Backport "alg" module to OpenSSL 0.9.7

6 files changed, 30 insertions, 3 deletions

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 4c1d595b0a..c433b663c4 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -8,6 +8,9 @@
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 
+# Uncomment out to enable OpenSSL configuration see config(3)
+# openssl_conf = openssl_init
+
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
@@ -19,6 +22,11 @@ oid_section		= new_oids
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 
+[openssl_init]
+# Extra OBJECT IDENTIFIER info:
+oid_section = new_oids
+alg_section = algs
+
 [ new_oids ]
 
 # We can add new OIDs in here for use by 'ca' and 'req'.
@@ -26,6 +34,9 @@ oid_section		= new_oids
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
+[ algs ]
+# Algorithm configuration options. Currently just fips_mode
+fips_mode = no
 
 ####################################################################
 [ ca ]
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
index 4ba40cf44c..3b1c2e4759 100644
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -76,5 +76,6 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE_add_conf_module();
 #endif
+	EVP_add_alg_module();
 	}
 
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index d1c2a272bb..0261eb3b5e 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -23,7 +23,7 @@ TESTDATA=evptests.txt
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
 	e_des.c e_bf.c e_idea.c e_des3.c \
 	e_rc4.c e_aes.c names.c \
 	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
@@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
 	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
 	e_old.c
 
-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
 	e_des.o e_bf.o e_idea.o e_des3.o \
 	e_rc4.o e_aes.o names.o \
 	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 56eec23fef..fba19cfc55 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -875,6 +875,8 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 		    EVP_PBE_KEYGEN *keygen);
 void EVP_PBE_cleanup(void);
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -885,6 +887,7 @@ void ERR_load_EVP_strings(void);
 
 /* Function codes. */
 #define EVP_F_AES_INIT_KEY				 129
+#define EVP_F_ALG_MODULE_INIT				 134
 #define EVP_F_D2I_PKEY					 100
 #define EVP_F_EVP_ADD_CIPHER				 130
 #define EVP_F_EVP_ADD_DIGEST				 131
@@ -933,12 +936,16 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
 #define EVP_R_DISABLED_FOR_FIPS				 141
 #define EVP_R_ENCODE_ERROR				 115
+#define EVP_R_ERROR_LOADING_SECTION			 142
+#define EVP_R_ERROR_SETTING_FIPS_MODE			 143
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
 #define EVP_R_EXPECTING_AN_RSA_KEY			 127
 #define EVP_R_EXPECTING_A_DH_KEY			 128
 #define EVP_R_EXPECTING_A_DSA_KEY			 129
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED			 144
 #define EVP_R_INITIALIZATION_ERROR			 134
 #define EVP_R_INPUT_NOT_INITIALIZED			 111
+#define EVP_R_INVALID_FIPS_MODE				 145
 #define EVP_R_INVALID_KEY_LENGTH			 130
 #define EVP_R_IV_TOO_LARGE				 102
 #define EVP_R_KEYGEN_FAILURE				 120
@@ -950,6 +957,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_UNKNOWN_OPTION				 146
 #define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
 #define EVP_R_UNSUPPORTED_CIPHER			 107
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 1292cce20f..38d26c259b 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -71,6 +71,7 @@
 static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),	"ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
 {ERR_FUNC(EVP_F_EVP_ADD_CIPHER),	"EVP_add_cipher"},
 {ERR_FUNC(EVP_F_EVP_ADD_DIGEST),	"EVP_add_digest"},
@@ -122,12 +123,16 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
 {ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
@@ -139,6 +144,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
diff --git a/util/libeay.num b/util/libeay.num
index 4222bef6d6..63e4382d9a 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1330,6 +1330,7 @@ i2d_PBE2PARAM                           1401	EXIST::FUNCTION:
 PBE2PARAM_new                           1402	EXIST::FUNCTION:
 d2i_PBE2PARAM                           1403	EXIST::FUNCTION:
 PBE2PARAM_free                          1404	EXIST::FUNCTION:
+EVP_add_alg_module                      1405	EXIST::FUNCTION:
 d2i_ASN1_SET_OF_GENERAL_NAME            1421	NOEXIST::FUNCTION:
 i2d_ASN1_SET_OF_GENERAL_NAME            1422	NOEXIST::FUNCTION:
 d2i_ASN1_SET_OF_SXNETID                 1439	NOEXIST::FUNCTION: