1 | /*
|
---|
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include <stdio.h>
|
---|
11 | #include <assert.h>
|
---|
12 | #include "internal/cryptlib.h"
|
---|
13 | #include <openssl/evp.h>
|
---|
14 | #include <openssl/err.h>
|
---|
15 | #include <openssl/rand.h>
|
---|
16 | #include <openssl/engine.h>
|
---|
17 | #include "internal/evp_int.h"
|
---|
18 | #include "evp_locl.h"
|
---|
19 |
|
---|
20 | int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
|
---|
21 | {
|
---|
22 | if (c == NULL)
|
---|
23 | return 1;
|
---|
24 | if (c->cipher != NULL) {
|
---|
25 | if (c->cipher->cleanup && !c->cipher->cleanup(c))
|
---|
26 | return 0;
|
---|
27 | /* Cleanse cipher context data */
|
---|
28 | if (c->cipher_data && c->cipher->ctx_size)
|
---|
29 | OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
|
---|
30 | }
|
---|
31 | OPENSSL_free(c->cipher_data);
|
---|
32 | #ifndef OPENSSL_NO_ENGINE
|
---|
33 | ENGINE_finish(c->engine);
|
---|
34 | #endif
|
---|
35 | memset(c, 0, sizeof(*c));
|
---|
36 | return 1;
|
---|
37 | }
|
---|
38 |
|
---|
39 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
|
---|
40 | {
|
---|
41 | return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
|
---|
42 | }
|
---|
43 |
|
---|
44 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
|
---|
45 | {
|
---|
46 | EVP_CIPHER_CTX_reset(ctx);
|
---|
47 | OPENSSL_free(ctx);
|
---|
48 | }
|
---|
49 |
|
---|
50 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
---|
51 | const unsigned char *key, const unsigned char *iv, int enc)
|
---|
52 | {
|
---|
53 | EVP_CIPHER_CTX_reset(ctx);
|
---|
54 | return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
|
---|
55 | }
|
---|
56 |
|
---|
57 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
---|
58 | ENGINE *impl, const unsigned char *key,
|
---|
59 | const unsigned char *iv, int enc)
|
---|
60 | {
|
---|
61 | if (enc == -1)
|
---|
62 | enc = ctx->encrypt;
|
---|
63 | else {
|
---|
64 | if (enc)
|
---|
65 | enc = 1;
|
---|
66 | ctx->encrypt = enc;
|
---|
67 | }
|
---|
68 | #ifndef OPENSSL_NO_ENGINE
|
---|
69 | /*
|
---|
70 | * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
|
---|
71 | * this context may already have an ENGINE! Try to avoid releasing the
|
---|
72 | * previous handle, re-querying for an ENGINE, and having a
|
---|
73 | * reinitialisation, when it may all be unnecessary.
|
---|
74 | */
|
---|
75 | if (ctx->engine && ctx->cipher
|
---|
76 | && (cipher == NULL || cipher->nid == ctx->cipher->nid))
|
---|
77 | goto skip_to_init;
|
---|
78 | #endif
|
---|
79 | if (cipher) {
|
---|
80 | /*
|
---|
81 | * Ensure a context left lying around from last time is cleared (the
|
---|
82 | * previous check attempted to avoid this if the same ENGINE and
|
---|
83 | * EVP_CIPHER could be used).
|
---|
84 | */
|
---|
85 | if (ctx->cipher) {
|
---|
86 | unsigned long flags = ctx->flags;
|
---|
87 | EVP_CIPHER_CTX_reset(ctx);
|
---|
88 | /* Restore encrypt and flags */
|
---|
89 | ctx->encrypt = enc;
|
---|
90 | ctx->flags = flags;
|
---|
91 | }
|
---|
92 | #ifndef OPENSSL_NO_ENGINE
|
---|
93 | if (impl) {
|
---|
94 | if (!ENGINE_init(impl)) {
|
---|
95 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
|
---|
96 | return 0;
|
---|
97 | }
|
---|
98 | } else
|
---|
99 | /* Ask if an ENGINE is reserved for this job */
|
---|
100 | impl = ENGINE_get_cipher_engine(cipher->nid);
|
---|
101 | if (impl) {
|
---|
102 | /* There's an ENGINE for this job ... (apparently) */
|
---|
103 | const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
|
---|
104 | if (!c) {
|
---|
105 | /*
|
---|
106 | * One positive side-effect of US's export control history,
|
---|
107 | * is that we should at least be able to avoid using US
|
---|
108 | * misspellings of "initialisation"?
|
---|
109 | */
|
---|
110 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
|
---|
111 | return 0;
|
---|
112 | }
|
---|
113 | /* We'll use the ENGINE's private cipher definition */
|
---|
114 | cipher = c;
|
---|
115 | /*
|
---|
116 | * Store the ENGINE functional reference so we know 'cipher' came
|
---|
117 | * from an ENGINE and we need to release it when done.
|
---|
118 | */
|
---|
119 | ctx->engine = impl;
|
---|
120 | } else
|
---|
121 | ctx->engine = NULL;
|
---|
122 | #endif
|
---|
123 |
|
---|
124 | ctx->cipher = cipher;
|
---|
125 | if (ctx->cipher->ctx_size) {
|
---|
126 | ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
|
---|
127 | if (ctx->cipher_data == NULL) {
|
---|
128 | ctx->cipher = NULL;
|
---|
129 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
|
---|
130 | return 0;
|
---|
131 | }
|
---|
132 | } else {
|
---|
133 | ctx->cipher_data = NULL;
|
---|
134 | }
|
---|
135 | ctx->key_len = cipher->key_len;
|
---|
136 | /* Preserve wrap enable flag, zero everything else */
|
---|
137 | ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
|
---|
138 | if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
|
---|
139 | if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
|
---|
140 | ctx->cipher = NULL;
|
---|
141 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
|
---|
142 | return 0;
|
---|
143 | }
|
---|
144 | }
|
---|
145 | } else if (!ctx->cipher) {
|
---|
146 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
|
---|
147 | return 0;
|
---|
148 | }
|
---|
149 | #ifndef OPENSSL_NO_ENGINE
|
---|
150 | skip_to_init:
|
---|
151 | #endif
|
---|
152 | /* we assume block size is a power of 2 in *cryptUpdate */
|
---|
153 | OPENSSL_assert(ctx->cipher->block_size == 1
|
---|
154 | || ctx->cipher->block_size == 8
|
---|
155 | || ctx->cipher->block_size == 16);
|
---|
156 |
|
---|
157 | if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
|
---|
158 | && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
|
---|
159 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
|
---|
160 | return 0;
|
---|
161 | }
|
---|
162 |
|
---|
163 | if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
|
---|
164 | switch (EVP_CIPHER_CTX_mode(ctx)) {
|
---|
165 |
|
---|
166 | case EVP_CIPH_STREAM_CIPHER:
|
---|
167 | case EVP_CIPH_ECB_MODE:
|
---|
168 | break;
|
---|
169 |
|
---|
170 | case EVP_CIPH_CFB_MODE:
|
---|
171 | case EVP_CIPH_OFB_MODE:
|
---|
172 |
|
---|
173 | ctx->num = 0;
|
---|
174 | /* fall-through */
|
---|
175 |
|
---|
176 | case EVP_CIPH_CBC_MODE:
|
---|
177 |
|
---|
178 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
|
---|
179 | (int)sizeof(ctx->iv));
|
---|
180 | if (iv)
|
---|
181 | memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
---|
182 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
|
---|
183 | break;
|
---|
184 |
|
---|
185 | case EVP_CIPH_CTR_MODE:
|
---|
186 | ctx->num = 0;
|
---|
187 | /* Don't reuse IV for CTR mode */
|
---|
188 | if (iv)
|
---|
189 | memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
---|
190 | break;
|
---|
191 |
|
---|
192 | default:
|
---|
193 | return 0;
|
---|
194 | }
|
---|
195 | }
|
---|
196 |
|
---|
197 | if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
|
---|
198 | if (!ctx->cipher->init(ctx, key, iv, enc))
|
---|
199 | return 0;
|
---|
200 | }
|
---|
201 | ctx->buf_len = 0;
|
---|
202 | ctx->final_used = 0;
|
---|
203 | ctx->block_mask = ctx->cipher->block_size - 1;
|
---|
204 | return 1;
|
---|
205 | }
|
---|
206 |
|
---|
207 | int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
---|
208 | const unsigned char *in, int inl)
|
---|
209 | {
|
---|
210 | if (ctx->encrypt)
|
---|
211 | return EVP_EncryptUpdate(ctx, out, outl, in, inl);
|
---|
212 | else
|
---|
213 | return EVP_DecryptUpdate(ctx, out, outl, in, inl);
|
---|
214 | }
|
---|
215 |
|
---|
216 | int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
---|
217 | {
|
---|
218 | if (ctx->encrypt)
|
---|
219 | return EVP_EncryptFinal_ex(ctx, out, outl);
|
---|
220 | else
|
---|
221 | return EVP_DecryptFinal_ex(ctx, out, outl);
|
---|
222 | }
|
---|
223 |
|
---|
224 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
---|
225 | {
|
---|
226 | if (ctx->encrypt)
|
---|
227 | return EVP_EncryptFinal(ctx, out, outl);
|
---|
228 | else
|
---|
229 | return EVP_DecryptFinal(ctx, out, outl);
|
---|
230 | }
|
---|
231 |
|
---|
232 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
---|
233 | const unsigned char *key, const unsigned char *iv)
|
---|
234 | {
|
---|
235 | return EVP_CipherInit(ctx, cipher, key, iv, 1);
|
---|
236 | }
|
---|
237 |
|
---|
238 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
---|
239 | ENGINE *impl, const unsigned char *key,
|
---|
240 | const unsigned char *iv)
|
---|
241 | {
|
---|
242 | return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
|
---|
243 | }
|
---|
244 |
|
---|
245 | int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
---|
246 | const unsigned char *key, const unsigned char *iv)
|
---|
247 | {
|
---|
248 | return EVP_CipherInit(ctx, cipher, key, iv, 0);
|
---|
249 | }
|
---|
250 |
|
---|
251 | int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
---|
252 | ENGINE *impl, const unsigned char *key,
|
---|
253 | const unsigned char *iv)
|
---|
254 | {
|
---|
255 | return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
|
---|
256 | }
|
---|
257 |
|
---|
258 | /*
|
---|
259 | * According to the letter of standard difference between pointers
|
---|
260 | * is specified to be valid only within same object. This makes
|
---|
261 | * it formally challenging to determine if input and output buffers
|
---|
262 | * are not partially overlapping with standard pointer arithmetic.
|
---|
263 | */
|
---|
264 | #ifdef PTRDIFF_T
|
---|
265 | # undef PTRDIFF_T
|
---|
266 | #endif
|
---|
267 | #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
|
---|
268 | /*
|
---|
269 | * Then we have VMS that distinguishes itself by adhering to
|
---|
270 | * sizeof(size_t)==4 even in 64-bit builds, which means that
|
---|
271 | * difference between two pointers might be truncated to 32 bits.
|
---|
272 | * In the context one can even wonder how comparison for
|
---|
273 | * equality is implemented. To be on the safe side we adhere to
|
---|
274 | * PTRDIFF_T even for comparison for equality.
|
---|
275 | */
|
---|
276 | # define PTRDIFF_T uint64_t
|
---|
277 | #else
|
---|
278 | # define PTRDIFF_T size_t
|
---|
279 | #endif
|
---|
280 |
|
---|
281 | int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
|
---|
282 | {
|
---|
283 | PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
|
---|
284 | /*
|
---|
285 | * Check for partially overlapping buffers. [Binary logical
|
---|
286 | * operations are used instead of boolean to minimize number
|
---|
287 | * of conditional branches.]
|
---|
288 | */
|
---|
289 | int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
|
---|
290 | (diff > (0 - (PTRDIFF_T)len)));
|
---|
291 |
|
---|
292 | return overlapped;
|
---|
293 | }
|
---|
294 |
|
---|
295 | int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
---|
296 | const unsigned char *in, int inl)
|
---|
297 | {
|
---|
298 | int i, j, bl, cmpl = inl;
|
---|
299 |
|
---|
300 | if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
|
---|
301 | cmpl = (cmpl + 7) / 8;
|
---|
302 |
|
---|
303 | bl = ctx->cipher->block_size;
|
---|
304 |
|
---|
305 | if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
---|
306 | /* If block size > 1 then the cipher will have to do this check */
|
---|
307 | if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
|
---|
308 | EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
|
---|
309 | return 0;
|
---|
310 | }
|
---|
311 |
|
---|
312 | i = ctx->cipher->do_cipher(ctx, out, in, inl);
|
---|
313 | if (i < 0)
|
---|
314 | return 0;
|
---|
315 | else
|
---|
316 | *outl = i;
|
---|
317 | return 1;
|
---|
318 | }
|
---|
319 |
|
---|
320 | if (inl <= 0) {
|
---|
321 | *outl = 0;
|
---|
322 | return inl == 0;
|
---|
323 | }
|
---|
324 | if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
|
---|
325 | EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
|
---|
326 | return 0;
|
---|
327 | }
|
---|
328 |
|
---|
329 | if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
|
---|
330 | if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
|
---|
331 | *outl = inl;
|
---|
332 | return 1;
|
---|
333 | } else {
|
---|
334 | *outl = 0;
|
---|
335 | return 0;
|
---|
336 | }
|
---|
337 | }
|
---|
338 | i = ctx->buf_len;
|
---|
339 | OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
|
---|
340 | if (i != 0) {
|
---|
341 | if (bl - i > inl) {
|
---|
342 | memcpy(&(ctx->buf[i]), in, inl);
|
---|
343 | ctx->buf_len += inl;
|
---|
344 | *outl = 0;
|
---|
345 | return 1;
|
---|
346 | } else {
|
---|
347 | j = bl - i;
|
---|
348 | memcpy(&(ctx->buf[i]), in, j);
|
---|
349 | inl -= j;
|
---|
350 | in += j;
|
---|
351 | if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
|
---|
352 | return 0;
|
---|
353 | out += bl;
|
---|
354 | *outl = bl;
|
---|
355 | }
|
---|
356 | } else
|
---|
357 | *outl = 0;
|
---|
358 | i = inl & (bl - 1);
|
---|
359 | inl -= i;
|
---|
360 | if (inl > 0) {
|
---|
361 | if (!ctx->cipher->do_cipher(ctx, out, in, inl))
|
---|
362 | return 0;
|
---|
363 | *outl += inl;
|
---|
364 | }
|
---|
365 |
|
---|
366 | if (i != 0)
|
---|
367 | memcpy(ctx->buf, &(in[inl]), i);
|
---|
368 | ctx->buf_len = i;
|
---|
369 | return 1;
|
---|
370 | }
|
---|
371 |
|
---|
372 | int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
---|
373 | {
|
---|
374 | int ret;
|
---|
375 | ret = EVP_EncryptFinal_ex(ctx, out, outl);
|
---|
376 | return ret;
|
---|
377 | }
|
---|
378 |
|
---|
379 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
---|
380 | {
|
---|
381 | int n, ret;
|
---|
382 | unsigned int i, b, bl;
|
---|
383 |
|
---|
384 | if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
---|
385 | ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
|
---|
386 | if (ret < 0)
|
---|
387 | return 0;
|
---|
388 | else
|
---|
389 | *outl = ret;
|
---|
390 | return 1;
|
---|
391 | }
|
---|
392 |
|
---|
393 | b = ctx->cipher->block_size;
|
---|
394 | OPENSSL_assert(b <= sizeof ctx->buf);
|
---|
395 | if (b == 1) {
|
---|
396 | *outl = 0;
|
---|
397 | return 1;
|
---|
398 | }
|
---|
399 | bl = ctx->buf_len;
|
---|
400 | if (ctx->flags & EVP_CIPH_NO_PADDING) {
|
---|
401 | if (bl) {
|
---|
402 | EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
|
---|
403 | EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
|
---|
404 | return 0;
|
---|
405 | }
|
---|
406 | *outl = 0;
|
---|
407 | return 1;
|
---|
408 | }
|
---|
409 |
|
---|
410 | n = b - bl;
|
---|
411 | for (i = bl; i < b; i++)
|
---|
412 | ctx->buf[i] = n;
|
---|
413 | ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
|
---|
414 |
|
---|
415 | if (ret)
|
---|
416 | *outl = b;
|
---|
417 |
|
---|
418 | return ret;
|
---|
419 | }
|
---|
420 |
|
---|
421 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
---|
422 | const unsigned char *in, int inl)
|
---|
423 | {
|
---|
424 | int fix_len, cmpl = inl;
|
---|
425 | unsigned int b;
|
---|
426 |
|
---|
427 | b = ctx->cipher->block_size;
|
---|
428 |
|
---|
429 | if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
|
---|
430 | cmpl = (cmpl + 7) / 8;
|
---|
431 |
|
---|
432 | if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
---|
433 | if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
|
---|
434 | EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
|
---|
435 | return 0;
|
---|
436 | }
|
---|
437 |
|
---|
438 | fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
|
---|
439 | if (fix_len < 0) {
|
---|
440 | *outl = 0;
|
---|
441 | return 0;
|
---|
442 | } else
|
---|
443 | *outl = fix_len;
|
---|
444 | return 1;
|
---|
445 | }
|
---|
446 |
|
---|
447 | if (inl <= 0) {
|
---|
448 | *outl = 0;
|
---|
449 | return inl == 0;
|
---|
450 | }
|
---|
451 |
|
---|
452 | if (ctx->flags & EVP_CIPH_NO_PADDING)
|
---|
453 | return EVP_EncryptUpdate(ctx, out, outl, in, inl);
|
---|
454 |
|
---|
455 | OPENSSL_assert(b <= sizeof ctx->final);
|
---|
456 |
|
---|
457 | if (ctx->final_used) {
|
---|
458 | /* see comment about PTRDIFF_T comparison above */
|
---|
459 | if (((PTRDIFF_T)out == (PTRDIFF_T)in)
|
---|
460 | || is_partially_overlapping(out, in, b)) {
|
---|
461 | EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
|
---|
462 | return 0;
|
---|
463 | }
|
---|
464 | memcpy(out, ctx->final, b);
|
---|
465 | out += b;
|
---|
466 | fix_len = 1;
|
---|
467 | } else
|
---|
468 | fix_len = 0;
|
---|
469 |
|
---|
470 | if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
|
---|
471 | return 0;
|
---|
472 |
|
---|
473 | /*
|
---|
474 | * if we have 'decrypted' a multiple of block size, make sure we have a
|
---|
475 | * copy of this last block
|
---|
476 | */
|
---|
477 | if (b > 1 && !ctx->buf_len) {
|
---|
478 | *outl -= b;
|
---|
479 | ctx->final_used = 1;
|
---|
480 | memcpy(ctx->final, &out[*outl], b);
|
---|
481 | } else
|
---|
482 | ctx->final_used = 0;
|
---|
483 |
|
---|
484 | if (fix_len)
|
---|
485 | *outl += b;
|
---|
486 |
|
---|
487 | return 1;
|
---|
488 | }
|
---|
489 |
|
---|
490 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
---|
491 | {
|
---|
492 | int ret;
|
---|
493 | ret = EVP_DecryptFinal_ex(ctx, out, outl);
|
---|
494 | return ret;
|
---|
495 | }
|
---|
496 |
|
---|
497 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
---|
498 | {
|
---|
499 | int i, n;
|
---|
500 | unsigned int b;
|
---|
501 | *outl = 0;
|
---|
502 |
|
---|
503 | if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
---|
504 | i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
|
---|
505 | if (i < 0)
|
---|
506 | return 0;
|
---|
507 | else
|
---|
508 | *outl = i;
|
---|
509 | return 1;
|
---|
510 | }
|
---|
511 |
|
---|
512 | b = ctx->cipher->block_size;
|
---|
513 | if (ctx->flags & EVP_CIPH_NO_PADDING) {
|
---|
514 | if (ctx->buf_len) {
|
---|
515 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
|
---|
516 | EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
|
---|
517 | return 0;
|
---|
518 | }
|
---|
519 | *outl = 0;
|
---|
520 | return 1;
|
---|
521 | }
|
---|
522 | if (b > 1) {
|
---|
523 | if (ctx->buf_len || !ctx->final_used) {
|
---|
524 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
|
---|
525 | return (0);
|
---|
526 | }
|
---|
527 | OPENSSL_assert(b <= sizeof ctx->final);
|
---|
528 |
|
---|
529 | /*
|
---|
530 | * The following assumes that the ciphertext has been authenticated.
|
---|
531 | * Otherwise it provides a padding oracle.
|
---|
532 | */
|
---|
533 | n = ctx->final[b - 1];
|
---|
534 | if (n == 0 || n > (int)b) {
|
---|
535 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
|
---|
536 | return (0);
|
---|
537 | }
|
---|
538 | for (i = 0; i < n; i++) {
|
---|
539 | if (ctx->final[--b] != n) {
|
---|
540 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
|
---|
541 | return (0);
|
---|
542 | }
|
---|
543 | }
|
---|
544 | n = ctx->cipher->block_size - n;
|
---|
545 | for (i = 0; i < n; i++)
|
---|
546 | out[i] = ctx->final[i];
|
---|
547 | *outl = n;
|
---|
548 | } else
|
---|
549 | *outl = 0;
|
---|
550 | return (1);
|
---|
551 | }
|
---|
552 |
|
---|
553 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
|
---|
554 | {
|
---|
555 | if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
|
---|
556 | return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
|
---|
557 | if (c->key_len == keylen)
|
---|
558 | return 1;
|
---|
559 | if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
|
---|
560 | c->key_len = keylen;
|
---|
561 | return 1;
|
---|
562 | }
|
---|
563 | EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
|
---|
564 | return 0;
|
---|
565 | }
|
---|
566 |
|
---|
567 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
|
---|
568 | {
|
---|
569 | if (pad)
|
---|
570 | ctx->flags &= ~EVP_CIPH_NO_PADDING;
|
---|
571 | else
|
---|
572 | ctx->flags |= EVP_CIPH_NO_PADDING;
|
---|
573 | return 1;
|
---|
574 | }
|
---|
575 |
|
---|
576 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
|
---|
577 | {
|
---|
578 | int ret;
|
---|
579 | if (!ctx->cipher) {
|
---|
580 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
|
---|
581 | return 0;
|
---|
582 | }
|
---|
583 |
|
---|
584 | if (!ctx->cipher->ctrl) {
|
---|
585 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
|
---|
586 | return 0;
|
---|
587 | }
|
---|
588 |
|
---|
589 | ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
|
---|
590 | if (ret == -1) {
|
---|
591 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
|
---|
592 | EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
|
---|
593 | return 0;
|
---|
594 | }
|
---|
595 | return ret;
|
---|
596 | }
|
---|
597 |
|
---|
598 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
|
---|
599 | {
|
---|
600 | if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
|
---|
601 | return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
|
---|
602 | if (RAND_bytes(key, ctx->key_len) <= 0)
|
---|
603 | return 0;
|
---|
604 | return 1;
|
---|
605 | }
|
---|
606 |
|
---|
607 | int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
|
---|
608 | {
|
---|
609 | if ((in == NULL) || (in->cipher == NULL)) {
|
---|
610 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
|
---|
611 | return 0;
|
---|
612 | }
|
---|
613 | #ifndef OPENSSL_NO_ENGINE
|
---|
614 | /* Make sure it's safe to copy a cipher context using an ENGINE */
|
---|
615 | if (in->engine && !ENGINE_init(in->engine)) {
|
---|
616 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
|
---|
617 | return 0;
|
---|
618 | }
|
---|
619 | #endif
|
---|
620 |
|
---|
621 | EVP_CIPHER_CTX_reset(out);
|
---|
622 | memcpy(out, in, sizeof(*out));
|
---|
623 |
|
---|
624 | if (in->cipher_data && in->cipher->ctx_size) {
|
---|
625 | out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
|
---|
626 | if (out->cipher_data == NULL) {
|
---|
627 | out->cipher = NULL;
|
---|
628 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
|
---|
629 | return 0;
|
---|
630 | }
|
---|
631 | memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
|
---|
632 | }
|
---|
633 |
|
---|
634 | if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
|
---|
635 | if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
|
---|
636 | out->cipher = NULL;
|
---|
637 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
|
---|
638 | return 0;
|
---|
639 | }
|
---|
640 | return 1;
|
---|
641 | }
|
---|