2
0

evp_enc.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563
  1. /* crypto/evp/evp_enc.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/evp.h>
  61. #include <openssl/err.h>
  62. #include <openssl/rand.h>
  63. #ifndef OPENSSL_NO_ENGINE
  64. #include <openssl/engine.h>
  65. #endif
  66. #include "evp_locl.h"
  67. const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
  68. void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
  69. {
  70. memset(ctx,0,sizeof(EVP_CIPHER_CTX));
  71. /* ctx->cipher=NULL; */
  72. }
  73. EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
  74. {
  75. EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
  76. if (ctx)
  77. EVP_CIPHER_CTX_init(ctx);
  78. return ctx;
  79. }
  80. int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  81. const unsigned char *key, const unsigned char *iv, int enc)
  82. {
  83. if (cipher)
  84. EVP_CIPHER_CTX_init(ctx);
  85. return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
  86. }
  87. int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
  88. const unsigned char *key, const unsigned char *iv, int enc)
  89. {
  90. if (enc == -1)
  91. enc = ctx->encrypt;
  92. else
  93. {
  94. if (enc)
  95. enc = 1;
  96. ctx->encrypt = enc;
  97. }
  98. #ifndef OPENSSL_NO_ENGINE
  99. /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
  100. * so this context may already have an ENGINE! Try to avoid releasing
  101. * the previous handle, re-querying for an ENGINE, and having a
  102. * reinitialisation, when it may all be unecessary. */
  103. if (ctx->engine && ctx->cipher && (!cipher ||
  104. (cipher && (cipher->nid == ctx->cipher->nid))))
  105. goto skip_to_init;
  106. #endif
  107. if (cipher)
  108. {
  109. /* Ensure a context left lying around from last time is cleared
  110. * (the previous check attempted to avoid this if the same
  111. * ENGINE and EVP_CIPHER could be used). */
  112. EVP_CIPHER_CTX_cleanup(ctx);
  113. /* Restore encrypt field: it is zeroed by cleanup */
  114. ctx->encrypt = enc;
  115. #ifndef OPENSSL_NO_ENGINE
  116. if(impl)
  117. {
  118. if (!ENGINE_init(impl))
  119. {
  120. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  121. return 0;
  122. }
  123. }
  124. else
  125. /* Ask if an ENGINE is reserved for this job */
  126. impl = ENGINE_get_cipher_engine(cipher->nid);
  127. if(impl)
  128. {
  129. /* There's an ENGINE for this job ... (apparently) */
  130. const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
  131. if(!c)
  132. {
  133. /* One positive side-effect of US's export
  134. * control history, is that we should at least
  135. * be able to avoid using US mispellings of
  136. * "initialisation"? */
  137. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  138. return 0;
  139. }
  140. /* We'll use the ENGINE's private cipher definition */
  141. cipher = c;
  142. /* Store the ENGINE functional reference so we know
  143. * 'cipher' came from an ENGINE and we need to release
  144. * it when done. */
  145. ctx->engine = impl;
  146. }
  147. else
  148. ctx->engine = NULL;
  149. #endif
  150. ctx->cipher=cipher;
  151. if (ctx->cipher->ctx_size)
  152. {
  153. ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
  154. if (!ctx->cipher_data)
  155. {
  156. EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
  157. return 0;
  158. }
  159. }
  160. else
  161. {
  162. ctx->cipher_data = NULL;
  163. }
  164. ctx->key_len = cipher->key_len;
  165. ctx->flags = 0;
  166. if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
  167. {
  168. if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
  169. {
  170. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  171. return 0;
  172. }
  173. }
  174. }
  175. else if(!ctx->cipher)
  176. {
  177. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
  178. return 0;
  179. }
  180. #ifndef OPENSSL_NO_ENGINE
  181. skip_to_init:
  182. #endif
  183. /* we assume block size is a power of 2 in *cryptUpdate */
  184. OPENSSL_assert(ctx->cipher->block_size == 1
  185. || ctx->cipher->block_size == 8
  186. || ctx->cipher->block_size == 16);
  187. if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
  188. switch(EVP_CIPHER_CTX_mode(ctx)) {
  189. case EVP_CIPH_STREAM_CIPHER:
  190. case EVP_CIPH_ECB_MODE:
  191. break;
  192. case EVP_CIPH_CFB_MODE:
  193. case EVP_CIPH_OFB_MODE:
  194. ctx->num = 0;
  195. case EVP_CIPH_CBC_MODE:
  196. OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
  197. (int)sizeof(ctx->iv));
  198. if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
  199. memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
  200. break;
  201. default:
  202. return 0;
  203. break;
  204. }
  205. }
  206. if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
  207. if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
  208. }
  209. ctx->buf_len=0;
  210. ctx->final_used=0;
  211. ctx->block_mask=ctx->cipher->block_size-1;
  212. return 1;
  213. }
  214. int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  215. const unsigned char *in, int inl)
  216. {
  217. if (ctx->encrypt)
  218. return EVP_EncryptUpdate(ctx,out,outl,in,inl);
  219. else return EVP_DecryptUpdate(ctx,out,outl,in,inl);
  220. }
  221. int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  222. {
  223. if (ctx->encrypt)
  224. return EVP_EncryptFinal_ex(ctx,out,outl);
  225. else return EVP_DecryptFinal_ex(ctx,out,outl);
  226. }
  227. int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  228. {
  229. if (ctx->encrypt)
  230. return EVP_EncryptFinal(ctx,out,outl);
  231. else return EVP_DecryptFinal(ctx,out,outl);
  232. }
  233. int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  234. const unsigned char *key, const unsigned char *iv)
  235. {
  236. return EVP_CipherInit(ctx, cipher, key, iv, 1);
  237. }
  238. int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
  239. const unsigned char *key, const unsigned char *iv)
  240. {
  241. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
  242. }
  243. int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  244. const unsigned char *key, const unsigned char *iv)
  245. {
  246. return EVP_CipherInit(ctx, cipher, key, iv, 0);
  247. }
  248. int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
  249. const unsigned char *key, const unsigned char *iv)
  250. {
  251. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
  252. }
  253. int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  254. const unsigned char *in, int inl)
  255. {
  256. int i,j,bl;
  257. OPENSSL_assert(inl > 0);
  258. if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
  259. {
  260. if(ctx->cipher->do_cipher(ctx,out,in,inl))
  261. {
  262. *outl=inl;
  263. return 1;
  264. }
  265. else
  266. {
  267. *outl=0;
  268. return 0;
  269. }
  270. }
  271. i=ctx->buf_len;
  272. bl=ctx->cipher->block_size;
  273. OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
  274. if (i != 0)
  275. {
  276. if (i+inl < bl)
  277. {
  278. memcpy(&(ctx->buf[i]),in,inl);
  279. ctx->buf_len+=inl;
  280. *outl=0;
  281. return 1;
  282. }
  283. else
  284. {
  285. j=bl-i;
  286. memcpy(&(ctx->buf[i]),in,j);
  287. if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
  288. inl-=j;
  289. in+=j;
  290. out+=bl;
  291. *outl=bl;
  292. }
  293. }
  294. else
  295. *outl = 0;
  296. i=inl&(bl-1);
  297. inl-=i;
  298. if (inl > 0)
  299. {
  300. if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
  301. *outl+=inl;
  302. }
  303. if (i != 0)
  304. memcpy(ctx->buf,&(in[inl]),i);
  305. ctx->buf_len=i;
  306. return 1;
  307. }
  308. int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  309. {
  310. int ret;
  311. ret = EVP_EncryptFinal_ex(ctx, out, outl);
  312. return ret;
  313. }
  314. int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  315. {
  316. int n,ret;
  317. unsigned int i, b, bl;
  318. b=ctx->cipher->block_size;
  319. OPENSSL_assert(b <= sizeof ctx->buf);
  320. if (b == 1)
  321. {
  322. *outl=0;
  323. return 1;
  324. }
  325. bl=ctx->buf_len;
  326. if (ctx->flags & EVP_CIPH_NO_PADDING)
  327. {
  328. if(bl)
  329. {
  330. EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  331. return 0;
  332. }
  333. *outl = 0;
  334. return 1;
  335. }
  336. n=b-bl;
  337. for (i=bl; i<b; i++)
  338. ctx->buf[i]=n;
  339. ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
  340. if(ret)
  341. *outl=b;
  342. return ret;
  343. }
  344. int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  345. const unsigned char *in, int inl)
  346. {
  347. int fix_len;
  348. unsigned int b;
  349. if (inl == 0)
  350. {
  351. *outl=0;
  352. return 1;
  353. }
  354. if (ctx->flags & EVP_CIPH_NO_PADDING)
  355. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  356. b=ctx->cipher->block_size;
  357. OPENSSL_assert(b <= sizeof ctx->final);
  358. if(ctx->final_used)
  359. {
  360. memcpy(out,ctx->final,b);
  361. out+=b;
  362. fix_len = 1;
  363. }
  364. else
  365. fix_len = 0;
  366. if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
  367. return 0;
  368. /* if we have 'decrypted' a multiple of block size, make sure
  369. * we have a copy of this last block */
  370. if (b > 1 && !ctx->buf_len)
  371. {
  372. *outl-=b;
  373. ctx->final_used=1;
  374. memcpy(ctx->final,&out[*outl],b);
  375. }
  376. else
  377. ctx->final_used = 0;
  378. if (fix_len)
  379. *outl += b;
  380. return 1;
  381. }
  382. int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  383. {
  384. int ret;
  385. ret = EVP_DecryptFinal_ex(ctx, out, outl);
  386. return ret;
  387. }
  388. int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  389. {
  390. int i,n;
  391. unsigned int b;
  392. *outl=0;
  393. b=ctx->cipher->block_size;
  394. if (ctx->flags & EVP_CIPH_NO_PADDING)
  395. {
  396. if(ctx->buf_len)
  397. {
  398. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  399. return 0;
  400. }
  401. *outl = 0;
  402. return 1;
  403. }
  404. if (b > 1)
  405. {
  406. if (ctx->buf_len || !ctx->final_used)
  407. {
  408. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
  409. return(0);
  410. }
  411. OPENSSL_assert(b <= sizeof ctx->final);
  412. n=ctx->final[b-1];
  413. if (n == 0 || n > (int)b)
  414. {
  415. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
  416. return(0);
  417. }
  418. for (i=0; i<n; i++)
  419. {
  420. if (ctx->final[--b] != n)
  421. {
  422. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
  423. return(0);
  424. }
  425. }
  426. n=ctx->cipher->block_size-n;
  427. for (i=0; i<n; i++)
  428. out[i]=ctx->final[i];
  429. *outl=n;
  430. }
  431. else
  432. *outl=0;
  433. return(1);
  434. }
  435. void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
  436. {
  437. if (ctx)
  438. {
  439. EVP_CIPHER_CTX_cleanup(ctx);
  440. OPENSSL_free(ctx);
  441. }
  442. }
  443. int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
  444. {
  445. if (c->cipher != NULL)
  446. {
  447. if(c->cipher->cleanup && !c->cipher->cleanup(c))
  448. return 0;
  449. /* Cleanse cipher context data */
  450. if (c->cipher_data)
  451. OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
  452. }
  453. if (c->cipher_data)
  454. OPENSSL_free(c->cipher_data);
  455. #ifndef OPENSSL_NO_ENGINE
  456. if (c->engine)
  457. /* The EVP_CIPHER we used belongs to an ENGINE, release the
  458. * functional reference we held for this reason. */
  459. ENGINE_finish(c->engine);
  460. #endif
  461. memset(c,0,sizeof(EVP_CIPHER_CTX));
  462. return 1;
  463. }
  464. int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
  465. {
  466. if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
  467. return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
  468. if(c->key_len == keylen) return 1;
  469. if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
  470. {
  471. c->key_len = keylen;
  472. return 1;
  473. }
  474. EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
  475. return 0;
  476. }
  477. int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
  478. {
  479. if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
  480. else ctx->flags |= EVP_CIPH_NO_PADDING;
  481. return 1;
  482. }
  483. int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
  484. {
  485. int ret;
  486. if(!ctx->cipher) {
  487. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
  488. return 0;
  489. }
  490. if(!ctx->cipher->ctrl) {
  491. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
  492. return 0;
  493. }
  494. ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
  495. if(ret == -1) {
  496. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
  497. return 0;
  498. }
  499. return ret;
  500. }
  501. int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
  502. {
  503. if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
  504. return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
  505. if (RAND_bytes(key, ctx->key_len) <= 0)
  506. return 0;
  507. return 1;
  508. }