Add additional FIPS digests.

[openssl.git] / crypto / evp / evp_lib.c

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index c5509a9fb92fbc1fc3bf375a26195aaa49fae0c0..d548ad1d31b17cdf0bfa9f4e745e72ec93f1db9f 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -62,6 +62,7 @@
 #include <openssl/objects.h>
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #include <openssl/objects.h>
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>

+#include "evp_locl.h"

 #endif
 
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 #endif
 
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)


@@ -298,11 +299,27 @@ int EVP_MD_size(const EVP_MD *md)
        return md->md_size;
        }
 
        return md->md_size;
        }
 

+#ifdef OPENSSL_FIPS
+
+const EVP_MD *evp_get_fips_md(const EVP_MD *md)
+       {
+       int nid = EVP_MD_type(md);
+       if (nid == NID_dsa)
+               return FIPS_evp_dss1();
+       else if (nid == NID_dsaWithSHA)
+               return FIPS_evp_dss();
+       else if (nid == NID_ecdsa_with_SHA1)
+               return FIPS_evp_ecdsa();
+       else
+               return FIPS_get_digestbynid(nid);
+       }
+#endif
+

 unsigned long EVP_MD_flags(const EVP_MD *md)
        {
 #ifdef OPENSSL_FIPS
        const EVP_MD *fmd;
 unsigned long EVP_MD_flags(const EVP_MD *md)
        {
 #ifdef OPENSSL_FIPS
        const EVP_MD *fmd;

-       fmd = FIPS_get_digestbynid(EVP_MD_type(md));
+       fmd = evp_get_fips_md(md);

        if (fmd && fmd->flags & EVP_MD_FLAG_FIPS)
                return md->flags | EVP_MD_FLAG_FIPS;
 #endif
        if (fmd && fmd->flags & EVP_MD_FLAG_FIPS)
                return md->flags | EVP_MD_FLAG_FIPS;
 #endif