aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/t1_enc.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/t1_enc.c')
-rw-r--r--crypto/openssl/ssl/t1_enc.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index 271e247eea74..ac224ddfa181 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -115,6 +115,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
+#include <openssl/fips.h>
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len, unsigned char *seed, int seed_len,
@@ -177,8 +178,13 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
S2= &(sec[len]);
len+=(slen&1); /* add for odd, make longer */
-
+#ifdef OPENSSL_FIPS
+ FIPS_allow_md5(1);
+#endif
tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+#ifdef OPENSSL_FIPS
+ FIPS_allow_md5(0);
+#endif
tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
for (i=0; i<olen; i++)
@@ -656,7 +662,13 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+#ifdef OPENSSL_FIPS
+ FIPS_allow_md5(1);
+#endif
EVP_DigestFinal_ex(&ctx,out,&ret);
+#ifdef OPENSSL_FIPS
+ FIPS_allow_md5(0);
+#endif
EVP_MD_CTX_cleanup(&ctx);
return((int)ret);
}
@@ -675,7 +687,13 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+#ifdef OPENSSL_FIPS
+ FIPS_allow_md5(1);
+#endif
EVP_DigestFinal_ex(&ctx,q,&i);
+#ifdef OPENSSL_FIPS
+ FIPS_allow_md5(0);
+#endif
q+=i;
EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
EVP_DigestFinal_ex(&ctx,q,&i);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 05:09:08 +0000