evp_enc.c revision 194206 
155714Skris/* crypto/evp/evp_enc.c */
255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
355714Skris * All rights reserved.
455714Skris *
555714Skris * This package is an SSL implementation written
655714Skris * by Eric Young (eay@cryptsoft.com).
755714Skris * The implementation was written so as to conform with Netscapes SSL.
855714Skris *
955714Skris * This library is free for commercial and non-commercial use as long as
1055714Skris * the following conditions are aheared to.  The following conditions
1155714Skris * apply to all code found in this distribution, be it the RC4, RSA,
1255714Skris * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1355714Skris * included with this distribution is covered by the same copyright terms
1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1555714Skris *
1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in
1755714Skris * the code are not to be removed.
1855714Skris * If this package is used in a product, Eric Young should be given attribution
1955714Skris * as the author of the parts of the library used.
2055714Skris * This can be in the form of a textual message at program startup or
2155714Skris * in documentation (online or textual) provided with the package.
2255714Skris *
2355714Skris * Redistribution and use in source and binary forms, with or without
2455714Skris * modification, are permitted provided that the following conditions
2555714Skris * are met:
2655714Skris * 1. Redistributions of source code must retain the copyright
2755714Skris *    notice, this list of conditions and the following disclaimer.
2855714Skris * 2. Redistributions in binary form must reproduce the above copyright
2955714Skris *    notice, this list of conditions and the following disclaimer in the
3055714Skris *    documentation and/or other materials provided with the distribution.
3155714Skris * 3. All advertising materials mentioning features or use of this software
3255714Skris *    must display the following acknowledgement:
3355714Skris *    "This product includes cryptographic software written by
3455714Skris *     Eric Young (eay@cryptsoft.com)"
3555714Skris *    The word 'cryptographic' can be left out if the rouines from the library
3655714Skris *    being used are not cryptographic related :-).
3755714Skris * 4. If you include any Windows specific code (or a derivative thereof) from
3855714Skris *    the apps directory (application code) you must include an acknowledgement:
3955714Skris *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
4055714Skris *
4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4455714Skris * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5155714Skris * SUCH DAMAGE.
5255714Skris *
5355714Skris * The licence and distribution terms for any publically available version or
5455714Skris * derivative of this code cannot be changed.  i.e. this code cannot simply be
5555714Skris * copied and put under another distribution licence
5655714Skris * [including the GNU Public Licence.]
5755714Skris */
5855714Skris
5955714Skris#include <stdio.h>
6055714Skris#include "cryptlib.h"
6155714Skris#include <openssl/evp.h>
6268651Skris#include <openssl/err.h>
63160814Ssimon#include <openssl/rand.h>
64111147Snectar#ifndef OPENSSL_NO_ENGINE
65109998Smarkm#include <openssl/engine.h>
66111147Snectar#endif
6768651Skris#include "evp_locl.h"
6855714Skris
69194206Ssimon#ifdef OPENSSL_FIPS
70194206Ssimon	#define M_do_cipher(ctx, out, in, inl) \
71194206Ssimon		EVP_Cipher(ctx,out,in,inl)
72194206Ssimon#else
73194206Ssimon	#define M_do_cipher(ctx, out, in, inl) \
74194206Ssimon		ctx->cipher->do_cipher(ctx,out,in,inl)
75194206Ssimon#endif
76194206Ssimon
77167612Ssimonconst char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
7855714Skris
79160814SsimonEVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
80160814Ssimon	{
81160814Ssimon	EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
82160814Ssimon	if (ctx)
83160814Ssimon		EVP_CIPHER_CTX_init(ctx);
84160814Ssimon	return ctx;
85160814Ssimon	}
86109998Smarkm
8768651Skrisint EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
88109998Smarkm	     const unsigned char *key, const unsigned char *iv, int enc)
8955714Skris	{
90109998Smarkm	if (cipher)
91109998Smarkm		EVP_CIPHER_CTX_init(ctx);
92109998Smarkm	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
93109998Smarkm	}
94109998Smarkm
9568651Skrisint EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
96109998Smarkm	     const unsigned char *in, int inl)
9755714Skris	{
9855714Skris	if (ctx->encrypt)
9968651Skris		return EVP_EncryptUpdate(ctx,out,outl,in,inl);
10068651Skris	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
10155714Skris	}
10255714Skris
103109998Smarkmint EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
104109998Smarkm	{
105109998Smarkm	if (ctx->encrypt)
106109998Smarkm		return EVP_EncryptFinal_ex(ctx,out,outl);
107109998Smarkm	else	return EVP_DecryptFinal_ex(ctx,out,outl);
108109998Smarkm	}
109109998Smarkm
11055714Skrisint EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
11155714Skris	{
11255714Skris	if (ctx->encrypt)
11368651Skris		return EVP_EncryptFinal(ctx,out,outl);
114109998Smarkm	else	return EVP_DecryptFinal(ctx,out,outl);
11555714Skris	}
11655714Skris
11768651Skrisint EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
118109998Smarkm	     const unsigned char *key, const unsigned char *iv)
11955714Skris	{
12068651Skris	return EVP_CipherInit(ctx, cipher, key, iv, 1);
12155714Skris	}
12255714Skris
123109998Smarkmint EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
124109998Smarkm		const unsigned char *key, const unsigned char *iv)
125109998Smarkm	{
126109998Smarkm	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
127109998Smarkm	}
128109998Smarkm
12968651Skrisint EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
130109998Smarkm	     const unsigned char *key, const unsigned char *iv)
13155714Skris	{
132111147Snectar	return EVP_CipherInit(ctx, cipher, key, iv, 0);
13355714Skris	}
13455714Skris
135109998Smarkmint EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
136109998Smarkm	     const unsigned char *key, const unsigned char *iv)
137109998Smarkm	{
138109998Smarkm	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
139109998Smarkm	}
14055714Skris
14168651Skrisint EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
142109998Smarkm	     const unsigned char *in, int inl)
14355714Skris	{
14455714Skris	int i,j,bl;
14555714Skris
146194206Ssimon	if (inl <= 0)
147194206Ssimon		{
148194206Ssimon		*outl = 0;
149194206Ssimon		return inl == 0;
150194206Ssimon		}
151194206Ssimon
152109998Smarkm	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
153109998Smarkm		{
154194206Ssimon		if(M_do_cipher(ctx,out,in,inl))
155109998Smarkm			{
156109998Smarkm			*outl=inl;
157109998Smarkm			return 1;
158109998Smarkm			}
159109998Smarkm		else
160109998Smarkm			{
161109998Smarkm			*outl=0;
162109998Smarkm			return 0;
163109998Smarkm			}
164109998Smarkm		}
16555714Skris	i=ctx->buf_len;
16655714Skris	bl=ctx->cipher->block_size;
167160814Ssimon	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
16855714Skris	if (i != 0)
16955714Skris		{
17055714Skris		if (i+inl < bl)
17155714Skris			{
17255714Skris			memcpy(&(ctx->buf[i]),in,inl);
17355714Skris			ctx->buf_len+=inl;
174109998Smarkm			*outl=0;
17568651Skris			return 1;
17655714Skris			}
17755714Skris		else
17855714Skris			{
17955714Skris			j=bl-i;
180109998Smarkm			memcpy(&(ctx->buf[i]),in,j);
181194206Ssimon			if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
18255714Skris			inl-=j;
18355714Skris			in+=j;
18455714Skris			out+=bl;
185109998Smarkm			*outl=bl;
18655714Skris			}
18755714Skris		}
188109998Smarkm	else
189109998Smarkm		*outl = 0;
190109998Smarkm	i=inl&(bl-1);
19155714Skris	inl-=i;
19255714Skris	if (inl > 0)
19355714Skris		{
194194206Ssimon		if(!M_do_cipher(ctx,out,in,inl)) return 0;
19555714Skris		*outl+=inl;
19655714Skris		}
19755714Skris
19855714Skris	if (i != 0)
19955714Skris		memcpy(ctx->buf,&(in[inl]),i);
20055714Skris	ctx->buf_len=i;
20168651Skris	return 1;
20255714Skris	}
20355714Skris
20468651Skrisint EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
20555714Skris	{
206109998Smarkm	int ret;
207109998Smarkm	ret = EVP_EncryptFinal_ex(ctx, out, outl);
208109998Smarkm	return ret;
209109998Smarkm	}
21055714Skris
211109998Smarkmint EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
212109998Smarkm	{
213160814Ssimon	int n,ret;
214160814Ssimon	unsigned int i, b, bl;
215109998Smarkm
21655714Skris	b=ctx->cipher->block_size;
217109998Smarkm	OPENSSL_assert(b <= sizeof ctx->buf);
21855714Skris	if (b == 1)
21955714Skris		{
22055714Skris		*outl=0;
22168651Skris		return 1;
22255714Skris		}
22355714Skris	bl=ctx->buf_len;
224109998Smarkm	if (ctx->flags & EVP_CIPH_NO_PADDING)
225109998Smarkm		{
226109998Smarkm		if(bl)
227109998Smarkm			{
228160814Ssimon			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
229109998Smarkm			return 0;
230109998Smarkm			}
231109998Smarkm		*outl = 0;
232109998Smarkm		return 1;
233109998Smarkm		}
234109998Smarkm
23555714Skris	n=b-bl;
23655714Skris	for (i=bl; i<b; i++)
23755714Skris		ctx->buf[i]=n;
238194206Ssimon	ret=M_do_cipher(ctx,out,ctx->buf,b);
239109998Smarkm
240109998Smarkm
241109998Smarkm	if(ret)
242109998Smarkm		*outl=b;
243109998Smarkm
244109998Smarkm	return ret;
24555714Skris	}
24655714Skris
24768651Skrisint EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
248109998Smarkm	     const unsigned char *in, int inl)
24955714Skris	{
250160814Ssimon	int fix_len;
251160814Ssimon	unsigned int b;
25255714Skris
253194206Ssimon	if (inl <= 0)
254109998Smarkm		{
255194206Ssimon		*outl = 0;
256194206Ssimon		return inl == 0;
257109998Smarkm		}
25855714Skris
259109998Smarkm	if (ctx->flags & EVP_CIPH_NO_PADDING)
260109998Smarkm		return EVP_EncryptUpdate(ctx, out, outl, in, inl);
261109998Smarkm
26255714Skris	b=ctx->cipher->block_size;
263109998Smarkm	OPENSSL_assert(b <= sizeof ctx->final);
264109998Smarkm
265109998Smarkm	if(ctx->final_used)
26655714Skris		{
267109998Smarkm		memcpy(out,ctx->final,b);
268109998Smarkm		out+=b;
269109998Smarkm		fix_len = 1;
27055714Skris		}
271109998Smarkm	else
272109998Smarkm		fix_len = 0;
27355714Skris
274109998Smarkm
275109998Smarkm	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
276109998Smarkm		return 0;
277109998Smarkm
27855714Skris	/* if we have 'decrypted' a multiple of block size, make sure
27955714Skris	 * we have a copy of this last block */
280109998Smarkm	if (b > 1 && !ctx->buf_len)
28155714Skris		{
282109998Smarkm		*outl-=b;
283109998Smarkm		ctx->final_used=1;
284109998Smarkm		memcpy(ctx->final,&out[*outl],b);
28555714Skris		}
286109998Smarkm	else
287109998Smarkm		ctx->final_used = 0;
288109998Smarkm
289109998Smarkm	if (fix_len)
290109998Smarkm		*outl += b;
291109998Smarkm
29268651Skris	return 1;
29355714Skris	}
29455714Skris
29555714Skrisint EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
29655714Skris	{
297109998Smarkm	int ret;
298109998Smarkm	ret = EVP_DecryptFinal_ex(ctx, out, outl);
299109998Smarkm	return ret;
300109998Smarkm	}
301109998Smarkm
302109998Smarkmint EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
303109998Smarkm	{
304160814Ssimon	int i,n;
305160814Ssimon	unsigned int b;
30655714Skris
30755714Skris	*outl=0;
30855714Skris	b=ctx->cipher->block_size;
309109998Smarkm	if (ctx->flags & EVP_CIPH_NO_PADDING)
310109998Smarkm		{
311109998Smarkm		if(ctx->buf_len)
312109998Smarkm			{
313160814Ssimon			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
314109998Smarkm			return 0;
315109998Smarkm			}
316109998Smarkm		*outl = 0;
317109998Smarkm		return 1;
318109998Smarkm		}
31955714Skris	if (b > 1)
32055714Skris		{
321109998Smarkm		if (ctx->buf_len || !ctx->final_used)
32255714Skris			{
323160814Ssimon			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
32455714Skris			return(0);
32555714Skris			}
326109998Smarkm		OPENSSL_assert(b <= sizeof ctx->final);
327109998Smarkm		n=ctx->final[b-1];
328160814Ssimon		if (n == 0 || n > (int)b)
32955714Skris			{
330160814Ssimon			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
33155714Skris			return(0);
33255714Skris			}
33355714Skris		for (i=0; i<n; i++)
33455714Skris			{
335109998Smarkm			if (ctx->final[--b] != n)
33655714Skris				{
337160814Ssimon				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
33855714Skris				return(0);
33955714Skris				}
34055714Skris			}
34155714Skris		n=ctx->cipher->block_size-n;
34255714Skris		for (i=0; i<n; i++)
343109998Smarkm			out[i]=ctx->final[i];
34455714Skris		*outl=n;
34555714Skris		}
34655714Skris	else
34755714Skris		*outl=0;
34855714Skris	return(1);
34955714Skris	}
35055714Skris
351160814Ssimonvoid EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
352160814Ssimon	{
353160814Ssimon	if (ctx)
354160814Ssimon		{
355160814Ssimon		EVP_CIPHER_CTX_cleanup(ctx);
356160814Ssimon		OPENSSL_free(ctx);
357160814Ssimon		}
358160814Ssimon	}
359160814Ssimon
36068651Skrisint EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
36168651Skris	{
36268651Skris	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
36368651Skris		return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
36468651Skris	if(c->key_len == keylen) return 1;
36568651Skris	if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
36668651Skris		{
36768651Skris		c->key_len = keylen;
36868651Skris		return 1;
36968651Skris		}
37068651Skris	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
37168651Skris	return 0;
37268651Skris	}
37368651Skris
374109998Smarkmint EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
375109998Smarkm	{
376109998Smarkm	if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
377109998Smarkm	else ctx->flags |= EVP_CIPH_NO_PADDING;
378109998Smarkm	return 1;
379109998Smarkm	}
380109998Smarkm
381160814Ssimonint EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
382160814Ssimon	{
383160814Ssimon	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
384160814Ssimon		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
385160814Ssimon	if (RAND_bytes(key, ctx->key_len) <= 0)
386160814Ssimon		return 0;
387160814Ssimon	return 1;
388160814Ssimon	}
389160814Ssimon
390194206Ssimon#ifndef OPENSSL_NO_ENGINE
391194206Ssimon
392194206Ssimon#ifdef OPENSSL_FIPS
393194206Ssimon
394194206Ssimonstatic int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
395194206Ssimon	{
396194206Ssimon	if(impl)
397194206Ssimon		{
398194206Ssimon		if (!ENGINE_init(impl))
399194206Ssimon			{
400194206Ssimon			EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
401194206Ssimon			return 0;
402194206Ssimon			}
403194206Ssimon		}
404194206Ssimon	else
405194206Ssimon		/* Ask if an ENGINE is reserved for this job */
406194206Ssimon		impl = ENGINE_get_cipher_engine((*pcipher)->nid);
407194206Ssimon	if(impl)
408194206Ssimon		{
409194206Ssimon		/* There's an ENGINE for this job ... (apparently) */
410194206Ssimon		const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
411194206Ssimon		if(!c)
412194206Ssimon			{
413194206Ssimon			/* One positive side-effect of US's export
414194206Ssimon			 * control history, is that we should at least
415194206Ssimon			 * be able to avoid using US mispellings of
416194206Ssimon			 * "initialisation"? */
417194206Ssimon			EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
418194206Ssimon			return 0;
419194206Ssimon			}
420194206Ssimon		/* We'll use the ENGINE's private cipher definition */
421194206Ssimon		*pcipher = c;
422194206Ssimon		/* Store the ENGINE functional reference so we know
423194206Ssimon		 * 'cipher' came from an ENGINE and we need to release
424194206Ssimon		 * it when done. */
425194206Ssimon		ctx->engine = impl;
426194206Ssimon		}
427194206Ssimon	else
428194206Ssimon		ctx->engine = NULL;
429194206Ssimon	return 1;
430194206Ssimon	}
431194206Ssimon
432194206Ssimonvoid int_EVP_CIPHER_init_engine_callbacks(void)
433194206Ssimon	{
434194206Ssimon	int_EVP_CIPHER_set_engine_callbacks(
435194206Ssimon		ENGINE_finish, do_evp_enc_engine_full);
436194206Ssimon	}
437194206Ssimon
438194206Ssimon#endif
439194206Ssimon
440194206Ssimon#endif
441