#ifdef OPENSSL_FIPS
if (FIPS_mode())
+ {
+ const EVP_CIPHER *fcipher;
+ if (cipher)
+ fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher));
+ if (fcipher)
+ cipher = fcipher;
return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+ }
#endif
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
ctx->cipher_data = NULL;
}
ctx->key_len = cipher->key_len;
- ctx->flags = 0;
+ /* Preserve wrap enable flag, zero everything else */
+ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
{
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
|| ctx->cipher->block_size == 8
|| ctx->cipher->block_size == 16);
+ if(!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
+ && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE)
+ {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
+ return 0;
+ }
+
if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch(EVP_CIPHER_CTX_mode(ctx)) {
break;
}
}
+
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
projects / oweals / openssl.git / blobdiff