Prohibit low level cipher APIs in FIPS mode.

Not complete: ciphers with assembly language key setup are not covered yet.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-01 16:54:06 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-01 16:54:06 +0000
commit: 916bcab28eab0752765d05dd8767ef7ad8b47485 (patch)
tree: 369f967632324c7636396102679970571d0adfa1 /crypto/crypto.h
parent: c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/crypto.h b/crypto/crypto.h
index da3e27bc2f..6aeda0a9ac 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -563,9 +563,15 @@ void OPENSSL_init(void);
 	return private_##alg##_Init(c); \
 	} \
 	int private_##alg##_Init(cx##_CTX *c)
+
+#define fips_cipher_abort(alg) \
+	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+		"Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
 #else
 #define fips_md_init_ctx(alg, cx) \
 	int alg##_Init(cx##_CTX *c)
+#define fips_cipher_abort(alg) while(0)
 #endif
 
 /* BEGIN ERROR CODES */
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-01 16:54:06 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-01 16:54:06 +0000
commit	916bcab28eab0752765d05dd8767ef7ad8b47485 (patch)
tree	369f967632324c7636396102679970571d0adfa1 /crypto/crypto.h
parent	c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff)