1 /* $NetBSD: evp.c,v 1.3 2023/06/19 21:41:43 christos Exp $ */
2
3 /*
4 * Copyright (c) 2006 - 2016 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #ifdef HAVE_CONFIG_H
37 #include <config.h>
38 #endif
39 #include <krb5/roken.h>
40
41 #define HC_DEPRECATED
42 #define HC_DEPRECATED_CRYPTO
43
44 #include <assert.h>
45
46 #include <evp.h>
47 #include <evp-hcrypto.h>
48 #include <evp-cc.h>
49 #if defined(_WIN32)
50 #include <evp-w32.h>
51 #endif
52 #include <evp-pkcs11.h>
53 #include <evp-openssl.h>
54
55 #include <krb5/krb5-types.h>
56
57 #ifndef HCRYPTO_DEF_PROVIDER
58 # ifdef __APPLE__
59 # define HCRYPTO_DEF_PROVIDER cc
60 # elif __sun
61 # define HCRYPTO_DEF_PROVIDER pkcs11_hcrypto
62 # elif HAVE_HCRYPTO_W_OPENSSL
63 # define HCRYPTO_DEF_PROVIDER ossl
64 # else
65 # define HCRYPTO_DEF_PROVIDER hcrypto
66 # endif
67 #endif
68
69 #define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa
70
71
72 #define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)()
73
74 /**
75 * @page page_evp EVP - generic crypto interface
76 *
77 * See the library functions here: @ref hcrypto_evp
78 *
79 * @section evp_cipher EVP Cipher
80 *
81 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to
82 * understand forward, then EVP_CipherUpdate() and
83 * EVP_CipherFinal_ex() really needs an example to explain @ref
84 * example_evp_cipher.c .
85 *
86 * @example example_evp_cipher.c
87 *
88 * This is an example how to use EVP_CipherInit_ex(),
89 * EVP_CipherUpdate() and EVP_CipherFinal_ex().
90 */
91
92 struct hc_EVP_MD_CTX {
93 const EVP_MD *md;
94 ENGINE *engine;
95 void *ptr;
96 };
97
98
99 /**
100 * Return the output size of the message digest function.
101 *
102 * @param md the evp message
103 *
104 * @return size output size of the message digest function.
105 *
106 * @ingroup hcrypto_evp
107 */
108
109 size_t
EVP_MD_size(const EVP_MD * md)110 EVP_MD_size(const EVP_MD *md)
111 {
112 return md->hash_size;
113 }
114
115 /**
116 * Return the blocksize of the message digest function.
117 *
118 * @param md the evp message
119 *
120 * @return size size of the message digest block size
121 *
122 * @ingroup hcrypto_evp
123 */
124
125 size_t
EVP_MD_block_size(const EVP_MD * md)126 EVP_MD_block_size(const EVP_MD *md)
127 {
128 return md->block_size;
129 }
130
131 /**
132 * Allocate a messsage digest context object. Free with
133 * EVP_MD_CTX_destroy().
134 *
135 * @return a newly allocated message digest context object.
136 *
137 * @ingroup hcrypto_evp
138 */
139
140 EVP_MD_CTX *
EVP_MD_CTX_create(void)141 EVP_MD_CTX_create(void)
142 {
143 return calloc(1, sizeof(EVP_MD_CTX));
144 }
145
146 /**
147 * Initiate a messsage digest context object. Deallocate with
148 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead.
149 *
150 * @param ctx variable to initiate.
151 *
152 * @ingroup hcrypto_evp
153 */
154
155 void
EVP_MD_CTX_init(EVP_MD_CTX * ctx)156 EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED
157 {
158 memset(ctx, 0, sizeof(*ctx));
159 }
160
161 /**
162 * Free a messsage digest context object.
163 *
164 * @param ctx context to free.
165 *
166 * @ingroup hcrypto_evp
167 */
168
169 void
EVP_MD_CTX_destroy(EVP_MD_CTX * ctx)170 EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
171 {
172 EVP_MD_CTX_cleanup(ctx);
173 free(ctx);
174 }
175
176 /**
177 * Free the resources used by the EVP_MD context.
178 *
179 * @param ctx the context to free the resources from.
180 *
181 * @return 1 on success.
182 *
183 * @ingroup hcrypto_evp
184 */
185
186 int
EVP_MD_CTX_cleanup(EVP_MD_CTX * ctx)187 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED
188 {
189 if (ctx->md && ctx->md->cleanup) {
190 int ret = (ctx->md->cleanup)(ctx->ptr);
191 if (!ret)
192 return ret;
193 } else if (ctx->md) {
194 memset(ctx->ptr, 0, ctx->md->ctx_size);
195 }
196 ctx->md = NULL;
197 ctx->engine = NULL;
198 free(ctx->ptr);
199 memset(ctx, 0, sizeof(*ctx));
200 return 1;
201 }
202
203 /**
204 * Get the EVP_MD use for a specified context.
205 *
206 * @param ctx the EVP_MD context to get the EVP_MD for.
207 *
208 * @return the EVP_MD used for the context.
209 *
210 * @ingroup hcrypto_evp
211 */
212
213 const EVP_MD *
EVP_MD_CTX_md(EVP_MD_CTX * ctx)214 EVP_MD_CTX_md(EVP_MD_CTX *ctx)
215 {
216 return ctx->md;
217 }
218
219 /**
220 * Return the output size of the message digest function.
221 *
222 * @param ctx the evp message digest context
223 *
224 * @return size output size of the message digest function.
225 *
226 * @ingroup hcrypto_evp
227 */
228
229 size_t
EVP_MD_CTX_size(EVP_MD_CTX * ctx)230 EVP_MD_CTX_size(EVP_MD_CTX *ctx)
231 {
232 return EVP_MD_size(ctx->md);
233 }
234
235 /**
236 * Return the blocksize of the message digest function.
237 *
238 * @param ctx the evp message digest context
239 *
240 * @return size size of the message digest block size
241 *
242 * @ingroup hcrypto_evp
243 */
244
245 size_t
EVP_MD_CTX_block_size(EVP_MD_CTX * ctx)246 EVP_MD_CTX_block_size(EVP_MD_CTX *ctx)
247 {
248 return EVP_MD_block_size(ctx->md);
249 }
250
251 /**
252 * Init a EVP_MD_CTX for use a specific message digest and engine.
253 *
254 * @param ctx the message digest context to init.
255 * @param md the message digest to use.
256 * @param engine the engine to use, NULL to use the default engine.
257 *
258 * @return 1 on success.
259 *
260 * @ingroup hcrypto_evp
261 */
262
263 int
EVP_DigestInit_ex(EVP_MD_CTX * ctx,const EVP_MD * md,ENGINE * engine)264 EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)
265 {
266 if (ctx->md != md || ctx->engine != engine) {
267 EVP_MD_CTX_cleanup(ctx);
268 ctx->md = md;
269 ctx->engine = engine;
270 if (md == NULL)
271 return 0;
272
273 ctx->ptr = calloc(1, md->ctx_size);
274 if (ctx->ptr == NULL)
275 return 0;
276 }
277 if (ctx->md == 0)
278 return 0;
279 return (ctx->md->init)(ctx->ptr);
280 }
281
282 /**
283 * Update the digest with some data.
284 *
285 * @param ctx the context to update
286 * @param data the data to update the context with
287 * @param size length of data
288 *
289 * @return 1 on success.
290 *
291 * @ingroup hcrypto_evp
292 */
293
294 int
EVP_DigestUpdate(EVP_MD_CTX * ctx,const void * data,size_t size)295 EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size)
296 {
297 (ctx->md->update)(ctx->ptr, data, size);
298 return 1;
299 }
300
301 /**
302 * Complete the message digest.
303 *
304 * @param ctx the context to complete.
305 * @param hash the output of the message digest function. At least
306 * EVP_MD_size().
307 * @param size the output size of hash.
308 *
309 * @return 1 on success.
310 *
311 * @ingroup hcrypto_evp
312 */
313
314 int
EVP_DigestFinal_ex(EVP_MD_CTX * ctx,void * hash,unsigned int * size)315 EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size)
316 {
317 (ctx->md->final)(hash, ctx->ptr);
318 if (size)
319 *size = ctx->md->hash_size;
320 return 1;
321 }
322
323 /**
324 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(),
325 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy()
326 * dance in one call.
327 *
328 * @param data the data to update the context with
329 * @param dsize length of data
330 * @param hash output data of at least EVP_MD_size() length.
331 * @param hsize output length of hash.
332 * @param md message digest to use
333 * @param engine engine to use, NULL for default engine.
334 *
335 * @return 1 on success.
336 *
337 * @ingroup hcrypto_evp
338 */
339
340 int
EVP_Digest(const void * data,size_t dsize,void * hash,unsigned int * hsize,const EVP_MD * md,ENGINE * engine)341 EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
342 const EVP_MD *md, ENGINE *engine)
343 {
344 EVP_MD_CTX *ctx;
345 int ret;
346
347 ctx = EVP_MD_CTX_create();
348 if (ctx == NULL)
349 return 0;
350 ret = EVP_DigestInit_ex(ctx, md, engine);
351 if (ret != 1) {
352 EVP_MD_CTX_destroy(ctx);
353 return ret;
354 }
355 ret = EVP_DigestUpdate(ctx, data, dsize);
356 if (ret != 1) {
357 EVP_MD_CTX_destroy(ctx);
358 return ret;
359 }
360 ret = EVP_DigestFinal_ex(ctx, hash, hsize);
361 EVP_MD_CTX_destroy(ctx);
362 return ret;
363 }
364
365 /**
366 * The message digest SHA256
367 *
368 * @return the message digest type.
369 *
370 * @ingroup hcrypto_evp
371 */
372
373 const EVP_MD *
EVP_sha256(void)374 EVP_sha256(void)
375 {
376 hcrypto_validate();
377 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256);
378 }
379
380 /**
381 * The message digest SHA384
382 *
383 * @return the message digest type.
384 *
385 * @ingroup hcrypto_evp
386 */
387
388 const EVP_MD *
EVP_sha384(void)389 EVP_sha384(void)
390 {
391 hcrypto_validate();
392 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha384);
393 }
394
395 /**
396 * The message digest SHA512
397 *
398 * @return the message digest type.
399 *
400 * @ingroup hcrypto_evp
401 */
402
403 const EVP_MD *
EVP_sha512(void)404 EVP_sha512(void)
405 {
406 hcrypto_validate();
407 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha512);
408 }
409
410 /**
411 * The message digest SHA1
412 *
413 * @return the message digest type.
414 *
415 * @ingroup hcrypto_evp
416 */
417
418 const EVP_MD *
EVP_sha1(void)419 EVP_sha1(void)
420 {
421 hcrypto_validate();
422 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1);
423 }
424
425 /**
426 * The message digest SHA1
427 *
428 * @return the message digest type.
429 *
430 * @ingroup hcrypto_evp
431 */
432
433 const EVP_MD *
EVP_sha(void)434 EVP_sha(void) HC_DEPRECATED
435
436 {
437 hcrypto_validate();
438 return EVP_sha1();
439 }
440
441 /**
442 * The message digest MD5
443 *
444 * @return the message digest type.
445 *
446 * @ingroup hcrypto_evp
447 */
448
449 const EVP_MD *
EVP_md5(void)450 EVP_md5(void) HC_DEPRECATED_CRYPTO
451 {
452 hcrypto_validate();
453 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5);
454 }
455
456 /**
457 * The message digest MD4
458 *
459 * @return the message digest type.
460 *
461 * @ingroup hcrypto_evp
462 */
463
464 const EVP_MD *
EVP_md4(void)465 EVP_md4(void) HC_DEPRECATED_CRYPTO
466 {
467 hcrypto_validate();
468 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4);
469 }
470
471 /*
472 *
473 */
474
475 static int
null_Init(void * m)476 null_Init (void *m)
477 {
478 return -1;
479 }
480 static int
null_Update(void * m,const void * data,size_t size)481 null_Update (void *m, const void * data, size_t size)
482 {
483 return -1;
484 }
485 static int
null_Final(void * res,void * m)486 null_Final(void *res, void *m)
487 {
488 return -1;
489 }
490
491 /**
492 * The null message digest
493 *
494 * @return the message digest type.
495 *
496 * @ingroup hcrypto_evp
497 */
498
499 const EVP_MD *
EVP_md_null(void)500 EVP_md_null(void)
501 {
502 static const struct hc_evp_md null = {
503 0,
504 0,
505 0,
506 (hc_evp_md_init)null_Init,
507 (hc_evp_md_update)null_Update,
508 (hc_evp_md_final)null_Final,
509 NULL
510 };
511 return &null;
512 }
513
514 /**
515 * Return the block size of the cipher.
516 *
517 * @param c cipher to get the block size from.
518 *
519 * @return the block size of the cipher.
520 *
521 * @ingroup hcrypto_evp
522 */
523
524 size_t
EVP_CIPHER_block_size(const EVP_CIPHER * c)525 EVP_CIPHER_block_size(const EVP_CIPHER *c)
526 {
527 return c->block_size;
528 }
529
530 /**
531 * Return the key size of the cipher.
532 *
533 * @param c cipher to get the key size from.
534 *
535 * @return the key size of the cipher.
536 *
537 * @ingroup hcrypto_evp
538 */
539
540 size_t
EVP_CIPHER_key_length(const EVP_CIPHER * c)541 EVP_CIPHER_key_length(const EVP_CIPHER *c)
542 {
543 return c->key_len;
544 }
545
546 /**
547 * Return the IV size of the cipher.
548 *
549 * @param c cipher to get the IV size from.
550 *
551 * @return the IV size of the cipher.
552 *
553 * @ingroup hcrypto_evp
554 */
555
556 size_t
EVP_CIPHER_iv_length(const EVP_CIPHER * c)557 EVP_CIPHER_iv_length(const EVP_CIPHER *c)
558 {
559 return c->iv_len;
560 }
561
562 /**
563 * Initiate a EVP_CIPHER_CTX context. Clean up with
564 * EVP_CIPHER_CTX_cleanup().
565 *
566 * @param c the cipher initiate.
567 *
568 * @ingroup hcrypto_evp
569 */
570
571 void
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX * c)572 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c)
573 {
574 memset(c, 0, sizeof(*c));
575 }
576
577 /**
578 * Clean up the EVP_CIPHER_CTX context.
579 *
580 * @param c the cipher to clean up.
581 *
582 * @return 1 on success.
583 *
584 * @ingroup hcrypto_evp
585 */
586
587 int
EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX * c)588 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
589 {
590 if (c->cipher && c->cipher->cleanup) {
591 int ret = c->cipher->cleanup(c);
592 if (!ret)
593 return ret;
594 }
595 if (c->cipher_data) {
596 if (c->cipher)
597 memset(c->cipher_data, 0, c->cipher->ctx_size);
598 free(c->cipher_data);
599 c->cipher_data = NULL;
600 }
601 return 1;
602 }
603
604 /**
605 * If the cipher type supports it, change the key length
606 *
607 * @param c the cipher context to change the key length for
608 * @param length new key length
609 *
610 * @return 1 on success.
611 *
612 * @ingroup hcrypto_evp
613 */
614
615 int
EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX * c,int length)616 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length)
617 {
618 if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) {
619 c->key_len = length;
620 return 1;
621 }
622 return 0;
623 }
624
625 #if 0
626 int
627 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
628 {
629 return 0;
630 }
631 #endif
632
633 /**
634 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context.
635 *
636 * @param ctx the context to get the cipher type from.
637 *
638 * @return the EVP_CIPHER pointer.
639 *
640 * @ingroup hcrypto_evp
641 */
642
643 const EVP_CIPHER *
EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX * ctx)644 EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx)
645 {
646 return ctx->cipher;
647 }
648
649 /**
650 * Return the block size of the cipher context.
651 *
652 * @param ctx cipher context to get the block size from.
653 *
654 * @return the block size of the cipher context.
655 *
656 * @ingroup hcrypto_evp
657 */
658
659 size_t
EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX * ctx)660 EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
661 {
662 return EVP_CIPHER_block_size(ctx->cipher);
663 }
664
665 /**
666 * Return the key size of the cipher context.
667 *
668 * @param ctx cipher context to get the key size from.
669 *
670 * @return the key size of the cipher context.
671 *
672 * @ingroup hcrypto_evp
673 */
674
675 size_t
EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX * ctx)676 EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
677 {
678 return EVP_CIPHER_key_length(ctx->cipher);
679 }
680
681 /**
682 * Return the IV size of the cipher context.
683 *
684 * @param ctx cipher context to get the IV size from.
685 *
686 * @return the IV size of the cipher context.
687 *
688 * @ingroup hcrypto_evp
689 */
690
691 size_t
EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX * ctx)692 EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
693 {
694 return EVP_CIPHER_iv_length(ctx->cipher);
695 }
696
697 /**
698 * Get the flags for an EVP_CIPHER_CTX context.
699 *
700 * @param ctx the EVP_CIPHER_CTX to get the flags from
701 *
702 * @return the flags for an EVP_CIPHER_CTX.
703 *
704 * @ingroup hcrypto_evp
705 */
706
707 unsigned long
EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX * ctx)708 EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
709 {
710 return ctx->cipher->flags;
711 }
712
713 /**
714 * Get the mode for an EVP_CIPHER_CTX context.
715 *
716 * @param ctx the EVP_CIPHER_CTX to get the mode from
717 *
718 * @return the mode for an EVP_CIPHER_CTX.
719 *
720 * @ingroup hcrypto_evp
721 */
722
723 int
EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX * ctx)724 EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx)
725 {
726 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE;
727 }
728
729 /**
730 * Get the app data for an EVP_CIPHER_CTX context.
731 *
732 * @param ctx the EVP_CIPHER_CTX to get the app data from
733 *
734 * @return the app data for an EVP_CIPHER_CTX.
735 *
736 * @ingroup hcrypto_evp
737 */
738
739 void *
EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX * ctx)740 EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx)
741 {
742 return ctx->app_data;
743 }
744
745 /**
746 * Set the app data for an EVP_CIPHER_CTX context.
747 *
748 * @param ctx the EVP_CIPHER_CTX to set the app data for
749 * @param data the app data to set for an EVP_CIPHER_CTX.
750 *
751 * @ingroup hcrypto_evp
752 */
753
754 void
EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX * ctx,void * data)755 EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
756 {
757 ctx->app_data = data;
758 }
759
760 /**
761 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data.
762 * Clean up with EVP_CIPHER_CTX_cleanup().
763 *
764 * @param ctx context to initiate
765 * @param c cipher to use.
766 * @param engine crypto engine to use, NULL to select default.
767 * @param key the crypto key to use, NULL will use the previous value.
768 * @param iv the IV to use, NULL will use the previous value.
769 * @param encp non zero will encrypt, -1 use the previous value.
770 *
771 * @return 1 on success.
772 *
773 * @ingroup hcrypto_evp
774 */
775
776 int
EVP_CipherInit_ex(EVP_CIPHER_CTX * ctx,const EVP_CIPHER * c,ENGINE * engine,const void * key,const void * iv,int encp)777 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine,
778 const void *key, const void *iv, int encp)
779 {
780 ctx->buf_len = 0;
781
782 if (encp == -1)
783 encp = ctx->encrypt;
784 else
785 ctx->encrypt = (encp ? 1 : 0);
786
787 if (c && (c != ctx->cipher)) {
788 EVP_CIPHER_CTX_cleanup(ctx);
789 ctx->cipher = c;
790 ctx->key_len = c->key_len;
791
792 ctx->cipher_data = calloc(1, c->ctx_size);
793 if (ctx->cipher_data == NULL && c->ctx_size != 0)
794 return 0;
795
796 /* assume block size is a multiple of 2 */
797 ctx->block_mask = EVP_CIPHER_block_size(c) - 1;
798
799 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) &&
800 !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
801 return 0;
802
803 } else if (ctx->cipher == NULL) {
804 /* reuse of cipher, but not any cipher ever set! */
805 return 0;
806 }
807
808 switch (EVP_CIPHER_CTX_mode(ctx)) {
809 case EVP_CIPH_CBC_MODE:
810
811 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
812
813 if (iv)
814 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
815 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
816 break;
817
818 case EVP_CIPH_STREAM_CIPHER:
819 break;
820 case EVP_CIPH_CFB8_MODE:
821 if (iv)
822 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
823 break;
824
825 default:
826 return 0;
827 }
828
829 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT))
830 return ctx->cipher->init(ctx, key, iv, encp);
831
832 return 1;
833 }
834
835 /**
836 * Encipher/decipher partial data
837 *
838 * @param ctx the cipher context.
839 * @param out output data from the operation.
840 * @param outlen output length
841 * @param in input data to the operation.
842 * @param inlen length of data.
843 *
844 * The output buffer length should at least be EVP_CIPHER_block_size()
845 * byte longer then the input length.
846 *
847 * See @ref evp_cipher for an example how to use this function.
848 *
849 * @return 1 on success.
850 *
851 * @ingroup hcrypto_evp
852 */
853
854 int
EVP_CipherUpdate(EVP_CIPHER_CTX * ctx,void * out,int * outlen,void * in,size_t inlen)855 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
856 void *in, size_t inlen)
857 {
858 int ret, left, blocksize;
859
860 *outlen = 0;
861
862 /**
863 * If there in no spare bytes in the left from last Update and the
864 * input length is on the block boundery, the EVP_CipherUpdate()
865 * function can take a shortcut (and preformance gain) and
866 * directly encrypt the data, otherwise we hav to fix it up and
867 * store extra it the EVP_CIPHER_CTX.
868 */
869 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) {
870 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
871 if (ret == 1)
872 *outlen = inlen;
873 else
874 *outlen = 0;
875 return ret;
876 }
877
878
879 blocksize = EVP_CIPHER_CTX_block_size(ctx);
880 left = blocksize - ctx->buf_len;
881 assert(left > 0);
882
883 if (ctx->buf_len) {
884
885 /* if total buffer is smaller then input, store locally */
886 if (inlen < left) {
887 memcpy(ctx->buf + ctx->buf_len, in, inlen);
888 ctx->buf_len += inlen;
889 return 1;
890 }
891
892 /* fill in local buffer and encrypt */
893 memcpy(ctx->buf + ctx->buf_len, in, left);
894 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
895 memset(ctx->buf, 0, blocksize);
896 if (ret != 1)
897 return ret;
898
899 *outlen += blocksize;
900 inlen -= left;
901 in = ((unsigned char *)in) + left;
902 out = ((unsigned char *)out) + blocksize;
903 ctx->buf_len = 0;
904 }
905
906 if (inlen) {
907 ctx->buf_len = (inlen & ctx->block_mask);
908 inlen &= ~ctx->block_mask;
909
910 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
911 if (ret != 1)
912 return ret;
913
914 *outlen += inlen;
915
916 in = ((unsigned char *)in) + inlen;
917 memcpy(ctx->buf, in, ctx->buf_len);
918 }
919
920 return 1;
921 }
922
923 /**
924 * Encipher/decipher final data
925 *
926 * @param ctx the cipher context.
927 * @param out output data from the operation.
928 * @param outlen output length
929 *
930 * The input length needs to be at least EVP_CIPHER_block_size() bytes
931 * long.
932 *
933 * See @ref evp_cipher for an example how to use this function.
934 *
935 * @return 1 on success.
936 *
937 * @ingroup hcrypto_evp
938 */
939
940 int
EVP_CipherFinal_ex(EVP_CIPHER_CTX * ctx,void * out,int * outlen)941 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
942 {
943 *outlen = 0;
944
945 if (ctx->buf_len) {
946 int ret, left, blocksize;
947
948 blocksize = EVP_CIPHER_CTX_block_size(ctx);
949
950 left = blocksize - ctx->buf_len;
951 assert(left > 0);
952
953 /* zero fill local buffer */
954 memset(ctx->buf + ctx->buf_len, 0, left);
955 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
956 memset(ctx->buf, 0, blocksize);
957 if (ret != 1)
958 return ret;
959
960 *outlen += blocksize;
961 }
962
963 return 1;
964 }
965
966 /**
967 * Encipher/decipher data
968 *
969 * @param ctx the cipher context.
970 * @param out out data from the operation.
971 * @param in in data to the operation.
972 * @param size length of data.
973 *
974 * @return 1 on success.
975 */
976
977 int
EVP_Cipher(EVP_CIPHER_CTX * ctx,void * out,const void * in,size_t size)978 EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size)
979 {
980 return ctx->cipher->do_cipher(ctx, out, in, size);
981 }
982
983 /*
984 *
985 */
986
987 static int
enc_null_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int encp)988 enc_null_init(EVP_CIPHER_CTX *ctx,
989 const unsigned char * key,
990 const unsigned char * iv,
991 int encp)
992 {
993 return 1;
994 }
995
996 static int
enc_null_do_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,unsigned int size)997 enc_null_do_cipher(EVP_CIPHER_CTX *ctx,
998 unsigned char *out,
999 const unsigned char *in,
1000 unsigned int size)
1001 {
1002 memmove(out, in, size);
1003 return 1;
1004 }
1005
1006 static int
enc_null_cleanup(EVP_CIPHER_CTX * ctx)1007 enc_null_cleanup(EVP_CIPHER_CTX *ctx)
1008 {
1009 return 1;
1010 }
1011
1012 /**
1013 * The NULL cipher type, does no encryption/decryption.
1014 *
1015 * @return the null EVP_CIPHER pointer.
1016 *
1017 * @ingroup hcrypto_evp
1018 */
1019
1020 const EVP_CIPHER *
EVP_enc_null(void)1021 EVP_enc_null(void)
1022 {
1023 static const EVP_CIPHER enc_null = {
1024 0,
1025 0,
1026 0,
1027 0,
1028 EVP_CIPH_CBC_MODE,
1029 enc_null_init,
1030 enc_null_do_cipher,
1031 enc_null_cleanup,
1032 0,
1033 NULL,
1034 NULL,
1035 NULL,
1036 NULL
1037 };
1038 return &enc_null;
1039 }
1040
1041 /**
1042 * The RC2 cipher type
1043 *
1044 * @return the RC2 EVP_CIPHER pointer.
1045 *
1046 * @ingroup hcrypto_evp
1047 */
1048
1049 const EVP_CIPHER *
EVP_rc2_cbc(void)1050 EVP_rc2_cbc(void)
1051 {
1052 hcrypto_validate();
1053 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc);
1054 }
1055
1056 /**
1057 * The RC2 cipher type
1058 *
1059 * @return the RC2 EVP_CIPHER pointer.
1060 *
1061 * @ingroup hcrypto_evp
1062 */
1063
1064 const EVP_CIPHER *
EVP_rc2_40_cbc(void)1065 EVP_rc2_40_cbc(void)
1066 {
1067 hcrypto_validate();
1068 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc);
1069 }
1070
1071 /**
1072 * The RC2 cipher type
1073 *
1074 * @return the RC2 EVP_CIPHER pointer.
1075 *
1076 * @ingroup hcrypto_evp
1077 */
1078
1079 const EVP_CIPHER *
EVP_rc2_64_cbc(void)1080 EVP_rc2_64_cbc(void)
1081 {
1082 hcrypto_validate();
1083 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc);
1084 }
1085
1086 /**
1087 * The RC4 cipher type
1088 *
1089 * @return the RC4 EVP_CIPHER pointer.
1090 *
1091 * @ingroup hcrypto_evp
1092 */
1093
1094 const EVP_CIPHER *
EVP_rc4(void)1095 EVP_rc4(void)
1096 {
1097 hcrypto_validate();
1098 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4);
1099 }
1100
1101 /**
1102 * The RC4-40 cipher type
1103 *
1104 * @return the RC4-40 EVP_CIPHER pointer.
1105 *
1106 * @ingroup hcrypto_evp
1107 */
1108
1109 const EVP_CIPHER *
EVP_rc4_40(void)1110 EVP_rc4_40(void)
1111 {
1112 hcrypto_validate();
1113 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40);
1114 }
1115
1116 /**
1117 * The DES cipher type
1118 *
1119 * @return the DES-CBC EVP_CIPHER pointer.
1120 *
1121 * @ingroup hcrypto_evp
1122 */
1123
1124 const EVP_CIPHER *
EVP_des_cbc(void)1125 EVP_des_cbc(void)
1126 {
1127 hcrypto_validate();
1128 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc);
1129 }
1130
1131 /**
1132 * The triple DES cipher type
1133 *
1134 * @return the DES-EDE3-CBC EVP_CIPHER pointer.
1135 *
1136 * @ingroup hcrypto_evp
1137 */
1138
1139 const EVP_CIPHER *
EVP_des_ede3_cbc(void)1140 EVP_des_ede3_cbc(void)
1141 {
1142 hcrypto_validate();
1143 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc);
1144 }
1145
1146 /**
1147 * The AES-128 cipher type
1148 *
1149 * @return the AES-128 EVP_CIPHER pointer.
1150 *
1151 * @ingroup hcrypto_evp
1152 */
1153
1154 const EVP_CIPHER *
EVP_aes_128_cbc(void)1155 EVP_aes_128_cbc(void)
1156 {
1157 hcrypto_validate();
1158 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc);
1159 }
1160
1161 /**
1162 * The AES-192 cipher type
1163 *
1164 * @return the AES-192 EVP_CIPHER pointer.
1165 *
1166 * @ingroup hcrypto_evp
1167 */
1168
1169 const EVP_CIPHER *
EVP_aes_192_cbc(void)1170 EVP_aes_192_cbc(void)
1171 {
1172 hcrypto_validate();
1173 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc);
1174 }
1175
1176 /**
1177 * The AES-256 cipher type
1178 *
1179 * @return the AES-256 EVP_CIPHER pointer.
1180 *
1181 * @ingroup hcrypto_evp
1182 */
1183
1184 const EVP_CIPHER *
EVP_aes_256_cbc(void)1185 EVP_aes_256_cbc(void)
1186 {
1187 hcrypto_validate();
1188 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc);
1189 }
1190
1191 /**
1192 * The AES-128 cipher type
1193 *
1194 * @return the AES-128 EVP_CIPHER pointer.
1195 *
1196 * @ingroup hcrypto_evp
1197 */
1198
1199 const EVP_CIPHER *
EVP_aes_128_cfb8(void)1200 EVP_aes_128_cfb8(void)
1201 {
1202 hcrypto_validate();
1203 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cfb8);
1204 }
1205
1206 /**
1207 * The AES-192 cipher type
1208 *
1209 * @return the AES-192 EVP_CIPHER pointer.
1210 *
1211 * @ingroup hcrypto_evp
1212 */
1213
1214 const EVP_CIPHER *
EVP_aes_192_cfb8(void)1215 EVP_aes_192_cfb8(void)
1216 {
1217 hcrypto_validate();
1218 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cfb8);
1219 }
1220
1221 /**
1222 * The AES-256 cipher type
1223 *
1224 * @return the AES-256 EVP_CIPHER pointer.
1225 *
1226 * @ingroup hcrypto_evp
1227 */
1228
1229 const EVP_CIPHER *
EVP_aes_256_cfb8(void)1230 EVP_aes_256_cfb8(void)
1231 {
1232 hcrypto_validate();
1233 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cfb8);
1234 }
1235
1236 /**
1237 * The Camellia-128 cipher type
1238 *
1239 * @return the Camellia-128 EVP_CIPHER pointer.
1240 *
1241 * @ingroup hcrypto_evp
1242 */
1243
1244 const EVP_CIPHER *
EVP_camellia_128_cbc(void)1245 EVP_camellia_128_cbc(void)
1246 {
1247 hcrypto_validate();
1248 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc);
1249 }
1250
1251 /**
1252 * The Camellia-198 cipher type
1253 *
1254 * @return the Camellia-198 EVP_CIPHER pointer.
1255 *
1256 * @ingroup hcrypto_evp
1257 */
1258
1259 const EVP_CIPHER *
EVP_camellia_192_cbc(void)1260 EVP_camellia_192_cbc(void)
1261 {
1262 hcrypto_validate();
1263 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc);
1264 }
1265
1266 /**
1267 * The Camellia-256 cipher type
1268 *
1269 * @return the Camellia-256 EVP_CIPHER pointer.
1270 *
1271 * @ingroup hcrypto_evp
1272 */
1273
1274 const EVP_CIPHER *
EVP_camellia_256_cbc(void)1275 EVP_camellia_256_cbc(void)
1276 {
1277 hcrypto_validate();
1278 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc);
1279 }
1280
1281 /*
1282 *
1283 */
1284
1285 static const struct cipher_name {
1286 const char *name;
1287 const EVP_CIPHER *(*func)(void);
1288 } cipher_name[] = {
1289 { "des-ede3-cbc", EVP_des_ede3_cbc },
1290 { "aes-128-cbc", EVP_aes_128_cbc },
1291 { "aes-192-cbc", EVP_aes_192_cbc },
1292 { "aes-256-cbc", EVP_aes_256_cbc },
1293 { "aes-128-cfb8", EVP_aes_128_cfb8 },
1294 { "aes-192-cfb8", EVP_aes_192_cfb8 },
1295 { "aes-256-cfb8", EVP_aes_256_cfb8 },
1296 { "camellia-128-cbc", EVP_camellia_128_cbc },
1297 { "camellia-192-cbc", EVP_camellia_192_cbc },
1298 { "camellia-256-cbc", EVP_camellia_256_cbc }
1299 };
1300
1301 /**
1302 * Get the cipher type using their name.
1303 *
1304 * @param name the name of the cipher.
1305 *
1306 * @return the selected EVP_CIPHER pointer or NULL if not found.
1307 *
1308 * @ingroup hcrypto_evp
1309 */
1310
1311 const EVP_CIPHER *
EVP_get_cipherbyname(const char * name)1312 EVP_get_cipherbyname(const char *name)
1313 {
1314 int i;
1315 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) {
1316 if (strcasecmp(cipher_name[i].name, name) == 0)
1317 return (*cipher_name[i].func)();
1318 }
1319 return NULL;
1320 }
1321
1322
1323 /*
1324 *
1325 */
1326
1327 #ifndef min
1328 #define min(a,b) (((a)>(b))?(b):(a))
1329 #endif
1330
1331 /**
1332 * Provides a legancy string to key function, used in PEM files.
1333 *
1334 * New protocols should use new string to key functions like NIST
1335 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()).
1336 *
1337 * @param type type of cipher to use
1338 * @param md message digest to use
1339 * @param salt salt salt string, should be an binary 8 byte buffer.
1340 * @param data the password/input key string.
1341 * @param datalen length of data parameter.
1342 * @param count iteration counter.
1343 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length().
1344 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size().
1345 *
1346 * @return the size of derived key.
1347 *
1348 * @ingroup hcrypto_evp
1349 */
1350
1351 int
EVP_BytesToKey(const EVP_CIPHER * type,const EVP_MD * md,const void * salt,const void * data,size_t datalen,unsigned int count,void * keydata,void * ivdata)1352 EVP_BytesToKey(const EVP_CIPHER *type,
1353 const EVP_MD *md,
1354 const void *salt,
1355 const void *data, size_t datalen,
1356 unsigned int count,
1357 void *keydata,
1358 void *ivdata)
1359 {
1360 unsigned int ivlen, keylen;
1361 int first = 0;
1362 unsigned int mds = 0, i;
1363 unsigned char *key = keydata;
1364 unsigned char *iv = ivdata;
1365 unsigned char *buf;
1366 EVP_MD_CTX c;
1367
1368 keylen = EVP_CIPHER_key_length(type);
1369 ivlen = EVP_CIPHER_iv_length(type);
1370
1371 if (data == NULL)
1372 return keylen;
1373
1374 buf = malloc(EVP_MD_size(md));
1375 if (buf == NULL)
1376 return -1;
1377
1378 EVP_MD_CTX_init(&c);
1379
1380 first = 1;
1381 while (1) {
1382 EVP_DigestInit_ex(&c, md, NULL);
1383 if (!first)
1384 EVP_DigestUpdate(&c, buf, mds);
1385 first = 0;
1386 EVP_DigestUpdate(&c,data,datalen);
1387
1388 #define PKCS5_SALT_LEN 8
1389
1390 if (salt)
1391 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
1392
1393 EVP_DigestFinal_ex(&c, buf, &mds);
1394 assert(mds == EVP_MD_size(md));
1395
1396 for (i = 1; i < count; i++) {
1397 EVP_DigestInit_ex(&c, md, NULL);
1398 EVP_DigestUpdate(&c, buf, mds);
1399 EVP_DigestFinal_ex(&c, buf, &mds);
1400 assert(mds == EVP_MD_size(md));
1401 }
1402
1403 i = 0;
1404 if (keylen) {
1405 size_t sz = min(keylen, mds);
1406 if (key) {
1407 memcpy(key, buf, sz);
1408 key += sz;
1409 }
1410 keylen -= sz;
1411 i += sz;
1412 }
1413 if (ivlen && mds > i) {
1414 size_t sz = min(ivlen, (mds - i));
1415 if (iv) {
1416 memcpy(iv, &buf[i], sz);
1417 iv += sz;
1418 }
1419 ivlen -= sz;
1420 }
1421 if (keylen == 0 && ivlen == 0)
1422 break;
1423 }
1424
1425 EVP_MD_CTX_cleanup(&c);
1426 free(buf);
1427
1428 return EVP_CIPHER_key_length(type);
1429 }
1430
1431 /**
1432 * Generate a random key for the specificed EVP_CIPHER.
1433 *
1434 * @param ctx EVP_CIPHER_CTX type to build the key for.
1435 * @param key return key, must be at least EVP_CIPHER_key_length() byte long.
1436 *
1437 * @return 1 for success, 0 for failure.
1438 *
1439 * @ingroup hcrypto_core
1440 */
1441
1442 int
EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX * ctx,void * key)1443 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key)
1444 {
1445 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1446 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1447 if (RAND_bytes(key, ctx->key_len) != 1)
1448 return 0;
1449 return 1;
1450 }
1451
1452 /**
1453 * Perform a operation on a ctx
1454 *
1455 * @param ctx context to perform operation on.
1456 * @param type type of operation.
1457 * @param arg argument to operation.
1458 * @param data addition data to operation.
1459
1460 * @return 1 for success, 0 for failure.
1461 *
1462 * @ingroup hcrypto_core
1463 */
1464
1465 int
EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX * ctx,int type,int arg,void * data)1466 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data)
1467 {
1468 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL)
1469 return 0;
1470 return (*ctx->cipher->ctrl)(ctx, type, arg, data);
1471 }
1472
1473 /**
1474 * Add all algorithms to the crypto core.
1475 *
1476 * @ingroup hcrypto_core
1477 */
1478
1479 void
OpenSSL_add_all_algorithms(void)1480 OpenSSL_add_all_algorithms(void)
1481 {
1482 return;
1483 }
1484
1485 /**
1486 * Add all algorithms to the crypto core using configuration file.
1487 *
1488 * @ingroup hcrypto_core
1489 */
1490
1491 void
OpenSSL_add_all_algorithms_conf(void)1492 OpenSSL_add_all_algorithms_conf(void)
1493 {
1494 return;
1495 }
1496
1497 /**
1498 * Add all algorithms to the crypto core, but don't use the
1499 * configuration file.
1500 *
1501 * @ingroup hcrypto_core
1502 */
1503
1504 void
OpenSSL_add_all_algorithms_noconf(void)1505 OpenSSL_add_all_algorithms_noconf(void)
1506 {
1507 return;
1508 }
1509