diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-03-01 23:01:07 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-01 23:14:08 +0000 |
commit | 813cfd9c0a55458397bf017f661bf9d97cb29cc2 (patch) | |
tree | 3fcc93e1b7bc746b7bd5aa8e40a4f083583fda5d | |
parent | 976c58302b13d085edb3ab822f5eac4b2f1bff95 (diff) | |
download | openssl-new-813cfd9c0a55458397bf017f661bf9d97cb29cc2.tar.gz |
Add additional FIPS digests.
Add a few special case digests not returned by FIPS_get_digestbynid().
Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this
issue.
-rw-r--r-- | crypto/evp/digest.c | 3 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 19 | ||||
-rw-r--r-- | crypto/evp/evp_locl.h | 2 |
3 files changed, 22 insertions, 2 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 87317572fe..af0044ff43 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -119,6 +119,7 @@ #ifdef OPENSSL_FIPS #include <openssl/fips.h> +#include "evp_locl.h" #endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) @@ -152,7 +153,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) const EVP_MD *fipsmd; if (type) { - fipsmd = FIPS_get_digestbynid(EVP_MD_type(type)); + fipsmd = evp_get_fips_md(type); if (fipsmd) type = fipsmd; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index c5509a9fb9..d548ad1d31 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -62,6 +62,7 @@ #include <openssl/objects.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> +#include "evp_locl.h" #endif int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) @@ -298,11 +299,27 @@ int EVP_MD_size(const EVP_MD *md) return md->md_size; } +#ifdef OPENSSL_FIPS + +const EVP_MD *evp_get_fips_md(const EVP_MD *md) + { + int nid = EVP_MD_type(md); + if (nid == NID_dsa) + return FIPS_evp_dss1(); + else if (nid == NID_dsaWithSHA) + return FIPS_evp_dss(); + else if (nid == NID_ecdsa_with_SHA1) + return FIPS_evp_ecdsa(); + else + return FIPS_get_digestbynid(nid); + } +#endif + unsigned long EVP_MD_flags(const EVP_MD *md) { #ifdef OPENSSL_FIPS const EVP_MD *fmd; - fmd = FIPS_get_digestbynid(EVP_MD_type(md)); + fmd = evp_get_fips_md(md); if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) return md->flags | EVP_MD_FLAG_FIPS; #endif diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 08c0a66d39..f4a943a716 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -348,6 +348,8 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); +const EVP_MD *evp_get_fips_md(const EVP_MD *md); + #ifdef OPENSSL_FIPS #ifdef OPENSSL_DOING_MAKEDEPEND |