generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in

Browse Source 
the FIPS capable OpenSSL.
This commit is contained in:
Dr. Stephen Henson 2011-05-11 14:43:38 +00:00
parent 5024b79f5c
commit c2fd598994
19 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted
outside the validated module in the FIPS capable OpenSSL.
[Steve Henson]
*) Initial TLS v1.2 client support. Add a default signature algorithms *) Initial TLS v1.2 client support. Add a default signature algorithms
extension including all the algorithms we support. Parse new signature extension including all the algorithms we support. Parse new signature
format in client key exchange. Relax some ECC signing restrictions for format in client key exchange. Relax some ECC signing restrictions for

2
crypto/bn/bn_rand.c
View File

@ -252,7 +252,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
* generated. So we just use the second case which is equivalent to * generated. So we just use the second case which is equivalent to
* "Generation by Testing Candidates" mentioned in B.1.2 et al. * "Generation by Testing Candidates" mentioned in B.1.2 et al.
*/ */
else if (!FIPS_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) else if (!FIPS_module_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
#else #else
else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
#endif #endif

2
crypto/dh/dh_gen.c
View File

@ -118,7 +118,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB
return 0; return 0;
} }
if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) if (FIPS_module_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{ {
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
goto err; goto err;

4
crypto/dh/dh_key.c
View File

@ -128,7 +128,7 @@ static int generate_key(DH *dh)
BIGNUM *pub_key=NULL,*priv_key=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{ {
DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
return 0; return 0;
@ -227,7 +227,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
} }
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{ {
DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
goto err; goto err;

4
crypto/dsa/dsa_gen.c
View File

@ -141,7 +141,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err; goto err;
} }
if (FIPS_mode() && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)
&& (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{ {
DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL); DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
@ -412,7 +412,7 @@ static int dsa2_valid_parameters(size_t L, size_t N)
int fips_check_dsa_prng(DSA *dsa, size_t L, size_t N) int fips_check_dsa_prng(DSA *dsa, size_t L, size_t N)
{ {
int strength; int strength;
if (!FIPS_mode()) if (!FIPS_module_mode())
return 1; return 1;
if (dsa->flags & (DSA_FLAG_NON_FIPS_ALLOW|DSA_FLAG_FIPS_CHECKED)) if (dsa->flags & (DSA_FLAG_NON_FIPS_ALLOW|DSA_FLAG_FIPS_CHECKED))

2
crypto/dsa/dsa_key.c
View File

@ -106,7 +106,7 @@ static int dsa_builtin_keygen(DSA *dsa)
BIGNUM *pub_key=NULL,*priv_key=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{ {
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);

4
crypto/dsa/dsa_ossl.c
View File

@ -150,7 +150,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
return NULL; return NULL;
} }
if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{ {
DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
@ -353,7 +353,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
return -1; return -1;
} }
if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{ {
DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);

2
crypto/ec/ec_key.c
View File

@ -260,7 +260,7 @@ static int fips_check_ec(EC_KEY *key)
int fips_check_ec_prng(EC_KEY *ec) int fips_check_ec_prng(EC_KEY *ec)
{ {
int bits, strength; int bits, strength;
if (!FIPS_mode()) if (!FIPS_module_mode())
return 1; return 1;
if (ec->flags & (EC_FLAG_NON_FIPS_ALLOW|EC_FLAG_FIPS_CHECKED)) if (ec->flags & (EC_FLAG_NON_FIPS_ALLOW|EC_FLAG_FIPS_CHECKED))

4
crypto/evp/e_aes.c
View File

@ -247,7 +247,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (arg <= 0) if (arg <= 0)
return 0; return 0;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
&& arg < 12) && arg < 12)
return 0; return 0;
#endif #endif
@ -519,7 +519,7 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
return -1; return -1;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
/* Requirement of SP800-38E */ /* Requirement of SP800-38E */
if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
(len > (1L<<20)*16)) (len > (1L<<20)*16))
{ {
EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE); EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE);

8
crypto/rsa/rsa_eay.c
View File

@ -170,7 +170,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto err; goto err;
} }
if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{ {
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
@ -382,7 +382,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto err; goto err;
} }
if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{ {
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
@ -530,7 +530,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto err; goto err;
} }
if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{ {
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
@ -674,7 +674,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
goto err; goto err;
} }
if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{ {
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);

4
crypto/rsa/rsa_gen.c
View File

@ -82,7 +82,7 @@
int fips_check_rsa_prng(RSA *rsa, int bits) int fips_check_rsa_prng(RSA *rsa, int bits)
{ {
int strength; int strength;
if (!FIPS_mode()) if (!FIPS_module_mode())
return 1; return 1;
if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED)) if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED))
@ -205,7 +205,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
return 0; return 0;
} }
if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
&& (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{ {
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);

2
crypto/rsa/rsa_x931g.c
View File

@ -210,7 +210,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) &&
(bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{ {
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);

6
fips/fips.c
View File

@ -96,7 +96,7 @@ static void fips_set_mode(int onoff)
} }
} }
int FIPS_mode(void) int FIPS_module_mode(void)
{ {
int ret = 0; int ret = 0;
int owning_thread = fips_is_owning_thread(); int owning_thread = fips_is_owning_thread();
@ -237,7 +237,7 @@ int FIPS_check_incore_fingerprint(void)
return rv; return rv;
} }
int FIPS_mode_set(int onoff) int FIPS_module_mode_set(int onoff)
{ {
int fips_set_owning_thread(); int fips_set_owning_thread();
int fips_clear_owning_thread(); int fips_clear_owning_thread();
@ -254,7 +254,7 @@ int FIPS_mode_set(int onoff)
/* Don't go into FIPS mode twice, just so we can do automagic /* Don't go into FIPS mode twice, just so we can do automagic
seeding */ seeding */
if(FIPS_mode()) if(FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET); FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
fips_selftest_fail = 1; fips_selftest_fail = 1;

4
fips/fips.h
View File

@ -67,8 +67,8 @@ struct env_md_st;
struct evp_cipher_st; struct evp_cipher_st;
struct evp_cipher_ctx_st; struct evp_cipher_ctx_st;
int FIPS_mode_set(int onoff); int FIPS_module_mode_set(int onoff);
int FIPS_mode(void); int FIPS_module_mode(void);
const void *FIPS_rand_check(void); const void *FIPS_rand_check(void);
int FIPS_selftest(void); int FIPS_selftest(void);
int FIPS_selftest_failed(void); int FIPS_selftest_failed(void);

6
fips/fips_test_suite.c
View File

@ -945,7 +945,7 @@ int main(int argc,char **argv)
} }
if (!no_exit) { if (!no_exit) {
fips_algtest_init_nofips(); fips_algtest_init_nofips();
if (!FIPS_mode_set(1)) { if (!FIPS_module_mode_set(1)) {
printf("Power-up self test failed\n"); printf("Power-up self test failed\n");
exit(1); exit(1);
} }
@ -964,8 +964,8 @@ int main(int argc,char **argv)
/* Power-up self test /* Power-up self test
*/ */
ERR_clear_error(); ERR_clear_error();
test_msg("2. Automatic power-up self test", FIPS_mode_set(1)); test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
if (!FIPS_mode()) if (!FIPS_module_mode())
exit(1); exit(1);
if (do_drbg_stick) if (do_drbg_stick)
FIPS_drbg_stick(); FIPS_drbg_stick();

2
fips/fips_utl.h
View File

@ -136,7 +136,7 @@ void do_entropy_stick(void)
void fips_algtest_init(void) void fips_algtest_init(void)
{ {
fips_algtest_init_nofips(); fips_algtest_init_nofips();
if (!FIPS_mode_set(1)) if (!FIPS_module_mode_set(1))
{ {
fprintf(stderr, "Error entering FIPS mode\n"); fprintf(stderr, "Error entering FIPS mode\n");
exit(1); exit(1);

14
fips/rand/fips_rand_lib.c
View File

@ -72,7 +72,7 @@ int FIPS_rand_set_method(const RAND_METHOD *meth)
else else
fips_approved_rand_meth = 0; fips_approved_rand_meth = 0;
if (!fips_approved_rand_meth && FIPS_mode()) if (!fips_approved_rand_meth && FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD);
return 0; return 0;
@ -83,7 +83,7 @@ int FIPS_rand_set_method(const RAND_METHOD *meth)
void FIPS_rand_seed(const void *buf, int num) void FIPS_rand_seed(const void *buf, int num)
{ {
if (!fips_approved_rand_meth && FIPS_mode()) if (!fips_approved_rand_meth && FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
return; return;
@ -94,7 +94,7 @@ void FIPS_rand_seed(const void *buf, int num)
void FIPS_rand_add(const void *buf, int num, double entropy) void FIPS_rand_add(const void *buf, int num, double entropy)
{ {
if (!fips_approved_rand_meth && FIPS_mode()) if (!fips_approved_rand_meth && FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
return; return;
@ -105,7 +105,7 @@ void FIPS_rand_add(const void *buf, int num, double entropy)
int FIPS_rand_bytes(unsigned char *buf, int num) int FIPS_rand_bytes(unsigned char *buf, int num)
{ {
if (!fips_approved_rand_meth && FIPS_mode()) if (!fips_approved_rand_meth && FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0; return 0;
@ -117,7 +117,7 @@ int FIPS_rand_bytes(unsigned char *buf, int num)
int FIPS_rand_pseudo_bytes(unsigned char *buf, int num) int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
{ {
if (!fips_approved_rand_meth && FIPS_mode()) if (!fips_approved_rand_meth && FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0; return 0;
@ -129,7 +129,7 @@ int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
int FIPS_rand_status(void) int FIPS_rand_status(void)
{ {
if (!fips_approved_rand_meth && FIPS_mode()) if (!fips_approved_rand_meth && FIPS_module_mode())
{ {
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
return 0; return 0;
@ -153,7 +153,7 @@ int FIPS_rand_strength(void)
return 80; return 80;
else if (fips_approved_rand_meth == 0) else if (fips_approved_rand_meth == 0)
{ {
if (FIPS_mode()) if (FIPS_module_mode())
return 0; return 0;
else else
return 256; return 256;

4
fips/utl/fips_enc.c
View File

@ -136,7 +136,7 @@ int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
if (cipher) if (cipher)
{ {
/* Only FIPS ciphers allowed */ /* Only FIPS ciphers allowed */
if (FIPS_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) && if (FIPS_module_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) &&
!(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
{ {
EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
@ -288,7 +288,7 @@ int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
} }
/* Only FIPS ciphers allowed */ /* Only FIPS ciphers allowed */
if (FIPS_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) && if (FIPS_module_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) &&
!(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
{ {
EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS); EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS);

2
fips/utl/fips_md.c
View File

@ -173,7 +173,7 @@ int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type)
ctx->digest = &bad_md; ctx->digest = &bad_md;
return 0; return 0;
} }
if(FIPS_mode() && !(type->flags & EVP_MD_FLAG_FIPS) && if(FIPS_module_mode() && !(type->flags & EVP_MD_FLAG_FIPS) &&
!(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
{ {
EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);