evp_enc.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641
  1. /*
  2. * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <assert.h>
  11. #include "internal/cryptlib.h"
  12. #include <openssl/evp.h>
  13. #include <openssl/err.h>
  14. #include <openssl/rand.h>
  15. #include <openssl/engine.h>
  16. #include "internal/evp_int.h"
  17. #include "evp_locl.h"
  18. int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
  19. {
  20. if (c == NULL)
  21. return 1;
  22. if (c->cipher != NULL) {
  23. if (c->cipher->cleanup && !c->cipher->cleanup(c))
  24. return 0;
  25. /* Cleanse cipher context data */
  26. if (c->cipher_data && c->cipher->ctx_size)
  27. OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
  28. }
  29. OPENSSL_free(c->cipher_data);
  30. #ifndef OPENSSL_NO_ENGINE
  31. ENGINE_finish(c->engine);
  32. #endif
  33. memset(c, 0, sizeof(*c));
  34. return 1;
  35. }
  36. EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
  37. {
  38. return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
  39. }
  40. void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
  41. {
  42. EVP_CIPHER_CTX_reset(ctx);
  43. OPENSSL_free(ctx);
  44. }
  45. int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  46. const unsigned char *key, const unsigned char *iv, int enc)
  47. {
  48. EVP_CIPHER_CTX_reset(ctx);
  49. return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
  50. }
  51. int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  52. ENGINE *impl, const unsigned char *key,
  53. const unsigned char *iv, int enc)
  54. {
  55. if (enc == -1)
  56. enc = ctx->encrypt;
  57. else {
  58. if (enc)
  59. enc = 1;
  60. ctx->encrypt = enc;
  61. }
  62. #ifndef OPENSSL_NO_ENGINE
  63. /*
  64. * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
  65. * this context may already have an ENGINE! Try to avoid releasing the
  66. * previous handle, re-querying for an ENGINE, and having a
  67. * reinitialisation, when it may all be unnecessary.
  68. */
  69. if (ctx->engine && ctx->cipher
  70. && (cipher == NULL || cipher->nid == ctx->cipher->nid))
  71. goto skip_to_init;
  72. #endif
  73. if (cipher) {
  74. /*
  75. * Ensure a context left lying around from last time is cleared (the
  76. * previous check attempted to avoid this if the same ENGINE and
  77. * EVP_CIPHER could be used).
  78. */
  79. if (ctx->cipher) {
  80. unsigned long flags = ctx->flags;
  81. EVP_CIPHER_CTX_reset(ctx);
  82. /* Restore encrypt and flags */
  83. ctx->encrypt = enc;
  84. ctx->flags = flags;
  85. }
  86. #ifndef OPENSSL_NO_ENGINE
  87. if (impl) {
  88. if (!ENGINE_init(impl)) {
  89. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  90. return 0;
  91. }
  92. } else
  93. /* Ask if an ENGINE is reserved for this job */
  94. impl = ENGINE_get_cipher_engine(cipher->nid);
  95. if (impl) {
  96. /* There's an ENGINE for this job ... (apparently) */
  97. const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
  98. if (!c) {
  99. /*
  100. * One positive side-effect of US's export control history,
  101. * is that we should at least be able to avoid using US
  102. * misspellings of "initialisation"?
  103. */
  104. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  105. return 0;
  106. }
  107. /* We'll use the ENGINE's private cipher definition */
  108. cipher = c;
  109. /*
  110. * Store the ENGINE functional reference so we know 'cipher' came
  111. * from an ENGINE and we need to release it when done.
  112. */
  113. ctx->engine = impl;
  114. } else
  115. ctx->engine = NULL;
  116. #endif
  117. ctx->cipher = cipher;
  118. if (ctx->cipher->ctx_size) {
  119. ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
  120. if (ctx->cipher_data == NULL) {
  121. ctx->cipher = NULL;
  122. EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
  123. return 0;
  124. }
  125. } else {
  126. ctx->cipher_data = NULL;
  127. }
  128. ctx->key_len = cipher->key_len;
  129. /* Preserve wrap enable flag, zero everything else */
  130. ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
  131. if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
  132. if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
  133. ctx->cipher = NULL;
  134. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  135. return 0;
  136. }
  137. }
  138. } else if (!ctx->cipher) {
  139. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
  140. return 0;
  141. }
  142. #ifndef OPENSSL_NO_ENGINE
  143. skip_to_init:
  144. #endif
  145. /* we assume block size is a power of 2 in *cryptUpdate */
  146. OPENSSL_assert(ctx->cipher->block_size == 1
  147. || ctx->cipher->block_size == 8
  148. || ctx->cipher->block_size == 16);
  149. if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
  150. && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
  151. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
  152. return 0;
  153. }
  154. if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
  155. switch (EVP_CIPHER_CTX_mode(ctx)) {
  156. case EVP_CIPH_STREAM_CIPHER:
  157. case EVP_CIPH_ECB_MODE:
  158. break;
  159. case EVP_CIPH_CFB_MODE:
  160. case EVP_CIPH_OFB_MODE:
  161. ctx->num = 0;
  162. /* fall-through */
  163. case EVP_CIPH_CBC_MODE:
  164. OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
  165. (int)sizeof(ctx->iv));
  166. if (iv)
  167. memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
  168. memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
  169. break;
  170. case EVP_CIPH_CTR_MODE:
  171. ctx->num = 0;
  172. /* Don't reuse IV for CTR mode */
  173. if (iv)
  174. memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
  175. break;
  176. default:
  177. return 0;
  178. }
  179. }
  180. if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
  181. if (!ctx->cipher->init(ctx, key, iv, enc))
  182. return 0;
  183. }
  184. ctx->buf_len = 0;
  185. ctx->final_used = 0;
  186. ctx->block_mask = ctx->cipher->block_size - 1;
  187. return 1;
  188. }
  189. int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  190. const unsigned char *in, int inl)
  191. {
  192. if (ctx->encrypt)
  193. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  194. else
  195. return EVP_DecryptUpdate(ctx, out, outl, in, inl);
  196. }
  197. int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  198. {
  199. if (ctx->encrypt)
  200. return EVP_EncryptFinal_ex(ctx, out, outl);
  201. else
  202. return EVP_DecryptFinal_ex(ctx, out, outl);
  203. }
  204. int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  205. {
  206. if (ctx->encrypt)
  207. return EVP_EncryptFinal(ctx, out, outl);
  208. else
  209. return EVP_DecryptFinal(ctx, out, outl);
  210. }
  211. int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  212. const unsigned char *key, const unsigned char *iv)
  213. {
  214. return EVP_CipherInit(ctx, cipher, key, iv, 1);
  215. }
  216. int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  217. ENGINE *impl, const unsigned char *key,
  218. const unsigned char *iv)
  219. {
  220. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
  221. }
  222. int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  223. const unsigned char *key, const unsigned char *iv)
  224. {
  225. return EVP_CipherInit(ctx, cipher, key, iv, 0);
  226. }
  227. int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  228. ENGINE *impl, const unsigned char *key,
  229. const unsigned char *iv)
  230. {
  231. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
  232. }
  233. /*
  234. * According to the letter of standard difference between pointers
  235. * is specified to be valid only within same object. This makes
  236. * it formally challenging to determine if input and output buffers
  237. * are not partially overlapping with standard pointer arithmetic.
  238. */
  239. #ifdef PTRDIFF_T
  240. # undef PTRDIFF_T
  241. #endif
  242. #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
  243. /*
  244. * Then we have VMS that distinguishes itself by adhering to
  245. * sizeof(size_t)==4 even in 64-bit builds, which means that
  246. * difference between two pointers might be truncated to 32 bits.
  247. * In the context one can even wonder how comparison for
  248. * equality is implemented. To be on the safe side we adhere to
  249. * PTRDIFF_T even for comparison for equality.
  250. */
  251. # define PTRDIFF_T uint64_t
  252. #else
  253. # define PTRDIFF_T size_t
  254. #endif
  255. int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
  256. {
  257. PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
  258. /*
  259. * Check for partially overlapping buffers. [Binary logical
  260. * operations are used instead of boolean to minimize number
  261. * of conditional branches.]
  262. */
  263. int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
  264. (diff > (0 - (PTRDIFF_T)len)));
  265. return overlapped;
  266. }
  267. int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  268. const unsigned char *in, int inl)
  269. {
  270. int i, j, bl, cmpl = inl;
  271. if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
  272. cmpl = (cmpl + 7) / 8;
  273. bl = ctx->cipher->block_size;
  274. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  275. /* If block size > 1 then the cipher will have to do this check */
  276. if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
  277. EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  278. return 0;
  279. }
  280. i = ctx->cipher->do_cipher(ctx, out, in, inl);
  281. if (i < 0)
  282. return 0;
  283. else
  284. *outl = i;
  285. return 1;
  286. }
  287. if (inl <= 0) {
  288. *outl = 0;
  289. return inl == 0;
  290. }
  291. if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
  292. EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  293. return 0;
  294. }
  295. if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
  296. if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
  297. *outl = inl;
  298. return 1;
  299. } else {
  300. *outl = 0;
  301. return 0;
  302. }
  303. }
  304. i = ctx->buf_len;
  305. OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
  306. if (i != 0) {
  307. if (bl - i > inl) {
  308. memcpy(&(ctx->buf[i]), in, inl);
  309. ctx->buf_len += inl;
  310. *outl = 0;
  311. return 1;
  312. } else {
  313. j = bl - i;
  314. memcpy(&(ctx->buf[i]), in, j);
  315. inl -= j;
  316. in += j;
  317. if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
  318. return 0;
  319. out += bl;
  320. *outl = bl;
  321. }
  322. } else
  323. *outl = 0;
  324. i = inl & (bl - 1);
  325. inl -= i;
  326. if (inl > 0) {
  327. if (!ctx->cipher->do_cipher(ctx, out, in, inl))
  328. return 0;
  329. *outl += inl;
  330. }
  331. if (i != 0)
  332. memcpy(ctx->buf, &(in[inl]), i);
  333. ctx->buf_len = i;
  334. return 1;
  335. }
  336. int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  337. {
  338. int ret;
  339. ret = EVP_EncryptFinal_ex(ctx, out, outl);
  340. return ret;
  341. }
  342. int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  343. {
  344. int n, ret;
  345. unsigned int i, b, bl;
  346. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  347. ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
  348. if (ret < 0)
  349. return 0;
  350. else
  351. *outl = ret;
  352. return 1;
  353. }
  354. b = ctx->cipher->block_size;
  355. OPENSSL_assert(b <= sizeof ctx->buf);
  356. if (b == 1) {
  357. *outl = 0;
  358. return 1;
  359. }
  360. bl = ctx->buf_len;
  361. if (ctx->flags & EVP_CIPH_NO_PADDING) {
  362. if (bl) {
  363. EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
  364. EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  365. return 0;
  366. }
  367. *outl = 0;
  368. return 1;
  369. }
  370. n = b - bl;
  371. for (i = bl; i < b; i++)
  372. ctx->buf[i] = n;
  373. ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
  374. if (ret)
  375. *outl = b;
  376. return ret;
  377. }
  378. int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  379. const unsigned char *in, int inl)
  380. {
  381. int fix_len, cmpl = inl;
  382. unsigned int b;
  383. b = ctx->cipher->block_size;
  384. if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
  385. cmpl = (cmpl + 7) / 8;
  386. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  387. if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
  388. EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  389. return 0;
  390. }
  391. fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
  392. if (fix_len < 0) {
  393. *outl = 0;
  394. return 0;
  395. } else
  396. *outl = fix_len;
  397. return 1;
  398. }
  399. if (inl <= 0) {
  400. *outl = 0;
  401. return inl == 0;
  402. }
  403. if (ctx->flags & EVP_CIPH_NO_PADDING)
  404. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  405. OPENSSL_assert(b <= sizeof ctx->final);
  406. if (ctx->final_used) {
  407. /* see comment about PTRDIFF_T comparison above */
  408. if (((PTRDIFF_T)out == (PTRDIFF_T)in)
  409. || is_partially_overlapping(out, in, b)) {
  410. EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  411. return 0;
  412. }
  413. memcpy(out, ctx->final, b);
  414. out += b;
  415. fix_len = 1;
  416. } else
  417. fix_len = 0;
  418. if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
  419. return 0;
  420. /*
  421. * if we have 'decrypted' a multiple of block size, make sure we have a
  422. * copy of this last block
  423. */
  424. if (b > 1 && !ctx->buf_len) {
  425. *outl -= b;
  426. ctx->final_used = 1;
  427. memcpy(ctx->final, &out[*outl], b);
  428. } else
  429. ctx->final_used = 0;
  430. if (fix_len)
  431. *outl += b;
  432. return 1;
  433. }
  434. int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  435. {
  436. int ret;
  437. ret = EVP_DecryptFinal_ex(ctx, out, outl);
  438. return ret;
  439. }
  440. int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  441. {
  442. int i, n;
  443. unsigned int b;
  444. *outl = 0;
  445. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  446. i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
  447. if (i < 0)
  448. return 0;
  449. else
  450. *outl = i;
  451. return 1;
  452. }
  453. b = ctx->cipher->block_size;
  454. if (ctx->flags & EVP_CIPH_NO_PADDING) {
  455. if (ctx->buf_len) {
  456. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
  457. EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  458. return 0;
  459. }
  460. *outl = 0;
  461. return 1;
  462. }
  463. if (b > 1) {
  464. if (ctx->buf_len || !ctx->final_used) {
  465. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
  466. return (0);
  467. }
  468. OPENSSL_assert(b <= sizeof ctx->final);
  469. /*
  470. * The following assumes that the ciphertext has been authenticated.
  471. * Otherwise it provides a padding oracle.
  472. */
  473. n = ctx->final[b - 1];
  474. if (n == 0 || n > (int)b) {
  475. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
  476. return (0);
  477. }
  478. for (i = 0; i < n; i++) {
  479. if (ctx->final[--b] != n) {
  480. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
  481. return (0);
  482. }
  483. }
  484. n = ctx->cipher->block_size - n;
  485. for (i = 0; i < n; i++)
  486. out[i] = ctx->final[i];
  487. *outl = n;
  488. } else
  489. *outl = 0;
  490. return (1);
  491. }
  492. int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
  493. {
  494. if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
  495. return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
  496. if (c->key_len == keylen)
  497. return 1;
  498. if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
  499. c->key_len = keylen;
  500. return 1;
  501. }
  502. EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
  503. return 0;
  504. }
  505. int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
  506. {
  507. if (pad)
  508. ctx->flags &= ~EVP_CIPH_NO_PADDING;
  509. else
  510. ctx->flags |= EVP_CIPH_NO_PADDING;
  511. return 1;
  512. }
  513. int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
  514. {
  515. int ret;
  516. if (!ctx->cipher) {
  517. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
  518. return 0;
  519. }
  520. if (!ctx->cipher->ctrl) {
  521. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
  522. return 0;
  523. }
  524. ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
  525. if (ret == -1) {
  526. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
  527. EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
  528. return 0;
  529. }
  530. return ret;
  531. }
  532. int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
  533. {
  534. if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
  535. return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
  536. if (RAND_bytes(key, ctx->key_len) <= 0)
  537. return 0;
  538. return 1;
  539. }
  540. int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
  541. {
  542. if ((in == NULL) || (in->cipher == NULL)) {
  543. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
  544. return 0;
  545. }
  546. #ifndef OPENSSL_NO_ENGINE
  547. /* Make sure it's safe to copy a cipher context using an ENGINE */
  548. if (in->engine && !ENGINE_init(in->engine)) {
  549. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
  550. return 0;
  551. }
  552. #endif
  553. EVP_CIPHER_CTX_reset(out);
  554. memcpy(out, in, sizeof(*out));
  555. if (in->cipher_data && in->cipher->ctx_size) {
  556. out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
  557. if (out->cipher_data == NULL) {
  558. out->cipher = NULL;
  559. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
  560. return 0;
  561. }
  562. memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
  563. }
  564. if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
  565. if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
  566. out->cipher = NULL;
  567. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
  568. return 0;
  569. }
  570. return 1;
  571. }