summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.org1
-rw-r--r--crypto/bn/bn_blind.c6
-rw-r--r--crypto/bn/bn_ctx.c6
-rw-r--r--crypto/bn/bn_exp.c5
-rw-r--r--crypto/bn/bn_lib.c5
-rw-r--r--crypto/bn/bn_rand.c5
-rw-r--r--crypto/bn/bn_recp.c5
-rw-r--r--crypto/buffer/buf_str.c5
-rw-r--r--crypto/dsa/dsa_sign.c5
-rw-r--r--crypto/rsa/rsa_gen.c2
-rw-r--r--crypto/rsa/rsa_oaep.c4
-rw-r--r--crypto/rsa/rsa_pss.c4
-rw-r--r--fips/dh/fips_dh_lib.c3
-rw-r--r--fips/dsa/fips_dsa_lib.c3
-rw-r--r--fips/fips.h5
-rw-r--r--fips/fips_utl.h3
-rw-r--r--fips/hmac/fips_hmactest.c1
-rw-r--r--fips/rand/fips_randtest.c2
-rw-r--r--fips/rsa/fips_rsa_lib.c4
-rw-r--r--fips/rsa/fips_rsa_sign.c1
-rw-r--r--fips/utl/Makefile4
-rw-r--r--fips/utl/fips_enc.c4
-rw-r--r--fips/utl/fips_md.c3
23 files changed, 80 insertions, 6 deletions
diff --git a/Makefile.org b/Makefile.org
index 4160f590a8..8e7a77d578 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -313,7 +313,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
../crypto/evp/e_des3.o \
../crypto/evp/m_sha1.o \
../crypto/hmac/hmac.o \
- ../crypto/mem.o \
../crypto/modes/cfb128.o \
../crypto/modes/ctr128.o \
../crypto/modes/ofb128.o \
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 6e00f43c66..d2bba48b0d 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -113,6 +113,12 @@
#include "cryptlib.h"
#include "bn_lcl.h"
+#define OPENSSL_FIPSAPI
+
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#define BN_BLINDING_COUNTER 32
struct bn_blinding_st
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 3f2256f675..f16fb35f5a 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -60,12 +60,18 @@
#endif
#endif
+#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include <assert.h>
#include "cryptlib.h"
#include "bn_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
/* TODO list
*
* 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index d9b6c737fc..2267367793 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -113,6 +113,11 @@
#include "cryptlib.h"
#include "bn_lcl.h"
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 7a5676de69..503762b31e 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -67,6 +67,11 @@
#include "cryptlib.h"
#include "bn_lcl.h"
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
/* This stuff appears to be completely unused, so is deprecated */
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index b376c28ff3..070b1e4ed2 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -115,6 +115,11 @@
#include "bn_lcl.h"
#include <openssl/rand.h>
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
{
unsigned char *buf=NULL;
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 2e8efb8dae..dde27ae71a 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -60,6 +60,11 @@
#include "cryptlib.h"
#include "bn_lcl.h"
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
void BN_RECP_CTX_init(BN_RECP_CTX *recp)
{
BN_init(&(recp->N));
diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
index 151f5ea971..6d94942df8 100644
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@@ -60,6 +60,11 @@
#include "cryptlib.h"
#include <openssl/buffer.h>
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
char *BUF_strdup(const char *str)
{
if (str == NULL) return(NULL);
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index e02365a8b1..3684960203 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -63,6 +63,11 @@
#include <openssl/rand.h>
#include <openssl/bn.h>
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index b8676ad020..e82a81b03a 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -70,6 +70,8 @@
#ifdef OPENSSL_FIPS
+#define OPENSSL_FIPSAPI
+
#include <openssl/fips.h>
#include <openssl/evp.h>
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index eaae712236..48cd89dd48 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -30,6 +30,10 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
static int MGF1(unsigned char *mask, long len,
const unsigned char *seed, long seedlen);
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index e8f6798bbd..0d008c33f3 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -67,6 +67,10 @@
#include <openssl/sha.h>
#include "rsa_locl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
#if defined(_MSC_VER) && defined(_ARM_)
diff --git a/fips/dh/fips_dh_lib.c b/fips/dh/fips_dh_lib.c
index 4a822cf192..747d949389 100644
--- a/fips/dh/fips_dh_lib.c
+++ b/fips/dh/fips_dh_lib.c
@@ -56,9 +56,12 @@
*
*/
+#define OPENSSL_FIPSAPI
+
#include <string.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include <openssl/fips.h>
/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
* reduce external dependencies.
diff --git a/fips/dsa/fips_dsa_lib.c b/fips/dsa/fips_dsa_lib.c
index 2545966d2a..06f8cabfee 100644
--- a/fips/dsa/fips_dsa_lib.c
+++ b/fips/dsa/fips_dsa_lib.c
@@ -56,9 +56,12 @@
*
*/
+#define OPENSSL_FIPSAPI
+
#include <string.h>
#include <openssl/dsa.h>
#include <openssl/bn.h>
+#include <openssl/fips.h>
/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
* reduce external dependencies.
diff --git a/fips/fips.h b/fips/fips.h
index 2ef955ab13..5452db9311 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -113,8 +113,13 @@ void FIPS_lock(int mode, int type,const char *file,int line);
void FIPS_set_locking_callback (void (*func)(int mode, int type,
const char *file,int line));
+void *FIPS_malloc(int num, const char *file, int line);
+void FIPS_free(void *);
+
#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
#define CRYPTO_lock FIPS_lock
+#define CRYPTO_malloc FIPS_malloc
+#define CRYPTO_free FIPS_free
#endif
/* BEGIN ERROR CODES */
diff --git a/fips/fips_utl.h b/fips/fips_utl.h
index b3162d6863..76ae4f8e38 100644
--- a/fips/fips_utl.h
+++ b/fips/fips_utl.h
@@ -47,6 +47,9 @@
*
*/
+#define OPENSSL_FIPSAPI
+#include <openssl/fips.h>
+
int hex2bin(const char *in, unsigned char *out);
unsigned char *hex2bin_m(const char *in, long *plen);
int do_hex2bn(BIGNUM **pr, const char *in);
diff --git a/fips/hmac/fips_hmactest.c b/fips/hmac/fips_hmactest.c
index 575f6524b7..8c51fe523b 100644
--- a/fips/hmac/fips_hmactest.c
+++ b/fips/hmac/fips_hmactest.c
@@ -77,7 +77,6 @@ int main(int argc, char *argv[])
#else
-#include <openssl/fips.h>
#include "fips_utl.h"
static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c
index 88fb86060d..31c51d3392 100644
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@@ -123,6 +123,8 @@ int main(int argc, char *argv[])
#else
+#define OPENSSL_FIPSAPI
+
#include <openssl/fips.h>
#include "fips_utl.h"
diff --git a/fips/rsa/fips_rsa_lib.c b/fips/rsa/fips_rsa_lib.c
index a37ad3e540..77c0cb8466 100644
--- a/fips/rsa/fips_rsa_lib.c
+++ b/fips/rsa/fips_rsa_lib.c
@@ -56,11 +56,14 @@
*
*/
+#define OPENSSL_FIPSAPI
+
#include <string.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/err.h>
+#include <openssl/fips.h>
/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
* reduce external dependencies.
@@ -95,7 +98,6 @@ void FIPS_rsa_free(RSA *r)
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
OPENSSL_free(r);
}
diff --git a/fips/rsa/fips_rsa_sign.c b/fips/rsa/fips_rsa_sign.c
index d07111b4be..4e5b4bf1db 100644
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@@ -63,6 +63,7 @@
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/sha.h>
+#include <openssl/fips.h>
#ifdef OPENSSL_FIPS
diff --git a/fips/utl/Makefile b/fips/utl/Makefile
index 577578ee70..8542b32156 100644
--- a/fips/utl/Makefile
+++ b/fips/utl/Makefile
@@ -22,8 +22,8 @@ TEST=
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c
-LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o
+LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c fips_mem.c
+LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o fips_mem.o
SRC= $(LIBSRC)
diff --git a/fips/utl/fips_enc.c b/fips/utl/fips_enc.c
index 23ba5ddb74..93647a023b 100644
--- a/fips/utl/fips_enc.c
+++ b/fips/utl/fips_enc.c
@@ -56,11 +56,13 @@
* [including the GNU Public Licence.]
*/
+#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/err.h>
-#include <openssl/rand.h>
+#include <openssl/fips.h>
void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx)
{
diff --git a/fips/utl/fips_md.c b/fips/utl/fips_md.c
index 6e33e841a5..0038646f58 100644
--- a/fips/utl/fips_md.c
+++ b/fips/utl/fips_md.c
@@ -111,11 +111,14 @@
/* Minimal standalone FIPS versions of Digest operations */
+#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/err.h>
+#include <openssl/fips.h>
void FIPS_md_ctx_init(EVP_MD_CTX *ctx)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 08:17:41 +0000