Make null cipher work in FIPS mode.

author Dr. Stephen Henson <steve@openssl.org>

Sun, 2 Mar 2014 13:34:40 +0000 (13:34 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 2 Mar 2014 13:50:06 +0000 (13:50 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 2 Mar 2014 13:34:40 +0000 (13:34 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 2 Mar 2014 13:50:06 +0000 (13:50 +0000)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c

index 177fe43ac6da6b3dc164fd892f2b6b7489f4ea00..84a3f864daba2e8f8f779014a4ee40446f66ec12 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -174,7 +174,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                         {
                         const EVP_CIPHER *fcipher;
                         if (cipher)
-                               fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher));
+                               fcipher = evp_get_fips_cipher(cipher);
                         if (fcipher)
                                 cipher = fcipher;
                         return FIPS_cipherinit(ctx, cipher, key, iv, enc);
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c

index d548ad1d31b17cdf0bfa9f4e745e72ec93f1db9f..cf8a0c9a4b473e3547192d6ed27073cf9184ad1b 100644 (file)
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -218,7 +218,7 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
         {
  #ifdef OPENSSL_FIPS
         const EVP_CIPHER *fcipher;
-       fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher));
+       fcipher = evp_get_fips_cipher(cipher);
         if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS)
                 return cipher->flags | EVP_CIPH_FLAG_FIPS;
  #endif
@@ -313,6 +313,15 @@ const EVP_MD *evp_get_fips_md(const EVP_MD *md)
         else
                 return FIPS_get_digestbynid(nid);
         }
+
+const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher)
+       {
+       if (cipher->nid == NID_undef)
+               return FIPS_evp_enc_null();
+       else
+               return FIPS_get_cipherbynid(EVP_CIPHER_type(cipher));
+       }
+
  #endif
  
  unsigned long EVP_MD_flags(const EVP_MD *md)
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h

index f4a943a71601c42e776d1e561dc1f367bb993f17..ca0d4558c908f99121c1ea0b26f6758861fe808a 100644 (file)
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -349,6 +349,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                              const EVP_CIPHER *c, const EVP_MD *md, int en_de);
  
  const EVP_MD *evp_get_fips_md(const EVP_MD *md);
+const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher);
  
  #ifdef OPENSSL_FIPS
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 2 Mar 2014 13:34:40 +0000 (13:34 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 2 Mar 2014 13:50:06 +0000 (13:50 +0000)
crypto/evp/evp_enc.c		patch \| blob \| history
crypto/evp/evp_lib.c		patch \| blob \| history
crypto/evp/evp_locl.h		patch \| blob \| history