From f4001a0d192a2462bcedbaadf95e778ddc352ebb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 8 Feb 2011 15:10:42 +0000 Subject: [PATCH] Link GCM into FIPS module. Check return value in EVP gcm. --- Makefile.org | 3 ++- crypto/evp/e_aes.c | 15 ++++++++++++--- crypto/modes/gcm128.c | 2 ++ fips/Makefile | 1 + 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/Makefile.org b/Makefile.org index b608f710e9..89fa394546 100644 --- a/Makefile.org +++ b/Makefile.org @@ -316,6 +316,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/modes/cbc128.o \ ../crypto/modes/cfb128.o \ ../crypto/modes/ctr128.o \ + ../crypto/modes/gcm128.o \ ../crypto/modes/ofb128.o \ ../crypto/rand/md_rand.o \ ../crypto/rand/rand_egd.o \ @@ -350,7 +351,7 @@ build_fips: build_crypto: if [ -n "$(FIPSCANLIB)" ]; then \ - EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ + EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ else \ ARX='${AR}' ; \ diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 34a350a880..ed21d0a923 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -312,11 +312,20 @@ static int aes_gcm(EVP_CIPHER_CTX *ctx, unsigned char *out, if (in) { if (out == NULL) - CRYPTO_gcm128_aad(gctx->gcm, in, len); + { + if (CRYPTO_gcm128_aad(gctx->gcm, in, len)) + return -1; + } else if (ctx->encrypt) - CRYPTO_gcm128_encrypt(gctx->gcm, in, out, len); + { + if (CRYPTO_gcm128_encrypt(gctx->gcm, in, out, len)) + return -1; + } else - CRYPTO_gcm128_decrypt(gctx->gcm, in, out, len); + { + if (CRYPTO_gcm128_decrypt(gctx->gcm, in, out, len)) + return -1; + } return len; } else diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 3f6b70df4b..1287bce773 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -47,6 +47,8 @@ * ==================================================================== */ +#define OPENSSL_FIPSAPI + #include #include "modes_lcl.h" #include diff --git a/fips/Makefile b/fips/Makefile index 1eafa55481..6d4c27fd1b 100644 --- a/fips/Makefile +++ b/fips/Makefile @@ -89,6 +89,7 @@ fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \ list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \ list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \ + list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \ if [ -n "$(CPUID_OBJ)" ]; then \ CPUID=../crypto/$(CPUID_OBJ) ; \ else \ -- 2.25.1