Add FIPS flags to AES ciphers and SHA* digests.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 15:57:54 +0000 (15:57 +0000)
crypto/evp/e_aes.c
crypto/evp/m_sha1.c

index 4206fd0..2f937af 100644 (file)
@@ -119,7 +119,7 @@ static int aes_counter (EVP_CIPHER_CTX *ctx, unsigned char *out,
 static const EVP_CIPHER aes_128_ctr_cipher=
        {
        NID_aes_128_ctr,1,16,16,
-       EVP_CIPH_CTR_MODE,
+       EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS,
        aes_init_key,
        aes_counter,
        NULL,
@@ -136,7 +136,7 @@ const EVP_CIPHER *EVP_aes_128_ctr (void)
 static const EVP_CIPHER aes_192_ctr_cipher=
        {
        NID_aes_192_ctr,1,24,16,
-       EVP_CIPH_CTR_MODE,
+       EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS,
        aes_init_key,
        aes_counter,
        NULL,
@@ -153,7 +153,7 @@ const EVP_CIPHER *EVP_aes_192_ctr (void)
 static const EVP_CIPHER aes_256_ctr_cipher=
        {
        NID_aes_256_ctr,1,32,16,
-       EVP_CIPH_CTR_MODE,
+       EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS,
        aes_init_key,
        aes_counter,
        NULL,
@@ -415,7 +415,8 @@ static const EVP_CIPHER aes_128_gcm_cipher=
        NID_aes_128_gcm,1,16,12,
        EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT
+               | EVP_CIPH_FLAG_FIPS,
        aes_gcm_init_key,
        aes_gcm,
        aes_gcm_cleanup,
@@ -434,7 +435,8 @@ static const EVP_CIPHER aes_192_gcm_cipher=
        NID_aes_128_gcm,1,24,12,
        EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT
+               | EVP_CIPH_FLAG_FIPS,
        aes_gcm_init_key,
        aes_gcm,
        aes_gcm_cleanup,
@@ -453,7 +455,8 @@ static const EVP_CIPHER aes_256_gcm_cipher=
        NID_aes_128_gcm,1,32,12,
        EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1
                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT,
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT
+               | EVP_CIPH_FLAG_FIPS,
        aes_gcm_init_key,
        aes_gcm,
        aes_gcm_cleanup,
index 8c7e780..62b4dc6 100644 (file)
@@ -87,7 +87,7 @@ static const EVP_MD sha1_md=
        NID_sha1,
        NID_sha1WithRSAEncryption,
        SHA_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
        init,
        update,
        final,
@@ -124,7 +124,7 @@ static const EVP_MD sha224_md=
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
        init224,
        update256,
        final256,
@@ -143,7 +143,7 @@ static const EVP_MD sha256_md=
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
        init256,
        update256,
        final256,
@@ -174,7 +174,7 @@ static const EVP_MD sha384_md=
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
        init384,
        update512,
        final512,
@@ -193,7 +193,7 @@ static const EVP_MD sha512_md=
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS,
        init512,
        update512,
        final512,