Commit 5fd76ba5 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Changes to make AES algorithm test work via EVP.

parent df50ec37

CHANGES

+7 −0
Original line number Diff line number Diff line
@@ -4,6 +4,13 @@ 


 Changes between 0.9.8e and 0.9.8f-fips  [xx XXX xxxx]



  *) New flag in EVP_CIPHER: EVP_CIPH_FLAG_DEFAULT_ASN1. This will

     automatically use EVP_CIPHER_{get,set}_asn1_iv and avoid the

     need for any ASN1 dependencies in FIPS library. Move AES cipher

     definitions to fips library and modify AES algorithm test to use

     EVP.

     [Steve Henson]



  *) Move EVP cipher code into enc_min.c to support a minimal implementation

     for use by FIPS applications.

     [Steve Henson]

Makefile.org

+1 −0
Original line number Diff line number Diff line
@@ -299,6 +299,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ 
	../crypto/err/err.o \

	../crypto/evp/digest.o \

	../crypto/evp/enc_min.o \

	../crypto/evp/e_aes.o \

	../crypto/evp/p_sign.o \

	../crypto/evp/p_verify.o \

	../crypto/mem_clr.o \

crypto/evp/e_aes.c

+9 −12
Original line number Diff line number Diff line
@@ -69,22 +69,19 @@ typedef struct 


IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,

		       NID_aes_128, 16, 16, 16, 128,

		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 

		       EVP_CIPHER_set_asn1_iv,

		       EVP_CIPHER_get_asn1_iv,

		       NULL)

		       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,

		       aes_init_key,

		       NULL, NULL, NULL, NULL)

IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,

		       NID_aes_192, 16, 24, 16, 128,

		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 

		       EVP_CIPHER_set_asn1_iv,

		       EVP_CIPHER_get_asn1_iv,

		       NULL)

		       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,

		       aes_init_key,

		       NULL, NULL, NULL, NULL)

IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,

		       NID_aes_256, 16, 32, 16, 128,

		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 

		       EVP_CIPHER_set_asn1_iv,

		       EVP_CIPHER_get_asn1_iv,

		       NULL)

		       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,

		       aes_init_key,

		       NULL, NULL, NULL, NULL)



#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)

crypto/evp/evp.h

+2 −0
Original line number Diff line number Diff line
@@ -376,6 +376,8 @@ struct evp_cipher_st 
#define		EVP_CIPH_FLAG_FIPS		0x400

/* Allow non FIPS cipher in FIPS mode */

#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x800

/* Allow use default ASN1 get/set iv */

#define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000



/* ctrl() values */

crypto/evp/evp_lib.c

+4 −0
Original line number Diff line number Diff line
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 


	if (c->cipher->set_asn1_parameters != NULL)

		ret=c->cipher->set_asn1_parameters(c,type);

	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)

		ret=EVP_CIPHER_set_asn1_iv(c, type);

	else

		ret=-1;

	return(ret);
@@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 


	if (c->cipher->get_asn1_parameters != NULL)

		ret=c->cipher->get_asn1_parameters(c,type);

	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)

		ret=EVP_CIPHER_get_asn1_iv(c, type);

	else

		ret=-1;

	return(ret);