#endif
+#ifndef OPENSSL_NO_ENGINE
+
#ifdef OPENSSL_FIPS
static int do_engine_null(ENGINE *impl) { return 0;}
static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
- const EVP_MD *type, ENGINE *impl)
+ const EVP_MD **ptype, ENGINE *impl)
{ return 1; }
static int (*do_engine_init)(ENGINE *impl)
= do_engine_null;
static int (*do_evp_md_engine)
- (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
= do_evp_md_engine_null;
void int_EVP_MD_set_engine_callbacks(
int (*eng_md_init)(ENGINE *impl),
int (*eng_md_fin)(ENGINE *impl),
int (*eng_md_evp)
- (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl))
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
{
do_engine_init = eng_md_init;
do_engine_finish = eng_md_fin;
#define do_engine_init ENGINE_init
#define do_engine_finish ENGINE_finish
-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
{
- if (type)
+ if (*ptype)
{
/* Ensure an ENGINE left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
}
else
/* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_digest_engine(type->type);
+ impl = ENGINE_get_digest_engine((*ptype)->type);
if(impl)
{
/* There's an ENGINE for this job ... (apparently) */
- const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
if(!d)
{
/* Same comment from evp_enc.c */
return 0;
}
/* We'll use the ENGINE's private digest definition */
- type = d;
+ *ptype = d;
/* Store the ENGINE functional reference so we know
* 'type' came from an ENGINE and we need to release
* it when done. */
#endif
+#endif
+
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
if (ctx->engine && ctx->digest && (!type ||
(type && (type->type == ctx->digest->type))))
goto skip_to_init;
- if (!do_evp_md_engine(ctx, type, impl))
+ if (!do_evp_md_engine(ctx, &type, impl))
return 0;
#endif
if (ctx->digest != type)
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
- {
- memset(ctx,0,sizeof(EVP_CIPHER_CTX));
- /* ctx->cipher=NULL; */
- }
-
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
}
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
-
-int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
-
-/* NB: no cleanup because it is allowed after failed init */
-
-int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
- { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
-int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
- { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
-int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
- { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-
-static const EVP_CIPHER bad_cipher =
- {
- 0,
- 0,
- 0,
- 0,
- 0,
- bad_init,
- bad_do_cipher,
- NULL,
- 0,
- bad_set_asn1,
- bad_get_asn1,
- bad_ctrl,
- NULL
- };
-
-#endif
-
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv, int enc)
- {
- if (enc == -1)
- enc = ctx->encrypt;
- else
- {
- if (enc)
- enc = 1;
- ctx->encrypt = enc;
- }
-#ifndef OPENSSL_NO_ENGINE
- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
- * so this context may already have an ENGINE! Try to avoid releasing
- * the previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary. */
- if (ctx->engine && ctx->cipher && (!cipher ||
- (cipher && (cipher->nid == ctx->cipher->nid))))
- goto skip_to_init;
-#endif
- if (cipher)
- {
- /* Ensure a context left lying around from last time is cleared
- * (the previous check attempted to avoid this if the same
- * ENGINE and EVP_CIPHER could be used). */
- EVP_CIPHER_CTX_cleanup(ctx);
-
- /* Restore encrypt field: it is zeroed by cleanup */
- ctx->encrypt = enc;
-#ifndef OPENSSL_NO_ENGINE
- if(impl)
- {
- if (!ENGINE_init(impl))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- else
- /* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_cipher_engine(cipher->nid);
- if(impl)
- {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
- if(!c)
- {
- /* One positive side-effect of US's export
- * control history, is that we should at least
- * be able to avoid using US mispellings of
- * "initialisation"? */
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- /* We'll use the ENGINE's private cipher definition */
- cipher = c;
- /* Store the ENGINE functional reference so we know
- * 'cipher' came from an ENGINE and we need to release
- * it when done. */
- ctx->engine = impl;
- }
- else
- ctx->engine = NULL;
-#endif
-
- ctx->cipher=cipher;
- if (ctx->cipher->ctx_size)
- {
- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
- if (!ctx->cipher_data)
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- {
- ctx->cipher_data = NULL;
- }
- ctx->key_len = cipher->key_len;
- ctx->flags = 0;
- if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
- {
- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- }
- else if(!ctx->cipher)
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
- /* we assume block size is a power of 2 in *cryptUpdate */
- OPENSSL_assert(ctx->cipher->block_size == 1
- || ctx->cipher->block_size == 8
- || ctx->cipher->block_size == 16);
-
- if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
- switch(EVP_CIPHER_CTX_mode(ctx)) {
-
- case EVP_CIPH_STREAM_CIPHER:
- case EVP_CIPH_ECB_MODE:
- break;
-
- case EVP_CIPH_CFB_MODE:
- case EVP_CIPH_OFB_MODE:
-
- ctx->num = 0;
-
- case EVP_CIPH_CBC_MODE:
-
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
- (int)sizeof(ctx->iv));
- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
- break;
-
- default:
- return 0;
- break;
- }
- }
-
-#ifdef OPENSSL_FIPS
- /* After 'key' is set no further parameters changes are permissible.
- * So only check for non FIPS enabling at this point.
- */
- if (key && FIPS_mode())
- {
- if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
- & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
- ERR_add_error_data(2, "cipher=",
- EVP_CIPHER_name(ctx->cipher));
- ctx->cipher = &bad_cipher;
- return 0;
- }
- }
-#endif
-
- if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
- if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
- }
- ctx->buf_len=0;
- ctx->final_used=0;
- ctx->block_mask=ctx->cipher->block_size-1;
- return 1;
- }
-
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
}
}
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
- {
- if (c->cipher != NULL)
- {
- if(c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
- /* Cleanse cipher context data */
- if (c->cipher_data)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
- }
- if (c->cipher_data)
- OPENSSL_free(c->cipher_data);
-#ifndef OPENSSL_NO_ENGINE
- if (c->engine)
- /* The EVP_CIPHER we used belongs to an ENGINE, release the
- * functional reference we held for this reason. */
- ENGINE_finish(c->engine);
-#endif
- memset(c,0,sizeof(EVP_CIPHER_CTX));
- return 1;
- }
-
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{
if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
return 1;
}
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
- int ret;
- if(!ctx->cipher) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-
- if(!ctx->cipher->ctrl) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
- return 0;
- }
-
- ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
- if(ret == -1) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
- return 0;
- }
- return ret;
-}
-
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
return 1;
}
+#ifndef OPENSSL_NO_ENGINE
+
+#ifdef OPENSSL_FIPS
+
+static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
+ {
+ if(impl)
+ {
+ if (!ENGINE_init(impl))
+ {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ }
+ else
+ /* Ask if an ENGINE is reserved for this job */
+ impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+ if(impl)
+ {
+ /* There's an ENGINE for this job ... (apparently) */
+ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+ if(!c)
+ {
+ /* One positive side-effect of US's export
+ * control history, is that we should at least
+ * be able to avoid using US mispellings of
+ * "initialisation"? */
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ /* We'll use the ENGINE's private cipher definition */
+ *pcipher = c;
+ /* Store the ENGINE functional reference so we know
+ * 'cipher' came from an ENGINE and we need to release
+ * it when done. */
+ ctx->engine = impl;
+ }
+ else
+ ctx->engine = NULL;
+ return 1;
+ }
+
+void int_EVP_CIPHER_init_engine_callbacks(void)
+ {
+ int_EVP_CIPHER_set_engine_callbacks(
+ ENGINE_finish, do_evp_enc_engine_full);
+ }
+
+#endif
+
+#endif
projects / oweals / openssl.git / commitdiff