diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2008-09-16 10:47:28 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2008-09-16 10:47:28 +0000 |
| commit | 96a259e81e47cf61d54eb0cb0dd05434eda2f301 (patch) | |
| tree | de53299acb413b3d5cbe25d05e17f6f3aa8e422b /crypto/rc4 | |
| parent | 59f3477b8236fd431d2cee942b46e3034e0a7b10 (diff) | |
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
Diffstat (limited to 'crypto/rc4')
| -rwxr-xr-x | crypto/rc4/asm/rc4-x86_64.pl | 2 | ||||
| -rw-r--r-- | crypto/rc4/rc4.h | 3 | ||||
| -rw-r--r-- | crypto/rc4/rc4_skey.c | 16 |
3 files changed, 20 insertions, 1 deletions
diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 2d47320485..00c6fa28aa 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -359,6 +359,8 @@ ___ $code =~ s/#([bwd])/$1/gm; +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne ""); + print $code; close STDOUT; diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h index 7aec04fe93..2d8620d33b 100644 --- a/crypto/rc4/rc4.h +++ b/crypto/rc4/rc4.h @@ -76,6 +76,9 @@ typedef struct rc4_key_st const char *RC4_options(void); +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +#endif void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata); diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c index 46b77ec321..4478d1a4b3 100644 --- a/crypto/rc4/rc4_skey.c +++ b/crypto/rc4/rc4_skey.c @@ -59,6 +59,11 @@ #include <openssl/rc4.h> #include "rc4_locl.h" #include <openssl/opensslv.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; @@ -85,7 +90,11 @@ const char *RC4_options(void) * Date: Wed, 14 Sep 1994 06:35:31 GMT */ +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +#else void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +#endif { register RC4_INT tmp; register int id1,id2; @@ -127,7 +136,12 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) * * <appro@fy.chalmers.se> */ - if (OPENSSL_ia32cap_P & (1<<20)) { +#ifdef OPENSSL_FIPS + unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); + if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) { +#else + if (OPENSSL_ia32cap_P & (1<<28)) { +#endif unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; |