|
 |
5820f5 |
Add flag EVP_CIPH_FLAG_LENGTH_BITS to indicate that input buffer length
|
|
|
5820f5 |
is in bits not bytes. The Monte Carlo FIPS140-2 CFB1 tests require this.
|
|
|
5820f5 |
[Steve Henson]
|
|
|
5820f5 |
|
|
|
5820f5 |
openssl/crypto/evp/evp.h 1.112.2.4.2.8 -> 1.112.2.4.2.9
|
|
|
5820f5 |
|
|
|
5820f5 |
--- openssl/crypto/evp/evp.h 2007/12/14 01:15:44 1.112.2.4.2.8
|
|
|
5820f5 |
+++ openssl/crypto/evp/evp.h 2007/12/26 19:04:57 1.112.2.4.2.9
|
|
|
5820f5 |
@@ -378,6 +378,8 @@
|
|
|
5820f5 |
#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
|
|
|
5820f5 |
/* Allow use default ASN1 get/set iv */
|
|
|
5820f5 |
#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
|
|
|
5820f5 |
+/* Buffer length in bits not bytes: CFB1 mode only */
|
|
|
5820f5 |
+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
|
|
|
5820f5 |
|
|
|
5820f5 |
/* ctrl() values */
|
|
|
5820f5 |
|
|
|
5820f5 |
@@ -470,6 +472,7 @@
|
|
|
5820f5 |
#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
|
|
|
5820f5 |
#define M_EVP_MD_CTX_md(e) ((e)->digest)
|
|
|
5820f5 |
|
|
|
5820f5 |
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
|
|
|
5820f5 |
|
|
|
5820f5 |
int EVP_MD_type(const EVP_MD *md);
|
|
|
5820f5 |
#define EVP_MD_nid(e) EVP_MD_type(e)
|
|
|
5820f5 |
|
|
|
5820f5 |
openssl/crypto/evp/evp_locl.h 1.10.2.1.2.3 -> 1.10.2.1.2.4
|
|
|
5820f5 |
|
|
|
5820f5 |
--- openssl/crypto/evp/evp_locl.h 2007/07/08 19:20:48 1.10.2.1.2.3
|
|
|
5820f5 |
+++ openssl/crypto/evp/evp_locl.h 2007/12/26 19:04:57 1.10.2.1.2.4
|
|
|
5820f5 |
@@ -92,7 +92,7 @@
|
|
|
5820f5 |
#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
|
|
|
5820f5 |
static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
|
|
|
5820f5 |
{\
|
|
|
5820f5 |
- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
|
|
|
5820f5 |
+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
|
|
|
5820f5 |
return 1;\
|
|
|
5820f5 |
}
|
|
|
5820f5 |
|
|
|
5820f5 |
|
|
|
5820f5 |
openssl/fips/aes/fips_aesavs.c 1.1.4.3 -> 1.1.4.4
|
|
|
5820f5 |
|
|
|
5820f5 |
--- openssl/fips/aes/fips_aesavs.c 2007/09/21 18:00:23 1.1.4.3
|
|
|
5820f5 |
+++ openssl/fips/aes/fips_aesavs.c 2007/12/26 19:04:58 1.1.4.4
|
|
|
5820f5 |
@@ -212,6 +212,8 @@
|
|
|
5820f5 |
}
|
|
|
5820f5 |
if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
|
|
|
5820f5 |
return 0;
|
|
|
5820f5 |
+ if(!strcasecmp(amode,"CFB1"))
|
|
|
5820f5 |
+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
|
|
|
5820f5 |
if (dir)
|
|
|
5820f5 |
EVP_Cipher(ctx, ciphertext, plaintext, len);
|
|
|
5820f5 |
else
|
|
|
5820f5 |
@@ -377,9 +379,11 @@
|
|
|
5820f5 |
case CFB1:
|
|
|
5820f5 |
if(j == 0)
|
|
|
5820f5 |
{
|
|
|
5820f5 |
+#if 0
|
|
|
5820f5 |
/* compensate for wrong endianness of input file */
|
|
|
5820f5 |
if(i == 0)
|
|
|
5820f5 |
ptext[0][0]<<=7;
|
|
|
5820f5 |
+#endif
|
|
|
5820f5 |
ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
|
|
|
5820f5 |
ptext[j], ctext[j], len);
|
|
|
5820f5 |
}
|