Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware

EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy

EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl

EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length

EVP_F_EVP_CIPHER_CTX_SET_PADDING:237:EVP_CIPHER_CTX_set_padding

EVP_F_EVP_CIPHER_FROM_DISPATCH:238:evp_cipher_from_dispatch

EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1

EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex

EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate

EVP_R_INVALID_KEY:163:invalid key

EVP_R_INVALID_KEY_LENGTH:130:invalid key length

EVP_R_INVALID_OPERATION:148:invalid operation

EVP_R_INVALID_PROVIDER_FUNCTIONS:193:invalid provider functions

EVP_R_INVALID_SALT_LENGTH:186:invalid salt length

EVP_R_KEYGEN_FAILURE:120:keygen failure

EVP_R_KEY_SETUP_FAILED:180:key setup failed

#include <openssl/evp.h>

#include "internal/evp_int.h"

#include "internal/provider.h"

#include "evp_locl.h"

EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)

        cipher->nid = cipher_type;

        cipher->block_size = block_size;

        cipher->key_len = key_len;

        cipher->lock = CRYPTO_THREAD_lock_new();

        if (cipher->lock == NULL) {

            OPENSSL_free(cipher);

            return NULL;

        }

        cipher->refcnt = 1;

    }

    return cipher;

}

    EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,

                                         cipher->key_len);

    if (to != NULL)

    if (to != NULL) {

        CRYPTO_RWLOCK *lock = to->lock;

        memcpy(to, cipher, sizeof(*to));

        to->lock = lock;

    }

    return to;

}

void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)

{

    if (cipher != NULL) {

        int i;

        CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);

        if (i > 0)

            return;

        ossl_provider_free(cipher->prov);

        CRYPTO_THREAD_lock_free(cipher->lock);

        OPENSSL_free(cipher);

    }

}

int EVP_CIPHER_upref(EVP_CIPHER *cipher)

{

    int ref = 0;

    CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);

    return 1;

}

int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)

{

            md->dinit = OSSL_get_OP_digest_init(fns);

            fncnt++;

            break;

        case OSSL_FUNC_DIGEST_UPDDATE:

        case OSSL_FUNC_DIGEST_UPDATE:

            if (md->dupdate != NULL)

                break;

            md->dupdate = OSSL_get_OP_digest_update(fns);

#include <openssl/rand.h>

#include <openssl/rand_drbg.h>

#include <openssl/engine.h>

#include <openssl/params.h>

#include <openssl/core_names.h>

#include "internal/evp_int.h"

#include "internal/provider.h"

#include "evp_locl.h"

int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)

int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

{

    if (c == NULL)

    if (ctx == NULL)

        return 1;

    if (c->cipher != NULL) {

        if (c->cipher->cleanup && !c->cipher->cleanup(c))

    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)

        goto legacy;

    if (ctx->provctx != NULL) {

        if (ctx->cipher->freectx != NULL)

            ctx->cipher->freectx(ctx->provctx);

        ctx->provctx = NULL;

    }

    if (ctx->fetched_cipher != NULL)

        EVP_CIPHER_meth_free(ctx->fetched_cipher);

    memset(ctx, 0, sizeof(*ctx));

    return 1;

    /* TODO(3.0): Remove legacy code below */

 legacy:

    if (ctx->cipher != NULL) {

        if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx))

            return 0;

        /* Cleanse cipher context data */

        if (c->cipher_data && c->cipher->ctx_size)

            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);

        if (ctx->cipher_data && ctx->cipher->ctx_size)

            OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);

    }

    OPENSSL_free(c->cipher_data);

    OPENSSL_free(ctx->cipher_data);

#ifndef OPENSSL_NO_ENGINE

    ENGINE_finish(c->engine);

    ENGINE_finish(ctx->engine);

#endif

    memset(c, 0, sizeof(*c));

    memset(ctx, 0, sizeof(*ctx));

    return 1;

}

                      ENGINE *impl, const unsigned char *key,

                      const unsigned char *iv, int enc)

{

    if (enc == -1)

    EVP_CIPHER *provciph = NULL;

    ENGINE *tmpimpl = NULL;

    const EVP_CIPHER *tmpcipher;

    /*

     * enc == 1 means we are encrypting.

     * enc == 0 means we are decrypting.

     * enc == -1 means, use the previously initialised value for encrypt/decrypt

     */

    if (enc == -1) {

        enc = ctx->encrypt;

    else {

    } else {

        if (enc)

            enc = 1;

        ctx->encrypt = enc;

    }

    if (cipher == NULL && ctx->cipher == NULL) {

        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);

        return 0;

    }

    /* TODO(3.0): Legacy work around code below. Remove this */

#ifndef OPENSSL_NO_ENGINE

    /*

     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so

    if (ctx->engine && ctx->cipher

        && (cipher == NULL || cipher->nid == ctx->cipher->nid))

        goto skip_to_init;

    if (cipher != NULL && impl == NULL) {

         /* Ask if an ENGINE is reserved for this job */

        tmpimpl = ENGINE_get_cipher_engine(cipher->nid);

    }

#endif

    if (cipher) {

    /*

     * If there are engines involved then we should use legacy handling for now.

     */

    if (ctx->engine != NULL

            || impl != NULL

            || tmpimpl != NULL) {

        if (ctx->cipher == ctx->fetched_cipher)

            ctx->cipher = NULL;

        EVP_CIPHER_meth_free(ctx->fetched_cipher);

        ctx->fetched_cipher = NULL;

        goto legacy;

    }

    tmpcipher = (cipher == NULL) ? ctx->cipher : cipher;

    if (tmpcipher->prov == NULL) {

        switch(tmpcipher->nid) {

        default:

            goto legacy;

        }

    }

    /*

     * Ensure a context left lying around from last time is cleared

     * (legacy code)

     */

    if (cipher != NULL && ctx->cipher != NULL) {

        OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size);

        ctx->cipher_data = NULL;

    }

    /* TODO(3.0): Start of non-legacy code below */

    /* Ensure a context left lying around from last time is cleared */

    if (cipher != NULL && ctx->cipher != NULL) {

        unsigned long flags = ctx->flags;

        EVP_CIPHER_CTX_reset(ctx);

        /* Restore encrypt and flags */

        ctx->encrypt = enc;

        ctx->flags = flags;

    }

    if (cipher != NULL)

        ctx->cipher = cipher;

    else

        cipher = ctx->cipher;

    if (cipher->prov == NULL) {

        provciph = EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), "");

        if (provciph == NULL) {

            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

            return 0;

        }

        cipher = provciph;

        EVP_CIPHER_meth_free(ctx->fetched_cipher);

        ctx->fetched_cipher = provciph;

    }

    ctx->cipher = cipher;

    if (ctx->provctx == NULL) {

        ctx->provctx = ctx->cipher->newctx();

        if (ctx->provctx == NULL) {

            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

            return 0;

        }

    }

    if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {

        /*

         * Ensure a context left lying around from last time is cleared (the

         * previous check attempted to avoid this if the same ENGINE and

         * If this ctx was already set up for no padding then we need to tell

         * the new cipher about it.

         */

        if (!EVP_CIPHER_CTX_set_padding(ctx, 0))

            return 0;

    }

    if (enc) {

        if (ctx->cipher->einit == NULL) {

            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

            return 0;

        }

        return ctx->cipher->einit(ctx->provctx, key, iv);

    }

    if (ctx->cipher->dinit == NULL) {

        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

        return 0;

    }

    return ctx->cipher->dinit(ctx->provctx, key, iv);

    /* TODO(3.0): Remove legacy code below */

 legacy:

    if (cipher != NULL) {

        /*

         * Ensure a context left lying around from last time is cleared (we

         * previously attempted to avoid this if the same ENGINE and

         * EVP_CIPHER could be used).

         */

        if (ctx->cipher) {

            ctx->flags = flags;

        }

#ifndef OPENSSL_NO_ENGINE

        if (impl) {

        if (impl != NULL) {

            if (!ENGINE_init(impl)) {

                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

                return 0;

            }

        } else

            /* Ask if an ENGINE is reserved for this job */

            impl = ENGINE_get_cipher_engine(cipher->nid);

        if (impl) {

        } else {

            impl = tmpimpl;

        }

        if (impl != NULL) {

            /* There's an ENGINE for this job ... (apparently) */

            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);

            if (!c) {

            if (c == NULL) {

                /*

                 * One positive side-effect of US's export control history,

                 * is that we should at least be able to avoid using US

             * from an ENGINE and we need to release it when done.

             */

            ctx->engine = impl;

        } else

        } else {

            ctx->engine = NULL;

        }

#endif

        ctx->cipher = cipher;

                return 0;

            }

        }

    } else if (!ctx->cipher) {

        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);

        return 0;

    }

#ifndef OPENSSL_NO_ENGINE

 skip_to_init:

int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,

                      const unsigned char *in, int inl)

{

    int ret;

    size_t soutl;

    /* Prevent accidental use of decryption context when encrypting */

    if (!ctx->encrypt) {

        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);

        return 0;

    }

    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)

        goto legacy;

    if (ctx->cipher->cupdate == NULL) {

        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);

        return 0;

    }

    ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl, in, (size_t)inl);

    if (soutl > INT_MAX) {

        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_UPDATE_ERROR);

        return 0;

    }

    *outl = soutl;

    return ret;

    /* TODO(3.0): Remove legacy code below */

 legacy:

    return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);

}

{

    int n, ret;

    unsigned int i, b, bl;

    size_t soutl;

    /* Prevent accidental use of decryption context when encrypting */

    if (!ctx->encrypt) {

        return 0;

    }

    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)

        goto legacy;

    if (ctx->cipher->cfinal == NULL) {

        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);

        return 0;

    }

    ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl);

    if (soutl > INT_MAX) {

        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_FINAL_ERROR);

        return 0;

    }

    *outl = soutl;

    return ret;

    /* TODO(3.0): Remove legacy code below */

 legacy:

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {

        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);

        if (ret < 0)

int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,

                      const unsigned char *in, int inl)

{

    int fix_len, cmpl = inl;

    int fix_len, cmpl = inl, ret;

    unsigned int b;

    size_t soutl;

    /* Prevent accidental use of encryption context when decrypting */

    if (ctx->encrypt) {

        return 0;

    }

    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)

        goto legacy;

    if (ctx->cipher->cupdate == NULL) {

        EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_UPDATE_ERROR);

        return 0;

    }

    ret = ctx->cipher->cupdate(ctx->provctx, out, &soutl, in, (size_t)inl);

    if (ret) {

        if (soutl > INT_MAX) {

            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_UPDATE_ERROR);

            return 0;

        }

        *outl = soutl;

    }

    return ret;

    /* TODO(3.0): Remove legacy code below */

 legacy:

    b = ctx->cipher->block_size;

    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))

{

    int i, n;

    unsigned int b;

    size_t soutl;

    int ret;

    /* Prevent accidental use of encryption context when decrypting */

    if (ctx->encrypt) {

        return 0;

    }

    if (ctx->cipher == NULL || ctx->cipher->prov == NULL)

        goto legacy;

    if (ctx->cipher->cfinal == NULL) {

        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_FINAL_ERROR);

        return 0;

    }

    ret = ctx->cipher->cfinal(ctx->provctx, out, &soutl);

    if (ret) {

        if (soutl > INT_MAX) {

            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_FINAL_ERROR);

            return 0;

        }

        *outl = soutl;

    }

    return ret;

    /* TODO(3.0): Remove legacy code below */

 legacy:

    *outl = 0;

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {

{

    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)

        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);

    if (c->key_len == keylen)

    if (EVP_CIPHER_CTX_key_length(c) == keylen)

        return 1;

    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {

        c->key_len = keylen;

        ctx->flags &= ~EVP_CIPH_NO_PADDING;

    else

        ctx->flags |= EVP_CIPH_NO_PADDING;

    if (ctx->cipher != NULL && ctx->cipher->prov != NULL) {

        OSSL_PARAM params[] = {

            OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL),

            OSSL_PARAM_END

        };

        params[0].data = &pad;

        if (ctx->cipher->set_params == NULL) {

            EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED);

            return 0;

        }

        if (!ctx->cipher->set_params(ctx->provctx, params))

            return 0;

    }

    return 1;

}

        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);

        return 0;

    }

    if (in->cipher->prov == NULL)

        goto legacy;

    if (in->cipher->dupctx == NULL) {

        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_NOT_ABLE_TO_COPY_CTX);

        return 0;

    }

    EVP_CIPHER_CTX_reset(out);

    *out = *in;

    out->provctx = NULL;

    if (in->fetched_cipher != NULL || !EVP_CIPHER_upref(in->fetched_cipher)) {

        out->fetched_cipher = NULL;

        return 0;

    }

    out->provctx = in->cipher->dupctx(in->provctx);

    if (out->provctx == NULL) {

        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_NOT_ABLE_TO_COPY_CTX);

        return 0;

    }

    return 1;

    /* TODO(3.0): Remove legacy code below */

 legacy:

#ifndef OPENSSL_NO_ENGINE

    /* Make sure it's safe to copy a cipher context using an ENGINE */

    if (in->engine && !ENGINE_init(in->engine)) {

        }

    return 1;

}

static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns,

                                      OSSL_PROVIDER *prov)

{

    EVP_CIPHER *cipher = NULL;

    int fnciphcnt = 0, fnctxcnt = 0;

    if ((cipher = EVP_CIPHER_meth_new(nid, 0, 0)) == NULL)

        return NULL;

    for (; fns->function_id != 0; fns++) {

        switch (fns->function_id) {

        case OSSL_FUNC_CIPHER_NEWCTX:

            if (cipher->newctx != NULL)

                break;

            cipher->newctx = OSSL_get_OP_cipher_newctx(fns);

            fnctxcnt++;

            break;

        case OSSL_FUNC_CIPHER_ENCRYPT_INIT:

            if (cipher->einit != NULL)

                break;

            cipher->einit = OSSL_get_OP_cipher_encrypt_init(fns);

            fnciphcnt++;

            break;

        case OSSL_FUNC_CIPHER_DECRYPT_INIT:

            if (cipher->dinit != NULL)

                break;

            cipher->dinit = OSSL_get_OP_cipher_decrypt_init(fns);

            fnciphcnt++;

            break;

        case OSSL_FUNC_CIPHER_UPDATE:

            if (cipher->cupdate != NULL)

                break;

            cipher->cupdate = OSSL_get_OP_cipher_update(fns);

            fnciphcnt++;

            break;

        case OSSL_FUNC_CIPHER_FINAL:

            if (cipher->cfinal != NULL)

                break;

            cipher->cfinal = OSSL_get_OP_cipher_final(fns);

            fnciphcnt++;

            break;

        case OSSL_FUNC_CIPHER_FREECTX:

            if (cipher->freectx != NULL)

                break;

            cipher->freectx = OSSL_get_OP_cipher_freectx(fns);

            fnctxcnt++;

            break;

        case OSSL_FUNC_CIPHER_DUPCTX:

            if (cipher->dupctx != NULL)

                break;

            cipher->dupctx = OSSL_get_OP_cipher_dupctx(fns);

            break;

        case OSSL_FUNC_CIPHER_KEY_LENGTH:

            if (cipher->key_length != NULL)

                break;

            cipher->key_length = OSSL_get_OP_cipher_key_length(fns);

            break;

        case OSSL_FUNC_CIPHER_GET_PARAMS:

            if (cipher->get_params != NULL)

                break;

            cipher->get_params = OSSL_get_OP_cipher_get_params(fns);

            break;

        case OSSL_FUNC_CIPHER_SET_PARAMS:

            if (cipher->set_params != NULL)

                break;

            cipher->set_params = OSSL_get_OP_cipher_set_params(fns);

            break;

        }

    }

    if ((fnciphcnt != 3 && fnciphcnt != 4)

            || fnctxcnt != 2) {

        /*

         * In order to be a consistent set of functions we must have at least

         * a complete set of "encrypt" functions, or a complete set of "decrypt"

         * functions. In both cases we need a complete set of context management

         * functions

         */

        EVP_CIPHER_meth_free(cipher);

        EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS);

        return NULL;

    }

    cipher->prov = prov;

    if (prov != NULL)

        ossl_provider_upref(prov);

    return cipher;

}

static int evp_cipher_upref(void *cipher)

{

    return EVP_CIPHER_upref(cipher);

}

static void evp_cipher_free(void *cipher)

{

    EVP_CIPHER_meth_free(cipher);

}

static int evp_cipher_nid(void *vcipher)

{

    EVP_CIPHER *cipher = vcipher;

    return cipher->nid;

}

EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,