projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted [from 1.0.1].
[oweals/openssl.git]
/
crypto
/
evp
/
digest.c
diff --git
a/crypto/evp/digest.c
b/crypto/evp/digest.c
index acada47fda02740e77cfef1783bbe510a53c5c03..467e6b5ae9cf930775fd8e21c192294a5f2cfab7 100644
(file)
--- a/
crypto/evp/digest.c
+++ b/
crypto/evp/digest.c
@@
-117,6
+117,10
@@
#include <openssl/engine.h>
#endif
#include <openssl/engine.h>
#endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
memset(ctx,'\0',sizeof *ctx);
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
memset(ctx,'\0',sizeof *ctx);
@@
-126,7
+130,8
@@
EVP_MD_CTX *EVP_MD_CTX_create(void)
{
EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
{
EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
- EVP_MD_CTX_init(ctx);
+ if (ctx)
+ EVP_MD_CTX_init(ctx);
return ctx;
}
return ctx;
}
@@
-174,6
+179,7
@@
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
/* Same comment from evp_enc.c */
EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
{
/* Same comment from evp_enc.c */
EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+ ENGINE_finish(impl);
return 0;
}
/* We'll use the ENGINE's private digest definition */
return 0;
}
/* We'll use the ENGINE's private digest definition */
@@
-202,6
+208,12
@@
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
{
ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
+ if (ctx->md_data == NULL)
+ {
+ EVPerr(EVP_F_EVP_DIGESTINIT_EX,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
}
}
#ifndef OPENSSL_NO_ENGINE
}
}
#ifndef OPENSSL_NO_ENGINE
@@
-217,12
+229,26
@@
skip_to_init:
}
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1;
}
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ {
+ if (FIPS_digestinit(ctx, type))
+ return 1;
+ OPENSSL_free(ctx->md_data);
+ ctx->md_data = NULL;
+ return 0;
+ }
+#endif
return ctx->digest->init(ctx);
}
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
return ctx->digest->init(ctx);
}
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
+#ifdef OPENSSL_FIPS
+ return FIPS_digestupdate(ctx, data, count);
+#else
return ctx->update(ctx,data,count);
return ctx->update(ctx,data,count);
+#endif
}
/* The caller can assume that this removes any secret data from the context */
}
/* The caller can assume that this removes any secret data from the context */
@@
-237,8
+263,10
@@
int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
/* The caller can assume that this removes any secret data from the context */
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
/* The caller can assume that this removes any secret data from the context */
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
+#ifdef OPENSSL_FIPS
+ return FIPS_digestfinal(ctx, md, size);
+#else
int ret;
int ret;
-
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
if (size != NULL)
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
if (size != NULL)
@@
-250,6
+278,7
@@
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
}
memset(ctx->md_data,0,ctx->digest->ctx_size);
return ret;
}
memset(ctx->md_data,0,ctx->digest->ctx_size);
return ret;
+#endif
}
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
}
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@
-286,8
+315,17
@@
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
if (in->md_data && out->digest->ctx_size)
{
if (in->md_data && out->digest->ctx_size)
{
- if (tmp_buf) out->md_data = tmp_buf;
- else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+ if (tmp_buf)
+ out->md_data = tmp_buf;
+ else
+ {
+ out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+ if (!out->md_data)
+ {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}
@@
-334,6
+372,7
@@
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
/* This call frees resources associated with the context */
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
{
/* This call frees resources associated with the context */
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
{
+#ifndef OPENSSL_FIPS
/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
* because sometimes only copies of the context are ever finalised.
*/
/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
* because sometimes only copies of the context are ever finalised.
*/
@@
-346,6
+385,7
@@
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}
+#endif
if (ctx->pctx)
EVP_PKEY_CTX_free(ctx->pctx);
#ifndef OPENSSL_NO_ENGINE
if (ctx->pctx)
EVP_PKEY_CTX_free(ctx->pctx);
#ifndef OPENSSL_NO_ENGINE
@@
-353,6
+393,9
@@
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
/* The EVP_MD we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
ENGINE_finish(ctx->engine);
/* The EVP_MD we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
ENGINE_finish(ctx->engine);
+#endif
+#ifdef OPENSSL_FIPS
+ FIPS_md_ctx_cleanup(ctx);
#endif
memset(ctx,'\0',sizeof *ctx);
#endif
memset(ctx,'\0',sizeof *ctx);