summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/evp')
-rw-r--r--src/lib/libcrypto/evp/bio_md.c19
-rw-r--r--src/lib/libcrypto/evp/digest.c45
-rw-r--r--src/lib/libcrypto/evp/e_aes.c32
-rw-r--r--src/lib/libcrypto/evp/e_des.c43
-rw-r--r--src/lib/libcrypto/evp/e_des3.c51
-rw-r--r--src/lib/libcrypto/evp/e_null.c2
-rw-r--r--src/lib/libcrypto/evp/e_old.c108
-rw-r--r--src/lib/libcrypto/evp/e_rc4.c1
-rw-r--r--src/lib/libcrypto/evp/evp.h70
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c61
-rw-r--r--src/lib/libcrypto/evp/evp_err.c9
-rw-r--r--src/lib/libcrypto/evp/evp_lib.c28
-rw-r--r--src/lib/libcrypto/evp/evp_locl.h29
-rw-r--r--src/lib/libcrypto/evp/evp_pkey.c124
-rw-r--r--src/lib/libcrypto/evp/m_dss.c2
-rw-r--r--src/lib/libcrypto/evp/m_md4.c1
-rw-r--r--src/lib/libcrypto/evp/m_md5.c1
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c2
-rw-r--r--src/lib/libcrypto/evp/names.c3
19 files changed, 552 insertions, 79 deletions
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index c632dfb202..f4aa41ac4b 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -176,10 +176,11 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
176 { 176 {
177 case BIO_CTRL_RESET: 177 case BIO_CTRL_RESET:
178 if (b->init) 178 if (b->init)
179 EVP_DigestInit_ex(ctx,ctx->digest, NULL); 179 ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
180 else 180 else
181 ret=0; 181 ret=0;
182 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 182 if (ret > 0)
183 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
183 break; 184 break;
184 case BIO_C_GET_MD: 185 case BIO_C_GET_MD:
185 if (b->init) 186 if (b->init)
@@ -191,11 +192,12 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
191 ret=0; 192 ret=0;
192 break; 193 break;
193 case BIO_C_GET_MD_CTX: 194 case BIO_C_GET_MD_CTX:
195 pctx=ptr;
196 *pctx=ctx;
197 break;
198 case BIO_C_SET_MD_CTX:
194 if (b->init) 199 if (b->init)
195 { 200 b->ptr=ptr;
196 pctx=ptr;
197 *pctx=ctx;
198 }
199 else 201 else
200 ret=0; 202 ret=0;
201 break; 203 break;
@@ -207,8 +209,9 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
207 209
208 case BIO_C_SET_MD: 210 case BIO_C_SET_MD:
209 md=ptr; 211 md=ptr;
210 EVP_DigestInit_ex(ctx,md, NULL); 212 ret = EVP_DigestInit_ex(ctx,md, NULL);
211 b->init=1; 213 if (ret > 0)
214 b->init=1;
212 break; 215 break;
213 case BIO_CTRL_DUP: 216 case BIO_CTRL_DUP:
214 dbio=ptr; 217 dbio=ptr;
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 0623ddf1f0..f21c63842c 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -137,6 +137,39 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
137 return EVP_DigestInit_ex(ctx, type, NULL); 137 return EVP_DigestInit_ex(ctx, type, NULL);
138 } 138 }
139 139
140#ifdef OPENSSL_FIPS
141
142/* The purpose of these is to trap programs that attempt to use non FIPS
143 * algorithms in FIPS mode and ignore the errors.
144 */
145
146static int bad_init(EVP_MD_CTX *ctx)
147 { FIPS_ERROR_IGNORED("Digest init"); return 0;}
148
149static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
150 { FIPS_ERROR_IGNORED("Digest update"); return 0;}
151
152static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
153 { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
154
155static const EVP_MD bad_md =
156 {
157 0,
158 0,
159 0,
160 0,
161 bad_init,
162 bad_update,
163 bad_final,
164 NULL,
165 NULL,
166 NULL,
167 0,
168 {0,0,0,0},
169 };
170
171#endif
172
140int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) 173int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
141 { 174 {
142 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); 175 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -195,6 +228,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
195#endif 228#endif
196 if (ctx->digest != type) 229 if (ctx->digest != type)
197 { 230 {
231#ifdef OPENSSL_FIPS
232 if (FIPS_mode())
233 {
234 if (!(type->flags & EVP_MD_FLAG_FIPS)
235 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
236 {
237 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
238 ctx->digest = &bad_md;
239 return 0;
240 }
241 }
242#endif
198 if (ctx->digest && ctx->digest->ctx_size) 243 if (ctx->digest && ctx->digest->ctx_size)
199 OPENSSL_free(ctx->md_data); 244 OPENSSL_free(ctx->md_data);
200 ctx->digest=type; 245 ctx->digest=type;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index fe8bcda631..f35036c9d7 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -67,34 +67,52 @@ typedef struct
67 67
68IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, 68IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
69 NID_aes_128, 16, 16, 16, 128, 69 NID_aes_128, 16, 16, 16, 128,
70 0, aes_init_key, NULL, 70 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL,
71 EVP_CIPHER_set_asn1_iv, 71 EVP_CIPHER_set_asn1_iv,
72 EVP_CIPHER_get_asn1_iv, 72 EVP_CIPHER_get_asn1_iv,
73 NULL) 73 NULL)
74IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, 74IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
75 NID_aes_192, 16, 24, 16, 128, 75 NID_aes_192, 16, 24, 16, 128,
76 0, aes_init_key, NULL, 76 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL,
77 EVP_CIPHER_set_asn1_iv, 77 EVP_CIPHER_set_asn1_iv,
78 EVP_CIPHER_get_asn1_iv, 78 EVP_CIPHER_get_asn1_iv,
79 NULL) 79 NULL)
80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, 80IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
81 NID_aes_256, 16, 32, 16, 128, 81 NID_aes_256, 16, 32, 16, 128,
82 0, aes_init_key, NULL, 82 EVP_CIPH_FLAG_FIPS, aes_init_key, NULL,
83 EVP_CIPHER_set_asn1_iv, 83 EVP_CIPHER_set_asn1_iv,
84 EVP_CIPHER_get_asn1_iv, 84 EVP_CIPHER_get_asn1_iv,
85 NULL) 85 NULL)
86 86
87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
88
89IMPLEMENT_AES_CFBR(128,1,0)
90IMPLEMENT_AES_CFBR(192,1,0)
91IMPLEMENT_AES_CFBR(256,1,0)
92
93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
95IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
96
87static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 97static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
88 const unsigned char *iv, int enc) { 98 const unsigned char *iv, int enc)
99 {
100 int ret;
89 101
90 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE 102 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
91 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE 103 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
92 || enc) 104 || enc)
93 AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); 105 ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
94 else 106 else
95 AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); 107 ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
108
109 if(ret < 0)
110 {
111 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
112 return 0;
113 }
96 114
97 return 1; 115 return 1;
98} 116 }
99 117
100#endif 118#endif
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 105266a4b3..46e2899825 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -56,9 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_DES
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#ifndef OPENSSL_NO_DES
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
@@ -92,20 +92,55 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
92 return 1; 92 return 1;
93} 93}
94 94
95static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 95static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl) 96 const unsigned char *in, unsigned int inl)
97{ 97{
98 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, 98 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
99 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); 99 (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
100 return 1; 100 return 1;
101} 101}
102 102
103/* Although we have a CFB-r implementation for DES, it doesn't pack the right
104 way, so wrap it here */
105static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
106 const unsigned char *in, unsigned int inl)
107 {
108 unsigned int n;
109 unsigned char c[1],d[1];
110
111 for(n=0 ; n < inl ; ++n)
112 {
113 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
114 DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
115 ctx->encrypt);
116 out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
117 }
118 return 1;
119 }
120
121static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
122 const unsigned char *in, unsigned int inl)
123 {
124 DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
125 ctx->encrypt);
126 return 1;
127 }
128
103BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, 129BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
104 0, des_init_key, NULL, 130 EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
105 EVP_CIPHER_set_asn1_iv, 131 EVP_CIPHER_set_asn1_iv,
106 EVP_CIPHER_get_asn1_iv, 132 EVP_CIPHER_get_asn1_iv,
107 NULL) 133 NULL)
108 134
135BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
136 EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
137 EVP_CIPHER_set_asn1_iv,
138 EVP_CIPHER_get_asn1_iv,NULL)
139
140BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
141 EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
142 EVP_CIPHER_set_asn1_iv,
143 EVP_CIPHER_get_asn1_iv,NULL)
109 144
110static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 145static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
111 const unsigned char *iv, int enc) 146 const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 077860e7b6..677322bf02 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -56,9 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef OPENSSL_NO_DES
60#include <stdio.h> 59#include <stdio.h>
61#include "cryptlib.h" 60#include "cryptlib.h"
61#ifndef OPENSSL_NO_DES
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include "evp_locl.h" 64#include "evp_locl.h"
@@ -85,7 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
85 const unsigned char *in, unsigned int inl) 85 const unsigned char *in, unsigned int inl)
86{ 86{
87 BLOCK_CIPHER_ecb_loop() 87 BLOCK_CIPHER_ecb_loop()
88 DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), 88 DES_ecb3_encrypt(in + i,out + i,
89 &data(ctx)->ks1, &data(ctx)->ks2, 89 &data(ctx)->ks1, &data(ctx)->ks2,
90 &data(ctx)->ks3, 90 &data(ctx)->ks3,
91 ctx->encrypt); 91 ctx->encrypt);
@@ -121,7 +121,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
121 return 1; 121 return 1;
122} 122}
123 123
124static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 124static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
125 const unsigned char *in, unsigned int inl) 125 const unsigned char *in, unsigned int inl)
126{ 126{
127 DES_ede3_cfb64_encrypt(in, out, (long)inl, 127 DES_ede3_cfb64_encrypt(in, out, (long)inl,
@@ -130,23 +130,62 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
130 return 1; 130 return 1;
131} 131}
132 132
133/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
134 way, so wrap it here */
135static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
136 const unsigned char *in, unsigned int inl)
137 {
138 unsigned int n;
139 unsigned char c[1],d[1];
140
141 for(n=0 ; n < inl ; ++n)
142 {
143 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
144 DES_ede3_cfb_encrypt(c,d,1,1,
145 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
146 (DES_cblock *)ctx->iv,ctx->encrypt);
147 out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
148 }
149
150 return 1;
151 }
152
153static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
154 const unsigned char *in, unsigned int inl)
155 {
156 DES_ede3_cfb_encrypt(in,out,8,inl,
157 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
158 (DES_cblock *)ctx->iv,ctx->encrypt);
159 return 1;
160 }
161
133BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, 162BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
134 0, des_ede_init_key, NULL, 163 EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL,
135 EVP_CIPHER_set_asn1_iv, 164 EVP_CIPHER_set_asn1_iv,
136 EVP_CIPHER_get_asn1_iv, 165 EVP_CIPHER_get_asn1_iv,
137 NULL) 166 NULL)
138 167
139#define des_ede3_cfb_cipher des_ede_cfb_cipher 168#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
140#define des_ede3_ofb_cipher des_ede_ofb_cipher 169#define des_ede3_ofb_cipher des_ede_ofb_cipher
141#define des_ede3_cbc_cipher des_ede_cbc_cipher 170#define des_ede3_cbc_cipher des_ede_cbc_cipher
142#define des_ede3_ecb_cipher des_ede_ecb_cipher 171#define des_ede3_ecb_cipher des_ede_ecb_cipher
143 172
144BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, 173BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
145 0, des_ede3_init_key, NULL, 174 EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL,
146 EVP_CIPHER_set_asn1_iv, 175 EVP_CIPHER_set_asn1_iv,
147 EVP_CIPHER_get_asn1_iv, 176 EVP_CIPHER_get_asn1_iv,
148 NULL) 177 NULL)
149 178
179BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
180 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
181 EVP_CIPHER_set_asn1_iv,
182 EVP_CIPHER_get_asn1_iv,NULL)
183
184BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
185 EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
186 EVP_CIPHER_set_asn1_iv,
187 EVP_CIPHER_get_asn1_iv,NULL)
188
150static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 189static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
151 const unsigned char *iv, int enc) 190 const unsigned char *iv, int enc)
152 { 191 {
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 2420d7e5af..a84b0f14b1 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
69 { 69 {
70 NID_undef, 70 NID_undef,
71 1,0,0, 71 1,0,0,
72 0, 72 EVP_CIPH_FLAG_FIPS,
73 null_init_key, 73 null_init_key,
74 null_cipher, 74 null_cipher,
75 NULL, 75 NULL,
diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c
new file mode 100644
index 0000000000..92dc498945
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_old.c
@@ -0,0 +1,108 @@
1/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
2/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
3 * project 2004.
4 */
5/* ====================================================================
6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/evp.h>
60
61/* Define some deprecated functions, so older programs
62 don't crash and burn too quickly. On Windows and VMS,
63 these will never be used, since functions and variables
64 in shared libraries are selected by entry point location,
65 not by name. */
66
67#ifndef OPENSSL_NO_BF
68#undef EVP_bf_cfb
69const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
70#endif
71
72#ifndef OPENSSL_NO_DES
73#undef EVP_des_cfb
74const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
75#undef EVP_des_ede3_cfb
76const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
77#undef EVP_des_ede_cfb
78const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
79#endif
80
81#ifndef OPENSSL_NO_IDEA
82#undef EVP_idea_cfb
83const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
84#endif
85
86#ifndef OPENSSL_NO_RC2
87#undef EVP_rc2_cfb
88const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
89#endif
90
91#ifndef OPENSSL_NO_CAST
92#undef EVP_cast5_cfb
93const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
94#endif
95
96#ifndef OPENSSL_NO_RC5
97#undef EVP_rc5_32_12_16_cfb
98const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
99#endif
100
101#ifndef OPENSSL_NO_AES
102#undef EVP_aes_128_cfb
103const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
104#undef EVP_aes_192_cfb
105const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
106#undef EVP_aes_256_cfb
107const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
108#endif
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index d58f507837..8aa70585b9 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -62,6 +62,7 @@
62#include "cryptlib.h" 62#include "cryptlib.h"
63#include <openssl/evp.h> 63#include <openssl/evp.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include "evp_locl.h"
65#include <openssl/rc4.h> 66#include <openssl/rc4.h>
66 67
67/* FIXME: surely this is available elsewhere? */ 68/* FIXME: surely this is available elsewhere? */
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 4801d8eaa3..5cde88ae76 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -117,6 +117,10 @@
117#include <openssl/aes.h> 117#include <openssl/aes.h>
118#endif 118#endif
119 119
120#ifdef OPENSSL_FIPS
121#include <openssl/fips.h>
122#endif
123
120/* 124/*
121#define EVP_RC2_KEY_SIZE 16 125#define EVP_RC2_KEY_SIZE 16
122#define EVP_RC4_KEY_SIZE 16 126#define EVP_RC4_KEY_SIZE 16
@@ -290,6 +294,7 @@ struct env_md_st
290 294
291#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single 295#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
292 * block */ 296 * block */
297#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
293 298
294#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} 299#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
295 300
@@ -332,6 +337,9 @@ struct env_md_ctx_st
332#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 337#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
333 * in EVP_MD_CTX_cleanup */ 338 * in EVP_MD_CTX_cleanup */
334 339
340#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
341 * in FIPS mode */
342
335struct evp_cipher_st 343struct evp_cipher_st
336 { 344 {
337 int nid; 345 int nid;
@@ -373,6 +381,10 @@ struct evp_cipher_st
373#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 381#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
374/* Don't use standard block padding */ 382/* Don't use standard block padding */
375#define EVP_CIPH_NO_PADDING 0x100 383#define EVP_CIPH_NO_PADDING 0x100
384/* Note if suitable for use in FIPS mode */
385#define EVP_CIPH_FLAG_FIPS 0x400
386/* Allow non FIPS cipher in FIPS mode */
387#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
376 388
377/* ctrl() values */ 389/* ctrl() values */
378 390
@@ -478,6 +490,9 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
478#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) 490#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
479#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) 491#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
480#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) 492#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags)
493#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
494#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
495#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
481#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) 496#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE)
482 497
483#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) 498#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
@@ -499,6 +514,7 @@ void BIO_set_md(BIO *,const EVP_MD *md);
499#endif 514#endif
500#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) 515#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
501#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) 516#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
517#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
502#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) 518#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
503#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) 519#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
504 520
@@ -640,9 +656,20 @@ const EVP_CIPHER *EVP_des_ede(void);
640const EVP_CIPHER *EVP_des_ede3(void); 656const EVP_CIPHER *EVP_des_ede3(void);
641const EVP_CIPHER *EVP_des_ede_ecb(void); 657const EVP_CIPHER *EVP_des_ede_ecb(void);
642const EVP_CIPHER *EVP_des_ede3_ecb(void); 658const EVP_CIPHER *EVP_des_ede3_ecb(void);
643const EVP_CIPHER *EVP_des_cfb(void); 659const EVP_CIPHER *EVP_des_cfb64(void);
644const EVP_CIPHER *EVP_des_ede_cfb(void); 660# define EVP_des_cfb EVP_des_cfb64
645const EVP_CIPHER *EVP_des_ede3_cfb(void); 661const EVP_CIPHER *EVP_des_cfb1(void);
662const EVP_CIPHER *EVP_des_cfb8(void);
663const EVP_CIPHER *EVP_des_ede_cfb64(void);
664# define EVP_des_ede_cfb EVP_des_ede_cfb64
665#if 0
666const EVP_CIPHER *EVP_des_ede_cfb1(void);
667const EVP_CIPHER *EVP_des_ede_cfb8(void);
668#endif
669const EVP_CIPHER *EVP_des_ede3_cfb64(void);
670# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
671const EVP_CIPHER *EVP_des_ede3_cfb1(void);
672const EVP_CIPHER *EVP_des_ede3_cfb8(void);
646const EVP_CIPHER *EVP_des_ofb(void); 673const EVP_CIPHER *EVP_des_ofb(void);
647const EVP_CIPHER *EVP_des_ede_ofb(void); 674const EVP_CIPHER *EVP_des_ede_ofb(void);
648const EVP_CIPHER *EVP_des_ede3_ofb(void); 675const EVP_CIPHER *EVP_des_ede3_ofb(void);
@@ -666,7 +693,8 @@ const EVP_CIPHER *EVP_rc4_40(void);
666#endif 693#endif
667#ifndef OPENSSL_NO_IDEA 694#ifndef OPENSSL_NO_IDEA
668const EVP_CIPHER *EVP_idea_ecb(void); 695const EVP_CIPHER *EVP_idea_ecb(void);
669const EVP_CIPHER *EVP_idea_cfb(void); 696const EVP_CIPHER *EVP_idea_cfb64(void);
697# define EVP_idea_cfb EVP_idea_cfb64
670const EVP_CIPHER *EVP_idea_ofb(void); 698const EVP_CIPHER *EVP_idea_ofb(void);
671const EVP_CIPHER *EVP_idea_cbc(void); 699const EVP_CIPHER *EVP_idea_cbc(void);
672#endif 700#endif
@@ -675,45 +703,58 @@ const EVP_CIPHER *EVP_rc2_ecb(void);
675const EVP_CIPHER *EVP_rc2_cbc(void); 703const EVP_CIPHER *EVP_rc2_cbc(void);
676const EVP_CIPHER *EVP_rc2_40_cbc(void); 704const EVP_CIPHER *EVP_rc2_40_cbc(void);
677const EVP_CIPHER *EVP_rc2_64_cbc(void); 705const EVP_CIPHER *EVP_rc2_64_cbc(void);
678const EVP_CIPHER *EVP_rc2_cfb(void); 706const EVP_CIPHER *EVP_rc2_cfb64(void);
707# define EVP_rc2_cfb EVP_rc2_cfb64
679const EVP_CIPHER *EVP_rc2_ofb(void); 708const EVP_CIPHER *EVP_rc2_ofb(void);
680#endif 709#endif
681#ifndef OPENSSL_NO_BF 710#ifndef OPENSSL_NO_BF
682const EVP_CIPHER *EVP_bf_ecb(void); 711const EVP_CIPHER *EVP_bf_ecb(void);
683const EVP_CIPHER *EVP_bf_cbc(void); 712const EVP_CIPHER *EVP_bf_cbc(void);
684const EVP_CIPHER *EVP_bf_cfb(void); 713const EVP_CIPHER *EVP_bf_cfb64(void);
714# define EVP_bf_cfb EVP_bf_cfb64
685const EVP_CIPHER *EVP_bf_ofb(void); 715const EVP_CIPHER *EVP_bf_ofb(void);
686#endif 716#endif
687#ifndef OPENSSL_NO_CAST 717#ifndef OPENSSL_NO_CAST
688const EVP_CIPHER *EVP_cast5_ecb(void); 718const EVP_CIPHER *EVP_cast5_ecb(void);
689const EVP_CIPHER *EVP_cast5_cbc(void); 719const EVP_CIPHER *EVP_cast5_cbc(void);
690const EVP_CIPHER *EVP_cast5_cfb(void); 720const EVP_CIPHER *EVP_cast5_cfb64(void);
721# define EVP_cast5_cfb EVP_cast5_cfb64
691const EVP_CIPHER *EVP_cast5_ofb(void); 722const EVP_CIPHER *EVP_cast5_ofb(void);
692#endif 723#endif
693#ifndef OPENSSL_NO_RC5 724#ifndef OPENSSL_NO_RC5
694const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); 725const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
695const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); 726const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
696const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); 727const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
728# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
697const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); 729const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
698#endif 730#endif
699#ifndef OPENSSL_NO_AES 731#ifndef OPENSSL_NO_AES
700const EVP_CIPHER *EVP_aes_128_ecb(void); 732const EVP_CIPHER *EVP_aes_128_ecb(void);
701const EVP_CIPHER *EVP_aes_128_cbc(void); 733const EVP_CIPHER *EVP_aes_128_cbc(void);
702const EVP_CIPHER *EVP_aes_128_cfb(void); 734const EVP_CIPHER *EVP_aes_128_cfb1(void);
735const EVP_CIPHER *EVP_aes_128_cfb8(void);
736const EVP_CIPHER *EVP_aes_128_cfb128(void);
737# define EVP_aes_128_cfb EVP_aes_128_cfb128
703const EVP_CIPHER *EVP_aes_128_ofb(void); 738const EVP_CIPHER *EVP_aes_128_ofb(void);
704#if 0 739#if 0
705const EVP_CIPHER *EVP_aes_128_ctr(void); 740const EVP_CIPHER *EVP_aes_128_ctr(void);
706#endif 741#endif
707const EVP_CIPHER *EVP_aes_192_ecb(void); 742const EVP_CIPHER *EVP_aes_192_ecb(void);
708const EVP_CIPHER *EVP_aes_192_cbc(void); 743const EVP_CIPHER *EVP_aes_192_cbc(void);
709const EVP_CIPHER *EVP_aes_192_cfb(void); 744const EVP_CIPHER *EVP_aes_192_cfb1(void);
745const EVP_CIPHER *EVP_aes_192_cfb8(void);
746const EVP_CIPHER *EVP_aes_192_cfb128(void);
747# define EVP_aes_192_cfb EVP_aes_192_cfb128
710const EVP_CIPHER *EVP_aes_192_ofb(void); 748const EVP_CIPHER *EVP_aes_192_ofb(void);
711#if 0 749#if 0
712const EVP_CIPHER *EVP_aes_192_ctr(void); 750const EVP_CIPHER *EVP_aes_192_ctr(void);
713#endif 751#endif
714const EVP_CIPHER *EVP_aes_256_ecb(void); 752const EVP_CIPHER *EVP_aes_256_ecb(void);
715const EVP_CIPHER *EVP_aes_256_cbc(void); 753const EVP_CIPHER *EVP_aes_256_cbc(void);
716const EVP_CIPHER *EVP_aes_256_cfb(void); 754const EVP_CIPHER *EVP_aes_256_cfb1(void);
755const EVP_CIPHER *EVP_aes_256_cfb8(void);
756const EVP_CIPHER *EVP_aes_256_cfb128(void);
757# define EVP_aes_256_cfb EVP_aes_256_cfb128
717const EVP_CIPHER *EVP_aes_256_ofb(void); 758const EVP_CIPHER *EVP_aes_256_ofb(void);
718#if 0 759#if 0
719const EVP_CIPHER *EVP_aes_256_ctr(void); 760const EVP_CIPHER *EVP_aes_256_ctr(void);
@@ -825,13 +866,18 @@ void ERR_load_EVP_strings(void);
825/* Error codes for the EVP functions. */ 866/* Error codes for the EVP functions. */
826 867
827/* Function codes. */ 868/* Function codes. */
869#define EVP_F_AES_INIT_KEY 129
828#define EVP_F_D2I_PKEY 100 870#define EVP_F_D2I_PKEY 100
871#define EVP_F_EVP_ADD_CIPHER 130
872#define EVP_F_EVP_ADD_DIGEST 131
829#define EVP_F_EVP_CIPHERINIT 123 873#define EVP_F_EVP_CIPHERINIT 123
830#define EVP_F_EVP_CIPHER_CTX_CTRL 124 874#define EVP_F_EVP_CIPHER_CTX_CTRL 124
831#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 875#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
832#define EVP_F_EVP_DECRYPTFINAL 101 876#define EVP_F_EVP_DECRYPTFINAL 101
833#define EVP_F_EVP_DIGESTINIT 128 877#define EVP_F_EVP_DIGESTINIT 128
834#define EVP_F_EVP_ENCRYPTFINAL 127 878#define EVP_F_EVP_ENCRYPTFINAL 127
879#define EVP_F_EVP_GET_CIPHERBYNAME 132
880#define EVP_F_EVP_GET_DIGESTBYNAME 133
835#define EVP_F_EVP_MD_CTX_COPY 110 881#define EVP_F_EVP_MD_CTX_COPY 110
836#define EVP_F_EVP_OPENINIT 102 882#define EVP_F_EVP_OPENINIT 102
837#define EVP_F_EVP_PBE_ALG_ADD 115 883#define EVP_F_EVP_PBE_ALG_ADD 115
@@ -855,6 +901,7 @@ void ERR_load_EVP_strings(void);
855#define EVP_F_RC5_CTRL 125 901#define EVP_F_RC5_CTRL 125
856 902
857/* Reason codes. */ 903/* Reason codes. */
904#define EVP_R_AES_KEY_SETUP_FAILED 140
858#define EVP_R_BAD_BLOCK_LENGTH 136 905#define EVP_R_BAD_BLOCK_LENGTH 136
859#define EVP_R_BAD_DECRYPT 100 906#define EVP_R_BAD_DECRYPT 100
860#define EVP_R_BAD_KEY_LENGTH 137 907#define EVP_R_BAD_KEY_LENGTH 137
@@ -866,6 +913,7 @@ void ERR_load_EVP_strings(void);
866#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 913#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
867#define EVP_R_DECODE_ERROR 114 914#define EVP_R_DECODE_ERROR 114
868#define EVP_R_DIFFERENT_KEY_TYPES 101 915#define EVP_R_DIFFERENT_KEY_TYPES 101
916#define EVP_R_DISABLED_FOR_FIPS 141
869#define EVP_R_ENCODE_ERROR 115 917#define EVP_R_ENCODE_ERROR 115
870#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 918#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
871#define EVP_R_EXPECTING_AN_RSA_KEY 127 919#define EVP_R_EXPECTING_AN_RSA_KEY 127
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 8ea5aa935d..f549eeb437 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -82,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); 82 return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
83 } 83 }
84 84
85#ifdef OPENSSL_FIPS
86
87/* The purpose of these is to trap programs that attempt to use non FIPS
88 * algorithms in FIPS mode and ignore the errors.
89 */
90
91int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
92 const unsigned char *iv, int enc)
93 { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
94
95int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
96 const unsigned char *in, unsigned int inl)
97 { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
98
99/* NB: no cleanup because it is allowed after failed init */
100
101int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
102 { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
103int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
104 { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
105int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
106 { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
107
108static const EVP_CIPHER bad_cipher =
109 {
110 0,
111 0,
112 0,
113 0,
114 0,
115 bad_init,
116 bad_do_cipher,
117 NULL,
118 0,
119 bad_set_asn1,
120 bad_get_asn1,
121 bad_ctrl,
122 NULL
123 };
124
125#endif
126
85int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, 127int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
86 const unsigned char *key, const unsigned char *iv, int enc) 128 const unsigned char *key, const unsigned char *iv, int enc)
87 { 129 {
@@ -146,7 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
146 else 188 else
147 ctx->engine = NULL; 189 ctx->engine = NULL;
148#endif 190#endif
149
150 ctx->cipher=cipher; 191 ctx->cipher=cipher;
151 if (ctx->cipher->ctx_size) 192 if (ctx->cipher->ctx_size)
152 { 193 {
@@ -210,6 +251,24 @@ skip_to_init:
210 } 251 }
211 } 252 }
212 253
254#ifdef OPENSSL_FIPS
255 /* After 'key' is set no further parameters changes are permissible.
256 * So only check for non FIPS enabling at this point.
257 */
258 if (key && FIPS_mode())
259 {
260 if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
261 & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
262 {
263 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
264 ERR_add_error_data(2, "cipher=",
265 EVP_CIPHER_name(ctx->cipher));
266 ctx->cipher = &bad_cipher;
267 return 0;
268 }
269 }
270#endif
271
213 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 272 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
214 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; 273 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
215 } 274 }
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 3a23d21c21..40135d0729 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
1/* crypto/evp/evp_err.c */ 1/* crypto/evp/evp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -66,13 +66,18 @@
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA EVP_str_functs[]= 67static ERR_STRING_DATA EVP_str_functs[]=
68 { 68 {
69{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"},
69{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, 70{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
71{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"},
72{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"},
70{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, 73{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"},
71{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, 74{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"},
72{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, 75{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"},
73{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, 76{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
74{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, 77{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"},
75{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, 78{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"},
79{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"},
80{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"},
76{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, 81{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
77{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, 82{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"},
78{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, 83{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"},
@@ -99,6 +104,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
99 104
100static ERR_STRING_DATA EVP_str_reasons[]= 105static ERR_STRING_DATA EVP_str_reasons[]=
101 { 106 {
107{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"},
102{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, 108{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"},
103{EVP_R_BAD_DECRYPT ,"bad decrypt"}, 109{EVP_R_BAD_DECRYPT ,"bad decrypt"},
104{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, 110{EVP_R_BAD_KEY_LENGTH ,"bad key length"},
@@ -110,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
110{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, 116{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
111{EVP_R_DECODE_ERROR ,"decode error"}, 117{EVP_R_DECODE_ERROR ,"decode error"},
112{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, 118{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"},
119{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"},
113{EVP_R_ENCODE_ERROR ,"encode error"}, 120{EVP_R_ENCODE_ERROR ,"encode error"},
114{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, 121{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"},
115{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, 122{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"},
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 52a3b287be..a63ba19317 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
68 if (c->cipher->set_asn1_parameters != NULL) 68 if (c->cipher->set_asn1_parameters != NULL)
69 ret=c->cipher->set_asn1_parameters(c,type); 69 ret=c->cipher->set_asn1_parameters(c,type);
70 else 70 else
71 ret=1; 71 return -1;
72 return(ret); 72 return(ret);
73 } 73 }
74 74
@@ -79,7 +79,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
79 if (c->cipher->get_asn1_parameters != NULL) 79 if (c->cipher->get_asn1_parameters != NULL)
80 ret=c->cipher->get_asn1_parameters(c,type); 80 ret=c->cipher->get_asn1_parameters(c,type);
81 else 81 else
82 ret=1; 82 return -1;
83 return(ret); 83 return(ret);
84 } 84 }
85 85
@@ -133,6 +133,30 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
133 133
134 return NID_rc4; 134 return NID_rc4;
135 135
136 case NID_aes_128_cfb128:
137 case NID_aes_128_cfb8:
138 case NID_aes_128_cfb1:
139
140 return NID_aes_128_cfb128;
141
142 case NID_aes_192_cfb128:
143 case NID_aes_192_cfb8:
144 case NID_aes_192_cfb1:
145
146 return NID_aes_192_cfb128;
147
148 case NID_aes_256_cfb128:
149 case NID_aes_256_cfb8:
150 case NID_aes_256_cfb1:
151
152 return NID_aes_256_cfb128;
153
154 case NID_des_cfb64:
155 case NID_des_cfb8:
156 case NID_des_cfb1:
157
158 return NID_des_cfb64;
159
136 default: 160 default:
137 /* Check it has an OID and it is valid */ 161 /* Check it has an OID and it is valid */
138 otmp = OBJ_nid2obj(nid); 162 otmp = OBJ_nid2obj(nid);
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 4d81a3bf4c..f8c5343620 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -90,7 +90,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
90} 90}
91 91
92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 92#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
93static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ 93static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
94{\ 94{\
95 cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ 95 cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
96 return 1;\ 96 return 1;\
@@ -127,7 +127,7 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
127#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ 127#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
128 iv_len, cbits, flags, init_key, cleanup, \ 128 iv_len, cbits, flags, init_key, cleanup, \
129 set_asn1, get_asn1, ctrl) \ 129 set_asn1, get_asn1, ctrl) \
130BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \ 130BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
131 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 131 key_len, iv_len, flags, init_key, cleanup, set_asn1, \
132 get_asn1, ctrl) 132 get_asn1, ctrl)
133 133
@@ -225,3 +225,28 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
225 get_asn1, ctrl) 225 get_asn1, ctrl)
226 226
227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) 227#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
228
229#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
230 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
231 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
232 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
233 flags, cipher##_init_key, NULL, \
234 EVP_CIPHER_set_asn1_iv, \
235 EVP_CIPHER_get_asn1_iv, \
236 NULL)
237
238#ifdef OPENSSL_FIPS
239#define RC2_set_key private_RC2_set_key
240#define RC4_set_key private_RC4_set_key
241#define CAST_set_key private_CAST_set_key
242#define RC5_32_set_key private_RC5_32_set_key
243#define BF_set_key private_BF_set_key
244#define idea_set_encrypt_key private_idea_set_encrypt_key
245
246#define MD5_Init private_MD5_Init
247#define MD4_Init private_MD4_Init
248#define MD2_Init private_MD2_Init
249#define MDC2_Init private_MDC2_Init
250#define SHA_Init private_SHA_Init
251
252#endif
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index eb481ec661..47a69932a5 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -235,7 +235,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
235 return NULL; 235 return NULL;
236 } 236 }
237 p8->broken = broken; 237 p8->broken = broken;
238 ASN1_INTEGER_set (p8->version, 0); 238 if (!ASN1_INTEGER_set(p8->version, 0)) {
239 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
240 PKCS8_PRIV_KEY_INFO_free (p8);
241 return NULL;
242 }
239 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { 243 if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
240 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 244 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
241 PKCS8_PRIV_KEY_INFO_free (p8); 245 PKCS8_PRIV_KEY_INFO_free (p8);
@@ -303,29 +307,35 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
303#ifndef OPENSSL_NO_DSA 307#ifndef OPENSSL_NO_DSA
304static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) 308static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
305{ 309{
306 ASN1_STRING *params; 310 ASN1_STRING *params = NULL;
307 ASN1_INTEGER *prkey; 311 ASN1_INTEGER *prkey = NULL;
308 ASN1_TYPE *ttmp; 312 ASN1_TYPE *ttmp = NULL;
309 STACK_OF(ASN1_TYPE) *ndsa; 313 STACK_OF(ASN1_TYPE) *ndsa = NULL;
310 unsigned char *p, *q; 314 unsigned char *p = NULL, *q;
311 int len; 315 int len;
312 316
313 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); 317 p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
314 len = i2d_DSAparams (pkey->pkey.dsa, NULL); 318 len = i2d_DSAparams (pkey->pkey.dsa, NULL);
315 if (!(p = OPENSSL_malloc(len))) { 319 if (!(p = OPENSSL_malloc(len))) {
316 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 320 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
317 PKCS8_PRIV_KEY_INFO_free (p8); 321 goto err;
318 return 0;
319 } 322 }
320 q = p; 323 q = p;
321 i2d_DSAparams (pkey->pkey.dsa, &q); 324 i2d_DSAparams (pkey->pkey.dsa, &q);
322 params = ASN1_STRING_new(); 325 if (!(params = ASN1_STRING_new())) {
323 ASN1_STRING_set(params, p, len); 326 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
327 goto err;
328 }
329 if (!ASN1_STRING_set(params, p, len)) {
330 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
331 goto err;
332 }
324 OPENSSL_free(p); 333 OPENSSL_free(p);
334 p = NULL;
325 /* Get private key into integer */ 335 /* Get private key into integer */
326 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { 336 if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
327 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 337 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
328 return 0; 338 goto err;
329 } 339 }
330 340
331 switch(p8->broken) { 341 switch(p8->broken) {
@@ -336,12 +346,13 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
336 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, 346 if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
337 &p8->pkey->value.octet_string)) { 347 &p8->pkey->value.octet_string)) {
338 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 348 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
339 M_ASN1_INTEGER_free (prkey); 349 goto err;
340 return 0;
341 } 350 }
342 351
343 M_ASN1_INTEGER_free (prkey); 352 M_ASN1_INTEGER_free (prkey);
353 prkey = NULL;
344 p8->pkeyalg->parameter->value.sequence = params; 354 p8->pkeyalg->parameter->value.sequence = params;
355 params = NULL;
345 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 356 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
346 357
347 break; 358 break;
@@ -349,32 +360,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
349 case PKCS8_NS_DB: 360 case PKCS8_NS_DB:
350 361
351 p8->pkeyalg->parameter->value.sequence = params; 362 p8->pkeyalg->parameter->value.sequence = params;
363 params = NULL;
352 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; 364 p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
353 ndsa = sk_ASN1_TYPE_new_null(); 365 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
354 ttmp = ASN1_TYPE_new(); 366 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
355 if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { 367 goto err;
368 }
369 if (!(ttmp = ASN1_TYPE_new())) {
370 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
371 goto err;
372 }
373 if (!(ttmp->value.integer =
374 BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
356 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); 375 EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
357 PKCS8_PRIV_KEY_INFO_free(p8); 376 goto err;
358 return 0;
359 } 377 }
360 ttmp->type = V_ASN1_INTEGER; 378 ttmp->type = V_ASN1_INTEGER;
361 sk_ASN1_TYPE_push(ndsa, ttmp); 379 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
380 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
381 goto err;
382 }
362 383
363 ttmp = ASN1_TYPE_new(); 384 if (!(ttmp = ASN1_TYPE_new())) {
385 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
386 goto err;
387 }
364 ttmp->value.integer = prkey; 388 ttmp->value.integer = prkey;
389 prkey = NULL;
365 ttmp->type = V_ASN1_INTEGER; 390 ttmp->type = V_ASN1_INTEGER;
366 sk_ASN1_TYPE_push(ndsa, ttmp); 391 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
392 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
393 goto err;
394 }
395 ttmp = NULL;
367 396
368 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); 397 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
398 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
399 goto err;
400 }
369 401
370 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, 402 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
371 &p8->pkey->value.octet_string->data, 403 &p8->pkey->value.octet_string->data,
372 &p8->pkey->value.octet_string->length)) { 404 &p8->pkey->value.octet_string->length)) {
373 405
374 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 406 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
375 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 407 goto err;
376 M_ASN1_INTEGER_free(prkey);
377 return 0;
378 } 408 }
379 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 409 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
380 break; 410 break;
@@ -382,31 +412,57 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
382 case PKCS8_EMBEDDED_PARAM: 412 case PKCS8_EMBEDDED_PARAM:
383 413
384 p8->pkeyalg->parameter->type = V_ASN1_NULL; 414 p8->pkeyalg->parameter->type = V_ASN1_NULL;
385 ndsa = sk_ASN1_TYPE_new_null(); 415 if (!(ndsa = sk_ASN1_TYPE_new_null())) {
386 ttmp = ASN1_TYPE_new(); 416 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
417 goto err;
418 }
419 if (!(ttmp = ASN1_TYPE_new())) {
420 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
421 goto err;
422 }
387 ttmp->value.sequence = params; 423 ttmp->value.sequence = params;
424 params = NULL;
388 ttmp->type = V_ASN1_SEQUENCE; 425 ttmp->type = V_ASN1_SEQUENCE;
389 sk_ASN1_TYPE_push(ndsa, ttmp); 426 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
427 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
428 goto err;
429 }
390 430
391 ttmp = ASN1_TYPE_new(); 431 if (!(ttmp = ASN1_TYPE_new())) {
432 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
433 goto err;
434 }
392 ttmp->value.integer = prkey; 435 ttmp->value.integer = prkey;
436 prkey = NULL;
393 ttmp->type = V_ASN1_INTEGER; 437 ttmp->type = V_ASN1_INTEGER;
394 sk_ASN1_TYPE_push(ndsa, ttmp); 438 if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
439 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
440 goto err;
441 }
442 ttmp = NULL;
395 443
396 p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); 444 if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
445 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
446 goto err;
447 }
397 448
398 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, 449 if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
399 &p8->pkey->value.octet_string->data, 450 &p8->pkey->value.octet_string->data,
400 &p8->pkey->value.octet_string->length)) { 451 &p8->pkey->value.octet_string->length)) {
401 452
402 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); 453 EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
403 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 454 goto err;
404 M_ASN1_INTEGER_free (prkey);
405 return 0;
406 } 455 }
407 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 456 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
408 break; 457 break;
409 } 458 }
410 return 1; 459 return 1;
460err:
461 if (p != NULL) OPENSSL_free(p);
462 if (params != NULL) ASN1_STRING_free(params);
463 if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
464 if (ttmp != NULL) ASN1_TYPE_free(ttmp);
465 if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
466 return 0;
411} 467}
412#endif 468#endif
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index beb8d7fc5c..d393eb3400 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -77,7 +77,7 @@ static const EVP_MD dsa_md=
77 NID_dsaWithSHA, 77 NID_dsaWithSHA,
78 NID_dsaWithSHA, 78 NID_dsaWithSHA,
79 SHA_DIGEST_LENGTH, 79 SHA_DIGEST_LENGTH,
80 0, 80 EVP_MD_FLAG_FIPS,
81 init, 81 init,
82 update, 82 update,
83 final, 83 final,
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index e19b663754..0605e4b707 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -60,6 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65#include <openssl/md4.h> 66#include <openssl/md4.h>
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index b00a03e048..752615d473 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -60,6 +60,7 @@
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include <openssl/evp.h> 62#include <openssl/evp.h>
63#include "evp_locl.h"
63#include <openssl/objects.h> 64#include <openssl/objects.h>
64#include <openssl/x509.h> 65#include <openssl/x509.h>
65#include <openssl/md5.h> 66#include <openssl/md5.h>
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index d6be3502f0..fe4402389a 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -77,7 +77,7 @@ static const EVP_MD sha1_md=
77 NID_sha1, 77 NID_sha1,
78 NID_sha1WithRSAEncryption, 78 NID_sha1WithRSAEncryption,
79 SHA_DIGEST_LENGTH, 79 SHA_DIGEST_LENGTH,
80 0, 80 EVP_MD_FLAG_FIPS,
81 init, 81 init,
82 update, 82 update,
83 final, 83 final,
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index eb9f4329cd..7712453046 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -61,6 +61,9 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#ifdef OPENSSL_FIPS
65#include <openssl/fips.h>
66#endif
64 67
65int EVP_add_cipher(const EVP_CIPHER *c) 68int EVP_add_cipher(const EVP_CIPHER *c)
66 { 69 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 13:10:10 +0000