OSDN > Developer > lincolntgl1987 > Chamber > Openssl > Commit

Openssl
Fork

Commit

Cleaner check of self test status.

--- a/crypto/evp/digest.c

+++ b/crypto/evp/digest.c

		@@ -120,9 +120,6 @@
120	120
121	121	void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
122	122	{
123		-#ifdef OPENSSL_FIPS
124		- FIPS_selftest_check();
125		-#endif
126	123	memset(ctx,'\0',sizeof *ctx);
127	124	}
128	125

		@@ -265,6 +262,14 @@ static int do_evp_md_engine(EVP_MD_CTX ctx, const EVP_MD ptype, ENGINE impl)
265	262	int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
266	263	{
267	264	M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
	265	+#ifdef OPENSSL_FIPS
	266	+ if(FIPS_selftest_failed())
	267	+ {
	268	+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
	269	+ ctx->digest = &bad_md;
	270	+ return 0;
	271	+ }
	272	+#endif
268	273	#ifndef OPENSSL_NO_ENGINE
269	274	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
270	275	* so this context may already have an ENGINE! Try to avoid releasing

		@@ -305,6 +310,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
305	310	int EVP_DigestUpdate(EVP_MD_CTX ctx, const void data,
306	311	size_t count)
307	312	{
	313	+#ifdef OPENSSL_FIPS
	314	+ FIPS_selftest_check();
	315	+#endif
308	316	return ctx->digest->update(ctx,data,count);
309	317	}
310	318

		@@ -321,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
321	329	int EVP_DigestFinal_ex(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
322	330	{
323	331	int ret;
	332	+#ifdef OPENSSL_FIPS
	333	+ FIPS_selftest_check();
	334	+#endif
324	335
325	336	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
326	337	ret=ctx->digest->final(ctx,md);

--- a/crypto/evp/enc_min.c

+++ b/crypto/evp/enc_min.c

		@@ -199,6 +199,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
199	199	enc = 1;
200	200	ctx->encrypt = enc;
201	201	}
	202	+#ifdef OPENSSL_NO_FIPS
	203	+ if(FIPS_selftest_failed())
	204	+ {
	205	+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
	206	+ ctx->cipher = &bad_cipher;
	207	+ return 0;
	208	+ }
	209	+#endif
202	210	#ifndef OPENSSL_NO_ENGINE
203	211	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
204	212	* so this context may already have an ENGINE! Try to avoid releasing

		@@ -339,6 +347,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
339	347
340	348	int EVP_Cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, unsigned int inl)
341	349	{
	350	+#ifdef OPENSSL_FIPS
	351	+ FIPS_selftest_check();
	352	+#endif
342	353	return ctx->cipher->do_cipher(ctx,out,in,inl);
343	354	}
344	355

--- a/crypto/evp/evp_enc.c

+++ b/crypto/evp/evp_enc.c

		@@ -66,6 +66,14 @@
66	66	#endif
67	67	#include "evp_locl.h"
68	68
	69	+#ifdef OPENSSL_FIPS
	70	+ #define M_do_cipher(ctx, out, in, inl) \
	71	+ EVP_Cipher(ctx,out,in,inl)
	72	+#else
	73	+ #define M_do_cipher(ctx, out, in, inl) \
	74	+ ctx->cipher->do_cipher(ctx,out,in,inl)
	75	+#endif
	76	+
69	77	const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
70	78
71	79	EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)

		@@ -138,7 +146,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
138	146	OPENSSL_assert(inl > 0);
139	147	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
140	148	{
141		- if(ctx->cipher->do_cipher(ctx,out,in,inl))
	149	+ if(M_do_cipher(ctx,out,in,inl))
142	150	{
143	151	*outl=inl;
144	152	return 1;

		@@ -165,7 +173,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
165	173	{
166	174	j=bl-i;
167	175	memcpy(&(ctx->buf[i]),in,j);
168		- if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
	176	+ if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
169	177	inl-=j;
170	178	in+=j;
171	179	out+=bl;

		@@ -178,7 +186,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
178	186	inl-=i;
179	187	if (inl > 0)
180	188	{
181		- if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
	189	+ if(!M_do_cipher(ctx,out,in,inl)) return 0;
182	190	*outl+=inl;
183	191	}
184	192

		@@ -222,7 +230,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
222	230	n=b-bl;
223	231	for (i=bl; i<b; i++)
224	232	ctx->buf[i]=n;
225		- ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
	233	+ ret=M_do_cipher(ctx,out,ctx->buf,b);
226	234
227	235
228	236	if(ret)

--- a/crypto/fips_err.h

+++ b/crypto/fips_err.h

		@@ -74,6 +74,8 @@ static ERR_STRING_DATA FIPS_str_functs[]=
74	74	{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
75	75	{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
76	76	{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
	77	+{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
	78	+{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
77	79	{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
78	80	{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"},
79	81	{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"},

--- a/fips/fips.h

+++ b/fips/fips.h

		@@ -107,6 +107,8 @@ void ERR_load_FIPS_strings(void);
107	107	#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
108	108	#define FIPS_F_DSA_DO_SIGN 102
109	109	#define FIPS_F_DSA_DO_VERIFY 103
	110	+#define FIPS_F_EVP_CIPHERINIT_EX 124
	111	+#define FIPS_F_EVP_DIGESTINIT_EX 125
110	112	#define FIPS_F_FIPS_CHECK_DSA 104
111	113	#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
112	114	#define FIPS_F_FIPS_CHECK_RSA 106