diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-02-08 15:10:42 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-02-08 15:10:42 +0000 |
| commit | f4001a0d192a2462bcedbaadf95e778ddc352ebb (patch) | |
| tree | 43159a16fbda0c3b364b269481746fd7ee12c2a6 | |
| parent | cea73f9db399c11ef95f08d270f6671e7b9f88ad (diff) | |
Link GCM into FIPS module. Check return value in EVP gcm.
| -rw-r--r-- | Makefile.org | 3 | ||||
| -rw-r--r-- | crypto/evp/e_aes.c | 15 | ||||
| -rw-r--r-- | crypto/modes/gcm128.c | 2 | ||||
| -rw-r--r-- | fips/Makefile | 1 |
4 files changed, 17 insertions, 4 deletions
diff --git a/Makefile.org b/Makefile.org index b608f710e9..89fa394546 100644 --- a/Makefile.org +++ b/Makefile.org @@ -316,6 +316,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/modes/cbc128.o \ ../crypto/modes/cfb128.o \ ../crypto/modes/ctr128.o \ + ../crypto/modes/gcm128.o \ ../crypto/modes/ofb128.o \ ../crypto/rand/md_rand.o \ ../crypto/rand/rand_egd.o \ @@ -350,7 +351,7 @@ build_fips: build_crypto: if [ -n "$(FIPSCANLIB)" ]; then \ - EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ + EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ else \ ARX='${AR}' ; \ diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 34a350a880..ed21d0a923 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -312,11 +312,20 @@ static int aes_gcm(EVP_CIPHER_CTX *ctx, unsigned char *out, if (in) { if (out == NULL) - CRYPTO_gcm128_aad(gctx->gcm, in, len); + { + if (CRYPTO_gcm128_aad(gctx->gcm, in, len)) + return -1; + } else if (ctx->encrypt) - CRYPTO_gcm128_encrypt(gctx->gcm, in, out, len); + { + if (CRYPTO_gcm128_encrypt(gctx->gcm, in, out, len)) + return -1; + } else - CRYPTO_gcm128_decrypt(gctx->gcm, in, out, len); + { + if (CRYPTO_gcm128_decrypt(gctx->gcm, in, out, len)) + return -1; + } return len; } else diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 3f6b70df4b..1287bce773 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -47,6 +47,8 @@ * ==================================================================== */ +#define OPENSSL_FIPSAPI + #include <openssl/crypto.h> #include "modes_lcl.h" #include <string.h> diff --git a/fips/Makefile b/fips/Makefile index 1eafa55481..6d4c27fd1b 100644 --- a/fips/Makefile +++ b/fips/Makefile @@ -89,6 +89,7 @@ fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \ list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \ list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \ + list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \ if [ -n "$(CPUID_OBJ)" ]; then \ CPUID=../crypto/$(CPUID_OBJ) ; \ else \ |