generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS

Browse Source 
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
This commit is contained in:
Dr. Stephen Henson 2008-09-16 10:47:28 +00:00
parent 59f3477b82
commit 96a259e81e
35 changed files with 255 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/aes/aes.h
View File

@ -66,6 +66,10 @@
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
#ifdef OPENSSL_FIPS
#define FIPS_AES_SIZE_T int
#endif
#ifdef __cplusplus
extern "C" {
#endif

2
crypto/aes/aes_cbc.c
View File

@ -59,6 +59,7 @@
#include <openssl/aes.h>
#include "aes_locl.h"
#if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char *ivec, const int enc) {
@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
}
}
#endif

8
crypto/aes/aes_core.c
View File

@ -37,6 +37,10 @@
#include <stdlib.h>
#include <openssl/aes.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "aes_locl.h"
/*
@ -631,6 +635,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
int i = 0;
u32 temp;
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
if (!userKey || !key)
return -1;
if (bits != 128 && bits != 192 && bits != 256)

7
crypto/bf/bf_skey.c
View File

@ -59,10 +59,15 @@
#include <stdio.h>
#include <string.h>
#include <openssl/blowfish.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "bf_locl.h"
#include "bf_pi.h"
void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
FIPS_NON_FIPS_VCIPHER_Init(BF)
{
int i;
BF_LONG *p,ri,in[2];

4
crypto/bf/blowfish.h
View File

@ -104,7 +104,9 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
#ifdef OPENSSL_FIPS
void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
#endif
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_encrypt(BF_LONG *data,const BF_KEY *key);

7
crypto/cast/c_skey.c
View File

@ -57,6 +57,11 @@
*/
#include <openssl/cast.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "cast_lcl.h"
#include "cast_s.h"
@ -72,7 +77,7 @@
#define S6 CAST_S_table6
#define S7 CAST_S_table7
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
FIPS_NON_FIPS_VCIPHER_Init(CAST)
{
CAST_LONG x[16];
CAST_LONG z[16];

4
crypto/cast/cast.h
View File

@ -83,7 +83,9 @@ typedef struct cast_key_st
int short_key; /* Use reduced rounds for short key */
} CAST_KEY;
#ifdef OPENSSL_FIPS
void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
#endif
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
int enc);

54
crypto/crypto.h
View File

@ -523,6 +523,60 @@ unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
int OPENSSL_isservice(void);
#ifdef OPENSSL_FIPS
#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
#alg " Algorithm forbidden in FIPS mode");
#ifdef OPENSSL_FIPS_STRICT
#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
#else
#define FIPS_BAD_ALGORITHM(alg) \
{ \
FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
ERR_add_error_data(2, "Algorithm=", #alg); \
return 0; \
}
#endif
/* Low level digest API blocking macro */
#define FIPS_NON_FIPS_MD_Init(alg) \
int alg##_Init(alg##_CTX *c) \
{ \
if (FIPS_mode()) \
FIPS_BAD_ALGORITHM(alg) \
return private_##alg##_Init(c); \
} \
int private_##alg##_Init(alg##_CTX *c)
/* For ciphers the API often varies from cipher to cipher and each needs to
* be treated as a special case. Variable key length ciphers (Blowfish, RC4,
* CAST) however are very similar and can use a blocking macro.
*/
#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
{ \
if (FIPS_mode()) \
FIPS_BAD_ABORT(alg) \
private_##alg##_set_key(key, len, data); \
} \
void private_##alg##_set_key(alg##_KEY *key, int len, \
const unsigned char *data)
#else
#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
#define FIPS_NON_FIPS_MD_Init(alg) \
int alg##_Init(alg##_CTX *c)
#endif /* def OPENSSL_FIPS */
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.

17
crypto/idea/i_skey.c
View File

@ -57,10 +57,27 @@
*/
#include <openssl/idea.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "idea_lcl.h"
static IDEA_INT inverse(unsigned int xin);
#ifdef OPENSSL_FIPS
void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
{
if (FIPS_mode())
FIPS_BAD_ABORT(IDEA)
private_idea_set_encrypt_key(key, ks);
}
void private_idea_set_encrypt_key(const unsigned char *key,
IDEA_KEY_SCHEDULE *ks)
#else
void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
#endif
{
int i;
register IDEA_INT *kt,*kf,r0,r1,r2;

3
crypto/idea/idea.h
View File

@ -83,6 +83,9 @@ typedef struct idea_key_st
const char *idea_options(void);
void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
IDEA_KEY_SCHEDULE *ks);
#ifdef OPENSSL_FIPS
void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
#endif
void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

3
crypto/md2/md2.h
View File

@ -81,6 +81,9 @@ typedef struct MD2state_st
} MD2_CTX;
const char *MD2_options(void);
#ifdef OPENSSL_FIPS
int private_MD2_Init(MD2_CTX *c);
#endif
int MD2_Init(MD2_CTX *c);
int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
int MD2_Final(unsigned char *md, MD2_CTX *c);

7
crypto/md2/md2_dgst.c
View File

@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include <openssl/err.h>
const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
@ -116,7 +121,7 @@ const char *MD2_options(void)
return("md2(int)");
}
int MD2_Init(MD2_CTX *c)
FIPS_NON_FIPS_MD_Init(MD2)
{
c->num=0;
memset(c->state,0,sizeof c->state);

3
crypto/md4/md4.h
View File

@ -105,6 +105,9 @@ typedef struct MD4state_st
unsigned int num;
} MD4_CTX;
#ifdef OPENSSL_FIPS
int private_MD4_Init(MD4_CTX *c);
#endif
int MD4_Init(MD4_CTX *c);
int MD4_Update(MD4_CTX *c, const void *data, size_t len);
int MD4_Final(unsigned char *md, MD4_CTX *c);

7
crypto/md4/md4_dgst.c
View File

@ -59,6 +59,11 @@
#include <stdio.h>
#include "md4_locl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
@ -70,7 +75,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
int MD4_Init(MD4_CTX *c)
FIPS_NON_FIPS_MD_Init(MD4)
{
c->A=INIT_DATA_A;
c->B=INIT_DATA_B;

3
crypto/md5/md5.h
View File

@ -105,6 +105,9 @@ typedef struct MD5state_st
unsigned int num;
} MD5_CTX;
#ifdef OPENSSL_FIPS
int private_MD5_Init(MD5_CTX *c);
#endif
int MD5_Init(MD5_CTX *c);
int MD5_Update(MD5_CTX *c, const void *data, size_t len);
int MD5_Final(unsigned char *md, MD5_CTX *c);

7
crypto/md5/md5_dgst.c
View File

@ -59,6 +59,11 @@
#include <stdio.h>
#include "md5_locl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
@ -70,7 +75,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
int MD5_Init(MD5_CTX *c)
FIPS_NON_FIPS_MD_Init(MD5)
{
c->A=INIT_DATA_A;
c->B=INIT_DATA_B;

4
crypto/mdc2/mdc2.h
View File

@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st
int pad_type; /* either 1 or 2, default 1 */
} MDC2_CTX;
#ifdef OPENSSL_FIPS
int private_MDC2_Init(MDC2_CTX *c);
#endif
int MDC2_Init(MDC2_CTX *c);
int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
int MDC2_Final(unsigned char *md, MDC2_CTX *c);

7
crypto/mdc2/mdc2dgst.c
View File

@ -61,6 +61,11 @@
#include <string.h>
#include <openssl/des.h>
#include <openssl/mdc2.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#undef c2l
#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
@ -75,7 +80,7 @@
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
int MDC2_Init(MDC2_CTX *c)
FIPS_NON_FIPS_MD_Init(MDC2)
{
c->num=0;
c->pad_type=1;

4
crypto/rc2/rc2.h
View File

@ -79,7 +79,9 @@ typedef struct rc2_key_st
RC2_INT data[64];
} RC2_KEY;
#ifdef OPENSSL_FIPS
void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
#endif
void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
int enc);

17
crypto/rc2/rc2_skey.c
View File

@ -57,6 +57,11 @@
*/
#include <openssl/rc2.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "rc2_locl.h"
static unsigned char key_table[256]={
@ -94,7 +99,19 @@ static unsigned char key_table[256]={
* BSAFE uses the 'retarded' version. What I previously shipped is
* the same as specifying 1024 for the 'bits' parameter. Bsafe uses
* a version where the bits parameter is the same as len*8 */
#ifdef OPENSSL_FIPS
void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
{
if (FIPS_mode())
FIPS_BAD_ABORT(RC2)
private_RC2_set_key(key, len, data, bits);
}
void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
int bits)
#else
void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
#endif
{
int i,j;
unsigned char *k;

2
crypto/rc4/asm/rc4-x86_64.pl
View File

@ -359,6 +359,8 @@ ___
$code =~ s/#([bwd])/$1/gm;
$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne "");
print $code;
close STDOUT;

3
crypto/rc4/rc4.h
View File

@ -76,6 +76,9 @@ typedef struct rc4_key_st
const char *RC4_options(void);
#ifdef OPENSSL_FIPS
void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
#endif
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
unsigned char *outdata);

16
crypto/rc4/rc4_skey.c
View File

@ -59,6 +59,11 @@
#include <openssl/rc4.h>
#include "rc4_locl.h"
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
@ -85,7 +90,11 @@ const char *RC4_options(void)
* Date: Wed, 14 Sep 1994 06:35:31 GMT
*/
#ifdef OPENSSL_FIPS
void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
#else
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
#endif
{
register RC4_INT tmp;
register int id1,id2;
@ -127,7 +136,12 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
*
* <appro@fy.chalmers.se>
*/
if (OPENSSL_ia32cap_P & (1<<20)) {
#ifdef OPENSSL_FIPS
unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
#else
if (OPENSSL_ia32cap_P & (1<<28)) {
#endif
unsigned char *cp=(unsigned char *)d;
for (i=0;i<256;i++) cp[i]=i;

5
crypto/rc5/rc5.h
View File

@ -94,7 +94,10 @@ typedef struct rc5_key_st
RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
} RC5_32_KEY;
#ifdef OPENSSL_FIPS
void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds);
#endif
void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds);
void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,

17
crypto/rc5/rc5_skey.c
View File

@ -56,12 +56,29 @@
* [including the GNU Public Licence.]
*/
#include <openssl/crypto.h>
#include <openssl/rc5.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "rc5_locl.h"
#ifdef OPENSSL_FIPS
void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds)
{
if (FIPS_mode())
FIPS_BAD_ABORT(RC5)
private_RC5_32_set_key(key, len, data, rounds);
}
void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds)
#else
void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds)
#endif
{
RC5_32_INT L[64],l,ll,A,B,*S,k;
int i,j,m,c,t,ii,jj;

4
crypto/ripemd/ripemd.h
View File

@ -90,7 +90,9 @@ typedef struct RIPEMD160state_st
RIPEMD160_LONG data[RIPEMD160_LBLOCK];
unsigned int num;
} RIPEMD160_CTX;
#ifdef OPENSSL_FIPS
int private_RIPEMD160_Init(RIPEMD160_CTX *c);
#endif
int RIPEMD160_Init(RIPEMD160_CTX *c);
int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

7
crypto/ripemd/rmd_dgst.c
View File

@ -59,6 +59,11 @@
#include <stdio.h>
#include "rmd_locl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
@ -69,7 +74,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
# endif
int RIPEMD160_Init(RIPEMD160_CTX *c)
FIPS_NON_FIPS_MD_Init(RIPEMD160)
{
c->A=RIPEMD160_A;
c->B=RIPEMD160_B;

2
crypto/ripemd/rmd_locl.h
View File

@ -72,7 +72,7 @@
*/
#ifdef RMD160_ASM
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
# define ripemd160_block_data_order ripemd160_block_asm_data_order
# define ripemd160_block_host_order ripemd160_block_asm_data_order
# endif
#endif

3
crypto/sha/sha.h
View File

@ -106,6 +106,9 @@ typedef struct SHAstate_st
} SHA_CTX;
#ifndef OPENSSL_NO_SHA0
#ifdef OPENSSL_FIPS
int private_SHA_Init(SHA_CTX *c);
#endif
int SHA_Init(SHA_CTX *c);
int SHA_Update(SHA_CTX *c, const void *data, size_t len);
int SHA_Final(unsigned char *md, SHA_CTX *c);

2
crypto/sha/sha1_one.c
View File

@ -61,7 +61,7 @@
#include <openssl/sha.h>
#include <openssl/crypto.h>
#ifndef OPENSSL_NO_SHA1
#if !defined(OPENSSL_NO_SHA1)
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;

4
crypto/sha/sha1dgst.c
View File

@ -63,6 +63,10 @@
#define SHA_1
#include <openssl/opensslv.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;

10
crypto/sha/sha256.c
View File

@ -12,12 +12,19 @@
#include <openssl/crypto.h>
#include <openssl/sha.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include <openssl/opensslv.h>
const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
int SHA224_Init (SHA256_CTX *c)
{
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
@ -29,6 +36,9 @@ int SHA224_Init (SHA256_CTX *c)
int SHA256_Init (SHA256_CTX *c)
{
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;

12
crypto/sha/sha512.c
View File

@ -5,6 +5,10 @@
* ====================================================================
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
/*
* IMPLEMENTATION NOTES.
@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
int SHA384_Init (SHA512_CTX *c)
{
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=U64(0xcbbb9d5dc1059ed8);
c->h[1]=U64(0x629a292a367cd507);
c->h[2]=U64(0x9159015a3070dd17);
@ -76,6 +83,9 @@ int SHA384_Init (SHA512_CTX *c)
int SHA512_Init (SHA512_CTX *c)
{
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
@ -327,7 +337,7 @@ static const SHA_LONG64 K512[80] = {
((SHA_LONG64)hi)<<32|lo; })
# else
# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
unsigned int hi=p[0],lo=p[1]; \
unsigned int hi=p[0],lo=p[1]; \
asm ("bswapl %0; bswapl %1;" \
: "=r"(lo),"=r"(hi) \
: "0"(lo),"1"(hi)); \

6
crypto/sha/sha_dgst.c
View File

@ -57,6 +57,12 @@
*/
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include <openssl/err.h>
#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
#undef SHA_1

7
crypto/sha/sha_locl.h
View File

@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
#define INIT_DATA_h3 0x10325476UL
#define INIT_DATA_h4 0xc3d2e1f0UL
#if defined(SHA_0) && defined(OPENSSL_FIPS)
FIPS_NON_FIPS_MD_Init(SHA)
#else
int HASH_INIT (SHA_CTX *c)
#endif
{
#if defined(SHA_1) && defined(OPENSSL_FIPS)
FIPS_selftest_check();
#endif
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
c->h2=INIT_DATA_h2;