xref: /openssl/crypto/evp/evp_enc.c (revision 7ed6de99)
1 /*
2  * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12 
13 #include <stdio.h>
14 #include <limits.h>
15 #include <assert.h>
16 #include <openssl/evp.h>
17 #include <openssl/err.h>
18 #include <openssl/rand.h>
19 #ifndef FIPS_MODULE
20 # include <openssl/engine.h>
21 #endif
22 #include <openssl/params.h>
23 #include <openssl/core_names.h>
24 #include "internal/cryptlib.h"
25 #include "internal/provider.h"
26 #include "internal/core.h"
27 #include "internal/safe_math.h"
28 #include "crypto/evp.h"
29 #include "evp_local.h"
30 
OSSL_SAFE_MATH_SIGNED(int,int)31 OSSL_SAFE_MATH_SIGNED(int, int)
32 
33 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
34 {
35     if (ctx == NULL)
36         return 1;
37 
38     if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
39         goto legacy;
40 
41     if (ctx->algctx != NULL) {
42         if (ctx->cipher->freectx != NULL)
43             ctx->cipher->freectx(ctx->algctx);
44         ctx->algctx = NULL;
45     }
46     if (ctx->fetched_cipher != NULL)
47         EVP_CIPHER_free(ctx->fetched_cipher);
48     memset(ctx, 0, sizeof(*ctx));
49     ctx->iv_len = -1;
50 
51     return 1;
52 
53     /* Remove legacy code below when legacy support is removed. */
54  legacy:
55 
56     if (ctx->cipher != NULL) {
57         if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx))
58             return 0;
59         /* Cleanse cipher context data */
60         if (ctx->cipher_data && ctx->cipher->ctx_size)
61             OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
62     }
63     OPENSSL_free(ctx->cipher_data);
64 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
65     ENGINE_finish(ctx->engine);
66 #endif
67     memset(ctx, 0, sizeof(*ctx));
68     ctx->iv_len = -1;
69     return 1;
70 }
71 
EVP_CIPHER_CTX_new(void)72 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
73 {
74     EVP_CIPHER_CTX *ctx;
75 
76     ctx = OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
77     if (ctx == NULL)
78         return NULL;
79 
80     ctx->iv_len = -1;
81     return ctx;
82 }
83 
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * ctx)84 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
85 {
86     if (ctx == NULL)
87         return;
88     EVP_CIPHER_CTX_reset(ctx);
89     OPENSSL_free(ctx);
90 }
91 
evp_cipher_init_internal(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc,const OSSL_PARAM params[])92 static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
93                                     const EVP_CIPHER *cipher,
94                                     ENGINE *impl, const unsigned char *key,
95                                     const unsigned char *iv, int enc,
96                                     const OSSL_PARAM params[])
97 {
98     int n;
99 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
100     ENGINE *tmpimpl = NULL;
101 #endif
102 
103     /*
104      * enc == 1 means we are encrypting.
105      * enc == 0 means we are decrypting.
106      * enc == -1 means, use the previously initialised value for encrypt/decrypt
107      */
108     if (enc == -1) {
109         enc = ctx->encrypt;
110     } else {
111         if (enc)
112             enc = 1;
113         ctx->encrypt = enc;
114     }
115 
116     if (cipher == NULL && ctx->cipher == NULL) {
117         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
118         return 0;
119     }
120 
121     /* Code below to be removed when legacy support is dropped. */
122 
123 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
124     /*
125      * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
126      * this context may already have an ENGINE! Try to avoid releasing the
127      * previous handle, re-querying for an ENGINE, and having a
128      * reinitialisation, when it may all be unnecessary.
129      */
130     if (ctx->engine && ctx->cipher
131         && (cipher == NULL || cipher->nid == ctx->cipher->nid))
132         goto skip_to_init;
133 
134     if (cipher != NULL && impl == NULL) {
135          /* Ask if an ENGINE is reserved for this job */
136         tmpimpl = ENGINE_get_cipher_engine(cipher->nid);
137     }
138 #endif
139 
140     /*
141      * If there are engines involved then we should use legacy handling for now.
142      */
143     if (ctx->engine != NULL
144 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
145             || tmpimpl != NULL
146 #endif
147             || impl != NULL
148             || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
149             || (cipher == NULL && ctx->cipher != NULL
150                                && ctx->cipher->origin == EVP_ORIG_METH)) {
151         if (ctx->cipher == ctx->fetched_cipher)
152             ctx->cipher = NULL;
153         EVP_CIPHER_free(ctx->fetched_cipher);
154         ctx->fetched_cipher = NULL;
155         goto legacy;
156     }
157     /*
158      * Ensure a context left lying around from last time is cleared
159      * (legacy code)
160      */
161     if (cipher != NULL && ctx->cipher != NULL) {
162         if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx))
163             return 0;
164         OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size);
165         ctx->cipher_data = NULL;
166     }
167 
168     /* Start of non-legacy code below */
169 
170     /* Ensure a context left lying around from last time is cleared */
171     if (cipher != NULL && ctx->cipher != NULL) {
172         unsigned long flags = ctx->flags;
173 
174         EVP_CIPHER_CTX_reset(ctx);
175         /* Restore encrypt and flags */
176         ctx->encrypt = enc;
177         ctx->flags = flags;
178     }
179 
180     if (cipher == NULL)
181         cipher = ctx->cipher;
182 
183     if (cipher->prov == NULL) {
184 #ifdef FIPS_MODULE
185         /* We only do explicit fetches inside the FIPS module */
186         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
187         return 0;
188 #else
189         EVP_CIPHER *provciph =
190             EVP_CIPHER_fetch(NULL,
191                              cipher->nid == NID_undef ? "NULL"
192                                                       : OBJ_nid2sn(cipher->nid),
193                              "");
194 
195         if (provciph == NULL)
196             return 0;
197         cipher = provciph;
198         EVP_CIPHER_free(ctx->fetched_cipher);
199         ctx->fetched_cipher = provciph;
200 #endif
201     }
202 
203     if (!ossl_assert(cipher->prov != NULL)) {
204         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
205         return 0;
206     }
207 
208     if (cipher != ctx->fetched_cipher) {
209         if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
210             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
211             return 0;
212         }
213         EVP_CIPHER_free(ctx->fetched_cipher);
214         /* Coverity false positive, the reference counting is confusing it */
215         /* coverity[use_after_free] */
216         ctx->fetched_cipher = (EVP_CIPHER *)cipher;
217     }
218     ctx->cipher = cipher;
219     if (ctx->algctx == NULL) {
220         ctx->algctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
221         if (ctx->algctx == NULL) {
222             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
223             return 0;
224         }
225     }
226 
227     if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
228         /*
229          * If this ctx was already set up for no padding then we need to tell
230          * the new cipher about it.
231          */
232         if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
233             return 0;
234     }
235 
236 #ifndef FIPS_MODULE
237     /*
238      * Fix for CVE-2023-5363
239      * Passing in a size as part of the init call takes effect late
240      * so, force such to occur before the initialisation.
241      *
242      * The FIPS provider's internal library context is used in a manner
243      * such that this is not an issue.
244      */
245     if (params != NULL) {
246         OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
247                                      OSSL_PARAM_END };
248         OSSL_PARAM *q = param_lens;
249         const OSSL_PARAM *p;
250 
251         p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
252         if (p != NULL)
253             memcpy(q++, p, sizeof(*q));
254 
255         /*
256          * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synonym for
257          * OSSL_CIPHER_PARAM_IVLEN so both are covered here.
258          */
259         p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
260         if (p != NULL)
261             memcpy(q++, p, sizeof(*q));
262 
263         if (q != param_lens) {
264             if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
265                 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
266                 return 0;
267             }
268         }
269     }
270 #endif
271 
272     if (enc) {
273         if (ctx->cipher->einit == NULL) {
274             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
275             return 0;
276         }
277 
278         return ctx->cipher->einit(ctx->algctx,
279                                   key,
280                                   key == NULL ? 0
281                                               : EVP_CIPHER_CTX_get_key_length(ctx),
282                                   iv,
283                                   iv == NULL ? 0
284                                              : EVP_CIPHER_CTX_get_iv_length(ctx),
285                                   params);
286     }
287 
288     if (ctx->cipher->dinit == NULL) {
289         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
290         return 0;
291     }
292 
293     return ctx->cipher->dinit(ctx->algctx,
294                               key,
295                               key == NULL ? 0
296                                           : EVP_CIPHER_CTX_get_key_length(ctx),
297                               iv,
298                               iv == NULL ? 0
299                                          : EVP_CIPHER_CTX_get_iv_length(ctx),
300                                   params);
301 
302     /* Code below to be removed when legacy support is dropped. */
303  legacy:
304 
305     if (cipher != NULL) {
306         /*
307          * Ensure a context left lying around from last time is cleared (we
308          * previously attempted to avoid this if the same ENGINE and
309          * EVP_CIPHER could be used).
310          */
311         if (ctx->cipher) {
312             unsigned long flags = ctx->flags;
313             EVP_CIPHER_CTX_reset(ctx);
314             /* Restore encrypt and flags */
315             ctx->encrypt = enc;
316             ctx->flags = flags;
317         }
318 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
319         if (impl != NULL) {
320             if (!ENGINE_init(impl)) {
321                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
322                 return 0;
323             }
324         } else {
325             impl = tmpimpl;
326         }
327         if (impl != NULL) {
328             /* There's an ENGINE for this job ... (apparently) */
329             const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
330 
331             if (c == NULL) {
332                 /*
333                  * One positive side-effect of US's export control history,
334                  * is that we should at least be able to avoid using US
335                  * misspellings of "initialisation"?
336                  */
337                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
338                 return 0;
339             }
340             /* We'll use the ENGINE's private cipher definition */
341             cipher = c;
342             /*
343              * Store the ENGINE functional reference so we know 'cipher' came
344              * from an ENGINE and we need to release it when done.
345              */
346             ctx->engine = impl;
347         } else {
348             ctx->engine = NULL;
349         }
350 #endif
351 
352         ctx->cipher = cipher;
353         if (ctx->cipher->ctx_size) {
354             ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
355             if (ctx->cipher_data == NULL) {
356                 ctx->cipher = NULL;
357                 return 0;
358             }
359         } else {
360             ctx->cipher_data = NULL;
361         }
362         ctx->key_len = cipher->key_len;
363         /* Preserve wrap enable flag, zero everything else */
364         ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
365         if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
366             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
367                 ctx->cipher = NULL;
368                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
369                 return 0;
370             }
371         }
372     }
373 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
374  skip_to_init:
375 #endif
376     if (ctx->cipher == NULL)
377         return 0;
378 
379     /* we assume block size is a power of 2 in *cryptUpdate */
380     OPENSSL_assert(ctx->cipher->block_size == 1
381                    || ctx->cipher->block_size == 8
382                    || ctx->cipher->block_size == 16);
383 
384     if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
385         && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) {
386         ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED);
387         return 0;
388     }
389 
390     if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
391                 & EVP_CIPH_CUSTOM_IV) == 0) {
392         switch (EVP_CIPHER_CTX_get_mode(ctx)) {
393 
394         case EVP_CIPH_STREAM_CIPHER:
395         case EVP_CIPH_ECB_MODE:
396             break;
397 
398         case EVP_CIPH_CFB_MODE:
399         case EVP_CIPH_OFB_MODE:
400 
401             ctx->num = 0;
402             /* fall-through */
403 
404         case EVP_CIPH_CBC_MODE:
405             n = EVP_CIPHER_CTX_get_iv_length(ctx);
406             if (n < 0 || n > (int)sizeof(ctx->iv)) {
407                 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
408                 return 0;
409             }
410             if (iv != NULL)
411                 memcpy(ctx->oiv, iv, n);
412             memcpy(ctx->iv, ctx->oiv, n);
413             break;
414 
415         case EVP_CIPH_CTR_MODE:
416             ctx->num = 0;
417             /* Don't reuse IV for CTR mode */
418             if (iv != NULL) {
419                 n = EVP_CIPHER_CTX_get_iv_length(ctx);
420                 if (n <= 0 || n > (int)sizeof(ctx->iv)) {
421                     ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
422                     return 0;
423                 }
424                 memcpy(ctx->iv, iv, n);
425             }
426             break;
427 
428         default:
429             return 0;
430         }
431     }
432 
433     if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
434         if (!ctx->cipher->init(ctx, key, iv, enc))
435             return 0;
436     }
437     ctx->buf_len = 0;
438     ctx->final_used = 0;
439     ctx->block_mask = ctx->cipher->block_size - 1;
440     return 1;
441 }
442 
EVP_CipherInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc,const OSSL_PARAM params[])443 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
444                        const unsigned char *key, const unsigned char *iv,
445                        int enc, const OSSL_PARAM params[])
446 {
447     return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params);
448 }
449 
EVP_CipherInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc)450 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
451                    const unsigned char *key, const unsigned char *iv, int enc)
452 {
453     if (cipher != NULL)
454         EVP_CIPHER_CTX_reset(ctx);
455     return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, NULL);
456 }
457 
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)458 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
459                       ENGINE *impl, const unsigned char *key,
460                       const unsigned char *iv, int enc)
461 {
462     return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL);
463 }
464 
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)465 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
466                      const unsigned char *in, int inl)
467 {
468     if (ctx->encrypt)
469         return EVP_EncryptUpdate(ctx, out, outl, in, inl);
470     else
471         return EVP_DecryptUpdate(ctx, out, outl, in, inl);
472 }
473 
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)474 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
475 {
476     if (ctx->encrypt)
477         return EVP_EncryptFinal_ex(ctx, out, outl);
478     else
479         return EVP_DecryptFinal_ex(ctx, out, outl);
480 }
481 
EVP_CipherFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)482 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
483 {
484     if (ctx->encrypt)
485         return EVP_EncryptFinal(ctx, out, outl);
486     else
487         return EVP_DecryptFinal(ctx, out, outl);
488 }
489 
EVP_EncryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)490 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
491                     const unsigned char *key, const unsigned char *iv)
492 {
493     return EVP_CipherInit(ctx, cipher, key, iv, 1);
494 }
495 
EVP_EncryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)496 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
497                        ENGINE *impl, const unsigned char *key,
498                        const unsigned char *iv)
499 {
500     return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
501 }
502 
EVP_EncryptInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,const OSSL_PARAM params[])503 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
504                         const unsigned char *key, const unsigned char *iv,
505                         const OSSL_PARAM params[])
506 {
507     return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params);
508 }
509 
EVP_DecryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)510 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
511                     const unsigned char *key, const unsigned char *iv)
512 {
513     return EVP_CipherInit(ctx, cipher, key, iv, 0);
514 }
515 
EVP_DecryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)516 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
517                        ENGINE *impl, const unsigned char *key,
518                        const unsigned char *iv)
519 {
520     return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
521 }
522 
EVP_DecryptInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,const OSSL_PARAM params[])523 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
524                         const unsigned char *key, const unsigned char *iv,
525                         const OSSL_PARAM params[])
526 {
527     return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params);
528 }
529 
530 /*
531  * According to the letter of standard difference between pointers
532  * is specified to be valid only within same object. This makes
533  * it formally challenging to determine if input and output buffers
534  * are not partially overlapping with standard pointer arithmetic.
535  */
536 #ifdef PTRDIFF_T
537 # undef PTRDIFF_T
538 #endif
539 #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
540 /*
541  * Then we have VMS that distinguishes itself by adhering to
542  * sizeof(size_t)==4 even in 64-bit builds, which means that
543  * difference between two pointers might be truncated to 32 bits.
544  * In the context one can even wonder how comparison for
545  * equality is implemented. To be on the safe side we adhere to
546  * PTRDIFF_T even for comparison for equality.
547  */
548 # define PTRDIFF_T uint64_t
549 #else
550 # define PTRDIFF_T size_t
551 #endif
552 
ossl_is_partially_overlapping(const void * ptr1,const void * ptr2,int len)553 int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
554 {
555     PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
556     /*
557      * Check for partially overlapping buffers. [Binary logical
558      * operations are used instead of boolean to minimize number
559      * of conditional branches.]
560      */
561     int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
562                                                 (diff > (0 - (PTRDIFF_T)len)));
563 
564     return overlapped;
565 }
566 
evp_EncryptDecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)567 static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
568                                     unsigned char *out, int *outl,
569                                     const unsigned char *in, int inl)
570 {
571     int i, j, bl, cmpl = inl;
572 
573     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
574         cmpl = safe_div_round_up_int(cmpl, 8, NULL);
575 
576     bl = ctx->cipher->block_size;
577 
578     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
579         /* If block size > 1 then the cipher will have to do this check */
580         if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
581             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
582             return 0;
583         }
584 
585         i = ctx->cipher->do_cipher(ctx, out, in, inl);
586         if (i < 0)
587             return 0;
588         else
589             *outl = i;
590         return 1;
591     }
592 
593     if (inl <= 0) {
594         *outl = 0;
595         return inl == 0;
596     }
597     if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
598         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
599         return 0;
600     }
601 
602     if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
603         if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
604             *outl = inl;
605             return 1;
606         } else {
607             *outl = 0;
608             return 0;
609         }
610     }
611     i = ctx->buf_len;
612     OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
613     if (i != 0) {
614         if (bl - i > inl) {
615             memcpy(&(ctx->buf[i]), in, inl);
616             ctx->buf_len += inl;
617             *outl = 0;
618             return 1;
619         } else {
620             j = bl - i;
621 
622             /*
623              * Once we've processed the first j bytes from in, the amount of
624              * data left that is a multiple of the block length is:
625              * (inl - j) & ~(bl - 1)
626              * We must ensure that this amount of data, plus the one block that
627              * we process from ctx->buf does not exceed INT_MAX
628              */
629             if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
630                 ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
631                 return 0;
632             }
633             memcpy(&(ctx->buf[i]), in, j);
634             inl -= j;
635             in += j;
636             if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
637                 return 0;
638             out += bl;
639             *outl = bl;
640         }
641     } else
642         *outl = 0;
643     i = inl & (bl - 1);
644     inl -= i;
645     if (inl > 0) {
646         if (!ctx->cipher->do_cipher(ctx, out, in, inl))
647             return 0;
648         *outl += inl;
649     }
650 
651     if (i != 0)
652         memcpy(ctx->buf, &(in[inl]), i);
653     ctx->buf_len = i;
654     return 1;
655 }
656 
657 
EVP_EncryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)658 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
659                       const unsigned char *in, int inl)
660 {
661     int ret;
662     size_t soutl, inl_ = (size_t)inl;
663     int blocksize;
664 
665     if (ossl_likely(outl != NULL)) {
666         *outl = 0;
667     } else {
668         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
669         return 0;
670     }
671 
672     /* Prevent accidental use of decryption context when encrypting */
673     if (ossl_unlikely(!ctx->encrypt)) {
674         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
675         return 0;
676     }
677 
678     if (ossl_unlikely(ctx->cipher == NULL)) {
679         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
680         return 0;
681     }
682 
683     if (ossl_unlikely(ctx->cipher->prov == NULL))
684         goto legacy;
685 
686     blocksize = ctx->cipher->block_size;
687 
688     if (ossl_unlikely(ctx->cipher->cupdate == NULL || blocksize < 1)) {
689         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
690         return 0;
691     }
692 
693     ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
694                                inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
695                                in, inl_);
696 
697     if (ossl_likely(ret)) {
698         if (soutl > INT_MAX) {
699             ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
700             return 0;
701         }
702         *outl = soutl;
703     }
704 
705     return ret;
706 
707     /* Code below to be removed when legacy support is dropped. */
708  legacy:
709 
710     return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
711 }
712 
EVP_EncryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)713 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
714 {
715     int ret;
716     ret = EVP_EncryptFinal_ex(ctx, out, outl);
717     return ret;
718 }
719 
EVP_EncryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)720 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
721 {
722     int n, ret;
723     unsigned int i, b, bl;
724     size_t soutl;
725     int blocksize;
726 
727     if (outl != NULL) {
728         *outl = 0;
729     } else {
730         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
731         return 0;
732     }
733 
734     /* Prevent accidental use of decryption context when encrypting */
735     if (!ctx->encrypt) {
736         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
737         return 0;
738     }
739 
740     if (ctx->cipher == NULL) {
741         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
742         return 0;
743     }
744     if (ctx->cipher->prov == NULL)
745         goto legacy;
746 
747     blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
748 
749     if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
750         ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
751         return 0;
752     }
753 
754     ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
755                               blocksize == 1 ? 0 : blocksize);
756 
757     if (ret) {
758         if (soutl > INT_MAX) {
759             ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
760             return 0;
761         }
762         *outl = soutl;
763     }
764 
765     return ret;
766 
767     /* Code below to be removed when legacy support is dropped. */
768  legacy:
769 
770     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
771         ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
772         if (ret < 0)
773             return 0;
774         else
775             *outl = ret;
776         return 1;
777     }
778 
779     b = ctx->cipher->block_size;
780     OPENSSL_assert(b <= sizeof(ctx->buf));
781     if (b == 1) {
782         *outl = 0;
783         return 1;
784     }
785     bl = ctx->buf_len;
786     if (ctx->flags & EVP_CIPH_NO_PADDING) {
787         if (bl) {
788             ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
789             return 0;
790         }
791         *outl = 0;
792         return 1;
793     }
794 
795     n = b - bl;
796     for (i = bl; i < b; i++)
797         ctx->buf[i] = n;
798     ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
799 
800     if (ret)
801         *outl = b;
802 
803     return ret;
804 }
805 
EVP_DecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)806 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
807                       const unsigned char *in, int inl)
808 {
809     int fix_len, cmpl = inl, ret;
810     unsigned int b;
811     size_t soutl, inl_ = (size_t)inl;
812     int blocksize;
813 
814     if (ossl_likely(outl != NULL)) {
815         *outl = 0;
816     } else {
817         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
818         return 0;
819     }
820 
821     /* Prevent accidental use of encryption context when decrypting */
822     if (ossl_unlikely(ctx->encrypt)) {
823         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
824         return 0;
825     }
826 
827     if (ossl_unlikely(ctx->cipher == NULL)) {
828         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
829         return 0;
830     }
831     if (ossl_unlikely(ctx->cipher->prov == NULL))
832         goto legacy;
833 
834     blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
835 
836     if (ossl_unlikely(ctx->cipher->cupdate == NULL || blocksize < 1)) {
837         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
838         return 0;
839     }
840     ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
841                                inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
842                                in, inl_);
843 
844     if (ossl_likely(ret)) {
845         if (soutl > INT_MAX) {
846             ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
847             return 0;
848         }
849         *outl = soutl;
850     }
851 
852     return ret;
853 
854     /* Code below to be removed when legacy support is dropped. */
855  legacy:
856 
857     b = ctx->cipher->block_size;
858 
859     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
860         cmpl = safe_div_round_up_int(cmpl, 8, NULL);
861 
862     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
863         if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
864             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
865             return 0;
866         }
867 
868         fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
869         if (fix_len < 0) {
870             *outl = 0;
871             return 0;
872         } else
873             *outl = fix_len;
874         return 1;
875     }
876 
877     if (inl <= 0) {
878         *outl = 0;
879         return inl == 0;
880     }
881 
882     if (ctx->flags & EVP_CIPH_NO_PADDING)
883         return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
884 
885     OPENSSL_assert(b <= sizeof(ctx->final));
886 
887     if (ctx->final_used) {
888         /* see comment about PTRDIFF_T comparison above */
889         if (((PTRDIFF_T)out == (PTRDIFF_T)in)
890             || ossl_is_partially_overlapping(out, in, b)) {
891             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
892             return 0;
893         }
894         /*
895          * final_used is only ever set if buf_len is 0. Therefore the maximum
896          * length output we will ever see from evp_EncryptDecryptUpdate is
897          * the maximum multiple of the block length that is <= inl, or just:
898          * inl & ~(b - 1)
899          * Since final_used has been set then the final output length is:
900          * (inl & ~(b - 1)) + b
901          * This must never exceed INT_MAX
902          */
903         if ((inl & ~(b - 1)) > INT_MAX - b) {
904             ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
905             return 0;
906         }
907         memcpy(out, ctx->final, b);
908         out += b;
909         fix_len = 1;
910     } else
911         fix_len = 0;
912 
913     if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
914         return 0;
915 
916     /*
917      * if we have 'decrypted' a multiple of block size, make sure we have a
918      * copy of this last block
919      */
920     if (b > 1 && !ctx->buf_len) {
921         *outl -= b;
922         ctx->final_used = 1;
923         memcpy(ctx->final, &out[*outl], b);
924     } else
925         ctx->final_used = 0;
926 
927     if (fix_len)
928         *outl += b;
929 
930     return 1;
931 }
932 
EVP_DecryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)933 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
934 {
935     int ret;
936     ret = EVP_DecryptFinal_ex(ctx, out, outl);
937     return ret;
938 }
939 
EVP_DecryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)940 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
941 {
942     int i, n;
943     unsigned int b;
944     size_t soutl;
945     int ret;
946     int blocksize;
947 
948     if (outl != NULL) {
949         *outl = 0;
950     } else {
951         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
952         return 0;
953     }
954 
955     /* Prevent accidental use of encryption context when decrypting */
956     if (ctx->encrypt) {
957         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
958         return 0;
959     }
960 
961     if (ctx->cipher == NULL) {
962         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
963         return 0;
964     }
965 
966     if (ctx->cipher->prov == NULL)
967         goto legacy;
968 
969     blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
970 
971     if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
972         ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
973         return 0;
974     }
975 
976     ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
977                               blocksize == 1 ? 0 : blocksize);
978 
979     if (ret) {
980         if (soutl > INT_MAX) {
981             ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
982             return 0;
983         }
984         *outl = soutl;
985     }
986 
987     return ret;
988 
989     /* Code below to be removed when legacy support is dropped. */
990  legacy:
991 
992     *outl = 0;
993     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
994         i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
995         if (i < 0)
996             return 0;
997         else
998             *outl = i;
999         return 1;
1000     }
1001 
1002     b = ctx->cipher->block_size;
1003     if (ctx->flags & EVP_CIPH_NO_PADDING) {
1004         if (ctx->buf_len) {
1005             ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
1006             return 0;
1007         }
1008         *outl = 0;
1009         return 1;
1010     }
1011     if (b > 1) {
1012         if (ctx->buf_len || !ctx->final_used) {
1013             ERR_raise(ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
1014             return 0;
1015         }
1016         OPENSSL_assert(b <= sizeof(ctx->final));
1017 
1018         /*
1019          * The following assumes that the ciphertext has been authenticated.
1020          * Otherwise it provides a padding oracle.
1021          */
1022         n = ctx->final[b - 1];
1023         if (n == 0 || n > (int)b) {
1024             ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
1025             return 0;
1026         }
1027         for (i = 0; i < n; i++) {
1028             if (ctx->final[--b] != n) {
1029                 ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
1030                 return 0;
1031             }
1032         }
1033         n = ctx->cipher->block_size - n;
1034         for (i = 0; i < n; i++)
1035             out[i] = ctx->final[i];
1036         *outl = n;
1037     }
1038     return 1;
1039 }
1040 
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int keylen)1041 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
1042 {
1043     if (c->cipher->prov != NULL) {
1044         int ok;
1045         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1046         size_t len;
1047 
1048         if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1049             return 1;
1050 
1051         /* Check the cipher actually understands this parameter */
1052         if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
1053                                     OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
1054             ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1055             return 0;
1056         }
1057 
1058         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
1059         if (!OSSL_PARAM_set_int(params, keylen))
1060             return 0;
1061         ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
1062         if (ok <= 0)
1063             return 0;
1064         c->key_len = keylen;
1065         return 1;
1066     }
1067 
1068     /* Code below to be removed when legacy support is dropped. */
1069 
1070     /*
1071      * Note there have never been any built-in ciphers that define this flag
1072      * since it was first introduced.
1073      */
1074     if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
1075         return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
1076     if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1077         return 1;
1078     if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
1079         c->key_len = keylen;
1080         return 1;
1081     }
1082     ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1083     return 0;
1084 }
1085 
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX * ctx,int pad)1086 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
1087 {
1088     int ok;
1089     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1090     unsigned int pd = pad;
1091 
1092     if (pad)
1093         ctx->flags &= ~EVP_CIPH_NO_PADDING;
1094     else
1095         ctx->flags |= EVP_CIPH_NO_PADDING;
1096 
1097     if (ctx->cipher != NULL && ctx->cipher->prov == NULL)
1098         return 1;
1099     params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd);
1100     ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1101 
1102     return ok != 0;
1103 }
1104 
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)1105 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1106 {
1107     int ret = EVP_CTRL_RET_UNSUPPORTED;
1108     int set_params = 1;
1109     size_t sz = arg;
1110     unsigned int i;
1111     OSSL_PARAM params[4] = {
1112         OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
1113     };
1114 
1115     if (ctx == NULL || ctx->cipher == NULL) {
1116         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
1117         return 0;
1118     }
1119 
1120     if (ctx->cipher->prov == NULL)
1121         goto legacy;
1122 
1123     switch (type) {
1124     case EVP_CTRL_SET_KEY_LENGTH:
1125         if (arg < 0)
1126             return 0;
1127         if (ctx->key_len == arg)
1128             /* Skip calling into provider if unchanged. */
1129             return 1;
1130         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
1131         ctx->key_len = -1;
1132         break;
1133     case EVP_CTRL_RAND_KEY:      /* Used by DES */
1134         set_params = 0;
1135         params[0] =
1136             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
1137                                               ptr, sz);
1138         break;
1139 
1140     case EVP_CTRL_INIT:
1141         /*
1142          * EVP_CTRL_INIT is purely legacy, no provider counterpart.
1143          * As a matter of fact, this should be dead code, but some caller
1144          * might still do a direct control call with this command, so...
1145          * Legacy methods return 1 except for exceptional circumstances, so
1146          * we do the same here to not be disruptive.
1147          */
1148         return 1;
1149     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
1150     default:
1151         goto end;
1152     case EVP_CTRL_AEAD_SET_IVLEN:
1153         if (arg < 0)
1154             return 0;
1155         if (ctx->iv_len == arg)
1156             /* Skip calling into provider if unchanged. */
1157             return 1;
1158         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1159         ctx->iv_len = -1;
1160         break;
1161     case EVP_CTRL_CCM_SET_L:
1162         if (arg < 2 || arg > 8)
1163             return 0;
1164         sz = 15 - arg;
1165         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1166         ctx->iv_len = -1;
1167         break;
1168     case EVP_CTRL_AEAD_SET_IV_FIXED:
1169         params[0] = OSSL_PARAM_construct_octet_string(
1170                         OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz);
1171         break;
1172     case EVP_CTRL_GCM_IV_GEN:
1173         set_params = 0;
1174         if (arg < 0)
1175             sz = 0; /* special case that uses the iv length */
1176         params[0] = OSSL_PARAM_construct_octet_string(
1177                         OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz);
1178         break;
1179     case EVP_CTRL_GCM_SET_IV_INV:
1180         if (arg < 0)
1181             return 0;
1182         params[0] = OSSL_PARAM_construct_octet_string(
1183                         OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz);
1184         break;
1185     case EVP_CTRL_GET_RC5_ROUNDS:
1186         set_params = 0; /* Fall thru */
1187     case EVP_CTRL_SET_RC5_ROUNDS:
1188         if (arg < 0)
1189             return 0;
1190         i = (unsigned int)arg;
1191         params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i);
1192         break;
1193     case EVP_CTRL_SET_SPEED:
1194         if (arg < 0)
1195             return 0;
1196         i = (unsigned int)arg;
1197         params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_SPEED, &i);
1198         break;
1199     case EVP_CTRL_AEAD_GET_TAG:
1200         set_params = 0; /* Fall thru */
1201     case EVP_CTRL_AEAD_SET_TAG:
1202         params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
1203                                                       ptr, sz);
1204         break;
1205     case EVP_CTRL_AEAD_TLS1_AAD:
1206         /* This one does a set and a get - since it returns a size */
1207         params[0] =
1208             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1209                                               ptr, sz);
1210         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1211         if (ret <= 0)
1212             goto end;
1213         params[0] =
1214             OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
1215         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1216         if (ret <= 0)
1217             goto end;
1218         return sz;
1219 #ifndef OPENSSL_NO_RC2
1220     case EVP_CTRL_GET_RC2_KEY_BITS:
1221         set_params = 0; /* Fall thru */
1222     case EVP_CTRL_SET_RC2_KEY_BITS:
1223         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz);
1224         break;
1225 #endif /* OPENSSL_NO_RC2 */
1226 #if !defined(OPENSSL_NO_MULTIBLOCK)
1227     case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
1228         params[0] = OSSL_PARAM_construct_size_t(
1229                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz);
1230         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1231         if (ret <= 0)
1232             return 0;
1233 
1234         params[0] = OSSL_PARAM_construct_size_t(
1235                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz);
1236         params[1] = OSSL_PARAM_construct_end();
1237         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1238         if (ret <= 0)
1239             return 0;
1240         return sz;
1241     case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: {
1242         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1243             (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1244 
1245         if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
1246             return 0;
1247 
1248         params[0] = OSSL_PARAM_construct_octet_string(
1249                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len);
1250         params[1] = OSSL_PARAM_construct_uint(
1251                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1252         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1253         if (ret <= 0)
1254             return ret;
1255         /* Retrieve the return values changed by the set */
1256         params[0] = OSSL_PARAM_construct_size_t(
1257                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz);
1258         params[1] = OSSL_PARAM_construct_uint(
1259                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1260         params[2] = OSSL_PARAM_construct_end();
1261         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1262         if (ret <= 0)
1263             return 0;
1264         return sz;
1265     }
1266     case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: {
1267         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1268             (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1269 
1270         params[0] = OSSL_PARAM_construct_octet_string(
1271                         OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len);
1272 
1273         params[1] = OSSL_PARAM_construct_octet_string(
1274                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp,
1275                 p->len);
1276         params[2] = OSSL_PARAM_construct_uint(
1277                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1278         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1279         if (ret <= 0)
1280             return ret;
1281         params[0] = OSSL_PARAM_construct_size_t(
1282                         OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz);
1283         params[1] = OSSL_PARAM_construct_end();
1284         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1285         if (ret <= 0)
1286             return 0;
1287         return sz;
1288     }
1289 #endif /* OPENSSL_NO_MULTIBLOCK */
1290     case EVP_CTRL_AEAD_SET_MAC_KEY:
1291         if (arg < 0)
1292             return -1;
1293         params[0] = OSSL_PARAM_construct_octet_string(
1294                 OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz);
1295         break;
1296     }
1297 
1298     if (set_params)
1299         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1300     else
1301         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1302     goto end;
1303 
1304     /* Code below to be removed when legacy support is dropped. */
1305 legacy:
1306     if (ctx->cipher->ctrl == NULL) {
1307         ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
1308         return 0;
1309     }
1310 
1311     ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
1312 
1313  end:
1314     if (ret == EVP_CTRL_RET_UNSUPPORTED) {
1315         ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
1316         return 0;
1317     }
1318     return ret;
1319 }
1320 
EVP_CIPHER_get_params(EVP_CIPHER * cipher,OSSL_PARAM params[])1321 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
1322 {
1323     if (cipher != NULL && cipher->get_params != NULL)
1324         return cipher->get_params(params);
1325     return 0;
1326 }
1327 
EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX * ctx,const OSSL_PARAM params[])1328 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
1329 {
1330     int r = 0;
1331     const OSSL_PARAM *p;
1332 
1333     if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) {
1334         r = ctx->cipher->set_ctx_params(ctx->algctx, params);
1335         if (r > 0) {
1336             p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
1337             if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->key_len)) {
1338                 r = 0;
1339                 ctx->key_len = -1;
1340             }
1341         }
1342         if (r > 0) {
1343             p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
1344             if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->iv_len)) {
1345                 r = 0;
1346                 ctx->iv_len = -1;
1347             }
1348         }
1349     }
1350     return r;
1351 }
1352 
EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX * ctx,OSSL_PARAM params[])1353 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
1354 {
1355     if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL)
1356         return ctx->cipher->get_ctx_params(ctx->algctx, params);
1357     return 0;
1358 }
1359 
EVP_CIPHER_gettable_params(const EVP_CIPHER * cipher)1360 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
1361 {
1362     if (cipher != NULL && cipher->gettable_params != NULL)
1363         return cipher->gettable_params(
1364                    ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)));
1365     return NULL;
1366 }
1367 
EVP_CIPHER_settable_ctx_params(const EVP_CIPHER * cipher)1368 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher)
1369 {
1370     void *provctx;
1371 
1372     if (cipher != NULL && cipher->settable_ctx_params != NULL) {
1373         provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1374         return cipher->settable_ctx_params(NULL, provctx);
1375     }
1376     return NULL;
1377 }
1378 
EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER * cipher)1379 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher)
1380 {
1381     void *provctx;
1382 
1383     if (cipher != NULL && cipher->gettable_ctx_params != NULL) {
1384         provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1385         return cipher->gettable_ctx_params(NULL, provctx);
1386     }
1387     return NULL;
1388 }
1389 
EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX * cctx)1390 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx)
1391 {
1392     void *alg;
1393 
1394     if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) {
1395         alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1396         return cctx->cipher->settable_ctx_params(cctx->algctx, alg);
1397     }
1398     return NULL;
1399 }
1400 
EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX * cctx)1401 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx)
1402 {
1403     void *provctx;
1404 
1405     if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) {
1406         provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1407         return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx);
1408     }
1409     return NULL;
1410 }
1411 
1412 #ifndef FIPS_MODULE
EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX * ctx)1413 static OSSL_LIB_CTX *EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX *ctx)
1414 {
1415     const EVP_CIPHER *cipher = ctx->cipher;
1416     const OSSL_PROVIDER *prov;
1417 
1418     if (cipher == NULL)
1419         return NULL;
1420 
1421     prov = EVP_CIPHER_get0_provider(cipher);
1422     return ossl_provider_libctx(prov);
1423 }
1424 #endif
1425 
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,unsigned char * key)1426 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
1427 {
1428     if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1429         return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1430 
1431 #ifdef FIPS_MODULE
1432     return 0;
1433 #else
1434     {
1435         int kl;
1436         OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
1437 
1438         kl = EVP_CIPHER_CTX_get_key_length(ctx);
1439         if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
1440             return 0;
1441         return 1;
1442     }
1443 #endif /* FIPS_MODULE */
1444 }
1445 
EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX * in)1446 EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
1447 {
1448     EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
1449 
1450     if (out != NULL && !EVP_CIPHER_CTX_copy(out, in)) {
1451         EVP_CIPHER_CTX_free(out);
1452         out = NULL;
1453     }
1454     return out;
1455 }
1456 
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * out,const EVP_CIPHER_CTX * in)1457 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
1458 {
1459     if ((in == NULL) || (in->cipher == NULL)) {
1460         ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED);
1461         return 0;
1462     }
1463 
1464     if (in->cipher->prov == NULL)
1465         goto legacy;
1466 
1467     if (in->cipher->dupctx == NULL) {
1468         ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1469         return 0;
1470     }
1471 
1472     EVP_CIPHER_CTX_reset(out);
1473 
1474     *out = *in;
1475     out->algctx = NULL;
1476 
1477     if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) {
1478         out->fetched_cipher = NULL;
1479         return 0;
1480     }
1481 
1482     out->algctx = in->cipher->dupctx(in->algctx);
1483     if (out->algctx == NULL) {
1484         ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1485         return 0;
1486     }
1487 
1488     return 1;
1489 
1490     /* Code below to be removed when legacy support is dropped. */
1491  legacy:
1492 
1493 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
1494     /* Make sure it's safe to copy a cipher context using an ENGINE */
1495     if (in->engine && !ENGINE_init(in->engine)) {
1496         ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
1497         return 0;
1498     }
1499 #endif
1500 
1501     EVP_CIPHER_CTX_reset(out);
1502     memcpy(out, in, sizeof(*out));
1503 
1504     if (in->cipher_data && in->cipher->ctx_size) {
1505         out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
1506         if (out->cipher_data == NULL) {
1507             out->cipher = NULL;
1508             return 0;
1509         }
1510         memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
1511     }
1512 
1513     if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
1514         if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
1515             out->cipher = NULL;
1516             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
1517             return 0;
1518         }
1519     return 1;
1520 }
1521 
evp_cipher_new(void)1522 EVP_CIPHER *evp_cipher_new(void)
1523 {
1524     EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
1525 
1526     if (cipher != NULL && !CRYPTO_NEW_REF(&cipher->refcnt, 1)) {
1527         OPENSSL_free(cipher);
1528         return NULL;
1529     }
1530     return cipher;
1531 }
1532 
1533 /*
1534  * FIPS module note: since internal fetches will be entirely
1535  * provider based, we know that none of its code depends on legacy
1536  * NIDs or any functionality that use them.
1537  */
1538 #ifndef FIPS_MODULE
1539 /* After removal of legacy support get rid of the need for legacy NIDs */
set_legacy_nid(const char * name,void * vlegacy_nid)1540 static void set_legacy_nid(const char *name, void *vlegacy_nid)
1541 {
1542     int nid;
1543     int *legacy_nid = vlegacy_nid;
1544     /*
1545      * We use lowest level function to get the associated method, because
1546      * higher level functions such as EVP_get_cipherbyname() have changed
1547      * to look at providers too.
1548      */
1549     const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
1550 
1551     if (*legacy_nid == -1)       /* We found a clash already */
1552         return;
1553     if (legacy_method == NULL)
1554         return;
1555     nid = EVP_CIPHER_get_nid(legacy_method);
1556     if (*legacy_nid != NID_undef && *legacy_nid != nid) {
1557         *legacy_nid = -1;
1558         return;
1559     }
1560     *legacy_nid = nid;
1561 }
1562 #endif
1563 
evp_cipher_from_algorithm(const int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)1564 static void *evp_cipher_from_algorithm(const int name_id,
1565                                        const OSSL_ALGORITHM *algodef,
1566                                        OSSL_PROVIDER *prov)
1567 {
1568     const OSSL_DISPATCH *fns = algodef->implementation;
1569     EVP_CIPHER *cipher = NULL;
1570     int fnciphcnt = 0, fnctxcnt = 0;
1571 
1572     if ((cipher = evp_cipher_new()) == NULL) {
1573         ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
1574         return NULL;
1575     }
1576 
1577 #ifndef FIPS_MODULE
1578     cipher->nid = NID_undef;
1579     if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid)
1580             || cipher->nid == -1) {
1581         ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
1582         EVP_CIPHER_free(cipher);
1583         return NULL;
1584     }
1585 #endif
1586 
1587     cipher->name_id = name_id;
1588     if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
1589         EVP_CIPHER_free(cipher);
1590         return NULL;
1591     }
1592     cipher->description = algodef->algorithm_description;
1593 
1594     for (; fns->function_id != 0; fns++) {
1595         switch (fns->function_id) {
1596         case OSSL_FUNC_CIPHER_NEWCTX:
1597             if (cipher->newctx != NULL)
1598                 break;
1599             cipher->newctx = OSSL_FUNC_cipher_newctx(fns);
1600             fnctxcnt++;
1601             break;
1602         case OSSL_FUNC_CIPHER_ENCRYPT_INIT:
1603             if (cipher->einit != NULL)
1604                 break;
1605             cipher->einit = OSSL_FUNC_cipher_encrypt_init(fns);
1606             fnciphcnt++;
1607             break;
1608         case OSSL_FUNC_CIPHER_DECRYPT_INIT:
1609             if (cipher->dinit != NULL)
1610                 break;
1611             cipher->dinit = OSSL_FUNC_cipher_decrypt_init(fns);
1612             fnciphcnt++;
1613             break;
1614         case OSSL_FUNC_CIPHER_UPDATE:
1615             if (cipher->cupdate != NULL)
1616                 break;
1617             cipher->cupdate = OSSL_FUNC_cipher_update(fns);
1618             fnciphcnt++;
1619             break;
1620         case OSSL_FUNC_CIPHER_FINAL:
1621             if (cipher->cfinal != NULL)
1622                 break;
1623             cipher->cfinal = OSSL_FUNC_cipher_final(fns);
1624             fnciphcnt++;
1625             break;
1626         case OSSL_FUNC_CIPHER_CIPHER:
1627             if (cipher->ccipher != NULL)
1628                 break;
1629             cipher->ccipher = OSSL_FUNC_cipher_cipher(fns);
1630             break;
1631         case OSSL_FUNC_CIPHER_FREECTX:
1632             if (cipher->freectx != NULL)
1633                 break;
1634             cipher->freectx = OSSL_FUNC_cipher_freectx(fns);
1635             fnctxcnt++;
1636             break;
1637         case OSSL_FUNC_CIPHER_DUPCTX:
1638             if (cipher->dupctx != NULL)
1639                 break;
1640             cipher->dupctx = OSSL_FUNC_cipher_dupctx(fns);
1641             break;
1642         case OSSL_FUNC_CIPHER_GET_PARAMS:
1643             if (cipher->get_params != NULL)
1644                 break;
1645             cipher->get_params = OSSL_FUNC_cipher_get_params(fns);
1646             break;
1647         case OSSL_FUNC_CIPHER_GET_CTX_PARAMS:
1648             if (cipher->get_ctx_params != NULL)
1649                 break;
1650             cipher->get_ctx_params = OSSL_FUNC_cipher_get_ctx_params(fns);
1651             break;
1652         case OSSL_FUNC_CIPHER_SET_CTX_PARAMS:
1653             if (cipher->set_ctx_params != NULL)
1654                 break;
1655             cipher->set_ctx_params = OSSL_FUNC_cipher_set_ctx_params(fns);
1656             break;
1657         case OSSL_FUNC_CIPHER_GETTABLE_PARAMS:
1658             if (cipher->gettable_params != NULL)
1659                 break;
1660             cipher->gettable_params = OSSL_FUNC_cipher_gettable_params(fns);
1661             break;
1662         case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS:
1663             if (cipher->gettable_ctx_params != NULL)
1664                 break;
1665             cipher->gettable_ctx_params =
1666                 OSSL_FUNC_cipher_gettable_ctx_params(fns);
1667             break;
1668         case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS:
1669             if (cipher->settable_ctx_params != NULL)
1670                 break;
1671             cipher->settable_ctx_params =
1672                 OSSL_FUNC_cipher_settable_ctx_params(fns);
1673             break;
1674         }
1675     }
1676     if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
1677             || (fnciphcnt == 0 && cipher->ccipher == NULL)
1678             || fnctxcnt != 2) {
1679         /*
1680          * In order to be a consistent set of functions we must have at least
1681          * a complete set of "encrypt" functions, or a complete set of "decrypt"
1682          * functions, or a single "cipher" function. In all cases we need both
1683          * the "newctx" and "freectx" functions.
1684          */
1685         EVP_CIPHER_free(cipher);
1686         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
1687         return NULL;
1688     }
1689     cipher->prov = prov;
1690     if (prov != NULL)
1691         ossl_provider_up_ref(prov);
1692 
1693     if (!evp_cipher_cache_constants(cipher)) {
1694         EVP_CIPHER_free(cipher);
1695         ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
1696         cipher = NULL;
1697     }
1698 
1699     return cipher;
1700 }
1701 
evp_cipher_up_ref(void * cipher)1702 static int evp_cipher_up_ref(void *cipher)
1703 {
1704     return EVP_CIPHER_up_ref(cipher);
1705 }
1706 
evp_cipher_free(void * cipher)1707 static void evp_cipher_free(void *cipher)
1708 {
1709     EVP_CIPHER_free(cipher);
1710 }
1711 
EVP_CIPHER_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)1712 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
1713                              const char *properties)
1714 {
1715     EVP_CIPHER *cipher =
1716         evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties,
1717                           evp_cipher_from_algorithm, evp_cipher_up_ref,
1718                           evp_cipher_free);
1719 
1720     return cipher;
1721 }
1722 
EVP_CIPHER_up_ref(EVP_CIPHER * cipher)1723 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher)
1724 {
1725     int ref = 0;
1726 
1727     if (cipher->origin == EVP_ORIG_DYNAMIC)
1728         CRYPTO_UP_REF(&cipher->refcnt, &ref);
1729     return 1;
1730 }
1731 
evp_cipher_free_int(EVP_CIPHER * cipher)1732 void evp_cipher_free_int(EVP_CIPHER *cipher)
1733 {
1734     OPENSSL_free(cipher->type_name);
1735     ossl_provider_free(cipher->prov);
1736     CRYPTO_FREE_REF(&cipher->refcnt);
1737     OPENSSL_free(cipher);
1738 }
1739 
EVP_CIPHER_free(EVP_CIPHER * cipher)1740 void EVP_CIPHER_free(EVP_CIPHER *cipher)
1741 {
1742     int i;
1743 
1744     if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC)
1745         return;
1746 
1747     CRYPTO_DOWN_REF(&cipher->refcnt, &i);
1748     if (i > 0)
1749         return;
1750     evp_cipher_free_int(cipher);
1751 }
1752 
EVP_CIPHER_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_CIPHER * mac,void * arg),void * arg)1753 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
1754                                 void (*fn)(EVP_CIPHER *mac, void *arg),
1755                                 void *arg)
1756 {
1757     evp_generic_do_all(libctx, OSSL_OP_CIPHER,
1758                        (void (*)(void *, void *))fn, arg,
1759                        evp_cipher_from_algorithm, evp_cipher_up_ref,
1760                        evp_cipher_free);
1761 }
1762