[thirdparty/openssl.git] / crypto / evp / evp_enc.c

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
#include "evp_locl.h"

int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
{
    if (c == NULL)
        return 1;
    if (c->cipher != NULL) {
        if (c->cipher->cleanup && !c->cipher->cleanup(c))
            return 0;
        /* Cleanse cipher context data */
        if (c->cipher_data && c->cipher->ctx_size)
            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
    }
    OPENSSL_free(c->cipher_data);
#ifndef OPENSSL_NO_ENGINE
    ENGINE_finish(c->engine);
#endif
    memset(c, 0, sizeof(*c));
    return 1;
}

EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
}

void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
{
    EVP_CIPHER_CTX_reset(ctx);
    OPENSSL_free(ctx);
}

int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                   const unsigned char *key, const unsigned char *iv, int enc)
{
    EVP_CIPHER_CTX_reset(ctx);
    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
}

int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                      ENGINE *impl, const unsigned char *key,
                      const unsigned char *iv, int enc)
{
    if (enc == -1)
        enc = ctx->encrypt;
    else {
        if (enc)
            enc = 1;
        ctx->encrypt = enc;
    }
#ifndef OPENSSL_NO_ENGINE
    /*
     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
     * this context may already have an ENGINE! Try to avoid releasing the
     * previous handle, re-querying for an ENGINE, and having a
     * reinitialisation, when it may all be unnecessary.
     */
    if (ctx->engine && ctx->cipher
        && (cipher == NULL || cipher->nid == ctx->cipher->nid))
        goto skip_to_init;
#endif
    if (cipher) {
        /*
         * Ensure a context left lying around from last time is cleared (the
         * previous check attempted to avoid this if the same ENGINE and
         * EVP_CIPHER could be used).
         */
        if (ctx->cipher) {
            unsigned long flags = ctx->flags;
            EVP_CIPHER_CTX_reset(ctx);
            /* Restore encrypt and flags */
            ctx->encrypt = enc;
            ctx->flags = flags;
        }
#ifndef OPENSSL_NO_ENGINE
        if (impl) {
            if (!ENGINE_init(impl)) {
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
                return 0;
            }
        } else
            /* Ask if an ENGINE is reserved for this job */
            impl = ENGINE_get_cipher_engine(cipher->nid);
        if (impl) {
            /* There's an ENGINE for this job ... (apparently) */
            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
            if (!c) {
                /*
                 * One positive side-effect of US's export control history,
                 * is that we should at least be able to avoid using US
                 * misspellings of "initialisation"?
                 */
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
                return 0;
            }
            /* We'll use the ENGINE's private cipher definition */
            cipher = c;
            /*
             * Store the ENGINE functional reference so we know 'cipher' came
             * from an ENGINE and we need to release it when done.
             */
            ctx->engine = impl;
        } else
            ctx->engine = NULL;
#endif

        ctx->cipher = cipher;
        if (ctx->cipher->ctx_size) {
            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
            if (ctx->cipher_data == NULL) {
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
                return 0;
            }
        } else {
            ctx->cipher_data = NULL;
        }
        ctx->key_len = cipher->key_len;
        /* Preserve wrap enable flag, zero everything else */
        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
                return 0;
            }
        }
    } else if (!ctx->cipher) {
        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
        return 0;
    }
#ifndef OPENSSL_NO_ENGINE
 skip_to_init:
#endif
    /* we assume block size is a power of 2 in *cryptUpdate */
    OPENSSL_assert(ctx->cipher->block_size == 1
                   || ctx->cipher->block_size == 8
                   || ctx->cipher->block_size == 16);

    if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
        && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
        return 0;
    }

    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
        switch (EVP_CIPHER_CTX_mode(ctx)) {

        case EVP_CIPH_STREAM_CIPHER:
        case EVP_CIPH_ECB_MODE:
            break;

        case EVP_CIPH_CFB_MODE:
        case EVP_CIPH_OFB_MODE:

            ctx->num = 0;
            /* fall-through */

        case EVP_CIPH_CBC_MODE:

            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
                           (int)sizeof(ctx->iv));
            if (iv)
                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
            break;

        case EVP_CIPH_CTR_MODE:
            ctx->num = 0;
            /* Don't reuse IV for CTR mode */
            if (iv)
                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
            break;

        default:
            return 0;
        }
    }

    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
        if (!ctx->cipher->init(ctx, key, iv, enc))
            return 0;
    }
    ctx->buf_len = 0;
    ctx->final_used = 0;
    ctx->block_mask = ctx->cipher->block_size - 1;
    return 1;
}

int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                     const unsigned char *in, int inl)
{
    if (ctx->encrypt)
        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
    else
        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
}

int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
    if (ctx->encrypt)
        return EVP_EncryptFinal_ex(ctx, out, outl);
    else
        return EVP_DecryptFinal_ex(ctx, out, outl);
}

int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
    if (ctx->encrypt)
        return EVP_EncryptFinal(ctx, out, outl);
    else
        return EVP_DecryptFinal(ctx, out, outl);
}

int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                    const unsigned char *key, const unsigned char *iv)
{
    return EVP_CipherInit(ctx, cipher, key, iv, 1);
}

int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                       ENGINE *impl, const unsigned char *key,
                       const unsigned char *iv)
{
    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
}

int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                    const unsigned char *key, const unsigned char *iv)
{
    return EVP_CipherInit(ctx, cipher, key, iv, 0);
}

int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                       ENGINE *impl, const unsigned char *key,
                       const unsigned char *iv)
{
    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
}

int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                      const unsigned char *in, int inl)
{
    int i, j, bl;

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
        i = ctx->cipher->do_cipher(ctx, out, in, inl);
        if (i < 0)
            return 0;
        else
            *outl = i;
        return 1;
    }

    if (inl <= 0) {
        *outl = 0;
        return inl == 0;
    }

    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
        if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
            *outl = inl;
            return 1;
        } else {
            *outl = 0;
            return 0;
        }
    }
    i = ctx->buf_len;
    bl = ctx->cipher->block_size;
    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
    if (i != 0) {
        if (bl - i > inl) {
            memcpy(&(ctx->buf[i]), in, inl);
            ctx->buf_len += inl;
            *outl = 0;
            return 1;
        } else {
            j = bl - i;
            memcpy(&(ctx->buf[i]), in, j);
            if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
                return 0;
            inl -= j;
            in += j;
            out += bl;
            *outl = bl;
        }
    } else
        *outl = 0;
    i = inl & (bl - 1);
    inl -= i;
    if (inl > 0) {
        if (!ctx->cipher->do_cipher(ctx, out, in, inl))
            return 0;
        *outl += inl;
    }

    if (i != 0)
        memcpy(ctx->buf, &(in[inl]), i);
    ctx->buf_len = i;
    return 1;
}

int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
    int ret;
    ret = EVP_EncryptFinal_ex(ctx, out, outl);
    return ret;
}

int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
    int n, ret;
    unsigned int i, b, bl;

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
        if (ret < 0)
            return 0;
        else
            *outl = ret;
        return 1;
    }

    b = ctx->cipher->block_size;
    OPENSSL_assert(b <= sizeof ctx->buf);
    if (b == 1) {
        *outl = 0;
        return 1;
    }
    bl = ctx->buf_len;
    if (ctx->flags & EVP_CIPH_NO_PADDING) {
        if (bl) {
            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
            return 0;
        }
        *outl = 0;
        return 1;
    }

    n = b - bl;
    for (i = bl; i < b; i++)
        ctx->buf[i] = n;
    ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);

    if (ret)
        *outl = b;

    return ret;
}

int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                      const unsigned char *in, int inl)
{
    int fix_len;
    unsigned int b;

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
        fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
        if (fix_len < 0) {
            *outl = 0;
            return 0;
        } else
            *outl = fix_len;
        return 1;
    }

    if (inl <= 0) {
        *outl = 0;
        return inl == 0;
    }

    if (ctx->flags & EVP_CIPH_NO_PADDING)
        return EVP_EncryptUpdate(ctx, out, outl, in, inl);

    b = ctx->cipher->block_size;
    OPENSSL_assert(b <= sizeof ctx->final);

    if (ctx->final_used) {
        memcpy(out, ctx->final, b);
        out += b;
        fix_len = 1;
    } else
        fix_len = 0;

    if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
        return 0;

    /*
     * if we have 'decrypted' a multiple of block size, make sure we have a
     * copy of this last block
     */
    if (b > 1 && !ctx->buf_len) {
        *outl -= b;
        ctx->final_used = 1;
        memcpy(ctx->final, &out[*outl], b);
    } else
        ctx->final_used = 0;

    if (fix_len)
        *outl += b;

    return 1;
}

int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
    int ret;
    ret = EVP_DecryptFinal_ex(ctx, out, outl);
    return ret;
}

int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
    int i, n;
    unsigned int b;
    *outl = 0;

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
        i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
        if (i < 0)
            return 0;
        else
            *outl = i;
        return 1;
    }

    b = ctx->cipher->block_size;
    if (ctx->flags & EVP_CIPH_NO_PADDING) {
        if (ctx->buf_len) {
            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
            return 0;
        }
        *outl = 0;
        return 1;
    }
    if (b > 1) {
        if (ctx->buf_len || !ctx->final_used) {
            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
            return (0);
        }
        OPENSSL_assert(b <= sizeof ctx->final);

        /*
         * The following assumes that the ciphertext has been authenticated.
         * Otherwise it provides a padding oracle.
         */
        n = ctx->final[b - 1];
        if (n == 0 || n > (int)b) {
            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
            return (0);
        }
        for (i = 0; i < n; i++) {
            if (ctx->final[--b] != n) {
                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
                return (0);
            }
        }
        n = ctx->cipher->block_size - n;
        for (i = 0; i < n; i++)
            out[i] = ctx->final[i];
        *outl = n;
    } else
        *outl = 0;
    return (1);
}

int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{
    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
    if (c->key_len == keylen)
        return 1;
    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
        c->key_len = keylen;
        return 1;
    }
    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
    return 0;
}

int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
{
    if (pad)
        ctx->flags &= ~EVP_CIPH_NO_PADDING;
    else
        ctx->flags |= EVP_CIPH_NO_PADDING;
    return 1;
}

int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
    int ret;
    if (!ctx->cipher) {
        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
        return 0;
    }

    if (!ctx->cipher->ctrl) {
        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
        return 0;
    }

    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
    if (ret == -1) {
        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
        return 0;
    }
    return ret;
}

int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
    if (RAND_bytes(key, ctx->key_len) <= 0)
        return 0;
    return 1;
}

int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
    if ((in == NULL) || (in->cipher == NULL)) {
        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
        return 0;
    }
#ifndef OPENSSL_NO_ENGINE
    /* Make sure it's safe to copy a cipher context using an ENGINE */
    if (in->engine && !ENGINE_init(in->engine)) {
        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
        return 0;
    }
#endif

    EVP_CIPHER_CTX_reset(out);
    memcpy(out, in, sizeof(*out));

    if (in->cipher_data && in->cipher->ctx_size) {
        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
        if (out->cipher_data == NULL) {
            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
            return 0;
        }
        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
    }

    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
        return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
    return 1;
}
Commit	Line	Data
62867571 RS	1	/*
62867571 RS	2	* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
62867571 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
	9
	10	#include <stdio.h>
b39fc560	11	#include "internal/cryptlib.h"
ec577822	12	#include <openssl/evp.h>
7f060601	13	#include <openssl/err.h>
3a87a9b9	14	#include <openssl/rand.h>
3c27208f	15	#include <openssl/engine.h>
135727ab	16	#include "internal/evp_int.h"
57ae2e24	17	#include "evp_locl.h"
d02b48c6	18
8baf9968	19	int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
0f113f3e	20	{
8baf9968 RL	21	if (c == NULL)
	22	return 1;
	23	if (c->cipher != NULL) {
	24	if (c->cipher->cleanup && !c->cipher->cleanup(c))
	25	return 0;
	26	/* Cleanse cipher context data */
	27	if (c->cipher_data && c->cipher->ctx_size)
	28	OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
	29	}
	30	OPENSSL_free(c->cipher_data);
	31	#ifndef OPENSSL_NO_ENGINE
7c96dbcd	32	ENGINE_finish(c->engine);
8baf9968 RL	33	#endif
	34	memset(c, 0, sizeof(*c));
	35	return 1;
0f113f3e	36	}
d02b48c6	37
b40228a6	38	EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
0f113f3e	39	{
8baf9968 RL	40	return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
	41	}
	42
	43	void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
	44	{
	45	EVP_CIPHER_CTX_reset(ctx);
	46	OPENSSL_free(ctx);
0f113f3e	47	}
581f1c84	48
360370d9	49	int EVP_CipherInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
0f113f3e MC	50	const unsigned char key, const unsigned char iv, int enc)
0f113f3e MC	51	{
c0ca39bd	52	EVP_CIPHER_CTX_reset(ctx);
0f113f3e MC	53	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
	54	}
	55
	56	int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
	57	ENGINE impl, const unsigned char key,
	58	const unsigned char *iv, int enc)
	59	{
	60	if (enc == -1)
	61	enc = ctx->encrypt;
	62	else {
	63	if (enc)
	64	enc = 1;
	65	ctx->encrypt = enc;
	66	}
0b13e9f0	67	#ifndef OPENSSL_NO_ENGINE
0f113f3e MC	68	/*
	69	* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
	70	* this context may already have an ENGINE! Try to avoid releasing the
	71	* previous handle, re-querying for an ENGINE, and having a
0d4fb843	72	* reinitialisation, when it may all be unnecessary.
0f113f3e	73	*/
f6b94279	74	if (ctx->engine && ctx->cipher
a7f9e0a4	75	&& (cipher == NULL \|\| cipher->nid == ctx->cipher->nid))
0f113f3e	76	goto skip_to_init;
0b13e9f0	77	#endif
0f113f3e MC	78	if (cipher) {
	79	/*
	80	* Ensure a context left lying around from last time is cleared (the
	81	* previous check attempted to avoid this if the same ENGINE and
	82	* EVP_CIPHER could be used).
	83	*/
	84	if (ctx->cipher) {
	85	unsigned long flags = ctx->flags;
c0ca39bd	86	EVP_CIPHER_CTX_reset(ctx);
0f113f3e MC	87	/* Restore encrypt and flags */
	88	ctx->encrypt = enc;
	89	ctx->flags = flags;
	90	}
0b13e9f0	91	#ifndef OPENSSL_NO_ENGINE
0f113f3e MC	92	if (impl) {
	93	if (!ENGINE_init(impl)) {
	94	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
	95	return 0;
	96	}
	97	} else
	98	/* Ask if an ENGINE is reserved for this job */
	99	impl = ENGINE_get_cipher_engine(cipher->nid);
	100	if (impl) {
	101	/* There's an ENGINE for this job ... (apparently) */
	102	const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
	103	if (!c) {
	104	/*
	105	* One positive side-effect of US's export control history,
	106	* is that we should at least be able to avoid using US
0d4fb843	107	* misspellings of "initialisation"?
0f113f3e MC	108	*/
	109	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
	110	return 0;
	111	}
	112	/* We'll use the ENGINE's private cipher definition */
	113	cipher = c;
	114	/*
	115	* Store the ENGINE functional reference so we know 'cipher' came
	116	* from an ENGINE and we need to release it when done.
	117	*/
	118	ctx->engine = impl;
	119	} else
	120	ctx->engine = NULL;
0b13e9f0	121	#endif
544a2aea	122
0f113f3e MC	123	ctx->cipher = cipher;
0f113f3e MC	124	if (ctx->cipher->ctx_size) {
b51bce94	125	ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
90945fa3	126	if (ctx->cipher_data == NULL) {
0f113f3e MC	127	EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
	128	return 0;
	129	}
	130	} else {
	131	ctx->cipher_data = NULL;
	132	}
	133	ctx->key_len = cipher->key_len;
	134	/* Preserve wrap enable flag, zero everything else */
	135	ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
	136	if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
	137	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
	138	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
	139	return 0;
	140	}
	141	}
	142	} else if (!ctx->cipher) {
	143	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
	144	return 0;
	145	}
0b13e9f0	146	#ifndef OPENSSL_NO_ENGINE
0f113f3e	147	skip_to_init:
0b13e9f0	148	#endif
0f113f3e MC	149	/* we assume block size is a power of 2 in cryptUpdate /
	150	OPENSSL_assert(ctx->cipher->block_size == 1
	151	\|\| ctx->cipher->block_size == 8
	152	\|\| ctx->cipher->block_size == 16);
	153
	154	if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
	155	&& EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
	156	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
	157	return 0;
	158	}
	159
480d3323	160	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
0f113f3e MC	161	switch (EVP_CIPHER_CTX_mode(ctx)) {
	162
	163	case EVP_CIPH_STREAM_CIPHER:
	164	case EVP_CIPH_ECB_MODE:
	165	break;
	166
	167	case EVP_CIPH_CFB_MODE:
	168	case EVP_CIPH_OFB_MODE:
	169
	170	ctx->num = 0;
	171	/* fall-through */
	172
	173	case EVP_CIPH_CBC_MODE:
	174
	175	OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
	176	(int)sizeof(ctx->iv));
	177	if (iv)
	178	memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
	179	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
	180	break;
	181
	182	case EVP_CIPH_CTR_MODE:
	183	ctx->num = 0;
	184	/* Don't reuse IV for CTR mode */
	185	if (iv)
	186	memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
	187	break;
	188
	189	default:
	190	return 0;
0f113f3e MC	191	}
	192	}
	193
	194	if (key \|\| (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
	195	if (!ctx->cipher->init(ctx, key, iv, enc))
	196	return 0;
	197	}
	198	ctx->buf_len = 0;
	199	ctx->final_used = 0;
	200	ctx->block_mask = ctx->cipher->block_size - 1;
	201	return 1;
	202	}
d02b48c6	203
be06a934	204	int EVP_CipherUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
0f113f3e MC	205	const unsigned char *in, int inl)
	206	{
	207	if (ctx->encrypt)
	208	return EVP_EncryptUpdate(ctx, out, outl, in, inl);
	209	else
	210	return EVP_DecryptUpdate(ctx, out, outl, in, inl);
	211	}
d02b48c6	212
581f1c84	213	int EVP_CipherFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
0f113f3e MC	214	{
	215	if (ctx->encrypt)
	216	return EVP_EncryptFinal_ex(ctx, out, outl);
	217	else
	218	return EVP_DecryptFinal_ex(ctx, out, outl);
	219	}
581f1c84	220
6b691a5c	221	int EVP_CipherFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
0f113f3e MC	222	{
	223	if (ctx->encrypt)
	224	return EVP_EncryptFinal(ctx, out, outl);
	225	else
	226	return EVP_DecryptFinal(ctx, out, outl);
	227	}
d02b48c6	228
be06a934	229	int EVP_EncryptInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
0f113f3e MC	230	const unsigned char key, const unsigned char iv)
	231	{
	232	return EVP_CipherInit(ctx, cipher, key, iv, 1);
	233	}
18eda732	234
0f113f3e MC	235	int EVP_EncryptInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
	236	ENGINE impl, const unsigned char key,
	237	const unsigned char *iv)
	238	{
	239	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
	240	}
d02b48c6	241
be06a934	242	int EVP_DecryptInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
0f113f3e MC	243	const unsigned char key, const unsigned char iv)
	244	{
	245	return EVP_CipherInit(ctx, cipher, key, iv, 0);
	246	}
18eda732	247
0f113f3e MC	248	int EVP_DecryptInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
	249	ENGINE impl, const unsigned char key,
	250	const unsigned char *iv)
	251	{
	252	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
	253	}
d02b48c6	254
be06a934	255	int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
0f113f3e MC	256	const unsigned char *in, int inl)
	257	{
	258	int i, j, bl;
	259
	260	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
	261	i = ctx->cipher->do_cipher(ctx, out, in, inl);
	262	if (i < 0)
	263	return 0;
	264	else
	265	*outl = i;
	266	return 1;
	267	}
	268
	269	if (inl <= 0) {
	270	*outl = 0;
	271	return inl == 0;
	272	}
	273
	274	if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
	275	if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
	276	*outl = inl;
	277	return 1;
	278	} else {
	279	*outl = 0;
	280	return 0;
	281	}
	282	}
	283	i = ctx->buf_len;
	284	bl = ctx->cipher->block_size;
	285	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
	286	if (i != 0) {
3f358213	287	if (bl - i > inl) {
0f113f3e MC	288	memcpy(&(ctx->buf[i]), in, inl);
	289	ctx->buf_len += inl;
	290	*outl = 0;
	291	return 1;
	292	} else {
	293	j = bl - i;
	294	memcpy(&(ctx->buf[i]), in, j);
	295	if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
	296	return 0;
	297	inl -= j;
	298	in += j;
	299	out += bl;
	300	*outl = bl;
	301	}
	302	} else
	303	*outl = 0;
	304	i = inl & (bl - 1);
	305	inl -= i;
	306	if (inl > 0) {
	307	if (!ctx->cipher->do_cipher(ctx, out, in, inl))
	308	return 0;
	309	*outl += inl;
	310	}
	311
	312	if (i != 0)
	313	memcpy(ctx->buf, &(in[inl]), i);
	314	ctx->buf_len = i;
	315	return 1;
	316	}
d02b48c6	317
be06a934	318	int EVP_EncryptFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
0f113f3e MC	319	{
	320	int ret;
	321	ret = EVP_EncryptFinal_ex(ctx, out, outl);
	322	return ret;
	323	}
581f1c84 DSH	324
581f1c84 DSH	325	int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
0f113f3e MC	326	{
	327	int n, ret;
	328	unsigned int i, b, bl;
	329
	330	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
	331	ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
	332	if (ret < 0)
	333	return 0;
	334	else
	335	*outl = ret;
	336	return 1;
	337	}
	338
	339	b = ctx->cipher->block_size;
	340	OPENSSL_assert(b <= sizeof ctx->buf);
	341	if (b == 1) {
	342	*outl = 0;
	343	return 1;
	344	}
	345	bl = ctx->buf_len;
	346	if (ctx->flags & EVP_CIPH_NO_PADDING) {
	347	if (bl) {
	348	EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
	349	EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
	350	return 0;
	351	}
	352	*outl = 0;
	353	return 1;
	354	}
	355
	356	n = b - bl;
	357	for (i = bl; i < b; i++)
	358	ctx->buf[i] = n;
	359	ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
	360
	361	if (ret)
	362	*outl = b;
	363
	364	return ret;
	365	}
d02b48c6	366
be06a934	367	int EVP_DecryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
0f113f3e MC	368	const unsigned char *in, int inl)
	369	{
	370	int fix_len;
	371	unsigned int b;
	372
	373	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
	374	fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
	375	if (fix_len < 0) {
	376	*outl = 0;
	377	return 0;
	378	} else
	379	*outl = fix_len;
	380	return 1;
	381	}
	382
	383	if (inl <= 0) {
	384	*outl = 0;
	385	return inl == 0;
	386	}
	387
	388	if (ctx->flags & EVP_CIPH_NO_PADDING)
	389	return EVP_EncryptUpdate(ctx, out, outl, in, inl);
	390
	391	b = ctx->cipher->block_size;
	392	OPENSSL_assert(b <= sizeof ctx->final);
	393
	394	if (ctx->final_used) {
	395	memcpy(out, ctx->final, b);
	396	out += b;
	397	fix_len = 1;
	398	} else
	399	fix_len = 0;
	400
	401	if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
	402	return 0;
	403
	404	/*
	405	* if we have 'decrypted' a multiple of block size, make sure we have a
	406	* copy of this last block
	407	*/
	408	if (b > 1 && !ctx->buf_len) {
	409	*outl -= b;
	410	ctx->final_used = 1;
	411	memcpy(ctx->final, &out[*outl], b);
	412	} else
	413	ctx->final_used = 0;
	414
	415	if (fix_len)
	416	*outl += b;
	417
	418	return 1;
	419	}
d02b48c6	420
6b691a5c	421	int EVP_DecryptFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
0f113f3e MC	422	{
	423	int ret;
	424	ret = EVP_DecryptFinal_ex(ctx, out, outl);
	425	return ret;
	426	}
581f1c84 DSH	427
581f1c84 DSH	428	int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
0f113f3e MC	429	{
	430	int i, n;
	431	unsigned int b;
	432	*outl = 0;
	433
	434	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
	435	i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
	436	if (i < 0)
	437	return 0;
	438	else
	439	*outl = i;
	440	return 1;
	441	}
	442
	443	b = ctx->cipher->block_size;
	444	if (ctx->flags & EVP_CIPH_NO_PADDING) {
	445	if (ctx->buf_len) {
	446	EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
	447	EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
	448	return 0;
	449	}
	450	*outl = 0;
	451	return 1;
	452	}
	453	if (b > 1) {
	454	if (ctx->buf_len \|\| !ctx->final_used) {
	455	EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
	456	return (0);
	457	}
	458	OPENSSL_assert(b <= sizeof ctx->final);
	459
	460	/*
	461	* The following assumes that the ciphertext has been authenticated.
	462	* Otherwise it provides a padding oracle.
	463	*/
	464	n = ctx->final[b - 1];
	465	if (n == 0 \|\| n > (int)b) {
	466	EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
	467	return (0);
	468	}
	469	for (i = 0; i < n; i++) {
	470	if (ctx->final[--b] != n) {
	471	EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
	472	return (0);
	473	}
	474	}
	475	n = ctx->cipher->block_size - n;
	476	for (i = 0; i < n; i++)
	477	out[i] = ctx->final[i];
	478	*outl = n;
	479	} else
	480	*outl = 0;
	481	return (1);
	482	}
d02b48c6	483
6343829a	484	int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
0f113f3e MC	485	{
	486	if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
	487	return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
	488	if (c->key_len == keylen)
	489	return 1;
	490	if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
	491	c->key_len = keylen;
	492	return 1;
	493	}
	494	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
	495	return 0;
	496	}
49528751	497
f2e5ca84	498	int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
0f113f3e MC	499	{
	500	if (pad)
	501	ctx->flags &= ~EVP_CIPH_NO_PADDING;
	502	else
	503	ctx->flags \|= EVP_CIPH_NO_PADDING;
	504	return 1;
	505	}
f2e5ca84	506
49528751 DSH	507	int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX ctx, int type, int arg, void ptr)
49528751 DSH	508	{
0f113f3e MC	509	int ret;
	510	if (!ctx->cipher) {
	511	EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
	512	return 0;
	513	}
	514
	515	if (!ctx->cipher->ctrl) {
	516	EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
	517	return 0;
	518	}
	519
	520	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
	521	if (ret == -1) {
	522	EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
	523	EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
	524	return 0;
	525	}
	526	return ret;
49528751	527	}
216659eb DSH	528
216659eb DSH	529	int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX ctx, unsigned char key)
0f113f3e MC	530	{
	531	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
	532	return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
	533	if (RAND_bytes(key, ctx->key_len) <= 0)
	534	return 0;
	535	return 1;
	536	}
216659eb	537
c2bf7208	538	int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX out, const EVP_CIPHER_CTX in)
0f113f3e MC	539	{
	540	if ((in == NULL) \|\| (in->cipher == NULL)) {
	541	EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
	542	return 0;
	543	}
c2bf7208	544	#ifndef OPENSSL_NO_ENGINE
0f113f3e MC	545	/* Make sure it's safe to copy a cipher context using an ENGINE */
	546	if (in->engine && !ENGINE_init(in->engine)) {
	547	EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
	548	return 0;
	549	}
c2bf7208 DSH	550	#endif
c2bf7208 DSH	551
c0ca39bd	552	EVP_CIPHER_CTX_reset(out);
b4faea50	553	memcpy(out, in, sizeof(*out));
0f113f3e MC	554
	555	if (in->cipher_data && in->cipher->ctx_size) {
	556	out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
90945fa3	557	if (out->cipher_data == NULL) {
0f113f3e MC	558	EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
	559	return 0;
	560	}
	561	memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
	562	}
	563
	564	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
	565	return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
	566	return 1;
	567	}