1 files changed, 215 insertions, 52 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 30e0ca4d9f..bead6a2170 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -66,16 +66,14 @@
 #endif
 #include "evp_locl.h"
-#ifdef OPENSSL_FIPS
-        #define M_do_cipher(ctx, out, in, inl) \
-                EVP_Cipher(ctx,out,in,inl)
-#else
-        #define M_do_cipher(ctx, out, in, inl) \
-                ctx->cipher->do_cipher(ctx,out,in,inl)
-#endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+        {
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
        {
        EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
@@ -92,6 +90,144 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (enc == -1)
+                enc = ctx->encrypt;
+        else
+                {
+                if (enc)
+                        enc = 1;
+                ctx->encrypt = enc;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->cipher && (!cipher ||
+                        (cipher && (cipher->nid == ctx->cipher->nid))))
+                goto skip_to_init;
+#endif
+        if (cipher)
+                {
+                /* Ensure a context left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_CIPHER could be used). */
+                EVP_CIPHER_CTX_cleanup(ctx);
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_cipher_engine(cipher->nid);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+                        if(!c)
+                                {
+                                /* One positive side-effect of US's export
+                                 * control history, is that we should at least
+                                 * be able to avoid using US mispellings of
+                                 * "initialisation"? */
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private cipher definition */
+                        cipher = c;
+                        /* Store the ENGINE functional reference so we know
+                         * 'cipher' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+#endif
+                ctx->cipher=cipher;
+                if (ctx->cipher->ctx_size)
+                        {
+                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                        if (!ctx->cipher_data)
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        ctx->cipher_data = NULL;
+                        }
+                ctx->key_len = cipher->key_len;
+                ctx->flags = 0;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                        {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                }
+        else if(!ctx->cipher)
+                {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        /* we assume block size is a power of 2 in *cryptUpdate */
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
+                        ctx->num = 0;
+                        case EVP_CIPH_CBC_MODE:
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                                        (int)sizeof(ctx->iv));
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        ctx->buf_len=0;
+        ctx->final_used=0;
+        ctx->block_mask=ctx->cipher->block_size-1;
+        return 1;
+        }
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
             const unsigned char *in, int inl)
        {
@@ -151,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-                if(M_do_cipher(ctx,out,in,inl))
+                if(ctx->cipher->do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -178,7 +314,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                        if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -191,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-                if(!M_do_cipher(ctx,out,in,inl)) return 0;
+                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
@@ -235,7 +371,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-        ret=M_do_cipher(ctx,out,ctx->buf,b);
+        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
        if(ret)
@@ -357,6 +493,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
                }
        }
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+        {
+        if (c->cipher != NULL)
+                {
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Cleanse cipher context data */
+                if (c->cipher_data)
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+                }
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+        if (c->engine)
+                /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(c->engine);
+#endif
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
        {
        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
@@ -378,6 +536,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
        return 1;
        }
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
+        }
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        {
        if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -387,54 +566,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        return 1;
        }
-#ifndef OPENSSL_NO_ENGINE
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
-#ifdef OPENSSL_FIPS
-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
        {
-        if(impl)
+        if ((in == NULL) || (in->cipher == NULL))
                {
-                if (!ENGINE_init(impl))
+                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
-                        {
+                return 0;
-                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
-                        return 0;
-                        }
                }
-        else
+#ifndef OPENSSL_NO_ENGINE
-                /* Ask if an ENGINE is reserved for this job */
+        /* Make sure it's safe to copy a cipher context using an ENGINE */
-                impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+        if (in->engine && !ENGINE_init(in->engine))
-        if(impl)
+                {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
+                return 0;
+                }
+#endif
+        EVP_CIPHER_CTX_cleanup(out);
+        memcpy(out,in,sizeof *out);
+        if (in->cipher_data && in->cipher->ctx_size)
                {
-                /* There's an ENGINE for this job ... (apparently) */
+                out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
-                const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+                if (!out->cipher_data)
-                if(!c)
                        {
-                        /* One positive side-effect of US's export
+                        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
-                         * control history, is that we should at least
-                         * be able to avoid using US mispellings of
-                         * "initialisation"? */
-                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
                        return 0;
                        }
-                /* We'll use the ENGINE's private cipher definition */
+                memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
-                *pcipher = c;
-                /* Store the ENGINE functional reference so we know
-                 * 'cipher' came from an ENGINE and we need to release
-                 * it when done. */
-                ctx->engine = impl;
                }
-        else
-                ctx->engine = NULL;
-        return 1;
-        }
-void int_EVP_CIPHER_init_engine_callbacks(void)
+        if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
-        {
+                return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
-        int_EVP_CIPHER_set_engine_callbacks(
+        return 1;
-                ENGINE_finish, do_evp_enc_engine_full);
        }
-#endif
-#endif

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 30e0ca4d9f..bead6a2170 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -66,16 +66,14 @@
66	#endif	66	#endif
67	#include "evp_locl.h"	67	#include "evp_locl.h"
68		68
69	#ifdef OPENSSL_FIPS
70	#define M_do_cipher(ctx, out, in, inl) \
71	EVP_Cipher(ctx,out,in,inl)
72	#else
73	#define M_do_cipher(ctx, out, in, inl) \
74	ctx->cipher->do_cipher(ctx,out,in,inl)
75	#endif
76
77	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;	69	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
78		70
		71	void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
		72	{
		73	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
		74	/* ctx->cipher=NULL; */
		75	}
		76
79	EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)	77	EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
80	{	78	{
81	EVP_CIPHER_CTX ctx=OPENSSL_malloc(sizeof ctx);	79	EVP_CIPHER_CTX ctx=OPENSSL_malloc(sizeof ctx);
@@ -92,6 +90,144 @@ int EVP_CipherInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
92	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);	90	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
93	}	91	}
94		92
		93	int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,
		94	const unsigned char key, const unsigned char iv, int enc)
		95	{
		96	if (enc == -1)
		97	enc = ctx->encrypt;
		98	else
		99	{
		100	if (enc)
		101	enc = 1;
		102	ctx->encrypt = enc;
		103	}
		104	#ifndef OPENSSL_NO_ENGINE
		105	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
		106	* so this context may already have an ENGINE! Try to avoid releasing
		107	* the previous handle, re-querying for an ENGINE, and having a
		108	* reinitialisation, when it may all be unecessary. */
		109	if (ctx->engine && ctx->cipher && (!cipher \|\|
		110	(cipher && (cipher->nid == ctx->cipher->nid))))
		111	goto skip_to_init;
		112	#endif
		113	if (cipher)
		114	{
		115	/* Ensure a context left lying around from last time is cleared
		116	* (the previous check attempted to avoid this if the same
		117	* ENGINE and EVP_CIPHER could be used). */
		118	EVP_CIPHER_CTX_cleanup(ctx);
		119
		120	/* Restore encrypt field: it is zeroed by cleanup */
		121	ctx->encrypt = enc;
		122	#ifndef OPENSSL_NO_ENGINE
		123	if(impl)
		124	{
		125	if (!ENGINE_init(impl))
		126	{
		127	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
		128	return 0;
		129	}
		130	}
		131	else
		132	/* Ask if an ENGINE is reserved for this job */
		133	impl = ENGINE_get_cipher_engine(cipher->nid);
		134	if(impl)
		135	{
		136	/* There's an ENGINE for this job ... (apparently) */
		137	const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
		138	if(!c)
		139	{
		140	/* One positive side-effect of US's export
		141	* control history, is that we should at least
		142	* be able to avoid using US mispellings of
		143	* "initialisation"? */
		144	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
		145	return 0;
		146	}
		147	/* We'll use the ENGINE's private cipher definition */
		148	cipher = c;
		149	/* Store the ENGINE functional reference so we know
		150	* 'cipher' came from an ENGINE and we need to release
		151	* it when done. */
		152	ctx->engine = impl;
		153	}
		154	else
		155	ctx->engine = NULL;
		156	#endif
		157
		158	ctx->cipher=cipher;
		159	if (ctx->cipher->ctx_size)
		160	{
		161	ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
		162	if (!ctx->cipher_data)
		163	{
		164	EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
		165	return 0;
		166	}
		167	}
		168	else
		169	{
		170	ctx->cipher_data = NULL;
		171	}
		172	ctx->key_len = cipher->key_len;
		173	ctx->flags = 0;
		174	if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
		175	{
		176	if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
		177	{
		178	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
		179	return 0;
		180	}
		181	}
		182	}
		183	else if(!ctx->cipher)
		184	{
		185	EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
		186	return 0;
		187	}
		188	#ifndef OPENSSL_NO_ENGINE
		189	skip_to_init:
		190	#endif
		191	/* we assume block size is a power of 2 in cryptUpdate /
		192	OPENSSL_assert(ctx->cipher->block_size == 1
		193	\|\| ctx->cipher->block_size == 8
		194	\|\| ctx->cipher->block_size == 16);
		195
		196	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
		197	switch(EVP_CIPHER_CTX_mode(ctx)) {
		198
		199	case EVP_CIPH_STREAM_CIPHER:
		200	case EVP_CIPH_ECB_MODE:
		201	break;
		202
		203	case EVP_CIPH_CFB_MODE:
		204	case EVP_CIPH_OFB_MODE:
		205
		206	ctx->num = 0;
		207
		208	case EVP_CIPH_CBC_MODE:
		209
		210	OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
		211	(int)sizeof(ctx->iv));
		212	if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
		213	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
		214	break;
		215
		216	default:
		217	return 0;
		218	break;
		219	}
		220	}
		221
		222	if(key \|\| (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
		223	if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
		224	}
		225	ctx->buf_len=0;
		226	ctx->final_used=0;
		227	ctx->block_mask=ctx->cipher->block_size-1;
		228	return 1;
		229	}
		230
95	int EVP_CipherUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,	231	int EVP_CipherUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
96	const unsigned char *in, int inl)	232	const unsigned char *in, int inl)
97	{	233	{
@@ -151,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
151		287
152	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)	288	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
153	{	289	{
154	if(M_do_cipher(ctx,out,in,inl))	290	if(ctx->cipher->do_cipher(ctx,out,in,inl))
155	{	291	{
156	*outl=inl;	292	*outl=inl;
157	return 1;	293	return 1;
@@ -178,7 +314,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
178	{	314	{
179	j=bl-i;	315	j=bl-i;
180	memcpy(&(ctx->buf[i]),in,j);	316	memcpy(&(ctx->buf[i]),in,j);
181	if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;	317	if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
182	inl-=j;	318	inl-=j;
183	in+=j;	319	in+=j;
184	out+=bl;	320	out+=bl;
@@ -191,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
191	inl-=i;	327	inl-=i;
192	if (inl > 0)	328	if (inl > 0)
193	{	329	{
194	if(!M_do_cipher(ctx,out,in,inl)) return 0;	330	if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
195	*outl+=inl;	331	*outl+=inl;
196	}	332	}
197		333
@@ -235,7 +371,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
235	n=b-bl;	371	n=b-bl;
236	for (i=bl; i<b; i++)	372	for (i=bl; i<b; i++)
237	ctx->buf[i]=n;	373	ctx->buf[i]=n;
238	ret=M_do_cipher(ctx,out,ctx->buf,b);	374	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
239		375
240		376
241	if(ret)	377	if(ret)
@@ -357,6 +493,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
357	}	493	}
358	}	494	}
359		495
		496	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
		497	{
		498	if (c->cipher != NULL)
		499	{
		500	if(c->cipher->cleanup && !c->cipher->cleanup(c))
		501	return 0;
		502	/* Cleanse cipher context data */
		503	if (c->cipher_data)
		504	OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
		505	}
		506	if (c->cipher_data)
		507	OPENSSL_free(c->cipher_data);
		508	#ifndef OPENSSL_NO_ENGINE
		509	if (c->engine)
		510	/* The EVP_CIPHER we used belongs to an ENGINE, release the
		511	* functional reference we held for this reason. */
		512	ENGINE_finish(c->engine);
		513	#endif
		514	memset(c,0,sizeof(EVP_CIPHER_CTX));
		515	return 1;
		516	}
		517
360	int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)	518	int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
361	{	519	{
362	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)	520	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
@@ -378,6 +536,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
378	return 1;	536	return 1;
379	}	537	}
380		538
		539	int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX ctx, int type, int arg, void ptr)
		540	{
		541	int ret;
		542	if(!ctx->cipher) {
		543	EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
		544	return 0;
		545	}
		546
		547	if(!ctx->cipher->ctrl) {
		548	EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
		549	return 0;
		550	}
		551
		552	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
		553	if(ret == -1) {
		554	EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
		555	return 0;
		556	}
		557	return ret;
		558	}
		559
381	int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX ctx, unsigned char key)	560	int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX ctx, unsigned char key)
382	{	561	{
383	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)	562	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -387,54 +566,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX ctx, unsigned char key)
387	return 1;	566	return 1;
388	}	567	}
389		568
390	#ifndef OPENSSL_NO_ENGINE	569	int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX out, const EVP_CIPHER_CTX in)
391
392	#ifdef OPENSSL_FIPS
393
394	static int do_evp_enc_engine_full(EVP_CIPHER_CTX ctx, const EVP_CIPHER pcipher, ENGINE impl)
395	{	570	{
396	if(impl)	571	if ((in == NULL) \|\| (in->cipher == NULL))
397	{	572	{
398	if (!ENGINE_init(impl))	573	EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
399	{	574	return 0;
400	EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
401	return 0;
402	}
403	}	575	}
404	else	576	#ifndef OPENSSL_NO_ENGINE
405	/* Ask if an ENGINE is reserved for this job */	577	/* Make sure it's safe to copy a cipher context using an ENGINE */
406	impl = ENGINE_get_cipher_engine((*pcipher)->nid);	578	if (in->engine && !ENGINE_init(in->engine))
407	if(impl)	579	{
		580	EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
		581	return 0;
		582	}
		583	#endif
		584
		585	EVP_CIPHER_CTX_cleanup(out);
		586	memcpy(out,in,sizeof *out);
		587
		588	if (in->cipher_data && in->cipher->ctx_size)
408	{	589	{
409	/* There's an ENGINE for this job ... (apparently) */	590	out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
410	const EVP_CIPHER c = ENGINE_get_cipher(impl, (pcipher)->nid);	591	if (!out->cipher_data)
411	if(!c)
412	{	592	{
413	/* One positive side-effect of US's export	593	EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
414	* control history, is that we should at least
415	* be able to avoid using US mispellings of
416	* "initialisation"? */
417	EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
418	return 0;	594	return 0;
419	}	595	}
420	/* We'll use the ENGINE's private cipher definition */	596	memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
421	*pcipher = c;
422	/* Store the ENGINE functional reference so we know
423	* 'cipher' came from an ENGINE and we need to release
424	* it when done. */
425	ctx->engine = impl;
426	}	597	}
427	else
428	ctx->engine = NULL;
429	return 1;
430	}
431		598
432	void int_EVP_CIPHER_init_engine_callbacks(void)	599	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
433	{	600	return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
434	int_EVP_CIPHER_set_engine_callbacks(	601	return 1;
435	ENGINE_finish, do_evp_enc_engine_full);
436	}	602	}
437		603
438	#endif
439
440	#endif