From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 16 Feb 2016 22:17:43 +0000 (+0000)
Subject: Switch to FIPS implementation for CMAC.
X-Git-Tag: OpenSSL_1_0_2g~30
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=866b282d1b288c2738318aac4360eba71b72d10f;p=oweals%2Fopenssl.git

Switch to FIPS implementation for CMAC.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---

diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index 774e6dc919..2954b6eb7d 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -160,6 +160,14 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
             EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
             return 0;
         }
+
+        /* Switch to FIPS cipher implementation if possible */
+        if (cipher != NULL) {
+            const EVP_CIPHER *fcipher;
+            fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
+            if (fcipher != NULL)
+                cipher = fcipher;
+        }
         /*
          * Other algorithm blocking will be done in FIPS_cmac_init, via
          * FIPS_cipherinit().