Add FIPS flags to AES ciphers and SHA* digests.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c

index 4206fd0da4a02cc1089067b8fc7b96bc09f8571b..2f937af0ba905d49e2e9ec8286f21a66191cce79 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -119,7 +119,7 @@ static int aes_counter (EVP_CIPHER_CTX *ctx, unsigned char *out,
  static const EVP_CIPHER aes_128_ctr_cipher=
         {
         NID_aes_128_ctr,1,16,16,
-       EVP_CIPH_CTR_MODE,
+       EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS,
         aes_init_key,
         aes_counter,
         NULL,
@@ -136,7 +136,7 @@ const EVP_CIPHER *EVP_aes_128_ctr (void)
  static const EVP_CIPHER aes_192_ctr_cipher=
         {
         NID_aes_192_ctr,1,24,16,
-       EVP_CIPH_CTR_MODE,
+       EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS,
         aes_init_key,
         aes_counter,
         NULL,
@@ -153,7 +153,7 @@ const EVP_CIPHER *EVP_aes_192_ctr (void)
  static const EVP_CIPHER aes_256_ctr_cipher=
         {
         NID_aes_256_ctr,1,32,16,
-       EVP_CIPH_CTR_MODE,
+       EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS,
         aes_init_key,
         aes_counter,
         NULL,
@@ -415,7 +415,8 @@ static const EVP_CIPHER aes_128_gcm_cipher=
         NID_aes_128_gcm,1,16,12,
         EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
                 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT
+               | EVP_CIPH_FLAG_FIPS,
         aes_gcm_init_key,
         aes_gcm,
         aes_gcm_cleanup,
@@ -434,7 +435,8 @@ static const EVP_CIPHER aes_192_gcm_cipher=
         NID_aes_128_gcm,1,24,12,
         EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
                 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT
+               | EVP_CIPH_FLAG_FIPS,
         aes_gcm_init_key,
         aes_gcm,
         aes_gcm_cleanup,
@@ -453,7 +455,8 @@ static const EVP_CIPHER aes_256_gcm_cipher=
         NID_aes_128_gcm,1,32,12,
         EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
                 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT
+               | EVP_CIPH_FLAG_FIPS,
         aes_gcm_init_key,
         aes_gcm,
         aes_gcm_cleanup,
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c

index 8c7e780a6d0de27af3079b07170a73103755f591..62b4dc68c9f5854652f48200369be86c99b7e55d 100644 (file)
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -87,7 +87,7 @@ static const EVP_MD sha1_md=
         NID_sha1,
         NID_sha1WithRSAEncryption,
         SHA_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
         init,
         update,
         final,
@@ -124,7 +124,7 @@ static const EVP_MD sha224_md=
         NID_sha224,
         NID_sha224WithRSAEncryption,
         SHA224_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
         init224,
         update256,
         final256,
@@ -143,7 +143,7 @@ static const EVP_MD sha256_md=
         NID_sha256,
         NID_sha256WithRSAEncryption,
         SHA256_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
         init256,
         update256,
         final256,
@@ -174,7 +174,7 @@ static const EVP_MD sha384_md=
         NID_sha384,
         NID_sha384WithRSAEncryption,
         SHA384_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
         init384,
         update512,
         final512,
@@ -193,7 +193,7 @@ static const EVP_MD sha512_md=
         NID_sha512,
         NID_sha512WithRSAEncryption,
         SHA512_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
         init512,
         update512,
         final512,
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
crypto/evp/e_aes.c		patch \| blob \| history
crypto/evp/m_sha1.c		patch \| blob \| history