1 /*
2  * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12 
13 #include <stdio.h>
14 #include <limits.h>
15 #include <assert.h>
16 #include <openssl/evp.h>
17 #include <openssl/err.h>
18 #include <openssl/rand.h>
19 #ifndef FIPS_MODULE
20 # include <openssl/engine.h>
21 #endif
22 #include <openssl/params.h>
23 #include <openssl/core_names.h>
24 #include "internal/cryptlib.h"
25 #include "internal/provider.h"
26 #include "internal/core.h"
27 #include "crypto/evp.h"
28 #include "evp_local.h"
29 
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX * ctx)30 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
31 {
32     if (ctx == NULL)
33         return 1;
34 
35     if (ctx->cipher == NULL || ctx->cipher->prov == NULL)
36         goto legacy;
37 
38     if (ctx->algctx != NULL) {
39         if (ctx->cipher->freectx != NULL)
40             ctx->cipher->freectx(ctx->algctx);
41         ctx->algctx = NULL;
42     }
43     if (ctx->fetched_cipher != NULL)
44         EVP_CIPHER_free(ctx->fetched_cipher);
45     memset(ctx, 0, sizeof(*ctx));
46     ctx->iv_len = -1;
47 
48     return 1;
49 
50     /* Remove legacy code below when legacy support is removed. */
51  legacy:
52 
53     if (ctx->cipher != NULL) {
54         if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx))
55             return 0;
56         /* Cleanse cipher context data */
57         if (ctx->cipher_data && ctx->cipher->ctx_size)
58             OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);
59     }
60     OPENSSL_free(ctx->cipher_data);
61 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
62     ENGINE_finish(ctx->engine);
63 #endif
64     memset(ctx, 0, sizeof(*ctx));
65     ctx->iv_len = -1;
66     return 1;
67 }
68 
EVP_CIPHER_CTX_new(void)69 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
70 {
71     return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
72 }
73 
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * ctx)74 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
75 {
76     if (ctx == NULL)
77         return;
78     EVP_CIPHER_CTX_reset(ctx);
79     OPENSSL_free(ctx);
80 }
81 
evp_cipher_init_internal(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc,const OSSL_PARAM params[])82 static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
83                                     const EVP_CIPHER *cipher,
84                                     ENGINE *impl, const unsigned char *key,
85                                     const unsigned char *iv, int enc,
86                                     const OSSL_PARAM params[])
87 {
88     int n;
89 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
90     ENGINE *tmpimpl = NULL;
91 #endif
92 
93     ctx->iv_len = -1;
94 
95     /*
96      * enc == 1 means we are encrypting.
97      * enc == 0 means we are decrypting.
98      * enc == -1 means, use the previously initialised value for encrypt/decrypt
99      */
100     if (enc == -1) {
101         enc = ctx->encrypt;
102     } else {
103         if (enc)
104             enc = 1;
105         ctx->encrypt = enc;
106     }
107 
108     if (cipher == NULL && ctx->cipher == NULL) {
109         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
110         return 0;
111     }
112 
113     /* Code below to be removed when legacy support is dropped. */
114 
115 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
116     /*
117      * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
118      * this context may already have an ENGINE! Try to avoid releasing the
119      * previous handle, re-querying for an ENGINE, and having a
120      * reinitialisation, when it may all be unnecessary.
121      */
122     if (ctx->engine && ctx->cipher
123         && (cipher == NULL || cipher->nid == ctx->cipher->nid))
124         goto skip_to_init;
125 
126     if (cipher != NULL && impl == NULL) {
127          /* Ask if an ENGINE is reserved for this job */
128         tmpimpl = ENGINE_get_cipher_engine(cipher->nid);
129     }
130 #endif
131 
132     /*
133      * If there are engines involved then we should use legacy handling for now.
134      */
135     if (ctx->engine != NULL
136 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
137             || tmpimpl != NULL
138 #endif
139             || impl != NULL
140             || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
141             || (cipher == NULL && ctx->cipher != NULL
142                                && ctx->cipher->origin == EVP_ORIG_METH)) {
143         if (ctx->cipher == ctx->fetched_cipher)
144             ctx->cipher = NULL;
145         EVP_CIPHER_free(ctx->fetched_cipher);
146         ctx->fetched_cipher = NULL;
147         goto legacy;
148     }
149     /*
150      * Ensure a context left lying around from last time is cleared
151      * (legacy code)
152      */
153     if (cipher != NULL && ctx->cipher != NULL) {
154         if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx))
155             return 0;
156         OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size);
157         ctx->cipher_data = NULL;
158     }
159 
160     /* Start of non-legacy code below */
161 
162     /* Ensure a context left lying around from last time is cleared */
163     if (cipher != NULL && ctx->cipher != NULL) {
164         unsigned long flags = ctx->flags;
165 
166         EVP_CIPHER_CTX_reset(ctx);
167         /* Restore encrypt and flags */
168         ctx->encrypt = enc;
169         ctx->flags = flags;
170     }
171 
172     if (cipher == NULL)
173         cipher = ctx->cipher;
174 
175     if (cipher->prov == NULL) {
176 #ifdef FIPS_MODULE
177         /* We only do explicit fetches inside the FIPS module */
178         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
179         return 0;
180 #else
181         EVP_CIPHER *provciph =
182             EVP_CIPHER_fetch(NULL,
183                              cipher->nid == NID_undef ? "NULL"
184                                                       : OBJ_nid2sn(cipher->nid),
185                              "");
186 
187         if (provciph == NULL)
188             return 0;
189         cipher = provciph;
190         EVP_CIPHER_free(ctx->fetched_cipher);
191         ctx->fetched_cipher = provciph;
192 #endif
193     }
194 
195     if (!ossl_assert(cipher->prov != NULL)) {
196         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
197         return 0;
198     }
199 
200     if (cipher != ctx->fetched_cipher) {
201         if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
202             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
203             return 0;
204         }
205         EVP_CIPHER_free(ctx->fetched_cipher);
206         ctx->fetched_cipher = (EVP_CIPHER *)cipher;
207     }
208     ctx->cipher = cipher;
209     if (ctx->algctx == NULL) {
210         ctx->algctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov));
211         if (ctx->algctx == NULL) {
212             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
213             return 0;
214         }
215     }
216 
217     if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
218         /*
219          * If this ctx was already set up for no padding then we need to tell
220          * the new cipher about it.
221          */
222         if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
223             return 0;
224     }
225 
226 #ifndef FIPS_MODULE
227     /*
228      * Fix for CVE-2023-5363
229      * Passing in a size as part of the init call takes effect late
230      * so, force such to occur before the initialisation.
231      *
232      * The FIPS provider's internal library context is used in a manner
233      * such that this is not an issue.
234      */
235     if (params != NULL) {
236         OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
237                                      OSSL_PARAM_END };
238         OSSL_PARAM *q = param_lens;
239         const OSSL_PARAM *p;
240 
241         p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
242         if (p != NULL)
243             memcpy(q++, p, sizeof(*q));
244 
245         /*
246          * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
247          * OSSL_CIPHER_PARAM_IVLEN so both are covered here.
248          */
249         p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
250         if (p != NULL)
251             memcpy(q++, p, sizeof(*q));
252 
253         if (q != param_lens) {
254             if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
255                 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
256                 return 0;
257             }
258         }
259     }
260 #endif
261 
262     if (enc) {
263         if (ctx->cipher->einit == NULL) {
264             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
265             return 0;
266         }
267 
268         return ctx->cipher->einit(ctx->algctx,
269                                   key,
270                                   key == NULL ? 0
271                                               : EVP_CIPHER_CTX_get_key_length(ctx),
272                                   iv,
273                                   iv == NULL ? 0
274                                              : EVP_CIPHER_CTX_get_iv_length(ctx),
275                                   params);
276     }
277 
278     if (ctx->cipher->dinit == NULL) {
279         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
280         return 0;
281     }
282 
283     return ctx->cipher->dinit(ctx->algctx,
284                               key,
285                               key == NULL ? 0
286                                           : EVP_CIPHER_CTX_get_key_length(ctx),
287                               iv,
288                               iv == NULL ? 0
289                                          : EVP_CIPHER_CTX_get_iv_length(ctx),
290                                   params);
291 
292     /* Code below to be removed when legacy support is dropped. */
293  legacy:
294 
295     if (cipher != NULL) {
296         /*
297          * Ensure a context left lying around from last time is cleared (we
298          * previously attempted to avoid this if the same ENGINE and
299          * EVP_CIPHER could be used).
300          */
301         if (ctx->cipher) {
302             unsigned long flags = ctx->flags;
303             EVP_CIPHER_CTX_reset(ctx);
304             /* Restore encrypt and flags */
305             ctx->encrypt = enc;
306             ctx->flags = flags;
307         }
308 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
309         if (impl != NULL) {
310             if (!ENGINE_init(impl)) {
311                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
312                 return 0;
313             }
314         } else {
315             impl = tmpimpl;
316         }
317         if (impl != NULL) {
318             /* There's an ENGINE for this job ... (apparently) */
319             const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
320 
321             if (c == NULL) {
322                 /*
323                  * One positive side-effect of US's export control history,
324                  * is that we should at least be able to avoid using US
325                  * misspellings of "initialisation"?
326                  */
327                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
328                 return 0;
329             }
330             /* We'll use the ENGINE's private cipher definition */
331             cipher = c;
332             /*
333              * Store the ENGINE functional reference so we know 'cipher' came
334              * from an ENGINE and we need to release it when done.
335              */
336             ctx->engine = impl;
337         } else {
338             ctx->engine = NULL;
339         }
340 #endif
341 
342         ctx->cipher = cipher;
343         if (ctx->cipher->ctx_size) {
344             ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
345             if (ctx->cipher_data == NULL) {
346                 ctx->cipher = NULL;
347                 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
348                 return 0;
349             }
350         } else {
351             ctx->cipher_data = NULL;
352         }
353         ctx->key_len = cipher->key_len;
354         /* Preserve wrap enable flag, zero everything else */
355         ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
356         if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
357             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) {
358                 ctx->cipher = NULL;
359                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
360                 return 0;
361             }
362         }
363     }
364 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
365  skip_to_init:
366 #endif
367     if (ctx->cipher == NULL)
368         return 0;
369 
370     /* we assume block size is a power of 2 in *cryptUpdate */
371     OPENSSL_assert(ctx->cipher->block_size == 1
372                    || ctx->cipher->block_size == 8
373                    || ctx->cipher->block_size == 16);
374 
375     if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
376         && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) {
377         ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED);
378         return 0;
379     }
380 
381     if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
382                 & EVP_CIPH_CUSTOM_IV) == 0) {
383         switch (EVP_CIPHER_CTX_get_mode(ctx)) {
384 
385         case EVP_CIPH_STREAM_CIPHER:
386         case EVP_CIPH_ECB_MODE:
387             break;
388 
389         case EVP_CIPH_CFB_MODE:
390         case EVP_CIPH_OFB_MODE:
391 
392             ctx->num = 0;
393             /* fall-through */
394 
395         case EVP_CIPH_CBC_MODE:
396             n = EVP_CIPHER_CTX_get_iv_length(ctx);
397             if (n < 0 || n > (int)sizeof(ctx->iv)) {
398                 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
399                 return 0;
400             }
401             if (iv != NULL)
402                 memcpy(ctx->oiv, iv, n);
403             memcpy(ctx->iv, ctx->oiv, n);
404             break;
405 
406         case EVP_CIPH_CTR_MODE:
407             ctx->num = 0;
408             /* Don't reuse IV for CTR mode */
409             if (iv != NULL) {
410                 n = EVP_CIPHER_CTX_get_iv_length(ctx);
411                 if (n <= 0 || n > (int)sizeof(ctx->iv)) {
412                     ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
413                     return 0;
414                 }
415                 memcpy(ctx->iv, iv, n);
416             }
417             break;
418 
419         default:
420             return 0;
421         }
422     }
423 
424     if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
425         if (!ctx->cipher->init(ctx, key, iv, enc))
426             return 0;
427     }
428     ctx->buf_len = 0;
429     ctx->final_used = 0;
430     ctx->block_mask = ctx->cipher->block_size - 1;
431     return 1;
432 }
433 
EVP_CipherInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc,const OSSL_PARAM params[])434 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
435                        const unsigned char *key, const unsigned char *iv,
436                        int enc, const OSSL_PARAM params[])
437 {
438     return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params);
439 }
440 
EVP_CipherInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,int enc)441 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
442                    const unsigned char *key, const unsigned char *iv, int enc)
443 {
444     if (cipher != NULL)
445         EVP_CIPHER_CTX_reset(ctx);
446     return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, NULL);
447 }
448 
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)449 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
450                       ENGINE *impl, const unsigned char *key,
451                       const unsigned char *iv, int enc)
452 {
453     return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL);
454 }
455 
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)456 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
457                      const unsigned char *in, int inl)
458 {
459     if (ctx->encrypt)
460         return EVP_EncryptUpdate(ctx, out, outl, in, inl);
461     else
462         return EVP_DecryptUpdate(ctx, out, outl, in, inl);
463 }
464 
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)465 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
466 {
467     if (ctx->encrypt)
468         return EVP_EncryptFinal_ex(ctx, out, outl);
469     else
470         return EVP_DecryptFinal_ex(ctx, out, outl);
471 }
472 
EVP_CipherFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)473 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
474 {
475     if (ctx->encrypt)
476         return EVP_EncryptFinal(ctx, out, outl);
477     else
478         return EVP_DecryptFinal(ctx, out, outl);
479 }
480 
EVP_EncryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)481 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
482                     const unsigned char *key, const unsigned char *iv)
483 {
484     return EVP_CipherInit(ctx, cipher, key, iv, 1);
485 }
486 
EVP_EncryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)487 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
488                        ENGINE *impl, const unsigned char *key,
489                        const unsigned char *iv)
490 {
491     return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
492 }
493 
EVP_EncryptInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,const OSSL_PARAM params[])494 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
495                         const unsigned char *key, const unsigned char *iv,
496                         const OSSL_PARAM params[])
497 {
498     return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params);
499 }
500 
EVP_DecryptInit(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv)501 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
502                     const unsigned char *key, const unsigned char *iv)
503 {
504     return EVP_CipherInit(ctx, cipher, key, iv, 0);
505 }
506 
EVP_DecryptInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,ENGINE * impl,const unsigned char * key,const unsigned char * iv)507 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
508                        ENGINE *impl, const unsigned char *key,
509                        const unsigned char *iv)
510 {
511     return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
512 }
513 
EVP_DecryptInit_ex2(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * cipher,const unsigned char * key,const unsigned char * iv,const OSSL_PARAM params[])514 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
515                         const unsigned char *key, const unsigned char *iv,
516                         const OSSL_PARAM params[])
517 {
518     return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params);
519 }
520 
521 /*
522  * According to the letter of standard difference between pointers
523  * is specified to be valid only within same object. This makes
524  * it formally challenging to determine if input and output buffers
525  * are not partially overlapping with standard pointer arithmetic.
526  */
527 #ifdef PTRDIFF_T
528 # undef PTRDIFF_T
529 #endif
530 #if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
531 /*
532  * Then we have VMS that distinguishes itself by adhering to
533  * sizeof(size_t)==4 even in 64-bit builds, which means that
534  * difference between two pointers might be truncated to 32 bits.
535  * In the context one can even wonder how comparison for
536  * equality is implemented. To be on the safe side we adhere to
537  * PTRDIFF_T even for comparison for equality.
538  */
539 # define PTRDIFF_T uint64_t
540 #else
541 # define PTRDIFF_T size_t
542 #endif
543 
ossl_is_partially_overlapping(const void * ptr1,const void * ptr2,int len)544 int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
545 {
546     PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
547     /*
548      * Check for partially overlapping buffers. [Binary logical
549      * operations are used instead of boolean to minimize number
550      * of conditional branches.]
551      */
552     int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
553                                                 (diff > (0 - (PTRDIFF_T)len)));
554 
555     return overlapped;
556 }
557 
evp_EncryptDecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)558 static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
559                                     unsigned char *out, int *outl,
560                                     const unsigned char *in, int inl)
561 {
562     int i, j, bl, cmpl = inl;
563 
564     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
565         cmpl = (cmpl + 7) / 8;
566 
567     bl = ctx->cipher->block_size;
568 
569     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
570         /* If block size > 1 then the cipher will have to do this check */
571         if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
572             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
573             return 0;
574         }
575 
576         i = ctx->cipher->do_cipher(ctx, out, in, inl);
577         if (i < 0)
578             return 0;
579         else
580             *outl = i;
581         return 1;
582     }
583 
584     if (inl <= 0) {
585         *outl = 0;
586         return inl == 0;
587     }
588     if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
589         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
590         return 0;
591     }
592 
593     if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
594         if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
595             *outl = inl;
596             return 1;
597         } else {
598             *outl = 0;
599             return 0;
600         }
601     }
602     i = ctx->buf_len;
603     OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
604     if (i != 0) {
605         if (bl - i > inl) {
606             memcpy(&(ctx->buf[i]), in, inl);
607             ctx->buf_len += inl;
608             *outl = 0;
609             return 1;
610         } else {
611             j = bl - i;
612 
613             /*
614              * Once we've processed the first j bytes from in, the amount of
615              * data left that is a multiple of the block length is:
616              * (inl - j) & ~(bl - 1)
617              * We must ensure that this amount of data, plus the one block that
618              * we process from ctx->buf does not exceed INT_MAX
619              */
620             if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
621                 ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
622                 return 0;
623             }
624             memcpy(&(ctx->buf[i]), in, j);
625             inl -= j;
626             in += j;
627             if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
628                 return 0;
629             out += bl;
630             *outl = bl;
631         }
632     } else
633         *outl = 0;
634     i = inl & (bl - 1);
635     inl -= i;
636     if (inl > 0) {
637         if (!ctx->cipher->do_cipher(ctx, out, in, inl))
638             return 0;
639         *outl += inl;
640     }
641 
642     if (i != 0)
643         memcpy(ctx->buf, &(in[inl]), i);
644     ctx->buf_len = i;
645     return 1;
646 }
647 
648 
EVP_EncryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)649 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
650                       const unsigned char *in, int inl)
651 {
652     int ret;
653     size_t soutl, inl_ = (size_t)inl;
654     int blocksize;
655 
656     if (outl != NULL) {
657         *outl = 0;
658     } else {
659         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
660         return 0;
661     }
662 
663     /* Prevent accidental use of decryption context when encrypting */
664     if (!ctx->encrypt) {
665         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
666         return 0;
667     }
668 
669     if (ctx->cipher == NULL) {
670         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
671         return 0;
672     }
673 
674     if (ctx->cipher->prov == NULL)
675         goto legacy;
676 
677     blocksize = ctx->cipher->block_size;
678 
679     if (ctx->cipher->cupdate == NULL  || blocksize < 1) {
680         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
681         return 0;
682     }
683 
684     ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
685                                inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
686                                in, inl_);
687 
688     if (ret) {
689         if (soutl > INT_MAX) {
690             ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
691             return 0;
692         }
693         *outl = soutl;
694     }
695 
696     return ret;
697 
698     /* Code below to be removed when legacy support is dropped. */
699  legacy:
700 
701     return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
702 }
703 
EVP_EncryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)704 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
705 {
706     int ret;
707     ret = EVP_EncryptFinal_ex(ctx, out, outl);
708     return ret;
709 }
710 
EVP_EncryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)711 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
712 {
713     int n, ret;
714     unsigned int i, b, bl;
715     size_t soutl;
716     int blocksize;
717 
718     if (outl != NULL) {
719         *outl = 0;
720     } else {
721         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
722         return 0;
723     }
724 
725     /* Prevent accidental use of decryption context when encrypting */
726     if (!ctx->encrypt) {
727         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
728         return 0;
729     }
730 
731     if (ctx->cipher == NULL) {
732         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
733         return 0;
734     }
735     if (ctx->cipher->prov == NULL)
736         goto legacy;
737 
738     blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
739 
740     if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
741         ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
742         return 0;
743     }
744 
745     ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
746                               blocksize == 1 ? 0 : blocksize);
747 
748     if (ret) {
749         if (soutl > INT_MAX) {
750             ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
751             return 0;
752         }
753         *outl = soutl;
754     }
755 
756     return ret;
757 
758     /* Code below to be removed when legacy support is dropped. */
759  legacy:
760 
761     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
762         ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
763         if (ret < 0)
764             return 0;
765         else
766             *outl = ret;
767         return 1;
768     }
769 
770     b = ctx->cipher->block_size;
771     OPENSSL_assert(b <= sizeof(ctx->buf));
772     if (b == 1) {
773         *outl = 0;
774         return 1;
775     }
776     bl = ctx->buf_len;
777     if (ctx->flags & EVP_CIPH_NO_PADDING) {
778         if (bl) {
779             ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
780             return 0;
781         }
782         *outl = 0;
783         return 1;
784     }
785 
786     n = b - bl;
787     for (i = bl; i < b; i++)
788         ctx->buf[i] = n;
789     ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
790 
791     if (ret)
792         *outl = b;
793 
794     return ret;
795 }
796 
EVP_DecryptUpdate(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)797 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
798                       const unsigned char *in, int inl)
799 {
800     int fix_len, cmpl = inl, ret;
801     unsigned int b;
802     size_t soutl, inl_ = (size_t)inl;
803     int blocksize;
804 
805     if (outl != NULL) {
806         *outl = 0;
807     } else {
808         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
809         return 0;
810     }
811 
812     /* Prevent accidental use of encryption context when decrypting */
813     if (ctx->encrypt) {
814         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
815         return 0;
816     }
817 
818     if (ctx->cipher == NULL) {
819         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
820         return 0;
821     }
822     if (ctx->cipher->prov == NULL)
823         goto legacy;
824 
825     blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
826 
827     if (ctx->cipher->cupdate == NULL || blocksize < 1) {
828         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
829         return 0;
830     }
831     ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl,
832                                inl_ + (size_t)(blocksize == 1 ? 0 : blocksize),
833                                in, inl_);
834 
835     if (ret) {
836         if (soutl > INT_MAX) {
837             ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
838             return 0;
839         }
840         *outl = soutl;
841     }
842 
843     return ret;
844 
845     /* Code below to be removed when legacy support is dropped. */
846  legacy:
847 
848     b = ctx->cipher->block_size;
849 
850     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
851         cmpl = (cmpl + 7) / 8;
852 
853     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
854         if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
855             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
856             return 0;
857         }
858 
859         fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
860         if (fix_len < 0) {
861             *outl = 0;
862             return 0;
863         } else
864             *outl = fix_len;
865         return 1;
866     }
867 
868     if (inl <= 0) {
869         *outl = 0;
870         return inl == 0;
871     }
872 
873     if (ctx->flags & EVP_CIPH_NO_PADDING)
874         return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
875 
876     OPENSSL_assert(b <= sizeof(ctx->final));
877 
878     if (ctx->final_used) {
879         /* see comment about PTRDIFF_T comparison above */
880         if (((PTRDIFF_T)out == (PTRDIFF_T)in)
881             || ossl_is_partially_overlapping(out, in, b)) {
882             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
883             return 0;
884         }
885         /*
886          * final_used is only ever set if buf_len is 0. Therefore the maximum
887          * length output we will ever see from evp_EncryptDecryptUpdate is
888          * the maximum multiple of the block length that is <= inl, or just:
889          * inl & ~(b - 1)
890          * Since final_used has been set then the final output length is:
891          * (inl & ~(b - 1)) + b
892          * This must never exceed INT_MAX
893          */
894         if ((inl & ~(b - 1)) > INT_MAX - b) {
895             ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW);
896             return 0;
897         }
898         memcpy(out, ctx->final, b);
899         out += b;
900         fix_len = 1;
901     } else
902         fix_len = 0;
903 
904     if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
905         return 0;
906 
907     /*
908      * if we have 'decrypted' a multiple of block size, make sure we have a
909      * copy of this last block
910      */
911     if (b > 1 && !ctx->buf_len) {
912         *outl -= b;
913         ctx->final_used = 1;
914         memcpy(ctx->final, &out[*outl], b);
915     } else
916         ctx->final_used = 0;
917 
918     if (fix_len)
919         *outl += b;
920 
921     return 1;
922 }
923 
EVP_DecryptFinal(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)924 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
925 {
926     int ret;
927     ret = EVP_DecryptFinal_ex(ctx, out, outl);
928     return ret;
929 }
930 
EVP_DecryptFinal_ex(EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)931 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
932 {
933     int i, n;
934     unsigned int b;
935     size_t soutl;
936     int ret;
937     int blocksize;
938 
939     if (outl != NULL) {
940         *outl = 0;
941     } else {
942         ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
943         return 0;
944     }
945 
946     /* Prevent accidental use of encryption context when decrypting */
947     if (ctx->encrypt) {
948         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION);
949         return 0;
950     }
951 
952     if (ctx->cipher == NULL) {
953         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
954         return 0;
955     }
956 
957     if (ctx->cipher->prov == NULL)
958         goto legacy;
959 
960     blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
961 
962     if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
963         ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
964         return 0;
965     }
966 
967     ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl,
968                               blocksize == 1 ? 0 : blocksize);
969 
970     if (ret) {
971         if (soutl > INT_MAX) {
972             ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
973             return 0;
974         }
975         *outl = soutl;
976     }
977 
978     return ret;
979 
980     /* Code below to be removed when legacy support is dropped. */
981  legacy:
982 
983     *outl = 0;
984     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
985         i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
986         if (i < 0)
987             return 0;
988         else
989             *outl = i;
990         return 1;
991     }
992 
993     b = ctx->cipher->block_size;
994     if (ctx->flags & EVP_CIPH_NO_PADDING) {
995         if (ctx->buf_len) {
996             ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
997             return 0;
998         }
999         *outl = 0;
1000         return 1;
1001     }
1002     if (b > 1) {
1003         if (ctx->buf_len || !ctx->final_used) {
1004             ERR_raise(ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
1005             return 0;
1006         }
1007         OPENSSL_assert(b <= sizeof(ctx->final));
1008 
1009         /*
1010          * The following assumes that the ciphertext has been authenticated.
1011          * Otherwise it provides a padding oracle.
1012          */
1013         n = ctx->final[b - 1];
1014         if (n == 0 || n > (int)b) {
1015             ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
1016             return 0;
1017         }
1018         for (i = 0; i < n; i++) {
1019             if (ctx->final[--b] != n) {
1020                 ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT);
1021                 return 0;
1022             }
1023         }
1024         n = ctx->cipher->block_size - n;
1025         for (i = 0; i < n; i++)
1026             out[i] = ctx->final[i];
1027         *outl = n;
1028     } else
1029         *outl = 0;
1030     return 1;
1031 }
1032 
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int keylen)1033 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
1034 {
1035     if (c->cipher->prov != NULL) {
1036         int ok;
1037         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1038         size_t len = keylen;
1039 
1040         if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1041             return 1;
1042 
1043         /* Check the cipher actually understands this parameter */
1044         if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
1045                                     OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
1046             ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1047             return 0;
1048         }
1049 
1050         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
1051         ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
1052 
1053         return ok > 0 ? 1 : 0;
1054     }
1055 
1056     /* Code below to be removed when legacy support is dropped. */
1057 
1058     /*
1059      * Note there have never been any built-in ciphers that define this flag
1060      * since it was first introduced.
1061      */
1062     if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
1063         return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
1064     if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
1065         return 1;
1066     if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
1067         c->key_len = keylen;
1068         return 1;
1069     }
1070     ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
1071     return 0;
1072 }
1073 
EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX * ctx,int pad)1074 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
1075 {
1076     int ok;
1077     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
1078     unsigned int pd = pad;
1079 
1080     if (pad)
1081         ctx->flags &= ~EVP_CIPH_NO_PADDING;
1082     else
1083         ctx->flags |= EVP_CIPH_NO_PADDING;
1084 
1085     if (ctx->cipher != NULL && ctx->cipher->prov == NULL)
1086         return 1;
1087     params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd);
1088     ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1089 
1090     return ok != 0;
1091 }
1092 
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)1093 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1094 {
1095     int ret = EVP_CTRL_RET_UNSUPPORTED;
1096     int set_params = 1;
1097     size_t sz = arg;
1098     unsigned int i;
1099     OSSL_PARAM params[4] = {
1100         OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
1101     };
1102 
1103     if (ctx == NULL || ctx->cipher == NULL) {
1104         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
1105         return 0;
1106     }
1107 
1108     if (ctx->cipher->prov == NULL)
1109         goto legacy;
1110 
1111     switch (type) {
1112     case EVP_CTRL_SET_KEY_LENGTH:
1113         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz);
1114         break;
1115     case EVP_CTRL_RAND_KEY:      /* Used by DES */
1116         set_params = 0;
1117         params[0] =
1118             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY,
1119                                               ptr, sz);
1120         break;
1121 
1122     case EVP_CTRL_INIT:
1123         /*
1124          * EVP_CTRL_INIT is purely legacy, no provider counterpart.
1125          * As a matter of fact, this should be dead code, but some caller
1126          * might still do a direct control call with this command, so...
1127          * Legacy methods return 1 except for exceptional circumstances, so
1128          * we do the same here to not be disruptive.
1129          */
1130         return 1;
1131     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
1132     default:
1133         goto end;
1134     case EVP_CTRL_AEAD_SET_IVLEN:
1135         if (arg < 0)
1136             return 0;
1137         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1138         ctx->iv_len = -1;
1139         break;
1140     case EVP_CTRL_CCM_SET_L:
1141         if (arg < 2 || arg > 8)
1142             return 0;
1143         sz = 15 - arg;
1144         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz);
1145         ctx->iv_len = -1;
1146         break;
1147     case EVP_CTRL_AEAD_SET_IV_FIXED:
1148         params[0] = OSSL_PARAM_construct_octet_string(
1149                         OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz);
1150         break;
1151     case EVP_CTRL_GCM_IV_GEN:
1152         set_params = 0;
1153         if (arg < 0)
1154             sz = 0; /* special case that uses the iv length */
1155         params[0] = OSSL_PARAM_construct_octet_string(
1156                         OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz);
1157         break;
1158     case EVP_CTRL_GCM_SET_IV_INV:
1159         if (arg < 0)
1160             return 0;
1161         params[0] = OSSL_PARAM_construct_octet_string(
1162                         OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz);
1163         break;
1164     case EVP_CTRL_GET_RC5_ROUNDS:
1165         set_params = 0; /* Fall thru */
1166     case EVP_CTRL_SET_RC5_ROUNDS:
1167         if (arg < 0)
1168             return 0;
1169         i = (unsigned int)arg;
1170         params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i);
1171         break;
1172     case EVP_CTRL_SET_SPEED:
1173         if (arg < 0)
1174             return 0;
1175         i = (unsigned int)arg;
1176         params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_SPEED, &i);
1177         break;
1178     case EVP_CTRL_AEAD_GET_TAG:
1179         set_params = 0; /* Fall thru */
1180     case EVP_CTRL_AEAD_SET_TAG:
1181         params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
1182                                                       ptr, sz);
1183         break;
1184     case EVP_CTRL_AEAD_TLS1_AAD:
1185         /* This one does a set and a get - since it returns a size */
1186         params[0] =
1187             OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD,
1188                                               ptr, sz);
1189         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1190         if (ret <= 0)
1191             goto end;
1192         params[0] =
1193             OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
1194         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1195         if (ret <= 0)
1196             goto end;
1197         return sz;
1198 #ifndef OPENSSL_NO_RC2
1199     case EVP_CTRL_GET_RC2_KEY_BITS:
1200         set_params = 0; /* Fall thru */
1201     case EVP_CTRL_SET_RC2_KEY_BITS:
1202         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz);
1203         break;
1204 #endif /* OPENSSL_NO_RC2 */
1205 #if !defined(OPENSSL_NO_MULTIBLOCK)
1206     case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
1207         params[0] = OSSL_PARAM_construct_size_t(
1208                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz);
1209         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1210         if (ret <= 0)
1211             return 0;
1212 
1213         params[0] = OSSL_PARAM_construct_size_t(
1214                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz);
1215         params[1] = OSSL_PARAM_construct_end();
1216         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1217         if (ret <= 0)
1218             return 0;
1219         return sz;
1220     case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: {
1221         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1222             (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1223 
1224         if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
1225             return 0;
1226 
1227         params[0] = OSSL_PARAM_construct_octet_string(
1228                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len);
1229         params[1] = OSSL_PARAM_construct_uint(
1230                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1231         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1232         if (ret <= 0)
1233             return ret;
1234         /* Retrieve the return values changed by the set */
1235         params[0] = OSSL_PARAM_construct_size_t(
1236                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz);
1237         params[1] = OSSL_PARAM_construct_uint(
1238                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1239         params[2] = OSSL_PARAM_construct_end();
1240         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1241         if (ret <= 0)
1242             return 0;
1243         return sz;
1244     }
1245     case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: {
1246         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p =
1247             (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr;
1248 
1249         params[0] = OSSL_PARAM_construct_octet_string(
1250                         OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len);
1251 
1252         params[1] = OSSL_PARAM_construct_octet_string(
1253                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp,
1254                 p->len);
1255         params[2] = OSSL_PARAM_construct_uint(
1256                 OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave);
1257         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1258         if (ret <= 0)
1259             return ret;
1260         params[0] = OSSL_PARAM_construct_size_t(
1261                         OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz);
1262         params[1] = OSSL_PARAM_construct_end();
1263         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1264         if (ret <= 0)
1265             return 0;
1266         return sz;
1267     }
1268 #endif /* OPENSSL_NO_MULTIBLOCK */
1269     case EVP_CTRL_AEAD_SET_MAC_KEY:
1270         if (arg < 0)
1271             return -1;
1272         params[0] = OSSL_PARAM_construct_octet_string(
1273                 OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz);
1274         break;
1275     }
1276 
1277     if (set_params)
1278         ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params);
1279     else
1280         ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params);
1281     goto end;
1282 
1283     /* Code below to be removed when legacy support is dropped. */
1284 legacy:
1285     if (ctx->cipher->ctrl == NULL) {
1286         ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED);
1287         return 0;
1288     }
1289 
1290     ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
1291 
1292  end:
1293     if (ret == EVP_CTRL_RET_UNSUPPORTED) {
1294         ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
1295         return 0;
1296     }
1297     return ret;
1298 }
1299 
EVP_CIPHER_get_params(EVP_CIPHER * cipher,OSSL_PARAM params[])1300 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
1301 {
1302     if (cipher != NULL && cipher->get_params != NULL)
1303         return cipher->get_params(params);
1304     return 0;
1305 }
1306 
EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX * ctx,const OSSL_PARAM params[])1307 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
1308 {
1309     if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) {
1310         ctx->iv_len = -1;
1311         return ctx->cipher->set_ctx_params(ctx->algctx, params);
1312     }
1313     return 0;
1314 }
1315 
EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX * ctx,OSSL_PARAM params[])1316 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
1317 {
1318     if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL)
1319         return ctx->cipher->get_ctx_params(ctx->algctx, params);
1320     return 0;
1321 }
1322 
EVP_CIPHER_gettable_params(const EVP_CIPHER * cipher)1323 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
1324 {
1325     if (cipher != NULL && cipher->gettable_params != NULL)
1326         return cipher->gettable_params(
1327                    ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)));
1328     return NULL;
1329 }
1330 
EVP_CIPHER_settable_ctx_params(const EVP_CIPHER * cipher)1331 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher)
1332 {
1333     void *provctx;
1334 
1335     if (cipher != NULL && cipher->settable_ctx_params != NULL) {
1336         provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1337         return cipher->settable_ctx_params(NULL, provctx);
1338     }
1339     return NULL;
1340 }
1341 
EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER * cipher)1342 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher)
1343 {
1344     void *provctx;
1345 
1346     if (cipher != NULL && cipher->gettable_ctx_params != NULL) {
1347         provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
1348         return cipher->gettable_ctx_params(NULL, provctx);
1349     }
1350     return NULL;
1351 }
1352 
EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX * cctx)1353 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx)
1354 {
1355     void *alg;
1356 
1357     if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) {
1358         alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1359         return cctx->cipher->settable_ctx_params(cctx->algctx, alg);
1360     }
1361     return NULL;
1362 }
1363 
EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX * cctx)1364 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx)
1365 {
1366     void *provctx;
1367 
1368     if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) {
1369         provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
1370         return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx);
1371     }
1372     return NULL;
1373 }
1374 
1375 #ifndef FIPS_MODULE
EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX * ctx)1376 static OSSL_LIB_CTX *EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX *ctx)
1377 {
1378     const EVP_CIPHER *cipher = ctx->cipher;
1379     const OSSL_PROVIDER *prov;
1380 
1381     if (cipher == NULL)
1382         return NULL;
1383 
1384     prov = EVP_CIPHER_get0_provider(cipher);
1385     return ossl_provider_libctx(prov);
1386 }
1387 #endif
1388 
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,unsigned char * key)1389 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
1390 {
1391     if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1392         return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1393 
1394 #ifdef FIPS_MODULE
1395     return 0;
1396 #else
1397     {
1398         int kl;
1399         OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
1400 
1401         kl = EVP_CIPHER_CTX_get_key_length(ctx);
1402         if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
1403             return 0;
1404         return 1;
1405     }
1406 #endif /* FIPS_MODULE */
1407 }
1408 
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * out,const EVP_CIPHER_CTX * in)1409 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
1410 {
1411     if ((in == NULL) || (in->cipher == NULL)) {
1412         ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED);
1413         return 0;
1414     }
1415 
1416     if (in->cipher->prov == NULL)
1417         goto legacy;
1418 
1419     if (in->cipher->dupctx == NULL) {
1420         ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1421         return 0;
1422     }
1423 
1424     EVP_CIPHER_CTX_reset(out);
1425 
1426     *out = *in;
1427     out->algctx = NULL;
1428 
1429     if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) {
1430         out->fetched_cipher = NULL;
1431         return 0;
1432     }
1433 
1434     out->algctx = in->cipher->dupctx(in->algctx);
1435     if (out->algctx == NULL) {
1436         ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX);
1437         return 0;
1438     }
1439 
1440     return 1;
1441 
1442     /* Code below to be removed when legacy support is dropped. */
1443  legacy:
1444 
1445 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
1446     /* Make sure it's safe to copy a cipher context using an ENGINE */
1447     if (in->engine && !ENGINE_init(in->engine)) {
1448         ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB);
1449         return 0;
1450     }
1451 #endif
1452 
1453     EVP_CIPHER_CTX_reset(out);
1454     memcpy(out, in, sizeof(*out));
1455 
1456     if (in->cipher_data && in->cipher->ctx_size) {
1457         out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
1458         if (out->cipher_data == NULL) {
1459             out->cipher = NULL;
1460             ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
1461             return 0;
1462         }
1463         memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
1464     }
1465 
1466     if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
1467         if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
1468             out->cipher = NULL;
1469             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
1470             return 0;
1471         }
1472     return 1;
1473 }
1474 
evp_cipher_new(void)1475 EVP_CIPHER *evp_cipher_new(void)
1476 {
1477     EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
1478 
1479     if (cipher != NULL) {
1480         cipher->lock = CRYPTO_THREAD_lock_new();
1481         if (cipher->lock == NULL) {
1482             OPENSSL_free(cipher);
1483             return NULL;
1484         }
1485         cipher->refcnt = 1;
1486     }
1487     return cipher;
1488 }
1489 
1490 /*
1491  * FIPS module note: since internal fetches will be entirely
1492  * provider based, we know that none of its code depends on legacy
1493  * NIDs or any functionality that use them.
1494  */
1495 #ifndef FIPS_MODULE
1496 /* After removal of legacy support get rid of the need for legacy NIDs */
set_legacy_nid(const char * name,void * vlegacy_nid)1497 static void set_legacy_nid(const char *name, void *vlegacy_nid)
1498 {
1499     int nid;
1500     int *legacy_nid = vlegacy_nid;
1501     /*
1502      * We use lowest level function to get the associated method, because
1503      * higher level functions such as EVP_get_cipherbyname() have changed
1504      * to look at providers too.
1505      */
1506     const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
1507 
1508     if (*legacy_nid == -1)       /* We found a clash already */
1509         return;
1510     if (legacy_method == NULL)
1511         return;
1512     nid = EVP_CIPHER_get_nid(legacy_method);
1513     if (*legacy_nid != NID_undef && *legacy_nid != nid) {
1514         *legacy_nid = -1;
1515         return;
1516     }
1517     *legacy_nid = nid;
1518 }
1519 #endif
1520 
evp_cipher_from_algorithm(const int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)1521 static void *evp_cipher_from_algorithm(const int name_id,
1522                                        const OSSL_ALGORITHM *algodef,
1523                                        OSSL_PROVIDER *prov)
1524 {
1525     const OSSL_DISPATCH *fns = algodef->implementation;
1526     EVP_CIPHER *cipher = NULL;
1527     int fnciphcnt = 0, fnctxcnt = 0;
1528 
1529     if ((cipher = evp_cipher_new()) == NULL) {
1530         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
1531         return NULL;
1532     }
1533 
1534 #ifndef FIPS_MODULE
1535     cipher->nid = NID_undef;
1536     if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid)
1537             || cipher->nid == -1) {
1538         ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
1539         EVP_CIPHER_free(cipher);
1540         return NULL;
1541     }
1542 #endif
1543 
1544     cipher->name_id = name_id;
1545     if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
1546         EVP_CIPHER_free(cipher);
1547         return NULL;
1548     }
1549     cipher->description = algodef->algorithm_description;
1550 
1551     for (; fns->function_id != 0; fns++) {
1552         switch (fns->function_id) {
1553         case OSSL_FUNC_CIPHER_NEWCTX:
1554             if (cipher->newctx != NULL)
1555                 break;
1556             cipher->newctx = OSSL_FUNC_cipher_newctx(fns);
1557             fnctxcnt++;
1558             break;
1559         case OSSL_FUNC_CIPHER_ENCRYPT_INIT:
1560             if (cipher->einit != NULL)
1561                 break;
1562             cipher->einit = OSSL_FUNC_cipher_encrypt_init(fns);
1563             fnciphcnt++;
1564             break;
1565         case OSSL_FUNC_CIPHER_DECRYPT_INIT:
1566             if (cipher->dinit != NULL)
1567                 break;
1568             cipher->dinit = OSSL_FUNC_cipher_decrypt_init(fns);
1569             fnciphcnt++;
1570             break;
1571         case OSSL_FUNC_CIPHER_UPDATE:
1572             if (cipher->cupdate != NULL)
1573                 break;
1574             cipher->cupdate = OSSL_FUNC_cipher_update(fns);
1575             fnciphcnt++;
1576             break;
1577         case OSSL_FUNC_CIPHER_FINAL:
1578             if (cipher->cfinal != NULL)
1579                 break;
1580             cipher->cfinal = OSSL_FUNC_cipher_final(fns);
1581             fnciphcnt++;
1582             break;
1583         case OSSL_FUNC_CIPHER_CIPHER:
1584             if (cipher->ccipher != NULL)
1585                 break;
1586             cipher->ccipher = OSSL_FUNC_cipher_cipher(fns);
1587             break;
1588         case OSSL_FUNC_CIPHER_FREECTX:
1589             if (cipher->freectx != NULL)
1590                 break;
1591             cipher->freectx = OSSL_FUNC_cipher_freectx(fns);
1592             fnctxcnt++;
1593             break;
1594         case OSSL_FUNC_CIPHER_DUPCTX:
1595             if (cipher->dupctx != NULL)
1596                 break;
1597             cipher->dupctx = OSSL_FUNC_cipher_dupctx(fns);
1598             break;
1599         case OSSL_FUNC_CIPHER_GET_PARAMS:
1600             if (cipher->get_params != NULL)
1601                 break;
1602             cipher->get_params = OSSL_FUNC_cipher_get_params(fns);
1603             break;
1604         case OSSL_FUNC_CIPHER_GET_CTX_PARAMS:
1605             if (cipher->get_ctx_params != NULL)
1606                 break;
1607             cipher->get_ctx_params = OSSL_FUNC_cipher_get_ctx_params(fns);
1608             break;
1609         case OSSL_FUNC_CIPHER_SET_CTX_PARAMS:
1610             if (cipher->set_ctx_params != NULL)
1611                 break;
1612             cipher->set_ctx_params = OSSL_FUNC_cipher_set_ctx_params(fns);
1613             break;
1614         case OSSL_FUNC_CIPHER_GETTABLE_PARAMS:
1615             if (cipher->gettable_params != NULL)
1616                 break;
1617             cipher->gettable_params = OSSL_FUNC_cipher_gettable_params(fns);
1618             break;
1619         case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS:
1620             if (cipher->gettable_ctx_params != NULL)
1621                 break;
1622             cipher->gettable_ctx_params =
1623                 OSSL_FUNC_cipher_gettable_ctx_params(fns);
1624             break;
1625         case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS:
1626             if (cipher->settable_ctx_params != NULL)
1627                 break;
1628             cipher->settable_ctx_params =
1629                 OSSL_FUNC_cipher_settable_ctx_params(fns);
1630             break;
1631         }
1632     }
1633     if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
1634             || (fnciphcnt == 0 && cipher->ccipher == NULL)
1635             || fnctxcnt != 2) {
1636         /*
1637          * In order to be a consistent set of functions we must have at least
1638          * a complete set of "encrypt" functions, or a complete set of "decrypt"
1639          * functions, or a single "cipher" function. In all cases we need both
1640          * the "newctx" and "freectx" functions.
1641          */
1642         EVP_CIPHER_free(cipher);
1643         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
1644         return NULL;
1645     }
1646     cipher->prov = prov;
1647     if (prov != NULL)
1648         ossl_provider_up_ref(prov);
1649 
1650     if (!evp_cipher_cache_constants(cipher)) {
1651         EVP_CIPHER_free(cipher);
1652         ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED);
1653         cipher = NULL;
1654     }
1655 
1656     return cipher;
1657 }
1658 
evp_cipher_up_ref(void * cipher)1659 static int evp_cipher_up_ref(void *cipher)
1660 {
1661     return EVP_CIPHER_up_ref(cipher);
1662 }
1663 
evp_cipher_free(void * cipher)1664 static void evp_cipher_free(void *cipher)
1665 {
1666     EVP_CIPHER_free(cipher);
1667 }
1668 
EVP_CIPHER_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)1669 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
1670                              const char *properties)
1671 {
1672     EVP_CIPHER *cipher =
1673         evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties,
1674                           evp_cipher_from_algorithm, evp_cipher_up_ref,
1675                           evp_cipher_free);
1676 
1677     return cipher;
1678 }
1679 
EVP_CIPHER_up_ref(EVP_CIPHER * cipher)1680 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher)
1681 {
1682     int ref = 0;
1683 
1684     if (cipher->origin == EVP_ORIG_DYNAMIC)
1685         CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
1686     return 1;
1687 }
1688 
evp_cipher_free_int(EVP_CIPHER * cipher)1689 void evp_cipher_free_int(EVP_CIPHER *cipher)
1690 {
1691     OPENSSL_free(cipher->type_name);
1692     ossl_provider_free(cipher->prov);
1693     CRYPTO_THREAD_lock_free(cipher->lock);
1694     OPENSSL_free(cipher);
1695 }
1696 
EVP_CIPHER_free(EVP_CIPHER * cipher)1697 void EVP_CIPHER_free(EVP_CIPHER *cipher)
1698 {
1699     int i;
1700 
1701     if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC)
1702         return;
1703 
1704     CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
1705     if (i > 0)
1706         return;
1707     evp_cipher_free_int(cipher);
1708 }
1709 
EVP_CIPHER_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_CIPHER * mac,void * arg),void * arg)1710 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
1711                                 void (*fn)(EVP_CIPHER *mac, void *arg),
1712                                 void *arg)
1713 {
1714     evp_generic_do_all(libctx, OSSL_OP_CIPHER,
1715                        (void (*)(void *, void *))fn, arg,
1716                        evp_cipher_from_algorithm, evp_cipher_up_ref,
1717                        evp_cipher_free);
1718 }
1719