... | ... |
@@ -151,6 +151,11 @@ unsigned char *cl_hash_data(char *alg, const void *buf, size_t len, unsigned cha |
151 | 151 |
return NULL; |
152 | 152 |
} |
153 | 153 |
|
154 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
155 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
156 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
157 |
+#endif |
|
158 |
+ |
|
154 | 159 |
if (!EVP_DigestInit_ex(ctx, md, NULL)) { |
155 | 160 |
if (!(obuf)) |
156 | 161 |
free(ret); |
... | ... |
@@ -212,6 +217,11 @@ unsigned char *cl_hash_file_fd(int fd, char *alg, unsigned int *olen) |
212 | 212 |
if (!(ctx)) |
213 | 213 |
return NULL; |
214 | 214 |
|
215 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
216 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
217 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
218 |
+#endif |
|
219 |
+ |
|
215 | 220 |
if (!EVP_DigestInit_ex(ctx, md, NULL)) { |
216 | 221 |
EVP_MD_CTX_destroy(ctx); |
217 | 222 |
return NULL; |
... | ... |
@@ -321,6 +331,11 @@ int cl_verify_signature_hash(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsi |
321 | 321 |
|
322 | 322 |
mdsz = EVP_MD_size(md); |
323 | 323 |
|
324 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
325 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
326 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
327 |
+#endif |
|
328 |
+ |
|
324 | 329 |
if (!EVP_VerifyInit_ex(ctx, md, NULL)) { |
325 | 330 |
EVP_MD_CTX_destroy(ctx); |
326 | 331 |
return -1; |
... | ... |
@@ -365,6 +380,11 @@ int cl_verify_signature_fd(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsign |
365 | 365 |
return -1; |
366 | 366 |
} |
367 | 367 |
|
368 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
369 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
370 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
371 |
+#endif |
|
372 |
+ |
|
368 | 373 |
if (!EVP_VerifyInit_ex(ctx, md, NULL)) { |
369 | 374 |
free(digest); |
370 | 375 |
EVP_MD_CTX_destroy(ctx); |
... | ... |
@@ -435,6 +455,11 @@ int cl_verify_signature(EVP_PKEY *pkey, char *alg, unsigned char *sig, unsigned |
435 | 435 |
return -1; |
436 | 436 |
} |
437 | 437 |
|
438 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
439 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
440 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
441 |
+#endif |
|
442 |
+ |
|
438 | 443 |
if (!EVP_VerifyInit_ex(ctx, md, NULL)) { |
439 | 444 |
free(digest); |
440 | 445 |
if (decode) |
... | ... |
@@ -643,6 +668,11 @@ unsigned char *cl_sign_data(EVP_PKEY *pkey, char *alg, unsigned char *hash, unsi |
643 | 643 |
return NULL; |
644 | 644 |
} |
645 | 645 |
|
646 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
647 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
648 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
649 |
+#endif |
|
650 |
+ |
|
646 | 651 |
if (!EVP_SignInit_ex(ctx, md, NULL)) { |
647 | 652 |
free(sig); |
648 | 653 |
EVP_MD_CTX_destroy(ctx); |
... | ... |
@@ -1078,6 +1108,11 @@ void *cl_hash_init(const char *alg) |
1078 | 1078 |
return NULL; |
1079 | 1079 |
} |
1080 | 1080 |
|
1081 |
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW |
|
1082 |
+ /* we will be using MD5, which is not allowed under FIPS */ |
|
1083 |
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
|
1084 |
+#endif |
|
1085 |
+ |
|
1081 | 1086 |
if (!EVP_DigestInit_ex(ctx, md, NULL)) { |
1082 | 1087 |
EVP_MD_CTX_destroy(ctx); |
1083 | 1088 |
return NULL; |