diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
commit | 916bcab28eab0752765d05dd8767ef7ad8b47485 (patch) | |
tree | 369f967632324c7636396102679970571d0adfa1 /crypto/bf | |
parent | c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff) |
Prohibit low level cipher APIs in FIPS mode.
Not complete: ciphers with assembly language key setup are not
covered yet.
Diffstat (limited to 'crypto/bf')
-rw-r--r-- | crypto/bf/bf_skey.c | 8 | ||||
-rw-r--r-- | crypto/bf/blowfish.h | 4 |
2 files changed, 11 insertions, 1 deletions
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c index 3673cdee6e..3b0bca41ae 100644 --- a/crypto/bf/bf_skey.c +++ b/crypto/bf/bf_skey.c @@ -58,11 +58,19 @@ #include <stdio.h> #include <string.h> +#include <openssl/crypto.h> #include <openssl/blowfish.h> #include "bf_locl.h" #include "bf_pi.h" void BF_set_key(BF_KEY *key, int len, const unsigned char *data) +#ifdef OPENSSL_FIPS + { + fips_cipher_abort(BLOWFISH); + private_BF_set_key(key, len, data); + } +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data) +#endif { int i; BF_LONG *p,ri,in[2]; diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index b97e76f9a3..4b6c8920a4 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - +#ifdef OPENSSL_FIPS +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +#endif void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); |