summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp/evp_enc.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp/evp_enc.c')
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c127
1 files changed, 49 insertions, 78 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index f549eeb437..a1904993bf 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -60,12 +60,13 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/err.h> 62#include <openssl/err.h>
63#include <openssl/rand.h>
63#ifndef OPENSSL_NO_ENGINE 64#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 65#include <openssl/engine.h>
65#endif 66#endif
66#include "evp_locl.h" 67#include "evp_locl.h"
67 68
68const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; 69const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
69 70
70void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 71void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
71 { 72 {
@@ -73,6 +74,13 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
73 /* ctx->cipher=NULL; */ 74 /* ctx->cipher=NULL; */
74 } 75 }
75 76
77EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
78 {
79 EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
80 if (ctx)
81 EVP_CIPHER_CTX_init(ctx);
82 return ctx;
83 }
76 84
77int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 85int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
78 const unsigned char *key, const unsigned char *iv, int enc) 86 const unsigned char *key, const unsigned char *iv, int enc)
@@ -82,48 +90,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 90 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83 } 91 }
84 92
85#ifdef OPENSSL_FIPS
86
87/* The purpose of these is to trap programs that attempt to use non FIPS
88 * algorithms in FIPS mode and ignore the errors.
89 */
90
91int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
92 const unsigned char *iv, int enc)
93 { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
94
95int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl)
97 { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
98
99/* NB: no cleanup because it is allowed after failed init */
100
101int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
102 { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
103int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
104 { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
105int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
106 { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
107
108static const EVP_CIPHER bad_cipher =
109 {
110 0,
111 0,
112 0,
113 0,
114 0,
115 bad_init,
116 bad_do_cipher,
117 NULL,
118 0,
119 bad_set_asn1,
120 bad_get_asn1,
121 bad_ctrl,
122 NULL
123 };
124
125#endif
126
127int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 93int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
128 const unsigned char *key, const unsigned char *iv, int enc) 94 const unsigned char *key, const unsigned char *iv, int enc)
129 { 95 {
@@ -158,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
158 { 124 {
159 if (!ENGINE_init(impl)) 125 if (!ENGINE_init(impl))
160 { 126 {
161 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 127 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
162 return 0; 128 return 0;
163 } 129 }
164 } 130 }
@@ -175,7 +141,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
175 * control history, is that we should at least 141 * control history, is that we should at least
176 * be able to avoid using US mispellings of 142 * be able to avoid using US mispellings of
177 * "initialisation"? */ 143 * "initialisation"? */
178 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 144 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
179 return 0; 145 return 0;
180 } 146 }
181 /* We'll use the ENGINE's private cipher definition */ 147 /* We'll use the ENGINE's private cipher definition */
@@ -188,13 +154,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
188 else 154 else
189 ctx->engine = NULL; 155 ctx->engine = NULL;
190#endif 156#endif
157
191 ctx->cipher=cipher; 158 ctx->cipher=cipher;
192 if (ctx->cipher->ctx_size) 159 if (ctx->cipher->ctx_size)
193 { 160 {
194 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); 161 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
195 if (!ctx->cipher_data) 162 if (!ctx->cipher_data)
196 { 163 {
197 EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE); 164 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
198 return 0; 165 return 0;
199 } 166 }
200 } 167 }
@@ -208,14 +175,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
208 { 175 {
209 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) 176 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
210 { 177 {
211 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); 178 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
212 return 0; 179 return 0;
213 } 180 }
214 } 181 }
215 } 182 }
216 else if(!ctx->cipher) 183 else if(!ctx->cipher)
217 { 184 {
218 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); 185 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
219 return 0; 186 return 0;
220 } 187 }
221#ifndef OPENSSL_NO_ENGINE 188#ifndef OPENSSL_NO_ENGINE
@@ -240,7 +207,8 @@ skip_to_init:
240 207
241 case EVP_CIPH_CBC_MODE: 208 case EVP_CIPH_CBC_MODE:
242 209
243 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); 210 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
211 (int)sizeof(ctx->iv));
244 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 212 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
245 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 213 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
246 break; 214 break;
@@ -251,24 +219,6 @@ skip_to_init:
251 } 219 }
252 } 220 }
253 221
254#ifdef OPENSSL_FIPS
255 /* After 'key' is set no further parameters changes are permissible.
256 * So only check for non FIPS enabling at this point.
257 */
258 if (key && FIPS_mode())
259 {
260 if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
261 & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
262 {
263 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
264 ERR_add_error_data(2, "cipher=",
265 EVP_CIPHER_name(ctx->cipher));
266 ctx->cipher = &bad_cipher;
267 return 0;
268 }
269 }
270#endif
271
272 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 222 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
273 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; 223 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
274 } 224 }
@@ -345,7 +295,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
345 } 295 }
346 i=ctx->buf_len; 296 i=ctx->buf_len;
347 bl=ctx->cipher->block_size; 297 bl=ctx->cipher->block_size;
348 OPENSSL_assert(bl <= sizeof ctx->buf); 298 OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
349 if (i != 0) 299 if (i != 0)
350 { 300 {
351 if (i+inl < bl) 301 if (i+inl < bl)
@@ -391,7 +341,8 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
391 341
392int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 342int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
393 { 343 {
394 int i,n,b,bl,ret; 344 int n,ret;
345 unsigned int i, b, bl;
395 346
396 b=ctx->cipher->block_size; 347 b=ctx->cipher->block_size;
397 OPENSSL_assert(b <= sizeof ctx->buf); 348 OPENSSL_assert(b <= sizeof ctx->buf);
@@ -405,7 +356,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
405 { 356 {
406 if(bl) 357 if(bl)
407 { 358 {
408 EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 359 EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
409 return 0; 360 return 0;
410 } 361 }
411 *outl = 0; 362 *outl = 0;
@@ -427,7 +378,8 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
427int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 378int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
428 const unsigned char *in, int inl) 379 const unsigned char *in, int inl)
429 { 380 {
430 int b, fix_len; 381 int fix_len;
382 unsigned int b;
431 383
432 if (inl == 0) 384 if (inl == 0)
433 { 385 {
@@ -480,8 +432,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
480 432
481int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) 433int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
482 { 434 {
483 int i,b; 435 int i,n;
484 int n; 436 unsigned int b;
485 437
486 *outl=0; 438 *outl=0;
487 b=ctx->cipher->block_size; 439 b=ctx->cipher->block_size;
@@ -489,7 +441,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
489 { 441 {
490 if(ctx->buf_len) 442 if(ctx->buf_len)
491 { 443 {
492 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 444 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
493 return 0; 445 return 0;
494 } 446 }
495 *outl = 0; 447 *outl = 0;
@@ -499,21 +451,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
499 { 451 {
500 if (ctx->buf_len || !ctx->final_used) 452 if (ctx->buf_len || !ctx->final_used)
501 { 453 {
502 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); 454 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
503 return(0); 455 return(0);
504 } 456 }
505 OPENSSL_assert(b <= sizeof ctx->final); 457 OPENSSL_assert(b <= sizeof ctx->final);
506 n=ctx->final[b-1]; 458 n=ctx->final[b-1];
507 if (n > b) 459 if (n == 0 || n > (int)b)
508 { 460 {
509 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 461 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
510 return(0); 462 return(0);
511 } 463 }
512 for (i=0; i<n; i++) 464 for (i=0; i<n; i++)
513 { 465 {
514 if (ctx->final[--b] != n) 466 if (ctx->final[--b] != n)
515 { 467 {
516 EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); 468 EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
517 return(0); 469 return(0);
518 } 470 }
519 } 471 }
@@ -527,6 +479,15 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
527 return(1); 479 return(1);
528 } 480 }
529 481
482void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
483 {
484 if (ctx)
485 {
486 EVP_CIPHER_CTX_cleanup(ctx);
487 OPENSSL_free(ctx);
488 }
489 }
490
530int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 491int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
531 { 492 {
532 if (c->cipher != NULL) 493 if (c->cipher != NULL)
@@ -590,3 +551,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
590 } 551 }
591 return ret; 552 return ret;
592} 553}
554
555int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
556 {
557 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
558 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
559 if (RAND_bytes(key, ctx->key_len) <= 0)
560 return 0;
561 return 1;
562 }
563
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:20:06 +0000