| Index: openssl/crypto/evp/evp_enc.c
|
| ===================================================================
|
| --- openssl/crypto/evp/evp_enc.c (revision 105093)
|
| +++ openssl/crypto/evp/evp_enc.c (working copy)
|
| @@ -66,16 +66,14 @@
|
| #endif
|
| #include "evp_locl.h"
|
|
|
| -#ifdef OPENSSL_FIPS
|
| - #define M_do_cipher(ctx, out, in, inl) \
|
| - EVP_Cipher(ctx,out,in,inl)
|
| -#else
|
| - #define M_do_cipher(ctx, out, in, inl) \
|
| - ctx->cipher->do_cipher(ctx,out,in,inl)
|
| -#endif
|
| -
|
| const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
|
|
|
| +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
|
| + {
|
| + memset(ctx,0,sizeof(EVP_CIPHER_CTX));
|
| + /* ctx->cipher=NULL; */
|
| + }
|
| +
|
| EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
|
| {
|
| EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
|
| @@ -92,6 +90,145 @@
|
| return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
|
| }
|
|
|
| +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
|
| + const unsigned char *key, const unsigned char *iv, int enc)
|
| + {
|
| + if (enc == -1)
|
| + enc = ctx->encrypt;
|
| + else
|
| + {
|
| + if (enc)
|
| + enc = 1;
|
| + ctx->encrypt = enc;
|
| + }
|
| +#ifndef OPENSSL_NO_ENGINE
|
| + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
|
| + * so this context may already have an ENGINE! Try to avoid releasing
|
| + * the previous handle, re-querying for an ENGINE, and having a
|
| + * reinitialisation, when it may all be unecessary. */
|
| + if (ctx->engine && ctx->cipher && (!cipher ||
|
| + (cipher && (cipher->nid == ctx->cipher->nid))))
|
| + goto skip_to_init;
|
| +#endif
|
| + if (cipher)
|
| + {
|
| + /* Ensure a context left lying around from last time is cleared
|
| + * (the previous check attempted to avoid this if the same
|
| + * ENGINE and EVP_CIPHER could be used). */
|
| + EVP_CIPHER_CTX_cleanup(ctx);
|
| +
|
| + /* Restore encrypt field: it is zeroed by cleanup */
|
| + ctx->encrypt = enc;
|
| +#ifndef OPENSSL_NO_ENGINE
|
| + if(impl)
|
| + {
|
| + if (!ENGINE_init(impl))
|
| + {
|
| + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
|
| + return 0;
|
| + }
|
| + }
|
| + else
|
| + /* Ask if an ENGINE is reserved for this job */
|
| + impl = ENGINE_get_cipher_engine(cipher->nid);
|
| + if(impl)
|
| + {
|
| + /* There's an ENGINE for this job ... (apparently) */
|
| + const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
|
| + if(!c)
|
| + {
|
| + /* One positive side-effect of US's export
|
| + * control history, is that we should at least
|
| + * be able to avoid using US mispellings of
|
| + * "initialisation"? */
|
| + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
|
| + return 0;
|
| + }
|
| + /* We'll use the ENGINE's private cipher definition */
|
| + cipher = c;
|
| + /* Store the ENGINE functional reference so we know
|
| + * 'cipher' came from an ENGINE and we need to release
|
| + * it when done. */
|
| + ctx->engine = impl;
|
| + }
|
| + else
|
| + ctx->engine = NULL;
|
| +#endif
|
| +
|
| + ctx->cipher=cipher;
|
| + if (ctx->cipher->ctx_size)
|
| + {
|
| + ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
|
| + if (!ctx->cipher_data)
|
| + {
|
| + EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
|
| + return 0;
|
| + }
|
| + }
|
| + else
|
| + {
|
| + ctx->cipher_data = NULL;
|
| + }
|
| + ctx->key_len = cipher->key_len;
|
| + ctx->flags = 0;
|
| + if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
|
| + {
|
| + if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
|
| + {
|
| + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
|
| + return 0;
|
| + }
|
| + }
|
| + }
|
| + else if(!ctx->cipher)
|
| + {
|
| + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
|
| + return 0;
|
| + }
|
| +#ifndef OPENSSL_NO_ENGINE
|
| +skip_to_init:
|
| +#endif
|
| + /* we assume block size is a power of 2 in *cryptUpdate */
|
| + OPENSSL_assert(ctx->cipher->block_size == 1
|
| + || ctx->cipher->block_size == 8
|
| + || ctx->cipher->block_size == 16);
|
| +
|
| + if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
|
| + switch(EVP_CIPHER_CTX_mode(ctx)) {
|
| +
|
| + case EVP_CIPH_STREAM_CIPHER:
|
| + case EVP_CIPH_ECB_MODE:
|
| + break;
|
| +
|
| + case EVP_CIPH_CFB_MODE:
|
| + case EVP_CIPH_OFB_MODE:
|
| +
|
| + ctx->num = 0;
|
| + /* fall-through */
|
| +
|
| + case EVP_CIPH_CBC_MODE:
|
| +
|
| + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
|
| + (int)sizeof(ctx->iv));
|
| + if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
| + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
|
| + break;
|
| +
|
| + default:
|
| + return 0;
|
| + break;
|
| + }
|
| + }
|
| +
|
| + if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
|
| + if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
|
| + }
|
| + ctx->buf_len=0;
|
| + ctx->final_used=0;
|
| + ctx->block_mask=ctx->cipher->block_size-1;
|
| + return 1;
|
| + }
|
| +
|
| int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
| const unsigned char *in, int inl)
|
| {
|
| @@ -151,7 +288,7 @@
|
|
|
| if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
|
| {
|
| - if(M_do_cipher(ctx,out,in,inl))
|
| + if(ctx->cipher->do_cipher(ctx,out,in,inl))
|
| {
|
| *outl=inl;
|
| return 1;
|
| @@ -178,7 +315,7 @@
|
| {
|
| j=bl-i;
|
| memcpy(&(ctx->buf[i]),in,j);
|
| - if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
|
| + if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
|
| inl-=j;
|
| in+=j;
|
| out+=bl;
|
| @@ -191,7 +328,7 @@
|
| inl-=i;
|
| if (inl > 0)
|
| {
|
| - if(!M_do_cipher(ctx,out,in,inl)) return 0;
|
| + if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
|
| *outl+=inl;
|
| }
|
|
|
| @@ -235,7 +372,7 @@
|
| n=b-bl;
|
| for (i=bl; i<b; i++)
|
| ctx->buf[i]=n;
|
| - ret=M_do_cipher(ctx,out,ctx->buf,b);
|
| + ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
|
|
|
|
|
| if(ret)
|
| @@ -357,6 +494,28 @@
|
| }
|
| }
|
|
|
| +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
|
| + {
|
| + if (c->cipher != NULL)
|
| + {
|
| + if(c->cipher->cleanup && !c->cipher->cleanup(c))
|
| + return 0;
|
| + /* Cleanse cipher context data */
|
| + if (c->cipher_data)
|
| + OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
|
| + }
|
| + if (c->cipher_data)
|
| + OPENSSL_free(c->cipher_data);
|
| +#ifndef OPENSSL_NO_ENGINE
|
| + if (c->engine)
|
| + /* The EVP_CIPHER we used belongs to an ENGINE, release the
|
| + * functional reference we held for this reason. */
|
| + ENGINE_finish(c->engine);
|
| +#endif
|
| + memset(c,0,sizeof(EVP_CIPHER_CTX));
|
| + return 1;
|
| + }
|
| +
|
| int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
|
| {
|
| if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
|
| @@ -378,6 +537,27 @@
|
| return 1;
|
| }
|
|
|
| +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
|
| +{
|
| + int ret;
|
| + if(!ctx->cipher) {
|
| + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
|
| + return 0;
|
| + }
|
| +
|
| + if(!ctx->cipher->ctrl) {
|
| + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
|
| + return 0;
|
| + }
|
| +
|
| + ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
|
| + if(ret == -1) {
|
| + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
|
| + return 0;
|
| + }
|
| + return ret;
|
| +}
|
| +
|
| int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
|
| {
|
| if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
|
| @@ -387,54 +567,38 @@
|
| return 1;
|
| }
|
|
|
| +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
|
| + {
|
| + if ((in == NULL) || (in->cipher == NULL))
|
| + {
|
| + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
|
| + return 0;
|
| + }
|
| #ifndef OPENSSL_NO_ENGINE
|
| + /* Make sure it's safe to copy a cipher context using an ENGINE */
|
| + if (in->engine && !ENGINE_init(in->engine))
|
| + {
|
| + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
|
| + return 0;
|
| + }
|
| +#endif
|
|
|
| -#ifdef OPENSSL_FIPS
|
| + EVP_CIPHER_CTX_cleanup(out);
|
| + memcpy(out,in,sizeof *out);
|
|
|
| -static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
|
| - {
|
| - if(impl)
|
| + if (in->cipher_data && in->cipher->ctx_size)
|
| {
|
| - if (!ENGINE_init(impl))
|
| + out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
|
| + if (!out->cipher_data)
|
| {
|
| - EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
|
| + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
|
| return 0;
|
| }
|
| + memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
|
| }
|
| - else
|
| - /* Ask if an ENGINE is reserved for this job */
|
| - impl = ENGINE_get_cipher_engine((*pcipher)->nid);
|
| - if(impl)
|
| - {
|
| - /* There's an ENGINE for this job ... (apparently) */
|
| - const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
|
| - if(!c)
|
| - {
|
| - /* One positive side-effect of US's export
|
| - * control history, is that we should at least
|
| - * be able to avoid using US mispellings of
|
| - * "initialisation"? */
|
| - EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
|
| - return 0;
|
| - }
|
| - /* We'll use the ENGINE's private cipher definition */
|
| - *pcipher = c;
|
| - /* Store the ENGINE functional reference so we know
|
| - * 'cipher' came from an ENGINE and we need to release
|
| - * it when done. */
|
| - ctx->engine = impl;
|
| - }
|
| - else
|
| - ctx->engine = NULL;
|
| +
|
| + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
|
| + return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
|
| return 1;
|
| }
|
|
|
| -void int_EVP_CIPHER_init_engine_callbacks(void)
|
| - {
|
| - int_EVP_CIPHER_set_engine_callbacks(
|
| - ENGINE_finish, do_evp_enc_engine_full);
|
| - }
|
| -
|
| -#endif
|
| -
|
| -#endif
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/