/** Check whether we should use the EVP interface for AES. If <b>force_val</b> * is nonnegative, we use use EVP iff it is true. Otherwise, we use EVP * if there is an engine enabled for aes-ecb. */ int evaluate_evp_for_aes(int force_val) { ENGINE *e; if (force_val >= 0) { should_use_EVP = force_val; return 0; } #ifdef DISABLE_ENGINES should_use_EVP = 0; #else e = ENGINE_get_cipher_engine(NID_aes_128_ecb); if (e) { log_info(LD_CRYPTO, "AES engine \"%s\" found; using EVP_* functions.", ENGINE_get_name(e)); should_use_EVP = 1; } else { log_info(LD_CRYPTO, "No AES engine found; using AES_* functions."); should_use_EVP = 0; } #endif return 0; }
static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) { if(impl) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_cipher_engine((*pcipher)->nid); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); if(!c) { /* One positive side-effect of US's export * control history, is that we should at least * be able to avoid using US mispellings of * "initialisation"? */ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private cipher definition */ *pcipher = c; /* Store the ENGINE functional reference so we know * 'cipher' came from an ENGINE and we need to release * it when done. */ ctx->engine = impl; } else ctx->engine = NULL; return 1; }