diff options
author | jkim <jkim@FreeBSD.org> | 2015-10-30 20:51:33 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2015-10-30 20:51:33 +0000 |
commit | 6b741bee156148072e0e9588e7c9f4a9d66d1ab9 (patch) | |
tree | e8d8b5ada49f5cdbf70d1e455c13f2625fdcdd45 /crypto/openssl/crypto/hmac | |
parent | 979d5cd34dadfb0b78c606ecca3ec8d3a6ca245f (diff) | |
parent | 64cb0c902e312216cdc4c826fc0be9ba9e1bf4da (diff) | |
download | FreeBSD-src-6b741bee156148072e0e9588e7c9f4a9d66d1ab9.zip FreeBSD-src-6b741bee156148072e0e9588e7c9f4a9d66d1ab9.tar.gz |
Merge OpenSSL 1.0.2d.
Diffstat (limited to 'crypto/openssl/crypto/hmac')
-rw-r--r-- | crypto/openssl/crypto/hmac/hm_ameth.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/hmac/hmac.c | 10 | ||||
-rw-r--r-- | crypto/openssl/crypto/hmac/hmactest.c | 3 |
3 files changed, 14 insertions, 1 deletions
diff --git a/crypto/openssl/crypto/hmac/hm_ameth.c b/crypto/openssl/crypto/hmac/hm_ameth.c index 641c797..29b2b5d 100644 --- a/crypto/openssl/crypto/hmac/hm_ameth.c +++ b/crypto/openssl/crypto/hmac/hm_ameth.c @@ -87,7 +87,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 1; default: diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c index 33d88be..51a0a3e 100644 --- a/crypto/openssl/crypto/hmac/hmac.c +++ b/crypto/openssl/crypto/hmac/hmac.c @@ -72,6 +72,16 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, unsigned char pad[HMAC_MAX_MD_CBLOCK]; #ifdef OPENSSL_FIPS + /* If FIPS mode switch to approved implementation if possible */ + if (FIPS_mode()) { + const EVP_MD *fipsmd; + if (md) { + fipsmd = FIPS_get_digestbynid(EVP_MD_type(md)); + if (fipsmd) + md = fipsmd; + } + } + if (FIPS_mode()) { /* If we have an ENGINE need to allow non FIPS */ if ((impl || ctx->i_ctx.engine) diff --git a/crypto/openssl/crypto/hmac/hmactest.c b/crypto/openssl/crypto/hmac/hmactest.c index 271d0eb..5a57395 100644 --- a/crypto/openssl/crypto/hmac/hmactest.c +++ b/crypto/openssl/crypto/hmac/hmactest.c @@ -195,6 +195,7 @@ int main(int argc, char *argv[]) } printf("test 4 ok\n"); test5: + HMAC_CTX_cleanup(&ctx); HMAC_CTX_init(&ctx); if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD (test 5)\n"); @@ -284,6 +285,7 @@ test5: printf("test 5 ok\n"); } test6: + HMAC_CTX_cleanup(&ctx); HMAC_CTX_init(&ctx); if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 6)\n"); @@ -314,6 +316,7 @@ test6: printf("test 6 ok\n"); } end: + HMAC_CTX_cleanup(&ctx); EXIT(err); return (0); } |