diff options
Diffstat (limited to 'src/lib/libcrypto/evp/digest.c')
| -rw-r--r-- | src/lib/libcrypto/evp/digest.c | 61 |
1 files changed, 8 insertions, 53 deletions
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index f21c63842c..762e6d3450 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
| @@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | |||
| 137 | return EVP_DigestInit_ex(ctx, type, NULL); | 137 | return EVP_DigestInit_ex(ctx, type, NULL); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | #ifdef OPENSSL_FIPS | ||
| 141 | |||
| 142 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 143 | * algorithms in FIPS mode and ignore the errors. | ||
| 144 | */ | ||
| 145 | |||
| 146 | static int bad_init(EVP_MD_CTX *ctx) | ||
| 147 | { FIPS_ERROR_IGNORED("Digest init"); return 0;} | ||
| 148 | |||
| 149 | static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 150 | { FIPS_ERROR_IGNORED("Digest update"); return 0;} | ||
| 151 | |||
| 152 | static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 153 | { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | ||
| 154 | |||
| 155 | static const EVP_MD bad_md = | ||
| 156 | { | ||
| 157 | 0, | ||
| 158 | 0, | ||
| 159 | 0, | ||
| 160 | 0, | ||
| 161 | bad_init, | ||
| 162 | bad_update, | ||
| 163 | bad_final, | ||
| 164 | NULL, | ||
| 165 | NULL, | ||
| 166 | NULL, | ||
| 167 | 0, | ||
| 168 | {0,0,0,0}, | ||
| 169 | }; | ||
| 170 | |||
| 171 | #endif | ||
| 172 | |||
| 173 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 140 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
| 174 | { | 141 | { |
| 175 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 142 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
| @@ -192,7 +159,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 192 | { | 159 | { |
| 193 | if (!ENGINE_init(impl)) | 160 | if (!ENGINE_init(impl)) |
| 194 | { | 161 | { |
| 195 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | 162 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); |
| 196 | return 0; | 163 | return 0; |
| 197 | } | 164 | } |
| 198 | } | 165 | } |
| @@ -206,7 +173,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 206 | if(!d) | 173 | if(!d) |
| 207 | { | 174 | { |
| 208 | /* Same comment from evp_enc.c */ | 175 | /* Same comment from evp_enc.c */ |
| 209 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | 176 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); |
| 210 | return 0; | 177 | return 0; |
| 211 | } | 178 | } |
| 212 | /* We'll use the ENGINE's private digest definition */ | 179 | /* We'll use the ENGINE's private digest definition */ |
| @@ -222,24 +189,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 222 | else | 189 | else |
| 223 | if(!ctx->digest) | 190 | if(!ctx->digest) |
| 224 | { | 191 | { |
| 225 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); | 192 | EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); |
| 226 | return 0; | 193 | return 0; |
| 227 | } | 194 | } |
| 228 | #endif | 195 | #endif |
| 229 | if (ctx->digest != type) | 196 | if (ctx->digest != type) |
| 230 | { | 197 | { |
| 231 | #ifdef OPENSSL_FIPS | ||
| 232 | if (FIPS_mode()) | ||
| 233 | { | ||
| 234 | if (!(type->flags & EVP_MD_FLAG_FIPS) | ||
| 235 | && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | ||
| 236 | { | ||
| 237 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 238 | ctx->digest = &bad_md; | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | } | ||
| 242 | #endif | ||
| 243 | if (ctx->digest && ctx->digest->ctx_size) | 198 | if (ctx->digest && ctx->digest->ctx_size) |
| 244 | OPENSSL_free(ctx->md_data); | 199 | OPENSSL_free(ctx->md_data); |
| 245 | ctx->digest=type; | 200 | ctx->digest=type; |
| @@ -253,9 +208,9 @@ skip_to_init: | |||
| 253 | } | 208 | } |
| 254 | 209 | ||
| 255 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, | 210 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, |
| 256 | unsigned int count) | 211 | size_t count) |
| 257 | { | 212 | { |
| 258 | return ctx->digest->update(ctx,data,(unsigned long)count); | 213 | return ctx->digest->update(ctx,data,count); |
| 259 | } | 214 | } |
| 260 | 215 | ||
| 261 | /* The caller can assume that this removes any secret data from the context */ | 216 | /* The caller can assume that this removes any secret data from the context */ |
| @@ -296,14 +251,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 296 | unsigned char *tmp_buf; | 251 | unsigned char *tmp_buf; |
| 297 | if ((in == NULL) || (in->digest == NULL)) | 252 | if ((in == NULL) || (in->digest == NULL)) |
| 298 | { | 253 | { |
| 299 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); | 254 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); |
| 300 | return 0; | 255 | return 0; |
| 301 | } | 256 | } |
| 302 | #ifndef OPENSSL_NO_ENGINE | 257 | #ifndef OPENSSL_NO_ENGINE |
| 303 | /* Make sure it's safe to copy a digest context using an ENGINE */ | 258 | /* Make sure it's safe to copy a digest context using an ENGINE */ |
| 304 | if (in->engine && !ENGINE_init(in->engine)) | 259 | if (in->engine && !ENGINE_init(in->engine)) |
| 305 | { | 260 | { |
| 306 | EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); | 261 | EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); |
| 307 | return 0; | 262 | return 0; |
| 308 | } | 263 | } |
| 309 | #endif | 264 | #endif |
| @@ -330,7 +285,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |||
| 330 | return 1; | 285 | return 1; |
| 331 | } | 286 | } |
| 332 | 287 | ||
| 333 | int EVP_Digest(void *data, unsigned int count, | 288 | int EVP_Digest(const void *data, size_t count, |
| 334 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) | 289 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) |
| 335 | { | 290 | { |
| 336 | EVP_MD_CTX ctx; | 291 | EVP_MD_CTX ctx; |