Switch to FIPS implementation for CMAC.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 16 Feb 2016 22:17:43 +0000 (22:17 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 16 Feb 2016 22:52:59 +0000 (22:52 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 16 Feb 2016 22:17:43 +0000 (22:17 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 16 Feb 2016 22:52:59 +0000 (22:52 +0000)
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c

index 774e6dc919050dc46d668cebf5514ca14a39f1e3..2954b6eb7dcfeb00dca266948c03605373389a18 100644 (file)
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -160,6 +160,14 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
              EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
              return 0;
          }
+
+        /* Switch to FIPS cipher implementation if possible */
+        if (cipher != NULL) {
+            const EVP_CIPHER *fcipher;
+            fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
+            if (fcipher != NULL)
+                cipher = fcipher;
+        }
          /*
           * Other algorithm blocking will be done in FIPS_cmac_init, via
           * FIPS_cipherinit().
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 16 Feb 2016 22:17:43 +0000 (22:17 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 16 Feb 2016 22:52:59 +0000 (22:52 +0000)