generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change FIPS source and utilities to use the "FIPS_" names directly

Browse Source 
instead of using regular OpenSSL API names.
This commit is contained in:
Dr. Stephen Henson 2011-02-12 18:25:18 +00:00
parent 36246be915
commit e47af46cd8
17 changed files with 120 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fips/aes/fips_aes_selftest.c
View File

@ -82,7 +82,7 @@ int FIPS_selftest_aes()
int n; int n;
int ret = 0; int ret = 0;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
for(n=0 ; n < 1 ; ++n) for(n=0 ; n < 1 ; ++n)
{ {
@ -95,7 +95,7 @@ int FIPS_selftest_aes()
} }
ret = 1; ret = 1;
err: err:
EVP_CIPHER_CTX_cleanup(&ctx); FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0) if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
return ret; return ret;

26
fips/aes/fips_aesavs.c
View File

@ -213,14 +213,14 @@ static int AESTest(EVP_CIPHER_CTX *ctx,
printf("Invalid key size: %d\n", akeysz); printf("Invalid key size: %d\n", akeysz);
return 0; return 0;
} }
if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
return 0; return 0;
if(!strcasecmp(amode,"CFB1")) if(!strcasecmp(amode,"CFB1"))
M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
if (dir) if (dir)
EVP_Cipher(ctx, ciphertext, plaintext, len); FIPS_cipher(ctx, ciphertext, plaintext, len);
else else
EVP_Cipher(ctx, plaintext, ciphertext, len); FIPS_cipher(ctx, plaintext, ciphertext, len);
return 1; return 1;
} }
@ -254,7 +254,7 @@ static int do_mct(char *amode,
int i, j, n, n1, n2; int i, j, n, n1, n2;
int imode = 0, nkeysz = akeysz/8; int imode = 0, nkeysz = akeysz/8;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
if (len > 32) if (len > 32)
{ {
@ -310,12 +310,12 @@ static int do_mct(char *amode,
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
{ {
EVP_Cipher(&ctx, ctext[j], ptext[j], len); FIPS_cipher(&ctx, ctext[j], ptext[j], len);
memcpy(ptext[j+1], ctext[j], len); memcpy(ptext[j+1], ctext[j], len);
} }
else else
{ {
EVP_Cipher(&ctx, ptext[j], ctext[j], len); FIPS_cipher(&ctx, ptext[j], ctext[j], len);
memcpy(ctext[j+1], ptext[j], len); memcpy(ctext[j+1], ptext[j], len);
} }
} }
@ -338,12 +338,12 @@ static int do_mct(char *amode,
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
{ {
EVP_Cipher(&ctx, ctext[j], ptext[j], len); FIPS_cipher(&ctx, ctext[j], ptext[j], len);
memcpy(ptext[j+1], ctext[j-1], len); memcpy(ptext[j+1], ctext[j-1], len);
} }
else else
{ {
EVP_Cipher(&ctx, ptext[j], ctext[j], len); FIPS_cipher(&ctx, ptext[j], ctext[j], len);
memcpy(ctext[j+1], ptext[j-1], len); memcpy(ctext[j+1], ptext[j-1], len);
} }
} }
@ -359,9 +359,9 @@ static int do_mct(char *amode,
else else
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
EVP_Cipher(&ctx, ctext[j], ptext[j], len); FIPS_cipher(&ctx, ctext[j], ptext[j], len);
else else
EVP_Cipher(&ctx, ptext[j], ctext[j], len); FIPS_cipher(&ctx, ptext[j], ctext[j], len);
} }
if (dir == XENCRYPT) if (dir == XENCRYPT)
{ {
@ -393,9 +393,9 @@ static int do_mct(char *amode,
else else
{ {
if (dir == XENCRYPT) if (dir == XENCRYPT)
EVP_Cipher(&ctx, ctext[j], ptext[j], len); FIPS_cipher(&ctx, ctext[j], ptext[j], len);
else else
EVP_Cipher(&ctx, ptext[j], ctext[j], len); FIPS_cipher(&ctx, ptext[j], ctext[j], len);
} }
if(dir == XENCRYPT) if(dir == XENCRYPT)
@ -565,7 +565,7 @@ static int proc_file(char *rqfile, char *rspfile)
unsigned char ciphertext[2048]; unsigned char ciphertext[2048];
char *rp; char *rp;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
if (!rqfile || !(*rqfile)) if (!rqfile || !(*rqfile))
{ {

36
fips/aes/fips_gcmtest.c
View File

@ -87,7 +87,7 @@ static void gcmtest(int encrypt)
unsigned char *ct = NULL, *pt = NULL; unsigned char *ct = NULL, *pt = NULL;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
const EVP_CIPHER *gcm; const EVP_CIPHER *gcm;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,stdin) != NULL) while(fgets(buf,sizeof buf,stdin) != NULL)
{ {
@ -175,20 +175,20 @@ static void gcmtest(int encrypt)
if (encrypt && pt && aad && (iv || encrypt==1)) if (encrypt && pt && aad && (iv || encrypt==1))
{ {
tag = OPENSSL_malloc(taglen); tag = OPENSSL_malloc(taglen);
EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 1); FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
/* Relax FIPS constraints for testing */ /* Relax FIPS constraints for testing */
M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
if (encrypt == 1) if (encrypt == 1)
{ {
static unsigned char iv_fixed[4] = {1,2,3,4}; static unsigned char iv_fixed[4] = {1,2,3,4};
if (!iv) if (!iv)
iv = OPENSSL_malloc(ivlen); iv = OPENSSL_malloc(ivlen);
EVP_CipherInit_ex(&ctx, NULL, NULL, key, NULL, 1); FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
EVP_CIPHER_CTX_ctrl(&ctx, FIPS_cipher_ctx_ctrl(&ctx,
EVP_CTRL_GCM_SET_IV_FIXED, EVP_CTRL_GCM_SET_IV_FIXED,
4, iv_fixed); 4, iv_fixed);
if (!EVP_CIPHER_CTX_ctrl(&ctx, if (!FIPS_cipher_ctx_ctrl(&ctx,
EVP_CTRL_GCM_IV_GEN, 0, iv)) EVP_CTRL_GCM_IV_GEN, 0, iv))
{ {
fprintf(stderr, "IV gen error\n"); fprintf(stderr, "IV gen error\n");
@ -197,18 +197,18 @@ static void gcmtest(int encrypt)
OutputValue("IV", iv, ivlen, stdout, 0); OutputValue("IV", iv, ivlen, stdout, 0);
} }
else else
EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 1); FIPS_cipherinit(&ctx, NULL, key, iv, 1);
if (aadlen) if (aadlen)
EVP_Cipher(&ctx, NULL, aad, aadlen); FIPS_cipher(&ctx, NULL, aad, aadlen);
if (ptlen) if (ptlen)
{ {
ct = OPENSSL_malloc(ptlen); ct = OPENSSL_malloc(ptlen);
rv = EVP_Cipher(&ctx, ct, pt, ptlen); rv = FIPS_cipher(&ctx, ct, pt, ptlen);
} }
EVP_Cipher(&ctx, NULL, NULL, 0); FIPS_cipher(&ctx, NULL, NULL, 0);
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
taglen, tag); taglen, tag);
OutputValue("CT", ct, ptlen, stdout, 0); OutputValue("CT", ct, ptlen, stdout, 0);
OutputValue("Tag", tag, taglen, stdout, 0); OutputValue("Tag", tag, taglen, stdout, 0);
@ -228,20 +228,20 @@ static void gcmtest(int encrypt)
} }
if (!encrypt && tag) if (!encrypt && tag)
{ {
EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0); FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
/* Relax FIPS constraints for testing */ /* Relax FIPS constraints for testing */
M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0); FIPS_cipherinit(&ctx, NULL, key, iv, 0);
EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
if (aadlen) if (aadlen)
EVP_Cipher(&ctx, NULL, aad, aadlen); FIPS_cipher(&ctx, NULL, aad, aadlen);
if (ptlen) if (ptlen)
{ {
pt = OPENSSL_malloc(ptlen); pt = OPENSSL_malloc(ptlen);
rv = EVP_Cipher(&ctx, pt, ct, ptlen); rv = FIPS_cipher(&ctx, pt, ct, ptlen);
} }
rv = EVP_Cipher(&ctx, NULL, NULL, 0); rv = FIPS_cipher(&ctx, NULL, NULL, 0);
if (rv < 0) if (rv < 0)
printf("FAIL\n"); printf("FAIL\n");
else else

4
fips/des/fips_des_selftest.c
View File

@ -110,7 +110,7 @@ int FIPS_selftest_des()
{ {
int n, ret = 0; int n, ret = 0;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
/* Encrypt/decrypt with 2-key 3DES and compare to known answers */ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
for(n=0 ; n < 2 ; ++n) for(n=0 ; n < 2 ; ++n)
{ {
@ -130,7 +130,7 @@ int FIPS_selftest_des()
} }
ret = 1; ret = 1;
err: err:
EVP_CIPHER_CTX_cleanup(&ctx); FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0) if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);

10
fips/des/fips_desmovs.c
View File

@ -122,11 +122,11 @@ static int DESTest(EVP_CIPHER_CTX *ctx,
EXIT(1); EXIT(1);
} }
if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
return 0; return 0;
if(!strcasecmp(amode,"CFB1")) if(!strcasecmp(amode,"CFB1"))
M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
EVP_Cipher(ctx, out, in, len); FIPS_cipher(ctx, out, in, len);
return 1; return 1;
} }
@ -184,7 +184,7 @@ static void do_mct(char *amode,
int kp=akeysz/64; int kp=akeysz/64;
unsigned char old_iv[8]; unsigned char old_iv[8];
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
fprintf(rfp,"\nCOUNT = %d\n",i); fprintf(rfp,"\nCOUNT = %d\n",i);
if(kp == 1) if(kp == 1)
@ -219,7 +219,7 @@ static void do_mct(char *amode,
else else
{ {
memcpy(old_iv,ctx.iv,8); memcpy(old_iv,ctx.iv,8);
EVP_Cipher(&ctx,text,text,len); FIPS_cipher(&ctx,text,text,len);
} }
if(j == 9999) if(j == 9999)
{ {
@ -282,7 +282,7 @@ static int proc_file(char *rqfile, char *rspfile)
char *rp; char *rp;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
int numkeys=1; int numkeys=1;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
if (!rqfile || !(*rqfile)) if (!rqfile || !(*rqfile))
{ {

12
fips/dsa/fips_dsa_selftest.c
View File

@ -118,7 +118,7 @@ int FIPS_selftest_dsa()
EVP_MD_CTX mctx; EVP_MD_CTX mctx;
DSA_SIG *dsig = NULL; DSA_SIG *dsig = NULL;
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
dsa = FIPS_dsa_new(); dsa = FIPS_dsa_new();
@ -134,17 +134,17 @@ int FIPS_selftest_dsa()
DSA_generate_key(dsa); DSA_generate_key(dsa);
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, str1, 20)) if (!FIPS_digestupdate(&mctx, str1, 20))
goto err; goto err;
dsig = FIPS_dsa_sign_ctx(dsa, &mctx); dsig = FIPS_dsa_sign_ctx(dsa, &mctx);
if (!dsig) if (!dsig)
goto err; goto err;
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto err; goto err;
if (!EVP_DigestUpdate(&mctx, str1, 20)) if (!FIPS_digestupdate(&mctx, str1, 20))
goto err; goto err;
if (FIPS_dsa_verify_ctx(dsa, &mctx, dsig) != 1) if (FIPS_dsa_verify_ctx(dsa, &mctx, dsig) != 1)
goto err; goto err;
@ -152,7 +152,7 @@ int FIPS_selftest_dsa()
ret = 1; ret = 1;
err: err:
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
if (dsa) if (dsa)
FIPS_dsa_free(dsa); FIPS_dsa_free(dsa);
if (dsig) if (dsig)

4
fips/dsa/fips_dsa_sign.c
View File

@ -76,7 +76,7 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
DSA_SIG *s; DSA_SIG *s;
unsigned char dig[EVP_MAX_MD_SIZE]; unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen; unsigned int dlen;
EVP_DigestFinal_ex(ctx, dig, &dlen); FIPS_digestfinal(ctx, dig, &dlen);
s = dsa->meth->dsa_do_sign(dig,dlen,dsa); s = dsa->meth->dsa_do_sign(dig,dlen,dsa);
OPENSSL_cleanse(dig, dlen); OPENSSL_cleanse(dig, dlen);
return s; return s;
@ -92,7 +92,7 @@ int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
int ret=-1; int ret=-1;
unsigned char dig[EVP_MAX_MD_SIZE]; unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen; unsigned int dlen;
EVP_DigestFinal_ex(ctx, dig, &dlen); FIPS_digestfinal(ctx, dig, &dlen);
ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa); ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
OPENSSL_cleanse(dig, dlen); OPENSSL_cleanse(dig, dlen);
return ret; return ret;

12
fips/dsa/fips_dsatest.c
View File

@ -156,7 +156,7 @@ int main(int argc, char **argv)
BN_GENCB cb; BN_GENCB cb;
EVP_MD_CTX mctx; EVP_MD_CTX mctx;
BN_GENCB_set(&cb, dsa_cb, stderr); BN_GENCB_set(&cb, dsa_cb, stderr);
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
fips_set_error_print(); fips_set_error_print();
if(!FIPS_mode_set(1)) if(!FIPS_mode_set(1))
@ -212,17 +212,17 @@ int main(int argc, char **argv)
} }
DSA_generate_key(dsa); DSA_generate_key(dsa);
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto end; goto end;
if (!EVP_DigestUpdate(&mctx, str1, 20)) if (!FIPS_digestupdate(&mctx, str1, 20))
goto end; goto end;
sig = FIPS_dsa_sign_ctx(dsa, &mctx); sig = FIPS_dsa_sign_ctx(dsa, &mctx);
if (!sig) if (!sig)
goto end; goto end;
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto end; goto end;
if (!EVP_DigestUpdate(&mctx, str1, 20)) if (!FIPS_digestupdate(&mctx, str1, 20))
goto end; goto end;
if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1) if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1)
goto end; goto end;
@ -233,7 +233,7 @@ end:
if (sig) if (sig)
DSA_SIG_free(sig); DSA_SIG_free(sig);
if (dsa != NULL) FIPS_dsa_free(dsa); if (dsa != NULL) FIPS_dsa_free(dsa);
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
#if 0 #if 0
CRYPTO_mem_leaks(bio_err); CRYPTO_mem_leaks(bio_err);
#endif #endif

16
fips/dsa/fips_dssvs.c
View File

@ -533,7 +533,7 @@ static void siggen()
int n; int n;
EVP_MD_CTX mctx; EVP_MD_CTX mctx;
DSA_SIG *sig; DSA_SIG *sig;
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
n=hex2bin(value,msg); n=hex2bin(value,msg);
@ -541,15 +541,15 @@ static void siggen()
exit(1); exit(1);
pbn("Y",dsa->pub_key); pbn("Y",dsa->pub_key);
EVP_DigestInit_ex(&mctx, md, NULL); FIPS_digestinit(&mctx, md);
EVP_DigestUpdate(&mctx, msg, n); FIPS_digestupdate(&mctx, msg, n);
sig = FIPS_dsa_sign_ctx(dsa, &mctx); sig = FIPS_dsa_sign_ctx(dsa, &mctx);
pbn("R",sig->r); pbn("R",sig->r);
pbn("S",sig->s); pbn("S",sig->s);
putc('\n',stdout); putc('\n',stdout);
DSA_SIG_free(sig); DSA_SIG_free(sig);
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
} }
} }
if (dsa) if (dsa)
@ -606,15 +606,15 @@ static void sigver()
{ {
EVP_MD_CTX mctx; EVP_MD_CTX mctx;
int r; int r;
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
sig->s=hex2bn(value); sig->s=hex2bn(value);
EVP_DigestInit_ex(&mctx, md, NULL); FIPS_digestinit(&mctx, md);
EVP_DigestUpdate(&mctx, msg, n); FIPS_digestupdate(&mctx, msg, n);
no_err = 1; no_err = 1;
r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
no_err = 0; no_err = 0;
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
printf("Result = %c\n", r == 1 ? 'P' : 'F'); printf("Result = %c\n", r == 1 ? 'P' : 'F');
putc('\n',stdout); putc('\n',stdout);

22
fips/fips.c
View File

@ -438,7 +438,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
unsigned int siglen; unsigned int siglen;
DSA_SIG *dsig = NULL; DSA_SIG *dsig = NULL;
EVP_MD_CTX mctx; EVP_MD_CTX mctx;
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
if ((pkey->type == EVP_PKEY_RSA) if ((pkey->type == EVP_PKEY_RSA)
&& ((size_t)RSA_size(pkey->pkey.rsa) > sizeof(sigtmp))) && ((size_t)RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
@ -454,9 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
if (tbslen == -1) if (tbslen == -1)
tbslen = strlen((char *)tbs); tbslen = strlen((char *)tbs);
if (!EVP_DigestInit_ex(&mctx, digest, NULL)) if (!FIPS_digestinit(&mctx, digest))
goto error; goto error;
if (!EVP_DigestUpdate(&mctx, tbs, tbslen)) if (!FIPS_digestupdate(&mctx, tbs, tbslen))
goto error; goto error;
if (pkey->type == EVP_PKEY_RSA) if (pkey->type == EVP_PKEY_RSA)
{ {
@ -478,9 +478,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen))) if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
goto error; goto error;
if (!EVP_DigestInit_ex(&mctx, digest, NULL)) if (!FIPS_digestinit(&mctx, digest))
goto error; goto error;
if (!EVP_DigestUpdate(&mctx, tbs, tbslen)) if (!FIPS_digestupdate(&mctx, tbs, tbslen))
goto error; goto error;
if (pkey->type == EVP_PKEY_RSA) if (pkey->type == EVP_PKEY_RSA)
{ {
@ -501,12 +501,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
DSA_SIG_free(dsig); DSA_SIG_free(dsig);
if (sig != sigtmp) if (sig != sigtmp)
OPENSSL_free(sig); OPENSSL_free(sig);
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
if (ret != 1) if (ret != 1)
{ {
FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE); FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
if (fail_str) if (fail_str)
ERR_add_error_data(2, "Type=", fail_str); FIPS_add_error_data(2, "Type=", fail_str);
return 0; return 0;
} }
return 1; return 1;
@ -526,14 +526,14 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0) if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
return 0; return 0;
EVP_Cipher(ctx, citmp, plaintext, len); FIPS_cipher(ctx, citmp, plaintext, len);
if (memcmp(citmp, ciphertext, len)) if (memcmp(citmp, ciphertext, len))
return 0; return 0;
if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0) if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)
return 0; return 0;
EVP_Cipher(ctx, pltmp, citmp, len); FIPS_cipher(ctx, pltmp, citmp, len);
if (memcmp(pltmp, plaintext, len)) if (memcmp(pltmp, plaintext, len))
return 0; return 0;
return 1; return 1;

54
fips/fips_test_suite.c
View File

@ -54,18 +54,18 @@ static int FIPS_aes_test(void)
unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
unsigned char plaintext[16] = "etaonrishdlcu"; unsigned char plaintext[16] = "etaonrishdlcu";
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0) if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
goto err; goto err;
EVP_Cipher(&ctx, citmp, plaintext, 16); FIPS_cipher(&ctx, citmp, plaintext, 16);
if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0) if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
goto err; goto err;
EVP_Cipher(&ctx, pltmp, citmp, 16); FIPS_cipher(&ctx, pltmp, citmp, 16);
if (memcmp(pltmp, plaintext, 16)) if (memcmp(pltmp, plaintext, 16))
goto err; goto err;
ret = 1; ret = 1;
err: err:
EVP_CIPHER_CTX_cleanup(&ctx); FIPS_cipher_ctx_cleanup(&ctx);
return ret; return ret;
} }
@ -78,18 +78,18 @@ static int FIPS_des3_test(void)
19,20,21,22,23,24}; 19,20,21,22,23,24};
unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx); FIPS_cipher_ctx_init(&ctx);
if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0) if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
goto err; goto err;
EVP_Cipher(&ctx, citmp, plaintext, 8); FIPS_cipher(&ctx, citmp, plaintext, 8);
if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0) if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
goto err; goto err;
EVP_Cipher(&ctx, pltmp, citmp, 8); FIPS_cipher(&ctx, pltmp, citmp, 8);
if (memcmp(pltmp, plaintext, 8)) if (memcmp(pltmp, plaintext, 8))
goto err; goto err;
ret = 1; ret = 1;
err: err:
EVP_CIPHER_CTX_cleanup(&ctx); FIPS_cipher_ctx_cleanup(&ctx);
return ret; return ret;
} }
@ -105,7 +105,7 @@ static int FIPS_dsa_test(int bad)
DSA_SIG *sig = NULL; DSA_SIG *sig = NULL;
ERR_clear_error(); ERR_clear_error();
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
dsa = FIPS_dsa_new(); dsa = FIPS_dsa_new();
if (!dsa) if (!dsa)
goto end; goto end;
@ -116,23 +116,23 @@ static int FIPS_dsa_test(int bad)
if (bad) if (bad)
BN_add_word(dsa->pub_key, 1); BN_add_word(dsa->pub_key, 1);
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto end; goto end;
if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1)) if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
goto end; goto end;
sig = FIPS_dsa_sign_ctx(dsa, &mctx); sig = FIPS_dsa_sign_ctx(dsa, &mctx);
if (!sig) if (!sig)
goto end; goto end;
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto end; goto end;
if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1)) if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
goto end; goto end;
r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
end: end:
if (sig) if (sig)
DSA_SIG_free(sig); DSA_SIG_free(sig);
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
if (dsa) if (dsa)
FIPS_dsa_free(dsa); FIPS_dsa_free(dsa);
if (r != 1) if (r != 1)
@ -154,7 +154,7 @@ static int FIPS_rsa_test(int bad)
int r = 0; int r = 0;
ERR_clear_error(); ERR_clear_error();
EVP_MD_CTX_init(&mctx); FIPS_md_ctx_init(&mctx);
key = FIPS_rsa_new(); key = FIPS_rsa_new();
bn = BN_new(); bn = BN_new();
if (!key || !bn) if (!key || !bn)
@ -166,20 +166,20 @@ static int FIPS_rsa_test(int bad)
if (bad) if (bad)
BN_add_word(key->n, 1); BN_add_word(key->n, 1);
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto end; goto end;
if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
goto end; goto end;
if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen)) if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
goto end; goto end;
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) if (!FIPS_digestinit(&mctx, EVP_sha1()))
goto end; goto end;
if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
goto end; goto end;
r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen); r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
end: end:
EVP_MD_CTX_cleanup(&mctx); FIPS_md_ctx_cleanup(&mctx);
if (key) if (key)
FIPS_rsa_free(key); FIPS_rsa_free(key);
if (r != 1) if (r != 1)
@ -199,7 +199,7 @@ static int FIPS_sha1_test()
unsigned char md[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH];
ERR_clear_error(); ERR_clear_error();
if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0; if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
if (memcmp(md,digest,sizeof(md))) if (memcmp(md,digest,sizeof(md)))
return 0; return 0;
return 1; return 1;
@ -218,7 +218,7 @@ static int FIPS_sha256_test()
unsigned char md[SHA256_DIGEST_LENGTH]; unsigned char md[SHA256_DIGEST_LENGTH];
ERR_clear_error(); ERR_clear_error();
if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0; if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
if (memcmp(md,digest,sizeof(md))) if (memcmp(md,digest,sizeof(md)))
return 0; return 0;
return 1; return 1;
@ -239,7 +239,7 @@ static int FIPS_sha512_test()
unsigned char md[SHA512_DIGEST_LENGTH]; unsigned char md[SHA512_DIGEST_LENGTH];
ERR_clear_error(); ERR_clear_error();
if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0; if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
if (memcmp(md,digest,sizeof(md))) if (memcmp(md,digest,sizeof(md)))
return 0; return 0;
return 1; return 1;

4
fips/rsa/fips_rsa_sign.c
View File

@ -197,7 +197,7 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
{ {
unsigned int md_len, rv; unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
EVP_DigestFinal_ex(ctx, md, &md_len); FIPS_digestfinal(ctx, md, &md_len);
rv = FIPS_rsa_sign_digest(rsa, md, md_len, rv = FIPS_rsa_sign_digest(rsa, md, md_len,
M_EVP_MD_CTX_md(ctx), M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen, rsa_pad_mode, saltlen,
@ -300,7 +300,7 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
{ {
unsigned int md_len, rv; unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
EVP_DigestFinal_ex(ctx, md, &md_len); FIPS_digestfinal(ctx, md, &md_len);
rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx), rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen, mgf1Hash, rsa_pad_mode, saltlen, mgf1Hash,
sigbuf, siglen); sigbuf, siglen);

8
fips/rsa/fips_rsastest.c
View File

@ -331,7 +331,7 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
if (!sigbuf) if (!sigbuf)
goto error; goto error;
EVP_MD_CTX_init(&ctx); FIPS_md_ctx_init(&ctx);
if (Saltlen >= 0) if (Saltlen >= 0)
pad_mode = RSA_PKCS1_PSS_PADDING; pad_mode = RSA_PKCS1_PSS_PADDING;
@ -340,15 +340,15 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
else else
pad_mode = RSA_PKCS1_PADDING; pad_mode = RSA_PKCS1_PADDING;
if (!EVP_DigestInit_ex(&ctx, dgst, NULL)) if (!FIPS_digestinit(&ctx, dgst))
goto error; goto error;
if (!EVP_DigestUpdate(&ctx, Msg, Msglen)) if (!FIPS_digestupdate(&ctx, Msg, Msglen))
goto error; goto error;
if (!FIPS_rsa_sign_ctx(rsa, &ctx, pad_mode, Saltlen, NULL, if (!FIPS_rsa_sign_ctx(rsa, &ctx, pad_mode, Saltlen, NULL,
sigbuf, (unsigned int *)&siglen)) sigbuf, (unsigned int *)&siglen))
goto error; goto error;
EVP_MD_CTX_cleanup(&ctx); FIPS_md_ctx_cleanup(&ctx);
fputs("S = ", out); fputs("S = ", out);

8
fips/rsa/fips_rsavtest.c
View File

@ -332,7 +332,7 @@ static int rsa_printver(FILE *out,
if (!rsa_pubkey->n || !rsa_pubkey->e) if (!rsa_pubkey->n || !rsa_pubkey->e)
goto error; goto error;
EVP_MD_CTX_init(&ctx); FIPS_md_ctx_init(&ctx);
if (Saltlen >= 0) if (Saltlen >= 0)
pad_mode = RSA_PKCS1_PSS_PADDING; pad_mode = RSA_PKCS1_PSS_PADDING;
@ -341,9 +341,9 @@ static int rsa_printver(FILE *out,
else else
pad_mode = RSA_PKCS1_PADDING; pad_mode = RSA_PKCS1_PADDING;
if (!EVP_DigestInit_ex(&ctx, dgst, NULL)) if (!FIPS_digestinit(&ctx, dgst))
goto error; goto error;
if (!EVP_DigestUpdate(&ctx, Msg, Msglen)) if (!FIPS_digestupdate(&ctx, Msg, Msglen))
goto error; goto error;
no_err = 1; no_err = 1;
@ -352,7 +352,7 @@ static int rsa_printver(FILE *out,
no_err = 0; no_err = 0;
EVP_MD_CTX_cleanup(&ctx); FIPS_md_ctx_cleanup(&ctx);
if (r < 0) if (r < 0)
goto error; goto error;

2
fips/sha/fips_sha1_selftest.c
View File

@ -86,7 +86,7 @@ int FIPS_selftest_sha1()
{ {
unsigned char md[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH];
EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL); FIPS_digest(test[n],strlen(test[n]),md, NULL, EVP_sha1());
if(memcmp(md,ret[n],sizeof md)) if(memcmp(md,ret[n],sizeof md))
{ {
FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);

16
fips/sha/fips_shatest.c
View File

@ -300,7 +300,7 @@ static int print_dgst(const EVP_MD *emd, FILE *out,
{ {
int i, mdlen; int i, mdlen;
unsigned char md[EVP_MAX_MD_SIZE]; unsigned char md[EVP_MAX_MD_SIZE];
if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) if (!FIPS_digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd))
{ {
fputs("Error calculating HASH\n", stderr); fputs("Error calculating HASH\n", stderr);
return 0; return 0;
@ -321,7 +321,7 @@ static int print_monte(const EVP_MD *md, FILE *out,
unsigned char *m1, *m2, *m3, *p; unsigned char *m1, *m2, *m3, *p;
unsigned int mlen, m1len, m2len, m3len; unsigned int mlen, m1len, m2len, m3len;
EVP_MD_CTX_init(&ctx); FIPS_md_ctx_init(&ctx);
if (SeedLen > EVP_MAX_MD_SIZE) if (SeedLen > EVP_MAX_MD_SIZE)
mlen = SeedLen; mlen = SeedLen;
@ -346,17 +346,17 @@ static int print_monte(const EVP_MD *md, FILE *out,
{ {
for (i = 0; i < 1000; i++) for (i = 0; i < 1000; i++)
{ {
EVP_DigestInit_ex(&ctx, md, NULL); FIPS_digestinit(&ctx, md);
EVP_DigestUpdate(&ctx, m1, m1len); FIPS_digestupdate(&ctx, m1, m1len);
EVP_DigestUpdate(&ctx, m2, m2len); FIPS_digestupdate(&ctx, m2, m2len);
EVP_DigestUpdate(&ctx, m3, m3len); FIPS_digestupdate(&ctx, m3, m3len);
p = m1; p = m1;
m1 = m2; m1 = m2;
m1len = m2len; m1len = m2len;
m2 = m3; m2 = m3;
m2len = m3len; m2len = m3len;
m3 = p; m3 = p;
EVP_DigestFinal_ex(&ctx, m3, &m3len); FIPS_digestfinal(&ctx, m3, &m3len);
} }
fprintf(out, "COUNT = %d\n", j); fprintf(out, "COUNT = %d\n", j);
fputs("MD = ", out); fputs("MD = ", out);
@ -378,7 +378,7 @@ static int print_monte(const EVP_MD *md, FILE *out,
if (m3) if (m3)
OPENSSL_free(m3); OPENSSL_free(m3);
EVP_MD_CTX_cleanup(&ctx); FIPS_md_ctx_cleanup(&ctx);
return ret; return ret;
} }

2
fips/utl/fips_md.c
View File

@ -208,7 +208,7 @@ void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx)
/* This call frees resources associated with the context */ /* This call frees resources associated with the context */
int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx) int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx)
{ {
/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, /* Don't assume ctx->md_data was cleaned in FIPS_digest_Final,
* because sometimes only copies of the context are ever finalised. * because sometimes only copies of the context are ever finalised.
*/ */
if (ctx->digest && ctx->digest->cleanup if (ctx->digest && ctx->digest->cleanup