1 files changed, 27 insertions, 1 deletions

diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 982ba2b136..467e6b5ae9 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -117,6 +117,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
         {
         memset(ctx,'\0',sizeof *ctx);
@@ -225,12 +229,26 @@ skip_to_init:
                 }
         if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                 return 1;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode())
+                {
+                if (FIPS_digestinit(ctx, type))
+                        return 1;
+                OPENSSL_free(ctx->md_data);
+                ctx->md_data = NULL;
+                return 0;
+                }
+#endif
         return ctx->digest->init(ctx);
         }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
         {
+#ifdef OPENSSL_FIPS
+        return FIPS_digestupdate(ctx, data, count);
+#else
         return ctx->update(ctx,data,count);
+#endif
         }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -245,8 +263,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         {
+#ifdef OPENSSL_FIPS
+        return FIPS_digestfinal(ctx, md, size);
+#else
         int ret;
-
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
@@ -258,6 +278,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                 }
         memset(ctx->md_data,0,ctx->digest->ctx_size);
         return ret;
+#endif
         }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -351,6 +372,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         {
+#ifndef OPENSSL_FIPS
         /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
          * because sometimes only copies of the context are ever finalised.
          */
@@ -363,6 +385,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                 OPENSSL_free(ctx->md_data);
                 }
+#endif
         if (ctx->pctx)
                 EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -371,6 +394,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                  * functional reference we held for this reason. */
                 ENGINE_finish(ctx->engine);
 #endif
+#ifdef OPENSSL_FIPS
+        FIPS_md_ctx_cleanup(ctx);
+#endif
         memset(ctx,'\0',sizeof *ctx);
 
         return 1;