resolve conflicts

author: djm <> 2012-10-13 21:25:14 +0000
committer: djm <> 2012-10-13 21:25:14 +0000
commit: 93723b50b639d8dc717bc1bf463fd46e1b321239 (patch)
tree: 281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libcrypto/hmac
parent: 65e72ac55a6405783db7a12d7e35a7561d46005b (diff)
download: openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.gz
openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.bz2
openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.zip
1 files changed, 37 insertions, 0 deletions
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 6c98fc43a3..ba27cbf56f 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,12 +61,34 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
        unsigned char pad[HMAC_MAX_MD_CBLOCK];
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode())
+                {
+                /* If we have an ENGINE need to allow non FIPS */
+                if ((impl || ctx->i_ctx.engine)
+                        &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                        {
+                        EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
+                        return 0;
+                        }
+                /* Other algorithm blocking will be done in FIPS_cmac_init,
+                 * via FIPS_hmac_init_ex().
+                 */
+                if (!impl && !ctx->i_ctx.engine)
+                        return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
+                }
+#endif
        if (md != NULL)
                {
                reset=1;
@@ -133,6 +155,10 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !ctx->i_ctx.engine)
+                return FIPS_hmac_update(ctx, data, len);
+#endif
        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
@@ -140,6 +166,10 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        unsigned int i;
        unsigned char buf[EVP_MAX_MD_SIZE];
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !ctx->i_ctx.engine)
+                return FIPS_hmac_final(ctx, md, len);
+#endif
        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                goto err;
@@ -179,6 +209,13 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !ctx->i_ctx.engine)
+                {
+                FIPS_hmac_ctx_cleanup(ctx);
+                return;
+                }
+#endif
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
        EVP_MD_CTX_cleanup(&ctx->o_ctx);
        EVP_MD_CTX_cleanup(&ctx->md_ctx);
author	djm <>	2012-10-13 21:25:14 +0000
committer	djm <>	2012-10-13 21:25:14 +0000
commit	93723b50b639d8dc717bc1bf463fd46e1b321239 (patch)
tree	281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libcrypto/hmac
parent	65e72ac55a6405783db7a12d7e35a7561d46005b (diff)
download	openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.gz openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.bz2 openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.zip

diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 6c98fc43a3..ba27cbf56f 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,12 +61,34 @@
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/hmac.h>	62	#include <openssl/hmac.h>
63		63
		64	#ifdef OPENSSL_FIPS
		65	#include <openssl/fips.h>
		66	#endif
		67
64	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int len,	68	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int len,
65	const EVP_MD md, ENGINE impl)	69	const EVP_MD md, ENGINE impl)
66	{	70	{
67	int i,j,reset=0;	71	int i,j,reset=0;
68	unsigned char pad[HMAC_MAX_MD_CBLOCK];	72	unsigned char pad[HMAC_MAX_MD_CBLOCK];
69		73
		74	#ifdef OPENSSL_FIPS
		75	if (FIPS_mode())
		76	{
		77	/* If we have an ENGINE need to allow non FIPS */
		78	if ((impl \|\| ctx->i_ctx.engine)
		79	&& !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
		80	{
		81	EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
		82	return 0;
		83	}
		84	/* Other algorithm blocking will be done in FIPS_cmac_init,
		85	* via FIPS_hmac_init_ex().
		86	*/
		87	if (!impl && !ctx->i_ctx.engine)
		88	return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
		89	}
		90	#endif
		91
70	if (md != NULL)	92	if (md != NULL)
71	{	93	{
72	reset=1;	94	reset=1;
@@ -133,6 +155,10 @@ int HMAC_Init(HMAC_CTX ctx, const void key, int len, const EVP_MD *md)
133		155
134	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, size_t len)	156	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, size_t len)
135	{	157	{
		158	#ifdef OPENSSL_FIPS
		159	if (FIPS_mode() && !ctx->i_ctx.engine)
		160	return FIPS_hmac_update(ctx, data, len);
		161	#endif
136	return EVP_DigestUpdate(&ctx->md_ctx,data,len);	162	return EVP_DigestUpdate(&ctx->md_ctx,data,len);
137	}	163	}
138		164
@@ -140,6 +166,10 @@ int HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len)
140	{	166	{
141	unsigned int i;	167	unsigned int i;
142	unsigned char buf[EVP_MAX_MD_SIZE];	168	unsigned char buf[EVP_MAX_MD_SIZE];
		169	#ifdef OPENSSL_FIPS
		170	if (FIPS_mode() && !ctx->i_ctx.engine)
		171	return FIPS_hmac_final(ctx, md, len);
		172	#endif
143		173
144	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))	174	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
145	goto err;	175	goto err;
@@ -179,6 +209,13 @@ int HMAC_CTX_copy(HMAC_CTX dctx, HMAC_CTX sctx)
179		209
180	void HMAC_CTX_cleanup(HMAC_CTX *ctx)	210	void HMAC_CTX_cleanup(HMAC_CTX *ctx)
181	{	211	{
		212	#ifdef OPENSSL_FIPS
		213	if (FIPS_mode() && !ctx->i_ctx.engine)
		214	{
		215	FIPS_hmac_ctx_cleanup(ctx);
		216	return;
		217	}
		218	#endif
182	EVP_MD_CTX_cleanup(&ctx->i_ctx);	219	EVP_MD_CTX_cleanup(&ctx->i_ctx);
183	EVP_MD_CTX_cleanup(&ctx->o_ctx);	220	EVP_MD_CTX_cleanup(&ctx->o_ctx);
184	EVP_MD_CTX_cleanup(&ctx->md_ctx);	221	EVP_MD_CTX_cleanup(&ctx->md_ctx);