Only call FIPS_update, FIPS_final in FIPS mode. (6ec73ea2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/evp/digest.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -241,10 +241,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX ctx, const EVP_MD type, ENGINE *impl)
		int EVP_DigestUpdate(EVP_MD_CTX ctx, const void data, size_t count)
		{
		#ifdef OPENSSL_FIPS
		if (FIPS_mode())
		return FIPS_digestupdate(ctx, data, count);
		#else
		return ctx->update(ctx, data, count);
		#endif
		return ctx->update(ctx, data, count);
		}

		/* The caller can assume that this removes any secret data from the context */
		@@ -259,10 +259,11 @@ int EVP_DigestFinal(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
		/* The caller can assume that this removes any secret data from the context */
		int EVP_DigestFinal_ex(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
		{
		int ret;
		#ifdef OPENSSL_FIPS
		if (FIPS_mode())
		return FIPS_digestfinal(ctx, md, size);
		#else
		int ret;
		#endif

		OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
		ret = ctx->digest->final(ctx, md);
		@@ -274,7 +275,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX ctx, unsigned char md, unsigned int *size)
		}
		memset(ctx->md_data, 0, ctx->digest->ctx_size);
		return ret;
		#endif
		}

		int EVP_MD_CTX_copy(EVP_MD_CTX out, const EVP_MD_CTX in)