diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-29 15:55:13 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-29 15:55:13 +0000 |
commit | 293c58c1e7bbeecea2b9a3ba81876034b8820073 (patch) | |
tree | 746777e59270ad542c8c51b55823fdc4e6674a19 /crypto/evp | |
parent | 9f375a752ecad52372fae4b70c151aac602ea435 (diff) |
Use approved API for EVP digest operations in FIPS builds.
Call OPENSSL_init() in a few more places to make sure it is always called
at least once.
Initial cipher API redirection (incomplete).
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/digest.c | 14 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 11 | ||||
-rw-r--r-- | crypto/evp/names.c | 2 |
3 files changed, 26 insertions, 1 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index a0d5763b92..467e6b5ae9 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -244,7 +244,11 @@ skip_to_init: int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { +#ifdef OPENSSL_FIPS + return FIPS_digestupdate(ctx, data, count); +#else return ctx->update(ctx,data,count); +#endif } /* The caller can assume that this removes any secret data from the context */ @@ -259,8 +263,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { +#ifdef OPENSSL_FIPS + return FIPS_digestfinal(ctx, md, size); +#else int ret; - OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); if (size != NULL) @@ -272,6 +278,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) } memset(ctx->md_data,0,ctx->digest->ctx_size); return ret; +#endif } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) @@ -365,6 +372,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) /* This call frees resources associated with the context */ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { +#ifndef OPENSSL_FIPS /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, * because sometimes only copies of the context are ever finalised. */ @@ -377,6 +385,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#endif if (ctx->pctx) EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE @@ -385,6 +394,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); #endif +#ifdef OPENSSL_FIPS + FIPS_md_ctx_cleanup(ctx); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index a0bdf9856c..ccb4980e43 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -64,6 +64,9 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif #include "evp_locl.h" const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -155,6 +158,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp ctx->engine = NULL; #endif +#ifdef OPENSSL_FIPS + return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#else ctx->cipher=cipher; if (ctx->cipher->ctx_size) { @@ -179,6 +185,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp return 0; } } +#endif } else if(!ctx->cipher) { @@ -188,6 +195,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif +#ifdef OPENSSL_FIPS + return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#else /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -233,6 +243,7 @@ skip_to_init: ctx->final_used=0; ctx->block_mask=ctx->cipher->block_size-1; return 1; +#endif } int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, diff --git a/crypto/evp/names.c b/crypto/evp/names.c index f2869f5c78..67c73c0bab 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -65,6 +65,7 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; + OPENSSL_init(); r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); @@ -78,6 +79,7 @@ int EVP_add_digest(const EVP_MD *md) { int r; const char *name; + OPENSSL_init(); name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); |