1190214Srpaulo/* crypto/evp/evp_enc.c */ 2190214Srpaulo/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3190214Srpaulo * All rights reserved. 4190214Srpaulo * 5190214Srpaulo * This package is an SSL implementation written 6190214Srpaulo * by Eric Young (eay@cryptsoft.com). 7190214Srpaulo * The implementation was written so as to conform with Netscapes SSL. 8190214Srpaulo * 9190214Srpaulo * This library is free for commercial and non-commercial use as long as 10190214Srpaulo * the following conditions are aheared to. The following conditions 11190214Srpaulo * apply to all code found in this distribution, be it the RC4, RSA, 12190214Srpaulo * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13190214Srpaulo * included with this distribution is covered by the same copyright terms 14190214Srpaulo * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15190214Srpaulo * 16190214Srpaulo * Copyright remains Eric Young's, and as such any Copyright notices in 17190214Srpaulo * the code are not to be removed. 18190214Srpaulo * If this package is used in a product, Eric Young should be given attribution 19190214Srpaulo * as the author of the parts of the library used. 20190214Srpaulo * This can be in the form of a textual message at program startup or 21190214Srpaulo * in documentation (online or textual) provided with the package. 22190214Srpaulo * 23190214Srpaulo * Redistribution and use in source and binary forms, with or without 24190214Srpaulo * modification, are permitted provided that the following conditions 25190214Srpaulo * are met: 26190214Srpaulo * 1. Redistributions of source code must retain the copyright 27190214Srpaulo * notice, this list of conditions and the following disclaimer. 28190214Srpaulo * 2. Redistributions in binary form must reproduce the above copyright 29190214Srpaulo * notice, this list of conditions and the following disclaimer in the 30190214Srpaulo * documentation and/or other materials provided with the distribution. 31190214Srpaulo * 3. All advertising materials mentioning features or use of this software 32190214Srpaulo * must display the following acknowledgement: 33190214Srpaulo * "This product includes cryptographic software written by 34214518Srpaulo * Eric Young (eay@cryptsoft.com)" 35190214Srpaulo * The word 'cryptographic' can be left out if the rouines from the library 36190214Srpaulo * being used are not cryptographic related :-). 37190214Srpaulo * 4. If you include any Windows specific code (or a derivative thereof) from 38190214Srpaulo * the apps directory (application code) you must include an acknowledgement: 39190214Srpaulo * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40190214Srpaulo * 41190214Srpaulo * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42190214Srpaulo * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43190214Srpaulo * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44190214Srpaulo * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45190214Srpaulo * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46190214Srpaulo * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47190214Srpaulo * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48190214Srpaulo * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49190214Srpaulo * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50190640Srpaulo * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51190214Srpaulo * SUCH DAMAGE. 52190214Srpaulo * 53190214Srpaulo * The licence and distribution terms for any publically available version or 54190214Srpaulo * derivative of this code cannot be changed. i.e. this code cannot simply be 55190214Srpaulo * copied and put under another distribution licence 56190214Srpaulo * [including the GNU Public Licence.] 57190214Srpaulo */ 58214518Srpaulo 59214518Srpaulo#include <stdio.h> 60214518Srpaulo#include "cryptlib.h" 61214518Srpaulo#include <openssl/evp.h> 62214518Srpaulo#include <openssl/err.h> 63214518Srpaulo#include <openssl/rand.h> 64214518Srpaulo#ifndef OPENSSL_NO_ENGINE 65190214Srpaulo# include <openssl/engine.h> 66190214Srpaulo#endif 67190214Srpaulo#ifdef OPENSSL_FIPS 68190214Srpaulo# include <openssl/fips.h> 69190214Srpaulo#endif 70190214Srpaulo#include "evp_locl.h" 71190214Srpaulo 72190214Srpaulo#ifdef OPENSSL_FIPS 73190214Srpaulo# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) 74190214Srpaulo#else 75190214Srpaulo# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) 76190214Srpaulo#endif 77190214Srpaulo 78190214Srpauloconst char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; 79190214Srpaulo 80190214Srpaulovoid EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 81190214Srpaulo{ 82190214Srpaulo memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); 83190214Srpaulo /* ctx->cipher=NULL; */ 84190214Srpaulo} 85190214Srpaulo 86190214SrpauloEVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) 87190214Srpaulo{ 88190214Srpaulo EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); 89190214Srpaulo if (ctx) 90190214Srpaulo EVP_CIPHER_CTX_init(ctx); 91190214Srpaulo return ctx; 92190214Srpaulo} 93190214Srpaulo 94190214Srpauloint EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 95190214Srpaulo const unsigned char *key, const unsigned char *iv, int enc) 96190214Srpaulo{ 97190214Srpaulo if (cipher) 98190214Srpaulo EVP_CIPHER_CTX_init(ctx); 99190214Srpaulo return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); 100190214Srpaulo} 101190214Srpaulo 102190214Srpauloint EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 103190214Srpaulo ENGINE *impl, const unsigned char *key, 104190214Srpaulo const unsigned char *iv, int enc) 105190214Srpaulo{ 106190214Srpaulo if (enc == -1) 107190214Srpaulo enc = ctx->encrypt; 108190214Srpaulo else { 109190214Srpaulo if (enc) 110190214Srpaulo enc = 1; 111190214Srpaulo ctx->encrypt = enc; 112190214Srpaulo } 113190214Srpaulo#ifndef OPENSSL_NO_ENGINE 114251129Sdelphij /* 115190214Srpaulo * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so 116251129Sdelphij * this context may already have an ENGINE! Try to avoid releasing the 117190214Srpaulo * previous handle, re-querying for an ENGINE, and having a 118251129Sdelphij * reinitialisation, when it may all be unecessary. 119251129Sdelphij */ 120251129Sdelphij if (ctx->engine && ctx->cipher && (!cipher || 121190214Srpaulo (cipher 122190214Srpaulo && (cipher->nid == 123190214Srpaulo ctx->cipher->nid)))) 124190214Srpaulo goto skip_to_init; 125190214Srpaulo#endif 126190214Srpaulo if (cipher) { 127190214Srpaulo /* 128190214Srpaulo * Ensure a context left lying around from last time is cleared (the 129190214Srpaulo * previous check attempted to avoid this if the same ENGINE and 130190214Srpaulo * EVP_CIPHER could be used). 131190214Srpaulo */ 132190214Srpaulo if (ctx->cipher) { 133190214Srpaulo unsigned long flags = ctx->flags; 134190214Srpaulo EVP_CIPHER_CTX_cleanup(ctx); 135190214Srpaulo /* Restore encrypt and flags */ 136190214Srpaulo ctx->encrypt = enc; 137190214Srpaulo ctx->flags = flags; 138190214Srpaulo } 139190214Srpaulo#ifndef OPENSSL_NO_ENGINE 140190214Srpaulo if (impl) { 141190214Srpaulo if (!ENGINE_init(impl)) { 142190214Srpaulo EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); 143190214Srpaulo return 0; 144190214Srpaulo } 145190214Srpaulo } else 146190214Srpaulo /* Ask if an ENGINE is reserved for this job */ 147190214Srpaulo impl = ENGINE_get_cipher_engine(cipher->nid); 148190214Srpaulo if (impl) { 149190214Srpaulo /* There's an ENGINE for this job ... (apparently) */ 150190214Srpaulo const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); 151190214Srpaulo if (!c) { 152190214Srpaulo /* 153190214Srpaulo * One positive side-effect of US's export control history, 154190214Srpaulo * is that we should at least be able to avoid using US 155190214Srpaulo * mispellings of "initialisation"? 156190214Srpaulo */ 157190214Srpaulo EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); 158190214Srpaulo return 0; 159190214Srpaulo } 160190214Srpaulo /* We'll use the ENGINE's private cipher definition */ 161190214Srpaulo cipher = c; 162190214Srpaulo /* 163190214Srpaulo * Store the ENGINE functional reference so we know 'cipher' came 164190214Srpaulo * from an ENGINE and we need to release it when done. 165190214Srpaulo */ 166190214Srpaulo ctx->engine = impl; 167190214Srpaulo } else 168190214Srpaulo ctx->engine = NULL; 169190214Srpaulo#endif 170190214Srpaulo 171190214Srpaulo#ifdef OPENSSL_FIPS 172214518Srpaulo if (FIPS_mode()) 173190214Srpaulo return FIPS_cipherinit(ctx, cipher, key, iv, enc); 174190214Srpaulo#endif 175190214Srpaulo ctx->cipher = cipher; 176190214Srpaulo if (ctx->cipher->ctx_size) { 177190214Srpaulo ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); 178190214Srpaulo if (!ctx->cipher_data) { 179190214Srpaulo EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); 180190214Srpaulo return 0; 181190214Srpaulo } 182190214Srpaulo } else { 183190214Srpaulo ctx->cipher_data = NULL; 184190214Srpaulo } 185190214Srpaulo ctx->key_len = cipher->key_len; 186190214Srpaulo ctx->flags = 0; 187190214Srpaulo if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { 188190214Srpaulo if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { 189190214Srpaulo EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); 190190214Srpaulo return 0; 191190214Srpaulo } 192190214Srpaulo } 193190214Srpaulo } else if (!ctx->cipher) { 194190214Srpaulo EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); 195190214Srpaulo return 0; 196190214Srpaulo } 197190214Srpaulo#ifndef OPENSSL_NO_ENGINE 198190214Srpaulo skip_to_init: 199190214Srpaulo#endif 200190214Srpaulo#ifdef OPENSSL_FIPS 201190214Srpaulo if (FIPS_mode()) 202190214Srpaulo return FIPS_cipherinit(ctx, cipher, key, iv, enc); 203190214Srpaulo#endif 204190214Srpaulo /* we assume block size is a power of 2 in *cryptUpdate */ 205190214Srpaulo OPENSSL_assert(ctx->cipher->block_size == 1 206190214Srpaulo || ctx->cipher->block_size == 8 207190214Srpaulo || ctx->cipher->block_size == 16); 208190214Srpaulo 209190214Srpaulo if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { 210190214Srpaulo switch (EVP_CIPHER_CTX_mode(ctx)) { 211190214Srpaulo 212190214Srpaulo case EVP_CIPH_STREAM_CIPHER: 213190214Srpaulo case EVP_CIPH_ECB_MODE: 214190214Srpaulo break; 215190214Srpaulo 216190214Srpaulo case EVP_CIPH_CFB_MODE: 217190214Srpaulo case EVP_CIPH_OFB_MODE: 218190214Srpaulo 219190214Srpaulo ctx->num = 0; 220190214Srpaulo /* fall-through */ 221190214Srpaulo 222190214Srpaulo case EVP_CIPH_CBC_MODE: 223190214Srpaulo 224190214Srpaulo OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= 225190214Srpaulo (int)sizeof(ctx->iv)); 226190214Srpaulo if (iv) 227190214Srpaulo memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 228190214Srpaulo memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 229190214Srpaulo break; 230190214Srpaulo 231190214Srpaulo case EVP_CIPH_CTR_MODE: 232190214Srpaulo ctx->num = 0; 233190214Srpaulo /* Don't reuse IV for CTR mode */ 234190214Srpaulo if (iv) 235190214Srpaulo memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 236190214Srpaulo break; 237190214Srpaulo 238190214Srpaulo default: 239190214Srpaulo return 0; 240190214Srpaulo break; 241190214Srpaulo } 242190214Srpaulo } 243190214Srpaulo 244190214Srpaulo if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 245190214Srpaulo if (!ctx->cipher->init(ctx, key, iv, enc)) 246190214Srpaulo return 0; 247190214Srpaulo } 248190214Srpaulo ctx->buf_len = 0; 249190214Srpaulo ctx->final_used = 0; 250190214Srpaulo ctx->block_mask = ctx->cipher->block_size - 1; 251190214Srpaulo return 1; 252190214Srpaulo} 253235426Sdelphij 254235426Sdelphijint EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 255190214Srpaulo const unsigned char *in, int inl) 256190214Srpaulo{ 257190214Srpaulo if (ctx->encrypt) 258190214Srpaulo return EVP_EncryptUpdate(ctx, out, outl, in, inl); 259190214Srpaulo else 260190214Srpaulo return EVP_DecryptUpdate(ctx, out, outl, in, inl); 261190214Srpaulo} 262190214Srpaulo 263235426Sdelphijint EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 264190214Srpaulo{ 265214518Srpaulo if (ctx->encrypt) 266214518Srpaulo return EVP_EncryptFinal_ex(ctx, out, outl); 267214518Srpaulo else 268214518Srpaulo return EVP_DecryptFinal_ex(ctx, out, outl); 269214518Srpaulo} 270214518Srpaulo 271190214Srpauloint EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 272190214Srpaulo{ 273190214Srpaulo if (ctx->encrypt) 274190214Srpaulo return EVP_EncryptFinal(ctx, out, outl); 275190214Srpaulo else 276190214Srpaulo return EVP_DecryptFinal(ctx, out, outl); 277190214Srpaulo} 278190214Srpaulo 279190214Srpauloint EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 280235426Sdelphij const unsigned char *key, const unsigned char *iv) 281190214Srpaulo{ 282190214Srpaulo return EVP_CipherInit(ctx, cipher, key, iv, 1); 283190214Srpaulo} 284235426Sdelphij 285235426Sdelphijint EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 286235426Sdelphij ENGINE *impl, const unsigned char *key, 287235426Sdelphij const unsigned char *iv) 288235426Sdelphij{ 289235426Sdelphij return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); 290235426Sdelphij} 291235426Sdelphij 292235426Sdelphijint EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 293235426Sdelphij const unsigned char *key, const unsigned char *iv) 294235426Sdelphij{ 295235426Sdelphij return EVP_CipherInit(ctx, cipher, key, iv, 0); 296235426Sdelphij} 297235426Sdelphij 298235426Sdelphijint EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 299235426Sdelphij ENGINE *impl, const unsigned char *key, 300235426Sdelphij const unsigned char *iv) 301235426Sdelphij{ 302235426Sdelphij return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); 303235426Sdelphij} 304235426Sdelphij 305235426Sdelphijint EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 306235426Sdelphij const unsigned char *in, int inl) 307235426Sdelphij{ 308235426Sdelphij int i, j, bl; 309235426Sdelphij 310235426Sdelphij if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 311235426Sdelphij i = M_do_cipher(ctx, out, in, inl); 312235426Sdelphij if (i < 0) 313235426Sdelphij return 0; 314235426Sdelphij else 315235426Sdelphij *outl = i; 316235426Sdelphij return 1; 317235426Sdelphij } 318235426Sdelphij 319235426Sdelphij if (inl <= 0) { 320235426Sdelphij *outl = 0; 321235426Sdelphij return inl == 0; 322235426Sdelphij } 323235426Sdelphij 324235426Sdelphij if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { 325235426Sdelphij if (M_do_cipher(ctx, out, in, inl)) { 326235426Sdelphij *outl = inl; 327235426Sdelphij return 1; 328235426Sdelphij } else { 329235426Sdelphij *outl = 0; 330235426Sdelphij return 0; 331235426Sdelphij } 332235426Sdelphij } 333235426Sdelphij i = ctx->buf_len; 334190214Srpaulo bl = ctx->cipher->block_size; 335190214Srpaulo OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); 336190214Srpaulo if (i != 0) { 337190214Srpaulo if (bl - i > inl) { 338190214Srpaulo memcpy(&(ctx->buf[i]), in, inl); 339190214Srpaulo ctx->buf_len += inl; 340190214Srpaulo *outl = 0; 341190214Srpaulo return 1; 342190214Srpaulo } else { 343190214Srpaulo j = bl - i; 344190214Srpaulo memcpy(&(ctx->buf[i]), in, j); 345190214Srpaulo if (!M_do_cipher(ctx, out, ctx->buf, bl)) 346190214Srpaulo return 0; 347190214Srpaulo inl -= j; 348190214Srpaulo in += j; 349190214Srpaulo out += bl; 350190214Srpaulo *outl = bl; 351190214Srpaulo } 352190214Srpaulo } else 353190214Srpaulo *outl = 0; 354190214Srpaulo i = inl & (bl - 1); 355190214Srpaulo inl -= i; 356190214Srpaulo if (inl > 0) { 357190214Srpaulo if (!M_do_cipher(ctx, out, in, inl)) 358190214Srpaulo return 0; 359190214Srpaulo *outl += inl; 360190214Srpaulo } 361190214Srpaulo 362190214Srpaulo if (i != 0) 363190214Srpaulo memcpy(ctx->buf, &(in[inl]), i); 364190214Srpaulo ctx->buf_len = i; 365190214Srpaulo return 1; 366190214Srpaulo} 367190214Srpaulo 368190214Srpauloint EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 369190214Srpaulo{ 370190214Srpaulo int ret; 371190214Srpaulo ret = EVP_EncryptFinal_ex(ctx, out, outl); 372251129Sdelphij return ret; 373251129Sdelphij} 374190214Srpaulo 375190214Srpauloint EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 376190214Srpaulo{ 377190214Srpaulo int n, ret; 378190214Srpaulo unsigned int i, b, bl; 379190214Srpaulo 380190214Srpaulo if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 381190214Srpaulo ret = M_do_cipher(ctx, out, NULL, 0); 382190214Srpaulo if (ret < 0) 383190214Srpaulo return 0; 384190214Srpaulo else 385190214Srpaulo *outl = ret; 386190214Srpaulo return 1; 387190214Srpaulo } 388190214Srpaulo 389190214Srpaulo b = ctx->cipher->block_size; 390190214Srpaulo OPENSSL_assert(b <= sizeof ctx->buf); 391190214Srpaulo if (b == 1) { 392190214Srpaulo *outl = 0; 393190214Srpaulo return 1; 394190214Srpaulo } 395190214Srpaulo bl = ctx->buf_len; 396190214Srpaulo if (ctx->flags & EVP_CIPH_NO_PADDING) { 397190214Srpaulo if (bl) { 398190214Srpaulo EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, 399190214Srpaulo EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 400190214Srpaulo return 0; 401190214Srpaulo } 402190214Srpaulo *outl = 0; 403190214Srpaulo return 1; 404235426Sdelphij } 405235426Sdelphij 406235426Sdelphij n = b - bl; 407235426Sdelphij for (i = bl; i < b; i++) 408235426Sdelphij ctx->buf[i] = n; 409235426Sdelphij ret = M_do_cipher(ctx, out, ctx->buf, b); 410235426Sdelphij 411235426Sdelphij if (ret) 412190944Srpaulo *outl = b; 413235426Sdelphij 414214518Srpaulo return ret; 415190944Srpaulo} 416190944Srpaulo 417190214Srpauloint EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 418190214Srpaulo const unsigned char *in, int inl) 419190214Srpaulo{ 420190214Srpaulo int fix_len; 421190214Srpaulo unsigned int b; 422190214Srpaulo 423190214Srpaulo if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 424190214Srpaulo fix_len = M_do_cipher(ctx, out, in, inl); 425190214Srpaulo if (fix_len < 0) { 426190214Srpaulo *outl = 0; 427190214Srpaulo return 0; 428190214Srpaulo } else 429190214Srpaulo *outl = fix_len; 430190214Srpaulo return 1; 431190214Srpaulo } 432190214Srpaulo 433190214Srpaulo if (inl <= 0) { 434190214Srpaulo *outl = 0; 435190214Srpaulo return inl == 0; 436190214Srpaulo } 437190214Srpaulo 438190214Srpaulo if (ctx->flags & EVP_CIPH_NO_PADDING) 439190214Srpaulo return EVP_EncryptUpdate(ctx, out, outl, in, inl); 440190214Srpaulo 441190214Srpaulo b = ctx->cipher->block_size; 442190214Srpaulo OPENSSL_assert(b <= sizeof ctx->final); 443190214Srpaulo 444190214Srpaulo if (ctx->final_used) { 445190214Srpaulo memcpy(out, ctx->final, b); 446190214Srpaulo out += b; 447190214Srpaulo fix_len = 1; 448190214Srpaulo } else 449190214Srpaulo fix_len = 0; 450190214Srpaulo 451190214Srpaulo if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) 452190214Srpaulo return 0; 453190214Srpaulo 454190214Srpaulo /* 455190214Srpaulo * if we have 'decrypted' a multiple of block size, make sure we have a 456190214Srpaulo * copy of this last block 457190214Srpaulo */ 458190214Srpaulo if (b > 1 && !ctx->buf_len) { 459190214Srpaulo *outl -= b; 460190214Srpaulo ctx->final_used = 1; 461235426Sdelphij memcpy(ctx->final, &out[*outl], b); 462 } else 463 ctx->final_used = 0; 464 465 if (fix_len) 466 *outl += b; 467 468 return 1; 469} 470 471int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 472{ 473 int ret; 474 ret = EVP_DecryptFinal_ex(ctx, out, outl); 475 return ret; 476} 477 478int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 479{ 480 int i, n; 481 unsigned int b; 482 *outl = 0; 483 484 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 485 i = M_do_cipher(ctx, out, NULL, 0); 486 if (i < 0) 487 return 0; 488 else 489 *outl = i; 490 return 1; 491 } 492 493 b = ctx->cipher->block_size; 494 if (ctx->flags & EVP_CIPH_NO_PADDING) { 495 if (ctx->buf_len) { 496 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, 497 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 498 return 0; 499 } 500 *outl = 0; 501 return 1; 502 } 503 if (b > 1) { 504 if (ctx->buf_len || !ctx->final_used) { 505 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); 506 return (0); 507 } 508 OPENSSL_assert(b <= sizeof ctx->final); 509 510 /* 511 * The following assumes that the ciphertext has been authenticated. 512 * Otherwise it provides a padding oracle. 513 */ 514 n = ctx->final[b - 1]; 515 if (n == 0 || n > (int)b) { 516 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); 517 return (0); 518 } 519 for (i = 0; i < n; i++) { 520 if (ctx->final[--b] != n) { 521 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); 522 return (0); 523 } 524 } 525 n = ctx->cipher->block_size - n; 526 for (i = 0; i < n; i++) 527 out[i] = ctx->final[i]; 528 *outl = n; 529 } else 530 *outl = 0; 531 return (1); 532} 533 534void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) 535{ 536 if (ctx) { 537 EVP_CIPHER_CTX_cleanup(ctx); 538 OPENSSL_free(ctx); 539 } 540} 541 542int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 543{ 544#ifndef OPENSSL_FIPS 545 if (c->cipher != NULL) { 546 if (c->cipher->cleanup && !c->cipher->cleanup(c)) 547 return 0; 548 /* Cleanse cipher context data */ 549 if (c->cipher_data) 550 OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); 551 } 552 if (c->cipher_data) 553 OPENSSL_free(c->cipher_data); 554#endif 555#ifndef OPENSSL_NO_ENGINE 556 if (c->engine) 557 /* 558 * The EVP_CIPHER we used belongs to an ENGINE, release the 559 * functional reference we held for this reason. 560 */ 561 ENGINE_finish(c->engine); 562#endif 563#ifdef OPENSSL_FIPS 564 FIPS_cipher_ctx_cleanup(c); 565#endif 566 memset(c, 0, sizeof(EVP_CIPHER_CTX)); 567 return 1; 568} 569 570int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) 571{ 572 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 573 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); 574 if (c->key_len == keylen) 575 return 1; 576 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { 577 c->key_len = keylen; 578 return 1; 579 } 580 EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH); 581 return 0; 582} 583 584int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) 585{ 586 if (pad) 587 ctx->flags &= ~EVP_CIPH_NO_PADDING; 588 else 589 ctx->flags |= EVP_CIPH_NO_PADDING; 590 return 1; 591} 592 593int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 594{ 595 int ret; 596 if (!ctx->cipher) { 597 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); 598 return 0; 599 } 600 601 if (!ctx->cipher->ctrl) { 602 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); 603 return 0; 604 } 605 606 ret = ctx->cipher->ctrl(ctx, type, arg, ptr); 607 if (ret == -1) { 608 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, 609 EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); 610 return 0; 611 } 612 return ret; 613} 614 615int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) 616{ 617 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 618 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 619 if (RAND_bytes(key, ctx->key_len) <= 0) 620 return 0; 621 return 1; 622} 623 624int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) 625{ 626 if ((in == NULL) || (in->cipher == NULL)) { 627 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED); 628 return 0; 629 } 630#ifndef OPENSSL_NO_ENGINE 631 /* Make sure it's safe to copy a cipher context using an ENGINE */ 632 if (in->engine && !ENGINE_init(in->engine)) { 633 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB); 634 return 0; 635 } 636#endif 637 638 EVP_CIPHER_CTX_cleanup(out); 639 memcpy(out, in, sizeof *out); 640 641 if (in->cipher_data && in->cipher->ctx_size) { 642 out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); 643 if (!out->cipher_data) { 644 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); 645 return 0; 646 } 647 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); 648 } 649 650 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) 651 return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); 652 return 1; 653} 654