diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-01 16:54:06 +0000 |
commit | 916bcab28eab0752765d05dd8767ef7ad8b47485 (patch) | |
tree | 369f967632324c7636396102679970571d0adfa1 /crypto/seed | |
parent | c7373c3dee87f3bebb67b4bff03c30356fafd09d (diff) |
Prohibit low level cipher APIs in FIPS mode.
Not complete: ciphers with assembly language key setup are not
covered yet.
Diffstat (limited to 'crypto/seed')
-rw-r--r-- | crypto/seed/seed.c | 9 | ||||
-rw-r--r-- | crypto/seed/seed.h | 4 |
2 files changed, 11 insertions, 2 deletions
diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c index 2bc384a19f..876cefc1f8 100644 --- a/crypto/seed/seed.c +++ b/crypto/seed/seed.c @@ -32,6 +32,7 @@ #include <memory.h> #endif +#include <openssl/crypto.h> #include <openssl/seed.h> #include "seed_locl.h" @@ -192,8 +193,14 @@ static const seed_word KC[] = { KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7, KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 }; #endif - void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) +#ifdef OPENSSL_FIPS + { + fips_cipher_abort(SEED); + private_SEED_set_key(rawkey, ks); + } +void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) +#endif { seed_word x1, x2, x3, x4; seed_word t0, t1; diff --git a/crypto/seed/seed.h b/crypto/seed/seed.h index 6ffa5f024e..c50fdd3607 100644 --- a/crypto/seed/seed.h +++ b/crypto/seed/seed.h @@ -116,7 +116,9 @@ typedef struct seed_key_st { #endif } SEED_KEY_SCHEDULE; - +#ifdef OPENSSL_FIPS +void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); +#endif void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); |