X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=crypto%2Fevp%2Fdigest.c;h=87317572fe621b4e6ae13207c572dff5cd3419af;hb=ff64ab32aef676020abb1097c2ca17cef106b9de;hp=467e6b5ae9cf930775fd8e21c192294a5f2cfab7;hpb=293c58c1e7bbeecea2b9a3ba81876034b8820073;p=openssl.git

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 467e6b5ae9..87317572fe 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -145,6 +145,19 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 	{
 	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifdef OPENSSL_FIPS
+	/* If FIPS mode switch to approved implementation if possible */
+	if (FIPS_mode())
+		{
+		const EVP_MD *fipsmd;
+		if (type)
+			{
+			fipsmd = FIPS_get_digestbynid(EVP_MD_type(type));
+			if (fipsmd)
+				type = fipsmd;
+			}
+		}
+#endif
 #ifndef OPENSSL_NO_ENGINE
 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
 	 * so this context may already have an ENGINE! Try to avoid releasing
@@ -267,6 +280,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	return FIPS_digestfinal(ctx, md, size);
 #else
 	int ret;
+
 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
 	ret=ctx->digest->final(ctx,md);
 	if (size != NULL)
@@ -365,8 +379,11 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 	{
-	EVP_MD_CTX_cleanup(ctx);
-	OPENSSL_free(ctx);
+	if (ctx)
+		{
+		EVP_MD_CTX_cleanup(ctx);
+		OPENSSL_free(ctx);
+		}
 	}
 
 /* This call frees resources associated with the context */