From: Dr. Stephen Henson Date: Sat, 12 Feb 2011 18:25:18 +0000 (+0000) Subject: Change FIPS source and utilities to use the "FIPS_" names directly X-Git-Tag: OpenSSL-fips-2_0-rc1~754 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=e47af46cd839c549fac2d9f8a2951c35c0113fbf Change FIPS source and utilities to use the "FIPS_" names directly instead of using regular OpenSSL API names. --- diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 8c5a0eeacd..119ddfad50 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -82,7 +82,7 @@ int FIPS_selftest_aes() int n; int ret = 0; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); for(n=0 ; n < 1 ; ++n) { @@ -95,7 +95,7 @@ int FIPS_selftest_aes() } ret = 1; err: - EVP_CIPHER_CTX_cleanup(&ctx); + FIPS_cipher_ctx_cleanup(&ctx); if (ret == 0) FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED); return ret; diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c index 1f302a59fc..c9e2ce3b94 100644 --- a/fips/aes/fips_aesavs.c +++ b/fips/aes/fips_aesavs.c @@ -213,14 +213,14 @@ static int AESTest(EVP_CIPHER_CTX *ctx, printf("Invalid key size: %d\n", akeysz); return 0; } - if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) + if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0) return 0; if(!strcasecmp(amode,"CFB1")) M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); if (dir) - EVP_Cipher(ctx, ciphertext, plaintext, len); + FIPS_cipher(ctx, ciphertext, plaintext, len); else - EVP_Cipher(ctx, plaintext, ciphertext, len); + FIPS_cipher(ctx, plaintext, ciphertext, len); return 1; } @@ -254,7 +254,7 @@ static int do_mct(char *amode, int i, j, n, n1, n2; int imode = 0, nkeysz = akeysz/8; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); if (len > 32) { @@ -310,12 +310,12 @@ static int do_mct(char *amode, { if (dir == XENCRYPT) { - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + FIPS_cipher(&ctx, ctext[j], ptext[j], len); memcpy(ptext[j+1], ctext[j], len); } else { - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + FIPS_cipher(&ctx, ptext[j], ctext[j], len); memcpy(ctext[j+1], ptext[j], len); } } @@ -338,12 +338,12 @@ static int do_mct(char *amode, { if (dir == XENCRYPT) { - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + FIPS_cipher(&ctx, ctext[j], ptext[j], len); memcpy(ptext[j+1], ctext[j-1], len); } else { - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + FIPS_cipher(&ctx, ptext[j], ctext[j], len); memcpy(ctext[j+1], ptext[j-1], len); } } @@ -359,9 +359,9 @@ static int do_mct(char *amode, else { if (dir == XENCRYPT) - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + FIPS_cipher(&ctx, ctext[j], ptext[j], len); else - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + FIPS_cipher(&ctx, ptext[j], ctext[j], len); } if (dir == XENCRYPT) { @@ -393,9 +393,9 @@ static int do_mct(char *amode, else { if (dir == XENCRYPT) - EVP_Cipher(&ctx, ctext[j], ptext[j], len); + FIPS_cipher(&ctx, ctext[j], ptext[j], len); else - EVP_Cipher(&ctx, ptext[j], ctext[j], len); + FIPS_cipher(&ctx, ptext[j], ctext[j], len); } if(dir == XENCRYPT) @@ -565,7 +565,7 @@ static int proc_file(char *rqfile, char *rspfile) unsigned char ciphertext[2048]; char *rp; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); if (!rqfile || !(*rqfile)) { diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c index e7bcad0dca..bd79404e01 100644 --- a/fips/aes/fips_gcmtest.c +++ b/fips/aes/fips_gcmtest.c @@ -87,7 +87,7 @@ static void gcmtest(int encrypt) unsigned char *ct = NULL, *pt = NULL; EVP_CIPHER_CTX ctx; const EVP_CIPHER *gcm; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); while(fgets(buf,sizeof buf,stdin) != NULL) { @@ -175,20 +175,20 @@ static void gcmtest(int encrypt) if (encrypt && pt && aad && (iv || encrypt==1)) { tag = OPENSSL_malloc(taglen); - EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 1); + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1); /* Relax FIPS constraints for testing */ M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); - EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); if (encrypt == 1) { static unsigned char iv_fixed[4] = {1,2,3,4}; if (!iv) iv = OPENSSL_malloc(ivlen); - EVP_CipherInit_ex(&ctx, NULL, NULL, key, NULL, 1); - EVP_CIPHER_CTX_ctrl(&ctx, + FIPS_cipherinit(&ctx, NULL, key, NULL, 1); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IV_FIXED, 4, iv_fixed); - if (!EVP_CIPHER_CTX_ctrl(&ctx, + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { fprintf(stderr, "IV gen error\n"); @@ -197,18 +197,18 @@ static void gcmtest(int encrypt) OutputValue("IV", iv, ivlen, stdout, 0); } else - EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 1); + FIPS_cipherinit(&ctx, NULL, key, iv, 1); if (aadlen) - EVP_Cipher(&ctx, NULL, aad, aadlen); + FIPS_cipher(&ctx, NULL, aad, aadlen); if (ptlen) { ct = OPENSSL_malloc(ptlen); - rv = EVP_Cipher(&ctx, ct, pt, ptlen); + rv = FIPS_cipher(&ctx, ct, pt, ptlen); } - EVP_Cipher(&ctx, NULL, NULL, 0); - EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, + FIPS_cipher(&ctx, NULL, NULL, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, taglen, tag); OutputValue("CT", ct, ptlen, stdout, 0); OutputValue("Tag", tag, taglen, stdout, 0); @@ -228,20 +228,20 @@ static void gcmtest(int encrypt) } if (!encrypt && tag) { - EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0); + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0); /* Relax FIPS constraints for testing */ M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); - EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); - EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0); - EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); + FIPS_cipherinit(&ctx, NULL, key, iv, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); if (aadlen) - EVP_Cipher(&ctx, NULL, aad, aadlen); + FIPS_cipher(&ctx, NULL, aad, aadlen); if (ptlen) { pt = OPENSSL_malloc(ptlen); - rv = EVP_Cipher(&ctx, pt, ct, ptlen); + rv = FIPS_cipher(&ctx, pt, ct, ptlen); } - rv = EVP_Cipher(&ctx, NULL, NULL, 0); + rv = FIPS_cipher(&ctx, NULL, NULL, 0); if (rv < 0) printf("FAIL\n"); else diff --git a/fips/des/fips_des_selftest.c b/fips/des/fips_des_selftest.c index d93d3b5558..7b7543b645 100644 --- a/fips/des/fips_des_selftest.c +++ b/fips/des/fips_des_selftest.c @@ -110,7 +110,7 @@ int FIPS_selftest_des() { int n, ret = 0; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); /* Encrypt/decrypt with 2-key 3DES and compare to known answers */ for(n=0 ; n < 2 ; ++n) { @@ -130,7 +130,7 @@ int FIPS_selftest_des() } ret = 1; err: - EVP_CIPHER_CTX_cleanup(&ctx); + FIPS_cipher_ctx_cleanup(&ctx); if (ret == 0) FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED); diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 2debcee29a..eab761ced9 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -122,11 +122,11 @@ static int DESTest(EVP_CIPHER_CTX *ctx, EXIT(1); } - if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) + if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0) return 0; if(!strcasecmp(amode,"CFB1")) M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); - EVP_Cipher(ctx, out, in, len); + FIPS_cipher(ctx, out, in, len); return 1; } @@ -184,7 +184,7 @@ static void do_mct(char *amode, int kp=akeysz/64; unsigned char old_iv[8]; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); fprintf(rfp,"\nCOUNT = %d\n",i); if(kp == 1) @@ -219,7 +219,7 @@ static void do_mct(char *amode, else { memcpy(old_iv,ctx.iv,8); - EVP_Cipher(&ctx,text,text,len); + FIPS_cipher(&ctx,text,text,len); } if(j == 9999) { @@ -282,7 +282,7 @@ static int proc_file(char *rqfile, char *rspfile) char *rp; EVP_CIPHER_CTX ctx; int numkeys=1; - EVP_CIPHER_CTX_init(&ctx); + FIPS_cipher_ctx_init(&ctx); if (!rqfile || !(*rqfile)) { diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c index bc338b5aee..2fbdad5d47 100644 --- a/fips/dsa/fips_dsa_selftest.c +++ b/fips/dsa/fips_dsa_selftest.c @@ -118,7 +118,7 @@ int FIPS_selftest_dsa() EVP_MD_CTX mctx; DSA_SIG *dsig = NULL; - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); dsa = FIPS_dsa_new(); @@ -134,17 +134,17 @@ int FIPS_selftest_dsa() DSA_generate_key(dsa); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto err; - if (!EVP_DigestUpdate(&mctx, str1, 20)) + if (!FIPS_digestupdate(&mctx, str1, 20)) goto err; dsig = FIPS_dsa_sign_ctx(dsa, &mctx); if (!dsig) goto err; - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto err; - if (!EVP_DigestUpdate(&mctx, str1, 20)) + if (!FIPS_digestupdate(&mctx, str1, 20)) goto err; if (FIPS_dsa_verify_ctx(dsa, &mctx, dsig) != 1) goto err; @@ -152,7 +152,7 @@ int FIPS_selftest_dsa() ret = 1; err: - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); if (dsa) FIPS_dsa_free(dsa); if (dsig) diff --git a/fips/dsa/fips_dsa_sign.c b/fips/dsa/fips_dsa_sign.c index 2875752e01..ab28cdf7d1 100644 --- a/fips/dsa/fips_dsa_sign.c +++ b/fips/dsa/fips_dsa_sign.c @@ -76,7 +76,7 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx) DSA_SIG *s; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; - EVP_DigestFinal_ex(ctx, dig, &dlen); + FIPS_digestfinal(ctx, dig, &dlen); s = dsa->meth->dsa_do_sign(dig,dlen,dsa); OPENSSL_cleanse(dig, dlen); return s; @@ -92,7 +92,7 @@ int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s) int ret=-1; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; - EVP_DigestFinal_ex(ctx, dig, &dlen); + FIPS_digestfinal(ctx, dig, &dlen); ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa); OPENSSL_cleanse(dig, dlen); return ret; diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c index 1bf6528962..9294286c75 100644 --- a/fips/dsa/fips_dsatest.c +++ b/fips/dsa/fips_dsatest.c @@ -156,7 +156,7 @@ int main(int argc, char **argv) BN_GENCB cb; EVP_MD_CTX mctx; BN_GENCB_set(&cb, dsa_cb, stderr); - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); fips_set_error_print(); if(!FIPS_mode_set(1)) @@ -212,17 +212,17 @@ int main(int argc, char **argv) } DSA_generate_key(dsa); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; - if (!EVP_DigestUpdate(&mctx, str1, 20)) + if (!FIPS_digestupdate(&mctx, str1, 20)) goto end; sig = FIPS_dsa_sign_ctx(dsa, &mctx); if (!sig) goto end; - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; - if (!EVP_DigestUpdate(&mctx, str1, 20)) + if (!FIPS_digestupdate(&mctx, str1, 20)) goto end; if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1) goto end; @@ -233,7 +233,7 @@ end: if (sig) DSA_SIG_free(sig); if (dsa != NULL) FIPS_dsa_free(dsa); - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); #if 0 CRYPTO_mem_leaks(bio_err); #endif diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index a3261af6c4..9ee0ccc95f 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -533,7 +533,7 @@ static void siggen() int n; EVP_MD_CTX mctx; DSA_SIG *sig; - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); n=hex2bin(value,msg); @@ -541,15 +541,15 @@ static void siggen() exit(1); pbn("Y",dsa->pub_key); - EVP_DigestInit_ex(&mctx, md, NULL); - EVP_DigestUpdate(&mctx, msg, n); + FIPS_digestinit(&mctx, md); + FIPS_digestupdate(&mctx, msg, n); sig = FIPS_dsa_sign_ctx(dsa, &mctx); pbn("R",sig->r); pbn("S",sig->s); putc('\n',stdout); DSA_SIG_free(sig); - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); } } if (dsa) @@ -606,15 +606,15 @@ static void sigver() { EVP_MD_CTX mctx; int r; - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); sig->s=hex2bn(value); - EVP_DigestInit_ex(&mctx, md, NULL); - EVP_DigestUpdate(&mctx, msg, n); + FIPS_digestinit(&mctx, md); + FIPS_digestupdate(&mctx, msg, n); no_err = 1; r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); no_err = 0; - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); printf("Result = %c\n", r == 1 ? 'P' : 'F'); putc('\n',stdout); diff --git a/fips/fips.c b/fips/fips.c index 6a88661a0c..3d745557fc 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -438,7 +438,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, unsigned int siglen; DSA_SIG *dsig = NULL; EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); if ((pkey->type == EVP_PKEY_RSA) && ((size_t)RSA_size(pkey->pkey.rsa) > sizeof(sigtmp))) @@ -454,9 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, if (tbslen == -1) tbslen = strlen((char *)tbs); - if (!EVP_DigestInit_ex(&mctx, digest, NULL)) + if (!FIPS_digestinit(&mctx, digest)) goto error; - if (!EVP_DigestUpdate(&mctx, tbs, tbslen)) + if (!FIPS_digestupdate(&mctx, tbs, tbslen)) goto error; if (pkey->type == EVP_PKEY_RSA) { @@ -478,9 +478,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen))) goto error; - if (!EVP_DigestInit_ex(&mctx, digest, NULL)) + if (!FIPS_digestinit(&mctx, digest)) goto error; - if (!EVP_DigestUpdate(&mctx, tbs, tbslen)) + if (!FIPS_digestupdate(&mctx, tbs, tbslen)) goto error; if (pkey->type == EVP_PKEY_RSA) { @@ -501,12 +501,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, DSA_SIG_free(dsig); if (sig != sigtmp) OPENSSL_free(sig); - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); if (ret != 1) { FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE); if (fail_str) - ERR_add_error_data(2, "Type=", fail_str); + FIPS_add_error_data(2, "Type=", fail_str); return 0; } return 1; @@ -526,14 +526,14 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); - if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0) + if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0) return 0; - EVP_Cipher(ctx, citmp, plaintext, len); + FIPS_cipher(ctx, citmp, plaintext, len); if (memcmp(citmp, ciphertext, len)) return 0; - if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0) + if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0) return 0; - EVP_Cipher(ctx, pltmp, citmp, len); + FIPS_cipher(ctx, pltmp, citmp, len); if (memcmp(pltmp, plaintext, len)) return 0; return 1; diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 6944dbca4a..a06c86260f 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -54,18 +54,18 @@ static int FIPS_aes_test(void) unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; unsigned char plaintext[16] = "etaonrishdlcu"; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0) + FIPS_cipher_ctx_init(&ctx); + if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0) goto err; - EVP_Cipher(&ctx, citmp, plaintext, 16); - if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0) + FIPS_cipher(&ctx, citmp, plaintext, 16); + if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0) goto err; - EVP_Cipher(&ctx, pltmp, citmp, 16); + FIPS_cipher(&ctx, pltmp, citmp, 16); if (memcmp(pltmp, plaintext, 16)) goto err; ret = 1; err: - EVP_CIPHER_CTX_cleanup(&ctx); + FIPS_cipher_ctx_cleanup(&ctx); return ret; } @@ -78,18 +78,18 @@ static int FIPS_des3_test(void) 19,20,21,22,23,24}; unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0) + FIPS_cipher_ctx_init(&ctx); + if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0) goto err; - EVP_Cipher(&ctx, citmp, plaintext, 8); - if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0) + FIPS_cipher(&ctx, citmp, plaintext, 8); + if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0) goto err; - EVP_Cipher(&ctx, pltmp, citmp, 8); + FIPS_cipher(&ctx, pltmp, citmp, 8); if (memcmp(pltmp, plaintext, 8)) goto err; ret = 1; err: - EVP_CIPHER_CTX_cleanup(&ctx); + FIPS_cipher_ctx_cleanup(&ctx); return ret; } @@ -105,7 +105,7 @@ static int FIPS_dsa_test(int bad) DSA_SIG *sig = NULL; ERR_clear_error(); - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); dsa = FIPS_dsa_new(); if (!dsa) goto end; @@ -116,23 +116,23 @@ static int FIPS_dsa_test(int bad) if (bad) BN_add_word(dsa->pub_key, 1); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; - if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1)) + if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; sig = FIPS_dsa_sign_ctx(dsa, &mctx); if (!sig) goto end; - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; - if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1)) + if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); end: if (sig) DSA_SIG_free(sig); - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); if (dsa) FIPS_dsa_free(dsa); if (r != 1) @@ -154,7 +154,7 @@ static int FIPS_rsa_test(int bad) int r = 0; ERR_clear_error(); - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); key = FIPS_rsa_new(); bn = BN_new(); if (!key || !bn) @@ -166,20 +166,20 @@ static int FIPS_rsa_test(int bad) if (bad) BN_add_word(key->n, 1); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; - if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) + if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen)) goto end; - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; - if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) + if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen); end: - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); if (key) FIPS_rsa_free(key); if (r != 1) @@ -199,7 +199,7 @@ static int FIPS_sha1_test() unsigned char md[SHA_DIGEST_LENGTH]; ERR_clear_error(); - if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0; + if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; @@ -218,7 +218,7 @@ static int FIPS_sha256_test() unsigned char md[SHA256_DIGEST_LENGTH]; ERR_clear_error(); - if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0; + if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; @@ -239,7 +239,7 @@ static int FIPS_sha512_test() unsigned char md[SHA512_DIGEST_LENGTH]; ERR_clear_error(); - if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0; + if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; diff --git a/fips/rsa/fips_rsa_sign.c b/fips/rsa/fips_rsa_sign.c index fc5c28d8a0..f54d890e73 100644 --- a/fips/rsa/fips_rsa_sign.c +++ b/fips/rsa/fips_rsa_sign.c @@ -197,7 +197,7 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx, { unsigned int md_len, rv; unsigned char md[EVP_MAX_MD_SIZE]; - EVP_DigestFinal_ex(ctx, md, &md_len); + FIPS_digestfinal(ctx, md, &md_len); rv = FIPS_rsa_sign_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx), rsa_pad_mode, saltlen, @@ -300,7 +300,7 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx, { unsigned int md_len, rv; unsigned char md[EVP_MAX_MD_SIZE]; - EVP_DigestFinal_ex(ctx, md, &md_len); + FIPS_digestfinal(ctx, md, &md_len); rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx), rsa_pad_mode, saltlen, mgf1Hash, sigbuf, siglen); diff --git a/fips/rsa/fips_rsastest.c b/fips/rsa/fips_rsastest.c index 9dff464a36..3f84c1c0b6 100644 --- a/fips/rsa/fips_rsastest.c +++ b/fips/rsa/fips_rsastest.c @@ -331,7 +331,7 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, if (!sigbuf) goto error; - EVP_MD_CTX_init(&ctx); + FIPS_md_ctx_init(&ctx); if (Saltlen >= 0) pad_mode = RSA_PKCS1_PSS_PADDING; @@ -340,15 +340,15 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, else pad_mode = RSA_PKCS1_PADDING; - if (!EVP_DigestInit_ex(&ctx, dgst, NULL)) + if (!FIPS_digestinit(&ctx, dgst)) goto error; - if (!EVP_DigestUpdate(&ctx, Msg, Msglen)) + if (!FIPS_digestupdate(&ctx, Msg, Msglen)) goto error; if (!FIPS_rsa_sign_ctx(rsa, &ctx, pad_mode, Saltlen, NULL, sigbuf, (unsigned int *)&siglen)) goto error; - EVP_MD_CTX_cleanup(&ctx); + FIPS_md_ctx_cleanup(&ctx); fputs("S = ", out); diff --git a/fips/rsa/fips_rsavtest.c b/fips/rsa/fips_rsavtest.c index 0971f15fc0..06ade8d04a 100644 --- a/fips/rsa/fips_rsavtest.c +++ b/fips/rsa/fips_rsavtest.c @@ -332,7 +332,7 @@ static int rsa_printver(FILE *out, if (!rsa_pubkey->n || !rsa_pubkey->e) goto error; - EVP_MD_CTX_init(&ctx); + FIPS_md_ctx_init(&ctx); if (Saltlen >= 0) pad_mode = RSA_PKCS1_PSS_PADDING; @@ -341,9 +341,9 @@ static int rsa_printver(FILE *out, else pad_mode = RSA_PKCS1_PADDING; - if (!EVP_DigestInit_ex(&ctx, dgst, NULL)) + if (!FIPS_digestinit(&ctx, dgst)) goto error; - if (!EVP_DigestUpdate(&ctx, Msg, Msglen)) + if (!FIPS_digestupdate(&ctx, Msg, Msglen)) goto error; no_err = 1; @@ -352,7 +352,7 @@ static int rsa_printver(FILE *out, no_err = 0; - EVP_MD_CTX_cleanup(&ctx); + FIPS_md_ctx_cleanup(&ctx); if (r < 0) goto error; diff --git a/fips/sha/fips_sha1_selftest.c b/fips/sha/fips_sha1_selftest.c index 4291617596..3a4b4315c5 100644 --- a/fips/sha/fips_sha1_selftest.c +++ b/fips/sha/fips_sha1_selftest.c @@ -86,7 +86,7 @@ int FIPS_selftest_sha1() { unsigned char md[SHA_DIGEST_LENGTH]; - EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL); + FIPS_digest(test[n],strlen(test[n]),md, NULL, EVP_sha1()); if(memcmp(md,ret[n],sizeof md)) { FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED); diff --git a/fips/sha/fips_shatest.c b/fips/sha/fips_shatest.c index 480b990fb8..9675518513 100644 --- a/fips/sha/fips_shatest.c +++ b/fips/sha/fips_shatest.c @@ -300,7 +300,7 @@ static int print_dgst(const EVP_MD *emd, FILE *out, { int i, mdlen; unsigned char md[EVP_MAX_MD_SIZE]; - if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) + if (!FIPS_digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd)) { fputs("Error calculating HASH\n", stderr); return 0; @@ -321,7 +321,7 @@ static int print_monte(const EVP_MD *md, FILE *out, unsigned char *m1, *m2, *m3, *p; unsigned int mlen, m1len, m2len, m3len; - EVP_MD_CTX_init(&ctx); + FIPS_md_ctx_init(&ctx); if (SeedLen > EVP_MAX_MD_SIZE) mlen = SeedLen; @@ -346,17 +346,17 @@ static int print_monte(const EVP_MD *md, FILE *out, { for (i = 0; i < 1000; i++) { - EVP_DigestInit_ex(&ctx, md, NULL); - EVP_DigestUpdate(&ctx, m1, m1len); - EVP_DigestUpdate(&ctx, m2, m2len); - EVP_DigestUpdate(&ctx, m3, m3len); + FIPS_digestinit(&ctx, md); + FIPS_digestupdate(&ctx, m1, m1len); + FIPS_digestupdate(&ctx, m2, m2len); + FIPS_digestupdate(&ctx, m3, m3len); p = m1; m1 = m2; m1len = m2len; m2 = m3; m2len = m3len; m3 = p; - EVP_DigestFinal_ex(&ctx, m3, &m3len); + FIPS_digestfinal(&ctx, m3, &m3len); } fprintf(out, "COUNT = %d\n", j); fputs("MD = ", out); @@ -378,7 +378,7 @@ static int print_monte(const EVP_MD *md, FILE *out, if (m3) OPENSSL_free(m3); - EVP_MD_CTX_cleanup(&ctx); + FIPS_md_ctx_cleanup(&ctx); return ret; } diff --git a/fips/utl/fips_md.c b/fips/utl/fips_md.c index d581df1180..19595dd390 100644 --- a/fips/utl/fips_md.c +++ b/fips/utl/fips_md.c @@ -208,7 +208,7 @@ void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx) /* This call frees resources associated with the context */ int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx) { - /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, + /* Don't assume ctx->md_data was cleaned in FIPS_digest_Final, * because sometimes only copies of the context are ever finalised. */ if (ctx->digest && ctx->digest->cleanup