summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/evp/bio_md.c19
-rw-r--r--src/lib/libcrypto/evp/c_allc.c8
-rw-r--r--src/lib/libcrypto/evp/c_alld.c2
-rw-r--r--src/lib/libcrypto/evp/digest.c45
-rw-r--r--src/lib/libcrypto/evp/e_aes.c32
-rw-r--r--src/lib/libcrypto/evp/e_des.c43
-rw-r--r--src/lib/libcrypto/evp/e_des3.c51
-rw-r--r--src/lib/libcrypto/evp/e_null.c2
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c1
-rw-r--r--src/lib/libcrypto/evp/evp.h70
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c61
-rw-r--r--src/lib/libcrypto/evp/evp_err.c9
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c28
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h29
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c124
-rw-r--r--src/lib/libcrypto/evp/evp_test.c34
-rw-r--r--src/lib/libcrypto/evp/evptests.txt107
-rw-r--r--src/lib/libcrypto/evp/m_dss.c2
-rw-r--r--src/lib/libcrypto/evp/m_md2.c1
-rw-r--r--src/lib/libcrypto/evp/m_md4.c1
-rw-r--r--src/lib/libcrypto/evp/m_md5.c1
-rw-r--r--src/lib/libcrypto/evp/m_mdc2.c1
-rw-r--r--src/lib/libcrypto/evp/m_sha.c3
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c2
-rw-r--r--src/lib/libcrypto/evp/names.c3
25 files changed, 589 insertions, 90 deletions
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index c632dfb202..f4aa41ac4b 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -176,10 +176,11 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
176 { 176 {
177 case BIO_CTRL_RESET: 177 case BIO_CTRL_RESET:
178 if (b->init) 178 if (b->init)
179 EVP_DigestInit_ex(ctx,ctx->digest, NULL); 179 ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
180 else 180 else
181 ret=0; 181 ret=0;
182 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 182 if (ret > 0)
183 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
183 break; 184 break;
184 case BIO_C_GET_MD: 185 case BIO_C_GET_MD:
185 if (b->init) 186 if (b->init)
@@ -191,11 +192,12 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
191 ret=0; 192 ret=0;
192 break; 193 break;
193 case BIO_C_GET_MD_CTX: 194 case BIO_C_GET_MD_CTX:
195 pctx=ptr;
196 *pctx=ctx;
197 break;
198 case BIO_C_SET_MD_CTX:
194 if (b->init) 199 if (b->init)
195 { 200 b->ptr=ptr;
196 pctx=ptr;
197 *pctx=ctx;
198 }
199 else 201 else
200 ret=0; 202 ret=0;
201 break; 203 break;
@@ -207,8 +209,9 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
207 209
208 case BIO_C_SET_MD: 210 case BIO_C_SET_MD:
209 md=ptr; 211 md=ptr;
210 EVP_DigestInit_ex(ctx,md, NULL); 212 ret = EVP_DigestInit_ex(ctx,md, NULL);
211 b->init=1; 213 if (ret > 0)
214 b->init=1;
212 break; 215 break;
213 case BIO_CTRL_DUP: 216 case BIO_CTRL_DUP:
214 dbio=ptr; 217 dbio=ptr;
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
index 341a958fd4..fc96812365 100644
--- a/src/lib/libcrypto/evp/c_allc.c
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -67,6 +67,8 @@ void OpenSSL_add_all_ciphers(void)
67 67
68#ifndef OPENSSL_NO_DES 68#ifndef OPENSSL_NO_DES
69 EVP_add_cipher(EVP_des_cfb()); 69 EVP_add_cipher(EVP_des_cfb());
70 EVP_add_cipher(EVP_des_cfb1());
71 EVP_add_cipher(EVP_des_cfb8());
70 EVP_add_cipher(EVP_des_ede_cfb()); 72 EVP_add_cipher(EVP_des_ede_cfb());
71 EVP_add_cipher(EVP_des_ede3_cfb()); 73 EVP_add_cipher(EVP_des_ede3_cfb());
72 74
@@ -150,6 +152,8 @@ void OpenSSL_add_all_ciphers(void)
150 EVP_add_cipher(EVP_aes_128_ecb()); 152 EVP_add_cipher(EVP_aes_128_ecb());
151 EVP_add_cipher(EVP_aes_128_cbc()); 153 EVP_add_cipher(EVP_aes_128_cbc());
152 EVP_add_cipher(EVP_aes_128_cfb()); 154 EVP_add_cipher(EVP_aes_128_cfb());
155 EVP_add_cipher(EVP_aes_128_cfb1());
156 EVP_add_cipher(EVP_aes_128_cfb8());
153 EVP_add_cipher(EVP_aes_128_ofb()); 157 EVP_add_cipher(EVP_aes_128_ofb());
154#if 0 158#if 0
155 EVP_add_cipher(EVP_aes_128_ctr()); 159 EVP_add_cipher(EVP_aes_128_ctr());
@@ -159,6 +163,8 @@ void OpenSSL_add_all_ciphers(void)
159 EVP_add_cipher(EVP_aes_192_ecb()); 163 EVP_add_cipher(EVP_aes_192_ecb());
160 EVP_add_cipher(EVP_aes_192_cbc()); 164 EVP_add_cipher(EVP_aes_192_cbc());
161 EVP_add_cipher(EVP_aes_192_cfb()); 165 EVP_add_cipher(EVP_aes_192_cfb());
166 EVP_add_cipher(EVP_aes_192_cfb1());
167 EVP_add_cipher(EVP_aes_192_cfb8());
162 EVP_add_cipher(EVP_aes_192_ofb()); 168 EVP_add_cipher(EVP_aes_192_ofb());
163#if 0 169#if 0
164 EVP_add_cipher(EVP_aes_192_ctr()); 170 EVP_add_cipher(EVP_aes_192_ctr());
@@ -168,6 +174,8 @@ void OpenSSL_add_all_ciphers(void)
168 EVP_add_cipher(EVP_aes_256_ecb()); 174 EVP_add_cipher(EVP_aes_256_ecb());
169 EVP_add_cipher(EVP_aes_256_cbc()); 175 EVP_add_cipher(EVP_aes_256_cbc());
170 EVP_add_cipher(EVP_aes_256_cfb()); 176 EVP_add_cipher(EVP_aes_256_cfb());
177 EVP_add_cipher(EVP_aes_256_cfb1());
178 EVP_add_cipher(EVP_aes_256_cfb8());
171 EVP_add_cipher(EVP_aes_256_ofb()); 179 EVP_add_cipher(EVP_aes_256_ofb());
172#if 0 180#if 0
173 EVP_add_cipher(EVP_aes_256_ctr()); 181 EVP_add_cipher(EVP_aes_256_ctr());
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index be91cdb037..aae7bf7482 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -75,7 +75,7 @@ void OpenSSL_add_all_digests(void)
75 EVP_add_digest_alias(SN_md5,"ssl2-md5"); 75 EVP_add_digest_alias(SN_md5,"ssl2-md5");
76 EVP_add_digest_alias(SN_md5,"ssl3-md5"); 76 EVP_add_digest_alias(SN_md5,"ssl3-md5");
77#endif 77#endif
78#ifndef OPENSSL_NO_SHA 78#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
79 EVP_add_digest(EVP_sha()); 79 EVP_add_digest(EVP_sha());
80#ifndef OPENSSL_NO_DSA 80#ifndef OPENSSL_NO_DSA
81 EVP_add_digest(EVP_dss()); 81 EVP_add_digest(EVP_dss());
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 0623ddf1f0..f21c63842c 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -137,6 +137,39 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
137 return EVP_DigestInit_ex(ctx, type, NULL); 137 return EVP_DigestInit_ex(ctx, type, NULL);
138 } 138 }
139 139
140#ifdef OPENSSL_FIPS
141
142/* The purpose of these is to trap programs that attempt to use non FIPS
143 * algorithms in FIPS mode and ignore the errors.
144 */
145
146static int bad_init(EVP_MD_CTX *ctx)
147 { FIPS_ERROR_IGNORED("Digest init"); return 0;}
148
149static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
150 { FIPS_ERROR_IGNORED("Digest update"); return 0;}
151
152static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
153 { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
154
155static const EVP_MD bad_md =
156 {
157 0,
158 0,
159 0,
160 0,
161 bad_init,
162 bad_update,
163 bad_final,
164 NULL,
165 NULL,
166 NULL,
167 0,
168 {0,0,0,0},
169 };
170
171#endif
172
140int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) 173int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
141 { 174 {
142 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 175 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -195,6 +228,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
195#endif 228#endif
196 if (ctx->digest != type) 229 if (ctx->digest != type)
197 { 230 {
231#ifdef OPENSSL_FIPS
232 if (FIPS_mode())
233 {
234 if (!(type->flags & EVP_MD_FLAG_FIPS)
235 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
236 {
237 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
238 ctx->digest = &bad_md;
239 return 0;
240 }
241 }
242#endif
198 if (ctx->digest && ctx->digest->ctx_size) 243 if (ctx->digest && ctx->digest->ctx_size)
199 OPENSSL_free(ctx->md_data); 244 OPENSSL_free(ctx->md_data);
200 ctx->digest=type; 245 ctx->digest=type;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index fe8bcda631..f35036c9d7 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -67,34 +67,52 @@ typedef struct
67 67
68IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 68IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
69 NID_aes_128, 16, 16, 16, 128, 69 NID_aes_128, 16, 16, 16, 128,
70 0, aes_init_key, NULL, 70 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL,
71 EVP_CIPHER_set_asn1_iv, 71 EVP_CIPHER_set_asn1_iv,
72 EVP_CIPHER_get_asn1_iv, 72 EVP_CIPHER_get_asn1_iv,
73 NULL) 73 NULL)
74IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 74IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
75 NID_aes_192, 16, 24, 16, 128, 75 NID_aes_192, 16, 24, 16, 128,
76 0, aes_init_key, NULL, 76 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL,
77 EVP_CIPHER_set_asn1_iv, 77 EVP_CIPHER_set_asn1_iv,
78 EVP_CIPHER_get_asn1_iv, 78 EVP_CIPHER_get_asn1_iv,
79 NULL) 79 NULL)
80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
81 NID_aes_256, 16, 32, 16, 128, 81 NID_aes_256, 16, 32, 16, 128,
82 0, aes_init_key, NULL, 82 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL,
83 EVP_CIPHER_set_asn1_iv, 83 EVP_CIPHER_set_asn1_iv,
84 EVP_CIPHER_get_asn1_iv, 84 EVP_CIPHER_get_asn1_iv,
85 NULL) 85 NULL)
86 86
87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
88
89IMPLEMENT_AES_CFBR(128,1,0)
90IMPLEMENT_AES_CFBR(192,1,0)
91IMPLEMENT_AES_CFBR(256,1,0)
92
93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
95IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
96
87static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 97static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
88 const unsigned char *iv, int enc) { 98 const unsigned char *iv, int enc)
99 {
100 int ret;
89 101
90 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE 102 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
91 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE 103 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
92 || enc) 104 || enc)
93 AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); 105 ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
94 else 106 else
95 AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); 107 ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
108
109 if(ret < 0)
110 {
111 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
112 return 0;
113 }
96 114
97 return 1; 115 return 1;
98} 116 }
99 117
100#endif 118#endif
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 105266a4b3..46e2899825 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -56,9 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_DES
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#ifndef OPENSSL_NO_DES
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
@@ -92,20 +92,55 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
92 return 1; 92 return 1;
93} 93}
94 94
95static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 95static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl) 96 const unsigned char *in, unsigned int inl)
97{ 97{
98 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, 98 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
99 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 99 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
100 return 1; 100 return 1;
101} 101}
102 102
103/* Although we have a CFB-r implementation for DES, it doesn't pack the right
104 way, so wrap it here */
105static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
106 const unsigned char *in, unsigned int inl)
107 {
108 unsigned int n;
109 unsigned char c[1],d[1];
110
111 for(n=0 ; n < inl ; ++n)
112 {
113 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
114 DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
115 ctx->encrypt);
116 out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
117 }
118 return 1;
119 }
120
121static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
122 const unsigned char *in, unsigned int inl)
123 {
124 DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
125 ctx->encrypt);
126 return 1;
127 }
128
103BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 129BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
104 0, des_init_key, NULL, 130 EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
105 EVP_CIPHER_set_asn1_iv, 131 EVP_CIPHER_set_asn1_iv,
106 EVP_CIPHER_get_asn1_iv, 132 EVP_CIPHER_get_asn1_iv,
107 NULL) 133 NULL)
108 134
135BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
136 EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
137 EVP_CIPHER_set_asn1_iv,
138 EVP_CIPHER_get_asn1_iv,NULL)
139
140BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
141 EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
142 EVP_CIPHER_set_asn1_iv,
143 EVP_CIPHER_get_asn1_iv,NULL)
109 144
110static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 145static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
111 const unsigned char *iv, int enc) 146 const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 077860e7b6..677322bf02 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -56,9 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_DES
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#ifndef OPENSSL_NO_DES
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
@@ -85,7 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
85 const unsigned char *in, unsigned int inl) 85 const unsigned char *in, unsigned int inl)
86{ 86{
87 BLOCK_CIPHER_ecb_loop() 87 BLOCK_CIPHER_ecb_loop()
88 DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), 88 DES_ecb3_encrypt(in + i,out + i,
89 &data(ctx)->ks1, &data(ctx)->ks2, 89 &data(ctx)->ks1, &data(ctx)->ks2,
90 &data(ctx)->ks3, 90 &data(ctx)->ks3,
91 ctx->encrypt); 91 ctx->encrypt);
@@ -121,7 +121,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
121 return 1; 121 return 1;
122} 122}
123 123
124static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 124static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
125 const unsigned char *in, unsigned int inl) 125 const unsigned char *in, unsigned int inl)
126{ 126{
127 DES_ede3_cfb64_encrypt(in, out, (long)inl, 127 DES_ede3_cfb64_encrypt(in, out, (long)inl,
@@ -130,23 +130,62 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
130 return 1; 130 return 1;
131} 131}
132 132
133/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
134 way, so wrap it here */
135static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
136 const unsigned char *in, unsigned int inl)
137 {
138 unsigned int n;
139 unsigned char c[1],d[1];
140
141 for(n=0 ; n < inl ; ++n)
142 {
143 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
144 DES_ede3_cfb_encrypt(c,d,1,1,
145 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
146 (DES_cblock *)ctx->iv,ctx->encrypt);
147 out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
148 }
149
150 return 1;
151 }
152
153static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
154 const unsigned char *in, unsigned int inl)
155 {
156 DES_ede3_cfb_encrypt(in,out,8,inl,
157 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
158 (DES_cblock *)ctx->iv,ctx->encrypt);
159 return 1;
160 }
161
133BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 162BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
134 0, des_ede_init_key, NULL, 163 EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL,
135 EVP_CIPHER_set_asn1_iv, 164 EVP_CIPHER_set_asn1_iv,
136 EVP_CIPHER_get_asn1_iv, 165 EVP_CIPHER_get_asn1_iv,
137 NULL) 166 NULL)
138 167
139#define des_ede3_cfb_cipher des_ede_cfb_cipher 168#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
140#define des_ede3_ofb_cipher des_ede_ofb_cipher 169#define des_ede3_ofb_cipher des_ede_ofb_cipher
141#define des_ede3_cbc_cipher des_ede_cbc_cipher 170#define des_ede3_cbc_cipher des_ede_cbc_cipher
142#define des_ede3_ecb_cipher des_ede_ecb_cipher 171#define des_ede3_ecb_cipher des_ede_ecb_cipher
143 172
144BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 173BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
145 0, des_ede3_init_key, NULL, 174 EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL,
146 EVP_CIPHER_set_asn1_iv, 175 EVP_CIPHER_set_asn1_iv,
147 EVP_CIPHER_get_asn1_iv, 176 EVP_CIPHER_get_asn1_iv,
148 NULL) 177 NULL)
149 178
179BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
180 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
181 EVP_CIPHER_set_asn1_iv,
182 EVP_CIPHER_get_asn1_iv,NULL)
183
184BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
185 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
186 EVP_CIPHER_set_asn1_iv,
187 EVP_CIPHER_get_asn1_iv,NULL)
188
150static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 189static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
151 const unsigned char *iv, int enc) 190 const unsigned char *iv, int enc)
152 { 191 {
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 2420d7e5af..a84b0f14b1 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
69 { 69 {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1,0,0,
72 0, 72 EVP_CIPH_FLAG_FIPS,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
75 NULL, 75 NULL,
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index d58f507837..8aa70585b9 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -62,6 +62,7 @@
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include "evp_locl.h"
65#include <openssl/rc4.h> 66#include <openssl/rc4.h>
66 67
67/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index f9b48792ce..62d95354ef 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -75,6 +75,10 @@
75#include <openssl/bio.h> 75#include <openssl/bio.h>
76#endif 76#endif
77 77
78#ifdef OPENSSL_FIPS
79#include <openssl/fips.h>
80#endif
81
78/* 82/*
79#define EVP_RC2_KEY_SIZE 16 83#define EVP_RC2_KEY_SIZE 16
80#define EVP_RC4_KEY_SIZE 16 84#define EVP_RC4_KEY_SIZE 16
@@ -236,6 +240,7 @@ struct env_md_st
236 240
237#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single 241#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
238 * block */ 242 * block */
243#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
239 244
240#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} 245#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
241 246
@@ -278,6 +283,9 @@ struct env_md_ctx_st
278#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 283#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
279 * in EVP_MD_CTX_cleanup */ 284 * in EVP_MD_CTX_cleanup */
280 285
286#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
287 * in FIPS mode */
288
281struct evp_cipher_st 289struct evp_cipher_st
282 { 290 {
283 int nid; 291 int nid;
@@ -319,6 +327,10 @@ struct evp_cipher_st
319#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 327#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
320/* Don't use standard block padding */ 328/* Don't use standard block padding */
321#define EVP_CIPH_NO_PADDING 0x100 329#define EVP_CIPH_NO_PADDING 0x100
330/* Note if suitable for use in FIPS mode */
331#define EVP_CIPH_FLAG_FIPS 0x400
332/* Allow non FIPS cipher in FIPS mode */
333#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
322 334
323/* ctrl() values */ 335/* ctrl() values */
324 336
@@ -425,6 +437,9 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
425#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) 437#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
426#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) 438#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
427#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) 439#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags)
440#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
441#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
442#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
428#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) 443#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE)
429 444
430#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) 445#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
@@ -446,6 +461,7 @@ void BIO_set_md(BIO *,const EVP_MD *md);
446#endif 461#endif
447#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) 462#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
448#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) 463#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
464#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
449#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) 465#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
450#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) 466#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
451 467
@@ -587,9 +603,20 @@ const EVP_CIPHER *EVP_des_ede(void);
587const EVP_CIPHER *EVP_des_ede3(void); 603const EVP_CIPHER *EVP_des_ede3(void);
588const EVP_CIPHER *EVP_des_ede_ecb(void); 604const EVP_CIPHER *EVP_des_ede_ecb(void);
589const EVP_CIPHER *EVP_des_ede3_ecb(void); 605const EVP_CIPHER *EVP_des_ede3_ecb(void);
590const EVP_CIPHER *EVP_des_cfb(void); 606const EVP_CIPHER *EVP_des_cfb64(void);
591const EVP_CIPHER *EVP_des_ede_cfb(void); 607# define EVP_des_cfb EVP_des_cfb64
592const EVP_CIPHER *EVP_des_ede3_cfb(void); 608const EVP_CIPHER *EVP_des_cfb1(void);
609const EVP_CIPHER *EVP_des_cfb8(void);
610const EVP_CIPHER *EVP_des_ede_cfb64(void);
611# define EVP_des_ede_cfb EVP_des_ede_cfb64
612#if 0
613const EVP_CIPHER *EVP_des_ede_cfb1(void);
614const EVP_CIPHER *EVP_des_ede_cfb8(void);
615#endif
616const EVP_CIPHER *EVP_des_ede3_cfb64(void);
617# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
618const EVP_CIPHER *EVP_des_ede3_cfb1(void);
619const EVP_CIPHER *EVP_des_ede3_cfb8(void);
593const EVP_CIPHER *EVP_des_ofb(void); 620const EVP_CIPHER *EVP_des_ofb(void);
594const EVP_CIPHER *EVP_des_ede_ofb(void); 621const EVP_CIPHER *EVP_des_ede_ofb(void);
595const EVP_CIPHER *EVP_des_ede3_ofb(void); 622const EVP_CIPHER *EVP_des_ede3_ofb(void);
@@ -613,7 +640,8 @@ const EVP_CIPHER *EVP_rc4_40(void);
613#endif 640#endif
614#ifndef OPENSSL_NO_IDEA 641#ifndef OPENSSL_NO_IDEA
615const EVP_CIPHER *EVP_idea_ecb(void); 642const EVP_CIPHER *EVP_idea_ecb(void);
616const EVP_CIPHER *EVP_idea_cfb(void); 643const EVP_CIPHER *EVP_idea_cfb64(void);
644# define EVP_idea_cfb EVP_idea_cfb64
617const EVP_CIPHER *EVP_idea_ofb(void); 645const EVP_CIPHER *EVP_idea_ofb(void);
618const EVP_CIPHER *EVP_idea_cbc(void); 646const EVP_CIPHER *EVP_idea_cbc(void);
619#endif 647#endif
@@ -622,45 +650,58 @@ const EVP_CIPHER *EVP_rc2_ecb(void);
622const EVP_CIPHER *EVP_rc2_cbc(void); 650const EVP_CIPHER *EVP_rc2_cbc(void);
623const EVP_CIPHER *EVP_rc2_40_cbc(void); 651const EVP_CIPHER *EVP_rc2_40_cbc(void);
624const EVP_CIPHER *EVP_rc2_64_cbc(void); 652const EVP_CIPHER *EVP_rc2_64_cbc(void);
625const EVP_CIPHER *EVP_rc2_cfb(void); 653const EVP_CIPHER *EVP_rc2_cfb64(void);
654# define EVP_rc2_cfb EVP_rc2_cfb64
626const EVP_CIPHER *EVP_rc2_ofb(void); 655const EVP_CIPHER *EVP_rc2_ofb(void);
627#endif 656#endif
628#ifndef OPENSSL_NO_BF 657#ifndef OPENSSL_NO_BF
629const EVP_CIPHER *EVP_bf_ecb(void); 658const EVP_CIPHER *EVP_bf_ecb(void);
630const EVP_CIPHER *EVP_bf_cbc(void); 659const EVP_CIPHER *EVP_bf_cbc(void);
631const EVP_CIPHER *EVP_bf_cfb(void); 660const EVP_CIPHER *EVP_bf_cfb64(void);
661# define EVP_bf_cfb EVP_bf_cfb64
632const EVP_CIPHER *EVP_bf_ofb(void); 662const EVP_CIPHER *EVP_bf_ofb(void);
633#endif 663#endif
634#ifndef OPENSSL_NO_CAST 664#ifndef OPENSSL_NO_CAST
635const EVP_CIPHER *EVP_cast5_ecb(void); 665const EVP_CIPHER *EVP_cast5_ecb(void);
636const EVP_CIPHER *EVP_cast5_cbc(void); 666const EVP_CIPHER *EVP_cast5_cbc(void);
637const EVP_CIPHER *EVP_cast5_cfb(void); 667const EVP_CIPHER *EVP_cast5_cfb64(void);
668# define EVP_cast5_cfb EVP_cast5_cfb64
638const EVP_CIPHER *EVP_cast5_ofb(void); 669const EVP_CIPHER *EVP_cast5_ofb(void);
639#endif 670#endif
640#ifndef OPENSSL_NO_RC5 671#ifndef OPENSSL_NO_RC5
641const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); 672const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
642const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); 673const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
643const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); 674const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
675# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
644const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); 676const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
645#endif 677#endif
646#ifndef OPENSSL_NO_AES 678#ifndef OPENSSL_NO_AES
647const EVP_CIPHER *EVP_aes_128_ecb(void); 679const EVP_CIPHER *EVP_aes_128_ecb(void);
648const EVP_CIPHER *EVP_aes_128_cbc(void); 680const EVP_CIPHER *EVP_aes_128_cbc(void);
649const EVP_CIPHER *EVP_aes_128_cfb(void); 681const EVP_CIPHER *EVP_aes_128_cfb1(void);
682const EVP_CIPHER *EVP_aes_128_cfb8(void);
683const EVP_CIPHER *EVP_aes_128_cfb128(void);
684# define EVP_aes_128_cfb EVP_aes_128_cfb128
650const EVP_CIPHER *EVP_aes_128_ofb(void); 685const EVP_CIPHER *EVP_aes_128_ofb(void);
651#if 0 686#if 0
652const EVP_CIPHER *EVP_aes_128_ctr(void); 687const EVP_CIPHER *EVP_aes_128_ctr(void);
653#endif 688#endif
654const EVP_CIPHER *EVP_aes_192_ecb(void); 689const EVP_CIPHER *EVP_aes_192_ecb(void);
655const EVP_CIPHER *EVP_aes_192_cbc(void); 690const EVP_CIPHER *EVP_aes_192_cbc(void);
656const EVP_CIPHER *EVP_aes_192_cfb(void); 691const EVP_CIPHER *EVP_aes_192_cfb1(void);
692const EVP_CIPHER *EVP_aes_192_cfb8(void);
693const EVP_CIPHER *EVP_aes_192_cfb128(void);
694# define EVP_aes_192_cfb EVP_aes_192_cfb128
657const EVP_CIPHER *EVP_aes_192_ofb(void); 695const EVP_CIPHER *EVP_aes_192_ofb(void);
658#if 0 696#if 0
659const EVP_CIPHER *EVP_aes_192_ctr(void); 697const EVP_CIPHER *EVP_aes_192_ctr(void);
660#endif 698#endif
661const EVP_CIPHER *EVP_aes_256_ecb(void); 699const EVP_CIPHER *EVP_aes_256_ecb(void);
662const EVP_CIPHER *EVP_aes_256_cbc(void); 700const EVP_CIPHER *EVP_aes_256_cbc(void);
663const EVP_CIPHER *EVP_aes_256_cfb(void); 701const EVP_CIPHER *EVP_aes_256_cfb1(void);
702const EVP_CIPHER *EVP_aes_256_cfb8(void);
703const EVP_CIPHER *EVP_aes_256_cfb128(void);
704# define EVP_aes_256_cfb EVP_aes_256_cfb128
664const EVP_CIPHER *EVP_aes_256_ofb(void); 705const EVP_CIPHER *EVP_aes_256_ofb(void);
665#if 0 706#if 0
666const EVP_CIPHER *EVP_aes_256_ctr(void); 707const EVP_CIPHER *EVP_aes_256_ctr(void);
@@ -775,13 +816,18 @@ void ERR_load_EVP_strings(void);
775/* Error codes for the EVP functions. */ 816/* Error codes for the EVP functions. */
776 817
777/* Function codes. */ 818/* Function codes. */
819#define EVP_F_AES_INIT_KEY 129
778#define EVP_F_D2I_PKEY 100 820#define EVP_F_D2I_PKEY 100
821#define EVP_F_EVP_ADD_CIPHER 130
822#define EVP_F_EVP_ADD_DIGEST 131
779#define EVP_F_EVP_CIPHERINIT 123 823#define EVP_F_EVP_CIPHERINIT 123
780#define EVP_F_EVP_CIPHER_CTX_CTRL 124 824#define EVP_F_EVP_CIPHER_CTX_CTRL 124
781#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 825#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
782#define EVP_F_EVP_DECRYPTFINAL 101 826#define EVP_F_EVP_DECRYPTFINAL 101
783#define EVP_F_EVP_DIGESTINIT 128 827#define EVP_F_EVP_DIGESTINIT 128
784#define EVP_F_EVP_ENCRYPTFINAL 127 828#define EVP_F_EVP_ENCRYPTFINAL 127
829#define EVP_F_EVP_GET_CIPHERBYNAME 132
830#define EVP_F_EVP_GET_DIGESTBYNAME 133
785#define EVP_F_EVP_MD_CTX_COPY 110 831#define EVP_F_EVP_MD_CTX_COPY 110
786#define EVP_F_EVP_OPENINIT 102 832#define EVP_F_EVP_OPENINIT 102
787#define EVP_F_EVP_PBE_ALG_ADD 115 833#define EVP_F_EVP_PBE_ALG_ADD 115
@@ -805,6 +851,7 @@ void ERR_load_EVP_strings(void);
805#define EVP_F_RC5_CTRL 125 851#define EVP_F_RC5_CTRL 125
806 852
807/* Reason codes. */ 853/* Reason codes. */
854#define EVP_R_AES_KEY_SETUP_FAILED 140
808#define EVP_R_BAD_BLOCK_LENGTH 136 855#define EVP_R_BAD_BLOCK_LENGTH 136
809#define EVP_R_BAD_DECRYPT 100 856#define EVP_R_BAD_DECRYPT 100
810#define EVP_R_BAD_KEY_LENGTH 137 857#define EVP_R_BAD_KEY_LENGTH 137
@@ -816,6 +863,7 @@ void ERR_load_EVP_strings(void);
816#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 863#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
817#define EVP_R_DECODE_ERROR 114 864#define EVP_R_DECODE_ERROR 114
818#define EVP_R_DIFFERENT_KEY_TYPES 101 865#define EVP_R_DIFFERENT_KEY_TYPES 101
866#define EVP_R_DISABLED_FOR_FIPS 141
819#define EVP_R_ENCODE_ERROR 115 867#define EVP_R_ENCODE_ERROR 115
820#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 868#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
821#define EVP_R_EXPECTING_AN_RSA_KEY 127 869#define EVP_R_EXPECTING_AN_RSA_KEY 127
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 8ea5aa935d..f549eeb437 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -82,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83 } 83 }
84 84
85#ifdef OPENSSL_FIPS
86
87/* The purpose of these is to trap programs that attempt to use non FIPS
88 * algorithms in FIPS mode and ignore the errors.
89 */
90
91int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
92 const unsigned char *iv, int enc)
93 { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
94
95int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl)
97 { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
98
99/* NB: no cleanup because it is allowed after failed init */
100
101int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
102 { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
103int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
104 { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
105int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
106 { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
107
108static const EVP_CIPHER bad_cipher =
109 {
110 0,
111 0,
112 0,
113 0,
114 0,
115 bad_init,
116 bad_do_cipher,
117 NULL,
118 0,
119 bad_set_asn1,
120 bad_get_asn1,
121 bad_ctrl,
122 NULL
123 };
124
125#endif
126
85int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 127int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
86 const unsigned char *key, const unsigned char *iv, int enc) 128 const unsigned char *key, const unsigned char *iv, int enc)
87 { 129 {
@@ -146,7 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
146 else 188 else
147 ctx->engine = NULL; 189 ctx->engine = NULL;
148#endif 190#endif
149
150 ctx->cipher=cipher; 191 ctx->cipher=cipher;
151 if (ctx->cipher->ctx_size) 192 if (ctx->cipher->ctx_size)
152 { 193 {
@@ -210,6 +251,24 @@ skip_to_init:
210 } 251 }
211 } 252 }
212 253
254#ifdef OPENSSL_FIPS
255 /* After 'key' is set no further parameters changes are permissible.
256 * So only check for non FIPS enabling at this point.
257 */
258 if (key && FIPS_mode())
259 {
260 if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
261 & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
262 {
263 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
264 ERR_add_error_data(2, "cipher=",
265 EVP_CIPHER_name(ctx->cipher));
266 ctx->cipher = &bad_cipher;
267 return 0;
268 }
269 }
270#endif
271
213 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 272 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
214 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; 273 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
215 } 274 }
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 3a23d21c21..40135d0729 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
1/* crypto/evp/evp_err.c */ 1/* crypto/evp/evp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -66,13 +66,18 @@
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA EVP_str_functs[]= 67static ERR_STRING_DATA EVP_str_functs[]=
68 { 68 {
69{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"},
69{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, 70{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
71{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"},
72{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"},
70{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, 73{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"},
71{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, 74{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"},
72{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, 75{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"},
73{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, 76{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
74{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, 77{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"},
75{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, 78{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"},
79{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"},
80{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"},
76{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, 81{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
77{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, 82{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"},
78{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, 83{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"},
@@ -99,6 +104,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
99 104
100static ERR_STRING_DATA EVP_str_reasons[]= 105static ERR_STRING_DATA EVP_str_reasons[]=
101 { 106 {
107{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"},
102{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, 108{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"},
103{EVP_R_BAD_DECRYPT ,"bad decrypt"}, 109{EVP_R_BAD_DECRYPT ,"bad decrypt"},
104{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, 110{EVP_R_BAD_KEY_LENGTH ,"bad key length"},
@@ -110,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
110{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, 116{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
111{EVP_R_DECODE_ERROR ,"decode error"}, 117{EVP_R_DECODE_ERROR ,"decode error"},
112{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, 118{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"},
119{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"},
113{EVP_R_ENCODE_ERROR ,"encode error"}, 120{EVP_R_ENCODE_ERROR ,"encode error"},
114{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, 121{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"},
115{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, 122{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"},
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 52a3b287be..a63ba19317 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else 70 else
71 ret=1; 71 return -1;
72 return(ret); 72 return(ret);
73 } 73 }
74 74
@@ -79,7 +79,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
79 if (c->cipher->get_asn1_parameters != NULL) 79 if (c->cipher->get_asn1_parameters != NULL)
80 ret=c->cipher->get_asn1_parameters(c,type); 80 ret=c->cipher->get_asn1_parameters(c,type);
81 else 81 else
82 ret=1; 82 return -1;
83 return(ret); 83 return(ret);
84 } 84 }
85 85
@@ -133,6 +133,30 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
133 133
134 return NID_rc4; 134 return NID_rc4;
135 135
136 case NID_aes_128_cfb128:
137 case NID_aes_128_cfb8:
138 case NID_aes_128_cfb1:
139
140 return NID_aes_128_cfb128;
141
142 case NID_aes_192_cfb128:
143 case NID_aes_192_cfb8:
144 case NID_aes_192_cfb1:
145
146 return NID_aes_192_cfb128;
147
148 case NID_aes_256_cfb128:
149 case NID_aes_256_cfb8:
150 case NID_aes_256_cfb1:
151
152 return NID_aes_256_cfb128;
153
154 case NID_des_cfb64:
155 case NID_des_cfb8:
156 case NID_des_cfb1:
157
158 return NID_des_cfb64;
159
136 default: 160 default:
137 /* Check it has an OID and it is valid */ 161 /* Check it has an OID and it is valid */
138 otmp = OBJ_nid2obj(nid); 162 otmp = OBJ_nid2obj(nid);
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 4d81a3bf4c..f8c5343620 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -90,7 +90,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
90} 90}
91 91
92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
93static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
94{\ 94{\
95 cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ 95 cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
96 return 1;\ 96 return 1;\
@@ -127,7 +127,7 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
127#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ 127#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
128 iv_len, cbits, flags, init_key, cleanup, \ 128 iv_len, cbits, flags, init_key, cleanup, \
129 set_asn1, get_asn1, ctrl) \ 129 set_asn1, get_asn1, ctrl) \
130BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \ 130BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
131 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 131 key_len, iv_len, flags, init_key, cleanup, set_asn1, \
132 get_asn1, ctrl) 132 get_asn1, ctrl)
133 133
@@ -225,3 +225,28 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
225 get_asn1, ctrl) 225 get_asn1, ctrl)
226 226
227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) 227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
228
229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
233 flags, cipher##_init_key, NULL, \
234 EVP_CIPHER_set_asn1_iv, \
235 EVP_CIPHER_get_asn1_iv, \
236 NULL)
237
238#ifdef OPENSSL_FIPS
239#define RC2_set_key private_RC2_set_key
240#define RC4_set_key private_RC4_set_key
241#define CAST_set_key private_CAST_set_key
242#define RC5_32_set_key private_RC5_32_set_key
243#define BF_set_key private_BF_set_key
244#define idea_set_encrypt_key private_idea_set_encrypt_key
245
246#define MD5_Init private_MD5_Init
247#define MD4_Init private_MD4_Init
248#define MD2_Init private_MD2_Init
249#define MDC2_Init private_MDC2_Init
250#define SHA_Init private_SHA_Init
251
252#endif
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index eb481ec661..47a69932a5 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -235,7 +235,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
235 return NULL; 235 return NULL;
236 } 236 }
237 p8->broken = broken; 237 p8->broken = broken;
238 ASN1_INTEGER_set (p8->version, 0); 238 if (!ASN1_INTEGER_set(p8->version, 0)) {
239 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
240 PKCS8_PRIV_KEY_INFO_free (p8);
241 return NULL;
242 }
239 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { 243 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
240 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 244 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
241 PKCS8_PRIV_KEY_INFO_free (p8); 245 PKCS8_PRIV_KEY_INFO_free (p8);
@@ -303,29 +307,35 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
303#ifndef OPENSSL_NO_DSA 307#ifndef OPENSSL_NO_DSA
304static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) 308static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
305{ 309{
306 ASN1_STRING *params; 310 ASN1_STRING *params = NULL;
307 ASN1_INTEGER *prkey; 311 ASN1_INTEGER *prkey = NULL;
308 ASN1_TYPE *ttmp; 312 ASN1_TYPE *ttmp = NULL;
309 STACK_OF(ASN1_TYPE) *ndsa; 313 STACK_OF(ASN1_TYPE) *ndsa = NULL;
310 unsigned char *p, *q; 314 unsigned char *p = NULL, *q;
311 int len; 315 int len;
312 316
313 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 317 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
314 len = i2d_DSAparams (pkey->pkey.dsa, NULL); 318 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
315 if (!(p = OPENSSL_malloc(len))) { 319 if (!(p = OPENSSL_malloc(len))) {
316 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 320 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
317 PKCS8_PRIV_KEY_INFO_free (p8); 321 goto err;
318 return 0;
319 } 322 }
320 q = p; 323 q = p;
321 i2d_DSAparams (pkey->pkey.dsa, &q); 324 i2d_DSAparams (pkey->pkey.dsa, &q);
322 params = ASN1_STRING_new(); 325 if (!(params = ASN1_STRING_new())) {
323 ASN1_STRING_set(params, p, len); 326 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
327 goto err;
328 }
329 if (!ASN1_STRING_set(params, p, len)) {
330 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
331 goto err;
332 }
324 OPENSSL_free(p); 333 OPENSSL_free(p);
334 p = NULL;
325 /* Get private key into integer */ 335 /* Get private key into integer */
326 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { 336 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
327 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 337 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
328 return 0; 338 goto err;
329 } 339 }
330 340
331 switch(p8->broken) { 341 switch(p8->broken) {
@@ -336,12 +346,13 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
336 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, 346 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
337 &p8->pkey->value.octet_string)) { 347 &p8->pkey->value.octet_string)) {
338 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 348 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
339 M_ASN1_INTEGER_free (prkey); 349 goto err;
340 return 0;
341 } 350 }
342 351
343 M_ASN1_INTEGER_free (prkey); 352 M_ASN1_INTEGER_free (prkey);
353 prkey = NULL;
344 p8->pkeyalg->parameter->value.sequence = params; 354 p8->pkeyalg->parameter->value.sequence = params;
355 params = NULL;
345 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 356 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
346 357
347 break; 358 break;
@@ -349,32 +360,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
349 case PKCS8_NS_DB: 360 case PKCS8_NS_DB:
350 361
351 p8->pkeyalg->parameter->value.sequence = params; 362 p8->pkeyalg->parameter->value.sequence = params;
363 params = NULL;
352 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 364 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
353 ndsa = sk_ASN1_TYPE_new_null(); 365 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
354 ttmp = ASN1_TYPE_new(); 366 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
355 if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { 367 goto err;
368 }
369 if (!(ttmp = ASN1_TYPE_new())) {
370 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
371 goto err;
372 }
373 if (!(ttmp->value.integer =
374 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
356 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 375 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
357 PKCS8_PRIV_KEY_INFO_free(p8); 376 goto err;
358 return 0;
359 } 377 }
360 ttmp->type = V_ASN1_INTEGER; 378 ttmp->type = V_ASN1_INTEGER;
361 sk_ASN1_TYPE_push(ndsa, ttmp); 379 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
380 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
381 goto err;
382 }
362 383
363 ttmp = ASN1_TYPE_new(); 384 if (!(ttmp = ASN1_TYPE_new())) {
385 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
386 goto err;
387 }
364 ttmp->value.integer = prkey; 388 ttmp->value.integer = prkey;
389 prkey = NULL;
365 ttmp->type = V_ASN1_INTEGER; 390 ttmp->type = V_ASN1_INTEGER;
366 sk_ASN1_TYPE_push(ndsa, ttmp); 391 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
392 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
393 goto err;
394 }
395 ttmp = NULL;
367 396
368 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); 397 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
398 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
399 goto err;
400 }
369 401
370 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, 402 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
371 &p8->pkey->value.octet_string->data, 403 &p8->pkey->value.octet_string->data,
372 &p8->pkey->value.octet_string->length)) { 404 &p8->pkey->value.octet_string->length)) {
373 405
374 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 406 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
375 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 407 goto err;
376 M_ASN1_INTEGER_free(prkey);
377 return 0;
378 } 408 }
379 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 409 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
380 break; 410 break;
@@ -382,31 +412,57 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
382 case PKCS8_EMBEDDED_PARAM: 412 case PKCS8_EMBEDDED_PARAM:
383 413
384 p8->pkeyalg->parameter->type = V_ASN1_NULL; 414 p8->pkeyalg->parameter->type = V_ASN1_NULL;
385 ndsa = sk_ASN1_TYPE_new_null(); 415 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
386 ttmp = ASN1_TYPE_new(); 416 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
417 goto err;
418 }
419 if (!(ttmp = ASN1_TYPE_new())) {
420 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
421 goto err;
422 }
387 ttmp->value.sequence = params; 423 ttmp->value.sequence = params;
424 params = NULL;
388 ttmp->type = V_ASN1_SEQUENCE; 425 ttmp->type = V_ASN1_SEQUENCE;
389 sk_ASN1_TYPE_push(ndsa, ttmp); 426 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
427 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
428 goto err;
429 }
390 430
391 ttmp = ASN1_TYPE_new(); 431 if (!(ttmp = ASN1_TYPE_new())) {
432 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
433 goto err;
434 }
392 ttmp->value.integer = prkey; 435 ttmp->value.integer = prkey;
436 prkey = NULL;
393 ttmp->type = V_ASN1_INTEGER; 437 ttmp->type = V_ASN1_INTEGER;
394 sk_ASN1_TYPE_push(ndsa, ttmp); 438 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
439 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
440 goto err;
441 }
442 ttmp = NULL;
395 443
396 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); 444 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
445 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
446 goto err;
447 }
397 448
398 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, 449 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
399 &p8->pkey->value.octet_string->data, 450 &p8->pkey->value.octet_string->data,
400 &p8->pkey->value.octet_string->length)) { 451 &p8->pkey->value.octet_string->length)) {
401 452
402 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 453 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
403 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 454 goto err;
404 M_ASN1_INTEGER_free (prkey);
405 return 0;
406 } 455 }
407 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 456 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
408 break; 457 break;
409 } 458 }
410 return 1; 459 return 1;
460err:
461 if (p != NULL) OPENSSL_free(p);
462 if (params != NULL) ASN1_STRING_free(params);
463 if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
464 if (ttmp != NULL) ASN1_TYPE_free(ttmp);
465 if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
466 return 0;
411} 467}
412#endif 468#endif
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index 28460173f7..a624cfd248 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -136,7 +136,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
136 const unsigned char *iv,int in, 136 const unsigned char *iv,int in,
137 const unsigned char *plaintext,int pn, 137 const unsigned char *plaintext,int pn,
138 const unsigned char *ciphertext,int cn, 138 const unsigned char *ciphertext,int cn,
139 int encdec) 139 int encdec,int multiplier)
140 { 140 {
141 EVP_CIPHER_CTX ctx; 141 EVP_CIPHER_CTX ctx;
142 unsigned char out[4096]; 142 unsigned char out[4096];
@@ -162,22 +162,25 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
162 if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) 162 if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
163 { 163 {
164 fprintf(stderr,"EncryptInit failed\n"); 164 fprintf(stderr,"EncryptInit failed\n");
165 ERR_print_errors_fp(stderr);
165 test1_exit(10); 166 test1_exit(10);
166 } 167 }
167 EVP_CIPHER_CTX_set_padding(&ctx,0); 168 EVP_CIPHER_CTX_set_padding(&ctx,0);
168 169
169 if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) 170 if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier))
170 { 171 {
171 fprintf(stderr,"Encrypt failed\n"); 172 fprintf(stderr,"Encrypt failed\n");
173 ERR_print_errors_fp(stderr);
172 test1_exit(6); 174 test1_exit(6);
173 } 175 }
174 if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2)) 176 if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
175 { 177 {
176 fprintf(stderr,"EncryptFinal failed\n"); 178 fprintf(stderr,"EncryptFinal failed\n");
179 ERR_print_errors_fp(stderr);
177 test1_exit(7); 180 test1_exit(7);
178 } 181 }
179 182
180 if(outl+outl2 != cn) 183 if(outl+outl2 != cn*multiplier)
181 { 184 {
182 fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", 185 fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
183 outl+outl2,cn); 186 outl+outl2,cn);
@@ -198,22 +201,25 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
198 if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) 201 if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
199 { 202 {
200 fprintf(stderr,"DecryptInit failed\n"); 203 fprintf(stderr,"DecryptInit failed\n");
204 ERR_print_errors_fp(stderr);
201 test1_exit(11); 205 test1_exit(11);
202 } 206 }
203 EVP_CIPHER_CTX_set_padding(&ctx,0); 207 EVP_CIPHER_CTX_set_padding(&ctx,0);
204 208
205 if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) 209 if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier))
206 { 210 {
207 fprintf(stderr,"Decrypt failed\n"); 211 fprintf(stderr,"Decrypt failed\n");
212 ERR_print_errors_fp(stderr);
208 test1_exit(6); 213 test1_exit(6);
209 } 214 }
210 if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2)) 215 if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
211 { 216 {
212 fprintf(stderr,"DecryptFinal failed\n"); 217 fprintf(stderr,"DecryptFinal failed\n");
218 ERR_print_errors_fp(stderr);
213 test1_exit(7); 219 test1_exit(7);
214 } 220 }
215 221
216 if(outl+outl2 != cn) 222 if(outl+outl2 != cn*multiplier)
217 { 223 {
218 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", 224 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
219 outl+outl2,cn); 225 outl+outl2,cn);
@@ -238,7 +244,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
238 const unsigned char *iv,int in, 244 const unsigned char *iv,int in,
239 const unsigned char *plaintext,int pn, 245 const unsigned char *plaintext,int pn,
240 const unsigned char *ciphertext,int cn, 246 const unsigned char *ciphertext,int cn,
241 int encdec) 247 int encdec,int multiplier)
242 { 248 {
243 const EVP_CIPHER *c; 249 const EVP_CIPHER *c;
244 250
@@ -246,7 +252,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
246 if(!c) 252 if(!c)
247 return 0; 253 return 0;
248 254
249 test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec); 255 test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier);
250 256
251 return 1; 257 return 1;
252 } 258 }
@@ -272,16 +278,19 @@ static int test_digest(const char *digest,
272 if(!EVP_DigestInit_ex(&ctx,d, NULL)) 278 if(!EVP_DigestInit_ex(&ctx,d, NULL))
273 { 279 {
274 fprintf(stderr,"DigestInit failed\n"); 280 fprintf(stderr,"DigestInit failed\n");
281 ERR_print_errors_fp(stderr);
275 EXIT(100); 282 EXIT(100);
276 } 283 }
277 if(!EVP_DigestUpdate(&ctx,plaintext,pn)) 284 if(!EVP_DigestUpdate(&ctx,plaintext,pn))
278 { 285 {
279 fprintf(stderr,"DigestUpdate failed\n"); 286 fprintf(stderr,"DigestUpdate failed\n");
287 ERR_print_errors_fp(stderr);
280 EXIT(101); 288 EXIT(101);
281 } 289 }
282 if(!EVP_DigestFinal_ex(&ctx,md,&mdn)) 290 if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
283 { 291 {
284 fprintf(stderr,"DigestFinal failed\n"); 292 fprintf(stderr,"DigestFinal failed\n");
293 ERR_print_errors_fp(stderr);
285 EXIT(101); 294 EXIT(101);
286 } 295 }
287 EVP_MD_CTX_cleanup(&ctx); 296 EVP_MD_CTX_cleanup(&ctx);
@@ -359,6 +368,7 @@ int main(int argc,char **argv)
359 unsigned char *iv,*key,*plaintext,*ciphertext; 368 unsigned char *iv,*key,*plaintext,*ciphertext;
360 int encdec; 369 int encdec;
361 int kn,in,pn,cn; 370 int kn,in,pn,cn;
371 int multiplier=1;
362 372
363 if(!fgets((char *)line,sizeof line,f)) 373 if(!fgets((char *)line,sizeof line,f))
364 break; 374 break;
@@ -383,7 +393,15 @@ int main(int argc,char **argv)
383 pn=convert(plaintext); 393 pn=convert(plaintext);
384 cn=convert(ciphertext); 394 cn=convert(ciphertext);
385 395
386 if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec) 396 if(strchr(cipher,'*'))
397 {
398 p=cipher;
399 sstrsep(&p,"*");
400 multiplier=atoi(sstrsep(&p,"*"));
401 }
402
403 if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,
404 multiplier)
387 && !test_digest(cipher,plaintext,pn,ciphertext,cn)) 405 && !test_digest(cipher,plaintext,pn,ciphertext,cn))
388 { 406 {
389 fprintf(stderr,"Can't find %s\n",cipher); 407 fprintf(stderr,"Can't find %s\n",cipher);
diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt
index 80bd9c7765..dfe91a5bc0 100644
--- a/src/lib/libcrypto/evp/evptests.txt
+++ b/src/lib/libcrypto/evp/evptests.txt
@@ -92,7 +92,102 @@ AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000
92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D 92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B 94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
95# We don't support CFB{1,8}-AESxxx.{En,De}crypt 95
96# CFB1-AES128.Encrypt
97
98AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1
99AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1
100AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1
101AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1
102AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1
103AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1
104AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1
105AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1
106AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1
107AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1
108AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1
109AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1
110AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1
111AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1
112AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1
113AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1
114# all of the above packed into one...
115# in: 0110 1011 1100 0001 = 6bc1
116# out: 0110 1000 1011 0011 = 68b3
117AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1
118
119# CFB1-AES128.Decrypt
120AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0
121AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0
122AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0
123AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0
124AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0
125AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0
126AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0
127AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0
128AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0
129AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0
130AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0
131AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0
132AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0
133AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0
134AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0
135AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0
136# all of the above packed into one...
137# in: 0110 1000 1011 0011 = 68b3
138# out: 0110 1011 1100 0001 = 6bc1
139AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0
140
141# TODO: CFB1-AES192 and 256
142
143# CFB8-AES128.Encrypt
144
145AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1
146AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1
147AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1
148AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1
149AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1
150AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1
151AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1
152AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1
153AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1
154AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1
155AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1
156AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1
157AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1
158AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1
159AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1
160AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1
161AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1
162AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1
163# all of the above packed into one
164AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1
165
166# CFB8-AES128.Decrypt
167
168AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0
169AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0
170AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0
171AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0
172AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0
173AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0
174AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0
175AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0
176AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0
177AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0
178AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0
179AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0
180AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0
181AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0
182AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0
183AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0
184AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0
185AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0
186# all of the above packed into one
187AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0
188
189# TODO: 192 and 256 bit keys
190
96# For all CFB128 encrypts and decrypts, the transformed sequence is 191# For all CFB128 encrypts and decrypts, the transformed sequence is
97# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec 192# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
98# CFB128-AES128.Encrypt 193# CFB128-AES128.Encrypt
@@ -174,6 +269,16 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363
174# DES EDE3 CBC tests (from destest) 269# DES EDE3 CBC tests (from destest)
175DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 270DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
176 271
272# DES CFB1 from FIPS 81
273# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77
274# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9
275
276DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9
277
278# DES CFB8 from FIPS 81
279
280DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f
281
177# RC4 tests (from rc4test) 282# RC4 tests (from rc4test)
178RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 283RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
179RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 284RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index beb8d7fc5c..d393eb3400 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -77,7 +77,7 @@ static const EVP_MD dsa_md=
77 NID_dsaWithSHA, 77 NID_dsaWithSHA,
78 NID_dsaWithSHA, 78 NID_dsaWithSHA,
79 SHA_DIGEST_LENGTH, 79 SHA_DIGEST_LENGTH,
80 0, 80 EVP_MD_FLAG_FIPS,
81 init, 81 init,
82 update, 82 update,
83 final, 83 final,
diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c
index 50914c83b3..0df48e5199 100644
--- a/src/lib/libcrypto/evp/m_md2.c
+++ b/src/lib/libcrypto/evp/m_md2.c
@@ -60,6 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65#include <openssl/md2.h> 66#include <openssl/md2.h>
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index e19b663754..0605e4b707 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -60,6 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65#include <openssl/md4.h> 66#include <openssl/md4.h>
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index b00a03e048..752615d473 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -60,6 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65#include <openssl/md5.h> 66#include <openssl/md5.h>
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
index 9f6467c931..62de1336b8 100644
--- a/src/lib/libcrypto/evp/m_mdc2.c
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -60,6 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65#include <openssl/mdc2.h> 66#include <openssl/mdc2.h>
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index 10697c7ed3..d1785e5f74 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -56,10 +56,11 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_SHA 59#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65 66
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index d6be3502f0..fe4402389a 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -77,7 +77,7 @@ static const EVP_MD sha1_md=
77 NID_sha1, 77 NID_sha1,
78 NID_sha1WithRSAEncryption, 78 NID_sha1WithRSAEncryption,
79 SHA_DIGEST_LENGTH, 79 SHA_DIGEST_LENGTH,
80 0, 80 EVP_MD_FLAG_FIPS,
81 init, 81 init,
82 update, 82 update,
83 final, 83 final,
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index eb9f4329cd..7712453046 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -61,6 +61,9 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#ifdef OPENSSL_FIPS
65#include <openssl/fips.h>
66#endif
64 67
65int EVP_add_cipher(const EVP_CIPHER *c) 68int EVP_add_cipher(const EVP_CIPHER *c)
66 { 69 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-29 19:53:16 +0000