[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Dr. Stephen Henson steve at openssl.org
Mon May 9 01:11:01 UTC 2016 

The branch OpenSSL_1_0_1-stable has been updated
       via  6ec73ea2f59d2f587185017b49b0357cfd25df2f (commit)
      from  0377ad3974acabf15f7585df4383717c96285455 (commit)


- Log -----------------------------------------------------------------
commit 6ec73ea2f59d2f587185017b49b0357cfd25df2f
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Mon May 9 00:06:02 2016 +0100

    Only call FIPS_update, FIPS_final in FIPS mode.
    
    RT#3826
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 2b4825d0bb6057e44717007a54797df72babdb7e)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/digest.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 32167b2..5d419ef 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -241,10 +241,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
 #ifdef OPENSSL_FIPS
-    return FIPS_digestupdate(ctx, data, count);
-#else
-    return ctx->update(ctx, data, count);
+    if (FIPS_mode())
+        return FIPS_digestupdate(ctx, data, count);
 #endif
+    return ctx->update(ctx, data, count);
 }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -259,10 +259,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 {
-#ifdef OPENSSL_FIPS
-    return FIPS_digestfinal(ctx, md, size);
-#else
     int ret;
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        return FIPS_digestfinal(ctx, md, size);
+#endif
 
     OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
     ret = ctx->digest->final(ctx, md);
@@ -274,7 +275,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
     }
     memset(ctx->md_data, 0, ctx->digest->ctx_size);
     return ret;
-#endif
 }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)

More information about the openssl-commits mailing list