]> granicus.if.org Git - openssl/commitdiff
PR: 2840
authorDr. Stephen Henson <steve@openssl.org>
Tue, 3 Jul 2012 20:20:11 +0000 (20:20 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 3 Jul 2012 20:20:11 +0000 (20:20 +0000)
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.

crypto/conf/conf_mall.c
crypto/evp/Makefile
crypto/evp/evp.h
crypto/evp/evp_err.c
ssl/t1_lib.c
util/libeay.num

index c6f4cb2d55be18b6211d91929e224b4c183dea46..213890e0c28fd59042ad94679ba22324da284784 100644 (file)
@@ -76,5 +76,6 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_add_conf_module();
 #endif
+       EVP_add_alg_module();
        }
 
index 24b5c25cf493709122dd0e0c16393342764322f7..f3b88d2abd6ae528971ee310c0fbe61fe0276d8d 100644 (file)
@@ -18,7 +18,7 @@ TESTDATA=evptests.txt
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
        e_rc4.c e_aes.c names.c e_seed.c \
        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
@@ -31,7 +31,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
        e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
-LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
        e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
        e_rc4.o e_aes.o names.o e_seed.o \
        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
index adbdef88bc0d037ec16251675211484447e2b55a..65e7f4c032b389ee658e77ce20b5e652cd7d7a57 100644 (file)
@@ -1243,6 +1243,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
        int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                        const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1257,6 +1259,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_AES_INIT_KEY                              133
 #define EVP_F_AES_XTS                                   172
 #define EVP_F_AES_XTS_CIPHER                            175
+#define EVP_F_ALG_MODULE_INIT                           177
 #define EVP_F_CAMELLIA_INIT_KEY                                 159
 #define EVP_F_CMAC_INIT                                         173
 #define EVP_F_D2I_PKEY                                  100
@@ -1350,15 +1353,19 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_PARAMETERS                      153
 #define EVP_R_DISABLED_FOR_FIPS                                 163
 #define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_ERROR_LOADING_SECTION                     165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                   166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
 #define EVP_R_EXPECTING_AN_RSA_KEY                      127
 #define EVP_R_EXPECTING_A_DH_KEY                        128
 #define EVP_R_EXPECTING_A_DSA_KEY                       129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                     141
 #define EVP_R_EXPECTING_A_EC_KEY                        142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                   167
 #define EVP_R_INITIALIZATION_ERROR                      134
 #define EVP_R_INPUT_NOT_INITIALIZED                     111
 #define EVP_R_INVALID_DIGEST                            152
+#define EVP_R_INVALID_FIPS_MODE                                 168
 #define EVP_R_INVALID_KEY_LENGTH                        130
 #define EVP_R_INVALID_OPERATION                                 148
 #define EVP_R_IV_TOO_LARGE                              102
@@ -1383,6 +1390,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_TOO_LARGE                                         164
 #define EVP_R_UNKNOWN_CIPHER                            160
 #define EVP_R_UNKNOWN_DIGEST                            161
+#define EVP_R_UNKNOWN_OPTION                            169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS               135
 #define EVP_R_UNSUPPORTED_ALGORITHM                     156
index db0f76d59bcd8d034e0e9c91b3445e6add0a4391..ee60f63bf0146fba1f0a3728a41e5c5f5376ede6 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2012 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -75,6 +75,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_XTS),      "AES_XTS"},
 {ERR_FUNC(EVP_F_AES_XTS_CIPHER),       "AES_XTS_CIPHER"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),      "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),    "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_CMAC_INIT),    "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),     "D2I_PKEY"},
@@ -171,15 +172,19 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -204,6 +209,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
index 48877031165fbe7114bca132f0967599e2131fa3..48b2c42e4a11752d7f050af1d27670c39005b0d2 100644 (file)
@@ -872,7 +872,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
                skip_ext:
 
-       if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+       if (TLS1_get_client_version(s) >= TLS1_2_VERSION && 0)
                {
                if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
                        return NULL; 
index 8cd5d5670c06c4975748e34efeed0a55e47b2098..526755e8dce4746e140abfed156d5c8fb8325c57 100755 (executable)
@@ -3687,7 +3687,7 @@ FIPS_dh_new                             4073      NOEXIST::FUNCTION:
 FIPS_corrupt_dsa_keygen                 4074   NOEXIST::FUNCTION:
 FIPS_dh_free                            4075   NOEXIST::FUNCTION:
 fips_pkey_signature_test                4076   NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077   NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077   EXIST::FUNCTION:
 int_RAND_init_engine_callbacks          4078   NOEXIST::FUNCTION:
 int_EVP_CIPHER_set_engine_callbacks     4079   NOEXIST::FUNCTION:
 int_EVP_MD_init_engine_callbacks        4080   NOEXIST::FUNCTION: