From e97922f22038e9049ed4c2db5b3736dfaa0edde3 Mon Sep 17 00:00:00 2001 From: mrezai Date: Fri, 15 Apr 2016 19:03:35 +0430 Subject: Update OpenSSL to version 1.0.2g --- drivers/builtin_openssl2/crypto/evp/evp_lib.c | 55 +++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) (limited to 'drivers/builtin_openssl2/crypto/evp/evp_lib.c') diff --git a/drivers/builtin_openssl2/crypto/evp/evp_lib.c b/drivers/builtin_openssl2/crypto/evp/evp_lib.c index b16d623a93..7e0bab90d4 100644 --- a/drivers/builtin_openssl2/crypto/evp/evp_lib.c +++ b/drivers/builtin_openssl2/crypto/evp/evp_lib.c @@ -60,6 +60,10 @@ #include "cryptlib.h" #include #include +#ifdef OPENSSL_FIPS +# include +# include "evp_locl.h" +#endif int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -69,6 +73,11 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) ret = c->cipher->set_asn1_parameters(c, type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { switch (EVP_CIPHER_CTX_mode(c)) { + case EVP_CIPH_WRAP_MODE: + if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap) + ASN1_TYPE_set(type, V_ASN1_NULL, NULL); + ret = 1; + break; case EVP_CIPH_GCM_MODE: case EVP_CIPH_CCM_MODE: @@ -93,6 +102,10 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { switch (EVP_CIPHER_CTX_mode(c)) { + case EVP_CIPH_WRAP_MODE: + ret = 1; + break; + case EVP_CIPH_GCM_MODE: case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: @@ -221,12 +234,22 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { +#ifdef OPENSSL_FIPS + const EVP_CIPHER *fcipher; + fcipher = evp_get_fips_cipher(cipher); + if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) + return cipher->flags | EVP_CIPH_FLAG_FIPS; +#endif return cipher->flags; } unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) { +#ifdef OPENSSL_FIPS + return EVP_CIPHER_flags(ctx->cipher); +#else return ctx->cipher->flags; +#endif } void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) @@ -293,8 +316,40 @@ int EVP_MD_size(const EVP_MD *md) return md->md_size; } +#ifdef OPENSSL_FIPS + +const EVP_MD *evp_get_fips_md(const EVP_MD *md) +{ + int nid = EVP_MD_type(md); + if (nid == NID_dsa) + return FIPS_evp_dss1(); + else if (nid == NID_dsaWithSHA) + return FIPS_evp_dss(); + else if (nid == NID_ecdsa_with_SHA1) + return FIPS_evp_ecdsa(); + else + return FIPS_get_digestbynid(nid); +} + +const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) +{ + int nid = cipher->nid; + if (nid == NID_undef) + return FIPS_evp_enc_null(); + else + return FIPS_get_cipherbynid(nid); +} + +#endif + unsigned long EVP_MD_flags(const EVP_MD *md) { +#ifdef OPENSSL_FIPS + const EVP_MD *fmd; + fmd = evp_get_fips_md(md); + if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) + return md->flags | EVP_MD_FLAG_FIPS; +#endif return md->flags; } -- cgit v1.2.3