evp_enc.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547
  1. /* crypto/evp/evp_enc.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/evp.h>
  61. #include <openssl/err.h>
  62. #include <openssl/rand.h>
  63. #ifndef OPENSSL_NO_ENGINE
  64. #include <openssl/engine.h>
  65. #endif
  66. #include "evp_locl.h"
  67. const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
  68. void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
  69. {
  70. memset(ctx,0,sizeof(EVP_CIPHER_CTX));
  71. /* ctx->cipher=NULL; */
  72. }
  73. int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  74. const unsigned char *key, const unsigned char *iv, int enc)
  75. {
  76. if (cipher)
  77. EVP_CIPHER_CTX_init(ctx);
  78. return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
  79. }
  80. int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
  81. const unsigned char *key, const unsigned char *iv, int enc)
  82. {
  83. if (enc == -1)
  84. enc = ctx->encrypt;
  85. else
  86. {
  87. if (enc)
  88. enc = 1;
  89. ctx->encrypt = enc;
  90. }
  91. #ifndef OPENSSL_NO_ENGINE
  92. /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
  93. * so this context may already have an ENGINE! Try to avoid releasing
  94. * the previous handle, re-querying for an ENGINE, and having a
  95. * reinitialisation, when it may all be unecessary. */
  96. if (ctx->engine && ctx->cipher && (!cipher ||
  97. (cipher && (cipher->nid == ctx->cipher->nid))))
  98. goto skip_to_init;
  99. #endif
  100. if (cipher)
  101. {
  102. /* Ensure a context left lying around from last time is cleared
  103. * (the previous check attempted to avoid this if the same
  104. * ENGINE and EVP_CIPHER could be used). */
  105. EVP_CIPHER_CTX_cleanup(ctx);
  106. /* Restore encrypt field: it is zeroed by cleanup */
  107. ctx->encrypt = enc;
  108. #ifndef OPENSSL_NO_ENGINE
  109. if(impl)
  110. {
  111. if (!ENGINE_init(impl))
  112. {
  113. EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
  114. return 0;
  115. }
  116. }
  117. else
  118. /* Ask if an ENGINE is reserved for this job */
  119. impl = ENGINE_get_cipher_engine(cipher->nid);
  120. if(impl)
  121. {
  122. /* There's an ENGINE for this job ... (apparently) */
  123. const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
  124. if(!c)
  125. {
  126. /* One positive side-effect of US's export
  127. * control history, is that we should at least
  128. * be able to avoid using US mispellings of
  129. * "initialisation"? */
  130. EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
  131. return 0;
  132. }
  133. /* We'll use the ENGINE's private cipher definition */
  134. cipher = c;
  135. /* Store the ENGINE functional reference so we know
  136. * 'cipher' came from an ENGINE and we need to release
  137. * it when done. */
  138. ctx->engine = impl;
  139. }
  140. else
  141. ctx->engine = NULL;
  142. #endif
  143. ctx->cipher=cipher;
  144. if (ctx->cipher->ctx_size)
  145. {
  146. ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
  147. if (!ctx->cipher_data)
  148. {
  149. EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
  150. return 0;
  151. }
  152. }
  153. else
  154. {
  155. ctx->cipher_data = NULL;
  156. }
  157. ctx->key_len = cipher->key_len;
  158. ctx->flags = 0;
  159. if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
  160. {
  161. if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
  162. {
  163. EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
  164. return 0;
  165. }
  166. }
  167. }
  168. else if(!ctx->cipher)
  169. {
  170. EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
  171. return 0;
  172. }
  173. #ifndef OPENSSL_NO_ENGINE
  174. skip_to_init:
  175. #endif
  176. /* we assume block size is a power of 2 in *cryptUpdate */
  177. OPENSSL_assert(ctx->cipher->block_size == 1
  178. || ctx->cipher->block_size == 8
  179. || ctx->cipher->block_size == 16);
  180. if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
  181. switch(EVP_CIPHER_CTX_mode(ctx)) {
  182. case EVP_CIPH_STREAM_CIPHER:
  183. case EVP_CIPH_ECB_MODE:
  184. break;
  185. case EVP_CIPH_CFB_MODE:
  186. case EVP_CIPH_OFB_MODE:
  187. ctx->num = 0;
  188. case EVP_CIPH_CBC_MODE:
  189. OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
  190. (int)sizeof(ctx->iv));
  191. if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
  192. memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
  193. break;
  194. default:
  195. return 0;
  196. break;
  197. }
  198. }
  199. if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
  200. if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
  201. }
  202. ctx->buf_len=0;
  203. ctx->final_used=0;
  204. ctx->block_mask=ctx->cipher->block_size-1;
  205. return 1;
  206. }
  207. int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  208. const unsigned char *in, int inl)
  209. {
  210. if (ctx->encrypt)
  211. return EVP_EncryptUpdate(ctx,out,outl,in,inl);
  212. else return EVP_DecryptUpdate(ctx,out,outl,in,inl);
  213. }
  214. int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  215. {
  216. if (ctx->encrypt)
  217. return EVP_EncryptFinal_ex(ctx,out,outl);
  218. else return EVP_DecryptFinal_ex(ctx,out,outl);
  219. }
  220. int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  221. {
  222. if (ctx->encrypt)
  223. return EVP_EncryptFinal(ctx,out,outl);
  224. else return EVP_DecryptFinal(ctx,out,outl);
  225. }
  226. int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  227. const unsigned char *key, const unsigned char *iv)
  228. {
  229. return EVP_CipherInit(ctx, cipher, key, iv, 1);
  230. }
  231. int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
  232. const unsigned char *key, const unsigned char *iv)
  233. {
  234. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
  235. }
  236. int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  237. const unsigned char *key, const unsigned char *iv)
  238. {
  239. return EVP_CipherInit(ctx, cipher, key, iv, 0);
  240. }
  241. int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
  242. const unsigned char *key, const unsigned char *iv)
  243. {
  244. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
  245. }
  246. int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  247. const unsigned char *in, int inl)
  248. {
  249. int i,j,bl;
  250. OPENSSL_assert(inl > 0);
  251. if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
  252. {
  253. if(ctx->cipher->do_cipher(ctx,out,in,inl))
  254. {
  255. *outl=inl;
  256. return 1;
  257. }
  258. else
  259. {
  260. *outl=0;
  261. return 0;
  262. }
  263. }
  264. i=ctx->buf_len;
  265. bl=ctx->cipher->block_size;
  266. OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
  267. if (i != 0)
  268. {
  269. if (i+inl < bl)
  270. {
  271. memcpy(&(ctx->buf[i]),in,inl);
  272. ctx->buf_len+=inl;
  273. *outl=0;
  274. return 1;
  275. }
  276. else
  277. {
  278. j=bl-i;
  279. memcpy(&(ctx->buf[i]),in,j);
  280. if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
  281. inl-=j;
  282. in+=j;
  283. out+=bl;
  284. *outl=bl;
  285. }
  286. }
  287. else
  288. *outl = 0;
  289. i=inl&(bl-1);
  290. inl-=i;
  291. if (inl > 0)
  292. {
  293. if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
  294. *outl+=inl;
  295. }
  296. if (i != 0)
  297. memcpy(ctx->buf,&(in[inl]),i);
  298. ctx->buf_len=i;
  299. return 1;
  300. }
  301. int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  302. {
  303. int ret;
  304. ret = EVP_EncryptFinal_ex(ctx, out, outl);
  305. return ret;
  306. }
  307. int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  308. {
  309. int n,ret;
  310. unsigned int i, b, bl;
  311. b=ctx->cipher->block_size;
  312. OPENSSL_assert(b <= sizeof ctx->buf);
  313. if (b == 1)
  314. {
  315. *outl=0;
  316. return 1;
  317. }
  318. bl=ctx->buf_len;
  319. if (ctx->flags & EVP_CIPH_NO_PADDING)
  320. {
  321. if(bl)
  322. {
  323. EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  324. return 0;
  325. }
  326. *outl = 0;
  327. return 1;
  328. }
  329. n=b-bl;
  330. for (i=bl; i<b; i++)
  331. ctx->buf[i]=n;
  332. ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
  333. if(ret)
  334. *outl=b;
  335. return ret;
  336. }
  337. int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  338. const unsigned char *in, int inl)
  339. {
  340. int fix_len;
  341. unsigned int b;
  342. if (inl == 0)
  343. {
  344. *outl=0;
  345. return 1;
  346. }
  347. if (ctx->flags & EVP_CIPH_NO_PADDING)
  348. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  349. b=ctx->cipher->block_size;
  350. OPENSSL_assert(b <= sizeof ctx->final);
  351. if(ctx->final_used)
  352. {
  353. memcpy(out,ctx->final,b);
  354. out+=b;
  355. fix_len = 1;
  356. }
  357. else
  358. fix_len = 0;
  359. if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
  360. return 0;
  361. /* if we have 'decrypted' a multiple of block size, make sure
  362. * we have a copy of this last block */
  363. if (b > 1 && !ctx->buf_len)
  364. {
  365. *outl-=b;
  366. ctx->final_used=1;
  367. memcpy(ctx->final,&out[*outl],b);
  368. }
  369. else
  370. ctx->final_used = 0;
  371. if (fix_len)
  372. *outl += b;
  373. return 1;
  374. }
  375. int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  376. {
  377. int ret;
  378. ret = EVP_DecryptFinal_ex(ctx, out, outl);
  379. return ret;
  380. }
  381. int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  382. {
  383. int i,n;
  384. unsigned int b;
  385. *outl=0;
  386. b=ctx->cipher->block_size;
  387. if (ctx->flags & EVP_CIPH_NO_PADDING)
  388. {
  389. if(ctx->buf_len)
  390. {
  391. EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  392. return 0;
  393. }
  394. *outl = 0;
  395. return 1;
  396. }
  397. if (b > 1)
  398. {
  399. if (ctx->buf_len || !ctx->final_used)
  400. {
  401. EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
  402. return(0);
  403. }
  404. OPENSSL_assert(b <= sizeof ctx->final);
  405. n=ctx->final[b-1];
  406. if (n > (int)b)
  407. {
  408. EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
  409. return(0);
  410. }
  411. for (i=0; i<n; i++)
  412. {
  413. if (ctx->final[--b] != n)
  414. {
  415. EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
  416. return(0);
  417. }
  418. }
  419. n=ctx->cipher->block_size-n;
  420. for (i=0; i<n; i++)
  421. out[i]=ctx->final[i];
  422. *outl=n;
  423. }
  424. else
  425. *outl=0;
  426. return(1);
  427. }
  428. int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
  429. {
  430. if (c->cipher != NULL)
  431. {
  432. if(c->cipher->cleanup && !c->cipher->cleanup(c))
  433. return 0;
  434. /* Cleanse cipher context data */
  435. if (c->cipher_data)
  436. OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
  437. }
  438. if (c->cipher_data)
  439. OPENSSL_free(c->cipher_data);
  440. #ifndef OPENSSL_NO_ENGINE
  441. if (c->engine)
  442. /* The EVP_CIPHER we used belongs to an ENGINE, release the
  443. * functional reference we held for this reason. */
  444. ENGINE_finish(c->engine);
  445. #endif
  446. memset(c,0,sizeof(EVP_CIPHER_CTX));
  447. return 1;
  448. }
  449. int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
  450. {
  451. if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
  452. return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
  453. if(c->key_len == keylen) return 1;
  454. if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
  455. {
  456. c->key_len = keylen;
  457. return 1;
  458. }
  459. EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
  460. return 0;
  461. }
  462. int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
  463. {
  464. if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
  465. else ctx->flags |= EVP_CIPH_NO_PADDING;
  466. return 1;
  467. }
  468. int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
  469. {
  470. int ret;
  471. if(!ctx->cipher) {
  472. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
  473. return 0;
  474. }
  475. if(!ctx->cipher->ctrl) {
  476. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
  477. return 0;
  478. }
  479. ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
  480. if(ret == -1) {
  481. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
  482. return 0;
  483. }
  484. return ret;
  485. }
  486. int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
  487. {
  488. if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
  489. return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
  490. if (RAND_bytes(key, ctx->key_len) <= 0)
  491. return 0;
  492. return 1;
  493. }