Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 0.9.8g and 0.9.8h-fips [xx XXX xxxx] *) Add flag EVP_CIPH_FLAG_LENGTH_BITS to indicate that input buffer length is in bits not bytes. The Monte Carlo FIPS140-2 CFB1 tests require this. [Steve Henson] *) Add option --with-fipslibdir to specify location of fipscanister.lib and friends. When combined with fips build option fipscanister.lib is not built but linked from the supplied directory. Always link fips Loading crypto/evp/evp.h +3 −0 Original line number Diff line number Diff line Loading @@ -378,6 +378,8 @@ struct evp_cipher_st #define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 /* Allow use default ASN1 get/set iv */ #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* ctrl() values */ Loading Loading @@ -470,6 +472,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) #define M_EVP_MD_CTX_md(e) ((e)->digest) #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) Loading crypto/evp/evp_locl.h +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } Loading fips/aes/fips_aesavs.c +4 −0 Original line number Diff line number Diff line Loading @@ -212,6 +212,8 @@ int AESTest(EVP_CIPHER_CTX *ctx, } if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) return 0; if(!strcasecmp(amode,"CFB1")) M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); if (dir) EVP_Cipher(ctx, ciphertext, plaintext, len); else Loading Loading @@ -377,9 +379,11 @@ int do_mct(char *amode, case CFB1: if(j == 0) { #if 0 /* compensate for wrong endianness of input file */ if(i == 0) ptext[0][0]<<=7; #endif ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir, ptext[j], ctext[j], len); } Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 0.9.8g and 0.9.8h-fips [xx XXX xxxx] *) Add flag EVP_CIPH_FLAG_LENGTH_BITS to indicate that input buffer length is in bits not bytes. The Monte Carlo FIPS140-2 CFB1 tests require this. [Steve Henson] *) Add option --with-fipslibdir to specify location of fipscanister.lib and friends. When combined with fips build option fipscanister.lib is not built but linked from the supplied directory. Always link fips Loading
crypto/evp/evp.h +3 −0 Original line number Diff line number Diff line Loading @@ -378,6 +378,8 @@ struct evp_cipher_st #define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 /* Allow use default ASN1 get/set iv */ #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* ctrl() values */ Loading Loading @@ -470,6 +472,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) #define M_EVP_MD_CTX_md(e) ((e)->digest) #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) Loading
crypto/evp/evp_locl.h +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } Loading
fips/aes/fips_aesavs.c +4 −0 Original line number Diff line number Diff line Loading @@ -212,6 +212,8 @@ int AESTest(EVP_CIPHER_CTX *ctx, } if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) return 0; if(!strcasecmp(amode,"CFB1")) M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); if (dir) EVP_Cipher(ctx, ciphertext, plaintext, len); else Loading Loading @@ -377,9 +379,11 @@ int do_mct(char *amode, case CFB1: if(j == 0) { #if 0 /* compensate for wrong endianness of input file */ if(i == 0) ptext[0][0]<<=7; #endif ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir, ptext[j], ctext[j], len); } Loading
