Redirect digests to FIPS module for FIPS builds.

Use FIPS API when initialising digests.

Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
This commit is contained in:
Dr. Stephen Henson 2011-05-28 23:01:26 +00:00
parent ae6cb5483e
commit 04dc5a9ca6
9 changed files with 208 additions and 5 deletions

View File

@ -4,6 +4,13 @@
Changes between 1.0.0d and 1.0.1 [xx XXX xxxx] Changes between 1.0.0d and 1.0.1 [xx XXX xxxx]
*) Redirect digest operations to FIPS module for FIPS builds.
[Steve Henson]
*) Update build system to add "fips" flag which will link in fipscanister.o
for static and shared library builds embedding a signature if needed.
[Steve Henson]
*) Add protection against ECDSA timing attacks as mentioned in the paper *) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see: by Billy Bob Brumley and Nicola Tuveri, see:

View File

@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c
LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
@ -40,7 +40,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o
SRC= $(LIBSRC) SRC= $(LIBSRC)

View File

@ -117,6 +117,10 @@
#include <openssl/engine.h> #include <openssl/engine.h>
#endif #endif
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
void EVP_MD_CTX_init(EVP_MD_CTX *ctx) void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{ {
memset(ctx,'\0',sizeof *ctx); memset(ctx,'\0',sizeof *ctx);
@ -225,6 +229,16 @@ skip_to_init:
} }
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1; return 1;
#ifdef OPENSSL_FIPS
if (FIPS_mode())
{
if (FIPS_digestinit(ctx, type))
return 1;
OPENSSL_free(ctx->md_data);
ctx->md_data = NULL;
return 0;
}
#endif
return ctx->digest->init(ctx); return ctx->digest->init(ctx);
} }

View File

@ -58,6 +58,8 @@
#include <openssl/modes.h> #include <openssl/modes.h>
#include "evp_locl.h" #include "evp_locl.h"
#ifndef OPENSSL_FIPS
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc); const unsigned char *iv, int enc);
@ -192,3 +194,5 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
} }
#endif #endif
#endif

View File

@ -65,6 +65,8 @@
#include <openssl/des.h> #include <openssl/des.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#ifndef OPENSSL_FIPS
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv,int enc); const unsigned char *iv,int enc);
@ -311,3 +313,4 @@ const EVP_CIPHER *EVP_des_ede3(void)
return &des_ede3_ecb; return &des_ede3_ecb;
} }
#endif #endif
#endif

View File

@ -83,7 +83,7 @@
#define EVP_RC5_32_12_16_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16
*/ */
#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ #define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
#define EVP_MAX_KEY_LENGTH 32 #define EVP_MAX_KEY_LENGTH 64
#define EVP_MAX_IV_LENGTH 16 #define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32 #define EVP_MAX_BLOCK_LENGTH 32
@ -116,6 +116,7 @@
#define EVP_PKEY_DH NID_dhKeyAgreement #define EVP_PKEY_DH NID_dhKeyAgreement
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
#define EVP_PKEY_HMAC NID_hmac #define EVP_PKEY_HMAC NID_hmac
#define EVP_PKEY_CMAC NID_cmac
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -216,6 +217,8 @@ typedef int evp_verify_method(int type,const unsigned char *m,
#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 #define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018
#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
/* Digest ctrls */ /* Digest ctrls */
#define EVP_MD_CTRL_DIGALGID 0x1 #define EVP_MD_CTRL_DIGALGID 0x1
@ -326,6 +329,9 @@ struct evp_cipher_st
#define EVP_CIPH_CFB_MODE 0x3 #define EVP_CIPH_CFB_MODE 0x3
#define EVP_CIPH_OFB_MODE 0x4 #define EVP_CIPH_OFB_MODE 0x4
#define EVP_CIPH_CTR_MODE 0x5 #define EVP_CIPH_CTR_MODE 0x5
#define EVP_CIPH_GCM_MODE 0x6
#define EVP_CIPH_CCM_MODE 0x7
#define EVP_CIPH_XTS_MODE 0x10001
#define EVP_CIPH_MODE 0xF0007 #define EVP_CIPH_MODE 0xF0007
/* Set if variable length cipher */ /* Set if variable length cipher */
#define EVP_CIPH_VARIABLE_LENGTH 0x8 #define EVP_CIPH_VARIABLE_LENGTH 0x8
@ -347,6 +353,14 @@ struct evp_cipher_st
#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
/* Buffer length in bits not bytes: CFB1 mode only */ /* Buffer length in bits not bytes: CFB1 mode only */
#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
/* Note if suitable for use in FIPS mode */
#define EVP_CIPH_FLAG_FIPS 0x4000
/* Allow non FIPS cipher in FIPS mode */
#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
/* Cipher handles any and all padding logic as well
* as finalisation.
*/
#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x10000
/* ctrl() values */ /* ctrl() values */
@ -359,6 +373,16 @@ struct evp_cipher_st
#define EVP_CTRL_RAND_KEY 0x6 #define EVP_CTRL_RAND_KEY 0x6
#define EVP_CTRL_PBE_PRF_NID 0x7 #define EVP_CTRL_PBE_PRF_NID 0x7
#define EVP_CTRL_COPY 0x8 #define EVP_CTRL_COPY 0x8
#define EVP_CTRL_GCM_SET_IVLEN 0x9
#define EVP_CTRL_GCM_GET_TAG 0x10
#define EVP_CTRL_GCM_SET_TAG 0x11
#define EVP_CTRL_GCM_SET_IV_FIXED 0x12
#define EVP_CTRL_GCM_IV_GEN 0x13
#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG
#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG
#define EVP_CTRL_CCM_SET_L 0x14
#define EVP_CTRL_CCM_SET_MSGLEN 0x15
typedef struct evp_cipher_info_st typedef struct evp_cipher_info_st
{ {
@ -743,6 +767,9 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
# define EVP_aes_128_cfb EVP_aes_128_cfb128 # define EVP_aes_128_cfb EVP_aes_128_cfb128
const EVP_CIPHER *EVP_aes_128_ofb(void); const EVP_CIPHER *EVP_aes_128_ofb(void);
const EVP_CIPHER *EVP_aes_128_ctr(void); const EVP_CIPHER *EVP_aes_128_ctr(void);
const EVP_CIPHER *EVP_aes_128_ccm(void);
const EVP_CIPHER *EVP_aes_128_gcm(void);
const EVP_CIPHER *EVP_aes_128_xts(void);
const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void); const EVP_CIPHER *EVP_aes_192_cbc(void);
const EVP_CIPHER *EVP_aes_192_cfb1(void); const EVP_CIPHER *EVP_aes_192_cfb1(void);
@ -751,6 +778,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
# define EVP_aes_192_cfb EVP_aes_192_cfb128 # define EVP_aes_192_cfb EVP_aes_192_cfb128
const EVP_CIPHER *EVP_aes_192_ofb(void); const EVP_CIPHER *EVP_aes_192_ofb(void);
const EVP_CIPHER *EVP_aes_192_ctr(void); const EVP_CIPHER *EVP_aes_192_ctr(void);
const EVP_CIPHER *EVP_aes_192_ccm(void);
const EVP_CIPHER *EVP_aes_192_gcm(void);
const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(void); const EVP_CIPHER *EVP_aes_256_cfb1(void);
@ -759,6 +788,9 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
# define EVP_aes_256_cfb EVP_aes_256_cfb128 # define EVP_aes_256_cfb EVP_aes_256_cfb128
const EVP_CIPHER *EVP_aes_256_ofb(void); const EVP_CIPHER *EVP_aes_256_ofb(void);
const EVP_CIPHER *EVP_aes_256_ctr(void); const EVP_CIPHER *EVP_aes_256_ctr(void);
const EVP_CIPHER *EVP_aes_256_ccm(void);
const EVP_CIPHER *EVP_aes_256_gcm(void);
const EVP_CIPHER *EVP_aes_256_xts(void);
#endif #endif
#ifndef OPENSSL_NO_CAMELLIA #ifndef OPENSSL_NO_CAMELLIA
const EVP_CIPHER *EVP_camellia_128_ecb(void); const EVP_CIPHER *EVP_camellia_128_ecb(void);
@ -1042,10 +1074,16 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
#define EVP_PKEY_CTRL_CMS_DECRYPT 10 #define EVP_PKEY_CTRL_CMS_DECRYPT 10
#define EVP_PKEY_CTRL_CMS_SIGN 11 #define EVP_PKEY_CTRL_CMS_SIGN 11
#define EVP_PKEY_CTRL_CIPHER 12
#define EVP_PKEY_ALG_CTRL 0x1000 #define EVP_PKEY_ALG_CTRL 0x1000
#define EVP_PKEY_FLAG_AUTOARGLEN 2 #define EVP_PKEY_FLAG_AUTOARGLEN 2
/* Method handles all operations: don't assume any digest related
* defaults.
*/
#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
@ -1188,7 +1226,9 @@ void ERR_load_EVP_strings(void);
/* Error codes for the EVP functions. */ /* Error codes for the EVP functions. */
/* Function codes. */ /* Function codes. */
#define EVP_F_AESNI_INIT_KEY 165
#define EVP_F_AES_INIT_KEY 133 #define EVP_F_AES_INIT_KEY 133
#define EVP_F_AES_XTS 172
#define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_CAMELLIA_INIT_KEY 159
#define EVP_F_D2I_PKEY 100 #define EVP_F_D2I_PKEY 100
#define EVP_F_DO_SIGVER_INIT 161 #define EVP_F_DO_SIGVER_INIT 161
@ -1244,15 +1284,23 @@ void ERR_load_EVP_strings(void);
#define EVP_F_EVP_RIJNDAEL 126 #define EVP_F_EVP_RIJNDAEL 126
#define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_SIGNFINAL 107
#define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_EVP_VERIFYFINAL 108
#define EVP_F_FIPS_CIPHERINIT 166
#define EVP_F_FIPS_CIPHER_CTX_COPY 170
#define EVP_F_FIPS_CIPHER_CTX_CTRL 167
#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171
#define EVP_F_FIPS_DIGESTINIT 168
#define EVP_F_FIPS_MD_CTX_COPY 169
#define EVP_F_INT_CTX_NEW 157 #define EVP_F_INT_CTX_NEW 157
#define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_PBE_KEYIVGEN 117
#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
#define EVP_F_PKCS8_SET_BROKEN 112 #define EVP_F_PKCS8_SET_BROKEN 112
#define EVP_F_PKEY_SET_TYPE 158 #define EVP_F_PKEY_SET_TYPE 158
#define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC2_MAGIC_TO_METH 109
#define EVP_F_RC5_CTRL 125 #define EVP_F_RC5_CTRL 125
/* Reason codes. */ /* Reason codes. */
#define EVP_R_AES_IV_SETUP_FAILED 162
#define EVP_R_AES_KEY_SETUP_FAILED 143 #define EVP_R_AES_KEY_SETUP_FAILED 143
#define EVP_R_ASN1_LIB 140 #define EVP_R_ASN1_LIB 140
#define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_BLOCK_LENGTH 136
@ -1270,6 +1318,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_DECODE_ERROR 114 #define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_DIFFERENT_PARAMETERS 153 #define EVP_R_DIFFERENT_PARAMETERS 153
#define EVP_R_DISABLED_FOR_FIPS 163
#define EVP_R_ENCODE_ERROR 115 #define EVP_R_ENCODE_ERROR 115
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_AN_RSA_KEY 127
@ -1301,6 +1350,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 #define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
#define EVP_R_PUBLIC_KEY_NOT_RSA 106 #define EVP_R_PUBLIC_KEY_NOT_RSA 106
#define EVP_R_TOO_LARGE 164
#define EVP_R_UNKNOWN_CIPHER 160 #define EVP_R_UNKNOWN_CIPHER 160
#define EVP_R_UNKNOWN_DIGEST 161 #define EVP_R_UNKNOWN_DIGEST 161
#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121

View File

@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */ /* crypto/evp/evp_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -70,7 +70,9 @@
static ERR_STRING_DATA EVP_str_functs[]= static ERR_STRING_DATA EVP_str_functs[]=
{ {
{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
{ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"},
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
{ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"},
@ -86,7 +88,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"}, {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
@ -126,9 +128,16 @@ static ERR_STRING_DATA EVP_str_functs[]=
{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
{ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
{ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
{ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"},
{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"},
{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
{ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"},
{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
@ -138,6 +147,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
static ERR_STRING_DATA EVP_str_reasons[]= static ERR_STRING_DATA EVP_str_reasons[]=
{ {
{ERR_REASON(EVP_R_AES_IV_SETUP_FAILED) ,"aes iv setup failed"},
{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, {ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"},
{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
@ -155,6 +165,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"},
{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
@ -186,6 +197,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
{ERR_REASON(EVP_R_TOO_LARGE) ,"too large"},
{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},

108
crypto/evp/evp_fips.c Normal file
View File

@ -0,0 +1,108 @@
/* crypto/evp/evp_fips.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
const EVP_CIPHER *EVP_aes_128_cbc(void) { return FIPS_evp_aes_128_cbc(); }
const EVP_CIPHER *EVP_aes_128_ccm(void) { return FIPS_evp_aes_128_ccm(); }
const EVP_CIPHER *EVP_aes_128_cfb1(void) { return FIPS_evp_aes_128_cfb1(); }
const EVP_CIPHER *EVP_aes_128_cfb128(void) { return FIPS_evp_aes_128_cfb128(); }
const EVP_CIPHER *EVP_aes_128_cfb8(void) { return FIPS_evp_aes_128_cfb8(); }
const EVP_CIPHER *EVP_aes_128_ctr(void) { return FIPS_evp_aes_128_ctr(); }
const EVP_CIPHER *EVP_aes_128_ecb(void) { return FIPS_evp_aes_128_ecb(); }
const EVP_CIPHER *EVP_aes_128_gcm(void) { return FIPS_evp_aes_128_gcm(); }
const EVP_CIPHER *EVP_aes_128_ofb(void) { return FIPS_evp_aes_128_ofb(); }
const EVP_CIPHER *EVP_aes_128_xts(void) { return FIPS_evp_aes_128_xts(); }
const EVP_CIPHER *EVP_aes_192_cbc(void) { return FIPS_evp_aes_192_cbc(); }
const EVP_CIPHER *EVP_aes_192_ccm(void) { return FIPS_evp_aes_192_ccm(); }
const EVP_CIPHER *EVP_aes_192_cfb1(void) { return FIPS_evp_aes_192_cfb1(); }
const EVP_CIPHER *EVP_aes_192_cfb128(void) { return FIPS_evp_aes_192_cfb128(); }
const EVP_CIPHER *EVP_aes_192_cfb8(void) { return FIPS_evp_aes_192_cfb8(); }
const EVP_CIPHER *EVP_aes_192_ctr(void) { return FIPS_evp_aes_192_ctr(); }
const EVP_CIPHER *EVP_aes_192_ecb(void) { return FIPS_evp_aes_192_ecb(); }
const EVP_CIPHER *EVP_aes_192_gcm(void) { return FIPS_evp_aes_192_gcm(); }
const EVP_CIPHER *EVP_aes_192_ofb(void) { return FIPS_evp_aes_192_ofb(); }
const EVP_CIPHER *EVP_aes_256_cbc(void) { return FIPS_evp_aes_256_cbc(); }
const EVP_CIPHER *EVP_aes_256_ccm(void) { return FIPS_evp_aes_256_ccm(); }
const EVP_CIPHER *EVP_aes_256_cfb1(void) { return FIPS_evp_aes_256_cfb1(); }
const EVP_CIPHER *EVP_aes_256_cfb128(void) { return FIPS_evp_aes_256_cfb128(); }
const EVP_CIPHER *EVP_aes_256_cfb8(void) { return FIPS_evp_aes_256_cfb8(); }
const EVP_CIPHER *EVP_aes_256_ctr(void) { return FIPS_evp_aes_256_ctr(); }
const EVP_CIPHER *EVP_aes_256_ecb(void) { return FIPS_evp_aes_256_ecb(); }
const EVP_CIPHER *EVP_aes_256_gcm(void) { return FIPS_evp_aes_256_gcm(); }
const EVP_CIPHER *EVP_aes_256_ofb(void) { return FIPS_evp_aes_256_ofb(); }
const EVP_CIPHER *EVP_aes_256_xts(void) { return FIPS_evp_aes_256_xts(); }
const EVP_CIPHER *EVP_des_ede(void) { return FIPS_evp_des_ede(); }
const EVP_CIPHER *EVP_des_ede3(void) { return FIPS_evp_des_ede3(); }
const EVP_CIPHER *EVP_des_ede3_cbc(void) { return FIPS_evp_des_ede3_cbc(); }
const EVP_CIPHER *EVP_des_ede3_cfb1(void) { return FIPS_evp_des_ede3_cfb1(); }
const EVP_CIPHER *EVP_des_ede3_cfb64(void) { return FIPS_evp_des_ede3_cfb64(); }
const EVP_CIPHER *EVP_des_ede3_cfb8(void) { return FIPS_evp_des_ede3_cfb8(); }
const EVP_CIPHER *EVP_des_ede3_ecb(void) { return FIPS_evp_des_ede3_ecb(); }
const EVP_CIPHER *EVP_des_ede3_ofb(void) { return FIPS_evp_des_ede3_ofb(); }
const EVP_CIPHER *EVP_des_ede_cbc(void) { return FIPS_evp_des_ede_cbc(); }
const EVP_CIPHER *EVP_des_ede_cfb64(void) { return FIPS_evp_des_ede_cfb64(); }
const EVP_CIPHER *EVP_des_ede_ecb(void) { return FIPS_evp_des_ede_ecb(); }
const EVP_CIPHER *EVP_des_ede_ofb(void) { return FIPS_evp_des_ede_ofb(); }
const EVP_MD *EVP_sha1(void) { return FIPS_evp_sha1(); }
const EVP_MD *EVP_sha224(void) { return FIPS_evp_sha224(); }
const EVP_MD *EVP_sha256(void) { return FIPS_evp_sha256(); }
const EVP_MD *EVP_sha384(void) { return FIPS_evp_sha384(); }
const EVP_MD *EVP_sha512(void) { return FIPS_evp_sha512(); }
#endif

View File

@ -59,6 +59,8 @@
#include <stdio.h> #include <stdio.h>
#include "cryptlib.h" #include "cryptlib.h"
#ifndef OPENSSL_FIPS
#ifndef OPENSSL_NO_SHA #ifndef OPENSSL_NO_SHA
#include <openssl/evp.h> #include <openssl/evp.h>
@ -68,6 +70,7 @@
#include <openssl/rsa.h> #include <openssl/rsa.h>
#endif #endif
static int init(EVP_MD_CTX *ctx) static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); } { return SHA1_Init(ctx->md_data); }
@ -202,3 +205,5 @@ static const EVP_MD sha512_md=
const EVP_MD *EVP_sha512(void) const EVP_MD *EVP_sha512(void)
{ return(&sha512_md); } { return(&sha512_md); }
#endif /* ifndef OPENSSL_NO_SHA512 */ #endif /* ifndef OPENSSL_NO_SHA512 */
#endif