summaryrefslogtreecommitdiff
path: root/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libcrypto/evp')
-rw-r--r--lib/libcrypto/evp/bio_enc.c2
-rw-r--r--lib/libcrypto/evp/c_alld.c10
-rw-r--r--lib/libcrypto/evp/e_aes.c6
-rw-r--r--lib/libcrypto/evp/encode.c2
-rw-r--r--lib/libcrypto/evp/evp.h12
-rw-r--r--lib/libcrypto/evp/evp_err.c158
-rw-r--r--lib/libcrypto/evp/evp_key.c3
-rw-r--r--lib/libcrypto/evp/m_dss1.c9
-rw-r--r--lib/libcrypto/evp/m_sha.c3
-rw-r--r--lib/libcrypto/evp/m_sha1.c119
-rw-r--r--lib/libcrypto/evp/p5_crpt2.c11
11 files changed, 247 insertions, 88 deletions
diff --git a/lib/libcrypto/evp/bio_enc.c b/lib/libcrypto/evp/bio_enc.c
index ab818515034..b8cda1a9f07 100644
--- a/lib/libcrypto/evp/bio_enc.c
+++ b/lib/libcrypto/evp/bio_enc.c
@@ -71,7 +71,7 @@ static int enc_new(BIO *h);
static int enc_free(BIO *data);
static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
#define ENC_BLOCK_SIZE (1024*4)
-#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH
+#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
typedef struct enc_struct
{
diff --git a/lib/libcrypto/evp/c_alld.c b/lib/libcrypto/evp/c_alld.c
index aae7bf7482a..929ea56a3eb 100644
--- a/lib/libcrypto/evp/c_alld.c
+++ b/lib/libcrypto/evp/c_alld.c
@@ -100,4 +100,14 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest_alias(SN_ripemd160,"ripemd");
EVP_add_digest_alias(SN_ripemd160,"rmd160");
#endif
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
+#endif
}
diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c
index f35036c9d76..7b67984fa10 100644
--- a/lib/libcrypto/evp/e_aes.c
+++ b/lib/libcrypto/evp/e_aes.c
@@ -86,9 +86,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-IMPLEMENT_AES_CFBR(128,1,0)
-IMPLEMENT_AES_CFBR(192,1,0)
-IMPLEMENT_AES_CFBR(256,1,0)
+IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
diff --git a/lib/libcrypto/evp/encode.c b/lib/libcrypto/evp/encode.c
index 08209357ce0..33e540087d5 100644
--- a/lib/libcrypto/evp/encode.c
+++ b/lib/libcrypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
/* There will never be more than two '=' */
}
- if ((v == B64_EOF) || (n >= 64))
+ if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
{
/* This is needed to work correctly on 64 byte input
* lines. We process the line and then need to
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index 09e597f631b..f29e0ba8f00 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -86,7 +86,7 @@
#define EVP_CAST5_KEY_SIZE 16
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
-#define EVP_MAX_MD_SIZE 64 /* to fit SHA512 */
+#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
#define EVP_MAX_KEY_LENGTH 32
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
@@ -589,6 +589,16 @@ const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+#endif
+#ifndef OPENSSL_NO_SHA512
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+#endif
+#endif
#endif
#ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);
diff --git a/lib/libcrypto/evp/evp_err.c b/lib/libcrypto/evp/evp_err.c
index 40135d07292..77eee070d38 100644
--- a/lib/libcrypto/evp/evp_err.c
+++ b/lib/libcrypto/evp/evp_err.c
@@ -64,88 +64,92 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
+
static ERR_STRING_DATA EVP_str_functs[]=
{
-{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"},
-{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
-{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"},
-{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"},
-{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"},
-{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"},
-{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"},
-{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"},
-{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"},
-{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"},
-{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
-{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"},
-{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"},
-{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"},
-{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"},
-{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"},
-{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"},
-{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"},
-{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"},
-{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"},
-{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"},
-{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"},
-{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"},
-{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"},
+{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"},
+{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"},
+{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
+{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"},
+{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
+{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"},
+{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"},
+{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
+{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
+{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
+{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
+{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"},
+{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
+{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
+{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
+{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
+{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
{0,NULL}
};
static ERR_STRING_DATA EVP_str_reasons[]=
{
-{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"},
-{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"},
-{EVP_R_BAD_DECRYPT ,"bad decrypt"},
-{EVP_R_BAD_KEY_LENGTH ,"bad key length"},
-{EVP_R_BN_DECODE_ERROR ,"bn decode error"},
-{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"},
-{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"},
-{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"},
-{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"},
-{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
-{EVP_R_DECODE_ERROR ,"decode error"},
-{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"},
-{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"},
-{EVP_R_ENCODE_ERROR ,"encode error"},
-{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"},
-{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"},
-{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"},
-{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"},
-{EVP_R_INITIALIZATION_ERROR ,"initialization error"},
-{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"},
-{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"},
-{EVP_R_IV_TOO_LARGE ,"iv too large"},
-{EVP_R_KEYGEN_FAILURE ,"keygen failure"},
-{EVP_R_MISSING_PARAMETERS ,"missing parameters"},
-{EVP_R_NO_CIPHER_SET ,"no cipher set"},
-{EVP_R_NO_DIGEST_SET ,"no digest set"},
-{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"},
-{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"},
-{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"},
-{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"},
-{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
-{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"},
-{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"},
-{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"},
-{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
-{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"},
-{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"},
-{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
-{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"},
-{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"},
-{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"},
+{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
+{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
+{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
+{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
+{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
+{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
+{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
+{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
+{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
+{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
+{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
+{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
+{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
+{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
+{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
+{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
+{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
+{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
+{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
+{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
+{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
+{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
+{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
+{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
+{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
+{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
+{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
+{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
+{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
+{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
+{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"},
+{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"},
+{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
+{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
+{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
+{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
{0,NULL}
};
@@ -159,8 +163,8 @@ void ERR_load_EVP_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
- ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+ ERR_load_strings(0,EVP_str_functs);
+ ERR_load_strings(0,EVP_str_reasons);
#endif
}
diff --git a/lib/libcrypto/evp/evp_key.c b/lib/libcrypto/evp/evp_key.c
index 5f387a94d32..f8650d5df69 100644
--- a/lib/libcrypto/evp/evp_key.c
+++ b/lib/libcrypto/evp/evp_key.c
@@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
EVP_MD_CTX_init(&c);
for (;;)
{
- EVP_DigestInit_ex(&c,md, NULL);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ return 0;
if (addmd++)
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestUpdate(&c,data,datal);
diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c
index f5668ebda0a..23b90d05386 100644
--- a/lib/libcrypto/evp/m_dss1.c
+++ b/lib/libcrypto/evp/m_dss1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
+#else
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA1_Update(ctx->md_data,data,count);
+ }
+#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@@ -77,7 +84,7 @@ static const EVP_MD dss1_md=
NID_dsa,
NID_dsaWithSHA1,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_FIPS,
init,
update,
final,
diff --git a/lib/libcrypto/evp/m_sha.c b/lib/libcrypto/evp/m_sha.c
index d1785e5f745..ed54909b162 100644
--- a/lib/libcrypto/evp/m_sha.c
+++ b/lib/libcrypto/evp/m_sha.c
@@ -59,6 +59,9 @@
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
#include <stdio.h>
#include "cryptlib.h"
+/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
+ * exactly what we want to achieve here... */
+#include <openssl/sha.h>
#include <openssl/evp.h>
#include "evp_locl.h"
#include <openssl/objects.h>
diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c
index fe4402389ae..60da93873c2 100644
--- a/lib/libcrypto/evp/m_sha1.c
+++ b/lib/libcrypto/evp/m_sha1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
+#else
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA1_Update(ctx->md_data,data,count);
+ }
+#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
return(&sha1_md);
}
#endif
+
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+static int init224(EVP_MD_CTX *ctx)
+ { return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+ { return SHA256_Init(ctx->md_data); }
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA256_Update(ctx->md_data,data,count);
+ }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD sha224_md=
+ {
+ NID_sha224,
+ NID_sha224WithRSAEncryption,
+ SHA224_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init224,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ };
+
+const EVP_MD *EVP_sha224(void)
+ { return(&sha224_md); }
+
+static const EVP_MD sha256_md=
+ {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init256,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ };
+
+const EVP_MD *EVP_sha256(void)
+ { return(&sha256_md); }
+#endif /* ifndef OPENSSL_NO_SHA256 */
+
+#ifndef OPENSSL_NO_SHA512
+static int init384(EVP_MD_CTX *ctx)
+ { return SHA384_Init(ctx->md_data); }
+static int init512(EVP_MD_CTX *ctx)
+ { return SHA512_Init(ctx->md_data); }
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA512_Update(ctx->md_data,data,count);
+ }
+static int final512(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA512_Final(md,ctx->md_data); }
+
+static const EVP_MD sha384_md=
+ {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init384,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ };
+
+const EVP_MD *EVP_sha384(void)
+ { return(&sha384_md); }
+
+static const EVP_MD sha512_md=
+ {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init512,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ };
+
+const EVP_MD *EVP_sha512(void)
+ { return(&sha512_md); }
+#endif /* ifndef OPENSSL_NO_SHA512 */
+#endif /* ifdef OPENSSL_FIPS */
diff --git a/lib/libcrypto/evp/p5_crpt2.c b/lib/libcrypto/evp/p5_crpt2.c
index 1f94e1ef88b..1d5fabc4b2a 100644
--- a/lib/libcrypto/evp/p5_crpt2.c
+++ b/lib/libcrypto/evp/p5_crpt2.c
@@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
/* Now decode key derivation function */
+ if(!pbe2->keyfunc->parameter ||
+ (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
+ {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+ goto err;
+ }
+
pbuf = pbe2->keyfunc->parameter->value.sequence->data;
plen = pbe2->keyfunc->parameter->value.sequence->length;
- if(!pbe2->keyfunc->parameter ||
- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
- !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+ if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
goto err;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-26 07:59:56 +0000