Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx] *) Move EVP cipher code into enc_min.c to support a minimal implementation for use by FIPS applications. [Steve Henson] *) Add algorithm config module. Currently just handles setting FIPS mode. [Steve Henson] Loading Makefile.org +1 −0 Original line number Diff line number Diff line Loading @@ -298,6 +298,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/dsa/dsa_vrf.o \ ../crypto/err/err.o \ ../crypto/evp/digest.o \ ../crypto/evp/enc_min.o \ ../crypto/evp/p_sign.o \ ../crypto/evp/p_verify.o \ ../crypto/mem_clr.o \ Loading crypto/evp/Makefile +2 −2 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ Loading @@ -33,7 +33,7 @@ LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ Loading crypto/evp/dig_eng.c +5 −5 Original line number Diff line number Diff line Loading @@ -122,9 +122,9 @@ #ifdef OPENSSL_FIPS static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) { if (type) if (*ptype) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same Loading @@ -141,11 +141,11 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *im } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); impl = ENGINE_get_digest_engine((*ptype)->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); if(!d) { /* Same comment from evp_enc.c */ Loading @@ -153,7 +153,7 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *im return 0; } /* We'll use the ENGINE's private digest definition */ type = d; *ptype = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ Loading crypto/evp/digest.c +13 −9 Original line number Diff line number Diff line Loading @@ -171,11 +171,13 @@ static const EVP_MD bad_md = #endif #ifndef OPENSSL_NO_ENGINE #ifdef OPENSSL_FIPS static int do_engine_null(ENGINE *impl) { return 0;} static int do_evp_md_engine_null(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) const EVP_MD **ptype, ENGINE *impl) { return 1; } static int (*do_engine_init)(ENGINE *impl) Loading @@ -185,14 +187,14 @@ static int (*do_engine_finish)(ENGINE *impl) = do_engine_null; static int (*do_evp_md_engine) (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) = do_evp_md_engine_null; void int_EVP_MD_set_engine_callbacks( int (*eng_md_init)(ENGINE *impl), int (*eng_md_fin)(ENGINE *impl), int (*eng_md_evp) (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)) (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) { do_engine_init = eng_md_init; do_engine_finish = eng_md_fin; Loading @@ -204,9 +206,9 @@ void int_EVP_MD_set_engine_callbacks( #define do_engine_init ENGINE_init #define do_engine_finish ENGINE_finish static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) { if (type) if (*ptype) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same Loading @@ -223,11 +225,11 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); impl = ENGINE_get_digest_engine((*ptype)->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); if(!d) { /* Same comment from evp_enc.c */ Loading @@ -235,7 +237,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return 0; } /* We'll use the ENGINE's private digest definition */ type = d; *ptype = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ Loading @@ -255,6 +257,8 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif #endif int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); Loading @@ -266,7 +270,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->engine && ctx->digest && (!type || (type && (type->type == ctx->digest->type)))) goto skip_to_init; if (!do_evp_md_engine(ctx, type, impl)) if (!do_evp_md_engine(ctx, &type, impl)) return 0; #endif if (ctx->digest != type) Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx] *) Move EVP cipher code into enc_min.c to support a minimal implementation for use by FIPS applications. [Steve Henson] *) Add algorithm config module. Currently just handles setting FIPS mode. [Steve Henson] Loading
Makefile.org +1 −0 Original line number Diff line number Diff line Loading @@ -298,6 +298,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/dsa/dsa_vrf.o \ ../crypto/err/err.o \ ../crypto/evp/digest.o \ ../crypto/evp/enc_min.o \ ../crypto/evp/p_sign.o \ ../crypto/evp/p_verify.o \ ../crypto/mem_clr.o \ Loading
crypto/evp/Makefile +2 −2 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ Loading @@ -33,7 +33,7 @@ LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ Loading
crypto/evp/dig_eng.c +5 −5 Original line number Diff line number Diff line Loading @@ -122,9 +122,9 @@ #ifdef OPENSSL_FIPS static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) { if (type) if (*ptype) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same Loading @@ -141,11 +141,11 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *im } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); impl = ENGINE_get_digest_engine((*ptype)->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); if(!d) { /* Same comment from evp_enc.c */ Loading @@ -153,7 +153,7 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *im return 0; } /* We'll use the ENGINE's private digest definition */ type = d; *ptype = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ Loading
crypto/evp/digest.c +13 −9 Original line number Diff line number Diff line Loading @@ -171,11 +171,13 @@ static const EVP_MD bad_md = #endif #ifndef OPENSSL_NO_ENGINE #ifdef OPENSSL_FIPS static int do_engine_null(ENGINE *impl) { return 0;} static int do_evp_md_engine_null(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) const EVP_MD **ptype, ENGINE *impl) { return 1; } static int (*do_engine_init)(ENGINE *impl) Loading @@ -185,14 +187,14 @@ static int (*do_engine_finish)(ENGINE *impl) = do_engine_null; static int (*do_evp_md_engine) (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) = do_evp_md_engine_null; void int_EVP_MD_set_engine_callbacks( int (*eng_md_init)(ENGINE *impl), int (*eng_md_fin)(ENGINE *impl), int (*eng_md_evp) (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)) (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) { do_engine_init = eng_md_init; do_engine_finish = eng_md_fin; Loading @@ -204,9 +206,9 @@ void int_EVP_MD_set_engine_callbacks( #define do_engine_init ENGINE_init #define do_engine_finish ENGINE_finish static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) { if (type) if (*ptype) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same Loading @@ -223,11 +225,11 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); impl = ENGINE_get_digest_engine((*ptype)->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); if(!d) { /* Same comment from evp_enc.c */ Loading @@ -235,7 +237,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return 0; } /* We'll use the ENGINE's private digest definition */ type = d; *ptype = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ Loading @@ -255,6 +257,8 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif #endif int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); Loading @@ -266,7 +270,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->engine && ctx->digest && (!type || (type && (type->type == ctx->digest->type)))) goto skip_to_init; if (!do_evp_md_engine(ctx, type, impl)) if (!do_evp_md_engine(ctx, &type, impl)) return 0; #endif if (ctx->digest != type) Loading
