diff options
Diffstat (limited to 'src/lib/libcrypto/evp/digest.c')
| -rw-r--r-- | src/lib/libcrypto/evp/digest.c | 61 |
1 files changed, 53 insertions, 8 deletions
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index 762e6d3450..f21c63842c 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
| @@ -137,6 +137,39 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | |||
| 137 | return EVP_DigestInit_ex(ctx, type, NULL); | 137 | return EVP_DigestInit_ex(ctx, type, NULL); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | #ifdef OPENSSL_FIPS | ||
| 141 | |||
| 142 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 143 | * algorithms in FIPS mode and ignore the errors. | ||
| 144 | */ | ||
| 145 | |||
| 146 | static int bad_init(EVP_MD_CTX *ctx) | ||
| 147 | { FIPS_ERROR_IGNORED("Digest init"); return 0;} | ||
| 148 | |||
| 149 | static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 150 | { FIPS_ERROR_IGNORED("Digest update"); return 0;} | ||
| 151 | |||
| 152 | static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 153 | { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | ||
| 154 | |||
| 155 | static const EVP_MD bad_md = | ||
| 156 | { | ||
| 157 | 0, | ||
| 158 | 0, | ||
| 159 | 0, | ||
| 160 | 0, | ||
| 161 | bad_init, | ||
| 162 | bad_update, | ||
| 163 | bad_final, | ||
| 164 | NULL, | ||
| 165 | NULL, | ||
| 166 | NULL, | ||
| 167 | 0, | ||
| 168 | {0,0,0,0}, | ||
| 169 | }; | ||
| 170 | |||
| 171 | #endif | ||
| 172 | |||
| 140 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 173 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
| 141 | { | 174 | { |
| 142 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 175 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
| @@ -159,7 +192,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 159 | { | 192 | { |
| 160 | if (!ENGINE_init(impl)) | 193 | if (!ENGINE_init(impl)) |
| 161 | { | 194 | { |
| 162 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); | 195 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); |
| 163 | return 0; | 196 | return 0; |
| 164 | } | 197 | } |
| 165 | } | 198 | } |
| @@ -173,7 +206,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 173 | if(!d) | 206 | if(!d) |
| 174 | { | 207 | { |
| 175 | /* Same comment from evp_enc.c */ | 208 | /* Same comment from evp_enc.c */ |
| 176 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); | 209 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); |
| 177 | return 0; | 210 | return 0; |
| 178 | } | 211 | } |
| 179 | /* We'll use the ENGINE's private digest definition */ | 212 | /* We'll use the ENGINE's private digest definition */ |
| @@ -189,12 +222,24 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 189 | else | 222 | else |
| 190 | if(!ctx->digest) | 223 | if(!ctx->digest) |
| 191 | { | 224 | { |
| 192 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); | 225 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); |
| 193 | return 0; | 226 | return 0; |
| 194 | } | 227 | } |
| 195 | #endif | 228 | #endif |
| 196 | if (ctx->digest != type) | 229 | if (ctx->digest != type) |
| 197 | { | 230 | { |
| 231 | #ifdef OPENSSL_FIPS | ||
| 232 | if (FIPS_mode()) | ||
| 233 | { | ||
| 234 | if (!(type->flags & EVP_MD_FLAG_FIPS) | ||
| 235 | && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | ||
| 236 | { | ||
| 237 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 238 | ctx->digest = &bad_md; | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | } | ||
| 242 | #endif | ||
| 198 | if (ctx->digest && ctx->digest->ctx_size) | 243 | if (ctx->digest && ctx->digest->ctx_size) |
| 199 | OPENSSL_free(ctx->md_data); | 244 | OPENSSL_free(ctx->md_data); |
| 200 | ctx->digest=type; | 245 | ctx->digest=type; |
| @@ -208,9 +253,9 @@ skip_to_init: | |||
| 208 | } | 253 | } |
| 209 | 254 | ||
| 210 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, | 255 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, |
| 211 | size_t count) | 256 | unsigned int count) |
| 212 | { | 257 | { |
| 213 | return ctx->digest->update(ctx,data,count); | 258 | return ctx->digest->update(ctx,data,(unsigned long)count); |
| 214 | } | 259 | } |
| 215 | 260 | ||
| 216 | /* The caller can assume that this removes any secret data from the context */ | 261 | /* The caller can assume that this removes any secret data from the context */ |
| @@ -251,14 +296,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 251 | unsigned char *tmp_buf; | 296 | unsigned char *tmp_buf; |
| 252 | if ((in == NULL) || (in->digest == NULL)) | 297 | if ((in == NULL) || (in->digest == NULL)) |
| 253 | { | 298 | { |
| 254 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); | 299 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); |
| 255 | return 0; | 300 | return 0; |
| 256 | } | 301 | } |
| 257 | #ifndef OPENSSL_NO_ENGINE | 302 | #ifndef OPENSSL_NO_ENGINE |
| 258 | /* Make sure it's safe to copy a digest context using an ENGINE */ | 303 | /* Make sure it's safe to copy a digest context using an ENGINE */ |
| 259 | if (in->engine && !ENGINE_init(in->engine)) | 304 | if (in->engine && !ENGINE_init(in->engine)) |
| 260 | { | 305 | { |
| 261 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); | 306 | EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); |
| 262 | return 0; | 307 | return 0; |
| 263 | } | 308 | } |
| 264 | #endif | 309 | #endif |
| @@ -285,7 +330,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 285 | return 1; | 330 | return 1; |
| 286 | } | 331 | } |
| 287 | 332 | ||
| 288 | int EVP_Digest(const void *data, size_t count, | 333 | int EVP_Digest(void *data, unsigned int count, |
| 289 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) | 334 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) |
| 290 | { | 335 | { |
| 291 | EVP_MD_CTX ctx; | 336 | EVP_MD_CTX ctx; |