OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
19-Aug-2007 14:49:08
Branch: OpenSSL-fips-0_9_8-stable Handle:
2007081913490601
Modified files: (Branch:
OpenSSL-fips-0_9_8-stable)
openssl/crypto fips_err.h
openssl/crypto/evp digest.c enc_min.c evp_enc.c
openssl/fips fips.h
Log:
Cleaner check of self test status.
Summary:
Revision Changes Path
1.30.4.5 +14 -3 openssl/crypto/evp/digest.c
1.1.2.4 +11 -0 openssl/crypto/evp/enc_min.c
1.42.2.3.2.4+12 -4 openssl/crypto/evp/evp_enc.c
1.1.4.5 +2 -0 openssl/crypto/fips_err.h
1.1.4.3 +2 -0 openssl/fips/fips.h
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/crypto/evp/digest.c
============================================================
================
$ cvs diff -u -r1.30.4.4 -r1.30.4.5 digest.c
--- openssl/crypto/evp/digest.c 14 Aug 2007 16:00:43
-0000 1.30.4.4
+++ openssl/crypto/evp/digest.c 19 Aug 2007 12:49:07
-0000 1.30.4.5
-120,9 +120,6
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
memset(ctx,'�',sizeof *ctx);
}
-265,6 +262,14
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD
*type, ENGINE *impl)
{
M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifdef OPENSSL_FIPS
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAI
LED);
+ ctx->digest = &bad_md;
+ return 0;
+ }
+#endif
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be
used on "Final"'d contexts
* so this context may already have an ENGINE! Try to
avoid releasing
-305,6 +310,9
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
return ctx->digest->update(ctx,data,count);
}
-321,6 +329,9
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char
*md, unsigned int *size)
{
int ret;
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
OPENSSL_assert(ctx->digest->md_size <=
EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
.
patch -p0 <<' .'
Index: openssl/crypto/evp/enc_min.c
============================================================
================
$ cvs diff -u -r1.1.2.3 -r1.1.2.4 enc_min.c
--- openssl/crypto/evp/enc_min.c 14 Aug 2007 16:00:44
-0000 1.1.2.3
+++ openssl/crypto/evp/enc_min.c 19 Aug 2007 12:49:07
-0000 1.1.2.4
-199,6 +199,14
enc = 1;
ctx->encrypt = enc;
}
+#ifdef OPENSSL_NO_FIPS
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAI
LED);
+ ctx->cipher = &bad_cipher;
+ return 0;
+ }
+#endif
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be
used on "Final"'d contexts
* so this context may already have an ENGINE! Try to
avoid releasing
-339,6 +347,9
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
.
patch -p0 <<' .'
Index: openssl/crypto/evp/evp_enc.c
============================================================
================
$ cvs diff -u -r1.42.2.3.2.3 -r1.42.2.3.2.4 evp_enc.c
--- openssl/crypto/evp/evp_enc.c 14 Aug 2007 16:00:46
-0000 1.42.2.3.2.3
+++ openssl/crypto/evp/evp_enc.c 19 Aug 2007 12:49:07
-0000 1.42.2.3.2.4
-66,6 +66,14
#endif
#include "evp_locl.h"
+#ifdef OPENSSL_FIPS
+ #define M_do_cipher(ctx, out, in, inl)
+ EVP_Cipher(ctx,out,in,inl)
+#else
+ #define M_do_cipher(ctx, out, in, inl)
+ ctx->cipher->do_cipher(ctx,out,in,inl)
+#endif
+
const char EVP_version[]="EVP"
OPENSSL_VERSION_PTEXT;
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
-138,7 +146,7
OPENSSL_assert(inl > 0);
if(ctx->buf_len == 0 &&
(inl&(ctx->block_mask)) == 0)
{
- if(ctx->cipher->do_cipher(ctx,out,in,inl))
+ if(M_do_cipher(ctx,out,in,inl))
{
*outl=inl;
return 1;
-165,7 +173,7
{
j=bl-i;
memcpy(&(ctx->buf[i]),in,j);
- if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)
) return 0;
+ if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
inl-=j;
in+=j;
out+=bl;
-178,7 +186,7
inl-=i;
if (inl > 0)
{
- if(!ctx->cipher->do_cipher(ctx,out,in,inl))
return 0;
+ if(!M_do_cipher(ctx,out,in,inl)) return 0;
*outl+=inl;
}
-222,7 +230,7
n=b-bl;
for (i=bl; i<b; i++)
ctx->buf[i]=n;
- ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+ ret=M_do_cipher(ctx,out,ctx->buf,b);
if(ret)
.
patch -p0 <<' .'
Index: openssl/crypto/fips_err.h
============================================================
================
$ cvs diff -u -r1.1.4.4 -r1.1.4.5 fips_err.h
--- openssl/crypto/fips_err.h 14 Aug 2007 13:33:27
-0000 1.1.4.4
+++ openssl/crypto/fips_err.h 19 Aug 2007 12:49:06
-0000 1.1.4.5
-74,6 +74,8
{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PA
RAMGEN"},
{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_e
x"},
+{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_e
x"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"
},
{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_
CHECK_INCORE_FINGERPRINT"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"
},
.
patch -p0 <<' .'
Index: openssl/fips/fips.h
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips.h
--- openssl/fips/fips.h 15 Aug 2007 13:35:31
-0000 1.1.4.2
+++ openssl/fips/fips.h 19 Aug 2007 12:49:07
-0000 1.1.4.3
-107,6 +107,8
#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
#define FIPS_F_DSA_DO_SIGN 102
#define FIPS_F_DSA_DO_VERIFY 103
+#define FIPS_F_EVP_CIPHERINIT_EX 124
+#define FIPS_F_EVP_DIGESTINIT_EX 125
#define FIPS_F_FIPS_CHECK_DSA 104
#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
#define FIPS_F_FIPS_CHECK_RSA 106
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
