diff options
| author | djm <> | 2006-06-27 05:05:42 +0000 |
|---|---|---|
| committer | djm <> | 2006-06-27 05:05:42 +0000 |
| commit | f6198d4d0ab97685dc56be2d48715ed39fcc74b9 (patch) | |
| tree | 6e28360095ed5ba5ef1760a419c43eef4ef6946b /src/lib/libcrypto/evp | |
| parent | 0ff0f9d99c40072de315264b0f602bd639e7f662 (diff) | |
| download | openbsd-f6198d4d0ab97685dc56be2d48715ed39fcc74b9.tar.gz openbsd-f6198d4d0ab97685dc56be2d48715ed39fcc74b9.tar.bz2 openbsd-f6198d4d0ab97685dc56be2d48715ed39fcc74b9.zip | |
import of openssl-0.9.7j
Diffstat (limited to 'src/lib/libcrypto/evp')
| -rw-r--r-- | src/lib/libcrypto/evp/bio_enc.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/e_aes.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/encode.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp.h | 20 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp_err.c | 158 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp_key.c | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/m_dss1.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/m_sha1.c | 119 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/p5_crpt2.c | 11 |
9 files changed, 242 insertions, 88 deletions
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index ab81851503..b8cda1a9f0 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c | |||
| @@ -71,7 +71,7 @@ static int enc_new(BIO *h); | |||
| 71 | static int enc_free(BIO *data); | 71 | static int enc_free(BIO *data); |
| 72 | static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); | 72 | static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); |
| 73 | #define ENC_BLOCK_SIZE (1024*4) | 73 | #define ENC_BLOCK_SIZE (1024*4) |
| 74 | #define BUF_OFFSET EVP_MAX_BLOCK_LENGTH | 74 | #define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) |
| 75 | 75 | ||
| 76 | typedef struct enc_struct | 76 | typedef struct enc_struct |
| 77 | { | 77 | { |
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index f35036c9d7..7b67984fa1 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -86,9 +86,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, | |||
| 86 | 86 | ||
| 87 | #define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) | 87 | #define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) |
| 88 | 88 | ||
| 89 | IMPLEMENT_AES_CFBR(128,1,0) | 89 | IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) |
| 90 | IMPLEMENT_AES_CFBR(192,1,0) | 90 | IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) |
| 91 | IMPLEMENT_AES_CFBR(256,1,0) | 91 | IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) |
| 92 | 92 | ||
| 93 | IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) | 93 | IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) |
| 94 | IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) | 94 | IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) |
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 08209357ce..33e540087d 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c | |||
| @@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, | |||
| 313 | /* There will never be more than two '=' */ | 313 | /* There will never be more than two '=' */ |
| 314 | } | 314 | } |
| 315 | 315 | ||
| 316 | if ((v == B64_EOF) || (n >= 64)) | 316 | if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) |
| 317 | { | 317 | { |
| 318 | /* This is needed to work correctly on 64 byte input | 318 | /* This is needed to work correctly on 64 byte input |
| 319 | * lines. We process the line and then need to | 319 | * lines. We process the line and then need to |
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 5cde88ae76..56eec23fef 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -84,7 +84,11 @@ | |||
| 84 | #include <openssl/md5.h> | 84 | #include <openssl/md5.h> |
| 85 | #endif | 85 | #endif |
| 86 | #ifndef OPENSSL_NO_SHA | 86 | #ifndef OPENSSL_NO_SHA |
| 87 | #ifndef OPENSSL_FIPS | ||
| 87 | #include <openssl/sha.h> | 88 | #include <openssl/sha.h> |
| 89 | #else | ||
| 90 | #include <openssl/fips_sha.h> | ||
| 91 | #endif | ||
| 88 | #endif | 92 | #endif |
| 89 | #ifndef OPENSSL_NO_RIPEMD | 93 | #ifndef OPENSSL_NO_RIPEMD |
| 90 | #include <openssl/ripemd.h> | 94 | #include <openssl/ripemd.h> |
| @@ -128,7 +132,11 @@ | |||
| 128 | #define EVP_CAST5_KEY_SIZE 16 | 132 | #define EVP_CAST5_KEY_SIZE 16 |
| 129 | #define EVP_RC5_32_12_16_KEY_SIZE 16 | 133 | #define EVP_RC5_32_12_16_KEY_SIZE 16 |
| 130 | */ | 134 | */ |
| 131 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ | 135 | #ifdef OPENSSL_FIPS |
| 136 | #define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */ | ||
| 137 | #else | ||
| 138 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ | ||
| 139 | #endif | ||
| 132 | #define EVP_MAX_KEY_LENGTH 32 | 140 | #define EVP_MAX_KEY_LENGTH 32 |
| 133 | #define EVP_MAX_IV_LENGTH 16 | 141 | #define EVP_MAX_IV_LENGTH 16 |
| 134 | #define EVP_MAX_BLOCK_LENGTH 32 | 142 | #define EVP_MAX_BLOCK_LENGTH 32 |
| @@ -642,6 +650,16 @@ const EVP_MD *EVP_sha(void); | |||
| 642 | const EVP_MD *EVP_sha1(void); | 650 | const EVP_MD *EVP_sha1(void); |
| 643 | const EVP_MD *EVP_dss(void); | 651 | const EVP_MD *EVP_dss(void); |
| 644 | const EVP_MD *EVP_dss1(void); | 652 | const EVP_MD *EVP_dss1(void); |
| 653 | #ifdef OPENSSL_FIPS | ||
| 654 | #ifndef OPENSSL_NO_SHA256 | ||
| 655 | const EVP_MD *EVP_sha224(void); | ||
| 656 | const EVP_MD *EVP_sha256(void); | ||
| 657 | #endif | ||
| 658 | #ifndef OPENSSL_NO_SHA512 | ||
| 659 | const EVP_MD *EVP_sha384(void); | ||
| 660 | const EVP_MD *EVP_sha512(void); | ||
| 661 | #endif | ||
| 662 | #endif | ||
| 645 | #endif | 663 | #endif |
| 646 | #ifndef OPENSSL_NO_MDC2 | 664 | #ifndef OPENSSL_NO_MDC2 |
| 647 | const EVP_MD *EVP_mdc2(void); | 665 | const EVP_MD *EVP_mdc2(void); |
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 40135d0729..77eee070d3 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c | |||
| @@ -64,88 +64,92 @@ | |||
| 64 | 64 | ||
| 65 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 66 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 67 | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) | ||
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) | ||
| 70 | |||
| 67 | static ERR_STRING_DATA EVP_str_functs[]= | 71 | static ERR_STRING_DATA EVP_str_functs[]= |
| 68 | { | 72 | { |
| 69 | {ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, | 73 | {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, |
| 70 | {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, | 74 | {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, |
| 71 | {ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"}, | 75 | {ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, |
| 72 | {ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"}, | 76 | {ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, |
| 73 | {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, | 77 | {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, |
| 74 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, | 78 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, |
| 75 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, | 79 | {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, |
| 76 | {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, | 80 | {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"}, |
| 77 | {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, | 81 | {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, |
| 78 | {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, | 82 | {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"}, |
| 79 | {ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"}, | 83 | {ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"}, |
| 80 | {ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"}, | 84 | {ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"}, |
| 81 | {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, | 85 | {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"}, |
| 82 | {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, | 86 | {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, |
| 83 | {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, | 87 | {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, |
| 84 | {ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, | 88 | {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, |
| 85 | {ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, | 89 | {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, |
| 86 | {ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, | 90 | {ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"}, |
| 87 | {ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, | 91 | {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, |
| 88 | {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, | 92 | {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, |
| 89 | {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, | 93 | {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, |
| 90 | {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, | 94 | {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, |
| 91 | {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, | 95 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, |
| 92 | {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, | 96 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, |
| 93 | {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, | 97 | {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, |
| 94 | {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, | 98 | {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, |
| 95 | {ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, | 99 | {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, |
| 96 | {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, | 100 | {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, |
| 97 | {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, | 101 | {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, |
| 98 | {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, | 102 | {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, |
| 99 | {ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, | 103 | {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, |
| 100 | {ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, | 104 | {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, |
| 101 | {ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, | 105 | {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, |
| 102 | {0,NULL} | 106 | {0,NULL} |
| 103 | }; | 107 | }; |
| 104 | 108 | ||
| 105 | static ERR_STRING_DATA EVP_str_reasons[]= | 109 | static ERR_STRING_DATA EVP_str_reasons[]= |
| 106 | { | 110 | { |
| 107 | {EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"}, | 111 | {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, |
| 108 | {EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, | 112 | {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, |
| 109 | {EVP_R_BAD_DECRYPT ,"bad decrypt"}, | 113 | {ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, |
| 110 | {EVP_R_BAD_KEY_LENGTH ,"bad key length"}, | 114 | {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, |
| 111 | {EVP_R_BN_DECODE_ERROR ,"bn decode error"}, | 115 | {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, |
| 112 | {EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, | 116 | {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, |
| 113 | {EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, | 117 | {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, |
| 114 | {EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, | 118 | {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, |
| 115 | {EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, | 119 | {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, |
| 116 | {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, | 120 | {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, |
| 117 | {EVP_R_DECODE_ERROR ,"decode error"}, | 121 | {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, |
| 118 | {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, | 122 | {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, |
| 119 | {EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"}, | 123 | {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, |
| 120 | {EVP_R_ENCODE_ERROR ,"encode error"}, | 124 | {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, |
| 121 | {EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, | 125 | {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, |
| 122 | {EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, | 126 | {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, |
| 123 | {EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, | 127 | {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, |
| 124 | {EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, | 128 | {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, |
| 125 | {EVP_R_INITIALIZATION_ERROR ,"initialization error"}, | 129 | {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, |
| 126 | {EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, | 130 | {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, |
| 127 | {EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, | 131 | {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, |
| 128 | {EVP_R_IV_TOO_LARGE ,"iv too large"}, | 132 | {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, |
| 129 | {EVP_R_KEYGEN_FAILURE ,"keygen failure"}, | 133 | {ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, |
| 130 | {EVP_R_MISSING_PARAMETERS ,"missing parameters"}, | 134 | {ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, |
| 131 | {EVP_R_NO_CIPHER_SET ,"no cipher set"}, | 135 | {ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, |
| 132 | {EVP_R_NO_DIGEST_SET ,"no digest set"}, | 136 | {ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, |
| 133 | {EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, | 137 | {ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, |
| 134 | {EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, | 138 | {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, |
| 135 | {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, | 139 | {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, |
| 136 | {EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, | 140 | {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, |
| 137 | {EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, | 141 | {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, |
| 138 | {EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, | 142 | {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, |
| 139 | {EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, | 143 | {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, |
| 140 | {EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, | 144 | {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, |
| 141 | {EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, | 145 | {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, |
| 142 | {EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, | 146 | {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, |
| 143 | {EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, | 147 | {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"}, |
| 144 | {EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, | 148 | {ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"}, |
| 145 | {EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, | 149 | {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"}, |
| 146 | {EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, | 150 | {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"}, |
| 147 | {EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, | 151 | {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, |
| 148 | {EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, | 152 | {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, |
| 149 | {0,NULL} | 153 | {0,NULL} |
| 150 | }; | 154 | }; |
| 151 | 155 | ||
| @@ -159,8 +163,8 @@ void ERR_load_EVP_strings(void) | |||
| 159 | { | 163 | { |
| 160 | init=0; | 164 | init=0; |
| 161 | #ifndef OPENSSL_NO_ERR | 165 | #ifndef OPENSSL_NO_ERR |
| 162 | ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); | 166 | ERR_load_strings(0,EVP_str_functs); |
| 163 | ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); | 167 | ERR_load_strings(0,EVP_str_reasons); |
| 164 | #endif | 168 | #endif |
| 165 | 169 | ||
| 166 | } | 170 | } |
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index 5f387a94d3..f8650d5df6 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c | |||
| @@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, | |||
| 126 | EVP_MD_CTX_init(&c); | 126 | EVP_MD_CTX_init(&c); |
| 127 | for (;;) | 127 | for (;;) |
| 128 | { | 128 | { |
| 129 | EVP_DigestInit_ex(&c,md, NULL); | 129 | if (!EVP_DigestInit_ex(&c,md, NULL)) |
| 130 | return 0; | ||
| 130 | if (addmd++) | 131 | if (addmd++) |
| 131 | EVP_DigestUpdate(&c,&(md_buf[0]),mds); | 132 | EVP_DigestUpdate(&c,&(md_buf[0]),mds); |
| 132 | EVP_DigestUpdate(&c,data,datal); | 133 | EVP_DigestUpdate(&c,data,datal); |
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index f5668ebda0..23b90d0538 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c | |||
| @@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx) | |||
| 67 | { return SHA1_Init(ctx->md_data); } | 67 | { return SHA1_Init(ctx->md_data); } |
| 68 | 68 | ||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) |
| 70 | #ifndef OPENSSL_FIPS | ||
| 70 | { return SHA1_Update(ctx->md_data,data,count); } | 71 | { return SHA1_Update(ctx->md_data,data,count); } |
| 72 | #else | ||
| 73 | { | ||
| 74 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 75 | return SHA1_Update(ctx->md_data,data,count); | ||
| 76 | } | ||
| 77 | #endif | ||
| 71 | 78 | ||
| 72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 79 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
| 73 | { return SHA1_Final(md,ctx->md_data); } | 80 | { return SHA1_Final(md,ctx->md_data); } |
| @@ -77,7 +84,7 @@ static const EVP_MD dss1_md= | |||
| 77 | NID_dsa, | 84 | NID_dsa, |
| 78 | NID_dsaWithSHA1, | 85 | NID_dsaWithSHA1, |
| 79 | SHA_DIGEST_LENGTH, | 86 | SHA_DIGEST_LENGTH, |
| 80 | 0, | 87 | EVP_MD_FLAG_FIPS, |
| 81 | init, | 88 | init, |
| 82 | update, | 89 | update, |
| 83 | final, | 90 | final, |
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index fe4402389a..60da93873c 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c | |||
| @@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx) | |||
| 67 | { return SHA1_Init(ctx->md_data); } | 67 | { return SHA1_Init(ctx->md_data); } |
| 68 | 68 | ||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) |
| 70 | #ifndef OPENSSL_FIPS | ||
| 70 | { return SHA1_Update(ctx->md_data,data,count); } | 71 | { return SHA1_Update(ctx->md_data,data,count); } |
| 72 | #else | ||
| 73 | { | ||
| 74 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 75 | return SHA1_Update(ctx->md_data,data,count); | ||
| 76 | } | ||
| 77 | #endif | ||
| 71 | 78 | ||
| 72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | 79 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
| 73 | { return SHA1_Final(md,ctx->md_data); } | 80 | { return SHA1_Final(md,ctx->md_data); } |
| @@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void) | |||
| 93 | return(&sha1_md); | 100 | return(&sha1_md); |
| 94 | } | 101 | } |
| 95 | #endif | 102 | #endif |
| 103 | |||
| 104 | #ifdef OPENSSL_FIPS | ||
| 105 | #ifndef OPENSSL_NO_SHA256 | ||
| 106 | static int init224(EVP_MD_CTX *ctx) | ||
| 107 | { return SHA224_Init(ctx->md_data); } | ||
| 108 | static int init256(EVP_MD_CTX *ctx) | ||
| 109 | { return SHA256_Init(ctx->md_data); } | ||
| 110 | /* | ||
| 111 | * Even though there're separate SHA224_[Update|Final], we call | ||
| 112 | * SHA256 functions even in SHA224 context. This is what happens | ||
| 113 | * there anyway, so we can spare few CPU cycles:-) | ||
| 114 | */ | ||
| 115 | static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 116 | { | ||
| 117 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 118 | return SHA256_Update(ctx->md_data,data,count); | ||
| 119 | } | ||
| 120 | static int final256(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 121 | { return SHA256_Final(md,ctx->md_data); } | ||
| 122 | |||
| 123 | static const EVP_MD sha224_md= | ||
| 124 | { | ||
| 125 | NID_sha224, | ||
| 126 | NID_sha224WithRSAEncryption, | ||
| 127 | SHA224_DIGEST_LENGTH, | ||
| 128 | EVP_MD_FLAG_FIPS, | ||
| 129 | init224, | ||
| 130 | update256, | ||
| 131 | final256, | ||
| 132 | NULL, | ||
| 133 | NULL, | ||
| 134 | EVP_PKEY_RSA_method, | ||
| 135 | SHA256_CBLOCK, | ||
| 136 | sizeof(EVP_MD *)+sizeof(SHA256_CTX), | ||
| 137 | }; | ||
| 138 | |||
| 139 | const EVP_MD *EVP_sha224(void) | ||
| 140 | { return(&sha224_md); } | ||
| 141 | |||
| 142 | static const EVP_MD sha256_md= | ||
| 143 | { | ||
| 144 | NID_sha256, | ||
| 145 | NID_sha256WithRSAEncryption, | ||
| 146 | SHA256_DIGEST_LENGTH, | ||
| 147 | EVP_MD_FLAG_FIPS, | ||
| 148 | init256, | ||
| 149 | update256, | ||
| 150 | final256, | ||
| 151 | NULL, | ||
| 152 | NULL, | ||
| 153 | EVP_PKEY_RSA_method, | ||
| 154 | SHA256_CBLOCK, | ||
| 155 | sizeof(EVP_MD *)+sizeof(SHA256_CTX), | ||
| 156 | }; | ||
| 157 | |||
| 158 | const EVP_MD *EVP_sha256(void) | ||
| 159 | { return(&sha256_md); } | ||
| 160 | #endif /* ifndef OPENSSL_NO_SHA256 */ | ||
| 161 | |||
| 162 | #ifndef OPENSSL_NO_SHA512 | ||
| 163 | static int init384(EVP_MD_CTX *ctx) | ||
| 164 | { return SHA384_Init(ctx->md_data); } | ||
| 165 | static int init512(EVP_MD_CTX *ctx) | ||
| 166 | { return SHA512_Init(ctx->md_data); } | ||
| 167 | /* See comment in SHA224/256 section */ | ||
| 168 | static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 169 | { | ||
| 170 | OPENSSL_assert(sizeof(count)<=sizeof(size_t)); | ||
| 171 | return SHA512_Update(ctx->md_data,data,count); | ||
| 172 | } | ||
| 173 | static int final512(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 174 | { return SHA512_Final(md,ctx->md_data); } | ||
| 175 | |||
| 176 | static const EVP_MD sha384_md= | ||
| 177 | { | ||
| 178 | NID_sha384, | ||
| 179 | NID_sha384WithRSAEncryption, | ||
| 180 | SHA384_DIGEST_LENGTH, | ||
| 181 | EVP_MD_FLAG_FIPS, | ||
| 182 | init384, | ||
| 183 | update512, | ||
| 184 | final512, | ||
| 185 | NULL, | ||
| 186 | NULL, | ||
| 187 | EVP_PKEY_RSA_method, | ||
| 188 | SHA512_CBLOCK, | ||
| 189 | sizeof(EVP_MD *)+sizeof(SHA512_CTX), | ||
| 190 | }; | ||
| 191 | |||
| 192 | const EVP_MD *EVP_sha384(void) | ||
| 193 | { return(&sha384_md); } | ||
| 194 | |||
| 195 | static const EVP_MD sha512_md= | ||
| 196 | { | ||
| 197 | NID_sha512, | ||
| 198 | NID_sha512WithRSAEncryption, | ||
| 199 | SHA512_DIGEST_LENGTH, | ||
| 200 | EVP_MD_FLAG_FIPS, | ||
| 201 | init512, | ||
| 202 | update512, | ||
| 203 | final512, | ||
| 204 | NULL, | ||
| 205 | NULL, | ||
| 206 | EVP_PKEY_RSA_method, | ||
| 207 | SHA512_CBLOCK, | ||
| 208 | sizeof(EVP_MD *)+sizeof(SHA512_CTX), | ||
| 209 | }; | ||
| 210 | |||
| 211 | const EVP_MD *EVP_sha512(void) | ||
| 212 | { return(&sha512_md); } | ||
| 213 | #endif /* ifndef OPENSSL_NO_SHA512 */ | ||
| 214 | #endif /* ifdef OPENSSL_FIPS */ | ||
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 1f94e1ef88..1d5fabc4b2 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
| @@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 194 | 194 | ||
| 195 | /* Now decode key derivation function */ | 195 | /* Now decode key derivation function */ |
| 196 | 196 | ||
| 197 | if(!pbe2->keyfunc->parameter || | ||
| 198 | (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) | ||
| 199 | { | ||
| 200 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | ||
| 201 | goto err; | ||
| 202 | } | ||
| 203 | |||
| 197 | pbuf = pbe2->keyfunc->parameter->value.sequence->data; | 204 | pbuf = pbe2->keyfunc->parameter->value.sequence->data; |
| 198 | plen = pbe2->keyfunc->parameter->value.sequence->length; | 205 | plen = pbe2->keyfunc->parameter->value.sequence->length; |
| 199 | if(!pbe2->keyfunc->parameter || | 206 | if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { |
| 200 | (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) || | ||
| 201 | !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { | ||
| 202 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); | 207 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); |
| 203 | goto err; | 208 | goto err; |
| 204 | } | 209 | } |