diff options
| -rw-r--r-- | crypto/openssl/apps/openssl.cnf | 4 | ||||
| -rw-r--r-- | crypto/openssl/apps/speed.c | 1 | ||||
| -rw-r--r-- | crypto/openssl/crypto/des/des.h | 6 | ||||
| -rw-r--r-- | crypto/openssl/crypto/err/err_all.c | 4 | ||||
| -rw-r--r-- | crypto/openssl/crypto/evp/evp.h | 50 | ||||
| -rw-r--r-- | crypto/openssl/crypto/rsa/rsa.h | 4 | ||||
| -rw-r--r-- | crypto/openssl/crypto/rsa/rsa_eay.c | 2 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s23_clnt.c | 7 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s2_clnt.c | 7 | ||||
| -rw-r--r-- | crypto/openssl/ssl/s2_srvr.c | 9 | ||||
| -rw-r--r-- | crypto/openssl/util/pl/Mingw32.pl | 11 |
11 files changed, 80 insertions, 25 deletions
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index 9256b4d..79fd471 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -45,8 +45,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number -#crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL +#crlnumber = $dir/crlnumber # the current crl number must be + # commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index 2412200..5ed510c 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -1395,6 +1395,7 @@ int MAIN(int argc, char **argv) EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); else EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); + EVP_CIPHER_CTX_set_padding(&ctx, 0); Time_F(START); if(decrypt) diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h index daaf239..c5df1c9 100644 --- a/crypto/openssl/crypto/des/des.h +++ b/crypto/openssl/crypto/des/des.h @@ -128,7 +128,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) const char *DES_options(void); -void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output, DES_key_schedule *ks1,DES_key_schedule *ks2, DES_key_schedule *ks3, int enc); DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, @@ -187,6 +187,10 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, long length,DES_key_schedule *ks1, DES_key_schedule *ks2,DES_key_schedule *ks3, DES_cblock *ivec,int *num,int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, + int numbits,long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int enc); void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, long length,DES_key_schedule *ks1, DES_key_schedule *ks2,DES_key_schedule *ks3, diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c index dc505d9..4dc9300 100644 --- a/crypto/openssl/crypto/err/err_all.c +++ b/crypto/openssl/crypto/err/err_all.c @@ -87,6 +87,7 @@ #endif #include <openssl/ocsp.h> #include <openssl/err.h> +#include <openssl/fips.h> void ERR_load_crypto_strings(void) { @@ -130,4 +131,7 @@ void ERR_load_crypto_strings(void) ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif +#ifdef OPENSSL_FIPS + ERR_load_FIPS_strings(); +#endif } diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index 4801d8e..115878f 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -499,6 +499,7 @@ void BIO_set_md(BIO *,const EVP_MD *md); #endif #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) @@ -640,9 +641,20 @@ const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); const EVP_CIPHER *EVP_des_ede_ecb(void); const EVP_CIPHER *EVP_des_ede3_ecb(void); -const EVP_CIPHER *EVP_des_cfb(void); -const EVP_CIPHER *EVP_des_ede_cfb(void); -const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +#if 0 +const EVP_CIPHER *EVP_des_ede_cfb1(void); +const EVP_CIPHER *EVP_des_ede_cfb8(void); +#endif +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); const EVP_CIPHER *EVP_des_ofb(void); const EVP_CIPHER *EVP_des_ede_ofb(void); const EVP_CIPHER *EVP_des_ede3_ofb(void); @@ -666,7 +678,8 @@ const EVP_CIPHER *EVP_rc4_40(void); #endif #ifndef OPENSSL_NO_IDEA const EVP_CIPHER *EVP_idea_ecb(void); -const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 const EVP_CIPHER *EVP_idea_ofb(void); const EVP_CIPHER *EVP_idea_cbc(void); #endif @@ -675,45 +688,58 @@ const EVP_CIPHER *EVP_rc2_ecb(void); const EVP_CIPHER *EVP_rc2_cbc(void); const EVP_CIPHER *EVP_rc2_40_cbc(void); const EVP_CIPHER *EVP_rc2_64_cbc(void); -const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 const EVP_CIPHER *EVP_rc2_ofb(void); #endif #ifndef OPENSSL_NO_BF const EVP_CIPHER *EVP_bf_ecb(void); const EVP_CIPHER *EVP_bf_cbc(void); -const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 const EVP_CIPHER *EVP_bf_ofb(void); #endif #ifndef OPENSSL_NO_CAST const EVP_CIPHER *EVP_cast5_ecb(void); const EVP_CIPHER *EVP_cast5_cbc(void); -const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 const EVP_CIPHER *EVP_cast5_ofb(void); #endif #ifndef OPENSSL_NO_RC5 const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); #endif #ifndef OPENSSL_NO_AES const EVP_CIPHER *EVP_aes_128_ecb(void); const EVP_CIPHER *EVP_aes_128_cbc(void); -const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 const EVP_CIPHER *EVP_aes_128_ofb(void); #if 0 const EVP_CIPHER *EVP_aes_128_ctr(void); #endif const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); -const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 const EVP_CIPHER *EVP_aes_192_ofb(void); #if 0 const EVP_CIPHER *EVP_aes_192_ctr(void); #endif const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); -const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 const EVP_CIPHER *EVP_aes_256_ofb(void); #if 0 const EVP_CIPHER *EVP_aes_256_ctr(void); @@ -825,6 +851,7 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ +#define EVP_F_AES_INIT_KEY 129 #define EVP_F_D2I_PKEY 100 #define EVP_F_EVP_CIPHERINIT 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 @@ -855,6 +882,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_RC5_CTRL 125 /* Reason codes. */ +#define EVP_R_AES_KEY_SETUP_FAILED 140 #define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BAD_KEY_LENGTH 137 diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index 1ea0fe1..c82363e 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -73,6 +73,10 @@ #error RSA is disabled. #endif +#if defined(OPENSSL_FIPS) +#define FIPS_RSA_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index 5f7a1f2..0d17acb 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -63,7 +63,7 @@ #include <openssl/rsa.h> #include <openssl/rand.h> -#ifndef RSA_NULL +#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index 64ee426..b1db0fb 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -235,7 +235,8 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); + if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) + return -1; /* Do the message type and length last */ d= &(buf[2]); @@ -296,7 +297,9 @@ static int ssl23_client_hello(SSL *s) i=ch_len; s2n(i,d); memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); + if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) + return -1; + memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); p+=i; diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 43b32eb..c67829f 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -612,7 +612,8 @@ static int client_hello(SSL *s) s->s2->challenge_length=SSL2_CHALLENGE_LENGTH; s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */ /*challenge id data*/ - RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH); + if(RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0) + return -1; memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH); d+=SSL2_CHALLENGE_LENGTH; @@ -660,7 +661,9 @@ static int client_master_key(SSL *s) SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } - if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); + if (i > 0) + if(RAND_pseudo_bytes(sess->key_arg,i) <= 0) + return -1; /* make a master key */ i=EVP_CIPHER_key_length(c); diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 5da2a54..853871f 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -498,7 +498,8 @@ static int get_client_master_key(SSL *s) i=ek; else i=EVP_CIPHER_key_length(c); - RAND_pseudo_bytes(p,i); + if(RAND_pseudo_bytes(p,i) <= 0) + return 0; } #else if (i < 0) @@ -804,7 +805,8 @@ static int server_hello(SSL *s) /* make and send conn_id */ s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; - RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length); + if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0) + return -1; memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); d+=SSL2_CONNECTION_ID_LENGTH; @@ -949,7 +951,8 @@ static int request_certificate(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_REQUEST_CERTIFICATE; *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; - RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0) + return -1; memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl index 20a1509..ba00305 100644 --- a/crypto/openssl/util/pl/Mingw32.pl +++ b/crypto/openssl/util/pl/Mingw32.pl @@ -22,7 +22,7 @@ if ($debug) else { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; } -if ($gaswin and !$no_asm) +if ($gaswin and !$no_asm and !$fips) { $bn_asm_obj='$(OBJ_D)\bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; @@ -93,13 +93,18 @@ sub do_lib_rule sub do_link_rule { - local($target,$files,$dep_libs,$libs)=@_; + local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n"; + if (defined $sha1file) + { + $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; + } + $ret.="\n"; return($ret); } 1; |
