diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libcrypto/cmac/cmac.c | 39 |
1 files changed, 2 insertions, 37 deletions
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c index 8b72b09681..f92a7bb143 100644 --- a/src/lib/libcrypto/cmac/cmac.c +++ b/src/lib/libcrypto/cmac/cmac.c | |||
@@ -57,10 +57,6 @@ | |||
57 | #include "cryptlib.h" | 57 | #include "cryptlib.h" |
58 | #include <openssl/cmac.h> | 58 | #include <openssl/cmac.h> |
59 | 59 | ||
60 | #ifdef OPENSSL_FIPS | ||
61 | #include <openssl/fips.h> | ||
62 | #endif | ||
63 | |||
64 | struct CMAC_CTX_st | 60 | struct CMAC_CTX_st |
65 | { | 61 | { |
66 | /* Cipher context to use */ | 62 | /* Cipher context to use */ |
@@ -107,13 +103,6 @@ CMAC_CTX *CMAC_CTX_new(void) | |||
107 | 103 | ||
108 | void CMAC_CTX_cleanup(CMAC_CTX *ctx) | 104 | void CMAC_CTX_cleanup(CMAC_CTX *ctx) |
109 | { | 105 | { |
110 | #ifdef OPENSSL_FIPS | ||
111 | if (FIPS_mode() && !ctx->cctx.engine) | ||
112 | { | ||
113 | FIPS_cmac_ctx_cleanup(ctx); | ||
114 | return; | ||
115 | } | ||
116 | #endif | ||
117 | EVP_CIPHER_CTX_cleanup(&ctx->cctx); | 106 | EVP_CIPHER_CTX_cleanup(&ctx->cctx); |
118 | OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); | 107 | OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); |
119 | OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); | 108 | OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); |
@@ -153,24 +142,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, | |||
153 | const EVP_CIPHER *cipher, ENGINE *impl) | 142 | const EVP_CIPHER *cipher, ENGINE *impl) |
154 | { | 143 | { |
155 | static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; | 144 | static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; |
156 | #ifdef OPENSSL_FIPS | ||
157 | if (FIPS_mode()) | ||
158 | { | ||
159 | /* If we have an ENGINE need to allow non FIPS */ | ||
160 | if ((impl || ctx->cctx.engine) | ||
161 | && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) | ||
162 | |||
163 | { | ||
164 | EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); | ||
165 | return 0; | ||
166 | } | ||
167 | /* Other algorithm blocking will be done in FIPS_cmac_init, | ||
168 | * via FIPS_cipherinit(). | ||
169 | */ | ||
170 | if (!impl && !ctx->cctx.engine) | ||
171 | return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); | ||
172 | } | ||
173 | #endif | ||
174 | /* All zeros means restart */ | 145 | /* All zeros means restart */ |
175 | if (!key && !cipher && !impl && keylen == 0) | 146 | if (!key && !cipher && !impl && keylen == 0) |
176 | { | 147 | { |
@@ -216,10 +187,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) | |||
216 | { | 187 | { |
217 | const unsigned char *data = in; | 188 | const unsigned char *data = in; |
218 | size_t bl; | 189 | size_t bl; |
219 | #ifdef OPENSSL_FIPS | 190 | |
220 | if (FIPS_mode() && !ctx->cctx.engine) | ||
221 | return FIPS_cmac_update(ctx, in, dlen); | ||
222 | #endif | ||
223 | if (ctx->nlast_block == -1) | 191 | if (ctx->nlast_block == -1) |
224 | return 0; | 192 | return 0; |
225 | if (dlen == 0) | 193 | if (dlen == 0) |
@@ -261,10 +229,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) | |||
261 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) | 229 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) |
262 | { | 230 | { |
263 | int i, bl, lb; | 231 | int i, bl, lb; |
264 | #ifdef OPENSSL_FIPS | 232 | |
265 | if (FIPS_mode() && !ctx->cctx.engine) | ||
266 | return FIPS_cmac_final(ctx, out, poutlen); | ||
267 | #endif | ||
268 | if (ctx->nlast_block == -1) | 233 | if (ctx->nlast_block == -1) |
269 | return 0; | 234 | return 0; |
270 | bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); | 235 | bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); |