Changes between 0.9.8g and 0.9.8h-fips [xx XXX xxxx]
+ *) Add flag EVP_CIPH_FLAG_LENGTH_BITS to indicate that input buffer length
+ is in bits not bytes. The Monte Carlo FIPS140-2 CFB1 tests require this.
+ [Steve Henson]
+
*) Add option --with-fipslibdir to specify location of fipscanister.lib
and friends. When combined with fips build option fipscanister.lib is
not built but linked from the supplied directory. Always link fips
#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
/* Allow use default ASN1 get/set iv */
#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
/* ctrl() values */
#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
#define M_EVP_MD_CTX_md(e) ((e)->digest)
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
int EVP_MD_type(const EVP_MD *md);
#define EVP_MD_nid(e) EVP_MD_type(e)
#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
{\
- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
return 1;\
}
}
if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
return 0;
+ if(!strcasecmp(amode,"CFB1"))
+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
if (dir)
EVP_Cipher(ctx, ciphertext, plaintext, len);
else
case CFB1:
if(j == 0)
{
+#if 0
/* compensate for wrong endianness of input file */
if(i == 0)
ptext[0][0]<<=7;
+#endif
ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
ptext[j], ctext[j], len);
}
projects / oweals / openssl.git / commitdiff