-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/evp/evp_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
-#include <assert.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#include <openssl/engine.h>
-#include "internal/evp_int.h"
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
#include "evp_locl.h"
-int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
-{
- if (c == NULL)
- return 1;
- if (c->cipher != NULL) {
- if (c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
- /* Cleanse cipher context data */
- if (c->cipher_data && c->cipher->ctx_size)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
- }
- OPENSSL_free(c->cipher_data);
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(c->engine);
+#ifdef OPENSSL_FIPS
+# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
+#else
+# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
#endif
- memset(c, 0, sizeof(*c));
- return 1;
-}
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
{
- return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+ memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+ /* ctx->cipher=NULL; */
}
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
- EVP_CIPHER_CTX_reset(ctx);
- OPENSSL_free(ctx);
+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+ if (ctx)
+ EVP_CIPHER_CTX_init(ctx);
+ return ctx;
}
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
- EVP_CIPHER_CTX_reset(ctx);
+ if (cipher)
+ EVP_CIPHER_CTX_init(ctx);
return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
}
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
* previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unnecessary.
+ * reinitialisation, when it may all be unecessary.
*/
- if (ctx->engine && ctx->cipher
- && (cipher == NULL || cipher->nid == ctx->cipher->nid))
+ if (ctx->engine && ctx->cipher && (!cipher ||
+ (cipher
+ && (cipher->nid ==
+ ctx->cipher->nid))))
goto skip_to_init;
#endif
if (cipher) {
*/
if (ctx->cipher) {
unsigned long flags = ctx->flags;
- EVP_CIPHER_CTX_reset(ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
/* Restore encrypt and flags */
ctx->encrypt = enc;
ctx->flags = flags;
/*
* One positive side-effect of US's export control history,
* is that we should at least be able to avoid using US
- * misspellings of "initialisation"?
+ * mispellings of "initialisation"?
*/
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
ctx->engine = NULL;
#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ const EVP_CIPHER *fcipher = NULL;
+ if (cipher)
+ fcipher = evp_get_fips_cipher(cipher);
+ if (fcipher)
+ cipher = fcipher;
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+ }
+#endif
ctx->cipher = cipher;
if (ctx->cipher->ctx_size) {
- ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
- if (ctx->cipher_data == NULL) {
- ctx->cipher = NULL;
+ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
+ if (!ctx->cipher_data) {
EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
return 0;
}
ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
- ctx->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
+#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
return 0;
}
- if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch (EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_STREAM_CIPHER:
default:
return 0;
+ break;
}
}
return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
}
-/*
- * According to the letter of standard difference between pointers
- * is specified to be valid only within same object. This makes
- * it formally challenging to determine if input and output buffers
- * are not partially overlapping with standard pointer arithmetic.
- */
-#ifdef PTRDIFF_T
-# undef PTRDIFF_T
-#endif
-#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
-/*
- * Then we have VMS that distinguishes itself by adhering to
- * sizeof(size_t)==4 even in 64-bit builds, which means that
- * difference between two pointers might be truncated to 32 bits.
- * In the context one can even wonder how comparison for
- * equality is implemented. To be on the safe side we adhere to
- * PTRDIFF_T even for comparison for equality.
- */
-# define PTRDIFF_T uint64_t
-#else
-# define PTRDIFF_T size_t
-#endif
-
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
-{
- PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
- /*
- * Check for partially overlapping buffers. [Binary logical
- * operations are used instead of boolean to minimize number
- * of conditional branches.]
- */
- int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
- (diff > (0 - (PTRDIFF_T)len)));
-
- return overlapped;
-}
-
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int i, j, bl, cmpl = inl;
-
- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
- cmpl = (cmpl + 7) / 8;
-
- bl = ctx->cipher->block_size;
+ int i, j, bl;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- /* If block size > 1 then the cipher will have to do this check */
- if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
- return 0;
- }
-
- i = ctx->cipher->do_cipher(ctx, out, in, inl);
+ i = M_do_cipher(ctx, out, in, inl);
if (i < 0)
return 0;
else
*outl = 0;
return inl == 0;
}
- if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
- return 0;
- }
if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
- if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
+ if (M_do_cipher(ctx, out, in, inl)) {
*outl = inl;
return 1;
} else {
}
}
i = ctx->buf_len;
+ bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
if (bl - i > inl) {
} else {
j = bl - i;
memcpy(&(ctx->buf[i]), in, j);
+ if (!M_do_cipher(ctx, out, ctx->buf, bl))
+ return 0;
inl -= j;
in += j;
- if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
- return 0;
out += bl;
*outl = bl;
}
i = inl & (bl - 1);
inl -= i;
if (inl > 0) {
- if (!ctx->cipher->do_cipher(ctx, out, in, inl))
+ if (!M_do_cipher(ctx, out, in, inl))
return 0;
*outl += inl;
}
unsigned int i, b, bl;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+ ret = M_do_cipher(ctx, out, NULL, 0);
if (ret < 0)
return 0;
else
n = b - bl;
for (i = bl; i < b; i++)
ctx->buf[i] = n;
- ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
+ ret = M_do_cipher(ctx, out, ctx->buf, b);
if (ret)
*outl = b;
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int fix_len, cmpl = inl;
+ int fix_len;
unsigned int b;
- b = ctx->cipher->block_size;
-
- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
- cmpl = (cmpl + 7) / 8;
-
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
- EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
- return 0;
- }
-
- fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
+ fix_len = M_do_cipher(ctx, out, in, inl);
if (fix_len < 0) {
*outl = 0;
return 0;
if (ctx->flags & EVP_CIPH_NO_PADDING)
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+ b = ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof ctx->final);
if (ctx->final_used) {
- /* see comment about PTRDIFF_T comparison above */
- if (((PTRDIFF_T)out == (PTRDIFF_T)in)
- || is_partially_overlapping(out, in, b)) {
- EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
- return 0;
- }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
*outl = 0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
- i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+ i = M_do_cipher(ctx, out, NULL, 0);
if (i < 0)
return 0;
else
return (1);
}
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ EVP_CIPHER_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+{
+#ifndef OPENSSL_FIPS
+ if (c->cipher != NULL) {
+ if (c->cipher->cleanup && !c->cipher->cleanup(c))
+ return 0;
+ /* Cleanse cipher context data */
+ if (c->cipher_data)
+ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+ }
+ if (c->cipher_data)
+ OPENSSL_free(c->cipher_data);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ if (c->engine)
+ /*
+ * The EVP_CIPHER we used belongs to an ENGINE, release the
+ * functional reference we held for this reason.
+ */
+ ENGINE_finish(c->engine);
+#endif
+#ifdef OPENSSL_FIPS
+ FIPS_cipher_ctx_cleanup(c);
+#endif
+ memset(c, 0, sizeof(EVP_CIPHER_CTX));
+ return 1;
+}
+
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{
if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
}
#endif
- EVP_CIPHER_CTX_reset(out);
- memcpy(out, in, sizeof(*out));
+ EVP_CIPHER_CTX_cleanup(out);
+ memcpy(out, in, sizeof *out);
if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
- if (out->cipher_data == NULL) {
- out->cipher = NULL;
+ if (!out->cipher_data) {
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
return 0;
}
}
if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
- if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
- out->cipher = NULL;
- EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
+ return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
return 1;
}