Use approved API for EVP digest operations in FIPS builds.
Call OPENSSL_init() in a few more places to make sure it is always called at least once. Initial cipher API redirection (incomplete).
This commit is contained in:
Dr. Stephen Henson
parent
9f375a752e
commit
293c58c1e7
4 changed files with 28 additions and 1 deletions
|
|
@ -244,7 +244,11 @@ skip_to_init:
|
|||
|
||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
return FIPS_digestupdate(ctx, data, count);
|
||||
#else
|
||||
return ctx->update(ctx,data,count);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* The caller can assume that this removes any secret data from the context */
|
||||
|
|
@ -259,8 +263,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
|||
/* The caller can assume that this removes any secret data from the context */
|
||||
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
||||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
return FIPS_digestfinal(ctx, md, size);
|
||||
#else
|
||||
int ret;
|
||||
|
||||
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
|
||||
ret=ctx->digest->final(ctx,md);
|
||||
if (size != NULL)
|
||||
|
|
@ -272,6 +278,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
|
|||
}
|
||||
memset(ctx->md_data,0,ctx->digest->ctx_size);
|
||||
return ret;
|
||||
#endif
|
||||
}
|
||||
|
||||
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
|
||||
|
|
@ -365,6 +372,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
|
|||
/* This call frees resources associated with the context */
|
||||
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
||||
{
|
||||
#ifndef OPENSSL_FIPS
|
||||
/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
|
||||
* because sometimes only copies of the context are ever finalised.
|
||||
*/
|
||||
|
|
@ -377,6 +385,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|||
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
|
||||
OPENSSL_free(ctx->md_data);
|
||||
}
|
||||
#endif
|
||||
if (ctx->pctx)
|
||||
EVP_PKEY_CTX_free(ctx->pctx);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
|
|
@ -384,6 +393,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|||
/* The EVP_MD we used belongs to an ENGINE, release the
|
||||
* functional reference we held for this reason. */
|
||||
ENGINE_finish(ctx->engine);
|
||||
#endif
|
||||
#ifdef OPENSSL_FIPS
|
||||
FIPS_md_ctx_cleanup(ctx);
|
||||
#endif
|
||||
memset(ctx,'\0',sizeof *ctx);
|
||||
|
||||
|
|
|
|||
|
|
@ -64,6 +64,9 @@
|
|||
#ifndef OPENSSL_NO_ENGINE
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
#ifdef OPENSSL_FIPS
|
||||
#include <openssl/fips.h>
|
||||
#endif
|
||||
#include "evp_locl.h"
|
||||
|
||||
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
|
||||
|
|
@ -155,6 +158,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
|||
ctx->engine = NULL;
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||
#else
|
||||
ctx->cipher=cipher;
|
||||
if (ctx->cipher->ctx_size)
|
||||
{
|
||||
|
|
@ -179,6 +185,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else if(!ctx->cipher)
|
||||
{
|
||||
|
|
@ -188,6 +195,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
|||
#ifndef OPENSSL_NO_ENGINE
|
||||
skip_to_init:
|
||||
#endif
|
||||
#ifdef OPENSSL_FIPS
|
||||
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
|
||||
#else
|
||||
/* we assume block size is a power of 2 in *cryptUpdate */
|
||||
OPENSSL_assert(ctx->cipher->block_size == 1
|
||||
|| ctx->cipher->block_size == 8
|
||||
|
|
@ -233,6 +243,7 @@ skip_to_init:
|
|||
ctx->final_used=0;
|
||||
ctx->block_mask=ctx->cipher->block_size-1;
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
||||
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@
|
|||
int EVP_add_cipher(const EVP_CIPHER *c)
|
||||
{
|
||||
int r;
|
||||
OPENSSL_init();
|
||||
|
||||
r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
|
||||
if (r == 0) return(0);
|
||||
|
|
@ -78,6 +79,7 @@ int EVP_add_digest(const EVP_MD *md)
|
|||
{
|
||||
int r;
|
||||
const char *name;
|
||||
OPENSSL_init();
|
||||
|
||||
name=OBJ_nid2sn(md->type);
|
||||
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
|
||||
|
|
|
|||
|
|
@ -125,6 +125,7 @@ static long (*get_debug_options_func)(void) = NULL;
|
|||
int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
|
||||
void (*f)(void *))
|
||||
{
|
||||
OPENSSL_init();
|
||||
if (!allow_customize)
|
||||
return 0;
|
||||
if ((m == 0) || (r == 0) || (f == 0))
|
||||
|
|
@ -184,6 +185,7 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
|
|||
void (*so)(long),
|
||||
long (*go)(void))
|
||||
{
|
||||
OPENSSL_init();
|
||||
if (!allow_customize_debug)
|
||||
return 0;
|
||||
malloc_debug_func=m;
|
||||
|
|
|
|||
Loading…
Reference in a new issue