Link GCM into FIPS module. Check return value in EVP gcm.

2011-02-08 15:10:42 +00:00 · 2011-02-08 15:10:42 +00:00 · f4001a0d19
commit f4001a0d19
parent cea73f9db3
4 changed files with 17 additions and 4 deletions
--- a/Makefile.org
+++ b/Makefile.org
@ -316,6 +316,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/modes/cbc128.o \
 	../crypto/modes/cfb128.o \
 	../crypto/modes/ctr128.o \
+	../crypto/modes/gcm128.o \
 	../crypto/modes/ofb128.o \
 	../crypto/rand/md_rand.o \
 	../crypto/rand/rand_egd.o \
@ -350,7 +351,7 @@ build_fips:

 build_crypto:
 	if [ -n "$(FIPSCANLIB)" ]; then \
-		EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+		EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
 		ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
 	else \
 		ARX='${AR}' ; \
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@ -312,11 +312,20 @@ static int aes_gcm(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	if (in)
 		{
 		if (out == NULL)
-			CRYPTO_gcm128_aad(gctx->gcm, in, len);
+			{
+			if (CRYPTO_gcm128_aad(gctx->gcm, in, len))
+				return -1;
+			}
 		else if (ctx->encrypt)
-			CRYPTO_gcm128_encrypt(gctx->gcm, in, out, len);
+			{
+			if (CRYPTO_gcm128_encrypt(gctx->gcm, in, out, len))
+				return -1;
+			}
 		else
-			CRYPTO_gcm128_decrypt(gctx->gcm, in, out, len);
+			{
+			if (CRYPTO_gcm128_decrypt(gctx->gcm, in, out, len))
+				return -1;
+			}
 		return len;
 		}
 	else
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@ -47,6 +47,8 @@
 * ====================================================================
 */

+#define OPENSSL_FIPSAPI
+
 #include <openssl/crypto.h>
 #include "modes_lcl.h"
 #include <string.h>
--- a/fips/Makefile
+++ b/fips/Makefile
@ -89,6 +89,7 @@ fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
 	list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
 	list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
 	list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
+	list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \
 	if [ -n "$(CPUID_OBJ)" ]; then \
 		CPUID=../crypto/$(CPUID_OBJ) ; \
 	else \