evp_enc.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <assert.h>
  11. #include "internal/cryptlib.h"
  12. #include <openssl/evp.h>
  13. #include <openssl/err.h>
  14. #include <openssl/rand.h>
  15. #include <openssl/rand_drbg.h>
  16. #include <openssl/engine.h>
  17. #include "internal/evp_int.h"
  18. #include "evp_locl.h"
  19. int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
  20. {
  21. if (c == NULL)
  22. return 1;
  23. if (c->cipher != NULL) {
  24. if (c->cipher->cleanup && !c->cipher->cleanup(c))
  25. return 0;
  26. /* Cleanse cipher context data */
  27. if (c->cipher_data && c->cipher->ctx_size)
  28. OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
  29. }
  30. OPENSSL_free(c->cipher_data);
  31. #ifndef OPENSSL_NO_ENGINE
  32. ENGINE_finish(c->engine);
  33. #endif
  34. memset(c, 0, sizeof(*c));
  35. return 1;
  36. }
  37. EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
  38. {
  39. return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
  40. }
  41. void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
  42. {
  43. EVP_CIPHER_CTX_reset(ctx);
  44. OPENSSL_free(ctx);
  45. }
  46. int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  47. const unsigned char *key, const unsigned char *iv, int enc)
  48. {
  49. if (cipher != NULL)
  50. EVP_CIPHER_CTX_reset(ctx);
  51. return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
  52. }
  53. int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  54. ENGINE *impl, const unsigned char *key,
  55. const unsigned char *iv, int enc)
  56. {
  57. if (enc == -1)
  58. enc = ctx->encrypt;
  59. else {
  60. if (enc)
  61. enc = 1;
  62. ctx->encrypt = enc;
  63. }
  64. #ifndef OPENSSL_NO_ENGINE
  65. /*
  66. * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
  67. * this context may already have an ENGINE! Try to avoid releasing the
  68. * previous handle, re-querying for an ENGINE, and having a
  69. * reinitialisation, when it may all be unnecessary.
  70. */
  71. if (ctx->engine && ctx->cipher
  72. && (cipher == NULL || cipher->nid == ctx->cipher->nid))
  73. goto skip_to_init;
  74. #endif
  75. if (cipher) {
  76. /*
  77. * Ensure a context left lying around from last time is cleared (the
  78. * previous check attempted to avoid this if the same ENGINE and
  79. * EVP_CIPHER could be used).
  80. */
  81. if (ctx->cipher) {
  82. unsigned long flags = ctx->flags;
  83. EVP_CIPHER_CTX_reset(ctx);
  84. /* Restore encrypt and flags */
  85. ctx->encrypt = enc;
  86. ctx->flags = flags;
  87. }
  88. #ifndef OPENSSL_NO_ENGINE
  89. if (impl) {
  90. if (!ENGINE_init(impl)) {
  91. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  92. return 0;
  93. }
  94. } else
  95. /* Ask if an ENGINE is reserved for this job */
  96. impl = ENGINE_get_cipher_engine(cipher->nid);
  97. if (impl) {
  98. /* There's an ENGINE for this job ... (apparently) */
  99. const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
  100. if (!c) {
  101. /*
  102. * One positive side-effect of US's export control history,
  103. * is that we should at least be able to avoid using US
  104. * misspellings of "initialisation"?
  105. */
  106. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  107. return 0;
  108. }
  109. /* We'll use the ENGINE's private cipher definition */
  110. cipher = c;
  111. /*
  112. * Store the ENGINE functional reference so we know 'cipher' came
  113. * from an ENGINE and we need to release it when done.
  114. */
  115. ctx->engine = impl;
  116. } else
  117. ctx->engine = NULL;
  118. #endif
  119. ctx->cipher = cipher;
  120. if (ctx->cipher->ctx_size) {
  121. ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
  122. if (ctx->cipher_data == NULL) {
  123. ctx->cipher = NULL;
  124. EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
  125. return 0;
  126. }
  127. } else {
  128. ctx->cipher_data = NULL;
  129. }
  130. ctx->key_len = cipher->key_len;
  131. /* Preserve wrap enable flag, zero everything else */
  132. ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
  133. if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
  134. if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
  135. ctx->cipher = NULL;
  136. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
  137. return 0;
  138. }
  139. }
  140. } else if (!ctx->cipher) {
  141. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
  142. return 0;
  143. }
  144. #ifndef OPENSSL_NO_ENGINE
  145. skip_to_init:
  146. #endif
  147. /* we assume block size is a power of 2 in *cryptUpdate */
  148. OPENSSL_assert(ctx->cipher->block_size == 1
  149. || ctx->cipher->block_size == 8
  150. || ctx->cipher->block_size == 16);
  151. if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
  152. && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
  153. EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
  154. return 0;
  155. }
  156. if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
  157. switch (EVP_CIPHER_CTX_mode(ctx)) {
  158. case EVP_CIPH_STREAM_CIPHER:
  159. case EVP_CIPH_ECB_MODE:
  160. break;
  161. case EVP_CIPH_CFB_MODE:
  162. case EVP_CIPH_OFB_MODE:
  163. ctx->num = 0;
  164. /* fall-through */
  165. case EVP_CIPH_CBC_MODE:
  166. OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
  167. (int)sizeof(ctx->iv));
  168. if (iv)
  169. memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
  170. memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
  171. break;
  172. case EVP_CIPH_CTR_MODE:
  173. ctx->num = 0;
  174. /* Don't reuse IV for CTR mode */
  175. if (iv)
  176. memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
  177. break;
  178. default:
  179. return 0;
  180. }
  181. }
  182. if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
  183. if (!ctx->cipher->init(ctx, key, iv, enc))
  184. return 0;
  185. }
  186. ctx->buf_len = 0;
  187. ctx->final_used = 0;
  188. ctx->block_mask = ctx->cipher->block_size - 1;
  189. return 1;
  190. }
  191. int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  192. const unsigned char *in, int inl)
  193. {
  194. if (ctx->encrypt)
  195. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  196. else
  197. return EVP_DecryptUpdate(ctx, out, outl, in, inl);
  198. }
  199. int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  200. {
  201. if (ctx->encrypt)
  202. return EVP_EncryptFinal_ex(ctx, out, outl);
  203. else
  204. return EVP_DecryptFinal_ex(ctx, out, outl);
  205. }
  206. int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  207. {
  208. if (ctx->encrypt)
  209. return EVP_EncryptFinal(ctx, out, outl);
  210. else
  211. return EVP_DecryptFinal(ctx, out, outl);
  212. }
  213. int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  214. const unsigned char *key, const unsigned char *iv)
  215. {
  216. return EVP_CipherInit(ctx, cipher, key, iv, 1);
  217. }
  218. int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  219. ENGINE *impl, const unsigned char *key,
  220. const unsigned char *iv)
  221. {
  222. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
  223. }
  224. int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  225. const unsigned char *key, const unsigned char *iv)
  226. {
  227. return EVP_CipherInit(ctx, cipher, key, iv, 0);
  228. }
  229. int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  230. ENGINE *impl, const unsigned char *key,
  231. const unsigned char *iv)
  232. {
  233. return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
  234. }
  235. /*
  236. * According to the letter of standard difference between pointers
  237. * is specified to be valid only within same object. This makes
  238. * it formally challenging to determine if input and output buffers
  239. * are not partially overlapping with standard pointer arithmetic.
  240. */
  241. #ifdef PTRDIFF_T
  242. # undef PTRDIFF_T
  243. #endif
  244. #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
  245. /*
  246. * Then we have VMS that distinguishes itself by adhering to
  247. * sizeof(size_t)==4 even in 64-bit builds, which means that
  248. * difference between two pointers might be truncated to 32 bits.
  249. * In the context one can even wonder how comparison for
  250. * equality is implemented. To be on the safe side we adhere to
  251. * PTRDIFF_T even for comparison for equality.
  252. */
  253. # define PTRDIFF_T uint64_t
  254. #else
  255. # define PTRDIFF_T size_t
  256. #endif
  257. int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
  258. {
  259. PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
  260. /*
  261. * Check for partially overlapping buffers. [Binary logical
  262. * operations are used instead of boolean to minimize number
  263. * of conditional branches.]
  264. */
  265. int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
  266. (diff > (0 - (PTRDIFF_T)len)));
  267. return overlapped;
  268. }
  269. int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  270. const unsigned char *in, int inl)
  271. {
  272. int i, j, bl, cmpl = inl;
  273. if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
  274. cmpl = (cmpl + 7) / 8;
  275. bl = ctx->cipher->block_size;
  276. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  277. /* If block size > 1 then the cipher will have to do this check */
  278. if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
  279. EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  280. return 0;
  281. }
  282. i = ctx->cipher->do_cipher(ctx, out, in, inl);
  283. if (i < 0)
  284. return 0;
  285. else
  286. *outl = i;
  287. return 1;
  288. }
  289. if (inl <= 0) {
  290. *outl = 0;
  291. return inl == 0;
  292. }
  293. if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
  294. EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  295. return 0;
  296. }
  297. if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
  298. if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
  299. *outl = inl;
  300. return 1;
  301. } else {
  302. *outl = 0;
  303. return 0;
  304. }
  305. }
  306. i = ctx->buf_len;
  307. OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
  308. if (i != 0) {
  309. if (bl - i > inl) {
  310. memcpy(&(ctx->buf[i]), in, inl);
  311. ctx->buf_len += inl;
  312. *outl = 0;
  313. return 1;
  314. } else {
  315. j = bl - i;
  316. memcpy(&(ctx->buf[i]), in, j);
  317. inl -= j;
  318. in += j;
  319. if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
  320. return 0;
  321. out += bl;
  322. *outl = bl;
  323. }
  324. } else
  325. *outl = 0;
  326. i = inl & (bl - 1);
  327. inl -= i;
  328. if (inl > 0) {
  329. if (!ctx->cipher->do_cipher(ctx, out, in, inl))
  330. return 0;
  331. *outl += inl;
  332. }
  333. if (i != 0)
  334. memcpy(ctx->buf, &(in[inl]), i);
  335. ctx->buf_len = i;
  336. return 1;
  337. }
  338. int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  339. {
  340. int ret;
  341. ret = EVP_EncryptFinal_ex(ctx, out, outl);
  342. return ret;
  343. }
  344. int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  345. {
  346. int n, ret;
  347. unsigned int i, b, bl;
  348. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  349. ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
  350. if (ret < 0)
  351. return 0;
  352. else
  353. *outl = ret;
  354. return 1;
  355. }
  356. b = ctx->cipher->block_size;
  357. OPENSSL_assert(b <= sizeof(ctx->buf));
  358. if (b == 1) {
  359. *outl = 0;
  360. return 1;
  361. }
  362. bl = ctx->buf_len;
  363. if (ctx->flags & EVP_CIPH_NO_PADDING) {
  364. if (bl) {
  365. EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
  366. EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  367. return 0;
  368. }
  369. *outl = 0;
  370. return 1;
  371. }
  372. n = b - bl;
  373. for (i = bl; i < b; i++)
  374. ctx->buf[i] = n;
  375. ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
  376. if (ret)
  377. *outl = b;
  378. return ret;
  379. }
  380. int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
  381. const unsigned char *in, int inl)
  382. {
  383. int fix_len, cmpl = inl;
  384. unsigned int b;
  385. b = ctx->cipher->block_size;
  386. if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
  387. cmpl = (cmpl + 7) / 8;
  388. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  389. if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
  390. EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  391. return 0;
  392. }
  393. fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
  394. if (fix_len < 0) {
  395. *outl = 0;
  396. return 0;
  397. } else
  398. *outl = fix_len;
  399. return 1;
  400. }
  401. if (inl <= 0) {
  402. *outl = 0;
  403. return inl == 0;
  404. }
  405. if (ctx->flags & EVP_CIPH_NO_PADDING)
  406. return EVP_EncryptUpdate(ctx, out, outl, in, inl);
  407. OPENSSL_assert(b <= sizeof(ctx->final));
  408. if (ctx->final_used) {
  409. /* see comment about PTRDIFF_T comparison above */
  410. if (((PTRDIFF_T)out == (PTRDIFF_T)in)
  411. || is_partially_overlapping(out, in, b)) {
  412. EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
  413. return 0;
  414. }
  415. memcpy(out, ctx->final, b);
  416. out += b;
  417. fix_len = 1;
  418. } else
  419. fix_len = 0;
  420. if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
  421. return 0;
  422. /*
  423. * if we have 'decrypted' a multiple of block size, make sure we have a
  424. * copy of this last block
  425. */
  426. if (b > 1 && !ctx->buf_len) {
  427. *outl -= b;
  428. ctx->final_used = 1;
  429. memcpy(ctx->final, &out[*outl], b);
  430. } else
  431. ctx->final_used = 0;
  432. if (fix_len)
  433. *outl += b;
  434. return 1;
  435. }
  436. int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  437. {
  438. int ret;
  439. ret = EVP_DecryptFinal_ex(ctx, out, outl);
  440. return ret;
  441. }
  442. int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  443. {
  444. int i, n;
  445. unsigned int b;
  446. *outl = 0;
  447. if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
  448. i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
  449. if (i < 0)
  450. return 0;
  451. else
  452. *outl = i;
  453. return 1;
  454. }
  455. b = ctx->cipher->block_size;
  456. if (ctx->flags & EVP_CIPH_NO_PADDING) {
  457. if (ctx->buf_len) {
  458. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
  459. EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
  460. return 0;
  461. }
  462. *outl = 0;
  463. return 1;
  464. }
  465. if (b > 1) {
  466. if (ctx->buf_len || !ctx->final_used) {
  467. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
  468. return 0;
  469. }
  470. OPENSSL_assert(b <= sizeof(ctx->final));
  471. /*
  472. * The following assumes that the ciphertext has been authenticated.
  473. * Otherwise it provides a padding oracle.
  474. */
  475. n = ctx->final[b - 1];
  476. if (n == 0 || n > (int)b) {
  477. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
  478. return 0;
  479. }
  480. for (i = 0; i < n; i++) {
  481. if (ctx->final[--b] != n) {
  482. EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
  483. return 0;
  484. }
  485. }
  486. n = ctx->cipher->block_size - n;
  487. for (i = 0; i < n; i++)
  488. out[i] = ctx->final[i];
  489. *outl = n;
  490. } else
  491. *outl = 0;
  492. return 1;
  493. }
  494. int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
  495. {
  496. if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
  497. return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
  498. if (c->key_len == keylen)
  499. return 1;
  500. if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
  501. c->key_len = keylen;
  502. return 1;
  503. }
  504. EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
  505. return 0;
  506. }
  507. int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
  508. {
  509. if (pad)
  510. ctx->flags &= ~EVP_CIPH_NO_PADDING;
  511. else
  512. ctx->flags |= EVP_CIPH_NO_PADDING;
  513. return 1;
  514. }
  515. int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
  516. {
  517. int ret;
  518. if (!ctx->cipher) {
  519. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
  520. return 0;
  521. }
  522. if (!ctx->cipher->ctrl) {
  523. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
  524. return 0;
  525. }
  526. ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
  527. if (ret == -1) {
  528. EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
  529. EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
  530. return 0;
  531. }
  532. return ret;
  533. }
  534. int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
  535. {
  536. if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
  537. return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
  538. if (RAND_priv_bytes(key, ctx->key_len) <= 0)
  539. return 0;
  540. return 1;
  541. }
  542. int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
  543. {
  544. if ((in == NULL) || (in->cipher == NULL)) {
  545. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
  546. return 0;
  547. }
  548. #ifndef OPENSSL_NO_ENGINE
  549. /* Make sure it's safe to copy a cipher context using an ENGINE */
  550. if (in->engine && !ENGINE_init(in->engine)) {
  551. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
  552. return 0;
  553. }
  554. #endif
  555. EVP_CIPHER_CTX_reset(out);
  556. memcpy(out, in, sizeof(*out));
  557. if (in->cipher_data && in->cipher->ctx_size) {
  558. out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
  559. if (out->cipher_data == NULL) {
  560. out->cipher = NULL;
  561. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
  562. return 0;
  563. }
  564. memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
  565. }
  566. if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
  567. if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
  568. out->cipher = NULL;
  569. EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
  570. return 0;
  571. }
  572. return 1;
  573. }