Loading crypto/evp/digest.c +14 −3 Original line number Diff line number Diff line Loading @@ -120,9 +120,6 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif memset(ctx,'\0',sizeof *ctx); } Loading Loading @@ -265,6 +262,14 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); ctx->digest = &bad_md; return 0; } #endif #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing Loading Loading @@ -305,6 +310,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif return ctx->digest->update(ctx,data,count); } Loading @@ -321,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); Loading crypto/evp/enc_min.c +11 −0 Original line number Diff line number Diff line Loading @@ -199,6 +199,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } #ifdef OPENSSL_NO_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); ctx->cipher = &bad_cipher; return 0; } #endif #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing Loading Loading @@ -339,6 +347,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif return ctx->cipher->do_cipher(ctx,out,in,inl); } Loading crypto/evp/evp_enc.c +12 −4 Original line number Diff line number Diff line Loading @@ -66,6 +66,14 @@ #endif #include "evp_locl.h" #ifdef OPENSSL_FIPS #define M_do_cipher(ctx, out, in, inl) \ EVP_Cipher(ctx,out,in,inl) #else #define M_do_cipher(ctx, out, in, inl) \ ctx->cipher->do_cipher(ctx,out,in,inl) #endif const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) Loading Loading @@ -138,7 +146,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, OPENSSL_assert(inl > 0); if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) if(M_do_cipher(ctx,out,in,inl)) { *outl=inl; return 1; Loading @@ -165,7 +173,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { j=bl-i; memcpy(&(ctx->buf[i]),in,j); if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; inl-=j; in+=j; out+=bl; Loading @@ -178,7 +186,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, inl-=i; if (inl > 0) { if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; if(!M_do_cipher(ctx,out,in,inl)) return 0; *outl+=inl; } Loading Loading @@ -222,7 +230,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n=b-bl; for (i=bl; i<b; i++) ctx->buf[i]=n; ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); ret=M_do_cipher(ctx,out,ctx->buf,b); if(ret) Loading crypto/fips_err.h +2 −0 Original line number Diff line number Diff line Loading @@ -74,6 +74,8 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"}, Loading fips/fips.h +2 −0 Original line number Diff line number Diff line Loading @@ -107,6 +107,8 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_DSA_BUILTIN_PARAMGEN 101 #define FIPS_F_DSA_DO_SIGN 102 #define FIPS_F_DSA_DO_VERIFY 103 #define FIPS_F_EVP_CIPHERINIT_EX 124 #define FIPS_F_EVP_DIGESTINIT_EX 125 #define FIPS_F_FIPS_CHECK_DSA 104 #define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 #define FIPS_F_FIPS_CHECK_RSA 106 Loading Loading
crypto/evp/digest.c +14 −3 Original line number Diff line number Diff line Loading @@ -120,9 +120,6 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif memset(ctx,'\0',sizeof *ctx); } Loading Loading @@ -265,6 +262,14 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); ctx->digest = &bad_md; return 0; } #endif #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing Loading Loading @@ -305,6 +310,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif return ctx->digest->update(ctx,data,count); } Loading @@ -321,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); Loading
crypto/evp/enc_min.c +11 −0 Original line number Diff line number Diff line Loading @@ -199,6 +199,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } #ifdef OPENSSL_NO_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); ctx->cipher = &bad_cipher; return 0; } #endif #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing Loading Loading @@ -339,6 +347,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { #ifdef OPENSSL_FIPS FIPS_selftest_check(); #endif return ctx->cipher->do_cipher(ctx,out,in,inl); } Loading
crypto/evp/evp_enc.c +12 −4 Original line number Diff line number Diff line Loading @@ -66,6 +66,14 @@ #endif #include "evp_locl.h" #ifdef OPENSSL_FIPS #define M_do_cipher(ctx, out, in, inl) \ EVP_Cipher(ctx,out,in,inl) #else #define M_do_cipher(ctx, out, in, inl) \ ctx->cipher->do_cipher(ctx,out,in,inl) #endif const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) Loading Loading @@ -138,7 +146,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, OPENSSL_assert(inl > 0); if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) if(M_do_cipher(ctx,out,in,inl)) { *outl=inl; return 1; Loading @@ -165,7 +173,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { j=bl-i; memcpy(&(ctx->buf[i]),in,j); if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; inl-=j; in+=j; out+=bl; Loading @@ -178,7 +186,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, inl-=i; if (inl > 0) { if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; if(!M_do_cipher(ctx,out,in,inl)) return 0; *outl+=inl; } Loading Loading @@ -222,7 +230,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n=b-bl; for (i=bl; i<b; i++) ctx->buf[i]=n; ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); ret=M_do_cipher(ctx,out,ctx->buf,b); if(ret) Loading
crypto/fips_err.h +2 −0 Original line number Diff line number Diff line Loading @@ -74,6 +74,8 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"}, Loading
fips/fips.h +2 −0 Original line number Diff line number Diff line Loading @@ -107,6 +107,8 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_DSA_BUILTIN_PARAMGEN 101 #define FIPS_F_DSA_DO_SIGN 102 #define FIPS_F_DSA_DO_VERIFY 103 #define FIPS_F_EVP_CIPHERINIT_EX 124 #define FIPS_F_EVP_DIGESTINIT_EX 125 #define FIPS_F_FIPS_CHECK_DSA 104 #define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 #define FIPS_F_FIPS_CHECK_RSA 106 Loading
