Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 1 | /* crypto/evp/evp_enc.c */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. |
| 4 | * |
| 5 | * This package is an SSL implementation written |
| 6 | * by Eric Young (eay@cryptsoft.com). |
| 7 | * The implementation was written so as to conform with Netscapes SSL. |
| 8 | * |
| 9 | * This library is free for commercial and non-commercial use as long as |
| 10 | * the following conditions are aheared to. The following conditions |
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 13 | * included with this distribution is covered by the same copyright terms |
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 15 | * |
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 17 | * the code are not to be removed. |
| 18 | * If this package is used in a product, Eric Young should be given attribution |
| 19 | * as the author of the parts of the library used. |
| 20 | * This can be in the form of a textual message at program startup or |
| 21 | * in documentation (online or textual) provided with the package. |
| 22 | * |
| 23 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions |
| 25 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright |
| 27 | * notice, this list of conditions and the following disclaimer. |
| 28 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the |
| 30 | * documentation and/or other materials provided with the distribution. |
| 31 | * 3. All advertising materials mentioning features or use of this software |
| 32 | * must display the following acknowledgement: |
| 33 | * "This product includes cryptographic software written by |
| 34 | * Eric Young (eay@cryptsoft.com)" |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library |
| 36 | * being used are not cryptographic related :-). |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 38 | * the apps directory (application code) you must include an acknowledgement: |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 40 | * |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 | * SUCH DAMAGE. |
| 52 | * |
| 53 | * The licence and distribution terms for any publically available version or |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] |
| 57 | */ |
| 58 | |
| 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" |
| 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/err.h> |
| 63 | #include <openssl/rand.h> |
| 64 | #ifndef OPENSSL_NO_ENGINE |
| 65 | #include <openssl/engine.h> |
| 66 | #endif |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 67 | #include "evp_locl.h" |
| 68 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 69 | const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; |
| 70 | |
| 71 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) |
| 72 | { |
| 73 | memset(ctx,0,sizeof(EVP_CIPHER_CTX)); |
| 74 | /* ctx->cipher=NULL; */ |
| 75 | } |
| 76 | |
| 77 | EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) |
| 78 | { |
| 79 | EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); |
| 80 | if (ctx) |
| 81 | EVP_CIPHER_CTX_init(ctx); |
| 82 | return ctx; |
| 83 | } |
| 84 | |
| 85 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 86 | const unsigned char *key, const unsigned char *iv, int enc) |
| 87 | { |
| 88 | if (cipher) |
| 89 | EVP_CIPHER_CTX_init(ctx); |
| 90 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); |
| 91 | } |
| 92 | |
| 93 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, |
| 94 | const unsigned char *key, const unsigned char *iv, int enc) |
| 95 | { |
| 96 | if (enc == -1) |
| 97 | enc = ctx->encrypt; |
| 98 | else |
| 99 | { |
| 100 | if (enc) |
| 101 | enc = 1; |
| 102 | ctx->encrypt = enc; |
| 103 | } |
| 104 | #ifndef OPENSSL_NO_ENGINE |
| 105 | /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts |
| 106 | * so this context may already have an ENGINE! Try to avoid releasing |
| 107 | * the previous handle, re-querying for an ENGINE, and having a |
| 108 | * reinitialisation, when it may all be unecessary. */ |
| 109 | if (ctx->engine && ctx->cipher && (!cipher || |
| 110 | (cipher && (cipher->nid == ctx->cipher->nid)))) |
| 111 | goto skip_to_init; |
| 112 | #endif |
| 113 | if (cipher) |
| 114 | { |
| 115 | /* Ensure a context left lying around from last time is cleared |
| 116 | * (the previous check attempted to avoid this if the same |
| 117 | * ENGINE and EVP_CIPHER could be used). */ |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 118 | EVP_CIPHER_CTX_cleanup(ctx); |
| 119 | |
| 120 | /* Restore encrypt field: it is zeroed by cleanup */ |
| 121 | ctx->encrypt = enc; |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 122 | #ifndef OPENSSL_NO_ENGINE |
| 123 | if(impl) |
| 124 | { |
| 125 | if (!ENGINE_init(impl)) |
| 126 | { |
| 127 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 128 | return 0; |
| 129 | } |
| 130 | } |
| 131 | else |
| 132 | /* Ask if an ENGINE is reserved for this job */ |
| 133 | impl = ENGINE_get_cipher_engine(cipher->nid); |
| 134 | if(impl) |
| 135 | { |
| 136 | /* There's an ENGINE for this job ... (apparently) */ |
| 137 | const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); |
| 138 | if(!c) |
| 139 | { |
| 140 | /* One positive side-effect of US's export |
| 141 | * control history, is that we should at least |
| 142 | * be able to avoid using US mispellings of |
| 143 | * "initialisation"? */ |
| 144 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 145 | return 0; |
| 146 | } |
| 147 | /* We'll use the ENGINE's private cipher definition */ |
| 148 | cipher = c; |
| 149 | /* Store the ENGINE functional reference so we know |
| 150 | * 'cipher' came from an ENGINE and we need to release |
| 151 | * it when done. */ |
| 152 | ctx->engine = impl; |
| 153 | } |
| 154 | else |
| 155 | ctx->engine = NULL; |
| 156 | #endif |
| 157 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 158 | ctx->cipher=cipher; |
| 159 | if (ctx->cipher->ctx_size) |
| 160 | { |
| 161 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); |
| 162 | if (!ctx->cipher_data) |
| 163 | { |
| 164 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); |
| 165 | return 0; |
| 166 | } |
| 167 | } |
| 168 | else |
| 169 | { |
| 170 | ctx->cipher_data = NULL; |
| 171 | } |
| 172 | ctx->key_len = cipher->key_len; |
| 173 | ctx->flags = 0; |
| 174 | if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) |
| 175 | { |
| 176 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) |
| 177 | { |
| 178 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); |
| 179 | return 0; |
| 180 | } |
| 181 | } |
| 182 | } |
| 183 | else if(!ctx->cipher) |
| 184 | { |
| 185 | EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); |
| 186 | return 0; |
| 187 | } |
| 188 | #ifndef OPENSSL_NO_ENGINE |
| 189 | skip_to_init: |
| 190 | #endif |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 191 | /* we assume block size is a power of 2 in *cryptUpdate */ |
| 192 | OPENSSL_assert(ctx->cipher->block_size == 1 |
| 193 | || ctx->cipher->block_size == 8 |
| 194 | || ctx->cipher->block_size == 16); |
| 195 | |
| 196 | if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { |
| 197 | switch(EVP_CIPHER_CTX_mode(ctx)) { |
| 198 | |
| 199 | case EVP_CIPH_STREAM_CIPHER: |
| 200 | case EVP_CIPH_ECB_MODE: |
| 201 | break; |
| 202 | |
| 203 | case EVP_CIPH_CFB_MODE: |
| 204 | case EVP_CIPH_OFB_MODE: |
| 205 | |
| 206 | ctx->num = 0; |
| 207 | /* fall-through */ |
| 208 | |
| 209 | case EVP_CIPH_CBC_MODE: |
| 210 | |
| 211 | OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= |
| 212 | (int)sizeof(ctx->iv)); |
| 213 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); |
| 214 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); |
| 215 | break; |
| 216 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 217 | default: |
| 218 | return 0; |
| 219 | break; |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { |
| 224 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; |
| 225 | } |
| 226 | ctx->buf_len=0; |
| 227 | ctx->final_used=0; |
| 228 | ctx->block_mask=ctx->cipher->block_size-1; |
| 229 | return 1; |
| 230 | } |
| 231 | |
| 232 | int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 233 | const unsigned char *in, int inl) |
| 234 | { |
| 235 | if (ctx->encrypt) |
| 236 | return EVP_EncryptUpdate(ctx,out,outl,in,inl); |
| 237 | else return EVP_DecryptUpdate(ctx,out,outl,in,inl); |
| 238 | } |
| 239 | |
| 240 | int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 241 | { |
| 242 | if (ctx->encrypt) |
| 243 | return EVP_EncryptFinal_ex(ctx,out,outl); |
| 244 | else return EVP_DecryptFinal_ex(ctx,out,outl); |
| 245 | } |
| 246 | |
| 247 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 248 | { |
| 249 | if (ctx->encrypt) |
| 250 | return EVP_EncryptFinal(ctx,out,outl); |
| 251 | else return EVP_DecryptFinal(ctx,out,outl); |
| 252 | } |
| 253 | |
| 254 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 255 | const unsigned char *key, const unsigned char *iv) |
| 256 | { |
| 257 | return EVP_CipherInit(ctx, cipher, key, iv, 1); |
| 258 | } |
| 259 | |
| 260 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, |
| 261 | const unsigned char *key, const unsigned char *iv) |
| 262 | { |
| 263 | return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); |
| 264 | } |
| 265 | |
| 266 | int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 267 | const unsigned char *key, const unsigned char *iv) |
| 268 | { |
| 269 | return EVP_CipherInit(ctx, cipher, key, iv, 0); |
| 270 | } |
| 271 | |
| 272 | int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, |
| 273 | const unsigned char *key, const unsigned char *iv) |
| 274 | { |
| 275 | return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); |
| 276 | } |
| 277 | |
| 278 | int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 279 | const unsigned char *in, int inl) |
| 280 | { |
| 281 | int i,j,bl; |
| 282 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 283 | if (inl <= 0) |
| 284 | { |
| 285 | *outl = 0; |
| 286 | return inl == 0; |
| 287 | } |
| 288 | |
| 289 | if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) |
| 290 | { |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 291 | if(ctx->cipher->do_cipher(ctx,out,in,inl)) |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 292 | { |
| 293 | *outl=inl; |
| 294 | return 1; |
| 295 | } |
| 296 | else |
| 297 | { |
| 298 | *outl=0; |
| 299 | return 0; |
| 300 | } |
| 301 | } |
| 302 | i=ctx->buf_len; |
| 303 | bl=ctx->cipher->block_size; |
| 304 | OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); |
| 305 | if (i != 0) |
| 306 | { |
| 307 | if (i+inl < bl) |
| 308 | { |
| 309 | memcpy(&(ctx->buf[i]),in,inl); |
| 310 | ctx->buf_len+=inl; |
| 311 | *outl=0; |
| 312 | return 1; |
| 313 | } |
| 314 | else |
| 315 | { |
| 316 | j=bl-i; |
| 317 | memcpy(&(ctx->buf[i]),in,j); |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 318 | if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 319 | inl-=j; |
| 320 | in+=j; |
| 321 | out+=bl; |
| 322 | *outl=bl; |
| 323 | } |
| 324 | } |
| 325 | else |
| 326 | *outl = 0; |
| 327 | i=inl&(bl-1); |
| 328 | inl-=i; |
| 329 | if (inl > 0) |
| 330 | { |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 331 | if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 332 | *outl+=inl; |
| 333 | } |
| 334 | |
| 335 | if (i != 0) |
| 336 | memcpy(ctx->buf,&(in[inl]),i); |
| 337 | ctx->buf_len=i; |
| 338 | return 1; |
| 339 | } |
| 340 | |
| 341 | int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 342 | { |
| 343 | int ret; |
| 344 | ret = EVP_EncryptFinal_ex(ctx, out, outl); |
| 345 | return ret; |
| 346 | } |
| 347 | |
| 348 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 349 | { |
| 350 | int n,ret; |
| 351 | unsigned int i, b, bl; |
| 352 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 353 | b=ctx->cipher->block_size; |
| 354 | OPENSSL_assert(b <= sizeof ctx->buf); |
| 355 | if (b == 1) |
| 356 | { |
| 357 | *outl=0; |
| 358 | return 1; |
| 359 | } |
| 360 | bl=ctx->buf_len; |
| 361 | if (ctx->flags & EVP_CIPH_NO_PADDING) |
| 362 | { |
| 363 | if(bl) |
| 364 | { |
| 365 | EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
| 366 | return 0; |
| 367 | } |
| 368 | *outl = 0; |
| 369 | return 1; |
| 370 | } |
| 371 | |
| 372 | n=b-bl; |
| 373 | for (i=bl; i<b; i++) |
| 374 | ctx->buf[i]=n; |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 375 | ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 376 | |
| 377 | |
| 378 | if(ret) |
| 379 | *outl=b; |
| 380 | |
| 381 | return ret; |
| 382 | } |
| 383 | |
| 384 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 385 | const unsigned char *in, int inl) |
| 386 | { |
| 387 | int fix_len; |
| 388 | unsigned int b; |
| 389 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 390 | if (inl <= 0) |
| 391 | { |
| 392 | *outl = 0; |
| 393 | return inl == 0; |
| 394 | } |
| 395 | |
| 396 | if (ctx->flags & EVP_CIPH_NO_PADDING) |
| 397 | return EVP_EncryptUpdate(ctx, out, outl, in, inl); |
| 398 | |
| 399 | b=ctx->cipher->block_size; |
| 400 | OPENSSL_assert(b <= sizeof ctx->final); |
| 401 | |
| 402 | if(ctx->final_used) |
| 403 | { |
| 404 | memcpy(out,ctx->final,b); |
| 405 | out+=b; |
| 406 | fix_len = 1; |
| 407 | } |
| 408 | else |
| 409 | fix_len = 0; |
| 410 | |
| 411 | |
| 412 | if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) |
| 413 | return 0; |
| 414 | |
| 415 | /* if we have 'decrypted' a multiple of block size, make sure |
| 416 | * we have a copy of this last block */ |
| 417 | if (b > 1 && !ctx->buf_len) |
| 418 | { |
| 419 | *outl-=b; |
| 420 | ctx->final_used=1; |
| 421 | memcpy(ctx->final,&out[*outl],b); |
| 422 | } |
| 423 | else |
| 424 | ctx->final_used = 0; |
| 425 | |
| 426 | if (fix_len) |
| 427 | *outl += b; |
| 428 | |
| 429 | return 1; |
| 430 | } |
| 431 | |
| 432 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 433 | { |
| 434 | int ret; |
| 435 | ret = EVP_DecryptFinal_ex(ctx, out, outl); |
| 436 | return ret; |
| 437 | } |
| 438 | |
| 439 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 440 | { |
| 441 | int i,n; |
| 442 | unsigned int b; |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 443 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 444 | *outl=0; |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 445 | b=ctx->cipher->block_size; |
| 446 | if (ctx->flags & EVP_CIPH_NO_PADDING) |
| 447 | { |
| 448 | if(ctx->buf_len) |
| 449 | { |
| 450 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); |
| 451 | return 0; |
| 452 | } |
| 453 | *outl = 0; |
| 454 | return 1; |
| 455 | } |
| 456 | if (b > 1) |
| 457 | { |
| 458 | if (ctx->buf_len || !ctx->final_used) |
| 459 | { |
| 460 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); |
| 461 | return(0); |
| 462 | } |
| 463 | OPENSSL_assert(b <= sizeof ctx->final); |
| 464 | n=ctx->final[b-1]; |
| 465 | if (n == 0 || n > (int)b) |
| 466 | { |
| 467 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
| 468 | return(0); |
| 469 | } |
| 470 | for (i=0; i<n; i++) |
| 471 | { |
| 472 | if (ctx->final[--b] != n) |
| 473 | { |
| 474 | EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); |
| 475 | return(0); |
| 476 | } |
| 477 | } |
| 478 | n=ctx->cipher->block_size-n; |
| 479 | for (i=0; i<n; i++) |
| 480 | out[i]=ctx->final[i]; |
| 481 | *outl=n; |
| 482 | } |
| 483 | else |
| 484 | *outl=0; |
| 485 | return(1); |
| 486 | } |
| 487 | |
| 488 | void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) |
| 489 | { |
| 490 | if (ctx) |
| 491 | { |
| 492 | EVP_CIPHER_CTX_cleanup(ctx); |
| 493 | OPENSSL_free(ctx); |
| 494 | } |
| 495 | } |
| 496 | |
| 497 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) |
| 498 | { |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 499 | if (c->cipher != NULL) |
| 500 | { |
| 501 | if(c->cipher->cleanup && !c->cipher->cleanup(c)) |
| 502 | return 0; |
| 503 | /* Cleanse cipher context data */ |
| 504 | if (c->cipher_data) |
| 505 | OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); |
| 506 | } |
| 507 | if (c->cipher_data) |
| 508 | OPENSSL_free(c->cipher_data); |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 509 | #ifndef OPENSSL_NO_ENGINE |
| 510 | if (c->engine) |
| 511 | /* The EVP_CIPHER we used belongs to an ENGINE, release the |
| 512 | * functional reference we held for this reason. */ |
| 513 | ENGINE_finish(c->engine); |
| 514 | #endif |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 515 | memset(c,0,sizeof(EVP_CIPHER_CTX)); |
| 516 | return 1; |
| 517 | } |
| 518 | |
| 519 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) |
| 520 | { |
| 521 | if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) |
| 522 | return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); |
| 523 | if(c->key_len == keylen) return 1; |
| 524 | if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) |
| 525 | { |
| 526 | c->key_len = keylen; |
| 527 | return 1; |
| 528 | } |
| 529 | EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); |
| 530 | return 0; |
| 531 | } |
| 532 | |
| 533 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) |
| 534 | { |
| 535 | if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; |
| 536 | else ctx->flags |= EVP_CIPH_NO_PADDING; |
| 537 | return 1; |
| 538 | } |
| 539 | |
| 540 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) |
| 541 | { |
| 542 | int ret; |
| 543 | if(!ctx->cipher) { |
| 544 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); |
| 545 | return 0; |
| 546 | } |
| 547 | |
| 548 | if(!ctx->cipher->ctrl) { |
| 549 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); |
| 550 | return 0; |
| 551 | } |
| 552 | |
| 553 | ret = ctx->cipher->ctrl(ctx, type, arg, ptr); |
| 554 | if(ret == -1) { |
| 555 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); |
| 556 | return 0; |
| 557 | } |
| 558 | return ret; |
| 559 | } |
| 560 | |
| 561 | int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) |
| 562 | { |
| 563 | if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) |
| 564 | return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); |
| 565 | if (RAND_bytes(key, ctx->key_len) <= 0) |
| 566 | return 0; |
| 567 | return 1; |
| 568 | } |
| 569 | |
| 570 | int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) |
| 571 | { |
| 572 | if ((in == NULL) || (in->cipher == NULL)) |
| 573 | { |
| 574 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); |
| 575 | return 0; |
| 576 | } |
| 577 | #ifndef OPENSSL_NO_ENGINE |
| 578 | /* Make sure it's safe to copy a cipher context using an ENGINE */ |
| 579 | if (in->engine && !ENGINE_init(in->engine)) |
| 580 | { |
| 581 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB); |
| 582 | return 0; |
| 583 | } |
| 584 | #endif |
| 585 | |
| 586 | EVP_CIPHER_CTX_cleanup(out); |
| 587 | memcpy(out,in,sizeof *out); |
| 588 | |
| 589 | if (in->cipher_data && in->cipher->ctx_size) |
| 590 | { |
| 591 | out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size); |
| 592 | if (!out->cipher_data) |
| 593 | { |
| 594 | EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE); |
| 595 | return 0; |
| 596 | } |
| 597 | memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size); |
| 598 | } |
| 599 | |
| 600 | if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) |
| 601 | return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); |
| 602 | return 1; |
| 603 | } |
| 604 | |