mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
6ce58488bd
We had some FIPS global variables that were based on values from the config file. In theory if two instances of the fips module are loaded they could be based on different config files which would cause this to fail. Instead we store them in the FIPS_GLOBAL structure. Fixes #14364 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14814)
42 lines
1.2 KiB
C
42 lines
1.2 KiB
C
/*
|
|
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "internal/deprecated.h"
|
|
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/dsa.h>
|
|
#include <openssl/dh.h>
|
|
#include <openssl/ec.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/proverr.h>
|
|
#include <openssl/core_names.h>
|
|
#include <openssl/obj_mac.h>
|
|
#include "prov/securitycheck.h"
|
|
|
|
int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
|
|
|
|
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
{
|
|
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
|
return FIPS_security_check_enabled(libctx);
|
|
#else
|
|
return 0;
|
|
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
}
|
|
|
|
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
int sha1_allowed)
|
|
{
|
|
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
|
if (ossl_securitycheck_enabled(ctx))
|
|
return ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed);
|
|
#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
return ossl_digest_get_approved_nid(md);
|
|
}
|