From 7a4bd34a4f6d0c0745dd5710c0f4dba614e8dfac Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 26 Jan 2011 15:25:33 +0000 Subject: FIPS mode EVP changes: Set EVP_CIPH_FLAG_FIPS on approved ciphers. Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS code. Include some defines to redirect operations to a "tiny EVP" implementation in some FIPS source files. Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY API is used instead. --- crypto/evp/evp_lib.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto/evp/evp_lib.c') diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 40951a04f0..138dd47c3d 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret=EVP_CIPHER_set_asn1_iv(c, type); else ret=-1; return(ret); -- cgit v1.2.3