We are preparing for a FIPS review with our lab.
We have found that there is a piece of code that initializes the
encryption context for bf_cbc which works perfectly fine in FIPS mode.
Specifically this is the code snippet I am referring to
EVP_EncryptInit(ctx, EVP_bf_cbc(), key, iv);
out = (char*) malloc(inlen + EVP_CIPHER_CTX_block_size(ctx));
for (index = 0; index < inlen / 50; index++) {
EVP_EncryptUpdate(ctx, &out[outlen], &temp, &input[outlen], 50);
outlen += temp;
}
Our application binary containing the above code is linked dynamically to
fips capable OpenSSL library
Any idea why this is working fine in the fips mode without issues.
On the other using bf from the openssl command line fails with fips error as
expected.
A prompt response will be appreciated...
Thanks
Anamitra
