summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cmac/cmac.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/cmac/cmac.c39
1 files changed, 2 insertions, 37 deletions
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c
index 8b72b09681..f92a7bb143 100644
--- a/src/lib/libcrypto/cmac/cmac.c
+++ b/src/lib/libcrypto/cmac/cmac.c
@@ -57,10 +57,6 @@
57#include "cryptlib.h" 57#include "cryptlib.h"
58#include <openssl/cmac.h> 58#include <openssl/cmac.h>
59 59
60#ifdef OPENSSL_FIPS
61#include <openssl/fips.h>
62#endif
63
64struct CMAC_CTX_st 60struct CMAC_CTX_st
65 { 61 {
66 /* Cipher context to use */ 62 /* Cipher context to use */
@@ -107,13 +103,6 @@ CMAC_CTX *CMAC_CTX_new(void)
107 103
108void CMAC_CTX_cleanup(CMAC_CTX *ctx) 104void CMAC_CTX_cleanup(CMAC_CTX *ctx)
109 { 105 {
110#ifdef OPENSSL_FIPS
111 if (FIPS_mode() && !ctx->cctx.engine)
112 {
113 FIPS_cmac_ctx_cleanup(ctx);
114 return;
115 }
116#endif
117 EVP_CIPHER_CTX_cleanup(&ctx->cctx); 106 EVP_CIPHER_CTX_cleanup(&ctx->cctx);
118 OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); 107 OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
119 OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); 108 OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
@@ -153,24 +142,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
153 const EVP_CIPHER *cipher, ENGINE *impl) 142 const EVP_CIPHER *cipher, ENGINE *impl)
154 { 143 {
155 static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; 144 static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
156#ifdef OPENSSL_FIPS
157 if (FIPS_mode())
158 {
159 /* If we have an ENGINE need to allow non FIPS */
160 if ((impl || ctx->cctx.engine)
161 && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
162
163 {
164 EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
165 return 0;
166 }
167 /* Other algorithm blocking will be done in FIPS_cmac_init,
168 * via FIPS_cipherinit().
169 */
170 if (!impl && !ctx->cctx.engine)
171 return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
172 }
173#endif
174 /* All zeros means restart */ 145 /* All zeros means restart */
175 if (!key && !cipher && !impl && keylen == 0) 146 if (!key && !cipher && !impl && keylen == 0)
176 { 147 {
@@ -216,10 +187,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
216 { 187 {
217 const unsigned char *data = in; 188 const unsigned char *data = in;
218 size_t bl; 189 size_t bl;
219#ifdef OPENSSL_FIPS 190
220 if (FIPS_mode() && !ctx->cctx.engine)
221 return FIPS_cmac_update(ctx, in, dlen);
222#endif
223 if (ctx->nlast_block == -1) 191 if (ctx->nlast_block == -1)
224 return 0; 192 return 0;
225 if (dlen == 0) 193 if (dlen == 0)
@@ -261,10 +229,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
261int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) 229int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
262 { 230 {
263 int i, bl, lb; 231 int i, bl, lb;
264#ifdef OPENSSL_FIPS 232
265 if (FIPS_mode() && !ctx->cctx.engine)
266 return FIPS_cmac_final(ctx, out, poutlen);
267#endif
268 if (ctx->nlast_block == -1) 233 if (ctx->nlast_block == -1)
269 return 0; 234 return 0;
270 bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); 235 bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);