diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2008-09-16 10:47:28 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2008-09-16 10:47:28 +0000 |
| commit | 96a259e81e47cf61d54eb0cb0dd05434eda2f301 (patch) | |
| tree | de53299acb413b3d5cbe25d05e17f6f3aa8e422b /crypto/sha | |
| parent | 59f3477b8236fd431d2cee942b46e3034e0a7b10 (diff) | |
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
Diffstat (limited to 'crypto/sha')
| -rw-r--r-- | crypto/sha/sha.h | 3 | ||||
| -rw-r--r-- | crypto/sha/sha1_one.c | 2 | ||||
| -rw-r--r-- | crypto/sha/sha1dgst.c | 4 | ||||
| -rw-r--r-- | crypto/sha/sha256.c | 10 | ||||
| -rw-r--r-- | crypto/sha/sha512.c | 12 | ||||
| -rw-r--r-- | crypto/sha/sha_dgst.c | 6 | ||||
| -rw-r--r-- | crypto/sha/sha_locl.h | 7 |
7 files changed, 42 insertions, 2 deletions
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index eed44d7f94..47a2c29f66 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index 7c65b60276..4831174198 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -61,7 +61,7 @@ #include <openssl/sha.h> #include <openssl/crypto.h> -#ifndef OPENSSL_NO_SHA1 +#if !defined(OPENSSL_NO_SHA1) unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 50d1925cde..d31f0781a0 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -63,6 +63,10 @@ #define SHA_1 #include <openssl/opensslv.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 867f90cc97..3256a83e98 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -12,12 +12,19 @@ #include <openssl/crypto.h> #include <openssl/sha.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include <openssl/opensslv.h> const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; int SHA224_Init (SHA256_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; @@ -29,6 +36,9 @@ int SHA224_Init (SHA256_CTX *c) int SHA256_Init (SHA256_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 987fc07c99..f5ed468b85 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -5,6 +5,10 @@ * ==================================================================== */ #include <openssl/opensslconf.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /* * IMPLEMENTATION NOTES. @@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; int SHA384_Init (SHA512_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); c->h[2]=U64(0x9159015a3070dd17); @@ -76,6 +83,9 @@ int SHA384_Init (SHA512_CTX *c) int SHA512_Init (SHA512_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); @@ -327,7 +337,7 @@ static const SHA_LONG64 K512[80] = { ((SHA_LONG64)hi)<<32|lo; }) # else # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ + unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c index 70eb56032c..598f4d721a 100644 --- a/crypto/sha/sha_dgst.c +++ b/crypto/sha/sha_dgst.c @@ -57,6 +57,12 @@ */ #include <openssl/opensslconf.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + +#include <openssl/err.h> #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index e37e5726e3..da46ddfe79 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL +#if defined(SHA_0) && defined(OPENSSL_FIPS) +FIPS_NON_FIPS_MD_Init(SHA) +#else int HASH_INIT (SHA_CTX *c) +#endif { +#if defined(SHA_1) && defined(OPENSSL_FIPS) + FIPS_selftest_check(); +#endif c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; |