From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 18 Apr 2012 22:41:50 +0000 (+0000)
Subject: only call FIPS_cipherinit in FIPS mode
X-Git-Tag: OpenSSL_1_0_1a~4
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=143619ccf6c46f3909223627eb84b488c271ff5a;p=oweals%2Fopenssl.git

only call FIPS_cipherinit in FIPS mode
---

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 691072655b..8835d9a6ed 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -170,7 +170,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #endif
 
 #ifdef OPENSSL_FIPS
-		return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+		if (FIPS_mode())
+			return FIPS_cipherinit(ctx, cipher, key, iv, enc);
 #else
 		ctx->cipher=cipher;
 		if (ctx->cipher->ctx_size)
@@ -207,7 +208,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 skip_to_init:
 #endif
 #ifdef OPENSSL_FIPS
-	return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+	if (FIPS_mode())
+		return FIPS_cipherinit(ctx, cipher, key, iv, enc);
 #else
 	/* we assume block size is a power of 2 in *cryptUpdate */
 	OPENSSL_assert(ctx->cipher->block_size == 1