From 4ac62009acdc601802bdc748d95de128075e2d8f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 9 Apr 2007 12:17:21 +0000 Subject: [PATCH] Backport "alg" module to OpenSSL 0.9.7 --- apps/openssl.cnf | 11 +++++++++++ crypto/conf/conf_mall.c | 1 + crypto/evp/Makefile | 4 ++-- crypto/evp/evp.h | 8 ++++++++ crypto/evp/evp_err.c | 8 +++++++- util/libeay.num | 1 + 6 files changed, 30 insertions(+), 3 deletions(-) diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 4c1d595b0a..c433b663c4 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -8,6 +8,9 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +# Uncomment out to enable OpenSSL configuration see config(3) +# openssl_conf = openssl_init + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids @@ -19,6 +22,11 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) +[openssl_init] +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids +alg_section = algs + [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. @@ -26,6 +34,9 @@ oid_section = new_oids # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 +[ algs ] +# Algorithm configuration options. Currently just fips_mode +fips_mode = no #################################################################### [ ca ] diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 4ba40cf44c..3b1c2e4759 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -76,5 +76,6 @@ void OPENSSL_load_builtin_modules(void) #ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); #endif + EVP_add_alg_module(); } diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index d1c2a272bb..0261eb3b5e 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -23,7 +23,7 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ +LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c \ e_rc4.c e_aes.c names.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ @@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ e_old.c -LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ +LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o \ e_rc4.o e_aes.o names.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 56eec23fef..fba19cfc55 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -875,6 +875,8 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); void EVP_PBE_cleanup(void); +void EVP_add_alg_module(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -885,6 +887,7 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 129 +#define EVP_F_ALG_MODULE_INIT 134 #define EVP_F_D2I_PKEY 100 #define EVP_F_EVP_ADD_CIPHER 130 #define EVP_F_EVP_ADD_DIGEST 131 @@ -933,12 +936,16 @@ void ERR_load_EVP_strings(void); #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_DISABLED_FOR_FIPS 141 #define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 142 +#define EVP_R_ERROR_SETTING_FIPS_MODE 143 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 144 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_FIPS_MODE 145 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 @@ -950,6 +957,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_OPTION 146 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_CIPHER 107 diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 1292cce20f..38d26c259b 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,6 +71,7 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, {ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"}, {ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"}, @@ -122,12 +123,16 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, +{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, +{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, +{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, @@ -139,6 +144,7 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, +{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, diff --git a/util/libeay.num b/util/libeay.num index 4222bef6d6..63e4382d9a 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1330,6 +1330,7 @@ i2d_PBE2PARAM 1401 EXIST::FUNCTION: PBE2PARAM_new 1402 EXIST::FUNCTION: d2i_PBE2PARAM 1403 EXIST::FUNCTION: PBE2PARAM_free 1404 EXIST::FUNCTION: +EVP_add_alg_module 1405 EXIST::FUNCTION: d2i_ASN1_SET_OF_GENERAL_NAME 1421 NOEXIST::FUNCTION: i2d_ASN1_SET_OF_GENERAL_NAME 1422 NOEXIST::FUNCTION: d2i_ASN1_SET_OF_SXNETID 1439 NOEXIST::FUNCTION: -- 2.25.1