From 3956bfce60ed573b71c0d30a21735496a730d930 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 2 Mar 2014 13:34:40 +0000 Subject: [PATCH] Make null cipher work in FIPS mode. --- crypto/evp/evp_enc.c | 2 +- crypto/evp/evp_lib.c | 11 ++++++++++- crypto/evp/evp_locl.h | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 177fe43ac6..84a3f864da 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -174,7 +174,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp { const EVP_CIPHER *fcipher; if (cipher) - fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher)); + fcipher = evp_get_fips_cipher(cipher); if (fcipher) cipher = fcipher; return FIPS_cipherinit(ctx, cipher, key, iv, enc); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index d548ad1d31..cf8a0c9a4b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -218,7 +218,7 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { #ifdef OPENSSL_FIPS const EVP_CIPHER *fcipher; - fcipher = FIPS_get_cipherbynid(EVP_CIPHER_type(cipher)); + fcipher = evp_get_fips_cipher(cipher); if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) return cipher->flags | EVP_CIPH_FLAG_FIPS; #endif @@ -313,6 +313,15 @@ const EVP_MD *evp_get_fips_md(const EVP_MD *md) else return FIPS_get_digestbynid(nid); } + +const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) + { + if (cipher->nid == NID_undef) + return FIPS_evp_enc_null(); + else + return FIPS_get_cipherbynid(EVP_CIPHER_type(cipher)); + } + #endif unsigned long EVP_MD_flags(const EVP_MD *md) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index f4a943a716..ca0d4558c9 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -349,6 +349,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, const EVP_CIPHER *c, const EVP_MD *md, int en_de); const EVP_MD *evp_get_fips_md(const EVP_MD *md); +const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher); #ifdef OPENSSL_FIPS -- 2.25.1