Use approved API for EVP digest operations in FIPS builds.
Call OPENSSL_init() in a few more places to make sure it is always called at least once. Initial cipher API redirection (incomplete).
This commit is contained in:
Dr. Stephen Henson
parent
9f375a752e
commit
293c58c1e7
@ -244,7 +244,11 @@ skip_to_init:
|
|||||||
|
|
||||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||||
{
|
{
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
return FIPS_digestupdate(ctx, data, count);
|
||||||
|
#else
|
||||||
return ctx->update(ctx,data,count);
|
return ctx->update(ctx,data,count);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The caller can assume that this removes any secret data from the context */
|
/* The caller can assume that this removes any secret data from the context */
|
||||||
@ -259,8 +263,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
|||||||
/* The caller can assume that this removes any secret data from the context */
|
/* The caller can assume that this removes any secret data from the context */
|
||||||
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
||||||
{
|
{
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
return FIPS_digestfinal(ctx, md, size);
|
||||||
|
#else
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
|
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
|
||||||
ret=ctx->digest->final(ctx,md);
|
ret=ctx->digest->final(ctx,md);
|
||||||
if (size != NULL)
|
if (size != NULL)
|
||||||
@ -272,6 +278,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
|||||||
}
|
}
|
||||||
memset(ctx->md_data,0,ctx->digest->ctx_size);
|
memset(ctx->md_data,0,ctx->digest->ctx_size);
|
||||||
return ret;
|
return ret;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
|
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
|
||||||
@ -365,6 +372,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
|
|||||||
/* This call frees resources associated with the context */
|
/* This call frees resources associated with the context */
|
||||||
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
||||||
{
|
{
|
||||||
|
#ifndef OPENSSL_FIPS
|
||||||
/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
|
/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
|
||||||
* because sometimes only copies of the context are ever finalised.
|
* because sometimes only copies of the context are ever finalised.
|
||||||
*/
|
*/
|
||||||
@ -377,6 +385,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|||||||
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
|
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
|
||||||
OPENSSL_free(ctx->md_data);
|
OPENSSL_free(ctx->md_data);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
if (ctx->pctx)
|
if (ctx->pctx)
|
||||||
EVP_PKEY_CTX_free(ctx->pctx);
|
EVP_PKEY_CTX_free(ctx->pctx);
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
@ -384,6 +393,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|||||||
/* The EVP_MD we used belongs to an ENGINE, release the
|
/* The EVP_MD we used belongs to an ENGINE, release the
|
||||||
* functional reference we held for this reason. */
|
* functional reference we held for this reason. */
|
||||||
ENGINE_finish(ctx->engine);
|
ENGINE_finish(ctx->engine);
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
FIPS_md_ctx_cleanup(ctx);
|
||||||
#endif
|
#endif
|
||||||
memset(ctx,'\0',sizeof *ctx);
|
memset(ctx,'\0',sizeof *ctx);
|
||||||
|
|
||||||
|
|||||||
@ -64,6 +64,9 @@
|
|||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
#include <openssl/engine.h>
|
#include <openssl/engine.h>
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
#include <openssl/fips.h>
|
||||||
|
#endif
|
||||||
#include "evp_locl.h"
|
#include "evp_locl.h"
|
||||||
|
|
||||||
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
|
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
|
||||||
@ -155,6 +158,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
|||||||
ctx->engine = NULL;
|
ctx->engine = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||||
|
#else
|
||||||
ctx->cipher=cipher;
|
ctx->cipher=cipher;
|
||||||
if (ctx->cipher->ctx_size)
|
if (ctx->cipher->ctx_size)
|
||||||
{
|
{
|
||||||
@ -179,6 +185,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
else if(!ctx->cipher)
|
else if(!ctx->cipher)
|
||||||
{
|
{
|
||||||
@ -188,6 +195,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
|||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
skip_to_init:
|
skip_to_init:
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||||
|
#else
|
||||||
/* we assume block size is a power of 2 in *cryptUpdate */
|
/* we assume block size is a power of 2 in *cryptUpdate */
|
||||||
OPENSSL_assert(ctx->cipher->block_size == 1
|
OPENSSL_assert(ctx->cipher->block_size == 1
|
||||||
|| ctx->cipher->block_size == 8
|
|| ctx->cipher->block_size == 8
|
||||||
@ -233,6 +243,7 @@ skip_to_init:
|
|||||||
ctx->final_used=0;
|
ctx->final_used=0;
|
||||||
ctx->block_mask=ctx->cipher->block_size-1;
|
ctx->block_mask=ctx->cipher->block_size-1;
|
||||||
return 1;
|
return 1;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||||
|
|||||||
@ -65,6 +65,7 @@
|
|||||||
int EVP_add_cipher(const EVP_CIPHER *c)
|
int EVP_add_cipher(const EVP_CIPHER *c)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
OPENSSL_init();
|
||||||
|
|
||||||
r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
|
r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
|
||||||
if (r == 0) return(0);
|
if (r == 0) return(0);
|
||||||
@ -78,6 +79,7 @@ int EVP_add_digest(const EVP_MD *md)
|
|||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
const char *name;
|
const char *name;
|
||||||
|
OPENSSL_init();
|
||||||
|
|
||||||
name=OBJ_nid2sn(md->type);
|
name=OBJ_nid2sn(md->type);
|
||||||
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
|
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
|
||||||
|
|||||||
@ -125,6 +125,7 @@ static long (*get_debug_options_func)(void) = NULL;
|
|||||||
int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
|
int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
|
||||||
void (*f)(void *))
|
void (*f)(void *))
|
||||||
{
|
{
|
||||||
|
OPENSSL_init();
|
||||||
if (!allow_customize)
|
if (!allow_customize)
|
||||||
return 0;
|
return 0;
|
||||||
if ((m == 0) || (r == 0) || (f == 0))
|
if ((m == 0) || (r == 0) || (f == 0))
|
||||||
@ -184,6 +185,7 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
|
|||||||
void (*so)(long),
|
void (*so)(long),
|
||||||
long (*go)(void))
|
long (*go)(void))
|
||||||
{
|
{
|
||||||
|
OPENSSL_init();
|
||||||
if (!allow_customize_debug)
|
if (!allow_customize_debug)
|
||||||
return 0;
|
return 0;
|
||||||
malloc_debug_func=m;
|
malloc_debug_func=m;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user