<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
I cannot find any documentation to confirm this but my testing seems
to indicate that the null cipher returned by EVP_enc_null() does not
work with the FIPS provider. Specifically:<br>
<br>
<blockquote><font face="monospace">#include <stdio.h></font><br>
<font face="monospace">#include <openssl/evp.h></font><br>
<br>
<font face="monospace">int</font><br>
<font face="monospace">main(int argc, char **argv)</font><br>
<font face="monospace">{</font><br>
<font face="monospace"> int rc;</font><br>
<font face="monospace"> EVP_CIPHER_CTX *ctx;</font><br>
<font face="monospace"> unsigned char iv[1] = {0};</font><br>
<br>
<font face="monospace"> ctx = EVP_CIPHER_CTX_new();</font><br>
<font face="monospace"> if (ctx == NULL) {</font><br>
<font face="monospace"> fprintf(stderr,
"EVP_CIPHER_CTX_new() failed\n");</font><br>
<font face="monospace"> exit(1);</font><br>
<font face="monospace"> }</font><br>
<br>
<font face="monospace"> rc = EVP_CipherInit(ctx,
EVP_enc_null(), NULL, iv, 1);</font><br>
<font face="monospace"> printf("EVP_CipherInit() = %d\n", rc);</font><br>
<br>
<font face="monospace"> exit(rc);</font><br>
<font face="monospace">}</font><br>
</blockquote>
<br>
EVP_CipherInit() returns 1 with the default provider but 0 with the
FIPS+base providers. This is a behavior change from OpenSSL 1.0.2
and the FIPS Object Module where the null cipher still works after
calling FIPS_mode_set(1); Is this change intentional? If so, is it
documented somewhere and I just missed it?<br>
<br>
<br>
Thanks,<br>
Tom.III<br>
<br>
</body>
</html>