1 files changed, 9 insertions, 86 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 0c54f05e6e..c268d25cb4 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,18 +64,8 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
-#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -125,14 +115,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                /* Ensure a context left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
                 * ENGINE and EVP_CIPHER could be used). */
-                if (ctx->cipher)
+                EVP_CIPHER_CTX_cleanup(ctx);
-                        {
-                        unsigned long flags = ctx->flags;
+                /* Restore encrypt field: it is zeroed by cleanup */
-                        EVP_CIPHER_CTX_cleanup(ctx);
+                ctx->encrypt = enc;
-                        /* Restore encrypt and flags */
-                        ctx->encrypt = enc;
-                        ctx->flags = flags;
-                        }
 #ifndef OPENSSL_NO_ENGINE
                if(impl)
                        {
@@ -169,10 +155,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        ctx->engine = NULL;
 #endif
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -206,10 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        OPENSSL_assert(ctx->cipher->block_size == 1
            || ctx->cipher->block_size == 8
@@ -236,13 +214,6 @@ skip_to_init:
                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                        break;
-                        case EVP_CIPH_CTR_MODE:
-                        ctx->num = 0;
-                        /* Don't reuse IV for CTR mode */
-                        if(iv)
-                                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-                        break;
                        default:
                        return 0;
                        break;
@@ -309,16 +280,6 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        {
        int i,j,bl;
-        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-                {
-                i = M_do_cipher(ctx, out, in, inl);
-                if (i < 0)
-                        return 0;
-                else
-                        *outl = i;
-                return 1;
-                }
        if (inl <= 0)
                {
                *outl = 0;
@@ -327,7 +288,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-                if(M_do_cipher(ctx,out,in,inl))
+                if(ctx->cipher->do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -354,7 +315,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                        if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -367,7 +328,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-                if(!M_do_cipher(ctx,out,in,inl)) return 0;
+                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
@@ -389,16 +350,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int n,ret;
        unsigned int i, b, bl;
-        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-                {
-                ret = M_do_cipher(ctx, out, NULL, 0);
-                if (ret < 0)
-                        return 0;
-                else 
-                        *outl = ret;
-                return 1;
-                }
        b=ctx->cipher->block_size;
        OPENSSL_assert(b <= sizeof ctx->buf);
        if (b == 1)
@@ -421,7 +372,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-        ret=M_do_cipher(ctx,out,ctx->buf,b);
+        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
        if(ret)
@@ -436,19 +387,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        int fix_len;
        unsigned int b;
-        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-                {
-                fix_len = M_do_cipher(ctx, out, in, inl);
-                if (fix_len < 0)
-                        {
-                        *outl = 0;
-                        return 0;
-                        }
-                else
-                        *outl = fix_len;
-                return 1;
-                }
        if (inl <= 0)
                {
                *outl = 0;
@@ -502,18 +440,8 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i,n;
        unsigned int b;
-        *outl=0;
-        if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-                {
-                i = M_do_cipher(ctx, out, NULL, 0);
-                if (i < 0)
-                        return 0;
-                else
-                        *outl = i;
-                return 1;
-                }
+        *outl=0;
        b=ctx->cipher->block_size;
        if (ctx->flags & EVP_CIPH_NO_PADDING)
                {
@@ -568,7 +496,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
-#ifndef OPENSSL_FIPS
        if (c->cipher != NULL)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,16 +506,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_cipher_ctx_cleanup(c);
-#endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;
        }

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 0c54f05e6e..c268d25cb4 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,18 +64,8 @@
64	#ifndef OPENSSL_NO_ENGINE	64	#ifndef OPENSSL_NO_ENGINE
65	#include <openssl/engine.h>	65	#include <openssl/engine.h>
66	#endif	66	#endif
67	#ifdef OPENSSL_FIPS
68	#include <openssl/fips.h>
69	#endif
70	#include "evp_locl.h"	67	#include "evp_locl.h"
71		68
72	#ifdef OPENSSL_FIPS
73	#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
74	#else
75	#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
76	#endif
77
78
79	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;	69	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
80		70
81	void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)	71	void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -125,14 +115,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
125	/* Ensure a context left lying around from last time is cleared	115	/* Ensure a context left lying around from last time is cleared
126	* (the previous check attempted to avoid this if the same	116	* (the previous check attempted to avoid this if the same
127	* ENGINE and EVP_CIPHER could be used). */	117	* ENGINE and EVP_CIPHER could be used). */
128	if (ctx->cipher)	118	EVP_CIPHER_CTX_cleanup(ctx);
129	{	119
130	unsigned long flags = ctx->flags;	120	/* Restore encrypt field: it is zeroed by cleanup */
131	EVP_CIPHER_CTX_cleanup(ctx);	121	ctx->encrypt = enc;
132	/* Restore encrypt and flags */
133	ctx->encrypt = enc;
134	ctx->flags = flags;
135	}
136	#ifndef OPENSSL_NO_ENGINE	122	#ifndef OPENSSL_NO_ENGINE
137	if(impl)	123	if(impl)
138	{	124	{
@@ -169,10 +155,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
169	ctx->engine = NULL;	155	ctx->engine = NULL;
170	#endif	156	#endif
171		157
172	#ifdef OPENSSL_FIPS
173	if (FIPS_mode())
174	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
175	#endif
176	ctx->cipher=cipher;	158	ctx->cipher=cipher;
177	if (ctx->cipher->ctx_size)	159	if (ctx->cipher->ctx_size)
178	{	160	{
@@ -206,10 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
206	#ifndef OPENSSL_NO_ENGINE	188	#ifndef OPENSSL_NO_ENGINE
207	skip_to_init:	189	skip_to_init:
208	#endif	190	#endif
209	#ifdef OPENSSL_FIPS
210	if (FIPS_mode())
211	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
212	#endif
213	/* we assume block size is a power of 2 in cryptUpdate /	191	/* we assume block size is a power of 2 in cryptUpdate /
214	OPENSSL_assert(ctx->cipher->block_size == 1	192	OPENSSL_assert(ctx->cipher->block_size == 1
215	\|\| ctx->cipher->block_size == 8	193	\|\| ctx->cipher->block_size == 8
@@ -236,13 +214,6 @@ skip_to_init:
236	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));	214	memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
237	break;	215	break;
238		216
239	case EVP_CIPH_CTR_MODE:
240	ctx->num = 0;
241	/* Don't reuse IV for CTR mode */
242	if(iv)
243	memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
244	break;
245
246	default:	217	default:
247	return 0;	218	return 0;
248	break;	219	break;
@@ -309,16 +280,6 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
309	{	280	{
310	int i,j,bl;	281	int i,j,bl;
311		282
312	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
313	{
314	i = M_do_cipher(ctx, out, in, inl);
315	if (i < 0)
316	return 0;
317	else
318	*outl = i;
319	return 1;
320	}
321
322	if (inl <= 0)	283	if (inl <= 0)
323	{	284	{
324	*outl = 0;	285	*outl = 0;
@@ -327,7 +288,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
327		288
328	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)	289	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
329	{	290	{
330	if(M_do_cipher(ctx,out,in,inl))	291	if(ctx->cipher->do_cipher(ctx,out,in,inl))
331	{	292	{
332	*outl=inl;	293	*outl=inl;
333	return 1;	294	return 1;
@@ -354,7 +315,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
354	{	315	{
355	j=bl-i;	316	j=bl-i;
356	memcpy(&(ctx->buf[i]),in,j);	317	memcpy(&(ctx->buf[i]),in,j);
357	if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;	318	if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
358	inl-=j;	319	inl-=j;
359	in+=j;	320	in+=j;
360	out+=bl;	321	out+=bl;
@@ -367,7 +328,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
367	inl-=i;	328	inl-=i;
368	if (inl > 0)	329	if (inl > 0)
369	{	330	{
370	if(!M_do_cipher(ctx,out,in,inl)) return 0;	331	if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
371	*outl+=inl;	332	*outl+=inl;
372	}	333	}
373		334
@@ -389,16 +350,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
389	int n,ret;	350	int n,ret;
390	unsigned int i, b, bl;	351	unsigned int i, b, bl;
391		352
392	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
393	{
394	ret = M_do_cipher(ctx, out, NULL, 0);
395	if (ret < 0)
396	return 0;
397	else
398	*outl = ret;
399	return 1;
400	}
401
402	b=ctx->cipher->block_size;	353	b=ctx->cipher->block_size;
403	OPENSSL_assert(b <= sizeof ctx->buf);	354	OPENSSL_assert(b <= sizeof ctx->buf);
404	if (b == 1)	355	if (b == 1)
@@ -421,7 +372,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
421	n=b-bl;	372	n=b-bl;
422	for (i=bl; i<b; i++)	373	for (i=bl; i<b; i++)
423	ctx->buf[i]=n;	374	ctx->buf[i]=n;
424	ret=M_do_cipher(ctx,out,ctx->buf,b);	375	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
425		376
426		377
427	if(ret)	378	if(ret)
@@ -436,19 +387,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
436	int fix_len;	387	int fix_len;
437	unsigned int b;	388	unsigned int b;
438		389
439	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
440	{
441	fix_len = M_do_cipher(ctx, out, in, inl);
442	if (fix_len < 0)
443	{
444	*outl = 0;
445	return 0;
446	}
447	else
448	*outl = fix_len;
449	return 1;
450	}
451
452	if (inl <= 0)	390	if (inl <= 0)
453	{	391	{
454	*outl = 0;	392	*outl = 0;
@@ -502,18 +440,8 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
502	{	440	{
503	int i,n;	441	int i,n;
504	unsigned int b;	442	unsigned int b;
505	*outl=0;
506
507	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
508	{
509	i = M_do_cipher(ctx, out, NULL, 0);
510	if (i < 0)
511	return 0;
512	else
513	*outl = i;
514	return 1;
515	}
516		443
		444	*outl=0;
517	b=ctx->cipher->block_size;	445	b=ctx->cipher->block_size;
518	if (ctx->flags & EVP_CIPH_NO_PADDING)	446	if (ctx->flags & EVP_CIPH_NO_PADDING)
519	{	447	{
@@ -568,7 +496,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
568		496
569	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)	497	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
570	{	498	{
571	#ifndef OPENSSL_FIPS
572	if (c->cipher != NULL)	499	if (c->cipher != NULL)
573	{	500	{
574	if(c->cipher->cleanup && !c->cipher->cleanup(c))	501	if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,16 +506,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
579	}	506	}
580	if (c->cipher_data)	507	if (c->cipher_data)
581	OPENSSL_free(c->cipher_data);	508	OPENSSL_free(c->cipher_data);
582	#endif
583	#ifndef OPENSSL_NO_ENGINE	509	#ifndef OPENSSL_NO_ENGINE
584	if (c->engine)	510	if (c->engine)
585	/* The EVP_CIPHER we used belongs to an ENGINE, release the	511	/* The EVP_CIPHER we used belongs to an ENGINE, release the
586	* functional reference we held for this reason. */	512	* functional reference we held for this reason. */
587	ENGINE_finish(c->engine);	513	ENGINE_finish(c->engine);
588	#endif	514	#endif
589	#ifdef OPENSSL_FIPS
590	FIPS_cipher_ctx_cleanup(c);
591	#endif
592	memset(c,0,sizeof(EVP_CIPHER_CTX));	515	memset(c,0,sizeof(EVP_CIPHER_CTX));
593	return 1;	516	return 1;
594	}	517	}