Import OpenSSL-1.0.0b.
[dragonfly.git] / crypto / openssl / crypto / evp / evp_enc.c
index 30e0ca4..c268d25 100644 (file)
 #endif
 #include "evp_locl.h"
 
-#ifdef OPENSSL_FIPS
-       #define M_do_cipher(ctx, out, in, inl) \
-               EVP_Cipher(ctx,out,in,inl)
-#else
-       #define M_do_cipher(ctx, out, in, inl) \
-               ctx->cipher->do_cipher(ctx,out,in,inl)
-#endif
-
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+       {
+       memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+       /* ctx->cipher=NULL; */
+       }
+
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
        {
        EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
@@ -92,6 +90,145 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
 
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+            const unsigned char *key, const unsigned char *iv, int enc)
+       {
+       if (enc == -1)
+               enc = ctx->encrypt;
+       else
+               {
+               if (enc)
+                       enc = 1;
+               ctx->encrypt = enc;
+               }
+#ifndef OPENSSL_NO_ENGINE
+       /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+        * so this context may already have an ENGINE! Try to avoid releasing
+        * the previous handle, re-querying for an ENGINE, and having a
+        * reinitialisation, when it may all be unecessary. */
+       if (ctx->engine && ctx->cipher && (!cipher ||
+                       (cipher && (cipher->nid == ctx->cipher->nid))))
+               goto skip_to_init;
+#endif
+       if (cipher)
+               {
+               /* Ensure a context left lying around from last time is cleared
+                * (the previous check attempted to avoid this if the same
+                * ENGINE and EVP_CIPHER could be used). */
+               EVP_CIPHER_CTX_cleanup(ctx);
+
+               /* Restore encrypt field: it is zeroed by cleanup */
+               ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+               if(impl)
+                       {
+                       if (!ENGINE_init(impl))
+                               {
+                               EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                               return 0;
+                               }
+                       }
+               else
+                       /* Ask if an ENGINE is reserved for this job */
+                       impl = ENGINE_get_cipher_engine(cipher->nid);
+               if(impl)
+                       {
+                       /* There's an ENGINE for this job ... (apparently) */
+                       const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+                       if(!c)
+                               {
+                               /* One positive side-effect of US's export
+                                * control history, is that we should at least
+                                * be able to avoid using US mispellings of
+                                * "initialisation"? */
+                               EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                               return 0;
+                               }
+                       /* We'll use the ENGINE's private cipher definition */
+                       cipher = c;
+                       /* Store the ENGINE functional reference so we know
+                        * 'cipher' came from an ENGINE and we need to release
+                        * it when done. */
+                       ctx->engine = impl;
+                       }
+               else
+                       ctx->engine = NULL;
+#endif
+
+               ctx->cipher=cipher;
+               if (ctx->cipher->ctx_size)
+                       {
+                       ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                       if (!ctx->cipher_data)
+                               {
+                               EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                               return 0;
+                               }
+                       }
+               else
+                       {
+                       ctx->cipher_data = NULL;
+                       }
+               ctx->key_len = cipher->key_len;
+               ctx->flags = 0;
+               if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                       {
+                       if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                               {
+                               EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                               return 0;
+                               }
+                       }
+               }
+       else if(!ctx->cipher)
+               {
+               EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+               return 0;
+               }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+       /* we assume block size is a power of 2 in *cryptUpdate */
+       OPENSSL_assert(ctx->cipher->block_size == 1
+           || ctx->cipher->block_size == 8
+           || ctx->cipher->block_size == 16);
+
+       if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+               switch(EVP_CIPHER_CTX_mode(ctx)) {
+
+                       case EVP_CIPH_STREAM_CIPHER:
+                       case EVP_CIPH_ECB_MODE:
+                       break;
+
+                       case EVP_CIPH_CFB_MODE:
+                       case EVP_CIPH_OFB_MODE:
+
+                       ctx->num = 0;
+                       /* fall-through */
+
+                       case EVP_CIPH_CBC_MODE:
+
+                       OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                                       (int)sizeof(ctx->iv));
+                       if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                       memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                       break;
+
+                       default:
+                       return 0;
+                       break;
+               }
+       }
+
+       if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+               if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+       }
+       ctx->buf_len=0;
+       ctx->final_used=0;
+       ctx->block_mask=ctx->cipher->block_size-1;
+       return 1;
+       }
+
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
             const unsigned char *in, int inl)
        {
@@ -151,7 +288,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-               if(M_do_cipher(ctx,out,in,inl))
+               if(ctx->cipher->do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -178,7 +315,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                       if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                       if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -191,7 +328,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-               if(!M_do_cipher(ctx,out,in,inl)) return 0;
+               if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
 
@@ -235,7 +372,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-       ret=M_do_cipher(ctx,out,ctx->buf,b);
+       ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
 
 
        if(ret)
@@ -357,6 +494,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
                }
        }
 
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+       {
+       if (c->cipher != NULL)
+               {
+               if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                       return 0;
+               /* Cleanse cipher context data */
+               if (c->cipher_data)
+                       OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+               }
+       if (c->cipher_data)
+               OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+       if (c->engine)
+               /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                * functional reference we held for this reason. */
+               ENGINE_finish(c->engine);
+#endif
+       memset(c,0,sizeof(EVP_CIPHER_CTX));
+       return 1;
+       }
+
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
        {
        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
@@ -378,6 +537,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
        return 1;
        }
 
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+       int ret;
+       if(!ctx->cipher) {
+               EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+               return 0;
+       }
+
+       if(!ctx->cipher->ctrl) {
+               EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+               return 0;
+       }
+
+       ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+       if(ret == -1) {
+               EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+               return 0;
+       }
+       return ret;
+}
+
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        {
        if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -387,54 +567,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        return 1;
        }
 
-#ifndef OPENSSL_NO_ENGINE
-
-#ifdef OPENSSL_FIPS
-
-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
        {
-       if(impl)
+       if ((in == NULL) || (in->cipher == NULL))
                {
-               if (!ENGINE_init(impl))
-                       {
-                       EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
-                       return 0;
-                       }
+               EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+               return 0;
                }
-       else
-               /* Ask if an ENGINE is reserved for this job */
-               impl = ENGINE_get_cipher_engine((*pcipher)->nid);
-       if(impl)
+#ifndef OPENSSL_NO_ENGINE
+       /* Make sure it's safe to copy a cipher context using an ENGINE */
+       if (in->engine && !ENGINE_init(in->engine))
+               {
+               EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
+               return 0;
+               }
+#endif
+
+       EVP_CIPHER_CTX_cleanup(out);
+       memcpy(out,in,sizeof *out);
+
+       if (in->cipher_data && in->cipher->ctx_size)
                {
-               /* There's an ENGINE for this job ... (apparently) */
-               const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
-               if(!c)
+               out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
+               if (!out->cipher_data)
                        {
-                       /* One positive side-effect of US's export
-                        * control history, is that we should at least
-                        * be able to avoid using US mispellings of
-                        * "initialisation"? */
-                       EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+                       EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
                        return 0;
                        }
-               /* We'll use the ENGINE's private cipher definition */
-               *pcipher = c;
-               /* Store the ENGINE functional reference so we know
-                * 'cipher' came from an ENGINE and we need to release
-                * it when done. */
-               ctx->engine = impl;
+               memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
                }
-       else
-               ctx->engine = NULL;
-       return 1;
-       }
 
-void int_EVP_CIPHER_init_engine_callbacks(void)
-       {
-       int_EVP_CIPHER_set_engine_callbacks(
-               ENGINE_finish, do_evp_enc_engine_full);
+       if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+               return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
+       return 1;
        }
 
-#endif
-
-#endif