diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 13:39:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 13:39:45 +0000 |
commit | 65300dcfb04bae643ea7b8f42ff8c8f1b1210a9e (patch) | |
tree | b3cebcf5d9b7c05745dcd26cc13de2805098c224 /crypto/sha | |
parent | 9ddc574f9aed0fbf5b19c50a495de608550174c7 (diff) |
Prohibit use of low level digest APIs in FIPS mode.
Diffstat (limited to 'crypto/sha')
-rw-r--r-- | crypto/sha/sha.h | 14 | ||||
-rw-r--r-- | crypto/sha/sha1dgst.c | 1 | ||||
-rw-r--r-- | crypto/sha/sha256.c | 4 | ||||
-rw-r--r-- | crypto/sha/sha512.c | 4 | ||||
-rw-r--r-- | crypto/sha/sha_dgst.c | 1 | ||||
-rw-r--r-- | crypto/sha/sha_locl.h | 6 |
6 files changed, 25 insertions, 5 deletions
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 16cacf9fc0..8a6bf4bbbb 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); @@ -113,6 +116,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif #ifndef OPENSSL_NO_SHA1 +#ifdef OPENSSL_FIPS +int private_SHA1_Init(SHA_CTX *c); +#endif int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); @@ -135,6 +141,10 @@ typedef struct SHA256state_st } SHA256_CTX; #ifndef OPENSSL_NO_SHA256 +#ifdef OPENSSL_FIPS +int private_SHA224_Init(SHA256_CTX *c); +int private_SHA256_Init(SHA256_CTX *c); +#endif int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); @@ -182,6 +192,10 @@ typedef struct SHA512state_st #endif #ifndef OPENSSL_NO_SHA512 +#ifdef OPENSSL_FIPS +int private_SHA384_Init(SHA512_CTX *c); +int private_SHA512_Init(SHA512_CTX *c); +#endif int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 50d1925cde..81219af088 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -57,6 +57,7 @@ */ #include <openssl/opensslconf.h> +#include <openssl/crypto.h> #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) #undef SHA_0 diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 8952d87673..f88d3d6dad 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -16,7 +16,7 @@ const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; -int SHA224_Init (SHA256_CTX *c) +fips_md_init_ctx(SHA224, SHA256) { memset (c,0,sizeof(*c)); c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; @@ -27,7 +27,7 @@ int SHA224_Init (SHA256_CTX *c) return 1; } -int SHA256_Init (SHA256_CTX *c) +fips_md_init(SHA256) { memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index cbc0e58c48..8b13e6ca18 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -59,7 +59,7 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif -int SHA384_Init (SHA512_CTX *c) +fips_md_init_ctx(SHA384, SHA512) { #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ @@ -88,7 +88,7 @@ int SHA384_Init (SHA512_CTX *c) return 1; } -int SHA512_Init (SHA512_CTX *c) +fips_md_init(SHA512) { #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c index 70eb56032c..c946ad827d 100644 --- a/crypto/sha/sha_dgst.c +++ b/crypto/sha/sha_dgst.c @@ -57,6 +57,7 @@ */ #include <openssl/opensslconf.h> +#include <openssl/crypto.h> #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 672c26eee1..7a0c3ca8d8 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -122,7 +122,11 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL -int HASH_INIT (SHA_CTX *c) +#ifdef SHA_0 +fips_md_init(SHA) +#else +fips_md_init_ctx(SHA1, SHA) +#endif { memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; |