summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
authordjm <>2009-01-09 12:14:11 +0000
committerdjm <>2009-01-09 12:14:11 +0000
commita0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch)
treec43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libcrypto/evp
parent5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
downloadopenbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip
import openssl-0.9.8j
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/bio_md.c9
-rw-r--r--src/lib/libcrypto/evp/digest.c154
-rw-r--r--src/lib/libcrypto/evp/e_aes.c35
-rw-r--r--src/lib/libcrypto/evp/e_camellia.c2
-rw-r--r--src/lib/libcrypto/evp/e_des.c9
-rw-r--r--src/lib/libcrypto/evp/e_des3.c29
-rw-r--r--src/lib/libcrypto/evp/e_null.c2
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c1
-rw-r--r--src/lib/libcrypto/evp/evp.h80
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c267
-rw-r--r--src/lib/libcrypto/evp/evp_err.c16
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c39
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h30
-rw-r--r--src/lib/libcrypto/evp/evp_pbe.c2
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c2
-rw-r--r--src/lib/libcrypto/evp/m_dss.c2
-rw-r--r--src/lib/libcrypto/evp/m_dss1.c3
-rw-r--r--src/lib/libcrypto/evp/m_md4.c1
-rw-r--r--src/lib/libcrypto/evp/m_md5.c1
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c7
-rw-r--r--src/lib/libcrypto/evp/names.c7
-rw-r--r--src/lib/libcrypto/evp/p5_crpt.c2
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c2
-rw-r--r--src/lib/libcrypto/evp/p_sign.c24
-rw-r--r--src/lib/libcrypto/evp/p_verify.c26
25 files changed, 440 insertions, 312 deletions
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index d648ac6da6..ed5c1135fd 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
192 ret=0; 192 ret=0;
193 break; 193 break;
194 case BIO_C_GET_MD_CTX: 194 case BIO_C_GET_MD_CTX:
195 if (b->init) 195 pctx=ptr;
196 { 196 *pctx=ctx;
197 pctx=ptr;
198 *pctx=ctx;
199 }
200 else
201 ret=0;
202 break; 197 break;
203 case BIO_C_SET_MD_CTX: 198 case BIO_C_SET_MD_CTX:
204 if (b->init) 199 if (b->init)
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 762e6d3450..3bc2d1295c 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -116,6 +116,7 @@
116#ifndef OPENSSL_NO_ENGINE 116#ifndef OPENSSL_NO_ENGINE
117#include <openssl/engine.h> 117#include <openssl/engine.h>
118#endif 118#endif
119#include "evp_locl.h"
119 120
120void EVP_MD_CTX_init(EVP_MD_CTX *ctx) 121void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
121 { 122 {
@@ -137,18 +138,77 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
137 return EVP_DigestInit_ex(ctx, type, NULL); 138 return EVP_DigestInit_ex(ctx, type, NULL);
138 } 139 }
139 140
140int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) 141#ifdef OPENSSL_FIPS
142
143/* The purpose of these is to trap programs that attempt to use non FIPS
144 * algorithms in FIPS mode and ignore the errors.
145 */
146
147static int bad_init(EVP_MD_CTX *ctx)
148 { FIPS_ERROR_IGNORED("Digest init"); return 0;}
149
150static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
151 { FIPS_ERROR_IGNORED("Digest update"); return 0;}
152
153static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
154 { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
155
156static const EVP_MD bad_md =
141 { 157 {
142 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 158 0,
159 0,
160 0,
161 0,
162 bad_init,
163 bad_update,
164 bad_final,
165 NULL,
166 NULL,
167 NULL,
168 0,
169 {0,0,0,0},
170 };
171
172#endif
173
143#ifndef OPENSSL_NO_ENGINE 174#ifndef OPENSSL_NO_ENGINE
144 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts 175
145 * so this context may already have an ENGINE! Try to avoid releasing 176#ifdef OPENSSL_FIPS
146 * the previous handle, re-querying for an ENGINE, and having a 177
147 * reinitialisation, when it may all be unecessary. */ 178static int do_engine_null(ENGINE *impl) { return 0;}
148 if (ctx->engine && ctx->digest && (!type || 179static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
149 (type && (type->type == ctx->digest->type)))) 180 const EVP_MD **ptype, ENGINE *impl)
150 goto skip_to_init; 181 { return 1; }
151 if (type) 182
183static int (*do_engine_init)(ENGINE *impl)
184 = do_engine_null;
185
186static int (*do_engine_finish)(ENGINE *impl)
187 = do_engine_null;
188
189static int (*do_evp_md_engine)
190 (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
191 = do_evp_md_engine_null;
192
193void int_EVP_MD_set_engine_callbacks(
194 int (*eng_md_init)(ENGINE *impl),
195 int (*eng_md_fin)(ENGINE *impl),
196 int (*eng_md_evp)
197 (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
198 {
199 do_engine_init = eng_md_init;
200 do_engine_finish = eng_md_fin;
201 do_evp_md_engine = eng_md_evp;
202 }
203
204#else
205
206#define do_engine_init ENGINE_init
207#define do_engine_finish ENGINE_finish
208
209static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
210 {
211 if (*ptype)
152 { 212 {
153 /* Ensure an ENGINE left lying around from last time is cleared 213 /* Ensure an ENGINE left lying around from last time is cleared
154 * (the previous check attempted to avoid this if the same 214 * (the previous check attempted to avoid this if the same
@@ -159,25 +219,25 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
159 { 219 {
160 if (!ENGINE_init(impl)) 220 if (!ENGINE_init(impl))
161 { 221 {
162 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); 222 EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
163 return 0; 223 return 0;
164 } 224 }
165 } 225 }
166 else 226 else
167 /* Ask if an ENGINE is reserved for this job */ 227 /* Ask if an ENGINE is reserved for this job */
168 impl = ENGINE_get_digest_engine(type->type); 228 impl = ENGINE_get_digest_engine((*ptype)->type);
169 if(impl) 229 if(impl)
170 { 230 {
171 /* There's an ENGINE for this job ... (apparently) */ 231 /* There's an ENGINE for this job ... (apparently) */
172 const EVP_MD *d = ENGINE_get_digest(impl, type->type); 232 const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
173 if(!d) 233 if(!d)
174 { 234 {
175 /* Same comment from evp_enc.c */ 235 /* Same comment from evp_enc.c */
176 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); 236 EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
177 return 0; 237 return 0;
178 } 238 }
179 /* We'll use the ENGINE's private digest definition */ 239 /* We'll use the ENGINE's private digest definition */
180 type = d; 240 *ptype = d;
181 /* Store the ENGINE functional reference so we know 241 /* Store the ENGINE functional reference so we know
182 * 'type' came from an ENGINE and we need to release 242 * 'type' came from an ENGINE and we need to release
183 * it when done. */ 243 * it when done. */
@@ -189,12 +249,52 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
189 else 249 else
190 if(!ctx->digest) 250 if(!ctx->digest)
191 { 251 {
192 EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); 252 EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
193 return 0; 253 return 0;
194 } 254 }
255 return 1;
256 }
257
258#endif
259
260#endif
261
262int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
263 {
264 M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
265#ifdef OPENSSL_FIPS
266 if(FIPS_selftest_failed())
267 {
268 FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
269 ctx->digest = &bad_md;
270 return 0;
271 }
272#endif
273#ifndef OPENSSL_NO_ENGINE
274 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
275 * so this context may already have an ENGINE! Try to avoid releasing
276 * the previous handle, re-querying for an ENGINE, and having a
277 * reinitialisation, when it may all be unecessary. */
278 if (ctx->engine && ctx->digest && (!type ||
279 (type && (type->type == ctx->digest->type))))
280 goto skip_to_init;
281 if (!do_evp_md_engine(ctx, &type, impl))
282 return 0;
195#endif 283#endif
196 if (ctx->digest != type) 284 if (ctx->digest != type)
197 { 285 {
286#ifdef OPENSSL_FIPS
287 if (FIPS_mode())
288 {
289 if (!(type->flags & EVP_MD_FLAG_FIPS)
290 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
291 {
292 EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
293 ctx->digest = &bad_md;
294 return 0;
295 }
296 }
297#endif
198 if (ctx->digest && ctx->digest->ctx_size) 298 if (ctx->digest && ctx->digest->ctx_size)
199 OPENSSL_free(ctx->md_data); 299 OPENSSL_free(ctx->md_data);
200 ctx->digest=type; 300 ctx->digest=type;
@@ -202,7 +302,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
202 ctx->md_data=OPENSSL_malloc(type->ctx_size); 302 ctx->md_data=OPENSSL_malloc(type->ctx_size);
203 } 303 }
204#ifndef OPENSSL_NO_ENGINE 304#ifndef OPENSSL_NO_ENGINE
205skip_to_init: 305 skip_to_init:
206#endif 306#endif
207 return ctx->digest->init(ctx); 307 return ctx->digest->init(ctx);
208 } 308 }
@@ -210,6 +310,9 @@ skip_to_init:
210int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, 310int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
211 size_t count) 311 size_t count)
212 { 312 {
313#ifdef OPENSSL_FIPS
314 FIPS_selftest_check();
315#endif
213 return ctx->digest->update(ctx,data,count); 316 return ctx->digest->update(ctx,data,count);
214 } 317 }
215 318
@@ -226,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
226int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) 329int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
227 { 330 {
228 int ret; 331 int ret;
332#ifdef OPENSSL_FIPS
333 FIPS_selftest_check();
334#endif
229 335
230 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); 336 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
231 ret=ctx->digest->final(ctx,md); 337 ret=ctx->digest->final(ctx,md);
@@ -234,7 +340,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
234 if (ctx->digest->cleanup) 340 if (ctx->digest->cleanup)
235 { 341 {
236 ctx->digest->cleanup(ctx); 342 ctx->digest->cleanup(ctx);
237 EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 343 M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
238 } 344 }
239 memset(ctx->md_data,0,ctx->digest->ctx_size); 345 memset(ctx->md_data,0,ctx->digest->ctx_size);
240 return ret; 346 return ret;
@@ -256,7 +362,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
256 } 362 }
257#ifndef OPENSSL_NO_ENGINE 363#ifndef OPENSSL_NO_ENGINE
258 /* Make sure it's safe to copy a digest context using an ENGINE */ 364 /* Make sure it's safe to copy a digest context using an ENGINE */
259 if (in->engine && !ENGINE_init(in->engine)) 365 if (in->engine && !do_engine_init(in->engine))
260 { 366 {
261 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); 367 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
262 return 0; 368 return 0;
@@ -266,7 +372,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
266 if (out->digest == in->digest) 372 if (out->digest == in->digest)
267 { 373 {
268 tmp_buf = out->md_data; 374 tmp_buf = out->md_data;
269 EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); 375 M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
270 } 376 }
271 else tmp_buf = NULL; 377 else tmp_buf = NULL;
272 EVP_MD_CTX_cleanup(out); 378 EVP_MD_CTX_cleanup(out);
@@ -292,7 +398,7 @@ int EVP_Digest(const void *data, size_t count,
292 int ret; 398 int ret;
293 399
294 EVP_MD_CTX_init(&ctx); 400 EVP_MD_CTX_init(&ctx);
295 EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); 401 M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
296 ret=EVP_DigestInit_ex(&ctx, type, impl) 402 ret=EVP_DigestInit_ex(&ctx, type, impl)
297 && EVP_DigestUpdate(&ctx, data, count) 403 && EVP_DigestUpdate(&ctx, data, count)
298 && EVP_DigestFinal_ex(&ctx, md, size); 404 && EVP_DigestFinal_ex(&ctx, md, size);
@@ -314,10 +420,10 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
314 * because sometimes only copies of the context are ever finalised. 420 * because sometimes only copies of the context are ever finalised.
315 */ 421 */
316 if (ctx->digest && ctx->digest->cleanup 422 if (ctx->digest && ctx->digest->cleanup
317 && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) 423 && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
318 ctx->digest->cleanup(ctx); 424 ctx->digest->cleanup(ctx);
319 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data 425 if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
320 && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) 426 && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
321 { 427 {
322 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); 428 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
323 OPENSSL_free(ctx->md_data); 429 OPENSSL_free(ctx->md_data);
@@ -326,7 +432,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
326 if(ctx->engine) 432 if(ctx->engine)
327 /* The EVP_MD we used belongs to an ENGINE, release the 433 /* The EVP_MD we used belongs to an ENGINE, release the
328 * functional reference we held for this reason. */ 434 * functional reference we held for this reason. */
329 ENGINE_finish(ctx->engine); 435 do_engine_finish(ctx->engine);
330#endif 436#endif
331 memset(ctx,'\0',sizeof *ctx); 437 memset(ctx,'\0',sizeof *ctx);
332 438
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index bd6c0a3a62..c9a5ee8d75 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -69,32 +69,29 @@ typedef struct
69 69
70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 70IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
71 NID_aes_128, 16, 16, 16, 128, 71 NID_aes_128, 16, 16, 16, 128,
72 0, aes_init_key, NULL, 72 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
73 EVP_CIPHER_set_asn1_iv, 73 aes_init_key,
74 EVP_CIPHER_get_asn1_iv, 74 NULL, NULL, NULL, NULL)
75 NULL)
76IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 75IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
77 NID_aes_192, 16, 24, 16, 128, 76 NID_aes_192, 16, 24, 16, 128,
78 0, aes_init_key, NULL, 77 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
79 EVP_CIPHER_set_asn1_iv, 78 aes_init_key,
80 EVP_CIPHER_get_asn1_iv, 79 NULL, NULL, NULL, NULL)
81 NULL)
82IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
83 NID_aes_256, 16, 32, 16, 128, 81 NID_aes_256, 16, 32, 16, 128,
84 0, aes_init_key, NULL, 82 EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
85 EVP_CIPHER_set_asn1_iv, 83 aes_init_key,
86 EVP_CIPHER_get_asn1_iv, 84 NULL, NULL, NULL, NULL)
87 NULL)
88 85
89#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) 86#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
90 87
91IMPLEMENT_AES_CFBR(128,1) 88IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
92IMPLEMENT_AES_CFBR(192,1) 89IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
93IMPLEMENT_AES_CFBR(256,1) 90IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
94 91
95IMPLEMENT_AES_CFBR(128,8) 92IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
96IMPLEMENT_AES_CFBR(192,8) 93IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
97IMPLEMENT_AES_CFBR(256,8) 94IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
98 95
99static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 96static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
100 const unsigned char *iv, int enc) 97 const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index a7b40d1c60..365d397164 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
93 EVP_CIPHER_get_asn1_iv, 93 EVP_CIPHER_get_asn1_iv,
94 NULL) 94 NULL)
95 95
96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) 96#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
97 97
98IMPLEMENT_CAMELLIA_CFBR(128,1) 98IMPLEMENT_CAMELLIA_CFBR(128,1)
99IMPLEMENT_CAMELLIA_CFBR(192,1) 99IMPLEMENT_CAMELLIA_CFBR(192,1)
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 856323648c..04376df232 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -129,18 +129,21 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
129 } 129 }
130 130
131BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 131BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
132 EVP_CIPH_RAND_KEY, des_init_key, NULL, 132 EVP_CIPH_RAND_KEY,
133 des_init_key, NULL,
133 EVP_CIPHER_set_asn1_iv, 134 EVP_CIPHER_set_asn1_iv,
134 EVP_CIPHER_get_asn1_iv, 135 EVP_CIPHER_get_asn1_iv,
135 des_ctrl) 136 des_ctrl)
136 137
137BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, 138BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
138 EVP_CIPH_RAND_KEY, des_init_key,NULL, 139 EVP_CIPH_RAND_KEY,
140 des_init_key, NULL,
139 EVP_CIPHER_set_asn1_iv, 141 EVP_CIPHER_set_asn1_iv,
140 EVP_CIPHER_get_asn1_iv,des_ctrl) 142 EVP_CIPHER_get_asn1_iv,des_ctrl)
141 143
142BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, 144BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
143 EVP_CIPH_RAND_KEY,des_init_key,NULL, 145 EVP_CIPH_RAND_KEY,
146 des_init_key,NULL,
144 EVP_CIPHER_set_asn1_iv, 147 EVP_CIPHER_set_asn1_iv,
145 EVP_CIPHER_get_asn1_iv,des_ctrl) 148 EVP_CIPHER_get_asn1_iv,des_ctrl)
146 149
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index ac148efab2..f910af19b1 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -111,8 +111,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
111#ifdef KSSL_DEBUG 111#ifdef KSSL_DEBUG
112 { 112 {
113 int i; 113 int i;
114 char *cp; 114 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
115 printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
116 printf("\t iv= "); 115 printf("\t iv= ");
117 for(i=0;i<8;i++) 116 for(i=0;i<8;i++)
118 printf("%02X",ctx->iv[i]); 117 printf("%02X",ctx->iv[i]);
@@ -164,9 +163,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
164 } 163 }
165 164
166BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 165BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
167 EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 166 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
168 EVP_CIPHER_set_asn1_iv, 167 des_ede_init_key,
169 EVP_CIPHER_get_asn1_iv, 168 NULL, NULL, NULL,
170 des3_ctrl) 169 des3_ctrl)
171 170
172#define des_ede3_cfb64_cipher des_ede_cfb64_cipher 171#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
@@ -175,21 +174,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
175#define des_ede3_ecb_cipher des_ede_ecb_cipher 174#define des_ede3_ecb_cipher des_ede_ecb_cipher
176 175
177BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 176BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
178 EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 177 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
179 EVP_CIPHER_set_asn1_iv, 178 des_ede3_init_key,
180 EVP_CIPHER_get_asn1_iv, 179 NULL, NULL, NULL,
181 des3_ctrl) 180 des3_ctrl)
182 181
183BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, 182BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
184 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, 183 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
185 EVP_CIPHER_set_asn1_iv, 184 des_ede3_init_key,
186 EVP_CIPHER_get_asn1_iv, 185 NULL, NULL, NULL,
187 des3_ctrl) 186 des3_ctrl)
188 187
189BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, 188BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
190 EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, 189 EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
191 EVP_CIPHER_set_asn1_iv, 190 des_ede3_init_key,
192 EVP_CIPHER_get_asn1_iv, 191 NULL, NULL, NULL,
193 des3_ctrl) 192 des3_ctrl)
194 193
195static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 194static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -216,7 +215,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
216#ifdef KSSL_DEBUG 215#ifdef KSSL_DEBUG
217 { 216 {
218 int i; 217 int i;
219 printf("des_ede3_init_key(ctx=%lx)\n", ctx); 218 printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
220 printf("\tKEY= "); 219 printf("\tKEY= ");
221 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); 220 for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
222 printf("\t IV= "); 221 printf("\t IV= ");
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 5205259f18..0872d733e4 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
69 { 69 {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1,0,0,
72 0, 72 EVP_CIPH_FLAG_FIPS,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
75 NULL, 75 NULL,
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 67af850bea..55baad7446 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -64,6 +64,7 @@
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/objects.h> 65#include <openssl/objects.h>
66#include <openssl/rc4.h> 66#include <openssl/rc4.h>
67#include "evp_locl.h"
67 68
68/* FIXME: surely this is available elsewhere? */ 69/* FIXME: surely this is available elsewhere? */
69#define EVP_RC4_KEY_SIZE 16 70#define EVP_RC4_KEY_SIZE 16
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index bdd3b7ecaa..79c097181f 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -75,6 +75,10 @@
75#include <openssl/bio.h> 75#include <openssl/bio.h>
76#endif 76#endif
77 77
78#ifdef OPENSSL_FIPS
79#include <openssl/fips.h>
80#endif
81
78/* 82/*
79#define EVP_RC2_KEY_SIZE 16 83#define EVP_RC2_KEY_SIZE 16
80#define EVP_RC4_KEY_SIZE 16 84#define EVP_RC4_KEY_SIZE 16
@@ -250,9 +254,19 @@ typedef int evp_verify_method(int type,const unsigned char *m,
250 unsigned int m_length,const unsigned char *sigbuf, 254 unsigned int m_length,const unsigned char *sigbuf,
251 unsigned int siglen, void *key); 255 unsigned int siglen, void *key);
252 256
257typedef struct
258 {
259 EVP_MD_CTX *mctx;
260 void *key;
261 } EVP_MD_SVCTX;
262
253#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single 263#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
254 * block */ 264 * block */
255 265
266#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
267
268#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */
269
256#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} 270#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
257 271
258#ifndef OPENSSL_NO_DSA 272#ifndef OPENSSL_NO_DSA
@@ -303,6 +317,17 @@ struct env_md_ctx_st
303 * cleaned */ 317 * cleaned */
304#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 318#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
305 * in EVP_MD_CTX_cleanup */ 319 * in EVP_MD_CTX_cleanup */
320#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
321 * in FIPS mode */
322
323#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */
324#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
325#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
326#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
327#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
328 ((ctx->flags>>16) &0xFFFF) /* seed length */
329#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
330#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
306 331
307struct evp_cipher_st 332struct evp_cipher_st
308 { 333 {
@@ -347,6 +372,14 @@ struct evp_cipher_st
347#define EVP_CIPH_NO_PADDING 0x100 372#define EVP_CIPH_NO_PADDING 0x100
348/* cipher handles random key generation */ 373/* cipher handles random key generation */
349#define EVP_CIPH_RAND_KEY 0x200 374#define EVP_CIPH_RAND_KEY 0x200
375/* Note if suitable for use in FIPS mode */
376#define EVP_CIPH_FLAG_FIPS 0x400
377/* Allow non FIPS cipher in FIPS mode */
378#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
379/* Allow use default ASN1 get/set iv */
380#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
381/* Buffer length in bits not bytes: CFB1 mode only */
382#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
350 383
351/* ctrl() values */ 384/* ctrl() values */
352 385
@@ -429,6 +462,18 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
429#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) 462#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
430#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) 463#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
431 464
465/* Macros to reduce FIPS dependencies: do NOT use in applications */
466#define M_EVP_MD_size(e) ((e)->md_size)
467#define M_EVP_MD_block_size(e) ((e)->block_size)
468#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
469#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
470#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
471#define M_EVP_MD_type(e) ((e)->type)
472#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
473#define M_EVP_MD_CTX_md(e) ((e)->digest)
474
475#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
476
432int EVP_MD_type(const EVP_MD *md); 477int EVP_MD_type(const EVP_MD *md);
433#define EVP_MD_nid(e) EVP_MD_type(e) 478#define EVP_MD_nid(e) EVP_MD_type(e)
434#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) 479#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
@@ -524,6 +569,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
524 const unsigned char *salt, const unsigned char *data, 569 const unsigned char *salt, const unsigned char *data,
525 int datal, int count, unsigned char *key,unsigned char *iv); 570 int datal, int count, unsigned char *key,unsigned char *iv);
526 571
572void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
573void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
574int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
575
527int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, 576int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
528 const unsigned char *key, const unsigned char *iv); 577 const unsigned char *key, const unsigned char *iv);
529int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, 578int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
@@ -879,6 +928,24 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
879 EVP_PBE_KEYGEN *keygen); 928 EVP_PBE_KEYGEN *keygen);
880void EVP_PBE_cleanup(void); 929void EVP_PBE_cleanup(void);
881 930
931#ifdef OPENSSL_FIPS
932#ifndef OPENSSL_NO_ENGINE
933void int_EVP_MD_set_engine_callbacks(
934 int (*eng_md_init)(ENGINE *impl),
935 int (*eng_md_fin)(ENGINE *impl),
936 int (*eng_md_evp)
937 (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl));
938void int_EVP_MD_init_engine_callbacks(void);
939void int_EVP_CIPHER_set_engine_callbacks(
940 int (*eng_ciph_fin)(ENGINE *impl),
941 int (*eng_ciph_evp)
942 (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl));
943void int_EVP_CIPHER_init_engine_callbacks(void);
944#endif
945#endif
946
947void EVP_add_alg_module(void);
948
882/* BEGIN ERROR CODES */ 949/* BEGIN ERROR CODES */
883/* The following lines are auto generated by the script mkerr.pl. Any changes 950/* The following lines are auto generated by the script mkerr.pl. Any changes
884 * made after this point may be overwritten when the script is next run. 951 * made after this point may be overwritten when the script is next run.
@@ -889,16 +956,23 @@ void ERR_load_EVP_strings(void);
889 956
890/* Function codes. */ 957/* Function codes. */
891#define EVP_F_AES_INIT_KEY 133 958#define EVP_F_AES_INIT_KEY 133
959#define EVP_F_ALG_MODULE_INIT 138
892#define EVP_F_CAMELLIA_INIT_KEY 159 960#define EVP_F_CAMELLIA_INIT_KEY 159
893#define EVP_F_D2I_PKEY 100 961#define EVP_F_D2I_PKEY 100
962#define EVP_F_DO_EVP_ENC_ENGINE 140
963#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141
964#define EVP_F_DO_EVP_MD_ENGINE 139
965#define EVP_F_DO_EVP_MD_ENGINE_FULL 142
894#define EVP_F_DSAPKEY2PKCS8 134 966#define EVP_F_DSAPKEY2PKCS8 134
895#define EVP_F_DSA_PKEY2PKCS8 135 967#define EVP_F_DSA_PKEY2PKCS8 135
896#define EVP_F_ECDSA_PKEY2PKCS8 129 968#define EVP_F_ECDSA_PKEY2PKCS8 129
897#define EVP_F_ECKEY_PKEY2PKCS8 132 969#define EVP_F_ECKEY_PKEY2PKCS8 132
970#define EVP_F_EVP_CIPHERINIT 137
898#define EVP_F_EVP_CIPHERINIT_EX 123 971#define EVP_F_EVP_CIPHERINIT_EX 123
899#define EVP_F_EVP_CIPHER_CTX_CTRL 124 972#define EVP_F_EVP_CIPHER_CTX_CTRL 124
900#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 973#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
901#define EVP_F_EVP_DECRYPTFINAL_EX 101 974#define EVP_F_EVP_DECRYPTFINAL_EX 101
975#define EVP_F_EVP_DIGESTINIT 136
902#define EVP_F_EVP_DIGESTINIT_EX 128 976#define EVP_F_EVP_DIGESTINIT_EX 128
903#define EVP_F_EVP_ENCRYPTFINAL_EX 127 977#define EVP_F_EVP_ENCRYPTFINAL_EX 127
904#define EVP_F_EVP_MD_CTX_COPY_EX 110 978#define EVP_F_EVP_MD_CTX_COPY_EX 110
@@ -940,15 +1014,20 @@ void ERR_load_EVP_strings(void);
940#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 1014#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
941#define EVP_R_DECODE_ERROR 114 1015#define EVP_R_DECODE_ERROR 114
942#define EVP_R_DIFFERENT_KEY_TYPES 101 1016#define EVP_R_DIFFERENT_KEY_TYPES 101
1017#define EVP_R_DISABLED_FOR_FIPS 144
943#define EVP_R_ENCODE_ERROR 115 1018#define EVP_R_ENCODE_ERROR 115
1019#define EVP_R_ERROR_LOADING_SECTION 145
1020#define EVP_R_ERROR_SETTING_FIPS_MODE 146
944#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 1021#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
945#define EVP_R_EXPECTING_AN_RSA_KEY 127 1022#define EVP_R_EXPECTING_AN_RSA_KEY 127
946#define EVP_R_EXPECTING_A_DH_KEY 128 1023#define EVP_R_EXPECTING_A_DH_KEY 128
947#define EVP_R_EXPECTING_A_DSA_KEY 129 1024#define EVP_R_EXPECTING_A_DSA_KEY 129
948#define EVP_R_EXPECTING_A_ECDSA_KEY 141 1025#define EVP_R_EXPECTING_A_ECDSA_KEY 141
949#define EVP_R_EXPECTING_A_EC_KEY 142 1026#define EVP_R_EXPECTING_A_EC_KEY 142
1027#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147
950#define EVP_R_INITIALIZATION_ERROR 134 1028#define EVP_R_INITIALIZATION_ERROR 134
951#define EVP_R_INPUT_NOT_INITIALIZED 111 1029#define EVP_R_INPUT_NOT_INITIALIZED 111
1030#define EVP_R_INVALID_FIPS_MODE 148
952#define EVP_R_INVALID_KEY_LENGTH 130 1031#define EVP_R_INVALID_KEY_LENGTH 130
953#define EVP_R_IV_TOO_LARGE 102 1032#define EVP_R_IV_TOO_LARGE 102
954#define EVP_R_KEYGEN_FAILURE 120 1033#define EVP_R_KEYGEN_FAILURE 120
@@ -960,6 +1039,7 @@ void ERR_load_EVP_strings(void);
960#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 1039#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
961#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 1040#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
962#define EVP_R_PUBLIC_KEY_NOT_RSA 106 1041#define EVP_R_PUBLIC_KEY_NOT_RSA 106
1042#define EVP_R_UNKNOWN_OPTION 149
963#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 1043#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
964#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 1044#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
965#define EVP_R_UNSUPPORTED_CIPHER 107 1045#define EVP_R_UNSUPPORTED_CIPHER 107
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index a1904993bf..30e0ca4d9f 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -66,13 +66,15 @@
66#endif 66#endif
67#include "evp_locl.h" 67#include "evp_locl.h"
68 68
69const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; 69#ifdef OPENSSL_FIPS
70 #define M_do_cipher(ctx, out, in, inl) \
71 EVP_Cipher(ctx,out,in,inl)
72#else
73 #define M_do_cipher(ctx, out, in, inl) \
74 ctx->cipher->do_cipher(ctx,out,in,inl)
75#endif
70 76
71void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) 77const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
72 {
73 memset(ctx,0,sizeof(EVP_CIPHER_CTX));
74 /* ctx->cipher=NULL; */
75 }
76 78
77EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) 79EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
78 { 80 {
@@ -90,144 +92,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
90 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 92 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
91 } 93 }
92 94
93int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
94 const unsigned char *key, const unsigned char *iv, int enc)
95 {
96 if (enc == -1)
97 enc = ctx->encrypt;
98 else
99 {
100 if (enc)
101 enc = 1;
102 ctx->encrypt = enc;
103 }
104#ifndef OPENSSL_NO_ENGINE
105 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
106 * so this context may already have an ENGINE! Try to avoid releasing
107 * the previous handle, re-querying for an ENGINE, and having a
108 * reinitialisation, when it may all be unecessary. */
109 if (ctx->engine && ctx->cipher && (!cipher ||
110 (cipher && (cipher->nid == ctx->cipher->nid))))
111 goto skip_to_init;
112#endif
113 if (cipher)
114 {
115 /* Ensure a context left lying around from last time is cleared
116 * (the previous check attempted to avoid this if the same
117 * ENGINE and EVP_CIPHER could be used). */
118 EVP_CIPHER_CTX_cleanup(ctx);
119
120 /* Restore encrypt field: it is zeroed by cleanup */
121 ctx->encrypt = enc;
122#ifndef OPENSSL_NO_ENGINE
123 if(impl)
124 {
125 if (!ENGINE_init(impl))
126 {
127 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
128 return 0;
129 }
130 }
131 else
132 /* Ask if an ENGINE is reserved for this job */
133 impl = ENGINE_get_cipher_engine(cipher->nid);
134 if(impl)
135 {
136 /* There's an ENGINE for this job ... (apparently) */
137 const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
138 if(!c)
139 {
140 /* One positive side-effect of US's export
141 * control history, is that we should at least
142 * be able to avoid using US mispellings of
143 * "initialisation"? */
144 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
145 return 0;
146 }
147 /* We'll use the ENGINE's private cipher definition */
148 cipher = c;
149 /* Store the ENGINE functional reference so we know
150 * 'cipher' came from an ENGINE and we need to release
151 * it when done. */
152 ctx->engine = impl;
153 }
154 else
155 ctx->engine = NULL;
156#endif
157
158 ctx->cipher=cipher;
159 if (ctx->cipher->ctx_size)
160 {
161 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
162 if (!ctx->cipher_data)
163 {
164 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
165 return 0;
166 }
167 }
168 else
169 {
170 ctx->cipher_data = NULL;
171 }
172 ctx->key_len = cipher->key_len;
173 ctx->flags = 0;
174 if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
175 {
176 if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
177 {
178 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
179 return 0;
180 }
181 }
182 }
183 else if(!ctx->cipher)
184 {
185 EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
186 return 0;
187 }
188#ifndef OPENSSL_NO_ENGINE
189skip_to_init:
190#endif
191 /* we assume block size is a power of 2 in *cryptUpdate */
192 OPENSSL_assert(ctx->cipher->block_size == 1
193 || ctx->cipher->block_size == 8
194 || ctx->cipher->block_size == 16);
195
196 if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
197 switch(EVP_CIPHER_CTX_mode(ctx)) {
198
199 case EVP_CIPH_STREAM_CIPHER:
200 case EVP_CIPH_ECB_MODE:
201 break;
202
203 case EVP_CIPH_CFB_MODE:
204 case EVP_CIPH_OFB_MODE:
205
206 ctx->num = 0;
207
208 case EVP_CIPH_CBC_MODE:
209
210 OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
211 (int)sizeof(ctx->iv));
212 if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
213 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
214 break;
215
216 default:
217 return 0;
218 break;
219 }
220 }
221
222 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
223 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
224 }
225 ctx->buf_len=0;
226 ctx->final_used=0;
227 ctx->block_mask=ctx->cipher->block_size-1;
228 return 1;
229 }
230
231int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, 95int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
232 const unsigned char *in, int inl) 96 const unsigned char *in, int inl)
233 { 97 {
@@ -279,10 +143,15 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
279 { 143 {
280 int i,j,bl; 144 int i,j,bl;
281 145
282 OPENSSL_assert(inl > 0); 146 if (inl <= 0)
147 {
148 *outl = 0;
149 return inl == 0;
150 }
151
283 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) 152 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
284 { 153 {
285 if(ctx->cipher->do_cipher(ctx,out,in,inl)) 154 if(M_do_cipher(ctx,out,in,inl))
286 { 155 {
287 *outl=inl; 156 *outl=inl;
288 return 1; 157 return 1;
@@ -309,7 +178,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
309 { 178 {
310 j=bl-i; 179 j=bl-i;
311 memcpy(&(ctx->buf[i]),in,j); 180 memcpy(&(ctx->buf[i]),in,j);
312 if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; 181 if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
313 inl-=j; 182 inl-=j;
314 in+=j; 183 in+=j;
315 out+=bl; 184 out+=bl;
@@ -322,7 +191,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
322 inl-=i; 191 inl-=i;
323 if (inl > 0) 192 if (inl > 0)
324 { 193 {
325 if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; 194 if(!M_do_cipher(ctx,out,in,inl)) return 0;
326 *outl+=inl; 195 *outl+=inl;
327 } 196 }
328 197
@@ -366,7 +235,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
366 n=b-bl; 235 n=b-bl;
367 for (i=bl; i<b; i++) 236 for (i=bl; i<b; i++)
368 ctx->buf[i]=n; 237 ctx->buf[i]=n;
369 ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); 238 ret=M_do_cipher(ctx,out,ctx->buf,b);
370 239
371 240
372 if(ret) 241 if(ret)
@@ -381,10 +250,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
381 int fix_len; 250 int fix_len;
382 unsigned int b; 251 unsigned int b;
383 252
384 if (inl == 0) 253 if (inl <= 0)
385 { 254 {
386 *outl=0; 255 *outl = 0;
387 return 1; 256 return inl == 0;
388 } 257 }
389 258
390 if (ctx->flags & EVP_CIPH_NO_PADDING) 259 if (ctx->flags & EVP_CIPH_NO_PADDING)
@@ -488,28 +357,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
488 } 357 }
489 } 358 }
490 359
491int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
492 {
493 if (c->cipher != NULL)
494 {
495 if(c->cipher->cleanup && !c->cipher->cleanup(c))
496 return 0;
497 /* Cleanse cipher context data */
498 if (c->cipher_data)
499 OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
500 }
501 if (c->cipher_data)
502 OPENSSL_free(c->cipher_data);
503#ifndef OPENSSL_NO_ENGINE
504 if (c->engine)
505 /* The EVP_CIPHER we used belongs to an ENGINE, release the
506 * functional reference we held for this reason. */
507 ENGINE_finish(c->engine);
508#endif
509 memset(c,0,sizeof(EVP_CIPHER_CTX));
510 return 1;
511 }
512
513int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) 360int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
514 { 361 {
515 if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 362 if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
@@ -531,27 +378,6 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
531 return 1; 378 return 1;
532 } 379 }
533 380
534int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
535{
536 int ret;
537 if(!ctx->cipher) {
538 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
539 return 0;
540 }
541
542 if(!ctx->cipher->ctrl) {
543 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
544 return 0;
545 }
546
547 ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
548 if(ret == -1) {
549 EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
550 return 0;
551 }
552 return ret;
553}
554
555int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) 381int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
556 { 382 {
557 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 383 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -561,3 +387,54 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
561 return 1; 387 return 1;
562 } 388 }
563 389
390#ifndef OPENSSL_NO_ENGINE
391
392#ifdef OPENSSL_FIPS
393
394static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
395 {
396 if(impl)
397 {
398 if (!ENGINE_init(impl))
399 {
400 EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
401 return 0;
402 }
403 }
404 else
405 /* Ask if an ENGINE is reserved for this job */
406 impl = ENGINE_get_cipher_engine((*pcipher)->nid);
407 if(impl)
408 {
409 /* There's an ENGINE for this job ... (apparently) */
410 const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
411 if(!c)
412 {
413 /* One positive side-effect of US's export
414 * control history, is that we should at least
415 * be able to avoid using US mispellings of
416 * "initialisation"? */
417 EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
418 return 0;
419 }
420 /* We'll use the ENGINE's private cipher definition */
421 *pcipher = c;
422 /* Store the ENGINE functional reference so we know
423 * 'cipher' came from an ENGINE and we need to release
424 * it when done. */
425 ctx->engine = impl;
426 }
427 else
428 ctx->engine = NULL;
429 return 1;
430 }
431
432void int_EVP_CIPHER_init_engine_callbacks(void)
433 {
434 int_EVP_CIPHER_set_engine_callbacks(
435 ENGINE_finish, do_evp_enc_engine_full);
436 }
437
438#endif
439
440#endif
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index e8c9e8de9c..b5b900d4fe 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
1/* crypto/evp/evp_err.c */ 1/* crypto/evp/evp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -71,16 +71,23 @@
71static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
72 { 72 {
73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
74{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
74{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, 75{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
75{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, 76{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
77{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"},
78{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"},
79{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"},
80{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
76{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, 81{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
77{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, 82{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
78{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, 83{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
79{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, 84{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
85{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
80{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, 86{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
81{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, 87{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
82{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, 88{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
83{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, 89{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
90{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
84{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, 91{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
85{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, 92{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
86{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, 93{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
@@ -125,15 +132,20 @@ static ERR_STRING_DATA EVP_str_reasons[]=
125{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, 132{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
126{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, 133{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
127{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, 134{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
135{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
128{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, 136{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
137{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
138{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
129{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, 139{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
130{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, 140{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
131{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, 141{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
132{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, 142{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
133{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, 143{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
134{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, 144{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"},
145{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
135{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, 146{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
136{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, 147{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
148{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"},
137{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, 149{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
138{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, 150{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
139{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, 151{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
@@ -145,6 +157,8 @@ static ERR_STRING_DATA EVP_str_reasons[]=
145{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, 157{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
146{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, 158{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
147{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, 159{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
160{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
161{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"},
148{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, 162{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
149{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, 163{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
150{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, 164{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index edb28ef38e..174cf6c594 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
67 67
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
71 ret=EVP_CIPHER_set_asn1_iv(c, type);
70 else 72 else
71 ret=-1; 73 ret=-1;
72 return(ret); 74 return(ret);
@@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
78 80
79 if (c->cipher->get_asn1_parameters != NULL) 81 if (c->cipher->get_asn1_parameters != NULL)
80 ret=c->cipher->get_asn1_parameters(c,type); 82 ret=c->cipher->get_asn1_parameters(c,type);
83 else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
84 ret=EVP_CIPHER_get_asn1_iv(c, type);
81 else 85 else
82 ret=-1; 86 ret=-1;
83 return(ret); 87 return(ret);
@@ -178,11 +182,6 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
178 return ctx->cipher->block_size; 182 return ctx->cipher->block_size;
179 } 183 }
180 184
181int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
182 {
183 return ctx->cipher->do_cipher(ctx,out,in,inl);
184 }
185
186const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) 185const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
187 { 186 {
188 return ctx->cipher; 187 return ctx->cipher;
@@ -193,11 +192,6 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
193 return cipher->flags; 192 return cipher->flags;
194 } 193 }
195 194
196unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
197 {
198 return ctx->cipher->flags;
199 }
200
201void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) 195void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
202 { 196 {
203 return ctx->app_data; 197 return ctx->app_data;
@@ -213,11 +207,6 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
213 return cipher->iv_len; 207 return cipher->iv_len;
214 } 208 }
215 209
216int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
217 {
218 return ctx->cipher->iv_len;
219 }
220
221int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) 210int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
222 { 211 {
223 return cipher->key_len; 212 return cipher->key_len;
@@ -228,11 +217,6 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
228 return ctx->key_len; 217 return ctx->key_len;
229 } 218 }
230 219
231int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
232 {
233 return cipher->nid;
234 }
235
236int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) 220int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
237 { 221 {
238 return ctx->cipher->nid; 222 return ctx->cipher->nid;
@@ -277,3 +261,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
277 { 261 {
278 return (ctx->flags & flags); 262 return (ctx->flags & flags);
279 } 263 }
264
265void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
266 {
267 ctx->flags |= flags;
268 }
269
270void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
271 {
272 ctx->flags &= ~flags;
273 }
274
275int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
276 {
277 return (ctx->flags & flags);
278 }
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 073b0adcff..eabcc96f30 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,5 +1,5 @@
1/* evp_locl.h */ 1/* evp_locl.h */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
94{\ 94{\
95 cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ 95 cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
96 return 1;\ 96 return 1;\
97} 97}
98 98
@@ -226,11 +226,27 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
226 226
227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) 227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
228 228
229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ 229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
233 0, cipher##_init_key, NULL, \ 233 (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
234 EVP_CIPHER_set_asn1_iv, \ 234 cipher##_init_key, NULL, NULL, NULL, NULL)
235 EVP_CIPHER_get_asn1_iv, \ 235
236 NULL) 236#ifdef OPENSSL_FIPS
237#define RC2_set_key private_RC2_set_key
238#define RC4_set_key private_RC4_set_key
239#define CAST_set_key private_CAST_set_key
240#define RC5_32_set_key private_RC5_32_set_key
241#define BF_set_key private_BF_set_key
242#define Camellia_set_key private_Camellia_set_key
243#define idea_set_encrypt_key private_idea_set_encrypt_key
244
245#define MD5_Init private_MD5_Init
246#define MD4_Init private_MD4_Init
247#define MD2_Init private_MD2_Init
248#define MDC2_Init private_MDC2_Init
249#define SHA_Init private_SHA_Init
250
251#endif
252
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index c26d2de0f3..5e830be65f 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -1,5 +1,5 @@
1/* evp_pbe.c */ 1/* evp_pbe.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 0147f3e02a..10d9e9e772 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -1,5 +1,5 @@
1/* evp_pkey.c */ 1/* evp_pkey.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index a948c77fa4..6b0c0aa7a3 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
81 NID_dsaWithSHA, 81 NID_dsaWithSHA,
82 NID_dsaWithSHA, 82 NID_dsaWithSHA,
83 SHA_DIGEST_LENGTH, 83 SHA_DIGEST_LENGTH,
84 0, 84 EVP_MD_FLAG_FIPS,
85 init, 85 init,
86 update, 86 update,
87 final, 87 final,
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index c12e13972b..da8babc147 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,6 +68,8 @@
68#include <openssl/dsa.h> 68#include <openssl/dsa.h>
69#endif 69#endif
70 70
71#ifndef OPENSSL_FIPS
72
71static int init(EVP_MD_CTX *ctx) 73static int init(EVP_MD_CTX *ctx)
72 { return SHA1_Init(ctx->md_data); } 74 { return SHA1_Init(ctx->md_data); }
73 75
@@ -98,3 +100,4 @@ const EVP_MD *EVP_dss1(void)
98 return(&dss1_md); 100 return(&dss1_md);
99 } 101 }
100#endif 102#endif
103#endif
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 1e0b7c5b42..5cd2ab5ade 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -58,6 +58,7 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp_locl.h"
61 62
62#ifndef OPENSSL_NO_MD4 63#ifndef OPENSSL_NO_MD4
63 64
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 63c142119e..6455829671 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -62,6 +62,7 @@
62#ifndef OPENSSL_NO_MD5 62#ifndef OPENSSL_NO_MD5
63 63
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include "evp_locl.h"
65#include <openssl/objects.h> 66#include <openssl/objects.h>
66#include <openssl/x509.h> 67#include <openssl/x509.h>
67#include <openssl/md5.h> 68#include <openssl/md5.h>
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 4679b1c463..471ec30be0 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -68,6 +68,8 @@
68#include <openssl/rsa.h> 68#include <openssl/rsa.h>
69#endif 69#endif
70 70
71#ifndef OPENSSL_FIPS
72
71static int init(EVP_MD_CTX *ctx) 73static int init(EVP_MD_CTX *ctx)
72 { return SHA1_Init(ctx->md_data); } 74 { return SHA1_Init(ctx->md_data); }
73 75
@@ -97,7 +99,6 @@ const EVP_MD *EVP_sha1(void)
97 { 99 {
98 return(&sha1_md); 100 return(&sha1_md);
99 } 101 }
100#endif
101 102
102#ifndef OPENSSL_NO_SHA256 103#ifndef OPENSSL_NO_SHA256
103static int init224(EVP_MD_CTX *ctx) 104static int init224(EVP_MD_CTX *ctx)
@@ -202,3 +203,7 @@ static const EVP_MD sha512_md=
202const EVP_MD *EVP_sha512(void) 203const EVP_MD *EVP_sha512(void)
203 { return(&sha512_md); } 204 { return(&sha512_md); }
204#endif /* ifndef OPENSSL_NO_SHA512 */ 205#endif /* ifndef OPENSSL_NO_SHA512 */
206
207#endif
208
209#endif
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index 88c1e780dd..e2e04c3570 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
66 { 66 {
67 int r; 67 int r;
68 68
69#ifdef OPENSSL_FIPS
70 OPENSSL_init();
71#endif
72
69 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); 73 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
70 if (r == 0) return(0); 74 if (r == 0) return(0);
71 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); 75 r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
@@ -77,6 +81,9 @@ int EVP_add_digest(const EVP_MD *md)
77 int r; 81 int r;
78 const char *name; 82 const char *name;
79 83
84#ifdef OPENSSL_FIPS
85 OPENSSL_init();
86#endif
80 name=OBJ_nid2sn(md->type); 87 name=OBJ_nid2sn(md->type);
81 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); 88 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
82 if (r == 0) return(0); 89 if (r == 0) return(0);
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 48d50014a0..2a265fdee2 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -1,5 +1,5 @@
1/* p5_crpt.c */ 1/* p5_crpt.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index c969d5a206..6bec77baf9 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -1,5 +1,5 @@
1/* p5_crpt2.c */ 1/* p5_crpt2.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index e4ae5906f5..bf41a0db68 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -84,10 +84,6 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
84 MS_STATIC EVP_MD_CTX tmp_ctx; 84 MS_STATIC EVP_MD_CTX tmp_ctx;
85 85
86 *siglen=0; 86 *siglen=0;
87 EVP_MD_CTX_init(&tmp_ctx);
88 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
89 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
90 EVP_MD_CTX_cleanup(&tmp_ctx);
91 for (i=0; i<4; i++) 87 for (i=0; i<4; i++)
92 { 88 {
93 v=ctx->digest->required_pkey_type[i]; 89 v=ctx->digest->required_pkey_type[i];
@@ -108,7 +104,23 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
108 EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); 104 EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
109 return(0); 105 return(0);
110 } 106 }
111 return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, 107 EVP_MD_CTX_init(&tmp_ctx);
112 pkey->pkey.ptr)); 108 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
109 if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
110 {
111 EVP_MD_SVCTX sctmp;
112 sctmp.mctx = &tmp_ctx;
113 sctmp.key = pkey->pkey.ptr;
114 i = ctx->digest->sign(ctx->digest->type,
115 NULL, -1, sigret, siglen, &sctmp);
116 }
117 else
118 {
119 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
120 i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
121 pkey->pkey.ptr);
122 }
123 EVP_MD_CTX_cleanup(&tmp_ctx);
124 return i;
113 } 125 }
114 126
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 21a40a375e..2d46dffe7e 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -85,17 +85,29 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
85 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); 85 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
86 return(-1); 86 return(-1);
87 } 87 }
88 EVP_MD_CTX_init(&tmp_ctx); 88 if (ctx->digest->verify == NULL)
89 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
90 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
91 EVP_MD_CTX_cleanup(&tmp_ctx);
92 if (ctx->digest->verify == NULL)
93 { 89 {
94 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); 90 EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
95 return(0); 91 return(0);
96 } 92 }
97 93
98 return(ctx->digest->verify(ctx->digest->type,m,m_len, 94 EVP_MD_CTX_init(&tmp_ctx);
99 sigbuf,siglen,pkey->pkey.ptr)); 95 EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
96 if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
97 {
98 EVP_MD_SVCTX sctmp;
99 sctmp.mctx = &tmp_ctx;
100 sctmp.key = pkey->pkey.ptr;
101 i = ctx->digest->verify(ctx->digest->type,
102 NULL, -1, sigbuf, siglen, &sctmp);
103 }
104 else
105 {
106 EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
107 i = ctx->digest->verify(ctx->digest->type,m,m_len,
108 sigbuf,siglen,pkey->pkey.ptr);
109 }
110 EVP_MD_CTX_cleanup(&tmp_ctx);
111 return i;
100 } 112 }
101 113
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 07:20:30 +0000