1 /* $OpenBSD: evp_enc.c,v 1.43 2019/04/14 17:16:57 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <stdlib.h> 61 #include <string.h> 62 63 #include <sys/types.h> 64 65 #include <openssl/opensslconf.h> 66 67 #include <openssl/err.h> 68 #include <openssl/evp.h> 69 70 #ifndef OPENSSL_NO_ENGINE 71 #include <openssl/engine.h> 72 #endif 73 74 #include "evp_locl.h" 75 76 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) 77 78 int 79 EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 80 const unsigned char *key, const unsigned char *iv, int enc) 81 { 82 if (cipher) 83 EVP_CIPHER_CTX_init(ctx); 84 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); 85 } 86 87 int 88 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 89 const unsigned char *key, const unsigned char *iv, int enc) 90 { 91 if (enc == -1) 92 enc = ctx->encrypt; 93 else { 94 if (enc) 95 enc = 1; 96 ctx->encrypt = enc; 97 } 98 #ifndef OPENSSL_NO_ENGINE 99 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts 100 * so this context may already have an ENGINE! Try to avoid releasing 101 * the previous handle, re-querying for an ENGINE, and having a 102 * reinitialisation, when it may all be unecessary. */ 103 if (ctx->engine && ctx->cipher && 104 (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) 105 goto skip_to_init; 106 #endif 107 if (cipher) { 108 /* Ensure a context left lying around from last time is cleared 109 * (the previous check attempted to avoid this if the same 110 * ENGINE and EVP_CIPHER could be used). */ 111 if (ctx->cipher) { 112 unsigned long flags = ctx->flags; 113 EVP_CIPHER_CTX_cleanup(ctx); 114 /* Restore encrypt and flags */ 115 ctx->encrypt = enc; 116 ctx->flags = flags; 117 } 118 #ifndef OPENSSL_NO_ENGINE 119 if (impl) { 120 if (!ENGINE_init(impl)) { 121 EVPerror(EVP_R_INITIALIZATION_ERROR); 122 return 0; 123 } 124 } else 125 /* Ask if an ENGINE is reserved for this job */ 126 impl = ENGINE_get_cipher_engine(cipher->nid); 127 if (impl) { 128 /* There's an ENGINE for this job ... (apparently) */ 129 const EVP_CIPHER *c = 130 ENGINE_get_cipher(impl, cipher->nid); 131 if (!c) { 132 EVPerror(EVP_R_INITIALIZATION_ERROR); 133 return 0; 134 } 135 /* We'll use the ENGINE's private cipher definition */ 136 cipher = c; 137 /* Store the ENGINE functional reference so we know 138 * 'cipher' came from an ENGINE and we need to release 139 * it when done. */ 140 ctx->engine = impl; 141 } else 142 ctx->engine = NULL; 143 #endif 144 145 ctx->cipher = cipher; 146 if (ctx->cipher->ctx_size) { 147 ctx->cipher_data = calloc(1, ctx->cipher->ctx_size); 148 if (ctx->cipher_data == NULL) { 149 EVPerror(ERR_R_MALLOC_FAILURE); 150 return 0; 151 } 152 } else { 153 ctx->cipher_data = NULL; 154 } 155 ctx->key_len = cipher->key_len; 156 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; 157 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { 158 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { 159 EVPerror(EVP_R_INITIALIZATION_ERROR); 160 return 0; 161 } 162 } 163 } else if (!ctx->cipher) { 164 EVPerror(EVP_R_NO_CIPHER_SET); 165 return 0; 166 } 167 #ifndef OPENSSL_NO_ENGINE 168 skip_to_init: 169 #endif 170 /* we assume block size is a power of 2 in *cryptUpdate */ 171 if (ctx->cipher->block_size != 1 && 172 ctx->cipher->block_size != 8 && 173 ctx->cipher->block_size != 16) { 174 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 175 return 0; 176 } 177 178 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) && 179 EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { 180 EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED); 181 return 0; 182 } 183 184 if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { 185 switch (EVP_CIPHER_CTX_mode(ctx)) { 186 187 case EVP_CIPH_STREAM_CIPHER: 188 case EVP_CIPH_ECB_MODE: 189 break; 190 191 case EVP_CIPH_CFB_MODE: 192 case EVP_CIPH_OFB_MODE: 193 194 ctx->num = 0; 195 /* fall-through */ 196 197 case EVP_CIPH_CBC_MODE: 198 199 if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > 200 sizeof(ctx->iv)) { 201 EVPerror(EVP_R_IV_TOO_LARGE); 202 return 0; 203 } 204 if (iv) 205 memcpy(ctx->oiv, iv, 206 EVP_CIPHER_CTX_iv_length(ctx)); 207 memcpy(ctx->iv, ctx->oiv, 208 EVP_CIPHER_CTX_iv_length(ctx)); 209 break; 210 211 case EVP_CIPH_CTR_MODE: 212 ctx->num = 0; 213 /* Don't reuse IV for CTR mode */ 214 if (iv) 215 memcpy(ctx->iv, iv, 216 EVP_CIPHER_CTX_iv_length(ctx)); 217 break; 218 219 default: 220 return 0; 221 break; 222 } 223 } 224 225 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 226 if (!ctx->cipher->init(ctx, key, iv, enc)) 227 return 0; 228 } 229 ctx->buf_len = 0; 230 ctx->final_used = 0; 231 ctx->block_mask = ctx->cipher->block_size - 1; 232 return 1; 233 } 234 235 int 236 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 237 const unsigned char *in, int inl) 238 { 239 if (ctx->encrypt) 240 return EVP_EncryptUpdate(ctx, out, outl, in, inl); 241 else 242 return EVP_DecryptUpdate(ctx, out, outl, in, inl); 243 } 244 245 int 246 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 247 { 248 if (ctx->encrypt) 249 return EVP_EncryptFinal_ex(ctx, out, outl); 250 else 251 return EVP_DecryptFinal_ex(ctx, out, outl); 252 } 253 254 __warn_references(EVP_CipherFinal, 255 "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup"); 256 257 int 258 EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 259 { 260 int ret; 261 if (ctx->encrypt) 262 ret = EVP_EncryptFinal_ex(ctx, out, outl); 263 else 264 ret = EVP_DecryptFinal_ex(ctx, out, outl); 265 return ret; 266 } 267 268 int 269 EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 270 const unsigned char *key, const unsigned char *iv) 271 { 272 return EVP_CipherInit(ctx, cipher, key, iv, 1); 273 } 274 275 int 276 EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 277 const unsigned char *key, const unsigned char *iv) 278 { 279 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); 280 } 281 282 int 283 EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 284 const unsigned char *key, const unsigned char *iv) 285 { 286 return EVP_CipherInit(ctx, cipher, key, iv, 0); 287 } 288 289 int 290 EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 291 const unsigned char *key, const unsigned char *iv) 292 { 293 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); 294 } 295 296 int 297 EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 298 const unsigned char *in, int inl) 299 { 300 int i, j, bl; 301 302 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 303 i = M_do_cipher(ctx, out, in, inl); 304 if (i < 0) 305 return 0; 306 else 307 *outl = i; 308 return 1; 309 } 310 311 if (inl <= 0) { 312 *outl = 0; 313 return inl == 0; 314 } 315 316 if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { 317 if (M_do_cipher(ctx, out, in, inl)) { 318 *outl = inl; 319 return 1; 320 } else { 321 *outl = 0; 322 return 0; 323 } 324 } 325 i = ctx->buf_len; 326 bl = ctx->cipher->block_size; 327 if ((size_t)bl > sizeof(ctx->buf)) { 328 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 329 *outl = 0; 330 return 0; 331 } 332 if (i != 0) { 333 if (bl - i > inl) { 334 memcpy(&(ctx->buf[i]), in, inl); 335 ctx->buf_len += inl; 336 *outl = 0; 337 return 1; 338 } else { 339 j = bl - i; 340 memcpy(&(ctx->buf[i]), in, j); 341 if (!M_do_cipher(ctx, out, ctx->buf, bl)) 342 return 0; 343 inl -= j; 344 in += j; 345 out += bl; 346 *outl = bl; 347 } 348 } else 349 *outl = 0; 350 i = inl&(bl - 1); 351 inl -= i; 352 if (inl > 0) { 353 if (!M_do_cipher(ctx, out, in, inl)) 354 return 0; 355 *outl += inl; 356 } 357 358 if (i != 0) 359 memcpy(ctx->buf, &(in[inl]), i); 360 ctx->buf_len = i; 361 return 1; 362 } 363 364 __warn_references(EVP_EncryptFinal, 365 "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup"); 366 367 int 368 EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 369 { 370 int ret; 371 372 ret = EVP_EncryptFinal_ex(ctx, out, outl); 373 return ret; 374 } 375 376 int 377 EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 378 { 379 int n, ret; 380 unsigned int i, b, bl; 381 382 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 383 ret = M_do_cipher(ctx, out, NULL, 0); 384 if (ret < 0) 385 return 0; 386 else 387 *outl = ret; 388 return 1; 389 } 390 391 b = ctx->cipher->block_size; 392 if (b > sizeof ctx->buf) { 393 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 394 return 0; 395 } 396 if (b == 1) { 397 *outl = 0; 398 return 1; 399 } 400 bl = ctx->buf_len; 401 if (ctx->flags & EVP_CIPH_NO_PADDING) { 402 if (bl) { 403 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 404 return 0; 405 } 406 *outl = 0; 407 return 1; 408 } 409 410 n = b - bl; 411 for (i = bl; i < b; i++) 412 ctx->buf[i] = n; 413 ret = M_do_cipher(ctx, out, ctx->buf, b); 414 415 416 if (ret) 417 *outl = b; 418 419 return ret; 420 } 421 422 int 423 EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 424 const unsigned char *in, int inl) 425 { 426 int fix_len; 427 unsigned int b; 428 429 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 430 fix_len = M_do_cipher(ctx, out, in, inl); 431 if (fix_len < 0) { 432 *outl = 0; 433 return 0; 434 } else 435 *outl = fix_len; 436 return 1; 437 } 438 439 if (inl <= 0) { 440 *outl = 0; 441 return inl == 0; 442 } 443 444 if (ctx->flags & EVP_CIPH_NO_PADDING) 445 return EVP_EncryptUpdate(ctx, out, outl, in, inl); 446 447 b = ctx->cipher->block_size; 448 if (b > sizeof ctx->final) { 449 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 450 return 0; 451 } 452 453 if (ctx->final_used) { 454 memcpy(out, ctx->final, b); 455 out += b; 456 fix_len = 1; 457 } else 458 fix_len = 0; 459 460 461 if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) 462 return 0; 463 464 /* if we have 'decrypted' a multiple of block size, make sure 465 * we have a copy of this last block */ 466 if (b > 1 && !ctx->buf_len) { 467 *outl -= b; 468 ctx->final_used = 1; 469 memcpy(ctx->final, &out[*outl], b); 470 } else 471 ctx->final_used = 0; 472 473 if (fix_len) 474 *outl += b; 475 476 return 1; 477 } 478 479 __warn_references(EVP_DecryptFinal, 480 "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup"); 481 482 int 483 EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 484 { 485 int ret; 486 487 ret = EVP_DecryptFinal_ex(ctx, out, outl); 488 return ret; 489 } 490 491 int 492 EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 493 { 494 int i, n; 495 unsigned int b; 496 *outl = 0; 497 498 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 499 i = M_do_cipher(ctx, out, NULL, 0); 500 if (i < 0) 501 return 0; 502 else 503 *outl = i; 504 return 1; 505 } 506 507 b = ctx->cipher->block_size; 508 if (ctx->flags & EVP_CIPH_NO_PADDING) { 509 if (ctx->buf_len) { 510 EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 511 return 0; 512 } 513 *outl = 0; 514 return 1; 515 } 516 if (b > 1) { 517 if (ctx->buf_len || !ctx->final_used) { 518 EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH); 519 return (0); 520 } 521 if (b > sizeof ctx->final) { 522 EVPerror(EVP_R_BAD_BLOCK_LENGTH); 523 return 0; 524 } 525 n = ctx->final[b - 1]; 526 if (n == 0 || n > (int)b) { 527 EVPerror(EVP_R_BAD_DECRYPT); 528 return (0); 529 } 530 for (i = 0; i < n; i++) { 531 if (ctx->final[--b] != n) { 532 EVPerror(EVP_R_BAD_DECRYPT); 533 return (0); 534 } 535 } 536 n = ctx->cipher->block_size - n; 537 for (i = 0; i < n; i++) 538 out[i] = ctx->final[i]; 539 *outl = n; 540 } else 541 *outl = 0; 542 return (1); 543 } 544 545 EVP_CIPHER_CTX * 546 EVP_CIPHER_CTX_new(void) 547 { 548 return calloc(1, sizeof(EVP_CIPHER_CTX)); 549 } 550 551 void 552 EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) 553 { 554 if (ctx == NULL) 555 return; 556 557 EVP_CIPHER_CTX_cleanup(ctx); 558 559 free(ctx); 560 } 561 562 void 563 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 564 { 565 memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); 566 } 567 568 int 569 EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a) 570 { 571 return EVP_CIPHER_CTX_cleanup(a); 572 } 573 574 int 575 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 576 { 577 if (c->cipher != NULL) { 578 if (c->cipher->cleanup && !c->cipher->cleanup(c)) 579 return 0; 580 /* Cleanse cipher context data */ 581 if (c->cipher_data) 582 explicit_bzero(c->cipher_data, c->cipher->ctx_size); 583 } 584 /* XXX - store size of cipher_data so we can always freezero(). */ 585 free(c->cipher_data); 586 #ifndef OPENSSL_NO_ENGINE 587 ENGINE_finish(c->engine); 588 #endif 589 explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); 590 return 1; 591 } 592 593 int 594 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) 595 { 596 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 597 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, 598 keylen, NULL); 599 if (c->key_len == keylen) 600 return 1; 601 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { 602 c->key_len = keylen; 603 return 1; 604 } 605 EVPerror(EVP_R_INVALID_KEY_LENGTH); 606 return 0; 607 } 608 609 int 610 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) 611 { 612 if (pad) 613 ctx->flags &= ~EVP_CIPH_NO_PADDING; 614 else 615 ctx->flags |= EVP_CIPH_NO_PADDING; 616 return 1; 617 } 618 619 int 620 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 621 { 622 int ret; 623 624 if (!ctx->cipher) { 625 EVPerror(EVP_R_NO_CIPHER_SET); 626 return 0; 627 } 628 629 if (!ctx->cipher->ctrl) { 630 EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); 631 return 0; 632 } 633 634 ret = ctx->cipher->ctrl(ctx, type, arg, ptr); 635 if (ret == -1) { 636 EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); 637 return 0; 638 } 639 return ret; 640 } 641 642 int 643 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) 644 { 645 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 646 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 647 arc4random_buf(key, ctx->key_len); 648 return 1; 649 } 650 651 int 652 EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) 653 { 654 if ((in == NULL) || (in->cipher == NULL)) { 655 EVPerror(EVP_R_INPUT_NOT_INITIALIZED); 656 return 0; 657 } 658 #ifndef OPENSSL_NO_ENGINE 659 /* Make sure it's safe to copy a cipher context using an ENGINE */ 660 if (in->engine && !ENGINE_init(in->engine)) { 661 EVPerror(ERR_R_ENGINE_LIB); 662 return 0; 663 } 664 #endif 665 666 EVP_CIPHER_CTX_cleanup(out); 667 memcpy(out, in, sizeof *out); 668 669 if (in->cipher_data && in->cipher->ctx_size) { 670 out->cipher_data = calloc(1, in->cipher->ctx_size); 671 if (out->cipher_data == NULL) { 672 EVPerror(ERR_R_MALLOC_FAILURE); 673 return 0; 674 } 675 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); 676 } 677 678 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { 679 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 680 0, out)) { 681 /* 682 * If the custom copy control failed, assume that there 683 * may still be pointers copied in the cipher_data that 684 * we do not own. This may result in a leak from a bad 685 * custom copy control, but that's preferable to a 686 * double free... 687 */ 688 freezero(out->cipher_data, in->cipher->ctx_size); 689 out->cipher_data = NULL; 690 return 0; 691 } 692 } 693 694 return 1; 695 } 696