Switch to FIPS implementation for CMAC.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-16 22:17:43 +00:00 · 2016-02-16 22:17:43 +00:00 · 866b282d1b
commit 866b282d1b
parent 24e6a0dba4
1 changed files with 8 additions and 0 deletions
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@ -160,6 +160,14 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
            EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
            return 0;
        }
+
+        /* Switch to FIPS cipher implementation if possible */
+        if (cipher != NULL) {
+            const EVP_CIPHER *fcipher;
+            fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
+            if (fcipher != NULL)
+                cipher = fcipher;
+        }
        /*
         * Other algorithm blocking will be done in FIPS_cmac_init, via
         * FIPS_cipherinit().