diff options
| author | Richard Levitte <levitte@openssl.org> | 2011-03-24 22:55:02 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2011-03-24 22:55:02 +0000 |
| commit | 399aa6b5ffd37e2601af4524bb71d862cbee4a84 (patch) | |
| tree | 4a8007b086c33a2525c237209fbfbd6bb6070b9f /fips/utl | |
| parent | 487b023f3d30114cad2118be70a47171ea4d65cd (diff) | |
Implement FIPS CMAC.
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
Diffstat (limited to 'fips/utl')
| -rw-r--r-- | fips/utl/fips_enc.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/fips/utl/fips_enc.c b/fips/utl/fips_enc.c index b3db931fe9..a25e5a1e5c 100644 --- a/fips/utl/fips_enc.c +++ b/fips/utl/fips_enc.c @@ -275,6 +275,54 @@ int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) return ret; } +int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + { + if ((in == NULL) || (in->cipher == NULL)) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } + + /* Only FIPS ciphers allowed */ + if (FIPS_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) && + !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS); + out->cipher = &bad_cipher; + return 0; + } + + FIPS_cipher_ctx_cleanup(out); + memcpy(out,in,sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) + { + out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size); + if (!out->cipher_data) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size); + } + + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) + return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + return 1; + } + +/* You can't really set the key length with FIPS, so just check that the + caller sets the length the context already has. */ +int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen) + { + if (ctx->key_len == keylen) + return 1; + + EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); + return 0; + } + + int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) |