Coverage Report

Created: 2024-11-21 07:03

/src/openssl/crypto/evp/evp_enc.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
/* We need to use some engine deprecated APIs */
11
#define OPENSSL_SUPPRESS_DEPRECATED
12
13
#include <stdio.h>
14
#include <limits.h>
15
#include <assert.h>
16
#include <openssl/evp.h>
17
#include <openssl/err.h>
18
#include <openssl/rand.h>
19
#ifndef FIPS_MODULE
20
# include <openssl/engine.h>
21
#endif
22
#include <openssl/params.h>
23
#include <openssl/core_names.h>
24
#include "internal/cryptlib.h"
25
#include "internal/provider.h"
26
#include "internal/core.h"
27
#include "internal/safe_math.h"
28
#include "crypto/evp.h"
29
#include "evp_local.h"
30
31
OSSL_SAFE_MATH_SIGNED(int, int)
32
33
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
34
417k
{
35
417k
    if (ctx == NULL)
36
0
        return 1;
37
38
417k
    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
39
279k
        goto legacy;
40
41
137k
    if (ctx->algctx != NULL) {
42
137k
        if (ctx->cipher->freectx != NULL)
43
137k
            ctx->cipher->freectx(ctx->algctx);
44
137k
        ctx->algctx = NULL;
45
137k
    }
46
137k
    if (ctx->fetched_cipher != NULL)
47
137k
        EVP_CIPHER_free(ctx->fetched_cipher);
48
137k
    memset(ctx, 0, sizeof(*ctx));
49
137k
    ctx->iv_len = -1;
50
51
137k
    return 1;
52
53
    /* Remove legacy code below when legacy support is removed. */
54
279k
 legacy:
55
56
279k
    if (ctx->cipher != NULL) {
57
0
        if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx))
58
0
            return 0;
59
        /* Cleanse cipher context data */
60
0
        if (ctx->cipher_data && ctx->cipher->ctx_size)
61
0
            OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
62
0
    }
63
279k
    OPENSSL_free(ctx->cipher_data);
64
279k
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
65
279k
    ENGINE_finish(ctx->engine);
66
279k
#endif
67
279k
    memset(ctx, 0, sizeof(*ctx));
68
279k
    ctx->iv_len = -1;
69
279k
    return 1;
70
279k
}
71
72
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
73
149k
{
74
149k
    EVP_CIPHER_CTX *ctx;
75
76
149k
    ctx = OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
77
149k
    if (ctx == NULL)
78
0
        return NULL;
79
80
149k
    ctx->iv_len = -1;
81
149k
    return ctx;
82
149k
}
83
84
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
85
149k
{
86
149k
    if (ctx == NULL)
87
0
        return;
88
149k
    EVP_CIPHER_CTX_reset(ctx);
89
149k
    OPENSSL_free(ctx);
90
149k
}
91
92
static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
93
                                    const EVP_CIPHER *cipher,
94
                                    ENGINE *impl, const unsigned char *key,
95
                                    const unsigned char *iv, int enc,
96
                                    const OSSL_PARAM params[])
97
393k
{
98
393k
    int n;
99
393k
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
100
393k
    ENGINE *tmpimpl = NULL;
101
393k
#endif
102
103
    /*
104
     * enc == 1 means we are encrypting.
105
     * enc == 0 means we are decrypting.
106
     * enc == -1 means, use the previously initialised value for encrypt/decrypt
107
     */
108
393k
    if (enc == -1) {
109
377k
        enc = ctx->encrypt;
110
377k
    } else {
111
15.4k
        if (enc)
112
14.8k
            enc = 1;
113
15.4k
        ctx->encrypt = enc;
114
15.4k
    }
115
116
393k
    if (cipher == NULL && ctx->cipher == NULL) {
117
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
118
0
        return 0;
119
0
    }
120
121
    /* Code below to be removed when legacy support is dropped. */
122
123
393k
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
124
    /*
125
     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
126
     * this context may already have an ENGINE! Try to avoid releasing the
127
     * previous handle, re-querying for an ENGINE, and having a
128
     * reinitialisation, when it may all be unnecessary.
129
     */
130
393k
    if (ctx->engine && ctx->cipher
131
393k
        && (cipher == NULL || cipher->nid == ctx->cipher->nid))
132
0
        goto skip_to_init;
133
134
393k
    if (cipher != NULL && impl == NULL) {
135
         /* Ask if an ENGINE is reserved for this job */
136
7.94k
        tmpimpl = ENGINE_get_cipher_engine(cipher->nid);
137
7.94k
    }
138
393k
#endif
139
140
    /*
141
     * If there are engines involved then we should use legacy handling for now.
142
     */
143
393k
    if (ctx->engine != NULL
144
393k
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
145
393k
            || tmpimpl != NULL
146
393k
#endif
147
393k
            || impl != NULL
148
393k
            || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
149
393k
            || (cipher == NULL && ctx->cipher != NULL
150
393k
                               && ctx->cipher->origin == EVP_ORIG_METH)) {
151
0
        if (ctx->cipher == ctx->fetched_cipher)
152
0
            ctx->cipher = NULL;
153
0
        EVP_CIPHER_free(ctx->fetched_cipher);
154
0
        ctx->fetched_cipher = NULL;
155
0
        goto legacy;
156
0
    }
157
    /*
158
     * Ensure a context left lying around from last time is cleared
159
     * (legacy code)
160
     */
161
393k
    if (cipher != NULL && ctx->cipher != NULL) {
162
0
        if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx))
163
0
            return 0;
164
0
        OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size);
165
0
        ctx->cipher_data = NULL;
166
0
    }
167
168
    /* Start of non-legacy code below */
169
170
    /* Ensure a context left lying around from last time is cleared */
171
393k
    if (cipher != NULL && ctx->cipher != NULL) {
172
0
        unsigned long flags = ctx->flags;
173
174
0
        EVP_CIPHER_CTX_reset(ctx);
175
        /* Restore encrypt and flags */
176
0
        ctx->encrypt = enc;
177
0
        ctx->flags = flags;
178
0
    }
179
180
393k
    if (cipher == NULL)
181
385k
        cipher = ctx->cipher;
182
183
393k
    if (cipher->prov == NULL) {
184
#ifdef FIPS_MODULE
185
        /* We only do explicit fetches inside the FIPS module */
186
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
187
        return 0;
188
#else
189
7.92k
        EVP_CIPHER *provciph =
190
7.92k
            EVP_CIPHER_fetch(NULL,
191
7.92k
                             cipher->nid == NID_undef ? "NULL"
192
7.92k
                                                      : OBJ_nid2sn(cipher->nid),
193
7.92k
                             "");
194
195
7.92k
        if (provciph == NULL)
196
1.48k
            return 0;
197
6.44k
        cipher = provciph;
198
6.44k
        EVP_CIPHER_free(ctx->fetched_cipher);
199
6.44k
        ctx->fetched_cipher = provciph;
200
6.44k
#endif
201
6.44k
    }
202
203
391k
    if (!ossl_assert(cipher->prov != NULL)) {
204
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
205
0
        return 0;
206
0
    }
207
208
391k
    if (cipher != ctx->fetched_cipher) {
209
12
        if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
210
0
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
211
0
            return 0;
212
0
        }
213
12
        EVP_CIPHER_free(ctx->fetched_cipher);
214
        /* Coverity false positive, the reference counting is confusing it */
215
        /* coverity[use_after_free] */
216
12
        ctx->fetched_cipher = (EVP_CIPHER *)cipher;
217
12
    }
218
391k
    ctx->cipher = cipher;
219
391k
    if (ctx->algctx == NULL) {
220
6.46k
        ctx->algctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
221
6.46k
        if (ctx->algctx == NULL) {
222
0
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
223
0
            return 0;
224
0
        }
225
6.46k
    }
226
227
391k
    if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
228
        /*
229
         * If this ctx was already set up for no padding then we need to tell
230
         * the new cipher about it.
231
         */
232
0
        if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
233
0
            return 0;
234
0
    }
235
236
391k
#ifndef FIPS_MODULE
237
    /*
238
     * Fix for CVE-2023-5363
239
     * Passing in a size as part of the init call takes effect late
240
     * so, force such to occur before the initialisation.
241
     *
242
     * The FIPS provider's internal library context is used in a manner
243
     * such that this is not an issue.
244
     */
245
391k
    if (params != NULL) {
246
0
        OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
247
0
                                     OSSL_PARAM_END };
248
0
        OSSL_PARAM *q = param_lens;
249
0
        const OSSL_PARAM *p;
250
251
0
        p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); 
252
0
        if (p != NULL)
253
0
            memcpy(q++, p, sizeof(*q));
254
255
        /*
256
         * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synonym for
257
         * OSSL_CIPHER_PARAM_IVLEN so both are covered here.
258
         */
259
0
        p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
260
0
        if (p != NULL)
261
0
            memcpy(q++, p, sizeof(*q));
262
263
0
        if (q != param_lens) {
264
0
            if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
265
0
                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
266
0
                return 0;
267
0
            }
268
0
        }
269
0
    }
270
391k
#endif
271
272
391k
    if (enc) {
273
391k
        if (ctx->cipher->einit == NULL) {
274
0
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
275
0
            return 0;
276
0
        }
277
278
391k
        return ctx->cipher->einit(ctx->algctx,
279
391k
                                  key,
280
391k
                                  key == NULL ? 0
281
391k
                                              : EVP_CIPHER_CTX_get_key_length(ctx),
282
391k
                                  iv,
283
391k
                                  iv == NULL ? 0
284
391k
                                             : EVP_CIPHER_CTX_get_iv_length(ctx),
285
391k
                                  params);
286
391k
    }
287
288
551
    if (ctx->cipher->dinit == NULL) {
289
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
290
0
        return 0;
291
0
    }
292
293
551
    return ctx->cipher->dinit(ctx->algctx,
294
551
                              key,
295
551
                              key == NULL ? 0
296
551
                                          : EVP_CIPHER_CTX_get_key_length(ctx),
297
551
                              iv,
298
551
                              iv == NULL ? 0
299
551
                                         : EVP_CIPHER_CTX_get_iv_length(ctx),
300
551
                                  params);
301
302
    /* Code below to be removed when legacy support is dropped. */
303
0
 legacy:
304
305
0
    if (cipher != NULL) {
306
        /*
307
         * Ensure a context left lying around from last time is cleared (we
308
         * previously attempted to avoid this if the same ENGINE and
309
         * EVP_CIPHER could be used).
310
         */
311
0
        if (ctx->cipher) {
312
0
            unsigned long flags = ctx->flags;
313
0
            EVP_CIPHER_CTX_reset(ctx);
314
            /* Restore encrypt and flags */
315
0
            ctx->encrypt = enc;
316
0
            ctx->flags = flags;
317
0
        }
318
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
319
0
        if (impl != NULL) {
320
0
            if (!ENGINE_init(impl)) {
321
0
                ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
322
0
                return 0;
323
0
            }
324
0
        } else {
325
0
            impl = tmpimpl;
326
0
        }
327
0
        if (impl != NULL) {
328
            /* There's an ENGINE for this job ... (apparently) */
329
0
            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
330
331
0
            if (c == NULL) {
332
                /*
333
                 * One positive side-effect of US's export control history,
334
                 * is that we should at least be able to avoid using US
335
                 * misspellings of "initialisation"?
336
                 */
337
0
                ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
338
0
                return 0;
339
0
            }
340
            /* We'll use the ENGINE's private cipher definition */
341
0
            cipher = c;
342
            /*
343
             * Store the ENGINE functional reference so we know 'cipher' came
344
             * from an ENGINE and we need to release it when done.
345
             */
346
0
            ctx->engine = impl;
347
0
        } else {
348
0
            ctx->engine = NULL;
349
0
        }
350
0
#endif
351
352
0
        ctx->cipher = cipher;
353
0
        if (ctx->cipher->ctx_size) {
354
0
            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
355
0
            if (ctx->cipher_data == NULL) {
356
0
                ctx->cipher = NULL;
357
0
                return 0;
358
0
            }
359
0
        } else {
360
0
            ctx->cipher_data = NULL;
361
0
        }
362
0
        ctx->key_len = cipher->key_len;
363
        /* Preserve wrap enable flag, zero everything else */
364
0
        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
365
0
        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
366
0
            if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
367
0
                ctx->cipher = NULL;
368
0
                ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
369
0
                return 0;
370
0
            }
371
0
        }
372
0
    }
373
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
374
0
 skip_to_init:
375
0
#endif
376
0
    if (ctx->cipher == NULL)
377
0
        return 0;
378
379
    /* we assume block size is a power of 2 in *cryptUpdate */
380
0
    OPENSSL_assert(ctx->cipher->block_size == 1
381
0
                   || ctx->cipher->block_size == 8
382
0
                   || ctx->cipher->block_size == 16);
383
384
0
    if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
385
0
        && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) {
386
0
        ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED);
387
0
        return 0;
388
0
    }
389
390
0
    if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
391
0
                & EVP_CIPH_CUSTOM_IV) == 0) {
392
0
        switch (EVP_CIPHER_CTX_get_mode(ctx)) {
393
394
0
        case EVP_CIPH_STREAM_CIPHER:
395
0
        case EVP_CIPH_ECB_MODE:
396
0
            break;
397
398
0
        case EVP_CIPH_CFB_MODE:
399
0
        case EVP_CIPH_OFB_MODE:
400
401
0
            ctx->num = 0;
402
            /* fall-through */
403
404
0
        case EVP_CIPH_CBC_MODE:
405
0
            n = EVP_CIPHER_CTX_get_iv_length(ctx);
406
0
            if (n < 0 || n > (int)sizeof(ctx->iv)) {
407
0
                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
408
0
                return 0;
409
0
            }
410
0
            if (iv != NULL)
411
0
                memcpy(ctx->oiv, iv, n);
412
0
            memcpy(ctx->iv, ctx->oiv, n);
413
0
            break;
414
415
0
        case EVP_CIPH_CTR_MODE:
416
0
            ctx->num = 0;
417
            /* Don't reuse IV for CTR mode */
418
0
            if (iv != NULL) {
419
0
                n = EVP_CIPHER_CTX_get_iv_length(ctx);
420
0
                if (n <= 0 || n > (int)sizeof(ctx->iv)) {
421
0
                    ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
422
0
                    return 0;
423
0
                }
424
0
                memcpy(ctx->iv, iv, n);
425
0
            }
426
0
            break;
427
428
0
        default:
429
0
            return 0;
430
0
        }
431
0
    }
432
433
0
    if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
434
0
        if (!ctx->cipher->init(ctx, key, iv, enc))
435
0
            return 0;
436
0
    }
437
0
    ctx->buf_len = 0;
438
0
    ctx->final_used = 0;
439
0
    ctx->block_mask = ctx->cipher->block_size - 1;
440
0
    return 1;
441
0
}
442
443
int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
444
                       const unsigned char *key, const unsigned char *iv,
445
                       int enc, const OSSL_PARAM params[])
446
14.5k
{
447
14.5k
    return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params);
448
14.5k
}
449
450
int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
451
                   const unsigned char *key, const unsigned char *iv, int enc)
452
0
{
453
0
    if (cipher != NULL)
454
0
        EVP_CIPHER_CTX_reset(ctx);
455
0
    return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, NULL);
456
0
}
457
458
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
459
                      ENGINE *impl, const unsigned char *key,
460
                      const unsigned char *iv, int enc)
461
378k
{
462
378k
    return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL);
463
378k
}
464
465
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
466
                     const unsigned char *in, int inl)
467
252k
{
468
252k
    if (ctx->encrypt)
469
252k
        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
470
4
    else
471
4
        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
472
252k
}
473
474
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
475
3
{
476
3
    if (ctx->encrypt)
477
0
        return EVP_EncryptFinal_ex(ctx, out, outl);
478
3
    else
479
3
        return EVP_DecryptFinal_ex(ctx, out, outl);
480
3
}
481
482
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
483
0
{
484
0
    if (ctx->encrypt)
485
0
        return EVP_EncryptFinal(ctx, out, outl);
486
0
    else
487
0
        return EVP_DecryptFinal(ctx, out, outl);
488
0
}
489
490
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
491
                    const unsigned char *key, const unsigned char *iv)
492
0
{
493
0
    return EVP_CipherInit(ctx, cipher, key, iv, 1);
494
0
}
495
496
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
497
                       ENGINE *impl, const unsigned char *key,
498
                       const unsigned char *iv)
499
1.47k
{
500
1.47k
    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
501
1.47k
}
502
503
int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
504
                        const unsigned char *key, const unsigned char *iv,
505
                        const OSSL_PARAM params[])
506
14.5k
{
507
14.5k
    return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params);
508
14.5k
}
509
510
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
511
                    const unsigned char *key, const unsigned char *iv)
512
0
{
513
0
    return EVP_CipherInit(ctx, cipher, key, iv, 0);
514
0
}
515
516
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
517
                       ENGINE *impl, const unsigned char *key,
518
                       const unsigned char *iv)
519
1.93k
{
520
1.93k
    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
521
1.93k
}
522
523
int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
524
                        const unsigned char *key, const unsigned char *iv,
525
                        const OSSL_PARAM params[])
526
0
{
527
0
    return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params);
528
0
}
529
530
/*
531
 * According to the letter of standard difference between pointers
532
 * is specified to be valid only within same object. This makes
533
 * it formally challenging to determine if input and output buffers
534
 * are not partially overlapping with standard pointer arithmetic.
535
 */
536
#ifdef PTRDIFF_T
537
# undef PTRDIFF_T
538
#endif
539
#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
540
/*
541
 * Then we have VMS that distinguishes itself by adhering to
542
 * sizeof(size_t)==4 even in 64-bit builds, which means that
543
 * difference between two pointers might be truncated to 32 bits.
544
 * In the context one can even wonder how comparison for
545
 * equality is implemented. To be on the safe side we adhere to
546
 * PTRDIFF_T even for comparison for equality.
547
 */
548
# define PTRDIFF_T uint64_t
549
#else
550
0
# define PTRDIFF_T size_t
551
#endif
552
553
int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
554
0
{
555
0
    PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
556
    /*
557
     * Check for partially overlapping buffers. [Binary logical
558
     * operations are used instead of boolean to minimize number
559
     * of conditional branches.]
560
     */
561
0
    int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
562
0
                                                (diff > (0 - (PTRDIFF_T)len)));
563
564
0
    return overlapped;
565
0
}
566
567
static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
568
                                    unsigned char *out, int *outl,
569
                                    const unsigned char *in, int inl)
570
0
{
571
0
    int i, j, bl, cmpl = inl;
572
573
0
    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
574
0
        cmpl = safe_div_round_up_int(cmpl, 8, NULL);
575
576
0
    bl = ctx->cipher->block_size;
577
578
0
    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
579
        /* If block size > 1 then the cipher will have to do this check */
580
0
        if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
581
0
            ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
582
0
            return 0;
583
0
        }
584
585
0
        i = ctx->cipher->do_cipher(ctx, out, in, inl);
586
0
        if (i < 0)
587
0
            return 0;
588
0
        else
589
0
            *outl = i;
590
0
        return 1;
591
0
    }
592
593
0
    if (inl <= 0) {
594
0
        *outl = 0;
595
0
        return inl == 0;
596
0
    }
597
0
    if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
598
0
        ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
599
0
        return 0;
600
0
    }
601
602
0
    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
603
0
        if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
604
0
            *outl = inl;
605
0
            return 1;
606
0
        } else {
607
0
            *outl = 0;
608
0
            return 0;
609
0
        }
610
0
    }
611
0
    i = ctx->buf_len;
612
0
    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
613
0
    if (i != 0) {
614
0
        if (bl - i > inl) {
615
0
            memcpy(&(ctx->buf[i]), in, inl);
616
0
            ctx->buf_len += inl;
617
0
            *outl = 0;
618
0
            return 1;
619
0
        } else {
620
0
            j = bl - i;
621
622
            /*
623
             * Once we've processed the first j bytes from in, the amount of
624
             * data left that is a multiple of the block length is:
625
             * (inl - j) & ~(bl - 1)
626
             * We must ensure that this amount of data, plus the one block that
627
             * we process from ctx->buf does not exceed INT_MAX
628
             */
629
0
            if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
630
0
                ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
631
0
                return 0;
632
0
            }
633
0
            memcpy(&(ctx->buf[i]), in, j);
634
0
            inl -= j;
635
0
            in += j;
636
0
            if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
637
0
                return 0;
638
0
            out += bl;
639
0
            *outl = bl;
640
0
        }
641
0
    } else
642
0
        *outl = 0;
643
0
    i = inl & (bl - 1);
644
0
    inl -= i;
645
0
    if (inl > 0) {
646
0
        if (!ctx->cipher->do_cipher(ctx, out, in, inl))
647
0
            return 0;
648
0
        *outl += inl;
649
0
    }
650
651
0
    if (i != 0)
652
0
        memcpy(ctx->buf, &(in[inl]), i);
653
0
    ctx->buf_len = i;
654
0
    return 1;
655
0
}
656
657
658
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
659
                      const unsigned char *in, int inl)
660
252k
{
661
252k
    int ret;
662
252k
    size_t soutl, inl_ = (size_t)inl;
663
252k
    int blocksize;
664
665
252k
    if (ossl_likely(outl != NULL)) {
666
252k
        *outl = 0;
667
252k
    } else {
668
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
669
0
        return 0;
670
0
    }
671
672
    /* Prevent accidental use of decryption context when encrypting */
673
252k
    if (ossl_unlikely(!ctx->encrypt)) {
674
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
675
0
        return 0;
676
0
    }
677
678
252k
    if (ossl_unlikely(ctx->cipher == NULL)) {
679
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
680
0
        return 0;
681
0
    }
682
683
252k
    if (ossl_unlikely(ctx->cipher->prov == NULL))
684
0
        goto legacy;
685
686
252k
    blocksize = ctx->cipher->block_size;
687
688
252k
    if (ossl_unlikely(ctx->cipher->cupdate == NULL || blocksize < 1)) {
689
0
        ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
690
0
        return 0;
691
0
    }
692
693
252k
    ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
694
252k
                               inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
695
252k
                               in, inl_);
696
697
252k
    if (ossl_likely(ret)) {
698
252k
        if (soutl > INT_MAX) {
699
0
            ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
700
0
            return 0;
701
0
        }
702
252k
        *outl = soutl;
703
252k
    }
704
705
252k
    return ret;
706
707
    /* Code below to be removed when legacy support is dropped. */
708
0
 legacy:
709
710
0
    return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
711
252k
}
712
713
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
714
0
{
715
0
    int ret;
716
0
    ret = EVP_EncryptFinal_ex(ctx, out, outl);
717
0
    return ret;
718
0
}
719
720
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
721
22
{
722
22
    int n, ret;
723
22
    unsigned int i, b, bl;
724
22
    size_t soutl;
725
22
    int blocksize;
726
727
22
    if (outl != NULL) {
728
22
        *outl = 0;
729
22
    } else {
730
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
731
0
        return 0;
732
0
    }
733
734
    /* Prevent accidental use of decryption context when encrypting */
735
22
    if (!ctx->encrypt) {
736
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
737
0
        return 0;
738
0
    }
739
740
22
    if (ctx->cipher == NULL) {
741
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
742
0
        return 0;
743
0
    }
744
22
    if (ctx->cipher->prov == NULL)
745
0
        goto legacy;
746
747
22
    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
748
749
22
    if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
750
0
        ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
751
0
        return 0;
752
0
    }
753
754
22
    ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
755
22
                              blocksize == 1 ? 0 : blocksize);
756
757
22
    if (ret) {
758
22
        if (soutl > INT_MAX) {
759
0
            ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
760
0
            return 0;
761
0
        }
762
22
        *outl = soutl;
763
22
    }
764
765
22
    return ret;
766
767
    /* Code below to be removed when legacy support is dropped. */
768
0
 legacy:
769
770
0
    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
771
0
        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
772
0
        if (ret < 0)
773
0
            return 0;
774
0
        else
775
0
            *outl = ret;
776
0
        return 1;
777
0
    }
778
779
0
    b = ctx->cipher->block_size;
780
0
    OPENSSL_assert(b <= sizeof(ctx->buf));
781
0
    if (b == 1) {
782
0
        *outl = 0;
783
0
        return 1;
784
0
    }
785
0
    bl = ctx->buf_len;
786
0
    if (ctx->flags & EVP_CIPH_NO_PADDING) {
787
0
        if (bl) {
788
0
            ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
789
0
            return 0;
790
0
        }
791
0
        *outl = 0;
792
0
        return 1;
793
0
    }
794
795
0
    n = b - bl;
796
0
    for (i = bl; i < b; i++)
797
0
        ctx->buf[i] = n;
798
0
    ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
799
800
0
    if (ret)
801
0
        *outl = b;
802
803
0
    return ret;
804
0
}
805
806
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
807
                      const unsigned char *in, int inl)
808
8.22k
{
809
8.22k
    int fix_len, cmpl = inl, ret;
810
8.22k
    unsigned int b;
811
8.22k
    size_t soutl, inl_ = (size_t)inl;
812
8.22k
    int blocksize;
813
814
8.22k
    if (ossl_likely(outl != NULL)) {
815
8.22k
        *outl = 0;
816
8.22k
    } else {
817
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
818
0
        return 0;
819
0
    }
820
821
    /* Prevent accidental use of encryption context when decrypting */
822
8.22k
    if (ossl_unlikely(ctx->encrypt)) {
823
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
824
0
        return 0;
825
0
    }
826
827
8.22k
    if (ossl_unlikely(ctx->cipher == NULL)) {
828
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
829
0
        return 0;
830
0
    }
831
8.22k
    if (ossl_unlikely(ctx->cipher->prov == NULL))
832
0
        goto legacy;
833
834
8.22k
    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
835
836
8.22k
    if (ossl_unlikely(ctx->cipher->cupdate == NULL || blocksize < 1)) {
837
0
        ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
838
0
        return 0;
839
0
    }
840
8.22k
    ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
841
8.22k
                               inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
842
8.22k
                               in, inl_);
843
844
8.22k
    if (ossl_likely(ret)) {
845
8.22k
        if (soutl > INT_MAX) {
846
0
            ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
847
0
            return 0;
848
0
        }
849
8.22k
        *outl = soutl;
850
8.22k
    }
851
852
8.22k
    return ret;
853
854
    /* Code below to be removed when legacy support is dropped. */
855
0
 legacy:
856
857
0
    b = ctx->cipher->block_size;
858
859
0
    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
860
0
        cmpl = safe_div_round_up_int(cmpl, 8, NULL);
861
862
0
    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
863
0
        if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
864
0
            ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
865
0
            return 0;
866
0
        }
867
868
0
        fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
869
0
        if (fix_len < 0) {
870
0
            *outl = 0;
871
0
            return 0;
872
0
        } else
873
0
            *outl = fix_len;
874
0
        return 1;
875
0
    }
876
877
0
    if (inl <= 0) {
878
0
        *outl = 0;
879
0
        return inl == 0;
880
0
    }
881
882
0
    if (ctx->flags & EVP_CIPH_NO_PADDING)
883
0
        return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
884
885
0
    OPENSSL_assert(b <= sizeof(ctx->final));
886
887
0
    if (ctx->final_used) {
888
        /* see comment about PTRDIFF_T comparison above */
889
0
        if (((PTRDIFF_T)out == (PTRDIFF_T)in)
890
0
            || ossl_is_partially_overlapping(out, in, b)) {
891
0
            ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
892
0
            return 0;
893
0
        }
894
        /*
895
         * final_used is only ever set if buf_len is 0. Therefore the maximum
896
         * length output we will ever see from evp_EncryptDecryptUpdate is
897
         * the maximum multiple of the block length that is <= inl, or just:
898
         * inl & ~(b - 1)
899
         * Since final_used has been set then the final output length is:
900
         * (inl & ~(b - 1)) + b
901
         * This must never exceed INT_MAX
902
         */
903
0
        if ((inl & ~(b - 1)) > INT_MAX - b) {
904
0
            ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
905
0
            return 0;
906
0
        }
907
0
        memcpy(out, ctx->final, b);
908
0
        out += b;
909
0
        fix_len = 1;
910
0
    } else
911
0
        fix_len = 0;
912
913
0
    if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
914
0
        return 0;
915
916
    /*
917
     * if we have 'decrypted' a multiple of block size, make sure we have a
918
     * copy of this last block
919
     */
920
0
    if (b > 1 && !ctx->buf_len) {
921
0
        *outl -= b;
922
0
        ctx->final_used = 1;
923
0
        memcpy(ctx->final, &out[*outl], b);
924
0
    } else
925
0
        ctx->final_used = 0;
926
927
0
    if (fix_len)
928
0
        *outl += b;
929
930
0
    return 1;
931
0
}
932
933
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
934
0
{
935
0
    int ret;
936
0
    ret = EVP_DecryptFinal_ex(ctx, out, outl);
937
0
    return ret;
938
0
}
939
940
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
941
222
{
942
222
    int i, n;
943
222
    unsigned int b;
944
222
    size_t soutl;
945
222
    int ret;
946
222
    int blocksize;
947
948
222
    if (outl != NULL) {
949
222
        *outl = 0;
950
222
    } else {
951
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
952
0
        return 0;
953
0
    }
954
955
    /* Prevent accidental use of encryption context when decrypting */
956
222
    if (ctx->encrypt) {
957
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
958
0
        return 0;
959
0
    }
960
961
222
    if (ctx->cipher == NULL) {
962
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
963
0
        return 0;
964
0
    }
965
966
222
    if (ctx->cipher->prov == NULL)
967
0
        goto legacy;
968
969
222
    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
970
971
222
    if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
972
0
        ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
973
0
        return 0;
974
0
    }
975
976
222
    ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
977
222
                              blocksize == 1 ? 0 : blocksize);
978
979
222
    if (ret) {
980
8
        if (soutl > INT_MAX) {
981
0
            ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
982
0
            return 0;
983
0
        }
984
8
        *outl = soutl;
985
8
    }
986
987
222
    return ret;
988
989
    /* Code below to be removed when legacy support is dropped. */
990
0
 legacy:
991
992
0
    *outl = 0;
993
0
    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
994
0
        i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
995
0
        if (i < 0)
996
0
            return 0;
997
0
        else
998
0
            *outl = i;
999
0
        return 1;
1000
0
    }
1001
1002
0
    b = ctx->cipher->block_size;
1003
0
    if (ctx->flags & EVP_CIPH_NO_PADDING) {
1004
0
        if (ctx->buf_len) {
1005
0
            ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
1006
0
            return 0;
1007
0
        }
1008
0
        *outl = 0;
1009
0
        return 1;
1010
0
    }
1011
0
    if (b > 1) {
1012
0
        if (ctx->buf_len || !ctx->final_used) {
1013
0
            ERR_raise(ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
1014
0
            return 0;
1015
0
        }
1016
0
        OPENSSL_assert(b <= sizeof(ctx->final));
1017
1018
        /*
1019
         * The following assumes that the ciphertext has been authenticated.
1020
         * Otherwise it provides a padding oracle.
1021
         */
1022
0
        n = ctx->final[b - 1];
1023
0
        if (n == 0 || n > (int)b) {
1024
0
            ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
1025
0
            return 0;
1026
0
        }
1027
0
        for (i = 0; i < n; i++) {
1028
0
            if (ctx->final[--b] != n) {
1029
0
                ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
1030
0
                return 0;
1031
0
            }
1032
0
        }
1033
0
        n = ctx->cipher->block_size - n;
1034
0
        for (i = 0; i < n; i++)
1035
0
            out[i] = ctx->final[i];
1036
0
        *outl = n;
1037
0
    }
1038
0
    return 1;
1039
0
}
1040
1041
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
1042
4.81k
{
1043
4.81k
    if (c->cipher->prov != NULL) {
1044
4.81k
        int ok;
1045
4.81k
        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1046
4.81k
        size_t len;
1047
1048
4.81k
        if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1049
3.62k
            return 1;
1050
1051
        /* Check the cipher actually understands this parameter */
1052
1.18k
        if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
1053
1.18k
                                    OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
1054
1.16k
            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1055
1.16k
            return 0;
1056
1.16k
        }
1057
1058
28
        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
1059
28
        if (!OSSL_PARAM_set_int(params, keylen))
1060
0
            return 0;
1061
28
        ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
1062
28
        if (ok <= 0)
1063
28
            return 0;
1064
0
        c->key_len = keylen;
1065
0
        return 1;
1066
28
    }
1067
1068
    /* Code below to be removed when legacy support is dropped. */
1069
1070
    /*
1071
     * Note there have never been any built-in ciphers that define this flag
1072
     * since it was first introduced.
1073
     */
1074
0
    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
1075
0
        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
1076
0
    if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1077
0
        return 1;
1078
0
    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
1079
0
        c->key_len = keylen;
1080
0
        return 1;
1081
0
    }
1082
0
    ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1083
0
    return 0;
1084
0
}
1085
1086
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
1087
{
1088
    int ok;
1089
    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1090
    unsigned int pd = pad;
1091
1092
    if (pad)
1093
        ctx->flags &= ~EVP_CIPH_NO_PADDING;
1094
    else
1095
        ctx->flags |= EVP_CIPH_NO_PADDING;
1096
1097
    if (ctx->cipher != NULL && ctx->cipher->prov == NULL)
1098
        return 1;
1099
    params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd);
1100
    ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1101
1102
    return ok != 0;
1103
}
1104
1105
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1106
392
{
1107
392
    int ret = EVP_CTRL_RET_UNSUPPORTED;
1108
392
    int set_params = 1;
1109
392
    size_t sz = arg;
1110
392
    unsigned int i;
1111
392
    OSSL_PARAM params[4] = {
1112
392
        OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
1113
392
    };
1114
1115
392
    if (ctx == NULL || ctx->cipher == NULL) {
1116
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
1117
0
        return 0;
1118
0
    }
1119
1120
392
    if (ctx->cipher->prov == NULL)
1121
0
        goto legacy;
1122
1123
392
    switch (type) {
1124
0
    case EVP_CTRL_SET_KEY_LENGTH:
1125
0
        if (arg < 0)
1126
0
            return 0;
1127
0
        if (ctx->key_len == arg)
1128
            /* Skip calling into provider if unchanged. */
1129
0
            return 1;
1130
0
        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
1131
0
        ctx->key_len = -1;
1132
0
        break;
1133
0
    case EVP_CTRL_RAND_KEY:      /* Used by DES */
1134
0
        set_params = 0;
1135
0
        params[0] =
1136
0
            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
1137
0
                                              ptr, sz);
1138
0
        break;
1139
1140
0
    case EVP_CTRL_INIT:
1141
        /*
1142
         * EVP_CTRL_INIT is purely legacy, no provider counterpart.
1143
         * As a matter of fact, this should be dead code, but some caller
1144
         * might still do a direct control call with this command, so...
1145
         * Legacy methods return 1 except for exceptional circumstances, so
1146
         * we do the same here to not be disruptive.
1147
         */
1148
0
        return 1;
1149
0
    case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
1150
0
    default:
1151
0
        goto end;
1152
377
    case EVP_CTRL_AEAD_SET_IVLEN:
1153
377
        if (arg < 0)
1154
0
            return 0;
1155
377
        if (ctx->iv_len == arg)
1156
            /* Skip calling into provider if unchanged. */
1157
0
            return 1;
1158
377
        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1159
377
        ctx->iv_len = -1;
1160
377
        break;
1161
0
    case EVP_CTRL_CCM_SET_L:
1162
0
        if (arg < 2 || arg > 8)
1163
0
            return 0;
1164
0
        sz = 15 - arg;
1165
0
        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1166
0
        ctx->iv_len = -1;
1167
0
        break;
1168
0
    case EVP_CTRL_AEAD_SET_IV_FIXED:
1169
0
        params[0] = OSSL_PARAM_construct_octet_string(
1170
0
                        OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz);
1171
0
        break;
1172
0
    case EVP_CTRL_GCM_IV_GEN:
1173
0
        set_params = 0;
1174
0
        if (arg < 0)
1175
0
            sz = 0; /* special case that uses the iv length */
1176
0
        params[0] = OSSL_PARAM_construct_octet_string(
1177
0
                        OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz);
1178
0
        break;
1179
0
    case EVP_CTRL_GCM_SET_IV_INV:
1180
0
        if (arg < 0)
1181
0
            return 0;
1182
0
        params[0] = OSSL_PARAM_construct_octet_string(
1183
0
                        OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz);
1184
0
        break;
1185
0
    case EVP_CTRL_GET_RC5_ROUNDS:
1186
0
        set_params = 0; /* Fall thru */
1187
0
    case EVP_CTRL_SET_RC5_ROUNDS:
1188
0
        if (arg < 0)
1189
0
            return 0;
1190
0
        i = (unsigned int)arg;
1191
0
        params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i);
1192
0
        break;
1193
0
    case EVP_CTRL_SET_SPEED:
1194
0
        if (arg < 0)
1195
0
            return 0;
1196
0
        i = (unsigned int)arg;
1197
0
        params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_SPEED, &i);
1198
0
        break;
1199
5
    case EVP_CTRL_AEAD_GET_TAG:
1200
5
        set_params = 0; /* Fall thru */
1201
15
    case EVP_CTRL_AEAD_SET_TAG:
1202
15
        params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
1203
15
                                                      ptr, sz);
1204
15
        break;
1205
0
    case EVP_CTRL_AEAD_TLS1_AAD:
1206
        /* This one does a set and a get - since it returns a size */
1207
0
        params[0] =
1208
0
            OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1209
0
                                              ptr, sz);
1210
0
        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1211
0
        if (ret <= 0)
1212
0
            goto end;
1213
0
        params[0] =
1214
0
            OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
1215
0
        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1216
0
        if (ret <= 0)
1217
0
            goto end;
1218
0
        return sz;
1219
0
#ifndef OPENSSL_NO_RC2
1220
0
    case EVP_CTRL_GET_RC2_KEY_BITS:
1221
0
        set_params = 0; /* Fall thru */
1222
0
    case EVP_CTRL_SET_RC2_KEY_BITS:
1223
0
        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz);
1224
0
        break;
1225
0
#endif /* OPENSSL_NO_RC2 */
1226
0
#if !defined(OPENSSL_NO_MULTIBLOCK)
1227
0
    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
1228
0
        params[0] = OSSL_PARAM_construct_size_t(
1229
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz);
1230
0
        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1231
0
        if (ret <= 0)
1232
0
            return 0;
1233
1234
0
        params[0] = OSSL_PARAM_construct_size_t(
1235
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz);
1236
0
        params[1] = OSSL_PARAM_construct_end();
1237
0
        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1238
0
        if (ret <= 0)
1239
0
            return 0;
1240
0
        return sz;
1241
0
    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: {
1242
0
        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1243
0
            (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1244
1245
0
        if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
1246
0
            return 0;
1247
1248
0
        params[0] = OSSL_PARAM_construct_octet_string(
1249
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len);
1250
0
        params[1] = OSSL_PARAM_construct_uint(
1251
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1252
0
        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1253
0
        if (ret <= 0)
1254
0
            return ret;
1255
        /* Retrieve the return values changed by the set */
1256
0
        params[0] = OSSL_PARAM_construct_size_t(
1257
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz);
1258
0
        params[1] = OSSL_PARAM_construct_uint(
1259
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1260
0
        params[2] = OSSL_PARAM_construct_end();
1261
0
        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1262
0
        if (ret <= 0)
1263
0
            return 0;
1264
0
        return sz;
1265
0
    }
1266
0
    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: {
1267
0
        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1268
0
            (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1269
1270
0
        params[0] = OSSL_PARAM_construct_octet_string(
1271
0
                        OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len);
1272
1273
0
        params[1] = OSSL_PARAM_construct_octet_string(
1274
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp,
1275
0
                p->len);
1276
0
        params[2] = OSSL_PARAM_construct_uint(
1277
0
                OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1278
0
        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1279
0
        if (ret <= 0)
1280
0
            return ret;
1281
0
        params[0] = OSSL_PARAM_construct_size_t(
1282
0
                        OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz);
1283
0
        params[1] = OSSL_PARAM_construct_end();
1284
0
        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1285
0
        if (ret <= 0)
1286
0
            return 0;
1287
0
        return sz;
1288
0
    }
1289
0
#endif /* OPENSSL_NO_MULTIBLOCK */
1290
0
    case EVP_CTRL_AEAD_SET_MAC_KEY:
1291
0
        if (arg < 0)
1292
0
            return -1;
1293
0
        params[0] = OSSL_PARAM_construct_octet_string(
1294
0
                OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz);
1295
0
        break;
1296
392
    }
1297
1298
392
    if (set_params)
1299
387
        ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1300
5
    else
1301
5
        ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1302
392
    goto end;
1303
1304
    /* Code below to be removed when legacy support is dropped. */
1305
0
legacy:
1306
0
    if (ctx->cipher->ctrl == NULL) {
1307
0
        ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
1308
0
        return 0;
1309
0
    }
1310
1311
0
    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
1312
1313
392
 end:
1314
392
    if (ret == EVP_CTRL_RET_UNSUPPORTED) {
1315
0
        ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
1316
0
        return 0;
1317
0
    }
1318
392
    return ret;
1319
392
}
1320
1321
int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
1322
0
{
1323
0
    if (cipher != NULL && cipher->get_params != NULL)
1324
0
        return cipher->get_params(params);
1325
0
    return 0;
1326
0
}
1327
1328
int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
1329
0
{
1330
0
    int r = 0;
1331
0
    const OSSL_PARAM *p;
1332
1333
0
    if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) {
1334
0
        r = ctx->cipher->set_ctx_params(ctx->algctx, params);
1335
0
        if (r > 0) {
1336
0
            p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
1337
0
            if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len)) {
1338
0
                r = 0;
1339
0
                ctx->key_len = -1;
1340
0
            }
1341
0
        }
1342
0
        if (r > 0) {
1343
0
            p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
1344
0
            if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len)) {
1345
0
                r = 0;
1346
0
                ctx->iv_len = -1;
1347
0
            }
1348
0
        }
1349
0
    }
1350
0
    return r;
1351
0
}
1352
1353
int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
1354
0
{
1355
0
    if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL)
1356
0
        return ctx->cipher->get_ctx_params(ctx->algctx, params);
1357
0
    return 0;
1358
0
}
1359
1360
const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
1361
0
{
1362
0
    if (cipher != NULL && cipher->gettable_params != NULL)
1363
0
        return cipher->gettable_params(
1364
0
                   ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)));
1365
0
    return NULL;
1366
0
}
1367
1368
const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher)
1369
1.18k
{
1370
1.18k
    void *provctx;
1371
1372
1.18k
    if (cipher != NULL && cipher->settable_ctx_params != NULL) {
1373
1.18k
        provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1374
1.18k
        return cipher->settable_ctx_params(NULL, provctx);
1375
1.18k
    }
1376
0
    return NULL;
1377
1.18k
}
1378
1379
const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher)
1380
256
{
1381
256
    void *provctx;
1382
1383
256
    if (cipher != NULL && cipher->gettable_ctx_params != NULL) {
1384
256
        provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1385
256
        return cipher->gettable_ctx_params(NULL, provctx);
1386
256
    }
1387
0
    return NULL;
1388
256
}
1389
1390
const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx)
1391
0
{
1392
0
    void *alg;
1393
1394
0
    if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) {
1395
0
        alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1396
0
        return cctx->cipher->settable_ctx_params(cctx->algctx, alg);
1397
0
    }
1398
0
    return NULL;
1399
0
}
1400
1401
const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx)
1402
0
{
1403
0
    void *provctx;
1404
1405
0
    if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) {
1406
0
        provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1407
0
        return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx);
1408
0
    }
1409
0
    return NULL;
1410
0
}
1411
1412
#ifndef FIPS_MODULE
1413
static OSSL_LIB_CTX *EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX *ctx)
1414
0
{
1415
0
    const EVP_CIPHER *cipher = ctx->cipher;
1416
0
    const OSSL_PROVIDER *prov;
1417
1418
0
    if (cipher == NULL)
1419
0
        return NULL;
1420
1421
0
    prov = EVP_CIPHER_get0_provider(cipher);
1422
0
    return ossl_provider_libctx(prov);
1423
0
}
1424
#endif
1425
1426
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
1427
0
{
1428
0
    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1429
0
        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1430
1431
#ifdef FIPS_MODULE
1432
    return 0;
1433
#else
1434
0
    {
1435
0
        int kl;
1436
0
        OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
1437
1438
0
        kl = EVP_CIPHER_CTX_get_key_length(ctx);
1439
0
        if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
1440
0
            return 0;
1441
0
        return 1;
1442
0
    }
1443
0
#endif /* FIPS_MODULE */
1444
0
}
1445
1446
EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
1447
0
{
1448
0
    EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
1449
1450
0
    if (out != NULL && !EVP_CIPHER_CTX_copy(out, in)) {
1451
0
        EVP_CIPHER_CTX_free(out);
1452
0
        out = NULL;
1453
0
    }
1454
0
    return out;
1455
0
}
1456
1457
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
1458
131k
{
1459
131k
    if ((in == NULL) || (in->cipher == NULL)) {
1460
506
        ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED);
1461
506
        return 0;
1462
506
    }
1463
1464
130k
    if (in->cipher->prov == NULL)
1465
0
        goto legacy;
1466
1467
130k
    if (in->cipher->dupctx == NULL) {
1468
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1469
0
        return 0;
1470
0
    }
1471
1472
130k
    EVP_CIPHER_CTX_reset(out);
1473
1474
130k
    *out = *in;
1475
130k
    out->algctx = NULL;
1476
1477
130k
    if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) {
1478
0
        out->fetched_cipher = NULL;
1479
0
        return 0;
1480
0
    }
1481
1482
130k
    out->algctx = in->cipher->dupctx(in->algctx);
1483
130k
    if (out->algctx == NULL) {
1484
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1485
0
        return 0;
1486
0
    }
1487
1488
130k
    return 1;
1489
1490
    /* Code below to be removed when legacy support is dropped. */
1491
0
 legacy:
1492
1493
0
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
1494
    /* Make sure it's safe to copy a cipher context using an ENGINE */
1495
0
    if (in->engine && !ENGINE_init(in->engine)) {
1496
0
        ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
1497
0
        return 0;
1498
0
    }
1499
0
#endif
1500
1501
0
    EVP_CIPHER_CTX_reset(out);
1502
0
    memcpy(out, in, sizeof(*out));
1503
1504
0
    if (in->cipher_data && in->cipher->ctx_size) {
1505
0
        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
1506
0
        if (out->cipher_data == NULL) {
1507
0
            out->cipher = NULL;
1508
0
            return 0;
1509
0
        }
1510
0
        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
1511
0
    }
1512
1513
0
    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
1514
0
        if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
1515
0
            out->cipher = NULL;
1516
0
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
1517
0
            return 0;
1518
0
        }
1519
0
    return 1;
1520
0
}
1521
1522
EVP_CIPHER *evp_cipher_new(void)
1523
256
{
1524
256
    EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
1525
1526
256
    if (cipher != NULL && !CRYPTO_NEW_REF(&cipher->refcnt, 1)) {
1527
0
        OPENSSL_free(cipher);
1528
0
        return NULL;
1529
0
    }
1530
256
    return cipher;
1531
256
}
1532
1533
/*
1534
 * FIPS module note: since internal fetches will be entirely
1535
 * provider based, we know that none of its code depends on legacy
1536
 * NIDs or any functionality that use them.
1537
 */
1538
#ifndef FIPS_MODULE
1539
/* After removal of legacy support get rid of the need for legacy NIDs */
1540
static void set_legacy_nid(const char *name, void *vlegacy_nid)
1541
482
{
1542
482
    int nid;
1543
482
    int *legacy_nid = vlegacy_nid;
1544
    /*
1545
     * We use lowest level function to get the associated method, because
1546
     * higher level functions such as EVP_get_cipherbyname() have changed
1547
     * to look at providers too.
1548
     */
1549
482
    const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
1550
1551
482
    if (*legacy_nid == -1)       /* We found a clash already */
1552
0
        return;
1553
482
    if (legacy_method == NULL)
1554
218
        return;
1555
264
    nid = EVP_CIPHER_get_nid(legacy_method);
1556
264
    if (*legacy_nid != NID_undef && *legacy_nid != nid) {
1557
0
        *legacy_nid = -1;
1558
0
        return;
1559
0
    }
1560
264
    *legacy_nid = nid;
1561
264
}
1562
#endif
1563
1564
static void *evp_cipher_from_algorithm(const int name_id,
1565
                                       const OSSL_ALGORITHM *algodef,
1566
                                       OSSL_PROVIDER *prov)
1567
256
{
1568
256
    const OSSL_DISPATCH *fns = algodef->implementation;
1569
256
    EVP_CIPHER *cipher = NULL;
1570
256
    int fnciphcnt = 0, fnctxcnt = 0;
1571
1572
256
    if ((cipher = evp_cipher_new()) == NULL) {
1573
0
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
1574
0
        return NULL;
1575
0
    }
1576
1577
256
#ifndef FIPS_MODULE
1578
256
    cipher->nid = NID_undef;
1579
256
    if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid)
1580
256
            || cipher->nid == -1) {
1581
0
        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
1582
0
        EVP_CIPHER_free(cipher);
1583
0
        return NULL;
1584
0
    }
1585
256
#endif
1586
1587
256
    cipher->name_id = name_id;
1588
256
    if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
1589
0
        EVP_CIPHER_free(cipher);
1590
0
        return NULL;
1591
0
    }
1592
256
    cipher->description = algodef->algorithm_description;
1593
1594
3.81k
    for (; fns->function_id != 0; fns++) {
1595
3.55k
        switch (fns->function_id) {
1596
256
        case OSSL_FUNC_CIPHER_NEWCTX:
1597
256
            if (cipher->newctx != NULL)
1598
0
                break;
1599
256
            cipher->newctx = OSSL_FUNC_cipher_newctx(fns);
1600
256
            fnctxcnt++;
1601
256
            break;
1602
256
        case OSSL_FUNC_CIPHER_ENCRYPT_INIT:
1603
256
            if (cipher->einit != NULL)
1604
0
                break;
1605
256
            cipher->einit = OSSL_FUNC_cipher_encrypt_init(fns);
1606
256
            fnciphcnt++;
1607
256
            break;
1608
256
        case OSSL_FUNC_CIPHER_DECRYPT_INIT:
1609
256
            if (cipher->dinit != NULL)
1610
0
                break;
1611
256
            cipher->dinit = OSSL_FUNC_cipher_decrypt_init(fns);
1612
256
            fnciphcnt++;
1613
256
            break;
1614
256
        case OSSL_FUNC_CIPHER_UPDATE:
1615
256
            if (cipher->cupdate != NULL)
1616
0
                break;
1617
256
            cipher->cupdate = OSSL_FUNC_cipher_update(fns);
1618
256
            fnciphcnt++;
1619
256
            break;
1620
256
        case OSSL_FUNC_CIPHER_FINAL:
1621
256
            if (cipher->cfinal != NULL)
1622
0
                break;
1623
256
            cipher->cfinal = OSSL_FUNC_cipher_final(fns);
1624
256
            fnciphcnt++;
1625
256
            break;
1626
232
        case OSSL_FUNC_CIPHER_CIPHER:
1627
232
            if (cipher->ccipher != NULL)
1628
0
                break;
1629
232
            cipher->ccipher = OSSL_FUNC_cipher_cipher(fns);
1630
232
            break;
1631
256
        case OSSL_FUNC_CIPHER_FREECTX:
1632
256
            if (cipher->freectx != NULL)
1633
0
                break;
1634
256
            cipher->freectx = OSSL_FUNC_cipher_freectx(fns);
1635
256
            fnctxcnt++;
1636
256
            break;
1637
254
        case OSSL_FUNC_CIPHER_DUPCTX:
1638
254
            if (cipher->dupctx != NULL)
1639
0
                break;
1640
254
            cipher->dupctx = OSSL_FUNC_cipher_dupctx(fns);
1641
254
            break;
1642
256
        case OSSL_FUNC_CIPHER_GET_PARAMS:
1643
256
            if (cipher->get_params != NULL)
1644
0
                break;
1645
256
            cipher->get_params = OSSL_FUNC_cipher_get_params(fns);
1646
256
            break;
1647
256
        case OSSL_FUNC_CIPHER_GET_CTX_PARAMS:
1648
256
            if (cipher->get_ctx_params != NULL)
1649
0
                break;
1650
256
            cipher->get_ctx_params = OSSL_FUNC_cipher_get_ctx_params(fns);
1651
256
            break;
1652
256
        case OSSL_FUNC_CIPHER_SET_CTX_PARAMS:
1653
256
            if (cipher->set_ctx_params != NULL)
1654
0
                break;
1655
256
            cipher->set_ctx_params = OSSL_FUNC_cipher_set_ctx_params(fns);
1656
256
            break;
1657
256
        case OSSL_FUNC_CIPHER_GETTABLE_PARAMS:
1658
256
            if (cipher->gettable_params != NULL)
1659
0
                break;
1660
256
            cipher->gettable_params = OSSL_FUNC_cipher_gettable_params(fns);
1661
256
            break;
1662
256
        case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS:
1663
256
            if (cipher->gettable_ctx_params != NULL)
1664
0
                break;
1665
256
            cipher->gettable_ctx_params =
1666
256
                OSSL_FUNC_cipher_gettable_ctx_params(fns);
1667
256
            break;
1668
256
        case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS:
1669
256
            if (cipher->settable_ctx_params != NULL)
1670
0
                break;
1671
256
            cipher->settable_ctx_params =
1672
256
                OSSL_FUNC_cipher_settable_ctx_params(fns);
1673
256
            break;
1674
3.55k
        }
1675
3.55k
    }
1676
256
    if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
1677
256
            || (fnciphcnt == 0 && cipher->ccipher == NULL)
1678
256
            || fnctxcnt != 2) {
1679
        /*
1680
         * In order to be a consistent set of functions we must have at least
1681
         * a complete set of "encrypt" functions, or a complete set of "decrypt"
1682
         * functions, or a single "cipher" function. In all cases we need both
1683
         * the "newctx" and "freectx" functions.
1684
         */
1685
0
        EVP_CIPHER_free(cipher);
1686
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
1687
0
        return NULL;
1688
0
    }
1689
256
    cipher->prov = prov;
1690
256
    if (prov != NULL)
1691
256
        ossl_provider_up_ref(prov);
1692
1693
256
    if (!evp_cipher_cache_constants(cipher)) {
1694
0
        EVP_CIPHER_free(cipher);
1695
0
        ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
1696
0
        cipher = NULL;
1697
0
    }
1698
1699
256
    return cipher;
1700
256
}
1701
1702
static int evp_cipher_up_ref(void *cipher)
1703
6.90k
{
1704
6.90k
    return EVP_CIPHER_up_ref(cipher);
1705
6.90k
}
1706
1707
static void evp_cipher_free(void *cipher)
1708
708
{
1709
708
    EVP_CIPHER_free(cipher);
1710
708
}
1711
1712
EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
1713
                             const char *properties)
1714
7.93k
{
1715
7.93k
    EVP_CIPHER *cipher =
1716
7.93k
        evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties,
1717
7.93k
                          evp_cipher_from_algorithm, evp_cipher_up_ref,
1718
7.93k
                          evp_cipher_free);
1719
1720
7.93k
    return cipher;
1721
7.93k
}
1722
1723
int EVP_CIPHER_up_ref(EVP_CIPHER *cipher)
1724
137k
{
1725
137k
    int ref = 0;
1726
1727
137k
    if (cipher->origin == EVP_ORIG_DYNAMIC)
1728
137k
        CRYPTO_UP_REF(&cipher->refcnt, &ref);
1729
137k
    return 1;
1730
137k
}
1731
1732
void evp_cipher_free_int(EVP_CIPHER *cipher)
1733
256
{
1734
256
    OPENSSL_free(cipher->type_name);
1735
256
    ossl_provider_free(cipher->prov);
1736
256
    CRYPTO_FREE_REF(&cipher->refcnt);
1737
256
    OPENSSL_free(cipher);
1738
256
}
1739
1740
void EVP_CIPHER_free(EVP_CIPHER *cipher)
1741
153k
{
1742
153k
    int i;
1743
1744
153k
    if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC)
1745
15.3k
        return;
1746
1747
138k
    CRYPTO_DOWN_REF(&cipher->refcnt, &i);
1748
138k
    if (i > 0)
1749
137k
        return;
1750
256
    evp_cipher_free_int(cipher);
1751
256
}
1752
1753
void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
1754
                                void (*fn)(EVP_CIPHER *mac, void *arg),
1755
                                void *arg)
1756
0
{
1757
0
    evp_generic_do_all(libctx, OSSL_OP_CIPHER,
1758
0
                       (void (*)(void *, void *))fn, arg,
1759
0
                       evp_cipher_from_algorithm, evp_cipher_up_ref,
1760
0
                       evp_cipher_free);
1761
0
}