X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fevp_enc.c;h=a35621a2ec9d27fc3db44baf9bb499b8711b0e5e;hp=9abb9855ff4ecdfd30a96c84bc2ed7d7fc789f29;hb=081464fa142ce908d0606417e5f576263cb29584;hpb=f0446ca8d746ff138a892588e33597411f59f5fa

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 9abb9855ff..a35621a2ec 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -60,11 +60,13 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 #include "evp_locl.h"
 
-#include <assert.h>
-
-const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
+const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	{
@@ -72,31 +74,124 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	/* ctx->cipher=NULL; */
 	}
 
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+	{
+	EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+	if (ctx)
+		EVP_CIPHER_CTX_init(ctx);
+	return ctx;
+	}
+
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     unsigned char *key, unsigned char *iv, int enc)
+	     const unsigned char *key, const unsigned char *iv, int enc)
+	{
+	if (cipher)
+		EVP_CIPHER_CTX_init(ctx);
+	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
+	}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
-	if(enc && (enc != -1)) enc = 1;
+	if (enc == -1)
+		enc = ctx->encrypt;
+	else
+		{
+		if (enc)
+			enc = 1;
+		ctx->encrypt = enc;
+		}
+#ifndef OPENSSL_NO_ENGINE
+	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+	 * so this context may already have an ENGINE! Try to avoid releasing
+	 * the previous handle, re-querying for an ENGINE, and having a
+	 * reinitialisation, when it may all be unecessary. */
+	if (ctx->engine && ctx->cipher && (!cipher ||
+			(cipher && (cipher->nid == ctx->cipher->nid))))
+		goto skip_to_init;
+#endif
 	if (cipher)
 		{
+		/* Ensure a context left lying around from last time is cleared
+		 * (the previous check attempted to avoid this if the same
+		 * ENGINE and EVP_CIPHER could be used). */
+		EVP_CIPHER_CTX_cleanup(ctx);
+
+		/* Restore encrypt field: it is zeroed by cleanup */
+		ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+		if(impl)
+			{
+			if (!ENGINE_init(impl))
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		else
+			/* Ask if an ENGINE is reserved for this job */
+			impl = ENGINE_get_cipher_engine(cipher->nid);
+		if(impl)
+			{
+			/* There's an ENGINE for this job ... (apparently) */
+			const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+			if(!c)
+				{
+				/* One positive side-effect of US's export
+				 * control history, is that we should at least
+				 * be able to avoid using US mispellings of
+				 * "initialisation"? */
+				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			/* We'll use the ENGINE's private cipher definition */
+			cipher = c;
+			/* Store the ENGINE functional reference so we know
+			 * 'cipher' came from an ENGINE and we need to release
+			 * it when done. */
+			ctx->engine = impl;
+			}
+		else
+			ctx->engine = NULL;
+#endif
+
 		ctx->cipher=cipher;
-		ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+		if (ctx->cipher->ctx_size)
+			{
+			ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+			if (!ctx->cipher_data)
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
+		else
+			{
+			ctx->cipher_data = NULL;
+			}
 		ctx->key_len = cipher->key_len;
 		ctx->flags = 0;
-		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
-			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
-				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+			{
+			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
 				return 0;
+				}
 			}
 		}
-	} else if(!ctx->cipher) {
-		EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+	else if(!ctx->cipher)
+		{
+		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
 		return 0;
-	}
-
+		}
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
 	/* we assume block size is a power of 2 in *cryptUpdate */
-	assert(ctx->cipher->block_size == 1
-	       || ctx->cipher->block_size == 8
-	       || ctx->cipher->block_size == 16);
+	OPENSSL_assert(ctx->cipher->block_size == 1
+	    || ctx->cipher->block_size == 8
+	    || ctx->cipher->block_size == 16);
 
 	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
 		switch(EVP_CIPHER_CTX_mode(ctx)) {
@@ -111,9 +206,14 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 			ctx->num = 0;
 
 			case EVP_CIPH_CBC_MODE:
+			case EVP_CIPH_CTR_MODE:
 
+			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+					(int)sizeof(ctx->iv));
 			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+			/* Don't reuse IV for CTR mode */
+			if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_CTR_MODE)
+				memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
 			break;
 
 			default:
@@ -125,7 +225,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
 	}
-	if(enc != -1) ctx->encrypt=enc;
 	ctx->buf_len=0;
 	ctx->final_used=0;
 	ctx->block_mask=ctx->cipher->block_size-1;
@@ -133,37 +232,62 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	}
 
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
+	     const unsigned char *in, int inl)
 	{
 	if (ctx->encrypt)
 		return EVP_EncryptUpdate(ctx,out,outl,in,inl);
 	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
 	}
 
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	if (ctx->encrypt)
+		return EVP_EncryptFinal_ex(ctx,out,outl);
+	else	return EVP_DecryptFinal_ex(ctx,out,outl);
+	}
+
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	if (ctx->encrypt)
 		return EVP_EncryptFinal(ctx,out,outl);
-	else	return(EVP_DecryptFinal(ctx,out,outl));
+	else	return EVP_DecryptFinal(ctx,out,outl);
 	}
 
 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     unsigned char *key, unsigned char *iv)
+	     const unsigned char *key, const unsigned char *iv)
 	{
 	return EVP_CipherInit(ctx, cipher, key, iv, 1);
 	}
 
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv)
+	{
+	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+	}
+
 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     unsigned char *key, unsigned char *iv)
+	     const unsigned char *key, const unsigned char *iv)
 	{
 	return EVP_CipherInit(ctx, cipher, key, iv, 0);
 	}
 
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+	     const unsigned char *key, const unsigned char *iv)
+	{
+	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+	}
+
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
+	     const unsigned char *in, int inl)
 	{
 	int i,j,bl;
 
+	if (inl <= 0)
+		{
+		*outl = 0;
+		return inl == 0;
+		}
+
 	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
 		{
 		if(ctx->cipher->do_cipher(ctx,out,in,inl))
@@ -179,6 +303,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 		}
 	i=ctx->buf_len;
 	bl=ctx->cipher->block_size;
+	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
 	if (i != 0)
 		{
 		if (i+inl < bl)
@@ -217,9 +342,18 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 
 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	int i,n,b,bl,ret;
+	int ret;
+	ret = EVP_EncryptFinal_ex(ctx, out, outl);
+	return ret;
+	}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int n,ret;
+	unsigned int i, b, bl;
 
 	b=ctx->cipher->block_size;
+	OPENSSL_assert(b <= sizeof ctx->buf);
 	if (b == 1)
 		{
 		*outl=0;
@@ -228,10 +362,9 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	bl=ctx->buf_len;
 	if (ctx->flags & EVP_CIPH_NO_PADDING)
 		{
-		EVP_CIPHER_CTX_cleanup(ctx);
 		if(bl)
 			{
-			EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
 			return 0;
 			}
 		*outl = 0;
@@ -243,7 +376,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 		ctx->buf[i]=n;
 	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
 
-	EVP_CIPHER_CTX_cleanup(ctx);
 
 	if(ret)
 		*outl=b;
@@ -252,26 +384,33 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	}
 
 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
+	     const unsigned char *in, int inl)
 	{
-	int b;
+	int fix_len;
+	unsigned int b;
 
-	if (inl == 0)
+	if (inl <= 0)
 		{
-		*outl=0;
-		return 1;
+		*outl = 0;
+		return inl == 0;
 		}
 
 	if (ctx->flags & EVP_CIPH_NO_PADDING)
 		return EVP_EncryptUpdate(ctx, out, outl, in, inl);
 
 	b=ctx->cipher->block_size;
+	OPENSSL_assert(b <= sizeof ctx->final);
+
 	if(ctx->final_used)
 		{
 		memcpy(out,ctx->final,b);
 		out+=b;
+		fix_len = 1;
 		}
-		
+	else
+		fix_len = 0;
+
+
 	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
 		return 0;
 
@@ -279,25 +418,30 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	 * we have a copy of this last block */
 	if (b > 1 && !ctx->buf_len)
 		{
-		if(!ctx->final_used)
-			{
-			*outl-=b;
-			ctx->final_used=1;
-			}
+		*outl-=b;
+		ctx->final_used=1;
 		memcpy(ctx->final,&out[*outl],b);
 		}
-	else if(ctx->final_used)
-		{
-		ctx->final_used=0;
-		*outl+=b;
-		}
+	else
+		ctx->final_used = 0;
+
+	if (fix_len)
+		*outl += b;
+		
 	return 1;
 	}
 
 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	int i,b;
-	int n;
+	int ret;
+	ret = EVP_DecryptFinal_ex(ctx, out, outl);
+	return ret;
+	}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i,n;
+	unsigned int b;
 
 	*outl=0;
 	b=ctx->cipher->block_size;
@@ -305,7 +449,7 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 		{
 		if(ctx->buf_len)
 			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
 			return 0;
 			}
 		*outl = 0;
@@ -315,20 +459,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 		{
 		if (ctx->buf_len || !ctx->final_used)
 			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
 			return(0);
 			}
+		OPENSSL_assert(b <= sizeof ctx->final);
 		n=ctx->final[b-1];
-		if (n > b)
+		if (n == 0 || n > (int)b)
 			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
 			return(0);
 			}
 		for (i=0; i<n; i++)
 			{
 			if (ctx->final[--b] != n)
 				{
-				EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
 				return(0);
 				}
 			}
@@ -342,13 +487,33 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	return(1);
 	}
 
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+	{
+	if (ctx)
+		{
+		EVP_CIPHER_CTX_cleanup(ctx);
+		OPENSSL_free(ctx);
+		}
+	}
+
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 	{
-	if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+	if (c->cipher != NULL)
 		{
-		if(!c->cipher->cleanup(c)) return 0;
+		if(c->cipher->cleanup && !c->cipher->cleanup(c))
+			return 0;
+		/* Cleanse cipher context data */
+		if (c->cipher_data)
+			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
 		}
-	OPENSSL_free(c->cipher_data);
+	if (c->cipher_data)
+		OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+	if (c->engine)
+		/* The EVP_CIPHER we used belongs to an ENGINE, release the
+		 * functional reference we held for this reason. */
+		ENGINE_finish(c->engine);
+#endif
 	memset(c,0,sizeof(EVP_CIPHER_CTX));
 	return 1;
 	}
@@ -394,3 +559,48 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 	}
 	return ret;
 }
+
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+	{
+	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+	if (RAND_bytes(key, ctx->key_len) <= 0)
+		return 0;
+	return 1;
+	}
+
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+	{
+	if ((in == NULL) || (in->cipher == NULL))
+		{
+		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+		return 0;
+		}
+#ifndef OPENSSL_NO_ENGINE
+	/* Make sure it's safe to copy a cipher context using an ENGINE */
+	if (in->engine && !ENGINE_init(in->engine))
+		{
+		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
+		return 0;
+		}
+#endif
+
+	EVP_CIPHER_CTX_cleanup(out);
+	memcpy(out,in,sizeof *out);
+
+	if (in->cipher_data && in->cipher->ctx_size)
+		{
+		out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
+		if (!out->cipher_data)
+			{
+			EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
+		}
+
+	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+		return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
+	return 1;
+	}
+