See ChangeLog: Sat Jun 26 12:15:59 CEST 1999 Werner Koch

14 files changed, 221 insertions, 60 deletions

diff --git a/ChangeLog b/ChangeLog
index 9645e592..10c46392 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,17 @@
-Wed Jun 16 20:16:21 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Support for HPUX and IRIX.
+	* configure.in (HAVE_DL_SHL_LOAD): New for HPUX (Dave Dykstra).
 
+	* VERSION: Now 0.9.8
+
+Wed Jun 16 20:16:21 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* configure.in: Add test for docbook-to-man
 
 Tue Jun 15 12:21:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
-
 	* acinclude.m4 (GNUPG_SYS_NM_PARSE): Support for {net,free}bsd,
 
 Thu Jun 10 14:18:23 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
diff --git a/README b/README
index 34d59c97..6dcfd41d 100644
--- a/README
+++ b/README
@@ -2,7 +2,7 @@
 
 		    GnuPG - The GNU Privacy Guard
 		   -------------------------------
-			   Version 0.9.7
+			   Version 0.9.8
 
     GnuPG is now in Beta test and you should report all bugs to the
     mailing list (see below).  The 0.9.x versions are released mainly
@@ -32,8 +32,8 @@
     have problems, please subscribe to "gnupg-users@gnupg.org" by sending
     mail with the subject "subscribe" to "gnupg-users-request@gnupg.org"
     and ask there.  The gnupg.org domain is hosted in Germany to avoid
-    possible legal problems with gnu.org (technical advices may count
-    as a violation of ITAR).
+    possible legal problems (technical advices may count as a violation
+    of ITAR).
 
     See the file COPYING for copyright and warranty information.
 
@@ -45,11 +45,13 @@
     patented worldwide) and RSA (which is patented in the United States
     until Sep 20, 2000).
 
-    The default algorithms are now DSA and ElGamal.  ElGamal for signing
+    The default algorithms are DSA and ElGamal.  ElGamal for signing
     is still available, but because of the larger size of such
     signatures it is deprecated (Please note that the GnuPG
     implementation of ElGamal signatures is *not* insecure).  Symmetric
-    algorithms are: 3DES, Blowfish, and CAST5 (Twofish will come soon).
+    algorithms are: 3DES, Blowfish, CAST5 and Twofish (GnuPG does not
+    yet create Twofish encrypted messages because there no agreement
+    in the OpenPG WG on how to use it together with a MDC algorithm)
     Digest algorithms available are MD5, RIPEMD160, SHA1, and TIGER/192.
 
 
@@ -436,10 +438,9 @@
     To avoid possible legal problems we have decided, not to use
     the normal www.gnu.org webserver.
 
-    Please direct bug reports to <gnupg-bugs@gnu.org> or, better,
-    post them to the mailing list <gnupg-devel@gnupg.org> (this is a
-    closed list - subscribe before posting, see above (~line 33)).
-    Please direct questions about GnuPG to the mailing list or
+    Please direct bug reports to <gnupg-bugs@gnu.org> or post
+    them direct to the mailing list <gnupg-devel@gnupg.org>.
+    Please direct questions about GnuPG to the users mailing list or
     one of the pgp newsgroups and give me more time to improve
     GnuPG.  Commercial support for GnuPG is also available; please
     see the GNU service directory or search other resources.
@@ -450,8 +451,8 @@
 Version: GnuPG v0.9.7 (GNU/Linux)
 Comment: For info see http://www.gnupg.org
 
-iQB1AwUBN1UgTx0Z9MEMmFelAQH93wMAt2JYGXSkJR9+VBeLlpKdjxoIylrlDWEL
-Jk5U/tuuM8H8G4ZJi7lDEhJNX77Jbh2LI18eCJJdrmWPrmDCNK2udDwcyKV4nW3k
-7Fzpc/j8fKJcICP+T9YU9wa0NJrrTg1v
-=dgdp
+iQB1AwUBN3SoBh0Z9MEMmFelAQE+9wL/bOTFEPvkO0drlWAu8k2P7udEzwfGlKhE
+Iyr6g75FSX4NnDkHB7RjyHYvQUkc8gicxYV8pBWe5c1bMYwrpe1cMvAu+BtUfDQc
+oHUbx9ln7CZ2BkEgzT5bjypugwtc6o7g
+=uTFn
 -----END PGP SIGNATURE-----
diff --git a/acconfig.h b/acconfig.h
index de4e44f5..89931d51 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -76,6 +76,7 @@
 
 #undef USE_DYNAMIC_LINKING
 #undef HAVE_DL_DLOPEN
+#undef HAVE_DL_SHL_LOAD
 #undef HAVE_DLD_DLD_LINK
 
 #undef USE_SHM_COPROCESSING
diff --git a/acinclude.m4 b/acinclude.m4
index f124fc45..4e1645b8 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -204,9 +204,14 @@ define(GNUPG_CHECK_RDYNAMIC,
             CFLAGS_RDYNAMIC="-Wl,-dy"
             ;;
 
-          openbsd* | freebsd2* | osf4* )
+          hpux* )
+            CFLAGS_RDYNAMIC="-Wl,-E"
+            ;;
+
+          openbsd* | freebsd2* | osf4* | irix* )
             CFLAGS_RDYNAMIC=""
             ;;
+
           * )
             CFLAGS_RDYNAMIC="-Wl,-export-dynamic"
             ;;
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index b2fc6401..30d2ddd2 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,13 @@
+Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.
+
+	* cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.
+
+	* dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
+	* Makefile.am (install-exec-hook): Removed.
+
 Sun May 23 14:20:22 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* cipher.c (setup_cipher_table): Enable Twofish
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index a3b77a1a..af6d8024 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -98,11 +98,3 @@ rndegd: $(srcdir)/rndegd.c
 
 
 
-install-exec-hook:
-	@list='$(pkglib_PROGRAMS)'; for p in $$list; do \
-	  if test -f $(pkglibdir)/$$p; then \
-	    echo "chmod 644 $(pkglibdir)/$$p"; \
-	    chmod 644 $(pkglibdir)/$$p; \
-	  fi; \
-	done
-
diff --git a/cipher/cipher.c b/cipher/cipher.c
index a44dcc4a..59b6f2ef 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -408,6 +408,49 @@ do_ecb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
     }
 }
 
+static void
+do_cbc_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
+{
+    unsigned int n;
+    byte *ivp;
+    int i;
+    size_t blocksize = c->blocksize;
+
+    for(n=0; n < nblocks; n++ ) {
+	/* fixme: the xor should works on words and not on
+	 * bytes.  Maybe it is a good idea to enhance the cipher backend
+	 * API to allow for CBC handling in the backend */
+	for(ivp=c->iv,i=0; i < blocksize; i++ )
+	    outbuf[i] ^= *ivp++;
+	(*c->encrypt)( &c->context.c, outbuf, outbuf );
+	memcpy(c->iv, outbuf, blocksize );
+	inbuf  += c->blocksize;
+	outbuf += c->blocksize;
+    }
+}
+
+static void
+do_cbc_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
+{
+    unsigned int n;
+    byte *ivp;
+    int i;
+    size_t blocksize = c->blocksize;
+
+    for(n=0; n < nblocks; n++ ) {
+	/* because outbuf and inbuf might be the same, we have
+	 * to save the original ciphertext block.  We use lastiv
+	 * for this here because it is not used otherwise */
+	memcpy(c->lastiv, inbuf, blocksize );
+	(*c->decrypt)( &c->context.c, outbuf, inbuf );
+	for(ivp=c->iv,i=0; i < blocksize; i++ )
+	    outbuf[i] ^= *ivp++;
+	memcpy(c->iv, c->lastiv, blocksize );
+	inbuf  += c->blocksize;
+	outbuf += c->blocksize;
+    }
+}
+
 
 static void
 do_cfb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
@@ -524,6 +567,10 @@ cipher_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
 	assert(!(nbytes%8));
 	do_ecb_encrypt(c, outbuf, inbuf, nbytes/8 );
 	break;
+      case CIPHER_MODE_CBC:
+	assert(!(nbytes%8));  /* fixme: should be blocksize */
+	do_cbc_encrypt(c, outbuf, inbuf, nbytes/8 );
+	break;
       case CIPHER_MODE_CFB:
       case CIPHER_MODE_PHILS_CFB:
 	do_cfb_encrypt(c, outbuf, inbuf, nbytes );
@@ -550,6 +597,10 @@ cipher_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
 	assert(!(nbytes%8));
 	do_ecb_decrypt(c, outbuf, inbuf, nbytes/8 );
 	break;
+      case CIPHER_MODE_CBC:
+	assert(!(nbytes%8));	/* fixme: should assert on blocksize */
+	do_cbc_decrypt(c, outbuf, inbuf, nbytes/8 );
+	break;
       case CIPHER_MODE_CFB:
       case CIPHER_MODE_PHILS_CFB:
 	do_cfb_decrypt(c, outbuf, inbuf, nbytes );
diff --git a/cipher/dynload.c b/cipher/dynload.c
index 6caeb063..e2c988e0 100644
--- a/cipher/dynload.c
+++ b/cipher/dynload.c
@@ -27,6 +27,9 @@
   #include <dlfcn.h>
 #elif defined(HAVE_DLD_DLD_LINK)
   #include <dld.h>
+#elif defined(HAVE_DL_SHL_LOAD)
+  #include <dl.h>
+  #include <errno.h>
 #endif
 #include "util.h"
 #include "cipher.h"
@@ -45,6 +48,27 @@
   #define RTLD_NOW  1
 #endif
 
+#ifdef HAVE_DL_SHL_LOAD  /* HPUX has shl_load instead of dlopen */
+#define HAVE_DL_DLOPEN
+#define dlopen(PATHNAME,MODE) \
+    ((void *) shl_load(PATHNAME, DYNAMIC_PATH | \
+	      (((MODE) & RTLD_NOW) ? BIND_IMMEDIATE : BIND_DEFERRED), 0L))
+#define dlclose(HANDLE) shl_unload((shl_t) (HANDLE))
+#define dlerror() (errno == 0 ? NULL : strerror(errno))
+
+static void *
+dlsym(void *handle, char *name)
+{
+    void *addr;
+    if (shl_findsym((shl_t *)&handle,name,(short)TYPE_UNDEFINED,&addr) != 0) {
+      return NULL;
+    }
+    return addr;
+}
+#endif /*HAVE_DL_SHL_LOAD*/
+
+
+
 typedef struct ext_list {
     struct ext_list *next;
     int internal;
diff --git a/cipher/md.c b/cipher/md.c
index fc740479..be921e4b 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -341,12 +341,16 @@ md_final(MD_HANDLE a)
 {
     struct md_digest_list_s *r;
 
+    if( a->finalized )
+	return;
+
     if( a->bufcount )
 	md_write( a, NULL, 0 );
 
     for(r=a->list; r; r = r->next ) {
 	(*r->final)( &r->context.c );
     }
+    a->finalized = 1;
 }
 
 
diff --git a/cipher/rndegd.c b/cipher/rndegd.c
index 49558623..7f2598f6 100644
--- a/cipher/rndegd.c
+++ b/cipher/rndegd.c
@@ -50,7 +50,7 @@ static int
 do_write( int fd, void *buf, size_t nbytes )
 {
     size_t nleft = nbytes;
-    ssize_t nwritten;
+    int nwritten;
 
     while( nleft > 0 ) {
 	nwritten = write( fd, buf, nleft);
diff --git a/configure.in b/configure.in
index 76ad05c1..5eb68ea5 100644
--- a/configure.in
+++ b/configure.in
@@ -108,7 +108,7 @@ dnl
 AC_MSG_CHECKING([whether compilation of libgcrypt is requested])
 AC_ARG_ENABLE(libgcrypt,
     [  --enable-libgcrypt      compile the libgcrypt [default=no]],
-[compile_libgcrypt="$enableval"],[compile_libgcrypt=yes])
+[compile_libgcrypt="$enableval"],[compile_libgcrypt=no])
 AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
 AC_MSG_RESULT($compile_libgcrypt)
 
@@ -287,8 +287,14 @@ if test "$try_dynload" = yes ; then
       AC_DEFINE(HAVE_DL_DLOPEN)
       DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
       use_gnupg_extensions=yes
-dnl else
-dnl
+    else
+      AC_CHECK_LIB(dld,shl_load)
+      if test "$ac_cv_lib_dld_shl_load" = "yes"; then
+        AC_DEFINE(USE_DYNAMIC_LINKING)
+        AC_DEFINE(HAVE_DL_SHL_LOAD)
+        DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
+        use_gnupg_extensions=yes
+dnl -----------------
 dnl  DLD is not ready for use. So I better disable this test
 dnl
 dnl    AC_CHECK_LIB(dld,dld_link)
@@ -297,7 +303,8 @@ dnl      AC_DEFINE(USE_DYNAMIC_LINKING)
 dnl      AC_DEFINE(HAVE_DLD_DLD_LINK)
 dnl      DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
 dnl      use_gnupg_extensions=yes
-dnl    fi
+dnl ---------------
+      fi
     fi
   fi
 else
diff --git a/src/gcrypt.h b/src/gcrypt.h
index 4b8d5bec..878e1f2c 100644
--- a/src/gcrypt.h
+++ b/src/gcrypt.h
@@ -164,6 +164,7 @@ enum gcry_cipher_modes {
     GCRY_CIPHER_MODE_NONE   = 0,
     GCRY_CIPHER_MODE_ECB    = 1,
     GCRY_CIPHER_MODE_CFB    = 2,
+    GCRY_CIPHER_MODE_CBC    = 3,
 };
 
 enum gcry_cipher_flags {
@@ -180,7 +181,7 @@ unsigned gcry_cipher_get_keylen( int algo );
 unsigned gcry_cipher_get_blocksize( int algo );
 #endif
 
-GCRY_CIPHER_HD gcry_cipher_open( int algo, int mode, unsigned flags );
+int gcry_cipher_open( GCRY_CIPHER_HD *rhd, int algo, int mode, unsigned flags);
 void gcry_cipher_close( GCRY_CIPHER_HD h );
 int  gcry_cipher_ctl( GCRY_CIPHER_HD h, int cmd, byte *buffer, size_t buflen);
 
@@ -211,7 +212,7 @@ int gcry_cipher_decrypt( GCRY_CIPHER_HD h, byte *out, size_t outsize,
  *********************************************/
 
 struct gcry_md_context;
-typedef struct gcry_md_context *GCRY_MD_HD;
+typedef struct gcry_md_context *GCRY_MD_HD; /* same as the old MD_HANDLE */
 
 enum gcry_md_algos {
     GCRY_MD_NONE    = 0,
@@ -226,19 +227,18 @@ enum gcry_md_flags {
 };
 
 
-GCRY_MD_HD gcry_md_open( int algo, unsigned flags );
+int gcry_md_open( GCRY_MD_HD *ret_hd, int algo, unsigned flags );
 void gcry_md_close( GCRY_MD_HD hd );
-void gcry_md_enable( GCRY_MD_HD hd, int algo );
+int gcry_md_enable( GCRY_MD_HD hd, int algo );
 GCRY_MD_HD gcry_md_copy( GCRY_MD_HD hd );
 int gcry_md_ctl( GCRY_MD_HD hd, int cmd, byte *buffer, size_t buflen);
-void gcry_md_write( GCRY_MD_HD hd, byte *inbuf, size_t inlen);
+void gcry_md_write( GCRY_MD_HD hd, const byte *buffer, size_t length);
 byte *gcry_md_read( GCRY_MD_HD hd, int algo );
+int gcry_md_algo( GCRY_MD_HD hd );
+size_t gcry_md_dlen( int algo );
 int gcry_md_get( GCRY_MD_HD hd, int algo, byte *buffer, int buflen );
 
 
-#define gcry_md_final( a )  gcry_md_ctl( (a), GCRYCTL_FINALIZE, NULL, 0 )
-
-
 /*****************************************
  *******  miscellaneous functions  *******
  *****************************************/
diff --git a/src/mdapi.c b/src/mdapi.c
index 9d895fd2..a0bbc648 100644
--- a/src/mdapi.c
+++ b/src/mdapi.c
@@ -25,48 +25,103 @@
 #include <stdarg.h>
 #include <assert.h>
 
+#define GCRYPT_NO_MPI_MACROS 1
 #include "g10lib.h"
+#include "cipher.h"
+#include "memory.h"
 
 
-GCRY_MD_HD
-gcry_md_open( int algo, unsigned flags )
+int
+gcry_md_open( GCRY_MD_HD *ret_hd, int algo, unsigned flags )
 {
+    GCRY_MD_HD hd;
+
+    /* fixme: check that algo is available and that only valid
+     * flag values are used */
+    hd = md_open( algo, (flags & GCRY_MD_FLAG_SECURE) );
+    *ret_hd = hd;
+    return 0;
 }
 
 void
 gcry_md_close( GCRY_MD_HD hd )
 {
+    md_close( hd );
 }
 
-void
+int
 gcry_md_enable( GCRY_MD_HD hd, int algo )
 {
+    /* fixme: check that algo is available */
+    md_enable( hd, algo );
+    return 0;
 }
 
 GCRY_MD_HD
 gcry_md_copy( GCRY_MD_HD hd )
 {
+    return md_copy( hd );
 }
 
 int
 gcry_md_ctl( GCRY_MD_HD hd, int cmd, byte *buffer, size_t buflen)
 {
+    if( cmd == GCRYCTL_FINALIZE )
+	md_final( hd );
+    else if( cmd == GCRYCTL_FINALIZE )
+	md_final( hd );
+    else
+	return GCRYERR_INV_OP;
+    return 0;
 }
 
 void
-gcry_md_write( GCRY_MD_HD hd, byte *inbuf, size_t inlen)
+gcry_md_write( GCRY_MD_HD hd, const byte *inbuf, size_t inlen)
 {
+    md_write( hd, (byte*)inbuf, inlen );
 }
 
+/****************
+ * Read out the complete digest, this function implictly finalizes
+ * the hash.
+ */
 byte *
 gcry_md_read( GCRY_MD_HD hd, int algo )
 {
+    gcry_md_ctl( hd, GCRYCTL_FINALIZE, NULL, 0 );
+    return md_read( hd, algo);
 }
 
+int
+gcry_md_algo( GCRY_MD_HD hd )
+{
+    return md_get_algo( hd );
+}
 
+/****************
+ * Return the length of the digest in bytes.
+ */
+size_t
+gcry_md_dlen( int algo )
+{
+    /* we do some very quick checks here */
+    switch( algo )
+    {
+      case GCRY_MD_MD5: return 16;
+      case GCRY_MD_SHA1:
+      case GCRY_MD_RMD160: return 20;
+      default: return 0; /* fixme: pass it to a lookup function */
+    }
+}
+
+
+/****************
+ * Read out an intermediate digest.
+ */
 int
 gcry_md_get( GCRY_MD_HD hd, int algo, byte *buffer, int buflen )
 {
+    return GCRYERR_INTERNAL;
 }
 
 
diff --git a/src/symapi.c b/src/symapi.c
index 8b27ae8f..4c718929 100644
--- a/src/symapi.c
+++ b/src/symapi.c
@@ -31,6 +31,13 @@
 #define G10_MPI_H  /* fake mpi.h header */
 #include "cipher.h"
 
+/* FIXME: We should really have the m_lib functions to allow
+ *	  overriding of the default malloc functions
+ * For now use this kludge: */
+#define m_lib_alloc	   m_alloc
+#define m_lib_alloc_clear  m_alloc_clear
+#define m_lib_free	   m_free
+
 
 #define CONTEXT_MAGIC 0x12569afe
 
@@ -42,21 +49,18 @@ struct gcry_cipher_context {
 };
 
 
-GCRY_CIPHER_HD
-gcry_cipher_open( int algo, int mode, unsigned flags )
+int
+gcry_cipher_open( GCRY_CIPHER_HD *ret_hd, int algo, int mode, unsigned flags )
 {
     GCRY_CIPHER_HD h;
 
     /* check whether the algo is available */
-    if( check_cipher_algo( algo ) ) {
-	set_lasterr( GCRYERR_INV_ALGO );
-	return NULL;
-    }
+    if( check_cipher_algo( algo ) )
+	return set_lasterr( GCRYERR_INV_ALGO );
+
     /* check flags */
-    if( (flags & ~(GCRY_CIPHER_SECURE|GCRY_CIPHER_ENABLE_SYNC)) ) {
-	set_lasterr( GCRYERR_INV_ARG );
-	return NULL;
-    }
+    if( (flags & ~(GCRY_CIPHER_SECURE|GCRY_CIPHER_ENABLE_SYNC)) )
+	return set_lasterr( GCRYERR_INV_ARG );
 
     /* map mode to internal mode */
     switch( mode ) {
@@ -66,27 +70,25 @@ gcry_cipher_open( int algo, int mode, unsigned flags )
 	mode = (flags & GCRY_CIPHER_ENABLE_SYNC) ? CIPHER_MODE_PHILS_CFB
 						 : CIPHER_MODE_CFB;
 	break;
+      case GCRY_CIPHER_MODE_CBC: mode = CIPHER_MODE_CBC; break;
       default:
-	set_lasterr( GCRYERR_INV_ALGO );
-	return NULL;
+	return set_lasterr( GCRYERR_INV_ALGO );
     }
 
     /* allocate the handle */
     h = m_lib_alloc_clear( sizeof *h );
-    if( !h ) {
-	set_lasterr( GCRYERR_NOMEM );
-	return NULL;
-    }
+    if( !h )
+	return set_lasterr( GCRYERR_NOMEM );
     h->magic = CONTEXT_MAGIC;
     h->mode = mode;
     h->hd = cipher_open( algo, mode, (flags & GCRY_CIPHER_SECURE) );
     if( !h ) {
 	m_lib_free( h );
-	set_lasterr( GCRYERR_INTERNAL );
-	return NULL;
+	return set_lasterr( GCRYERR_INTERNAL );
     }
 
-    return h;
+    *ret_hd = h;
+    return 0;
 }
 
 
@@ -128,6 +130,9 @@ gcry_cipher_encrypt( GCRY_CIPHER_HD h, byte *out, size_t outsize,
 {
     if( outsize < inlen )
 	return set_lasterr( GCRYERR_TOO_SHORT );
+    /* fixme: check that the inlength is a multipe of the blocksize
+     * if a blockoriented mode is used, or modify cipher_encrypt to
+     * return an error in this case */
     cipher_encrypt( h->hd, out, in, inlen );
     return 0;
 }