diff options
Diffstat (limited to 'src/lib/libcrypto/hmac/hmac.c')
| -rw-r--r-- | src/lib/libcrypto/hmac/hmac.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 6c110bd52b..06ee80761f 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c | |||
| @@ -61,8 +61,6 @@ | |||
| 61 | #include <openssl/hmac.h> | 61 | #include <openssl/hmac.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | 63 | ||
| 64 | #ifndef OPENSSL_FIPS | ||
| 65 | |||
| 66 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | 64 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, |
| 67 | const EVP_MD *md, ENGINE *impl) | 65 | const EVP_MD *md, ENGINE *impl) |
| 68 | { | 66 | { |
| @@ -79,6 +77,15 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | |||
| 79 | 77 | ||
| 80 | if (key != NULL) | 78 | if (key != NULL) |
| 81 | { | 79 | { |
| 80 | #ifdef OPENSSL_FIPS | ||
| 81 | if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS) | ||
| 82 | && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) | ||
| 83 | || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) | ||
| 84 | || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) | ||
| 85 | OpenSSLDie(__FILE__,__LINE__, | ||
| 86 | "HMAC: digest not allowed in FIPS mode"); | ||
| 87 | #endif | ||
| 88 | |||
| 82 | reset=1; | 89 | reset=1; |
| 83 | j=EVP_MD_block_size(md); | 90 | j=EVP_MD_block_size(md); |
| 84 | OPENSSL_assert(j <= sizeof ctx->key); | 91 | OPENSSL_assert(j <= sizeof ctx->key); |
| @@ -180,4 +187,3 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) | |||
| 180 | EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); | 187 | EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); |
| 181 | } | 188 | } |
| 182 | 189 | ||
| 183 | #endif | ||