155714Skris/* crypto/evp/evp_enc.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 855714Skris * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1555714Skris * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 2255714Skris * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 3755714Skris * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4055714Skris * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 5255714Skris * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 5955714Skris#include <stdio.h> 6055714Skris#include "cryptlib.h" 6155714Skris#include <openssl/evp.h> 6268651Skris#include <openssl/err.h> 63160814Ssimon#include <openssl/rand.h> 64111147Snectar#ifndef OPENSSL_NO_ENGINE 65109998Smarkm#include <openssl/engine.h> 66111147Snectar#endif 67238405Sjkim#ifdef OPENSSL_FIPS 68238405Sjkim#include <openssl/fips.h> 69238405Sjkim#endif 7068651Skris#include "evp_locl.h" 7155714Skris 72194206Ssimon#ifdef OPENSSL_FIPS 73238405Sjkim#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) 74194206Ssimon#else 75238405Sjkim#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) 76194206Ssimon#endif 77194206Ssimon 78238405Sjkim 79167612Ssimonconst char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; 8055714Skris 81238405Sjkimvoid EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 82238405Sjkim { 83238405Sjkim memset(ctx,0,sizeof(EVP_CIPHER_CTX)); 84238405Sjkim /* ctx->cipher=NULL; */ 85238405Sjkim } 86238405Sjkim 87160814SsimonEVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) 88160814Ssimon { 89160814Ssimon EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); 90160814Ssimon if (ctx) 91160814Ssimon EVP_CIPHER_CTX_init(ctx); 92160814Ssimon return ctx; 93160814Ssimon } 94109998Smarkm 9568651Skrisint EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 96109998Smarkm const unsigned char *key, const unsigned char *iv, int enc) 9755714Skris { 98109998Smarkm if (cipher) 99109998Smarkm EVP_CIPHER_CTX_init(ctx); 100109998Smarkm return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 101109998Smarkm } 102109998Smarkm 103238405Sjkimint EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 104238405Sjkim const unsigned char *key, const unsigned char *iv, int enc) 105238405Sjkim { 106238405Sjkim if (enc == -1) 107238405Sjkim enc = ctx->encrypt; 108238405Sjkim else 109238405Sjkim { 110238405Sjkim if (enc) 111238405Sjkim enc = 1; 112238405Sjkim ctx->encrypt = enc; 113238405Sjkim } 114238405Sjkim#ifndef OPENSSL_NO_ENGINE 115238405Sjkim /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts 116238405Sjkim * so this context may already have an ENGINE! Try to avoid releasing 117238405Sjkim * the previous handle, re-querying for an ENGINE, and having a 118238405Sjkim * reinitialisation, when it may all be unecessary. */ 119238405Sjkim if (ctx->engine && ctx->cipher && (!cipher || 120238405Sjkim (cipher && (cipher->nid == ctx->cipher->nid)))) 121238405Sjkim goto skip_to_init; 122238405Sjkim#endif 123238405Sjkim if (cipher) 124238405Sjkim { 125238405Sjkim /* Ensure a context left lying around from last time is cleared 126238405Sjkim * (the previous check attempted to avoid this if the same 127238405Sjkim * ENGINE and EVP_CIPHER could be used). */ 128238405Sjkim if (ctx->cipher) 129238405Sjkim { 130238405Sjkim unsigned long flags = ctx->flags; 131238405Sjkim EVP_CIPHER_CTX_cleanup(ctx); 132238405Sjkim /* Restore encrypt and flags */ 133238405Sjkim ctx->encrypt = enc; 134238405Sjkim ctx->flags = flags; 135238405Sjkim } 136238405Sjkim#ifndef OPENSSL_NO_ENGINE 137238405Sjkim if(impl) 138238405Sjkim { 139238405Sjkim if (!ENGINE_init(impl)) 140238405Sjkim { 141238405Sjkim EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); 142238405Sjkim return 0; 143238405Sjkim } 144238405Sjkim } 145238405Sjkim else 146238405Sjkim /* Ask if an ENGINE is reserved for this job */ 147238405Sjkim impl = ENGINE_get_cipher_engine(cipher->nid); 148238405Sjkim if(impl) 149238405Sjkim { 150238405Sjkim /* There's an ENGINE for this job ... (apparently) */ 151238405Sjkim const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); 152238405Sjkim if(!c) 153238405Sjkim { 154238405Sjkim /* One positive side-effect of US's export 155238405Sjkim * control history, is that we should at least 156238405Sjkim * be able to avoid using US mispellings of 157238405Sjkim * "initialisation"? */ 158238405Sjkim EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); 159238405Sjkim return 0; 160238405Sjkim } 161238405Sjkim /* We'll use the ENGINE's private cipher definition */ 162238405Sjkim cipher = c; 163238405Sjkim /* Store the ENGINE functional reference so we know 164238405Sjkim * 'cipher' came from an ENGINE and we need to release 165238405Sjkim * it when done. */ 166238405Sjkim ctx->engine = impl; 167238405Sjkim } 168238405Sjkim else 169238405Sjkim ctx->engine = NULL; 170238405Sjkim#endif 171238405Sjkim 172238405Sjkim#ifdef OPENSSL_FIPS 173238405Sjkim if (FIPS_mode()) 174238405Sjkim return FIPS_cipherinit(ctx, cipher, key, iv, enc); 175238405Sjkim#endif 176238405Sjkim ctx->cipher=cipher; 177238405Sjkim if (ctx->cipher->ctx_size) 178238405Sjkim { 179238405Sjkim ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 180238405Sjkim if (!ctx->cipher_data) 181238405Sjkim { 182238405Sjkim EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); 183238405Sjkim return 0; 184238405Sjkim } 185238405Sjkim } 186238405Sjkim else 187238405Sjkim { 188238405Sjkim ctx->cipher_data = NULL; 189238405Sjkim } 190238405Sjkim ctx->key_len = cipher->key_len; 191238405Sjkim ctx->flags = 0; 192238405Sjkim if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) 193238405Sjkim { 194238405Sjkim if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) 195238405Sjkim { 196238405Sjkim EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); 197238405Sjkim return 0; 198238405Sjkim } 199238405Sjkim } 200238405Sjkim } 201238405Sjkim else if(!ctx->cipher) 202238405Sjkim { 203238405Sjkim EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); 204238405Sjkim return 0; 205238405Sjkim } 206238405Sjkim#ifndef OPENSSL_NO_ENGINE 207238405Sjkimskip_to_init: 208238405Sjkim#endif 209238405Sjkim#ifdef OPENSSL_FIPS 210238405Sjkim if (FIPS_mode()) 211238405Sjkim return FIPS_cipherinit(ctx, cipher, key, iv, enc); 212238405Sjkim#endif 213238405Sjkim /* we assume block size is a power of 2 in *cryptUpdate */ 214238405Sjkim OPENSSL_assert(ctx->cipher->block_size == 1 215238405Sjkim || ctx->cipher->block_size == 8 216238405Sjkim || ctx->cipher->block_size == 16); 217238405Sjkim 218238405Sjkim if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { 219238405Sjkim switch(EVP_CIPHER_CTX_mode(ctx)) { 220238405Sjkim 221238405Sjkim case EVP_CIPH_STREAM_CIPHER: 222238405Sjkim case EVP_CIPH_ECB_MODE: 223238405Sjkim break; 224238405Sjkim 225238405Sjkim case EVP_CIPH_CFB_MODE: 226238405Sjkim case EVP_CIPH_OFB_MODE: 227238405Sjkim 228238405Sjkim ctx->num = 0; 229238405Sjkim /* fall-through */ 230238405Sjkim 231238405Sjkim case EVP_CIPH_CBC_MODE: 232238405Sjkim 233238405Sjkim OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= 234238405Sjkim (int)sizeof(ctx->iv)); 235238405Sjkim if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 236238405Sjkim memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 237238405Sjkim break; 238238405Sjkim 239238405Sjkim case EVP_CIPH_CTR_MODE: 240238405Sjkim ctx->num = 0; 241238405Sjkim /* Don't reuse IV for CTR mode */ 242238405Sjkim if(iv) 243238405Sjkim memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 244238405Sjkim break; 245238405Sjkim 246238405Sjkim default: 247238405Sjkim return 0; 248238405Sjkim break; 249238405Sjkim } 250238405Sjkim } 251238405Sjkim 252238405Sjkim if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 253238405Sjkim if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; 254238405Sjkim } 255238405Sjkim ctx->buf_len=0; 256238405Sjkim ctx->final_used=0; 257238405Sjkim ctx->block_mask=ctx->cipher->block_size-1; 258238405Sjkim return 1; 259238405Sjkim } 260238405Sjkim 26168651Skrisint EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 262109998Smarkm const unsigned char *in, int inl) 26355714Skris { 26455714Skris if (ctx->encrypt) 26568651Skris return EVP_EncryptUpdate(ctx,out,outl,in,inl); 26668651Skris else return EVP_DecryptUpdate(ctx,out,outl,in,inl); 26755714Skris } 26855714Skris 269109998Smarkmint EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 270109998Smarkm { 271109998Smarkm if (ctx->encrypt) 272109998Smarkm return EVP_EncryptFinal_ex(ctx,out,outl); 273109998Smarkm else return EVP_DecryptFinal_ex(ctx,out,outl); 274109998Smarkm } 275109998Smarkm 27655714Skrisint EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 27755714Skris { 27855714Skris if (ctx->encrypt) 27968651Skris return EVP_EncryptFinal(ctx,out,outl); 280109998Smarkm else return EVP_DecryptFinal(ctx,out,outl); 28155714Skris } 28255714Skris 28368651Skrisint EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 284109998Smarkm const unsigned char *key, const unsigned char *iv) 28555714Skris { 28668651Skris return EVP_CipherInit(ctx, cipher, key, iv, 1); 28755714Skris } 28855714Skris 289109998Smarkmint EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, 290109998Smarkm const unsigned char *key, const unsigned char *iv) 291109998Smarkm { 292109998Smarkm return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); 293109998Smarkm } 294109998Smarkm 29568651Skrisint EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 296109998Smarkm const unsigned char *key, const unsigned char *iv) 29755714Skris { 298111147Snectar return EVP_CipherInit(ctx, cipher, key, iv, 0); 29955714Skris } 30055714Skris 301109998Smarkmint EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 302109998Smarkm const unsigned char *key, const unsigned char *iv) 303109998Smarkm { 304109998Smarkm return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); 305109998Smarkm } 30655714Skris 30768651Skrisint EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 308109998Smarkm const unsigned char *in, int inl) 30955714Skris { 31055714Skris int i,j,bl; 31155714Skris 312238405Sjkim if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) 313238405Sjkim { 314238405Sjkim i = M_do_cipher(ctx, out, in, inl); 315238405Sjkim if (i < 0) 316238405Sjkim return 0; 317238405Sjkim else 318238405Sjkim *outl = i; 319238405Sjkim return 1; 320238405Sjkim } 321238405Sjkim 322194206Ssimon if (inl <= 0) 323194206Ssimon { 324194206Ssimon *outl = 0; 325194206Ssimon return inl == 0; 326194206Ssimon } 327194206Ssimon 328109998Smarkm if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) 329109998Smarkm { 330194206Ssimon if(M_do_cipher(ctx,out,in,inl)) 331109998Smarkm { 332109998Smarkm *outl=inl; 333109998Smarkm return 1; 334109998Smarkm } 335109998Smarkm else 336109998Smarkm { 337109998Smarkm *outl=0; 338109998Smarkm return 0; 339109998Smarkm } 340109998Smarkm } 34155714Skris i=ctx->buf_len; 34255714Skris bl=ctx->cipher->block_size; 343160814Ssimon OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); 34455714Skris if (i != 0) 34555714Skris { 34655714Skris if (i+inl < bl) 34755714Skris { 34855714Skris memcpy(&(ctx->buf[i]),in,inl); 34955714Skris ctx->buf_len+=inl; 350109998Smarkm *outl=0; 35168651Skris return 1; 35255714Skris } 35355714Skris else 35455714Skris { 35555714Skris j=bl-i; 356109998Smarkm memcpy(&(ctx->buf[i]),in,j); 357194206Ssimon if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; 35855714Skris inl-=j; 35955714Skris in+=j; 36055714Skris out+=bl; 361109998Smarkm *outl=bl; 36255714Skris } 36355714Skris } 364109998Smarkm else 365109998Smarkm *outl = 0; 366109998Smarkm i=inl&(bl-1); 36755714Skris inl-=i; 36855714Skris if (inl > 0) 36955714Skris { 370194206Ssimon if(!M_do_cipher(ctx,out,in,inl)) return 0; 37155714Skris *outl+=inl; 37255714Skris } 37355714Skris 37455714Skris if (i != 0) 37555714Skris memcpy(ctx->buf,&(in[inl]),i); 37655714Skris ctx->buf_len=i; 37768651Skris return 1; 37855714Skris } 37955714Skris 38068651Skrisint EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 38155714Skris { 382109998Smarkm int ret; 383109998Smarkm ret = EVP_EncryptFinal_ex(ctx, out, outl); 384109998Smarkm return ret; 385109998Smarkm } 38655714Skris 387109998Smarkmint EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 388109998Smarkm { 389160814Ssimon int n,ret; 390160814Ssimon unsigned int i, b, bl; 391109998Smarkm 392238405Sjkim if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) 393238405Sjkim { 394238405Sjkim ret = M_do_cipher(ctx, out, NULL, 0); 395238405Sjkim if (ret < 0) 396238405Sjkim return 0; 397238405Sjkim else 398238405Sjkim *outl = ret; 399238405Sjkim return 1; 400238405Sjkim } 401238405Sjkim 40255714Skris b=ctx->cipher->block_size; 403109998Smarkm OPENSSL_assert(b <= sizeof ctx->buf); 40455714Skris if (b == 1) 40555714Skris { 40655714Skris *outl=0; 40768651Skris return 1; 40855714Skris } 40955714Skris bl=ctx->buf_len; 410109998Smarkm if (ctx->flags & EVP_CIPH_NO_PADDING) 411109998Smarkm { 412109998Smarkm if(bl) 413109998Smarkm { 414160814Ssimon EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 415109998Smarkm return 0; 416109998Smarkm } 417109998Smarkm *outl = 0; 418109998Smarkm return 1; 419109998Smarkm } 420109998Smarkm 42155714Skris n=b-bl; 42255714Skris for (i=bl; i<b; i++) 42355714Skris ctx->buf[i]=n; 424194206Ssimon ret=M_do_cipher(ctx,out,ctx->buf,b); 425109998Smarkm 426109998Smarkm 427109998Smarkm if(ret) 428109998Smarkm *outl=b; 429109998Smarkm 430109998Smarkm return ret; 43155714Skris } 43255714Skris 43368651Skrisint EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 434109998Smarkm const unsigned char *in, int inl) 43555714Skris { 436160814Ssimon int fix_len; 437160814Ssimon unsigned int b; 43855714Skris 439238405Sjkim if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) 440238405Sjkim { 441238405Sjkim fix_len = M_do_cipher(ctx, out, in, inl); 442238405Sjkim if (fix_len < 0) 443238405Sjkim { 444238405Sjkim *outl = 0; 445238405Sjkim return 0; 446238405Sjkim } 447238405Sjkim else 448238405Sjkim *outl = fix_len; 449238405Sjkim return 1; 450238405Sjkim } 451238405Sjkim 452194206Ssimon if (inl <= 0) 453109998Smarkm { 454194206Ssimon *outl = 0; 455194206Ssimon return inl == 0; 456109998Smarkm } 45755714Skris 458109998Smarkm if (ctx->flags & EVP_CIPH_NO_PADDING) 459109998Smarkm return EVP_EncryptUpdate(ctx, out, outl, in, inl); 460109998Smarkm 46155714Skris b=ctx->cipher->block_size; 462109998Smarkm OPENSSL_assert(b <= sizeof ctx->final); 463109998Smarkm 464109998Smarkm if(ctx->final_used) 46555714Skris { 466109998Smarkm memcpy(out,ctx->final,b); 467109998Smarkm out+=b; 468109998Smarkm fix_len = 1; 46955714Skris } 470109998Smarkm else 471109998Smarkm fix_len = 0; 47255714Skris 473109998Smarkm 474109998Smarkm if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) 475109998Smarkm return 0; 476109998Smarkm 47755714Skris /* if we have 'decrypted' a multiple of block size, make sure 47855714Skris * we have a copy of this last block */ 479109998Smarkm if (b > 1 && !ctx->buf_len) 48055714Skris { 481109998Smarkm *outl-=b; 482109998Smarkm ctx->final_used=1; 483109998Smarkm memcpy(ctx->final,&out[*outl],b); 48455714Skris } 485109998Smarkm else 486109998Smarkm ctx->final_used = 0; 487109998Smarkm 488109998Smarkm if (fix_len) 489109998Smarkm *outl += b; 490109998Smarkm 49168651Skris return 1; 49255714Skris } 49355714Skris 49455714Skrisint EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 49555714Skris { 496109998Smarkm int ret; 497109998Smarkm ret = EVP_DecryptFinal_ex(ctx, out, outl); 498109998Smarkm return ret; 499109998Smarkm } 500109998Smarkm 501109998Smarkmint EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 502109998Smarkm { 503160814Ssimon int i,n; 504160814Ssimon unsigned int b; 505238405Sjkim *outl=0; 50655714Skris 507238405Sjkim if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) 508238405Sjkim { 509238405Sjkim i = M_do_cipher(ctx, out, NULL, 0); 510238405Sjkim if (i < 0) 511238405Sjkim return 0; 512238405Sjkim else 513238405Sjkim *outl = i; 514238405Sjkim return 1; 515238405Sjkim } 516238405Sjkim 51755714Skris b=ctx->cipher->block_size; 518109998Smarkm if (ctx->flags & EVP_CIPH_NO_PADDING) 519109998Smarkm { 520109998Smarkm if(ctx->buf_len) 521109998Smarkm { 522160814Ssimon EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 523109998Smarkm return 0; 524109998Smarkm } 525109998Smarkm *outl = 0; 526109998Smarkm return 1; 527109998Smarkm } 52855714Skris if (b > 1) 52955714Skris { 530109998Smarkm if (ctx->buf_len || !ctx->final_used) 53155714Skris { 532160814Ssimon EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); 53355714Skris return(0); 53455714Skris } 535109998Smarkm OPENSSL_assert(b <= sizeof ctx->final); 536279264Sdelphij 537279264Sdelphij /* 538279264Sdelphij * The following assumes that the ciphertext has been authenticated. 539279264Sdelphij * Otherwise it provides a padding oracle. 540279264Sdelphij */ 541109998Smarkm n=ctx->final[b-1]; 542160814Ssimon if (n == 0 || n > (int)b) 54355714Skris { 544160814Ssimon EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); 54555714Skris return(0); 54655714Skris } 54755714Skris for (i=0; i<n; i++) 54855714Skris { 549109998Smarkm if (ctx->final[--b] != n) 55055714Skris { 551160814Ssimon EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); 55255714Skris return(0); 55355714Skris } 55455714Skris } 55555714Skris n=ctx->cipher->block_size-n; 55655714Skris for (i=0; i<n; i++) 557109998Smarkm out[i]=ctx->final[i]; 55855714Skris *outl=n; 55955714Skris } 56055714Skris else 56155714Skris *outl=0; 56255714Skris return(1); 56355714Skris } 56455714Skris 565160814Ssimonvoid EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) 566160814Ssimon { 567160814Ssimon if (ctx) 568160814Ssimon { 569160814Ssimon EVP_CIPHER_CTX_cleanup(ctx); 570160814Ssimon OPENSSL_free(ctx); 571160814Ssimon } 572160814Ssimon } 573160814Ssimon 574238405Sjkimint EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 575238405Sjkim { 576238405Sjkim#ifndef OPENSSL_FIPS 577238405Sjkim if (c->cipher != NULL) 578238405Sjkim { 579238405Sjkim if(c->cipher->cleanup && !c->cipher->cleanup(c)) 580238405Sjkim return 0; 581238405Sjkim /* Cleanse cipher context data */ 582238405Sjkim if (c->cipher_data) 583238405Sjkim OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); 584238405Sjkim } 585238405Sjkim if (c->cipher_data) 586238405Sjkim OPENSSL_free(c->cipher_data); 587238405Sjkim#endif 588238405Sjkim#ifndef OPENSSL_NO_ENGINE 589238405Sjkim if (c->engine) 590238405Sjkim /* The EVP_CIPHER we used belongs to an ENGINE, release the 591238405Sjkim * functional reference we held for this reason. */ 592238405Sjkim ENGINE_finish(c->engine); 593238405Sjkim#endif 594238405Sjkim#ifdef OPENSSL_FIPS 595238405Sjkim FIPS_cipher_ctx_cleanup(c); 596238405Sjkim#endif 597238405Sjkim memset(c,0,sizeof(EVP_CIPHER_CTX)); 598238405Sjkim return 1; 599238405Sjkim } 600238405Sjkim 60168651Skrisint EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) 60268651Skris { 60368651Skris if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 60468651Skris return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); 60568651Skris if(c->key_len == keylen) return 1; 60668651Skris if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) 60768651Skris { 60868651Skris c->key_len = keylen; 60968651Skris return 1; 61068651Skris } 61168651Skris EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); 61268651Skris return 0; 61368651Skris } 61468651Skris 615109998Smarkmint EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) 616109998Smarkm { 617109998Smarkm if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; 618109998Smarkm else ctx->flags |= EVP_CIPH_NO_PADDING; 619109998Smarkm return 1; 620109998Smarkm } 621109998Smarkm 622238405Sjkimint EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) 623238405Sjkim{ 624238405Sjkim int ret; 625238405Sjkim if(!ctx->cipher) { 626238405Sjkim EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); 627238405Sjkim return 0; 628238405Sjkim } 629238405Sjkim 630238405Sjkim if(!ctx->cipher->ctrl) { 631238405Sjkim EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); 632238405Sjkim return 0; 633238405Sjkim } 634238405Sjkim 635238405Sjkim ret = ctx->cipher->ctrl(ctx, type, arg, ptr); 636238405Sjkim if(ret == -1) { 637238405Sjkim EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); 638238405Sjkim return 0; 639238405Sjkim } 640238405Sjkim return ret; 641238405Sjkim} 642238405Sjkim 643160814Ssimonint EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) 644160814Ssimon { 645160814Ssimon if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 646160814Ssimon return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 647160814Ssimon if (RAND_bytes(key, ctx->key_len) <= 0) 648160814Ssimon return 0; 649160814Ssimon return 1; 650160814Ssimon } 651160814Ssimon 652238405Sjkimint EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) 653238405Sjkim { 654238405Sjkim if ((in == NULL) || (in->cipher == NULL)) 655238405Sjkim { 656238405Sjkim EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); 657238405Sjkim return 0; 658238405Sjkim } 659194206Ssimon#ifndef OPENSSL_NO_ENGINE 660238405Sjkim /* Make sure it's safe to copy a cipher context using an ENGINE */ 661238405Sjkim if (in->engine && !ENGINE_init(in->engine)) 662238405Sjkim { 663238405Sjkim EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB); 664238405Sjkim return 0; 665238405Sjkim } 666238405Sjkim#endif 667194206Ssimon 668238405Sjkim EVP_CIPHER_CTX_cleanup(out); 669238405Sjkim memcpy(out,in,sizeof *out); 670194206Ssimon 671238405Sjkim if (in->cipher_data && in->cipher->ctx_size) 672194206Ssimon { 673238405Sjkim out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size); 674238405Sjkim if (!out->cipher_data) 675194206Ssimon { 676238405Sjkim EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE); 677194206Ssimon return 0; 678194206Ssimon } 679238405Sjkim memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size); 680194206Ssimon } 681238405Sjkim 682238405Sjkim if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) 683238405Sjkim return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); 684194206Ssimon return 1; 685194206Ssimon } 686