diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-05-09 00:06:02 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-05-09 02:10:28 +0100 |
commit | 6ec73ea2f59d2f587185017b49b0357cfd25df2f (patch) | |
tree | 02640259050d27cb697d0dedadbceed694e95214 | |
parent | 0377ad3974acabf15f7585df4383717c96285455 (diff) | |
download | openssl-6ec73ea2f59d2f587185017b49b0357cfd25df2f.tar.gz |
Only call FIPS_update, FIPS_final in FIPS mode.
RT#3826
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 2b4825d0bb6057e44717007a54797df72babdb7e)
-rw-r--r-- | crypto/evp/digest.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 32167b294d..5d419effec 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -241,10 +241,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { #ifdef OPENSSL_FIPS - return FIPS_digestupdate(ctx, data, count); -#else - return ctx->update(ctx, data, count); + if (FIPS_mode()) + return FIPS_digestupdate(ctx, data, count); #endif + return ctx->update(ctx, data, count); } /* The caller can assume that this removes any secret data from the context */ @@ -259,10 +259,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { -#ifdef OPENSSL_FIPS - return FIPS_digestfinal(ctx, md, size); -#else int ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_digestfinal(ctx, md, size); +#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); @@ -274,7 +275,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) } memset(ctx->md_data, 0, ctx->digest->ctx_size); return ret; -#endif } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) |