/* Ensure a context left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_CIPHER could be used). */
- EVP_CIPHER_CTX_cleanup(ctx);
-
- /* Restore encrypt field: it is zeroed by cleanup */
- ctx->encrypt = enc;
+ if (ctx->cipher)
+ {
+ unsigned long flags = ctx->flags;
+ EVP_CIPHER_CTX_cleanup(ctx);
+ /* Restore encrypt and flags */
+ ctx->encrypt = enc;
+ ctx->flags = flags;
+ }
#ifndef OPENSSL_NO_ENGINE
if(impl)
{
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
+ if (FIPS_mode())
+ {
+ const EVP_CIPHER *fcipher;
+ if (cipher)
+ fcipher = evp_get_fips_cipher(cipher);
+ if (fcipher)
+ cipher = fcipher;
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+ }
+#endif
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
ctx->cipher_data = NULL;
}
ctx->key_len = cipher->key_len;
- ctx->flags = 0;
+ /* Preserve wrap enable flag, zero everything else */
+ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
{
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
return 0;
}
}
-#endif
}
else if(!ctx->cipher)
{
skip_to_init:
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
|| ctx->cipher->block_size == 16);
+ if(!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
+ && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE)
+ {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
+ return 0;
+ }
+
if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch(EVP_CIPHER_CTX_mode(ctx)) {
break;
case EVP_CIPH_CTR_MODE:
+ ctx->num = 0;
/* Don't reuse IV for CTR mode */
if(iv)
memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
break;
}
}
+
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
ctx->final_used=0;
ctx->block_mask=ctx->cipher->block_size-1;
return 1;
-#endif
}
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
+
+ /*
+ * The following assumes that the ciphertext has been authenticated.
+ * Otherwise it provides a padding oracle.
+ */
n=ctx->final[b-1];
if (n == 0 || n > (int)b)
{
return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
return 1;
}
-