Google Git
Sign in
boringssl/boringssl.git/5eeaf3029dab6b7264522c57a7a2acb461c0a434^!/.
commit
5eeaf3029dab6b7264522c57a7a2acb461c0a434
[log]
author
Adam Langley <alangley@gmail.com>
Fri Sep 18 10:28:46 2020 -0700
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Sep 18 17:42:45 2020 +0000
tree
d04ab814ea5f98491db3b0f1864f14d8f1ff9a6d
parent
ca3f243cf0cf1dd50b79f3385154ffb6c7261073 [diff]
Add some accommodations for FreeRDP

Change-Id: Iad962fd50ede78eb94e10ba2438163509c4587e0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42924
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/crypto/fipsmodule/digest/digest.c b/crypto/fipsmodule/digest/digest.c
index a0b3bf5..6b0c198 100644
--- a/crypto/fipsmodule/digest/digest.c
+++ b/crypto/fipsmodule/digest/digest.c

@@ -122,6 +122,8 @@
 
 uint32_t EVP_MD_meth_get_flags(const EVP_MD *md) { return EVP_MD_flags(md); }
 
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) {}
+
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
   // |in->digest| may be NULL if this is a signing |EVP_MD_CTX| for, e.g.,
   // Ed25519 which does not hash with |EVP_MD_CTX|.

diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index d22a6c2..31390a3 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h

@@ -380,6 +380,12 @@
 // processing.
 #define EVP_CIPH_CUSTOM_COPY 0x1000
 
+// EVP_CIPH_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
+// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
+// (it's up the the caller to use the FIPS module in a fashion compliant with
+// their needs). Thus this exists only to allow code to compile.
+#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0
+
 
 // Deprecated functions
 

diff --git a/include/openssl/digest.h b/include/openssl/digest.h
index 7b0ed06..8e398e8 100644
--- a/include/openssl/digest.h
+++ b/include/openssl/digest.h

@@ -283,6 +283,15 @@
 // EVP_MD_meth_get_flags calls |EVP_MD_flags|.
 OPENSSL_EXPORT uint32_t EVP_MD_meth_get_flags(const EVP_MD *md);
 
+// EVP_MD_CTX_set_flags does nothing.
+OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+
+// EVP_MD_CTX_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
+// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
+// (it's up the the caller to use the FIPS module in a fashion compliant with
+// their needs). Thus this exists only to allow code to compile.
+#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0
+
 
 struct evp_md_pctx_ops;