Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c2fd5989
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
8 个月 前同步成功
通知
8
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
c2fd5989
编写于
5月 11, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
上级
5024b79f
变更
19
隐藏空白更改
内联
并排
Showing
19 changed file
with
43 addition
and
38 deletion
+43
-38
CHANGES
CHANGES
+5
-0
crypto/bn/bn_rand.c
crypto/bn/bn_rand.c
+1
-1
crypto/dh/dh_gen.c
crypto/dh/dh_gen.c
+1
-1
crypto/dh/dh_key.c
crypto/dh/dh_key.c
+2
-2
crypto/dsa/dsa_gen.c
crypto/dsa/dsa_gen.c
+2
-2
crypto/dsa/dsa_key.c
crypto/dsa/dsa_key.c
+1
-1
crypto/dsa/dsa_ossl.c
crypto/dsa/dsa_ossl.c
+2
-2
crypto/ec/ec_key.c
crypto/ec/ec_key.c
+1
-1
crypto/evp/e_aes.c
crypto/evp/e_aes.c
+2
-2
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_eay.c
+4
-4
crypto/rsa/rsa_gen.c
crypto/rsa/rsa_gen.c
+2
-2
crypto/rsa/rsa_x931g.c
crypto/rsa/rsa_x931g.c
+1
-1
fips/fips.c
fips/fips.c
+3
-3
fips/fips.h
fips/fips.h
+2
-2
fips/fips_test_suite.c
fips/fips_test_suite.c
+3
-3
fips/fips_utl.h
fips/fips_utl.h
+1
-1
fips/rand/fips_rand_lib.c
fips/rand/fips_rand_lib.c
+7
-7
fips/utl/fips_enc.c
fips/utl/fips_enc.c
+2
-2
fips/utl/fips_md.c
fips/utl/fips_md.c
+1
-1
未找到文件。
CHANGES
浏览文件 @
c2fd5989
...
...
@@ -4,6 +4,11 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted
outside the validated module in the FIPS capable OpenSSL.
[Steve Henson]
*) Initial TLS v1.2 client support. Add a default signature algorithms
extension including all the algorithms we support. Parse new signature
format in client key exchange. Relax some ECC signing restrictions for
...
...
crypto/bn/bn_rand.c
浏览文件 @
c2fd5989
...
...
@@ -252,7 +252,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
* generated. So we just use the second case which is equivalent to
* "Generation by Testing Candidates" mentioned in B.1.2 et al.
*/
else
if
(
!
FIPS_mode
()
&&
!
BN_is_bit_set
(
range
,
n
-
2
)
&&
!
BN_is_bit_set
(
range
,
n
-
3
))
else
if
(
!
FIPS_mod
ule_mod
e
()
&&
!
BN_is_bit_set
(
range
,
n
-
2
)
&&
!
BN_is_bit_set
(
range
,
n
-
3
))
#else
else
if
(
!
BN_is_bit_set
(
range
,
n
-
2
)
&&
!
BN_is_bit_set
(
range
,
n
-
3
))
#endif
...
...
crypto/dh/dh_gen.c
浏览文件 @
c2fd5989
...
...
@@ -118,7 +118,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB
return
0
;
}
if
(
FIPS_mode
()
&&
(
prime_len
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mod
ule_mod
e
()
&&
(
prime_len
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
{
DHerr
(
DH_F_DH_BUILTIN_GENPARAMS
,
DH_R_KEY_SIZE_TOO_SMALL
);
goto
err
;
...
...
crypto/dh/dh_key.c
浏览文件 @
c2fd5989
...
...
@@ -128,7 +128,7 @@ static int generate_key(DH *dh)
BIGNUM
*
pub_key
=
NULL
,
*
priv_key
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
dh
->
p
)
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mod
ule_mod
e
()
&&
(
BN_num_bits
(
dh
->
p
)
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
{
DHerr
(
DH_F_GENERATE_KEY
,
DH_R_KEY_SIZE_TOO_SMALL
);
return
0
;
...
...
@@ -227,7 +227,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
}
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
(
BN_num_bits
(
dh
->
p
)
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
if
(
FIPS_mod
ule_mod
e
()
&&
(
BN_num_bits
(
dh
->
p
)
<
OPENSSL_DH_FIPS_MIN_MODULUS_BITS
))
{
DHerr
(
DH_F_COMPUTE_KEY
,
DH_R_KEY_SIZE_TOO_SMALL
);
goto
err
;
...
...
crypto/dsa/dsa_gen.c
浏览文件 @
c2fd5989
...
...
@@ -141,7 +141,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto
err
;
}
if
(
FIPS_mode
()
&&
!
(
ret
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
ret
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
&&
(
bits
<
OPENSSL_DSA_FIPS_MIN_MODULUS_BITS
))
{
DSAerr
(
DSA_F_DSA_BUILTIN_PARAMGEN
,
DSA_R_KEY_SIZE_TOO_SMALL
);
...
...
@@ -412,7 +412,7 @@ static int dsa2_valid_parameters(size_t L, size_t N)
int
fips_check_dsa_prng
(
DSA
*
dsa
,
size_t
L
,
size_t
N
)
{
int
strength
;
if
(
!
FIPS_mode
())
if
(
!
FIPS_mod
ule_mod
e
())
return
1
;
if
(
dsa
->
flags
&
(
DSA_FLAG_NON_FIPS_ALLOW
|
DSA_FLAG_FIPS_CHECKED
))
...
...
crypto/dsa/dsa_key.c
浏览文件 @
c2fd5989
...
...
@@ -106,7 +106,7 @@ static int dsa_builtin_keygen(DSA *dsa)
BIGNUM
*
pub_key
=
NULL
,
*
priv_key
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
!
(
dsa
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
dsa
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
dsa
->
p
)
<
OPENSSL_DSA_FIPS_MIN_MODULUS_BITS
))
{
DSAerr
(
DSA_F_DSA_BUILTIN_KEYGEN
,
DSA_R_KEY_SIZE_TOO_SMALL
);
...
...
crypto/dsa/dsa_ossl.c
浏览文件 @
c2fd5989
...
...
@@ -150,7 +150,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
return
NULL
;
}
if
(
FIPS_mode
()
&&
!
(
dsa
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
dsa
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
dsa
->
p
)
<
OPENSSL_DSA_FIPS_MIN_MODULUS_BITS
))
{
DSAerr
(
DSA_F_DSA_DO_SIGN
,
DSA_R_KEY_SIZE_TOO_SMALL
);
...
...
@@ -353,7 +353,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
return
-
1
;
}
if
(
FIPS_mode
()
&&
!
(
dsa
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
dsa
->
flags
&
DSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
dsa
->
p
)
<
OPENSSL_DSA_FIPS_MIN_MODULUS_BITS
))
{
DSAerr
(
DSA_F_DSA_DO_VERIFY
,
DSA_R_KEY_SIZE_TOO_SMALL
);
...
...
crypto/ec/ec_key.c
浏览文件 @
c2fd5989
...
...
@@ -260,7 +260,7 @@ static int fips_check_ec(EC_KEY *key)
int
fips_check_ec_prng
(
EC_KEY
*
ec
)
{
int
bits
,
strength
;
if
(
!
FIPS_mode
())
if
(
!
FIPS_mod
ule_mod
e
())
return
1
;
if
(
ec
->
flags
&
(
EC_FLAG_NON_FIPS_ALLOW
|
EC_FLAG_FIPS_CHECKED
))
...
...
crypto/evp/e_aes.c
浏览文件 @
c2fd5989
...
...
@@ -247,7 +247,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if
(
arg
<=
0
)
return
0
;
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
!
(
c
->
flags
&
EVP_CIPH_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
c
->
flags
&
EVP_CIPH_FLAG_NON_FIPS_ALLOW
)
&&
arg
<
12
)
return
0
;
#endif
...
...
@@ -519,7 +519,7 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out,
return
-
1
;
#ifdef OPENSSL_FIPS
/* Requirement of SP800-38E */
if
(
FIPS_mode
()
&&
!
(
ctx
->
flags
&
EVP_CIPH_FLAG_NON_FIPS_ALLOW
)
&&
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
ctx
->
flags
&
EVP_CIPH_FLAG_NON_FIPS_ALLOW
)
&&
(
len
>
(
1L
<<
20
)
*
16
))
{
EVPerr
(
EVP_F_AES_XTS
,
EVP_R_TOO_LARGE
);
...
...
crypto/rsa/rsa_eay.c
浏览文件 @
c2fd5989
...
...
@@ -170,7 +170,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_ENCRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
...
...
@@ -382,7 +382,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PRIVATE_ENCRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
...
...
@@ -530,7 +530,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PRIVATE_DECRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
...
...
@@ -674,7 +674,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
goto
err
;
}
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_DECRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
...
...
crypto/rsa/rsa_gen.c
浏览文件 @
c2fd5989
...
...
@@ -82,7 +82,7 @@
int
fips_check_rsa_prng
(
RSA
*
rsa
,
int
bits
)
{
int
strength
;
if
(
!
FIPS_mode
())
if
(
!
FIPS_mod
ule_mod
e
())
return
1
;
if
(
rsa
->
flags
&
(
RSA_FLAG_NON_FIPS_ALLOW
|
RSA_FLAG_CHECKED
))
...
...
@@ -205,7 +205,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
return
0
;
}
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
bits
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
FIPSerr
(
FIPS_F_RSA_BUILTIN_KEYGEN
,
FIPS_R_KEY_TOO_SHORT
);
...
...
crypto/rsa/rsa_x931g.c
浏览文件 @
c2fd5989
...
...
@@ -210,7 +210,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
BN_CTX
*
ctx
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
bits
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
FIPSerr
(
FIPS_F_RSA_X931_GENERATE_KEY_EX
,
FIPS_R_KEY_TOO_SHORT
);
...
...
fips/fips.c
浏览文件 @
c2fd5989
...
...
@@ -96,7 +96,7 @@ static void fips_set_mode(int onoff)
}
}
int
FIPS_mode
(
void
)
int
FIPS_mod
ule_mod
e
(
void
)
{
int
ret
=
0
;
int
owning_thread
=
fips_is_owning_thread
();
...
...
@@ -237,7 +237,7 @@ int FIPS_check_incore_fingerprint(void)
return
rv
;
}
int
FIPS_mode_set
(
int
onoff
)
int
FIPS_mod
ule_mod
e_set
(
int
onoff
)
{
int
fips_set_owning_thread
();
int
fips_clear_owning_thread
();
...
...
@@ -254,7 +254,7 @@ int FIPS_mode_set(int onoff)
/* Don't go into FIPS mode twice, just so we can do automagic
seeding */
if
(
FIPS_mode
())
if
(
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_MODE_SET
,
FIPS_R_FIPS_MODE_ALREADY_SET
);
fips_selftest_fail
=
1
;
...
...
fips/fips.h
浏览文件 @
c2fd5989
...
...
@@ -67,8 +67,8 @@ struct env_md_st;
struct
evp_cipher_st
;
struct
evp_cipher_ctx_st
;
int
FIPS_mode_set
(
int
onoff
);
int
FIPS_mode
(
void
);
int
FIPS_mod
ule_mod
e_set
(
int
onoff
);
int
FIPS_mod
ule_mod
e
(
void
);
const
void
*
FIPS_rand_check
(
void
);
int
FIPS_selftest
(
void
);
int
FIPS_selftest_failed
(
void
);
...
...
fips/fips_test_suite.c
浏览文件 @
c2fd5989
...
...
@@ -945,7 +945,7 @@ int main(int argc,char **argv)
}
if
(
!
no_exit
)
{
fips_algtest_init_nofips
();
if
(
!
FIPS_mode_set
(
1
))
{
if
(
!
FIPS_mod
ule_mod
e_set
(
1
))
{
printf
(
"Power-up self test failed
\n
"
);
exit
(
1
);
}
...
...
@@ -964,8 +964,8 @@ int main(int argc,char **argv)
/* Power-up self test
*/
ERR_clear_error
();
test_msg
(
"2. Automatic power-up self test"
,
FIPS_mode_set
(
1
));
if
(
!
FIPS_mode
())
test_msg
(
"2. Automatic power-up self test"
,
FIPS_mod
ule_mod
e_set
(
1
));
if
(
!
FIPS_mod
ule_mod
e
())
exit
(
1
);
if
(
do_drbg_stick
)
FIPS_drbg_stick
();
...
...
fips/fips_utl.h
浏览文件 @
c2fd5989
...
...
@@ -136,7 +136,7 @@ void do_entropy_stick(void)
void
fips_algtest_init
(
void
)
{
fips_algtest_init_nofips
();
if
(
!
FIPS_mode_set
(
1
))
if
(
!
FIPS_mod
ule_mod
e_set
(
1
))
{
fprintf
(
stderr
,
"Error entering FIPS mode
\n
"
);
exit
(
1
);
...
...
fips/rand/fips_rand_lib.c
浏览文件 @
c2fd5989
...
...
@@ -72,7 +72,7 @@ int FIPS_rand_set_method(const RAND_METHOD *meth)
else
fips_approved_rand_meth
=
0
;
if
(
!
fips_approved_rand_meth
&&
FIPS_mode
())
if
(
!
fips_approved_rand_meth
&&
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_RAND_SET_METHOD
,
FIPS_R_NON_FIPS_METHOD
);
return
0
;
...
...
@@ -83,7 +83,7 @@ int FIPS_rand_set_method(const RAND_METHOD *meth)
void
FIPS_rand_seed
(
const
void
*
buf
,
int
num
)
{
if
(
!
fips_approved_rand_meth
&&
FIPS_mode
())
if
(
!
fips_approved_rand_meth
&&
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_RAND_SEED
,
FIPS_R_NON_FIPS_METHOD
);
return
;
...
...
@@ -94,7 +94,7 @@ void FIPS_rand_seed(const void *buf, int num)
void
FIPS_rand_add
(
const
void
*
buf
,
int
num
,
double
entropy
)
{
if
(
!
fips_approved_rand_meth
&&
FIPS_mode
())
if
(
!
fips_approved_rand_meth
&&
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_RAND_ADD
,
FIPS_R_NON_FIPS_METHOD
);
return
;
...
...
@@ -105,7 +105,7 @@ void FIPS_rand_add(const void *buf, int num, double entropy)
int
FIPS_rand_bytes
(
unsigned
char
*
buf
,
int
num
)
{
if
(
!
fips_approved_rand_meth
&&
FIPS_mode
())
if
(
!
fips_approved_rand_meth
&&
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_RAND_BYTES
,
FIPS_R_NON_FIPS_METHOD
);
return
0
;
...
...
@@ -117,7 +117,7 @@ int FIPS_rand_bytes(unsigned char *buf, int num)
int
FIPS_rand_pseudo_bytes
(
unsigned
char
*
buf
,
int
num
)
{
if
(
!
fips_approved_rand_meth
&&
FIPS_mode
())
if
(
!
fips_approved_rand_meth
&&
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_RAND_PSEUDO_BYTES
,
FIPS_R_NON_FIPS_METHOD
);
return
0
;
...
...
@@ -129,7 +129,7 @@ int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
int
FIPS_rand_status
(
void
)
{
if
(
!
fips_approved_rand_meth
&&
FIPS_mode
())
if
(
!
fips_approved_rand_meth
&&
FIPS_mod
ule_mod
e
())
{
FIPSerr
(
FIPS_F_FIPS_RAND_STATUS
,
FIPS_R_NON_FIPS_METHOD
);
return
0
;
...
...
@@ -153,7 +153,7 @@ int FIPS_rand_strength(void)
return
80
;
else
if
(
fips_approved_rand_meth
==
0
)
{
if
(
FIPS_mode
())
if
(
FIPS_mod
ule_mod
e
())
return
0
;
else
return
256
;
...
...
fips/utl/fips_enc.c
浏览文件 @
c2fd5989
...
...
@@ -136,7 +136,7 @@ int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
if
(
cipher
)
{
/* Only FIPS ciphers allowed */
if
(
FIPS_mode
()
&&
!
(
cipher
->
flags
&
EVP_CIPH_FLAG_FIPS
)
&&
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
cipher
->
flags
&
EVP_CIPH_FLAG_FIPS
)
&&
!
(
ctx
->
flags
&
EVP_CIPH_FLAG_NON_FIPS_ALLOW
))
{
EVPerr
(
EVP_F_FIPS_CIPHERINIT
,
EVP_R_DISABLED_FOR_FIPS
);
...
...
@@ -288,7 +288,7 @@ int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
}
/* Only FIPS ciphers allowed */
if
(
FIPS_mode
()
&&
!
(
in
->
cipher
->
flags
&
EVP_CIPH_FLAG_FIPS
)
&&
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
in
->
cipher
->
flags
&
EVP_CIPH_FLAG_FIPS
)
&&
!
(
out
->
flags
&
EVP_CIPH_FLAG_NON_FIPS_ALLOW
))
{
EVPerr
(
EVP_F_FIPS_CIPHER_CTX_COPY
,
EVP_R_DISABLED_FOR_FIPS
);
...
...
fips/utl/fips_md.c
浏览文件 @
c2fd5989
...
...
@@ -173,7 +173,7 @@ int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type)
ctx
->
digest
=
&
bad_md
;
return
0
;
}
if
(
FIPS_mode
()
&&
!
(
type
->
flags
&
EVP_MD_FLAG_FIPS
)
&&
if
(
FIPS_mod
ule_mod
e
()
&&
!
(
type
->
flags
&
EVP_MD_FLAG_FIPS
)
&&
!
(
ctx
->
flags
&
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
))
{
EVPerr
(
EVP_F_FIPS_DIGESTINIT
,
EVP_R_DISABLED_FOR_FIPS
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录