VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1k/crypto/evp/evp_enc.c@ 90293

Last change on this file since 90293 was 90293, checked in by vboxsync, 4 years ago

openssl-1.1.1k: Applied and adjusted our OpenSSL changes to 1.1.1k. bugref:10072
File size: 20.9 KB
Line 
1/*
2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <limits.h>
12#include <assert.h>
13#include "internal/cryptlib.h"
14#include <openssl/evp.h>
15#include <openssl/err.h>
16#include <openssl/rand.h>
17#include <openssl/rand_drbg.h>
18#include <openssl/engine.h>
19#include "crypto/evp.h"
20#include "evp_local.h"
21
22int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
23{
24 if (c == NULL)
25 return 1;
26 if (c->cipher != NULL) {
27 if (c->cipher->cleanup && !c->cipher->cleanup(c))
28 return 0;
29 /* Cleanse cipher context data */
30 if (c->cipher_data && c->cipher->ctx_size)
31 OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
32 }
33 OPENSSL_free(c->cipher_data);
34#ifndef OPENSSL_NO_ENGINE
35 ENGINE_finish(c->engine);
36#endif
37 memset(c, 0, sizeof(*c));
38 return 1;
39}
40
41EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
42{
43 return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
44}
45
46void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
47{
48 EVP_CIPHER_CTX_reset(ctx);
49 OPENSSL_free(ctx);
50}
51
52int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
53 const unsigned char *key, const unsigned char *iv, int enc)
54{
55 if (cipher != NULL)
56 EVP_CIPHER_CTX_reset(ctx);
57 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
58}
59
60int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
61 ENGINE *impl, const unsigned char *key,
62 const unsigned char *iv, int enc)
63{
64 if (enc == -1)
65 enc = ctx->encrypt;
66 else {
67 if (enc)
68 enc = 1;
69 ctx->encrypt = enc;
70 }
71#ifndef OPENSSL_NO_ENGINE
72 /*
73 * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
74 * this context may already have an ENGINE! Try to avoid releasing the
75 * previous handle, re-querying for an ENGINE, and having a
76 * reinitialisation, when it may all be unnecessary.
77 */
78 if (ctx->engine && ctx->cipher
79 && (cipher == NULL || cipher->nid == ctx->cipher->nid))
80 goto skip_to_init;
81#endif
82 if (cipher) {
83 /*
84 * Ensure a context left lying around from last time is cleared (the
85 * previous check attempted to avoid this if the same ENGINE and
86 * EVP_CIPHER could be used).
87 */
88 if (ctx->cipher) {
89 unsigned long flags = ctx->flags;
90 EVP_CIPHER_CTX_reset(ctx);
91 /* Restore encrypt and flags */
92 ctx->encrypt = enc;
93 ctx->flags = flags;
94 }
95#ifndef OPENSSL_NO_ENGINE
96 if (impl) {
97 if (!ENGINE_init(impl)) {
98 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
99 return 0;
100 }
101 } else
102 /* Ask if an ENGINE is reserved for this job */
103 impl = ENGINE_get_cipher_engine(cipher->nid);
104 if (impl) {
105 /* There's an ENGINE for this job ... (apparently) */
106 const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
107 if (!c) {
108 /*
109 * One positive side-effect of US's export control history,
110 * is that we should at least be able to avoid using US
111 * misspellings of "initialisation"?
112 */
113 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
114 return 0;
115 }
116 /* We'll use the ENGINE's private cipher definition */
117 cipher = c;
118 /*
119 * Store the ENGINE functional reference so we know 'cipher' came
120 * from an ENGINE and we need to release it when done.
121 */
122 ctx->engine = impl;
123 } else
124 ctx->engine = NULL;
125#endif
126
127 ctx->cipher = cipher;
128 if (ctx->cipher->ctx_size) {
129 ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
130 if (ctx->cipher_data == NULL) {
131 ctx->cipher = NULL;
132 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
133 return 0;
134 }
135 } else {
136 ctx->cipher_data = NULL;
137 }
138 ctx->key_len = cipher->key_len;
139 /* Preserve wrap enable flag, zero everything else */
140 ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
141 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
142 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
143 ctx->cipher = NULL;
144 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
145 return 0;
146 }
147 }
148 } else if (!ctx->cipher) {
149 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
150 return 0;
151 }
152#ifndef OPENSSL_NO_ENGINE
153 skip_to_init:
154#endif
155 /* we assume block size is a power of 2 in *cryptUpdate */
156 OPENSSL_assert(ctx->cipher->block_size == 1
157 || ctx->cipher->block_size == 8
158 || ctx->cipher->block_size == 16);
159
160 if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
161 && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
162 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
163 return 0;
164 }
165
166 if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
167 switch (EVP_CIPHER_CTX_mode(ctx)) {
168
169 case EVP_CIPH_STREAM_CIPHER:
170 case EVP_CIPH_ECB_MODE:
171 break;
172
173 case EVP_CIPH_CFB_MODE:
174 case EVP_CIPH_OFB_MODE:
175
176 ctx->num = 0;
177 /* fall-through */
178
179 case EVP_CIPH_CBC_MODE:
180
181 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
182 (int)sizeof(ctx->iv));
183 if (iv)
184 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
185 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
186 break;
187
188 case EVP_CIPH_CTR_MODE:
189 ctx->num = 0;
190 /* Don't reuse IV for CTR mode */
191 if (iv)
192 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
193 break;
194
195 default:
196 return 0;
197 }
198 }
199
200 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
201 if (!ctx->cipher->init(ctx, key, iv, enc))
202 return 0;
203 }
204 ctx->buf_len = 0;
205 ctx->final_used = 0;
206 ctx->block_mask = ctx->cipher->block_size - 1;
207 return 1;
208}
209
210int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
211 const unsigned char *in, int inl)
212{
213 if (ctx->encrypt)
214 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
215 else
216 return EVP_DecryptUpdate(ctx, out, outl, in, inl);
217}
218
219int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
220{
221 if (ctx->encrypt)
222 return EVP_EncryptFinal_ex(ctx, out, outl);
223 else
224 return EVP_DecryptFinal_ex(ctx, out, outl);
225}
226
227int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
228{
229 if (ctx->encrypt)
230 return EVP_EncryptFinal(ctx, out, outl);
231 else
232 return EVP_DecryptFinal(ctx, out, outl);
233}
234
235int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
236 const unsigned char *key, const unsigned char *iv)
237{
238 return EVP_CipherInit(ctx, cipher, key, iv, 1);
239}
240
241int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
242 ENGINE *impl, const unsigned char *key,
243 const unsigned char *iv)
244{
245 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
246}
247
248int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
249 const unsigned char *key, const unsigned char *iv)
250{
251 return EVP_CipherInit(ctx, cipher, key, iv, 0);
252}
253
254int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
255 ENGINE *impl, const unsigned char *key,
256 const unsigned char *iv)
257{
258 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
259}
260
261/*
262 * According to the letter of standard difference between pointers
263 * is specified to be valid only within same object. This makes
264 * it formally challenging to determine if input and output buffers
265 * are not partially overlapping with standard pointer arithmetic.
266 */
267#ifdef PTRDIFF_T
268# undef PTRDIFF_T
269#endif
270#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
271/*
272 * Then we have VMS that distinguishes itself by adhering to
273 * sizeof(size_t)==4 even in 64-bit builds, which means that
274 * difference between two pointers might be truncated to 32 bits.
275 * In the context one can even wonder how comparison for
276 * equality is implemented. To be on the safe side we adhere to
277 * PTRDIFF_T even for comparison for equality.
278 */
279# define PTRDIFF_T uint64_t
280#else
281# define PTRDIFF_T size_t
282#endif
283
284int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
285{
286 PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
287 /*
288 * Check for partially overlapping buffers. [Binary logical
289 * operations are used instead of boolean to minimize number
290 * of conditional branches.]
291 */
292 int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
293 (diff > (0 - (PTRDIFF_T)len)));
294
295 return overlapped;
296}
297
298static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
299 unsigned char *out, int *outl,
300 const unsigned char *in, int inl)
301{
302 int i, j, bl, cmpl = inl;
303
304 if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
305 cmpl = (cmpl + 7) / 8;
306
307 bl = ctx->cipher->block_size;
308
309 /*
310 * CCM mode needs to know about the case where inl == 0 && in == NULL - it
311 * means the plaintext/ciphertext length is 0
312 */
313 if (inl < 0
314 || (inl == 0
315 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
316 *outl = 0;
317 return inl == 0;
318 }
319
320 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
321 /* If block size > 1 then the cipher will have to do this check */
322 if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
323 EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
324 return 0;
325 }
326
327 i = ctx->cipher->do_cipher(ctx, out, in, inl);
328 if (i < 0)
329 return 0;
330 else
331 *outl = i;
332 return 1;
333 }
334
335 if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
336 EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
337 return 0;
338 }
339
340 if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
341 if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
342 *outl = inl;
343 return 1;
344 } else {
345 *outl = 0;
346 return 0;
347 }
348 }
349 i = ctx->buf_len;
350 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
351 if (i != 0) {
352 if (bl - i > inl) {
353 memcpy(&(ctx->buf[i]), in, inl);
354 ctx->buf_len += inl;
355 *outl = 0;
356 return 1;
357 } else {
358 j = bl - i;
359
360 /*
361 * Once we've processed the first j bytes from in, the amount of
362 * data left that is a multiple of the block length is:
363 * (inl - j) & ~(bl - 1)
364 * We must ensure that this amount of data, plus the one block that
365 * we process from ctx->buf does not exceed INT_MAX
366 */
367 if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
368 EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
369 EVP_R_OUTPUT_WOULD_OVERFLOW);
370 return 0;
371 }
372 memcpy(&(ctx->buf[i]), in, j);
373 inl -= j;
374 in += j;
375 if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
376 return 0;
377 out += bl;
378 *outl = bl;
379 }
380 } else
381 *outl = 0;
382 i = inl & (bl - 1);
383 inl -= i;
384 if (inl > 0) {
385 if (!ctx->cipher->do_cipher(ctx, out, in, inl))
386 return 0;
387 *outl += inl;
388 }
389
390 if (i != 0)
391 memcpy(ctx->buf, &(in[inl]), i);
392 ctx->buf_len = i;
393 return 1;
394}
395
396
397int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
398 const unsigned char *in, int inl)
399{
400 /* Prevent accidental use of decryption context when encrypting */
401 if (!ctx->encrypt) {
402 EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
403 return 0;
404 }
405
406 return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
407}
408
409int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
410{
411 int ret;
412 ret = EVP_EncryptFinal_ex(ctx, out, outl);
413 return ret;
414}
415
416int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
417{
418 int n, ret;
419 unsigned int i, b, bl;
420
421 /* Prevent accidental use of decryption context when encrypting */
422 if (!ctx->encrypt) {
423 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
424 return 0;
425 }
426
427 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
428 ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
429 if (ret < 0)
430 return 0;
431 else
432 *outl = ret;
433 return 1;
434 }
435
436 b = ctx->cipher->block_size;
437 OPENSSL_assert(b <= sizeof(ctx->buf));
438 if (b == 1) {
439 *outl = 0;
440 return 1;
441 }
442 bl = ctx->buf_len;
443 if (ctx->flags & EVP_CIPH_NO_PADDING) {
444 if (bl) {
445 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
446 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
447 return 0;
448 }
449 *outl = 0;
450 return 1;
451 }
452
453 n = b - bl;
454 for (i = bl; i < b; i++)
455 ctx->buf[i] = n;
456 ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
457
458 if (ret)
459 *outl = b;
460
461 return ret;
462}
463
464int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
465 const unsigned char *in, int inl)
466{
467 int fix_len, cmpl = inl;
468 unsigned int b;
469
470 /* Prevent accidental use of encryption context when decrypting */
471 if (ctx->encrypt) {
472 EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
473 return 0;
474 }
475
476 b = ctx->cipher->block_size;
477
478 if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
479 cmpl = (cmpl + 7) / 8;
480
481 /*
482 * CCM mode needs to know about the case where inl == 0 - it means the
483 * plaintext/ciphertext length is 0
484 */
485 if (inl < 0
486 || (inl == 0
487 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
488 *outl = 0;
489 return inl == 0;
490 }
491
492 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
493 if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
494 EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
495 return 0;
496 }
497
498 fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
499 if (fix_len < 0) {
500 *outl = 0;
501 return 0;
502 } else
503 *outl = fix_len;
504 return 1;
505 }
506
507 if (ctx->flags & EVP_CIPH_NO_PADDING)
508 return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
509
510 OPENSSL_assert(b <= sizeof(ctx->final));
511
512 if (ctx->final_used) {
513 /* see comment about PTRDIFF_T comparison above */
514 if (((PTRDIFF_T)out == (PTRDIFF_T)in)
515 || is_partially_overlapping(out, in, b)) {
516 EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
517 return 0;
518 }
519 /*
520 * final_used is only ever set if buf_len is 0. Therefore the maximum
521 * length output we will ever see from evp_EncryptDecryptUpdate is
522 * the maximum multiple of the block length that is <= inl, or just:
523 * inl & ~(b - 1)
524 * Since final_used has been set then the final output length is:
525 * (inl & ~(b - 1)) + b
526 * This must never exceed INT_MAX
527 */
528 if ((inl & ~(b - 1)) > INT_MAX - b) {
529 EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
530 return 0;
531 }
532 memcpy(out, ctx->final, b);
533 out += b;
534 fix_len = 1;
535 } else
536 fix_len = 0;
537
538 if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
539 return 0;
540
541 /*
542 * if we have 'decrypted' a multiple of block size, make sure we have a
543 * copy of this last block
544 */
545 if (b > 1 && !ctx->buf_len) {
546 *outl -= b;
547 ctx->final_used = 1;
548 memcpy(ctx->final, &out[*outl], b);
549 } else
550 ctx->final_used = 0;
551
552 if (fix_len)
553 *outl += b;
554
555 return 1;
556}
557
558int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
559{
560 int ret;
561 ret = EVP_DecryptFinal_ex(ctx, out, outl);
562 return ret;
563}
564
565int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
566{
567 int i, n;
568 unsigned int b;
569
570 /* Prevent accidental use of encryption context when decrypting */
571 if (ctx->encrypt) {
572 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
573 return 0;
574 }
575
576 *outl = 0;
577
578 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
579 i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
580 if (i < 0)
581 return 0;
582 else
583 *outl = i;
584 return 1;
585 }
586
587 b = ctx->cipher->block_size;
588 if (ctx->flags & EVP_CIPH_NO_PADDING) {
589 if (ctx->buf_len) {
590 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
591 EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
592 return 0;
593 }
594 *outl = 0;
595 return 1;
596 }
597 if (b > 1) {
598 if (ctx->buf_len || !ctx->final_used) {
599 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
600 return 0;
601 }
602 OPENSSL_assert(b <= sizeof(ctx->final));
603
604 /*
605 * The following assumes that the ciphertext has been authenticated.
606 * Otherwise it provides a padding oracle.
607 */
608 n = ctx->final[b - 1];
609 if (n == 0 || n > (int)b) {
610 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
611 return 0;
612 }
613 for (i = 0; i < n; i++) {
614 if (ctx->final[--b] != n) {
615 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
616 return 0;
617 }
618 }
619 n = ctx->cipher->block_size - n;
620 for (i = 0; i < n; i++)
621 out[i] = ctx->final[i];
622 *outl = n;
623 } else
624 *outl = 0;
625 return 1;
626}
627
628int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
629{
630 if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
631 return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
632 if (c->key_len == keylen)
633 return 1;
634 if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
635 c->key_len = keylen;
636 return 1;
637 }
638 EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
639 return 0;
640}
641
642int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
643{
644 if (pad)
645 ctx->flags &= ~EVP_CIPH_NO_PADDING;
646 else
647 ctx->flags |= EVP_CIPH_NO_PADDING;
648 return 1;
649}
650
651int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
652{
653 int ret;
654
655 if (!ctx->cipher) {
656 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
657 return 0;
658 }
659
660 if (!ctx->cipher->ctrl) {
661 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
662 return 0;
663 }
664
665 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
666 if (ret == -1) {
667 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
668 EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
669 return 0;
670 }
671 return ret;
672}
673
674int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
675{
676 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
677 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
678 if (RAND_priv_bytes(key, ctx->key_len) <= 0)
679 return 0;
680 return 1;
681}
682
683int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
684{
685 if ((in == NULL) || (in->cipher == NULL)) {
686 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
687 return 0;
688 }
689#ifndef OPENSSL_NO_ENGINE
690 /* Make sure it's safe to copy a cipher context using an ENGINE */
691 if (in->engine && !ENGINE_init(in->engine)) {
692 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
693 return 0;
694 }
695#endif
696
697 EVP_CIPHER_CTX_reset(out);
698 memcpy(out, in, sizeof(*out));
699
700 if (in->cipher_data && in->cipher->ctx_size) {
701 out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
702 if (out->cipher_data == NULL) {
703 out->cipher = NULL;
704 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
705 return 0;
706 }
707 memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
708 }
709
710 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
711 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
712 out->cipher = NULL;
713 EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
714 return 0;
715 }
716 return 1;
717}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette