Make some EVP code available from within the FIPS module

# FIPS module

SOURCE[../providers/fips]=\

        cryptlib.c mem.c mem_clr.c params.c bsearch.c ex_data.c o_str.c \

        threads_pthread.c threads_win.c threads_none.c context.c

        ctype.c threads_pthread.c threads_win.c threads_none.c context.c \

        sparse_array.c

DEPEND[cversion.o]=buildinf.h

SOURCE[../../libcrypto]=\

	evp_fetch.c

# FIPS Module

SOURCE[../../providers/fips]=\

        digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c

INCLUDE[e_aes.o]=.. ../modes

INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes

INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes

     * pctx should be freed by the user of EVP_MD_CTX

     * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set

     */

#ifndef FIPS_MODE

    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */

    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))

        EVP_PKEY_CTX_free(ctx->pctx);

# ifndef OPENSSL_NO_ENGINE

    ENGINE_finish(ctx->engine);

# endif

#endif

    OPENSSL_cleanse(ctx, sizeof(*ctx));

int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)

{

    EVP_MD *provmd;

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    ENGINE *tmpimpl = NULL;

#endif

    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);

        ctx->reqdigest = type;

    /* TODO(3.0): Legacy work around code below. Remove this */

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    /*

     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so

     * this context may already have an ENGINE! Try to avoid releasing the

     */

    if (ctx->engine != NULL

            || impl != NULL

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

            || tmpimpl != NULL

#endif

            || ctx->pctx != NULL

            || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) {

        if (ctx->digest == ctx->fetched_digest)

    /* TODO(3.0): Start of non-legacy code below */

    if (type->prov == NULL) {

        provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), "");

#ifdef FIPS_MODE

        /* We only do explict fetches inside the FIPS module */

        EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);

        return 0;

#else

        EVP_MD *provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), "");

        if (provmd == NULL) {

            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);

            return 0;

        type = provmd;

        EVP_MD_meth_free(ctx->fetched_digest);

        ctx->fetched_digest = provmd;

#endif

    }

    ctx->digest = type;

    /* TODO(3.0): Remove legacy code below */

 legacy:

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    if (type) {

        /*

         * Ensure an ENGINE left lying around from last time is cleared (the

            }

        }

    }

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

 skip_to_init:

#endif

    if (ctx->pctx) {

#ifndef FIPS_MODE

    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */

    if (ctx->pctx != NULL) {

        int r;

        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,

                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);

        if (r <= 0 && (r != -2))

            return 0;

    }

#endif

    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)

        return 1;

    return ctx->digest->init(ctx);

    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */

    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);

#ifndef FIPS_MODE

    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */

    if (in->pctx != NULL) {

        out->pctx = EVP_PKEY_CTX_dup(in->pctx);

        if (out->pctx == NULL) {

            return 0;

        }

    }

#endif

    return 1;

    /* TODO(3.0): Remove legacy code below */

 legacy:

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    /* Make sure it's safe to copy a digest context using an ENGINE */

    if (in->engine && !ENGINE_init(in->engine)) {

        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);

    out->update = in->update;

#ifndef FIPS_MODE

    /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */

    if (in->pctx) {

        out->pctx = EVP_PKEY_CTX_dup(in->pctx);

        if (!out->pctx) {

            return 0;

        }

    }

#endif

    if (out->digest->copy)

        return out->digest->copy(out, in);

            OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size);

    }

    OPENSSL_free(ctx->cipher_data);

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    ENGINE_finish(ctx->engine);

#endif

    memset(ctx, 0, sizeof(*ctx));

                      ENGINE *impl, const unsigned char *key,

                      const unsigned char *iv, int enc)

{

    EVP_CIPHER *provciph = NULL;

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    ENGINE *tmpimpl = NULL;

#endif

    const EVP_CIPHER *tmpcipher;

    /*

    /* TODO(3.0): Legacy work around code below. Remove this */

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    /*

     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so

     * this context may already have an ENGINE! Try to avoid releasing the

     * If there are engines involved then we should use legacy handling for now.

     */

    if (ctx->engine != NULL

            || impl != NULL

            || tmpimpl != NULL) {

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

            || tmpimpl != NULL

#endif

            || impl != NULL) {

        if (ctx->cipher == ctx->fetched_cipher)

            ctx->cipher = NULL;

        EVP_CIPHER_meth_free(ctx->fetched_cipher);

        cipher = ctx->cipher;

    if (cipher->prov == NULL) {

        provciph = EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), "");

#ifdef FIPS_MODE

        /* We only do explict fetches inside the FIPS module */

        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

        return 0;

#else

        EVP_CIPHER *provciph =

            EVP_CIPHER_fetch(NULL, OBJ_nid2sn(cipher->nid), "");

        if (provciph == NULL) {

            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

            return 0;

        cipher = provciph;

        EVP_CIPHER_meth_free(ctx->fetched_cipher);

        ctx->fetched_cipher = provciph;

#endif

    }

    ctx->cipher = cipher;

            ctx->encrypt = enc;

            ctx->flags = flags;

        }

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

        if (impl != NULL) {

            if (!ENGINE_init(impl)) {

                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);

            }

        }

    }

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

 skip_to_init:

#endif

    if (ctx->cipher == NULL)

    return ret;

}

#if !defined(FIPS_MODE)

/* TODO(3.0): No support for RAND yet in the FIPS module */

int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)

{

    int kl;

        return 0;

    return 1;

}

#endif

int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)

{

    /* TODO(3.0): Remove legacy code below */

 legacy:

#ifndef OPENSSL_NO_ENGINE

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)

    /* Make sure it's safe to copy a cipher context using an ENGINE */

    if (in->engine && !ENGINE_init(in->engine)) {

        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);

#include "internal/provider.h"

#include "evp_locl.h"

#if !defined(FIPS_MODE)

int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)

{

    int ret;

    }

    return i;

}

#endif /* !defined(FIPS_MODE) */

/* Convert the various cipher NIDs and dummies to a proper OID NID */

int EVP_CIPHER_type(const EVP_CIPHER *ctx)

{

    int nid;

    ASN1_OBJECT *otmp;

    nid = EVP_CIPHER_nid(ctx);

    switch (nid) {

        return NID_des_cfb64;

    default:

#ifdef FIPS_MODE

        return NID_undef;

#else

        {

            /* Check it has an OID and it is valid */

        otmp = OBJ_nid2obj(nid);

            ASN1_OBJECT *otmp = OBJ_nid2obj(nid);

            if (OBJ_get0_data(otmp) == NULL)

                nid = NID_undef;

            ASN1_OBJECT_free(otmp);

            return nid;

        }

#endif

    }

}

int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)

    return ctx->pctx;

}

#if !defined(FIPS_MODE)

/* TODO(3.0): EVP_DigestSign* not yet supported in FIPS module */

void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)

{

    /*

        EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);

    }

}

#endif /* !defined(FIPS_MODE) */

void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)

{