1 files changed, 86 insertions, 9 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index c268d25cb4..0c54f05e6e 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,8 +64,18 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include "evp_locl.h"
+#ifdef OPENSSL_FIPS
+#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
+#else
+#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
+#endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -115,10 +125,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                /* Ensure a context left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
                 * ENGINE and EVP_CIPHER could be used). */
-                EVP_CIPHER_CTX_cleanup(ctx);
+                if (ctx->cipher)
+                        {
-                /* Restore encrypt field: it is zeroed by cleanup */
+                        unsigned long flags = ctx->flags;
-                ctx->encrypt = enc;
+                        EVP_CIPHER_CTX_cleanup(ctx);
+                        /* Restore encrypt and flags */
+                        ctx->encrypt = enc;
+                        ctx->flags = flags;
+                        }
 #ifndef OPENSSL_NO_ENGINE
                if(impl)
                        {
@@ -155,6 +169,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        ctx->engine = NULL;
 #endif
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -188,6 +206,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
 #endif
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode())
+                return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        OPENSSL_assert(ctx->cipher->block_size == 1
            || ctx->cipher->block_size == 8
@@ -214,6 +236,13 @@ skip_to_init:
                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                        break;
+                        case EVP_CIPH_CTR_MODE:
+                        ctx->num = 0;
+                        /* Don't reuse IV for CTR mode */
+                        if(iv)
+                                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
                        default:
                        return 0;
                        break;
@@ -280,6 +309,16 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        {
        int i,j,bl;
+        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+                {
+                i = M_do_cipher(ctx, out, in, inl);
+                if (i < 0)
+                        return 0;
+                else
+                        *outl = i;
+                return 1;
+                }
        if (inl <= 0)
                {
                *outl = 0;
@@ -288,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-                if(ctx->cipher->do_cipher(ctx,out,in,inl))
+                if(M_do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -315,7 +354,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                        if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -328,7 +367,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
+                if(!M_do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
@@ -350,6 +389,16 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int n,ret;
        unsigned int i, b, bl;
+        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+                {
+                ret = M_do_cipher(ctx, out, NULL, 0);
+                if (ret < 0)
+                        return 0;
+                else 
+                        *outl = ret;
+                return 1;
+                }
        b=ctx->cipher->block_size;
        OPENSSL_assert(b <= sizeof ctx->buf);
        if (b == 1)
@@ -372,7 +421,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+        ret=M_do_cipher(ctx,out,ctx->buf,b);
        if(ret)
@@ -387,6 +436,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        int fix_len;
        unsigned int b;
+        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+                {
+                fix_len = M_do_cipher(ctx, out, in, inl);
+                if (fix_len < 0)
+                        {
+                        *outl = 0;
+                        return 0;
+                        }
+                else
+                        *outl = fix_len;
+                return 1;
+                }
        if (inl <= 0)
                {
                *outl = 0;
@@ -440,8 +502,18 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i,n;
        unsigned int b;
        *outl=0;
+        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+                {
+                i = M_do_cipher(ctx, out, NULL, 0);
+                if (i < 0)
+                        return 0;
+                else
+                        *outl = i;
+                return 1;
+                }
        b=ctx->cipher->block_size;
        if (ctx->flags & EVP_CIPH_NO_PADDING)
                {
@@ -496,6 +568,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
+#ifndef OPENSSL_FIPS
        if (c->cipher != NULL)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -506,12 +579,16 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
+#endif
 #ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
 #endif
+#ifdef OPENSSL_FIPS
+        FIPS_cipher_ctx_cleanup(c);
+#endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;
        }

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index c268d25cb4..0c54f05e6e 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,8 +64,18 @@
64	#ifndef OPENSSL_NO_ENGINE	64	#ifndef OPENSSL_NO_ENGINE
65	#include <openssl/engine.h>	65	#include <openssl/engine.h>
66	#endif	66	#endif
		67	#ifdef OPENSSL_FIPS
		68	#include <openssl/fips.h>
		69	#endif
67	#include "evp_locl.h"	70	#include "evp_locl.h"
68		71
		72	#ifdef OPENSSL_FIPS
		73	#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
		74	#else
		75	#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
		76	#endif
		77
		78
69	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;	79	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
70		80
71	void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)	81	void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -115,10 +125,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
115	/* Ensure a context left lying around from last time is cleared	125	/* Ensure a context left lying around from last time is cleared
116	* (the previous check attempted to avoid this if the same	126	* (the previous check attempted to avoid this if the same
117	* ENGINE and EVP_CIPHER could be used). */	127	* ENGINE and EVP_CIPHER could be used). */
118	EVP_CIPHER_CTX_cleanup(ctx);	128	if (ctx->cipher)
119		129	{
120	/* Restore encrypt field: it is zeroed by cleanup */	130	unsigned long flags = ctx->flags;
121	ctx->encrypt = enc;	131	EVP_CIPHER_CTX_cleanup(ctx);
		132	/* Restore encrypt and flags */
		133	ctx->encrypt = enc;
		134	ctx->flags = flags;
		135	}
122	#ifndef OPENSSL_NO_ENGINE	136	#ifndef OPENSSL_NO_ENGINE
123	if(impl)	137	if(impl)
124	{	138	{
@@ -155,6 +169,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
155	ctx->engine = NULL;	169	ctx->engine = NULL;
156	#endif	170	#endif
157		171
		172	#ifdef OPENSSL_FIPS
		173	if (FIPS_mode())
		174	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
		175	#endif
158	ctx->cipher=cipher;	176	ctx->cipher=cipher;
159	if (ctx->cipher->ctx_size)	177	if (ctx->cipher->ctx_size)
160	{	178	{
@@ -188,6 +206,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
188	#ifndef OPENSSL_NO_ENGINE	206	#ifndef OPENSSL_NO_ENGINE
189	skip_to_init:	207	skip_to_init:
190	#endif	208	#endif
		209	#ifdef OPENSSL_FIPS
		210	if (FIPS_mode())
		211	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
		212	#endif
191	/* we assume block size is a power of 2 in cryptUpdate /	213	/* we assume block size is a power of 2 in cryptUpdate /
192	OPENSSL_assert(ctx->cipher->block_size == 1	214	OPENSSL_assert(ctx->cipher->block_size == 1
193	\|\| ctx->cipher->block_size == 8	215	\|\| ctx->cipher->block_size == 8
@@ -214,6 +236,13 @@ skip_to_init:
214	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));	236	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
215	break;	237	break;
216		238
		239	case EVP_CIPH_CTR_MODE:
		240	ctx->num = 0;
		241	/* Don't reuse IV for CTR mode */
		242	if(iv)
		243	memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
		244	break;
		245
217	default:	246	default:
218	return 0;	247	return 0;
219	break;	248	break;
@@ -280,6 +309,16 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
280	{	309	{
281	int i,j,bl;	310	int i,j,bl;
282		311
		312	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
		313	{
		314	i = M_do_cipher(ctx, out, in, inl);
		315	if (i < 0)
		316	return 0;
		317	else
		318	*outl = i;
		319	return 1;
		320	}
		321
283	if (inl <= 0)	322	if (inl <= 0)
284	{	323	{
285	*outl = 0;	324	*outl = 0;
@@ -288,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
288		327
289	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)	328	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
290	{	329	{
291	if(ctx->cipher->do_cipher(ctx,out,in,inl))	330	if(M_do_cipher(ctx,out,in,inl))
292	{	331	{
293	*outl=inl;	332	*outl=inl;
294	return 1;	333	return 1;
@@ -315,7 +354,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
315	{	354	{
316	j=bl-i;	355	j=bl-i;
317	memcpy(&(ctx->buf[i]),in,j);	356	memcpy(&(ctx->buf[i]),in,j);
318	if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;	357	if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
319	inl-=j;	358	inl-=j;
320	in+=j;	359	in+=j;
321	out+=bl;	360	out+=bl;
@@ -328,7 +367,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
328	inl-=i;	367	inl-=i;
329	if (inl > 0)	368	if (inl > 0)
330	{	369	{
331	if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;	370	if(!M_do_cipher(ctx,out,in,inl)) return 0;
332	*outl+=inl;	371	*outl+=inl;
333	}	372	}
334		373
@@ -350,6 +389,16 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
350	int n,ret;	389	int n,ret;
351	unsigned int i, b, bl;	390	unsigned int i, b, bl;
352		391
		392	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
		393	{
		394	ret = M_do_cipher(ctx, out, NULL, 0);
		395	if (ret < 0)
		396	return 0;
		397	else
		398	*outl = ret;
		399	return 1;
		400	}
		401
353	b=ctx->cipher->block_size;	402	b=ctx->cipher->block_size;
354	OPENSSL_assert(b <= sizeof ctx->buf);	403	OPENSSL_assert(b <= sizeof ctx->buf);
355	if (b == 1)	404	if (b == 1)
@@ -372,7 +421,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
372	n=b-bl;	421	n=b-bl;
373	for (i=bl; i<b; i++)	422	for (i=bl; i<b; i++)
374	ctx->buf[i]=n;	423	ctx->buf[i]=n;
375	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);	424	ret=M_do_cipher(ctx,out,ctx->buf,b);
376		425
377		426
378	if(ret)	427	if(ret)
@@ -387,6 +436,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
387	int fix_len;	436	int fix_len;
388	unsigned int b;	437	unsigned int b;
389		438
		439	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
		440	{
		441	fix_len = M_do_cipher(ctx, out, in, inl);
		442	if (fix_len < 0)
		443	{
		444	*outl = 0;
		445	return 0;
		446	}
		447	else
		448	*outl = fix_len;
		449	return 1;
		450	}
		451
390	if (inl <= 0)	452	if (inl <= 0)
391	{	453	{
392	*outl = 0;	454	*outl = 0;
@@ -440,8 +502,18 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
440	{	502	{
441	int i,n;	503	int i,n;
442	unsigned int b;	504	unsigned int b;
443
444	*outl=0;	505	*outl=0;
		506
		507	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
		508	{
		509	i = M_do_cipher(ctx, out, NULL, 0);
		510	if (i < 0)
		511	return 0;
		512	else
		513	*outl = i;
		514	return 1;
		515	}
		516
445	b=ctx->cipher->block_size;	517	b=ctx->cipher->block_size;
446	if (ctx->flags & EVP_CIPH_NO_PADDING)	518	if (ctx->flags & EVP_CIPH_NO_PADDING)
447	{	519	{
@@ -496,6 +568,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
496		568
497	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)	569	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
498	{	570	{
		571	#ifndef OPENSSL_FIPS
499	if (c->cipher != NULL)	572	if (c->cipher != NULL)
500	{	573	{
501	if(c->cipher->cleanup && !c->cipher->cleanup(c))	574	if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -506,12 +579,16 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
506	}	579	}
507	if (c->cipher_data)	580	if (c->cipher_data)
508	OPENSSL_free(c->cipher_data);	581	OPENSSL_free(c->cipher_data);
		582	#endif
509	#ifndef OPENSSL_NO_ENGINE	583	#ifndef OPENSSL_NO_ENGINE
510	if (c->engine)	584	if (c->engine)
511	/* The EVP_CIPHER we used belongs to an ENGINE, release the	585	/* The EVP_CIPHER we used belongs to an ENGINE, release the
512	* functional reference we held for this reason. */	586	* functional reference we held for this reason. */
513	ENGINE_finish(c->engine);	587	ENGINE_finish(c->engine);
514	#endif	588	#endif
		589	#ifdef OPENSSL_FIPS
		590	FIPS_cipher_ctx_cleanup(c);
		591	#endif
515	memset(c,0,sizeof(EVP_CIPHER_CTX));	592	memset(c,0,sizeof(EVP_CIPHER_CTX));
516	return 1;	593	return 1;
517	}	594	}