1 files changed, 60 insertions, 1 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 8ea5aa935d..f549eeb437 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -82,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
+#ifdef OPENSSL_FIPS
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+            const unsigned char *iv, int enc)
+        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, unsigned int inl)
+        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+/* NB: no cleanup because it is allowed after failed init */
+int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+static const EVP_CIPHER bad_cipher =
+        {
+        0,
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_do_cipher,
+        NULL,
+        0,
+        bad_set_asn1,
+        bad_get_asn1,
+        bad_ctrl,
+        NULL
+        };
+#endif
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
             const unsigned char *key, const unsigned char *iv, int enc)
        {
@@ -146,7 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                else
                        ctx->engine = NULL;
 #endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -210,6 +251,24 @@ skip_to_init:
                }
        }
+#ifdef OPENSSL_FIPS
+        /* After 'key' is set no further parameters changes are permissible.
+         * So only check for non FIPS enabling at this point.
+         */
+        if (key && FIPS_mode())
+                {
+                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                        {
+                        EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
+                        ERR_add_error_data(2, "cipher=",
+                                                EVP_CIPHER_name(ctx->cipher));
+                        ctx->cipher = &bad_cipher;
+                        return 0;
+                        }
+                }
+#endif
        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
        }

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 8ea5aa935d..f549eeb437 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -82,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
82	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);	82	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83	}	83	}
84		84
		85	#ifdef OPENSSL_FIPS
		86
		87	/* The purpose of these is to trap programs that attempt to use non FIPS
		88	* algorithms in FIPS mode and ignore the errors.
		89	*/
		90
		91	int bad_init(EVP_CIPHER_CTX ctx, const unsigned char key,
		92	const unsigned char *iv, int enc)
		93	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
		94
		95	int bad_do_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
		96	const unsigned char *in, unsigned int inl)
		97	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
		98
		99	/* NB: no cleanup because it is allowed after failed init */
		100
		101	int bad_set_asn1(EVP_CIPHER_CTX ctx, ASN1_TYPE typ)
		102	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
		103	int bad_get_asn1(EVP_CIPHER_CTX ctx, ASN1_TYPE typ)
		104	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
		105	int bad_ctrl(EVP_CIPHER_CTX ctx, int type, int arg, void ptr)
		106	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
		107
		108	static const EVP_CIPHER bad_cipher =
		109	{
		110	0,
		111	0,
		112	0,
		113	0,
		114	0,
		115	bad_init,
		116	bad_do_cipher,
		117	NULL,
		118	0,
		119	bad_set_asn1,
		120	bad_get_asn1,
		121	bad_ctrl,
		122	NULL
		123	};
		124
		125	#endif
		126
85	int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,	127	int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *impl,
86	const unsigned char key, const unsigned char iv, int enc)	128	const unsigned char key, const unsigned char iv, int enc)
87	{	129	{
@@ -146,7 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
146	else	188	else
147	ctx->engine = NULL;	189	ctx->engine = NULL;
148	#endif	190	#endif
149
150	ctx->cipher=cipher;	191	ctx->cipher=cipher;
151	if (ctx->cipher->ctx_size)	192	if (ctx->cipher->ctx_size)
152	{	193	{
@@ -210,6 +251,24 @@ skip_to_init:
210	}	251	}
211	}	252	}
212		253
		254	#ifdef OPENSSL_FIPS
		255	/* After 'key' is set no further parameters changes are permissible.
		256	* So only check for non FIPS enabling at this point.
		257	*/
		258	if (key && FIPS_mode())
		259	{
		260	if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
		261	& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
		262	{
		263	EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
		264	ERR_add_error_data(2, "cipher=",
		265	EVP_CIPHER_name(ctx->cipher));
		266	ctx->cipher = &bad_cipher;
		267	return 0;
		268	}
		269	}
		270	#endif
		271
213	if(key \|\| (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {	272	if(key \|\| (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
214	if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;	273	if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
215	}	274	}