Implement support for AES-256-ECB in the default provider

    if (tmpcipher->prov == NULL) {

        switch(tmpcipher->nid) {

        case NID_aes_256_ecb:

            break;

        default:

            goto legacy;

        }

SUBDIRS=digests

SUBDIRS=digests ciphers

/*

 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the Apache License 2.0 (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

 * in the file LICENSE in the source distribution or at

 * https://www.openssl.org/source/license.html

 */

#include <string.h>

#include <openssl/crypto.h>

#include <openssl/core_numbers.h>

#include <openssl/core_names.h>

#include <openssl/evp.h>

#include <openssl/params.h>

#include "internal/cryptlib.h"

#include "ciphers_locl.h"

static void PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,

                                      const unsigned char *iv,

                                      int enc)

{

    if (iv != NULL)

        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);

    ctx->enc = enc;

}

static int aes_einit(void *vctx, const unsigned char *key,

                           const unsigned char *iv)

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    PROV_AES_KEY_generic_init(ctx, iv, 1);

    if (key != NULL)

        return ctx->ciph->init(ctx, key, ctx->keylen);

    return 1;

}

static int aes_dinit(void *vctx, const unsigned char *key,

                     const unsigned char *iv)

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    PROV_AES_KEY_generic_init(ctx, iv, 0);

    if (key != NULL)

        return ctx->ciph->init(ctx, key, ctx->keylen);

    return 1;

}

static int aes_update(void *vctx, unsigned char *out, size_t *outl,

                      const unsigned char *in, size_t inl)

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in,

                                  &inl);

    size_t outlint = 0;

    /*

     * If we're decrypting and we end an update on a block boundary we hold

     * the last block back in case this is the last update call and the last

     * block is padded.

     */

    if (ctx->bufsz == AES_BLOCK_SIZE

            && (ctx->enc || inl > 0 || !ctx->pad)) {

        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE))

            return 0;

        ctx->bufsz = 0;

        outlint = AES_BLOCK_SIZE;

        out += AES_BLOCK_SIZE;

    }

    if (nextblocks > 0) {

        if (!ctx->enc && ctx->pad && nextblocks == inl) {

            if (!ossl_assert(inl >= AES_BLOCK_SIZE))

                return 0;

            nextblocks -= AES_BLOCK_SIZE;

        }

        if (!ctx->ciph->cipher(ctx, out, in, nextblocks))

            return 0;

        in += nextblocks;

        inl -= nextblocks;

        outlint += nextblocks;

    }

    if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl))

        return 0;

    *outl = outlint;

    return inl == 0;

}

static int aes_final(void *vctx, unsigned char *out, size_t *outl)

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    if (ctx->enc) {

        if (ctx->pad) {

            padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE);

        } else if (ctx->bufsz == 0) {

            *outl = 0;

            return 1;

        } else if (ctx->bufsz != AES_BLOCK_SIZE) {

            /* TODO(3.0): What is the correct error code here? */

            return 0;

        }

        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE))

            return 0;

        ctx->bufsz = 0;

        *outl = AES_BLOCK_SIZE;

        return 1;

    }

    /* Decrypting */

    /* TODO(3.0): What's the correct error here */

    if (ctx->bufsz != AES_BLOCK_SIZE) {

        if (ctx->bufsz == 0 && !ctx->pad) {

            *outl = 0;

            return 1;

        }

        return 0;

    }

    if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE))

        return 0;

    /* TODO(3.0): What is the correct error here */

    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE))

        return 0;

    memcpy(out, ctx->buf, ctx->bufsz);

    *outl = ctx->bufsz;

    ctx->bufsz = 0;

    return 1;

}

static void *aes_256_ecb_newctx(void)

{

    PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));

    ctx->pad = 1;

    ctx->keylen = 256 / 8;

    ctx->ciph = PROV_AES_CIPHER_ecb();

    ctx->mode = EVP_CIPH_ECB_MODE;

    return ctx;

}

static void aes_freectx(void *vctx)

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    OPENSSL_clear_free(ctx,  sizeof(*ctx));

}

static void *aes_dupctx(void *ctx)

{

    PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;

    PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));

    *ret = *in;

    return ret;

}

static size_t key_length_256(void)

{

    return 256 / 8;

}

static int aes_get_params(void *vctx, const OSSL_PARAM params[])

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    const OSSL_PARAM *p;

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);

    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad))

        return 0;

    return 1;

}

static int aes_set_params(void *vctx, const OSSL_PARAM params[])

{

    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;

    const OSSL_PARAM *p;

    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);

    if (p != NULL) {

        int pad;

        if (!OSSL_PARAM_get_int(p, &pad))

            return 0;

        ctx->pad = pad ? 1 : 0;

    }

    return 1;

}

extern const OSSL_DISPATCH aes256ecb_functions[];

const OSSL_DISPATCH aes256ecb_functions[] = {

    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_256_ecb_newctx },

    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit },

    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit },

    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_update },

    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_final },

    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx },

    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx },

    { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_256 },

    { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params },

    { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params },

    { 0, NULL }

};

/*

 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the Apache License 2.0 (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

 * in the file LICENSE in the source distribution or at

 * https://www.openssl.org/source/license.html

 */

#include <string.h>

#include <openssl/evp.h>

#include <openssl/err.h>

#include "ciphers_locl.h"

#include <assert.h>

/*

 * Fills a single block of buffered data from the input, and returns the amount

 * of data remaining in the input that is a multiple of the blocksize. The buffer

 * is only filled if it already has some data in it, isn't full already or we

 * don't have at least one block in the input.

 *

 * buf: a buffer of blocksize bytes

 * buflen: contains the amount of data already in buf on entry. Updated with the

 *         amount of data in buf at the end. On entry *buflen must always be

 *         less than the blocksize

 * blocksize: size of a block. Must be greater than 0 and a power of 2

 * in: pointer to a pointer containing the input data

 * inlen: amount of input data available

 *

 * On return buf is filled with as much data as possible up to a full block,

 * *buflen is updated containing the amount of data in buf. *in is updated to

 * the new location where input data should be read from, *inlen is updated with

 * the remaining amount of data in *in. Returns the largest value <= *inlen

 * which is a multiple of the blocksize.

 */

size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,

                 const unsigned char **in, size_t *inlen)

{

    size_t blockmask = ~(blocksize - 1);

    assert(*buflen <= blocksize);

    assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0);

    if (*buflen != blocksize && (*buflen != 0 || *inlen < blocksize)) {

        size_t bufremain = blocksize - *buflen;

        if (*inlen < bufremain)

            bufremain = *inlen;

        memcpy(buf + *buflen, *in, bufremain);

        *in += bufremain;

        *inlen -= bufremain;

        *buflen += bufremain;

    }

    return *inlen & blockmask;

}

/*

 * Fills the buffer with trailing data from an encryption/decryption that didn't

 * fit into a full block.

 */

int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,

                 const unsigned char **in, size_t *inlen)

{

    if (*inlen == 0)

        return 1;

    if (*buflen + *inlen > blocksize)

        return 0;

    memcpy(buf + *buflen, *in, *inlen);

    *buflen += *inlen;

    *inlen = 0;

    return 1;

}

/* Pad the final block for encryption */

void padblock(unsigned char *buf, size_t *buflen, size_t blocksize)

{

    size_t i;

    unsigned char pad = (unsigned char)(blocksize - *buflen);

    for (i = *buflen; i < blocksize; i++)

        buf[i] = pad;

}

int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)

{

    size_t pad, i;

    size_t len = *buflen;

    if(len != blocksize)

        return 0;

    /*

     * The following assumes that the ciphertext has been authenticated.

     * Otherwise it provides a padding oracle.

     */

    pad = buf[blocksize - 1];

    if (pad == 0 || pad > blocksize) {

        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);

        return 0;

    }

    for (i = 0; i < pad; i++) {

        if (buf[--len] != pad) {

            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);

            return 0;

        }

    }

    *buflen = len;

    return 1;

}