]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/evp_enc.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
RT2680: Public EC key is shown as private
[thirdparty/openssl.git] / crypto / evp / evp_enc.c
1 /*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/evp.h>
13 #include <openssl/err.h>
14 #include <openssl/rand.h>
15 #include <openssl/engine.h>
16 #include "internal/evp_int.h"
17 #include "evp_locl.h"
18
19 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
20 {
21 if (c == NULL)
22 return 1;
23 if (c->cipher != NULL) {
24 if (c->cipher->cleanup && !c->cipher->cleanup(c))
25 return 0;
26 /* Cleanse cipher context data */
27 if (c->cipher_data && c->cipher->ctx_size)
28 OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
29 }
30 OPENSSL_free(c->cipher_data);
31 #ifndef OPENSSL_NO_ENGINE
32 ENGINE_finish(c->engine);
33 #endif
34 memset(c, 0, sizeof(*c));
35 return 1;
36 }
37
38 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
39 {
40 return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
41 }
42
43 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
44 {
45 EVP_CIPHER_CTX_reset(ctx);
46 OPENSSL_free(ctx);
47 }
48
49 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
50 const unsigned char *key, const unsigned char *iv, int enc)
51 {
52 EVP_CIPHER_CTX_reset(ctx);
53 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
54 }
55
56 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
57 ENGINE *impl, const unsigned char *key,
58 const unsigned char *iv, int enc)
59 {
60 if (enc == -1)
61 enc = ctx->encrypt;
62 else {
63 if (enc)
64 enc = 1;
65 ctx->encrypt = enc;
66 }
67 #ifndef OPENSSL_NO_ENGINE
68 /*
69 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
70 * this context may already have an ENGINE! Try to avoid releasing the
71 * previous handle, re-querying for an ENGINE, and having a
72 * reinitialisation, when it may all be unnecessary.
73 */
74 if (ctx->engine && ctx->cipher
75 && (cipher == NULL || cipher->nid == ctx->cipher->nid))
76 goto skip_to_init;
77 #endif
78 if (cipher) {
79 /*
80 * Ensure a context left lying around from last time is cleared (the
81 * previous check attempted to avoid this if the same ENGINE and
82 * EVP_CIPHER could be used).
83 */
84 if (ctx->cipher) {
85 unsigned long flags = ctx->flags;
86 EVP_CIPHER_CTX_reset(ctx);
87 /* Restore encrypt and flags */
88 ctx->encrypt = enc;
89 ctx->flags = flags;
90 }
91 #ifndef OPENSSL_NO_ENGINE
92 if (impl) {
93 if (!ENGINE_init(impl)) {
94 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
95 return 0;
96 }
97 } else
98 /* Ask if an ENGINE is reserved for this job */
99 impl = ENGINE_get_cipher_engine(cipher->nid);
100 if (impl) {
101 /* There's an ENGINE for this job ... (apparently) */
102 const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
103 if (!c) {
104 /*
105 * One positive side-effect of US's export control history,
106 * is that we should at least be able to avoid using US
107 * misspellings of "initialisation"?
108 */
109 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
110 return 0;
111 }
112 /* We'll use the ENGINE's private cipher definition */
113 cipher = c;
114 /*
115 * Store the ENGINE functional reference so we know 'cipher' came
116 * from an ENGINE and we need to release it when done.
117 */
118 ctx->engine = impl;
119 } else
120 ctx->engine = NULL;
121 #endif
122
123 ctx->cipher = cipher;
124 if (ctx->cipher->ctx_size) {
125 ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
126 if (ctx->cipher_data == NULL) {
127 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
128 return 0;
129 }
130 } else {
131 ctx->cipher_data = NULL;
132 }
133 ctx->key_len = cipher->key_len;
134 /* Preserve wrap enable flag, zero everything else */
135 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
136 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
137 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
138 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
139 return 0;
140 }
141 }
142 } else if (!ctx->cipher) {
143 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
144 return 0;
145 }
146 #ifndef OPENSSL_NO_ENGINE
147 skip_to_init:
148 #endif
149 /* we assume block size is a power of 2 in *cryptUpdate */
150 OPENSSL_assert(ctx->cipher->block_size == 1
151 || ctx->cipher->block_size == 8
152 || ctx->cipher->block_size == 16);
153
154 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
155 && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
156 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
157 return 0;
158 }
159
160 if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
161 switch (EVP_CIPHER_CTX_mode(ctx)) {
162
163 case EVP_CIPH_STREAM_CIPHER:
164 case EVP_CIPH_ECB_MODE:
165 break;
166
167 case EVP_CIPH_CFB_MODE:
168 case EVP_CIPH_OFB_MODE:
169
170 ctx->num = 0;
171 /* fall-through */
172
173 case EVP_CIPH_CBC_MODE:
174
175 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
176 (int)sizeof(ctx->iv));
177 if (iv)
178 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
179 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
180 break;
181
182 case EVP_CIPH_CTR_MODE:
183 ctx->num = 0;
184 /* Don't reuse IV for CTR mode */
185 if (iv)
186 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
187 break;
188
189 default:
190 return 0;
191 }
192 }
193
194 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
195 if (!ctx->cipher->init(ctx, key, iv, enc))
196 return 0;
197 }
198 ctx->buf_len = 0;
199 ctx->final_used = 0;
200 ctx->block_mask = ctx->cipher->block_size - 1;
201 return 1;
202 }
203
204 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
205 const unsigned char *in, int inl)
206 {
207 if (ctx->encrypt)
208 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
209 else
210 return EVP_DecryptUpdate(ctx, out, outl, in, inl);
211 }
212
213 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
214 {
215 if (ctx->encrypt)
216 return EVP_EncryptFinal_ex(ctx, out, outl);
217 else
218 return EVP_DecryptFinal_ex(ctx, out, outl);
219 }
220
221 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
222 {
223 if (ctx->encrypt)
224 return EVP_EncryptFinal(ctx, out, outl);
225 else
226 return EVP_DecryptFinal(ctx, out, outl);
227 }
228
229 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
230 const unsigned char *key, const unsigned char *iv)
231 {
232 return EVP_CipherInit(ctx, cipher, key, iv, 1);
233 }
234
235 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
236 ENGINE *impl, const unsigned char *key,
237 const unsigned char *iv)
238 {
239 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
240 }
241
242 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
243 const unsigned char *key, const unsigned char *iv)
244 {
245 return EVP_CipherInit(ctx, cipher, key, iv, 0);
246 }
247
248 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
249 ENGINE *impl, const unsigned char *key,
250 const unsigned char *iv)
251 {
252 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
253 }
254
255 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
256 const unsigned char *in, int inl)
257 {
258 int i, j, bl;
259
260 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
261 i = ctx->cipher->do_cipher(ctx, out, in, inl);
262 if (i < 0)
263 return 0;
264 else
265 *outl = i;
266 return 1;
267 }
268
269 if (inl <= 0) {
270 *outl = 0;
271 return inl == 0;
272 }
273
274 if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
275 if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
276 *outl = inl;
277 return 1;
278 } else {
279 *outl = 0;
280 return 0;
281 }
282 }
283 i = ctx->buf_len;
284 bl = ctx->cipher->block_size;
285 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
286 if (i != 0) {
287 if (bl - i > inl) {
288 memcpy(&(ctx->buf[i]), in, inl);
289 ctx->buf_len += inl;
290 *outl = 0;
291 return 1;
292 } else {
293 j = bl - i;
294 memcpy(&(ctx->buf[i]), in, j);
295 if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
296 return 0;
297 inl -= j;
298 in += j;
299 out += bl;
300 *outl = bl;
301 }
302 } else
303 *outl = 0;
304 i = inl & (bl - 1);
305 inl -= i;
306 if (inl > 0) {
307 if (!ctx->cipher->do_cipher(ctx, out, in, inl))
308 return 0;
309 *outl += inl;
310 }
311
312 if (i != 0)
313 memcpy(ctx->buf, &(in[inl]), i);
314 ctx->buf_len = i;
315 return 1;
316 }
317
318 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
319 {
320 int ret;
321 ret = EVP_EncryptFinal_ex(ctx, out, outl);
322 return ret;
323 }
324
325 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
326 {
327 int n, ret;
328 unsigned int i, b, bl;
329
330 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
331 ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
332 if (ret < 0)
333 return 0;
334 else
335 *outl = ret;
336 return 1;
337 }
338
339 b = ctx->cipher->block_size;
340 OPENSSL_assert(b <= sizeof ctx->buf);
341 if (b == 1) {
342 *outl = 0;
343 return 1;
344 }
345 bl = ctx->buf_len;
346 if (ctx->flags & EVP_CIPH_NO_PADDING) {
347 if (bl) {
348 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
349 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
350 return 0;
351 }
352 *outl = 0;
353 return 1;
354 }
355
356 n = b - bl;
357 for (i = bl; i < b; i++)
358 ctx->buf[i] = n;
359 ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
360
361 if (ret)
362 *outl = b;
363
364 return ret;
365 }
366
367 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
368 const unsigned char *in, int inl)
369 {
370 int fix_len;
371 unsigned int b;
372
373 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
374 fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
375 if (fix_len < 0) {
376 *outl = 0;
377 return 0;
378 } else
379 *outl = fix_len;
380 return 1;
381 }
382
383 if (inl <= 0) {
384 *outl = 0;
385 return inl == 0;
386 }
387
388 if (ctx->flags & EVP_CIPH_NO_PADDING)
389 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
390
391 b = ctx->cipher->block_size;
392 OPENSSL_assert(b <= sizeof ctx->final);
393
394 if (ctx->final_used) {
395 memcpy(out, ctx->final, b);
396 out += b;
397 fix_len = 1;
398 } else
399 fix_len = 0;
400
401 if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
402 return 0;
403
404 /*
405 * if we have 'decrypted' a multiple of block size, make sure we have a
406 * copy of this last block
407 */
408 if (b > 1 && !ctx->buf_len) {
409 *outl -= b;
410 ctx->final_used = 1;
411 memcpy(ctx->final, &out[*outl], b);
412 } else
413 ctx->final_used = 0;
414
415 if (fix_len)
416 *outl += b;
417
418 return 1;
419 }
420
421 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
422 {
423 int ret;
424 ret = EVP_DecryptFinal_ex(ctx, out, outl);
425 return ret;
426 }
427
428 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
429 {
430 int i, n;
431 unsigned int b;
432 *outl = 0;
433
434 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
435 i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
436 if (i < 0)
437 return 0;
438 else
439 *outl = i;
440 return 1;
441 }
442
443 b = ctx->cipher->block_size;
444 if (ctx->flags & EVP_CIPH_NO_PADDING) {
445 if (ctx->buf_len) {
446 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
447 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
448 return 0;
449 }
450 *outl = 0;
451 return 1;
452 }
453 if (b > 1) {
454 if (ctx->buf_len || !ctx->final_used) {
455 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
456 return (0);
457 }
458 OPENSSL_assert(b <= sizeof ctx->final);
459
460 /*
461 * The following assumes that the ciphertext has been authenticated.
462 * Otherwise it provides a padding oracle.
463 */
464 n = ctx->final[b - 1];
465 if (n == 0 || n > (int)b) {
466 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
467 return (0);
468 }
469 for (i = 0; i < n; i++) {
470 if (ctx->final[--b] != n) {
471 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
472 return (0);
473 }
474 }
475 n = ctx->cipher->block_size - n;
476 for (i = 0; i < n; i++)
477 out[i] = ctx->final[i];
478 *outl = n;
479 } else
480 *outl = 0;
481 return (1);
482 }
483
484 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
485 {
486 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
487 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
488 if (c->key_len == keylen)
489 return 1;
490 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
491 c->key_len = keylen;
492 return 1;
493 }
494 EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
495 return 0;
496 }
497
498 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
499 {
500 if (pad)
501 ctx->flags &= ~EVP_CIPH_NO_PADDING;
502 else
503 ctx->flags |= EVP_CIPH_NO_PADDING;
504 return 1;
505 }
506
507 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
508 {
509 int ret;
510 if (!ctx->cipher) {
511 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
512 return 0;
513 }
514
515 if (!ctx->cipher->ctrl) {
516 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
517 return 0;
518 }
519
520 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
521 if (ret == -1) {
522 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
523 EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
524 return 0;
525 }
526 return ret;
527 }
528
529 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
530 {
531 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
532 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
533 if (RAND_bytes(key, ctx->key_len) <= 0)
534 return 0;
535 return 1;
536 }
537
538 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
539 {
540 if ((in == NULL) || (in->cipher == NULL)) {
541 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
542 return 0;
543 }
544 #ifndef OPENSSL_NO_ENGINE
545 /* Make sure it's safe to copy a cipher context using an ENGINE */
546 if (in->engine && !ENGINE_init(in->engine)) {
547 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
548 return 0;
549 }
550 #endif
551
552 EVP_CIPHER_CTX_reset(out);
553 memcpy(out, in, sizeof(*out));
554
555 if (in->cipher_data && in->cipher->ctx_size) {
556 out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
557 if (out->cipher_data == NULL) {
558 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
559 return 0;
560 }
561 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
562 }
563
564 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
565 return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
566 return 1;
567 }
A mirror of the official openssl repository