forked from rpms/openssl
6cdaa527d8
Related: rhbz#2026445
53 lines
1.9 KiB
Diff
53 lines
1.9 KiB
Diff
diff -up openssl-3.0.0/providers/implementations/macs/hmac_prov.c.sha1hmac openssl-3.0.0/providers/implementations/macs/hmac_prov.c
|
|
--- openssl-3.0.0/providers/implementations/macs/hmac_prov.c.sha1hmac 2022-01-13 12:11:19.547755685 +0100
|
|
+++ openssl-3.0.0/providers/implementations/macs/hmac_prov.c 2022-01-13 12:49:50.538432459 +0100
|
|
@@ -14,6 +14,7 @@
|
|
#include "internal/deprecated.h"
|
|
|
|
#include <string.h>
|
|
+#include <strings.h>
|
|
|
|
#include <openssl/core_dispatch.h>
|
|
#include <openssl/core_names.h>
|
|
@@ -305,13 +306,40 @@ static int hmac_set_ctx_params(void *vma
|
|
struct hmac_data_st *macctx = vmacctx;
|
|
OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(macctx->provctx);
|
|
const OSSL_PARAM *p;
|
|
+#ifdef FIPS_MODULE
|
|
+ const OSSL_PARAM *pdgst;
|
|
+#endif
|
|
int flags = 0;
|
|
|
|
if (params == NULL)
|
|
return 1;
|
|
|
|
+#ifdef FIPS_MODULE
|
|
+ /* Red Hat removes fips=yes property from SHA1, but it's still
|
|
+ * included in FIPS provider and we want HMAC working with it */
|
|
+ pdgst = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
|
|
+ if (pdgst != NULL) {
|
|
+ const char *dgstname;
|
|
+
|
|
+ if (pdgst->data_type != OSSL_PARAM_UTF8_STRING)
|
|
+ return 0;
|
|
+ dgstname = pdgst->data;
|
|
+ if (dgstname != NULL) {
|
|
+ if ((strncasecmp("SHA1", dgstname, 4) == 0)
|
|
+ || (strncasecmp("SHA-1", dgstname, 5) == 0)) {
|
|
+ if (ossl_prov_digest_fetch(&macctx->digest, ctx,
|
|
+ "SHA1", "provider=fips,-fips") == NULL)
|
|
+ return 0;
|
|
+ } else {
|
|
+ if (!ossl_prov_digest_load_from_params(&macctx->digest, params, ctx))
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+#else
|
|
if (!ossl_prov_digest_load_from_params(&macctx->digest, params, ctx))
|
|
return 0;
|
|
+#endif
|
|
|
|
if (!set_flag(params, OSSL_MAC_PARAM_DIGEST_NOINIT, EVP_MD_CTX_FLAG_NO_INIT,
|
|
&flags))
|