Prohibit low level cipher APIs in FIPS mode.

Not complete: ciphers with assembly language key setup are not covered yet.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-01 16:54:06 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-01 16:54:06 +0000
commit: 916bcab28eab0752765d05dd8767ef7ad8b47485 (patch)
tree: 369f967632324c7636396102679970571d0adfa1 /crypto/des/set_key.c
parent: c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index 3004cc3ab3..d3e69ca8b5 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -65,6 +65,8 @@
  */
 #include "des_locl.h"
 
+#include <openssl/crypto.h>
+
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)	/* defaults to false */
 
 static const unsigned char odd_parity[256]={
@@ -335,6 +337,13 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
 	}
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+#ifdef OPENSSL_FIPS
+	{
+	fips_cipher_abort(DES);
+	private_DES_set_key_unchecked(key, schedule);
+	}
+void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+#endif
 	{
 	static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
 	register DES_LONG c,d,t,s,t2;
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-01 16:54:06 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-01 16:54:06 +0000
commit	916bcab28eab0752765d05dd8767ef7ad8b47485 (patch)
tree	369f967632324c7636396102679970571d0adfa1 /crypto/des/set_key.c
parent	c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff)