{
const EVP_CIPHER *fcipher;
if (cipher)
- fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher));
+ fcipher = evp_get_fips_cipher(cipher);
if (fcipher)
cipher = fcipher;
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
+
+ /*
+ * The following assumes that the ciphertext has been authenticated.
+ * Otherwise it provides a padding oracle.
+ */
n=ctx->final[b-1];
if (n == 0 || n > (int)b)
{
return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
return 1;
}
-