EVP_enc_null() and the FIPS provider

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I cannot find any documentation to confirm this but my testing seems to indicate that the null cipher returned by EVP_enc_null() does not work with the FIPS provider. Specifically:

#include <stdio.h>
#include <openssl/evp.h>

int
main(int argc, char **argv)
{
    int rc;
    EVP_CIPHER_CTX *ctx;
    unsigned char iv[1] = {0};

    ctx = EVP_CIPHER_CTX_new();
    if (ctx == NULL) {
        fprintf(stderr, "EVP_CIPHER_CTX_new() failed\n");
        exit(1);
    }

    rc = EVP_CipherInit(ctx, EVP_enc_null(), NULL, iv, 1);
    printf("EVP_CipherInit() = %d\n", rc);

    exit(rc);
}

EVP_CipherInit() returns 1 with the default provider but 0 with the FIPS+base providers. This is a behavior change from OpenSSL 1.0.2 and the FIPS Object Module where the null cipher still works after calling FIPS_mode_set(1); Is this change intentional? If so, is it documented somewhere and I just missed it?


Thanks,
Tom.III

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux