Closed vmurashev closed 3 years ago
I don't know anything about OpenSSL's FIPS mode. The code is in lib/zip_crypto_openssl.c, but I think you found that already.
Feel free to come up with a patch, if it is even possible with openssl in FIPS mode; or use a different backend (like GnuTLS or mbed TLS or libreSSL or an OpenSSL installation without FIPS).
@0-wiz-0 patch #255 suggested, please take a look
Thank you very much! I've just merged it.
If to link
libzip
with FIPS compliant OpenSSL, it is not possible to use WinZip encryption method There is a crash with the following report in STDERR:Root cause is that the function
_zip_crypto_aes_encrypt_block
defined as macros to recallAES_encrypt
from OpenSSL ButAES_encrypt
API is not FIPS compliant and should be avoided to be compatible with OpenSSL FIPS mode