The branch OpenSSL_1_0_1-stable has been updated via 6ec73ea2f59d2f587185017b49b0357cfd25df2f (commit) from 0377ad3974acabf15f7585df4383717c96285455 (commit)
- Log ----------------------------------------------------------------- commit 6ec73ea2f59d2f587185017b49b0357cfd25df2f Author: Dr. Stephen Henson <st...@openssl.org> Date: Mon May 9 00:06:02 2016 +0100 Only call FIPS_update, FIPS_final in FIPS mode. RT#3826 Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit 2b4825d0bb6057e44717007a54797df72babdb7e) ----------------------------------------------------------------------- Summary of changes: crypto/evp/digest.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 32167b2..5d419ef 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -241,10 +241,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { #ifdef OPENSSL_FIPS - return FIPS_digestupdate(ctx, data, count); -#else - return ctx->update(ctx, data, count); + if (FIPS_mode()) + return FIPS_digestupdate(ctx, data, count); #endif + return ctx->update(ctx, data, count); } /* The caller can assume that this removes any secret data from the context */ @@ -259,10 +259,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { -#ifdef OPENSSL_FIPS - return FIPS_digestfinal(ctx, md, size); -#else int ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_digestfinal(ctx, md, size); +#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); @@ -274,7 +275,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) } memset(ctx->md_data, 0, ctx->digest->ctx_size); return ret; -#endif } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits