FIPS mode EVP changes:

Set EVP_CIPH_FLAG_FIPS on approved ciphers. Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS code. Include some defines to redirect operations to a "tiny EVP" implementation in some FIPS source files. Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY API is used instead.
author: Dr. Stephen Henson <steve@openssl.org> 2011-01-26 15:25:33 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-01-26 15:25:33 +0000
commit: 7a4bd34a4f6d0c0745dd5710c0f4dba614e8dfac (patch)
tree: f7bf636ada3cb66b3e3b22f6ee37d49701f3f4a1 /crypto/evp/evp_lib.c
parent: 4ead4e5241bd08989f9d6305ff21f9da0614f955 (diff)
download: openssl-7a4bd34a4f6d0c0745dd5710c0f4dba614e8dfac.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 40951a04f0..138dd47c3d 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 
 	if (c->cipher->set_asn1_parameters != NULL)
 		ret=c->cipher->set_asn1_parameters(c,type);
+	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+		ret=EVP_CIPHER_set_asn1_iv(c, type);
 	else
 		ret=-1;
 	return(ret);
author	Dr. Stephen Henson <steve@openssl.org>	2011-01-26 15:25:33 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-01-26 15:25:33 +0000
commit	7a4bd34a4f6d0c0745dd5710c0f4dba614e8dfac (patch)
tree	f7bf636ada3cb66b3e3b22f6ee37d49701f3f4a1 /crypto/evp/evp_lib.c
parent	4ead4e5241bd08989f9d6305ff21f9da0614f955 (diff)
download	openssl-7a4bd34a4f6d0c0745dd5710c0f4dba614e8dfac.tar.gz