From: Dr. Stephen Henson Date: Wed, 26 Jan 2005 20:00:40 +0000 (+0000) Subject: FIPS algorithm blocking. X-Git-Tag: OpenSSL_0_9_7f~39 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d0edffc7da3bd2572bd899411943b8062b1c6d8a;p=oweals%2Fopenssl.git FIPS algorithm blocking. Non FIPS algorithms are not normally allowed in FIPS mode. Any attempt to use them via high level functions will return an error. The low level non-FIPS algorithm functions cannot return errors so they produce assertion failures. HMAC also has to give an assertion error because it (erroneously) can't return an error either. There are exceptions (such as MD5 in TLS and non cryptographic use of algorithms) and applications can override the blocking and use non FIPS algorithms anyway. For low level functions the override is perfomed by prefixing the algorithm initalization function with "private_" for example private_MD5_Init(). For high level functions an override is performed by setting a flag in the context. --- diff --git a/apps/dgst.c b/apps/dgst.c index ad32877a09..9106b13fd9 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -108,6 +108,7 @@ int MAIN(int argc, char **argv) char *engine=NULL; #endif char *hmac_key=NULL; + int non_fips_allow = 0; apps_startup(); @@ -192,6 +193,8 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow=1; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) @@ -342,6 +345,13 @@ int MAIN(int argc, char **argv) } } + if (non_fips_allow) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } + /* we use md as a filter, reading from 'in' */ if (!BIO_set_md(bmd,md)) { diff --git a/apps/pkcs12.c b/apps/pkcs12.c index eac28e54d7..c961e6b57b 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -109,7 +109,7 @@ int MAIN(int argc, char **argv) int maciter = PKCS12_DEFAULT_ITER; int twopass = 0; int keytype = 0; - int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int cert_pbe; int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1; int macver = 1; @@ -126,6 +126,13 @@ int MAIN(int argc, char **argv) apps_startup(); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c index 3673cdee6e..fc5bebefce 100644 --- a/crypto/bf/bf_skey.c +++ b/crypto/bf/bf_skey.c @@ -58,11 +58,12 @@ #include #include +#include #include #include "bf_locl.h" #include "bf_pi.h" -void BF_set_key(BF_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(BF) { int i; BF_LONG *p,ri,in[2]; diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index cd49e85ab2..b4d8774961 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -104,7 +104,10 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - + +#ifdef OPENSSL_FIPS +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +#endif void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c index 76e40005c9..dc4791a8cf 100644 --- a/crypto/cast/c_skey.c +++ b/crypto/cast/c_skey.c @@ -56,7 +56,9 @@ * [including the GNU Public Licence.] */ +#include #include + #include "cast_lcl.h" #include "cast_s.h" @@ -72,7 +74,7 @@ #define S6 CAST_S_table6 #define S7 CAST_S_table7 -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(CAST) { CAST_LONG x[16]; CAST_LONG z[16]; diff --git a/crypto/cast/cast.h b/crypto/cast/cast.h index b28e4e4f3b..9e300178d9 100644 --- a/crypto/cast/cast.h +++ b/crypto/cast/cast.h @@ -81,7 +81,10 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; - + +#ifdef OPENSSL_FIPS +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +#endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, int enc); diff --git a/crypto/crypto.h b/crypto/crypto.h index b779a14d12..383090c327 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -439,6 +439,55 @@ void OpenSSLDie(const char *file,int line,const char *assertion); #ifdef OPENSSL_FIPS int FIPS_mode(void); void *FIPS_rand_check(void); + +#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ + #alg " Algorithm forbidden in FIPS mode"); + +#ifdef OPENSSL_FIPS_STRICT +#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) +#else +#define FIPS_BAD_ALGORITHM(alg) \ + { \ + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ + ERR_add_error_data(2, "Algorithm=", #alg); \ + return 0; \ + } +#endif + +/* Low level digest API blocking macro */ + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ALGORITHM(alg) \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(alg##_CTX *c) + +/* For ciphers the API often varies from cipher to cipher and each needs to + * be treated as a special case. Variable key length ciphers (Blowfish, RC4, + * CAST) however are very similar and can use a blocking macro. + */ + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ABORT(alg) \ + private_##alg##_set_key(key, len, data); \ + } \ + void private_##alg##_set_key(alg##_KEY *key, int len, \ + const unsigned char *data) + +#else + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) + #endif /* def OPENSSL_FIPS */ /* BEGIN ERROR CODES */ diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index e4a4d663cb..f4aa41ac4b 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; case BIO_C_GET_MD_CTX: - if (b->init) - { - pctx=ptr; - *pctx=ctx; - } - else - ret=0; + pctx=ptr; + *pctx=ctx; break; case BIO_C_SET_MD_CTX: if (b->init) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 0623ddf1f0..2b6480fddc 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -195,6 +195,17 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif if (ctx->digest != type) { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + if (!(type->flags & EVP_MD_FLAG_FIPS) + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); + return 0; + } + } +#endif if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 9844d7f9bc..f35036c9d7 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -67,32 +67,32 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, 16, 16, 16, 128, - 0, aes_init_key, NULL, + EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, NID_aes_192, 16, 24, 16, 128, - 0, aes_init_key, NULL, + EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NID_aes_256, 16, 32, 16, 128, - 0, aes_init_key, NULL, + EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) +#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) -IMPLEMENT_AES_CFBR(128,1) -IMPLEMENT_AES_CFBR(192,1) -IMPLEMENT_AES_CFBR(256,1) +IMPLEMENT_AES_CFBR(128,1,0) +IMPLEMENT_AES_CFBR(192,1,0) +IMPLEMENT_AES_CFBR(256,1,0) -IMPLEMENT_AES_CFBR(128,8) -IMPLEMENT_AES_CFBR(192,8) -IMPLEMENT_AES_CFBR(256,8) +IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index f2554ecc6a..46e2899825 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -127,16 +127,18 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - 0, des_init_key, NULL, + EVP_CIPH_FLAG_FIPS, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,0,des_init_key,NULL, +BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, + EVP_CIPH_FLAG_FIPS,des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,NULL) -BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,0,des_init_key,NULL, +BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, + EVP_CIPH_FLAG_FIPS,des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,NULL) diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index b462d7c6af..677322bf02 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -160,7 +160,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - 0, des_ede_init_key, NULL, + EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) @@ -171,18 +171,18 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - 0, des_ede3_init_key, NULL, + EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0, - des_ede3_init_key,NULL, +BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, + EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,NULL) -BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0, - des_ede3_init_key,NULL, +BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, + EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,NULL) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 115878ff17..8aab0a5cb4 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -117,6 +117,10 @@ #include #endif +#ifdef OPENSSL_FIPS +#include +#endif + /* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 @@ -290,6 +294,7 @@ struct env_md_st #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} @@ -332,6 +337,9 @@ struct env_md_ctx_st #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ + struct evp_cipher_st { int nid; @@ -373,6 +381,10 @@ struct evp_cipher_st #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ #define EVP_CIPH_NO_PADDING 0x100 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x400 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 /* ctrl() values */ @@ -853,12 +865,16 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 129 #define EVP_F_D2I_PKEY 100 +#define EVP_F_EVP_ADD_CIPHER 130 +#define EVP_F_EVP_ADD_DIGEST 131 #define EVP_F_EVP_CIPHERINIT 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL 101 #define EVP_F_EVP_DIGESTINIT 128 #define EVP_F_EVP_ENCRYPTFINAL 127 +#define EVP_F_EVP_GET_CIPHERBYNAME 132 +#define EVP_F_EVP_GET_DIGESTBYNAME 133 #define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 @@ -894,6 +910,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DISABLED_FOR_FIPS 141 #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 8ea5aa935d..d8ff552d3b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -146,7 +146,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp else ctx->engine = NULL; #endif - +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + if (!(cipher->flags & EVP_CIPH_FLAG_FIPS) + & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); + ERR_add_error_data(2, "cipher=", EVP_CIPHER_name(cipher)); + return 0; + } + } +#endif ctx->cipher=cipher; if (ctx->cipher->ctx_size) { @@ -271,6 +282,9 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, int i,j,bl; OPENSSL_assert(inl > 0); +#ifdef OPENSSL_FIPS + OPENSSL_assert(!FIPS_mode() || ctx->cipher->flags & EVP_CIPH_FLAG_FIPS); +#endif if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index be6d442521..40135d0729 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,12 +68,16 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, +{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"}, +{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"}, {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, +{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"}, +{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"}, {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, @@ -112,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[]= {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, {EVP_R_DECODE_ERROR ,"decode error"}, {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, +{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"}, {EVP_R_ENCODE_ERROR ,"encode error"}, {EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, {EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 2204e345ad..845f222eec 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -226,11 +226,26 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - 0, cipher##_init_key, NULL, \ + flags, cipher##_init_key, NULL, \ EVP_CIPHER_set_asn1_iv, \ EVP_CIPHER_get_asn1_iv, \ NULL) + +#ifdef OPENSSL_FIPS +#define RC2_set_key private_RC2_set_key +#define RC4_set_key private_RC4_set_key +#define CAST_set_key private_CAST_set_key +#define RC5_32_set_key private_RC5_32_set_key +#define BF_set_key private_BF_set_key + +#define MD5_Init private_MD5_Init +#define MD4_Init private_MD4_Init +#define MD2_Init private_MD2_Init +#define MDC2_Init private_MDC2_Init +#define SHA_Init private_SHA_Init + +#endif diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c index beb8d7fc5c..d393eb3400 100644 --- a/crypto/evp/m_dss.c +++ b/crypto/evp/m_dss.c @@ -77,7 +77,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_FIPS, init, update, final, diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index 50914c83b3..0df48e5199 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -60,6 +60,7 @@ #include #include "cryptlib.h" #include +#include "evp_locl.h" #include #include #include diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index e19b663754..0605e4b707 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -60,6 +60,7 @@ #include #include "cryptlib.h" #include +#include "evp_locl.h" #include #include #include diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index b00a03e048..752615d473 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -60,6 +60,7 @@ #include #include "cryptlib.h" #include +#include "evp_locl.h" #include #include #include diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 9f6467c931..62de1336b8 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -60,6 +60,7 @@ #include #include "cryptlib.h" #include +#include "evp_locl.h" #include #include #include diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c index ada7406531..d1785e5f74 100644 --- a/crypto/evp/m_sha.c +++ b/crypto/evp/m_sha.c @@ -60,6 +60,7 @@ #include #include "cryptlib.h" #include +#include "evp_locl.h" #include #include diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index d6be3502f0..fe4402389a 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -77,7 +77,7 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_FIPS, init, update, final, diff --git a/crypto/evp/names.c b/crypto/evp/names.c index eb9f4329cd..7712453046 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -61,6 +61,9 @@ #include #include #include +#ifdef OPENSSL_FIPS +#include +#endif int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 4c91f919d5..f4ea6ab29f 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -171,3 +171,10 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, return(md); } +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { + EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } + diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 0364a1fcbd..294ab3b36a 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -98,6 +98,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, int n, unsigned char *md, unsigned int *md_len); +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); #ifdef __cplusplus } diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c index 1c95bc9c7b..794d1258e0 100644 --- a/crypto/idea/i_skey.c +++ b/crypto/idea/i_skey.c @@ -57,10 +57,23 @@ */ #include +#include #include "idea_lcl.h" static IDEA_INT inverse(unsigned int xin); + +#ifdef OPENSSL_FIPS +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) + { + if (FIPS_mode()) + FIPS_BAD_ABORT(IDEA) + private_idea_set_encrypt_key(key, ks); + } +void private_idea_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks) +#else void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +#endif { int i; register IDEA_INT *kt,*kf,r0,r1,r2; diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h index 67132414ee..bf41844fd7 100644 --- a/crypto/idea/idea.h +++ b/crypto/idea/idea.h @@ -82,6 +82,10 @@ typedef struct idea_key_st const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); +#ifdef OPENSSL_FIPS +void private_idea_set_encrypt_key(const unsigned char *key, + IDEA_KEY_SCHEDULE *ks); +#endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/md2/md2.h b/crypto/md2/md2.h index ad9241455c..d0ef9da08e 100644 --- a/crypto/md2/md2.h +++ b/crypto/md2/md2.h @@ -80,6 +80,9 @@ typedef struct MD2state_st } MD2_CTX; const char *MD2_options(void); +#ifdef OPENSSL_FIPS +int private_MD2_Init(MD2_CTX *c); +#endif int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); int MD2_Final(unsigned char *md, MD2_CTX *c); diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index ecb64f0ec4..8124acd687 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -62,6 +62,8 @@ #include #include #include +#include +#include const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; @@ -116,7 +118,7 @@ const char *MD2_options(void) return("md2(int)"); } -int MD2_Init(MD2_CTX *c) +FIPS_NON_FIPS_MD_Init(MD2) { c->num=0; memset(c->state,0,sizeof c->state); diff --git a/crypto/md32_common.h b/crypto/md32_common.h index fe157a1731..733da6acaf 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -559,7 +559,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) static const unsigned char end[4]={0x80,0x00,0x00,0x00}; const unsigned char *cp=end; -#ifdef OPENSSL_FIPS +#if 0 if(FIPS_mode() && !FIPS_md5_allowed()) { FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); diff --git a/crypto/md4/md4.h b/crypto/md4/md4.h index 7a7b23682f..7e761efb62 100644 --- a/crypto/md4/md4.h +++ b/crypto/md4/md4.h @@ -104,6 +104,9 @@ typedef struct MD4state_st int num; } MD4_CTX; +#ifdef OPENSSL_FIPS +int private_MD4_Init(MD4_CTX *c); +#endif int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); int MD4_Final(unsigned char *md, MD4_CTX *c); diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c index 7afb7185b6..ee7cc72262 100644 --- a/crypto/md4/md4_dgst.c +++ b/crypto/md4/md4_dgst.c @@ -70,7 +70,7 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD4_Init(MD4_CTX *c) +FIPS_NON_FIPS_MD_Init(MD4) { c->A=INIT_DATA_A; c->B=INIT_DATA_B; diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h index a252e02115..c663dd1816 100644 --- a/crypto/md5/md5.h +++ b/crypto/md5/md5.h @@ -104,6 +104,9 @@ typedef struct MD5state_st int num; } MD5_CTX; +#ifdef OPENSSL_FIPS +int private_MD5_Init(MD5_CTX *c); +#endif int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); int MD5_Final(unsigned char *md, MD5_CTX *c); diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c index 9c7abc3697..54b33c6509 100644 --- a/crypto/md5/md5_dgst.c +++ b/crypto/md5/md5_dgst.c @@ -70,7 +70,7 @@ const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD5_Init(MD5_CTX *c) +FIPS_NON_FIPS_MD_Init(MD5) { c->A=INIT_DATA_A; c->B=INIT_DATA_B; diff --git a/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h index 793a8a0f13..4cba101f37 100644 --- a/crypto/mdc2/mdc2.h +++ b/crypto/mdc2/mdc2.h @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; - +#ifdef OPENSSL_FIPS +int private_MDC2_Init(MDC2_CTX *c); +#endif int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 32daa9b0da..20d1a6e6c4 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -60,6 +60,8 @@ #include #include #include +#include +#include #include #undef c2l @@ -75,7 +77,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len); -int MDC2_Init(MDC2_CTX *c) +FIPS_NON_FIPS_MD_Init(MDC2) { c->num=0; c->pad_type=1; diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h index 7816b454dc..71788158d8 100644 --- a/crypto/rc2/rc2.h +++ b/crypto/rc2/rc2.h @@ -79,7 +79,10 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; - +#ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, + int bits); +#endif void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c index cab3080c73..22f372f85c 100644 --- a/crypto/rc2/rc2_skey.c +++ b/crypto/rc2/rc2_skey.c @@ -57,6 +57,7 @@ */ #include +#include #include "rc2_locl.h" static unsigned char key_table[256]={ @@ -90,7 +91,19 @@ static unsigned char key_table[256]={ * BSAFE uses the 'retarded' version. What I previously shipped is * the same as specifying 1024 for the 'bits' parameter. Bsafe uses * a version where the bits parameter is the same as len*8 */ + +#ifdef OPENSSL_FIPS +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) + { + if (FIPS_mode()) + FIPS_BAD_ABORT(RC2) + private_RC2_set_key(key, len, data, bits); + } +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, + int bits) +#else void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +#endif { int i,j; unsigned char *k; diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h index 6878abc5e1..dd90d9fde0 100644 --- a/crypto/rc4/rc4.h +++ b/crypto/rc4/rc4.h @@ -81,6 +81,9 @@ typedef struct rc4_key_st const char *RC4_options(void); +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +#endif void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata); diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c index ca69a5a7ee..07234f061a 100644 --- a/crypto/rc4/rc4_skey.c +++ b/crypto/rc4/rc4_skey.c @@ -57,6 +57,7 @@ */ #include +#include #include "rc4_locl.h" #include @@ -85,7 +86,7 @@ const char *RC4_options(void) * Date: Wed, 14 Sep 1994 06:35:31 GMT */ -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(RC4) { register RC4_INT tmp; register int id1,id2; diff --git a/crypto/rc5/rc5.h b/crypto/rc5/rc5.h index 4adfd2db5a..aa3f26920b 100644 --- a/crypto/rc5/rc5.h +++ b/crypto/rc5/rc5.h @@ -92,7 +92,10 @@ typedef struct rc5_key_st RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; } RC5_32_KEY; - +#ifdef OPENSSL_FIPS +void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +#endif void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds); void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c index a2e00a41c5..f259ab7126 100644 --- a/crypto/rc5/rc5_skey.c +++ b/crypto/rc5/rc5_skey.c @@ -56,11 +56,25 @@ * [including the GNU Public Licence.] */ +#include #include #include "rc5_locl.h" + +#ifdef OPENSSL_FIPS +void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds) + { + if (FIPS_mode()) + FIPS_BAD_ABORT(RC5) + private_RC5_32_set_key(key, len, data, rounds); + } +void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds) +#else void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds) +#endif { RC5_32_INT L[64],l,ll,A,B,*S,k; int i,j,m,c,t,ii,jj; diff --git a/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h index 78d5f36560..7d0d998189 100644 --- a/crypto/ripemd/ripemd.h +++ b/crypto/ripemd/ripemd.h @@ -90,6 +90,9 @@ typedef struct RIPEMD160state_st int num; } RIPEMD160_CTX; +#ifdef OPENSSL_FIPS +int private_RIPEMD160_Init(RIPEMD160_CTX *c); +#endif int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c index f351f00eea..5dff6bafa1 100644 --- a/crypto/ripemd/rmd_dgst.c +++ b/crypto/ripemd/rmd_dgst.c @@ -58,6 +58,7 @@ #include #include "rmd_locl.h" +#include #include const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; @@ -69,7 +70,7 @@ const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); # endif -int RIPEMD160_Init(RIPEMD160_CTX *c) +FIPS_NON_FIPS_MD_Init(RIPEMD160) { c->A=RIPEMD160_A; c->B=RIPEMD160_B; diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index a26ed5ddc1..79c07b0fd1 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -105,6 +105,9 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); int SHA_Final(unsigned char *md, SHA_CTX *c); diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 7a25c70bfc..a3623f72da 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -143,7 +143,11 @@ #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL +#if defined(SHA_0) && defined(OPENSSL_FIPS) +FIPS_NON_FIPS_MD_Init(SHA) +#else int HASH_INIT (SHA_CTX *c) +#endif { c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 4e71ade1ab..030d0966fc 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -322,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; + EVP_MD_CTX md_ctx; /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x,NULL); - EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); + EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); + EVP_DigestFinal_ex(&md_ctx,md,NULL); + EVP_MD_CTX_cleanup(&md_ctx); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8c61ea0cba..e60055c342 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -365,7 +365,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) else return 0; } - + /* Check a certificate chains extensions for consistency * with the supplied purpose diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6b4dc3e672..a18be3e2f1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1162,6 +1162,8 @@ static int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 92efb9597d..beb6c64b93 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -146,6 +146,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) #endif k=0; EVP_MD_CTX_init(&m5); + EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&s1); for (i=0; is3->finish_dgst1), + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 44248ba559..a7184891cd 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1213,6 +1213,8 @@ static int ssl3_send_server_key_exchange(SSL *s) j=0; for (num=2; num > 0; num--) { + EVP_MD_CTX_set_flags(&md_ctx, + EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ac224ddfa1..3dec4099cb 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -132,6 +132,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); + HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); HMAC_Update(&ctx,seed,seed_len);