diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2008-09-16 10:47:28 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2008-09-16 10:47:28 +0000 |
| commit | 96a259e81e47cf61d54eb0cb0dd05434eda2f301 (patch) | |
| tree | de53299acb413b3d5cbe25d05e17f6f3aa8e422b /crypto/rc2 | |
| parent | 59f3477b8236fd431d2cee942b46e3034e0a7b10 (diff) | |
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
Diffstat (limited to 'crypto/rc2')
| -rw-r--r-- | crypto/rc2/rc2.h | 4 | ||||
| -rw-r--r-- | crypto/rc2/rc2_skey.c | 17 |
2 files changed, 20 insertions, 1 deletions
diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h index 34c8362317..e542ec94ff 100644 --- a/crypto/rc2/rc2.h +++ b/crypto/rc2/rc2.h @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; - +#ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +#endif void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c index 4953642056..4e000e5b99 100644 --- a/crypto/rc2/rc2_skey.c +++ b/crypto/rc2/rc2_skey.c @@ -57,6 +57,11 @@ */ #include <openssl/rc2.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "rc2_locl.h" static unsigned char key_table[256]={ @@ -94,8 +99,20 @@ static unsigned char key_table[256]={ * BSAFE uses the 'retarded' version. What I previously shipped is * the same as specifying 1024 for the 'bits' parameter. Bsafe uses * a version where the bits parameter is the same as len*8 */ + +#ifdef OPENSSL_FIPS void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) { + if (FIPS_mode()) + FIPS_BAD_ABORT(RC2) + private_RC2_set_key(key, len, data, bits); + } +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, + int bits) +#else +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +#endif + { int i,j; unsigned char *k; RC2_INT *ki; |