2
0

evp_enc.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420
  1. /* crypto/evp/evp_enc.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/evp.h>
  61. #include <openssl/err.h>
  62. #include <openssl/rand.h>
  63. #ifndef OPENSSL_NO_ENGINE
  64. # include <openssl/engine.h>
  65. #endif
  66. #include "evp_locl.h"
  67. #ifdef OPENSSL_FIPS
  68. # define M_do_cipher(ctx, out, in, inl) \
  69. EVP_Cipher(ctx,out,in,inl)
  70. #else
  71. # define M_do_cipher(ctx, out, in, inl) \
  72. ctx->cipher->do_cipher(ctx,out,in,inl)
  73. #endif
  74. const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
  75. EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
  76. {
  77. EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
  78. if (ctx)
  79. EVP_CIPHER_CTX_init(ctx);
  80. return ctx;
  81. }
  82. int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  83. const unsigned char *key, const unsigned char *iv, int enc)
  84. {
  85. if (cipher)
  86. EVP_CIPHER_CTX_init(ctx);
  87. return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
  88. }
  89. int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  90. const unsigned char *in, int inl)
  91. {
  92. if (ctx->encrypt)
  93. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  94. else
  95. return EVP_DecryptUpdate(ctx, out, outl, in, inl);
  96. }
  97. int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  98. {
  99. if (ctx->encrypt)
  100. return EVP_EncryptFinal_ex(ctx, out, outl);
  101. else
  102. return EVP_DecryptFinal_ex(ctx, out, outl);
  103. }
  104. int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  105. {
  106. if (ctx->encrypt)
  107. return EVP_EncryptFinal(ctx, out, outl);
  108. else
  109. return EVP_DecryptFinal(ctx, out, outl);
  110. }
  111. int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  112. const unsigned char *key, const unsigned char *iv)
  113. {
  114. return EVP_CipherInit(ctx, cipher, key, iv, 1);
  115. }
  116. int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  117. ENGINE *impl, const unsigned char *key,
  118. const unsigned char *iv)
  119. {
  120. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
  121. }
  122. int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  123. const unsigned char *key, const unsigned char *iv)
  124. {
  125. return EVP_CipherInit(ctx, cipher, key, iv, 0);
  126. }
  127. int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  128. ENGINE *impl, const unsigned char *key,
  129. const unsigned char *iv)
  130. {
  131. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
  132. }
  133. int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  134. const unsigned char *in, int inl)
  135. {
  136. int i, j, bl;
  137. if (inl <= 0) {
  138. *outl = 0;
  139. return inl == 0;
  140. }
  141. if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
  142. if (M_do_cipher(ctx, out, in, inl)) {
  143. *outl = inl;
  144. return 1;
  145. } else {
  146. *outl = 0;
  147. return 0;
  148. }
  149. }
  150. i = ctx->buf_len;
  151. bl = ctx->cipher->block_size;
  152. OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
  153. if (i != 0) {
  154. if (i + inl < bl) {
  155. memcpy(&(ctx->buf[i]), in, inl);
  156. ctx->buf_len += inl;
  157. *outl = 0;
  158. return 1;
  159. } else {
  160. j = bl - i;
  161. memcpy(&(ctx->buf[i]), in, j);
  162. if (!M_do_cipher(ctx, out, ctx->buf, bl))
  163. return 0;
  164. inl -= j;
  165. in += j;
  166. out += bl;
  167. *outl = bl;
  168. }
  169. } else
  170. *outl = 0;
  171. i = inl & (bl - 1);
  172. inl -= i;
  173. if (inl > 0) {
  174. if (!M_do_cipher(ctx, out, in, inl))
  175. return 0;
  176. *outl += inl;
  177. }
  178. if (i != 0)
  179. memcpy(ctx->buf, &(in[inl]), i);
  180. ctx->buf_len = i;
  181. return 1;
  182. }
  183. int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  184. {
  185. int ret;
  186. ret = EVP_EncryptFinal_ex(ctx, out, outl);
  187. return ret;
  188. }
  189. int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  190. {
  191. int n, ret;
  192. unsigned int i, b, bl;
  193. b = ctx->cipher->block_size;
  194. OPENSSL_assert(b <= sizeof ctx->buf);
  195. if (b == 1) {
  196. *outl = 0;
  197. return 1;
  198. }
  199. bl = ctx->buf_len;
  200. if (ctx->flags & EVP_CIPH_NO_PADDING) {
  201. if (bl) {
  202. EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
  203. EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  204. return 0;
  205. }
  206. *outl = 0;
  207. return 1;
  208. }
  209. n = b - bl;
  210. for (i = bl; i < b; i++)
  211. ctx->buf[i] = n;
  212. ret = M_do_cipher(ctx, out, ctx->buf, b);
  213. if (ret)
  214. *outl = b;
  215. return ret;
  216. }
  217. int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  218. const unsigned char *in, int inl)
  219. {
  220. int fix_len;
  221. unsigned int b;
  222. if (inl <= 0) {
  223. *outl = 0;
  224. return inl == 0;
  225. }
  226. if (ctx->flags & EVP_CIPH_NO_PADDING)
  227. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  228. b = ctx->cipher->block_size;
  229. OPENSSL_assert(b <= sizeof ctx->final);
  230. if (ctx->final_used) {
  231. memcpy(out, ctx->final, b);
  232. out += b;
  233. fix_len = 1;
  234. } else
  235. fix_len = 0;
  236. if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
  237. return 0;
  238. /*
  239. * if we have 'decrypted' a multiple of block size, make sure we have a
  240. * copy of this last block
  241. */
  242. if (b > 1 && !ctx->buf_len) {
  243. *outl -= b;
  244. ctx->final_used = 1;
  245. memcpy(ctx->final, &out[*outl], b);
  246. } else
  247. ctx->final_used = 0;
  248. if (fix_len)
  249. *outl += b;
  250. return 1;
  251. }
  252. int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  253. {
  254. int ret;
  255. ret = EVP_DecryptFinal_ex(ctx, out, outl);
  256. return ret;
  257. }
  258. int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  259. {
  260. int i, n;
  261. unsigned int b;
  262. *outl = 0;
  263. b = ctx->cipher->block_size;
  264. if (ctx->flags & EVP_CIPH_NO_PADDING) {
  265. if (ctx->buf_len) {
  266. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
  267. EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  268. return 0;
  269. }
  270. *outl = 0;
  271. return 1;
  272. }
  273. if (b > 1) {
  274. if (ctx->buf_len || !ctx->final_used) {
  275. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
  276. return (0);
  277. }
  278. OPENSSL_assert(b <= sizeof ctx->final);
  279. n = ctx->final[b - 1];
  280. if (n == 0 || n > (int)b) {
  281. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
  282. return (0);
  283. }
  284. for (i = 0; i < n; i++) {
  285. if (ctx->final[--b] != n) {
  286. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
  287. return (0);
  288. }
  289. }
  290. n = ctx->cipher->block_size - n;
  291. for (i = 0; i < n; i++)
  292. out[i] = ctx->final[i];
  293. *outl = n;
  294. } else
  295. *outl = 0;
  296. return (1);
  297. }
  298. void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
  299. {
  300. if (ctx) {
  301. EVP_CIPHER_CTX_cleanup(ctx);
  302. OPENSSL_free(ctx);
  303. }
  304. }
  305. int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
  306. {
  307. if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
  308. return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
  309. if (c->key_len == keylen)
  310. return 1;
  311. if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
  312. c->key_len = keylen;
  313. return 1;
  314. }
  315. EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
  316. return 0;
  317. }
  318. int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
  319. {
  320. if (pad)
  321. ctx->flags &= ~EVP_CIPH_NO_PADDING;
  322. else
  323. ctx->flags |= EVP_CIPH_NO_PADDING;
  324. return 1;
  325. }
  326. int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
  327. {
  328. if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
  329. return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
  330. if (RAND_bytes(key, ctx->key_len) <= 0)
  331. return 0;
  332. return 1;
  333. }
  334. #ifndef OPENSSL_NO_ENGINE
  335. # ifdef OPENSSL_FIPS
  336. static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx,
  337. const EVP_CIPHER **pcipher, ENGINE *impl)
  338. {
  339. if (impl) {
  340. if (!ENGINE_init(impl)) {
  341. EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
  342. return 0;
  343. }
  344. } else
  345. /* Ask if an ENGINE is reserved for this job */
  346. impl = ENGINE_get_cipher_engine((*pcipher)->nid);
  347. if (impl) {
  348. /* There's an ENGINE for this job ... (apparently) */
  349. const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
  350. if (!c) {
  351. /*
  352. * One positive side-effect of US's export control history, is
  353. * that we should at least be able to avoid using US mispellings
  354. * of "initialisation"?
  355. */
  356. EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
  357. return 0;
  358. }
  359. /* We'll use the ENGINE's private cipher definition */
  360. *pcipher = c;
  361. /*
  362. * Store the ENGINE functional reference so we know 'cipher' came
  363. * from an ENGINE and we need to release it when done.
  364. */
  365. ctx->engine = impl;
  366. } else
  367. ctx->engine = NULL;
  368. return 1;
  369. }
  370. void int_EVP_CIPHER_init_engine_callbacks(void)
  371. {
  372. int_EVP_CIPHER_set_engine_callbacks(ENGINE_finish,
  373. do_evp_enc_engine_full);
  374. }
  375. # endif
  376. #endif