Prohibit use of low level digest APIs in FIPS mode.

author: Dr. Stephen Henson <steve@openssl.org> 2011-06-01 13:39:45 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-01 13:39:45 +0000
commit: 65300dcfb04bae643ea7b8f42ff8c8f1b1210a9e (patch)
tree: b3cebcf5d9b7c05745dcd26cc13de2805098c224 /crypto/crypto.h
parent: 9ddc574f9aed0fbf5b19c50a495de608550174c7 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 0a34ef2ac2..da3e27bc2f 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -552,6 +552,22 @@ int FIPS_mode_set(int r);
 
 void OPENSSL_init(void);
 
+#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+
+#ifdef OPENSSL_FIPS
+#define fips_md_init_ctx(alg, cx) \
+	int alg##_Init(cx##_CTX *c) \
+	{ \
+	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+		"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+	return private_##alg##_Init(c); \
+	} \
+	int private_##alg##_Init(cx##_CTX *c)
+#else
+#define fips_md_init_ctx(alg, cx) \
+	int alg##_Init(cx##_CTX *c)
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-01 13:39:45 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-01 13:39:45 +0000
commit	65300dcfb04bae643ea7b8f42ff8c8f1b1210a9e (patch)
tree	b3cebcf5d9b7c05745dcd26cc13de2805098c224 /crypto/crypto.h
parent	9ddc574f9aed0fbf5b19c50a495de608550174c7 (diff)