 break; 189 190 case EVP_CIPH_CFB_MODE: 191 case EVP_CIPH_OFB_MODE: 192 193 ctx->num = 0; 194 /* fall-through */ 195 196 case EVP_CIPH_CBC_MODE: 197 198 if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > 199 sizeof(ctx->iv)) { 200 EVPerror(EVP_R_IV_TOO_LARGE); 201 return 0; 202 } 203 if (iv) 204 memcpy(ctx->oiv, iv, 205 EVP_CIPHER_CTX_iv_length(ctx)); 206 memcpy(ctx->iv, ctx->oiv, 207 EVP_CIPHER_CTX_iv_length(ctx)); 208 break; 209 210 case EVP_CIPH_CTR_MODE: 211 ctx->num = 0; 212 /* Don't reuse IV for CTR mode */ 213 if (iv) 214 memcpy(ctx->iv, iv, 215 EVP_CIPHER_CTX_iv_length(ctx)); 216 break; 217 218 default: 219 return 0; 220 break; 221 } 222 } 223 224 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 225 if (!ctx->cipher->init(ctx, key, iv, enc)) 226 return 0; 227 } 228 ctx->buf_len = 0; 229 ctx->final_used = 0; 230 ctx->block_mask = ctx->cipher->block_size - 1; 231 return 1; 232 } 233 234 int 235 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 236 const unsigned char *in, int inl) 237 { 238 if (ctx->encrypt) 239 return EVP_EncryptUpdate(ctx, out, outl, in, inl); 240 else 241 return EVP_DecryptUpdate(ctx, out, outl, in, inl); 242 } 243 244 int 245 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 246 { 247 if (ctx->encrypt) 248 return EVP_EncryptFinal_ex(ctx, out, outl); 249 else 250 return EVP_DecryptFinal_ex(ctx, out, outl); 251 } 252 253 __warn_references(EVP_CipherFinal, 254 "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup"); 255 256 int 257 EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 258 { 259 int ret; 260 if (ctx->encrypt) 261 ret = EVP_EncryptFinal_ex(ctx, out, outl); 262 else 263 ret = EVP_DecryptFinal_ex(ctx, out, outl); 264 return ret; 265 } 266 267 int 268 EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 269 const unsigned char *key, const unsigned char *iv) 270 { 271 return EVP_CipherInit(ctx, cipher, key, iv, 1); 272 } 273 274 int 275 EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 276 const unsigned char *key, const unsigned char *iv) 277 { 278 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); 279 } 280 281 int 282 EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 283 const unsigned char *key, const unsigned char *iv) 284 { 285 return EVP_CipherInit(ctx, cipher, key, iv, 0); 286 } 287 288 int 289 EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 290 const unsigned char *key, const unsigned char *iv) 291 { 292 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); 293 } 294 295 int 296 EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 297 const unsigned char *in, int inl) 298 { 299 int i, j, bl; 300 301 *outl = 0; 302 303 if (inl < 0) 304 return 0; 305 306 if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) 307 return 1; 308 309 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 310 i = ctx->cipher->do_cipher(ctx, out, in, inl); 311 if (i < 0) 312 return 0; 313 else 314 *outl = i; 315 return 1; 316 } 317 318 if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { 319 if (ctx->cipher->do_cipher(ctx, out, in, inl)) { 320 *outl = inl; 321 return 1; 322 } else { 323 *outl = 0; 324 return 0; 325 } 326 } 327 i = ctx->buf_len; 328 bl = ctx->cipher->block_size; 329 if ((size_t)bl > sizeof(ctx->buf)) { 330 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 331 *outl = 0; 332 return 0; 333 } 334 if (i != 0) { 335 if (bl - i > inl) { 336 memcpy(&(ctx->buf[i]), in, inl); 337 ctx->buf_len += inl; 338 *outl = 0; 339 return 1; 340 } else { 341 j = bl - i; 342 343 /* 344 * Once we've processed the first j bytes from in, the 345 * amount of data left that is a multiple of the block 346 * length is (inl - j) & ~(bl - 1). Ensure this plus 347 * the block processed from ctx-buf doesn't overflow. 348 */ 349 if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { 350 EVPerror(EVP_R_TOO_LARGE); 351 return 0; 352 } 353 memcpy(&(ctx->buf[i]), in, j); 354 if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) 355 return 0; 356 inl -= j; 357 in += j; 358 out += bl; 359 *outl = bl; 360 } 361 } else 362 *outl = 0; 363 i = inl&(bl - 1); 364 inl -= i; 365 if (inl > 0) { 366 if (!ctx->cipher->do_cipher(ctx, out, in, inl)) 367 return 0; 368 *outl += inl; 369 } 370 371 if (i != 0) 372 memcpy(ctx->buf, &(in[inl]), i); 373 ctx->buf_len = i; 374 return 1; 375 } 376 377 __warn_references(EVP_EncryptFinal, 378 "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup"); 379 380 int 381 EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 382 { 383 int ret; 384 385 ret = EVP_EncryptFinal_ex(ctx, out, outl); 386 return ret; 387 } 388 389 int 390 EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 391 { 392 int n, ret; 393 unsigned int i, b, bl; 394 395 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 396 ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); 397 if (ret < 0) 398 return 0; 399 else 400 *outl = ret; 401 return 1; 402 } 403 404 b = ctx->cipher->block_size; 405 if (b > sizeof ctx->buf) { 406 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 407 return 0; 408 } 409 if (b == 1) { 410 *outl = 0; 411 return 1; 412 } 413 bl = ctx->buf_len; 414 if (ctx->flags & EVP_CIPH_NO_PADDING) { 415 if (bl) { 416 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 417 return 0; 418 } 419 *outl = 0; 420 return 1; 421 } 422 423 n = b - bl; 424 for (i = bl; i < b; i++) 425 ctx->buf[i] = n; 426 ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); 427 428 429 if (ret) 430 *outl = b; 431 432 return ret; 433 } 434 435 int 436 EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 437 const unsigned char *in, int inl) 438 { 439 int fix_len; 440 unsigned int b; 441 442 *outl = 0; 443 444 if (inl < 0) 445 return 0; 446 447 if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) 448 return 1; 449 450 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 451 fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); 452 if (fix_len < 0) { 453 *outl = 0; 454 return 0; 455 } else 456 *outl = fix_len; 457 return 1; 458 } 459 460 if (ctx->flags & EVP_CIPH_NO_PADDING) 461 return EVP_EncryptUpdate(ctx, out, outl, in, inl); 462 463 b = ctx->cipher->block_size; 464 if (b > sizeof ctx->final) { 465 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 466 return 0; 467 } 468 469 if (ctx->final_used) { 470 /* 471 * final_used is only ever set if buf_len is 0. Therefore the 472 * maximum length output we will ever see from EVP_EncryptUpdate 473 * is inl & ~(b - 1). Since final_used is set, the final output 474 * length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow. 475 */ 476 if ((inl & ~(b - 1)) > INT_MAX - b) { 477 EVPerror(EVP_R_TOO_LARGE); 478 return 0; 479 } 480 memcpy(out, ctx->final, b); 481 out += b; 482 fix_len = 1; 483 } else 484 fix_len = 0; 485 486 487 if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) 488 return 0; 489 490 /* if we have 'decrypted' a multiple of block size, make sure 491 * we have a copy of this last block */ 492 if (b > 1 && !ctx->buf_len) { 493 *outl -= b; 494 ctx->final_used = 1; 495 memcpy(ctx->final, &out[*outl], b); 496 } else 497 ctx->final_used = 0; 498 499 if (fix_len) 500 *outl += b; 501 502 return 1; 503 } 504 505 __warn_references(EVP_DecryptFinal, 506 "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup"); 507 508 int 509 EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 510 { 511 int ret; 512 513 ret = EVP_DecryptFinal_ex(ctx, out, outl); 514 return ret; 515 } 516 517 int 518 EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 519 { 520 int i, n; 521 unsigned int b; 522 *outl = 0; 523 524 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 525 i = ctx->cipher->do_cipher(ctx, out, NULL, 0); 526 if (i < 0) 527 return 0; 528 else 529 *outl = i; 530 return 1; 531 } 532 533 b = ctx->cipher->block_size; 534 if (ctx->flags & EVP_CIPH_NO_PADDING) { 535 if (ctx->buf_len) { 536 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 537 return 0; 538 } 539 *outl = 0; 540 return 1; 541 } 542 if (b > 1) { 543 if (ctx->buf_len || !ctx->final_used) { 544 EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH); 545 return (0); 546 } 547 if (b > sizeof ctx->final) { 548 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 549 return 0; 550 } 551 n = ctx->final[b - 1]; 552 if (n == 0 || n > (int)b) { 553 EVPerror(EVP_R_BAD_DECRYPT); 554 return (0); 555 } 556 for (i = 0; i < n; i++) { 557 if (ctx->final[--b] != n) { 558 EVPerror(EVP_R_BAD_DECRYPT); 559 return (0); 560 } 561 } 562 n = ctx->cipher->block_size - n; 563 for (i = 0; i < n; i++) 564 out[i] = ctx->final[i]; 565 *outl = n; 566 } else 567 *outl = 0; 568 return (1); 569 } 570 571 EVP_CIPHER_CTX * 572 EVP_CIPHER_CTX_new(void) 573 { 574 return calloc(1, sizeof(EVP_CIPHER_CTX)); 575 } 576 577 void 578 EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) 579 { 580 if (ctx == NULL) 581 return; 582 583 EVP_CIPHER_CTX_cleanup(ctx); 584 585 free(ctx); 586 } 587 588 void 589 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 590 { 591 memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); 592 } 593 594 int 595 EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a) 596 { 597 return EVP_CIPHER_CTX_cleanup(a); 598 } 599 600 int 601 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 602 { 603 if (c->cipher != NULL) { 604 if (c->cipher->cleanup != NULL) 605 c->cipher->cleanup(c); 606 if (c->cipher_data != NULL) 607 explicit_bzero(c->cipher_data, c->cipher->ctx_size); 608 } 609 610 /* XXX - store size of cipher_data so we can always freezero(). */ 611 free(c->cipher_data); 612 613 #ifndef OPENSSL_NO_ENGINE 614 ENGINE_finish(c->engine); 615 #endif 616 617 explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); 618 619 return 1; 620 } 621 622 int 623 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) 624 { 625 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 626 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, 627 keylen, NULL); 628 if (c->key_len == keylen) 629 return 1; 630 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { 631 c->key_len = keylen; 632 return 1; 633 } 634 EVPerror(EVP_R_INVALID_KEY_LENGTH); 635 return 0; 636 } 637 638 int 639 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) 640 { 641 if (pad) 642 ctx->flags &= ~EVP_CIPH_NO_PADDING; 643 else 644 ctx->flags |= EVP_CIPH_NO_PADDING; 645 return 1; 646 } 647 648 int 649 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 650 { 651 int ret; 652 653 if (!ctx->cipher) { 654 EVPerror(EVP_R_NO_CIPHER_SET); 655 return 0; 656 } 657 658 if (!ctx->cipher->ctrl) { 659 EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); 660 return 0; 661 } 662 663 ret = ctx->cipher->ctrl(ctx, type, arg, ptr); 664 if (ret == -1) { 665 EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); 666 return 0; 667 } 668 return ret; 669 } 670 671 int 672 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) 673 { 674 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 675 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 676 arc4random_buf(key, ctx->key_len); 677 return 1; 678 } 679 680 int 681 EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) 682 { 683 if ((in == NULL) || (in->cipher == NULL)) { 684 EVPerror(EVP_R_INPUT_NOT_INITIALIZED); 685 return 0; 686 } 687 #ifndef OPENSSL_NO_ENGINE 688 /* Make sure it's safe to copy a cipher context using an ENGINE */ 689 if (in->engine && !ENGINE_init(in->engine)) { 690 EVPerror(ERR_R_ENGINE_LIB); 691 return 0; 692 } 693 #endif 694 695 EVP_CIPHER_CTX_cleanup(out); 696 memcpy(out, in, sizeof *out); 697 698 if (in->cipher_data && in->cipher->ctx_size) { 699 out->cipher_data = calloc(1, in->cipher->ctx_size); 700 if (out->cipher_data == NULL) { 701 EVPerror(ERR_R_MALLOC_FAILURE); 702 return 0; 703 } 704 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); 705 } 706 707 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { 708 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 709 0, out)) { 710 /* 711 * If the custom copy control failed, assume that there 712 * may still be pointers copied in the cipher_data that 713 * we do not own. This may result in a leak from a bad 714 * custom copy control, but that's preferable to a 715 * double free... 716 */ 717 freezero(out->cipher_data, in->cipher->ctx_size); 718 out->cipher_data = NULL; 719 return 0; 720 } 721 } 722 723 return 1; 724 } 725