diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
commit | 916bcab28eab0752765d05dd8767ef7ad8b47485 (patch) | |
tree | 369f967632324c7636396102679970571d0adfa1 /crypto/idea | |
parent | c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff) |
Prohibit low level cipher APIs in FIPS mode.
Not complete: ciphers with assembly language key setup are not
covered yet.
Diffstat (limited to 'crypto/idea')
-rw-r--r-- | crypto/idea/i_skey.c | 8 | ||||
-rw-r--r-- | crypto/idea/idea.h | 3 |
2 files changed, 11 insertions, 0 deletions
diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c index 1c95bc9c7b..afb830964d 100644 --- a/crypto/idea/i_skey.c +++ b/crypto/idea/i_skey.c @@ -56,11 +56,19 @@ * [including the GNU Public Licence.] */ +#include <openssl/crypto.h> #include <openssl/idea.h> #include "idea_lcl.h" static IDEA_INT inverse(unsigned int xin); void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +#ifdef OPENSSL_FIPS + { + fips_cipher_abort(IDEA); + private_idea_set_encrypt_key(key, ks); + } +void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +#endif { int i; register IDEA_INT *kt,*kf,r0,r1,r2; diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h index 5782e54b0f..e9a1e7f1a5 100644 --- a/crypto/idea/idea.h +++ b/crypto/idea/idea.h @@ -83,6 +83,9 @@ typedef struct idea_key_st const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); +#ifdef OPENSSL_FIPS +void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +#endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, |