Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS

algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.

2 files changed, 20 insertions, 0 deletions

diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
index 3b1bbd8a45..fa75b14466 100644
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -57,10 +57,27 @@
  */
 
 #include <openssl/idea.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include "idea_lcl.h"
 
 static IDEA_INT inverse(unsigned int xin);
+
+#ifdef OPENSSL_FIPS
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+	{
+	if (FIPS_mode())
+		FIPS_BAD_ABORT(IDEA)
+	private_idea_set_encrypt_key(key, ks);
+	}
+void private_idea_set_encrypt_key(const unsigned char *key,
+						IDEA_KEY_SCHEDULE *ks)
+#else
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+#endif
 	{
 	int i;
 	register IDEA_INT *kt,*kf,r0,r1,r2;
diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h
index bf97a37e39..a137d4cbce 100644
--- a/crypto/idea/idea.h
+++ b/crypto/idea/idea.h
@@ -83,6 +83,9 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,