diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
commit | 916bcab28eab0752765d05dd8767ef7ad8b47485 (patch) | |
tree | 369f967632324c7636396102679970571d0adfa1 /crypto/crypto.h | |
parent | c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff) |
Prohibit low level cipher APIs in FIPS mode.
Not complete: ciphers with assembly language key setup are not
covered yet.
Diffstat (limited to 'crypto/crypto.h')
-rw-r--r-- | crypto/crypto.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/crypto.h b/crypto/crypto.h index da3e27bc2f..6aeda0a9ac 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -563,9 +563,15 @@ void OPENSSL_init(void); return private_##alg##_Init(c); \ } \ int private_##alg##_Init(cx##_CTX *c) + +#define fips_cipher_abort(alg) \ + if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + "Low level API call to cipher " #alg " forbidden in FIPS mode!") + #else #define fips_md_init_ctx(alg, cx) \ int alg##_Init(cx##_CTX *c) +#define fips_cipher_abort(alg) while(0) #endif /* BEGIN ERROR CODES */ |