From 916bcab28eab0752765d05dd8767ef7ad8b47485 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 1 Jun 2011 16:54:06 +0000 Subject: Prohibit low level cipher APIs in FIPS mode. Not complete: ciphers with assembly language key setup are not covered yet. --- crypto/cast/c_skey.c | 9 ++++++++- crypto/cast/cast.h | 4 +++- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'crypto/cast') diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c index 76e40005c9..cb6bf9fee3 100644 --- a/crypto/cast/c_skey.c +++ b/crypto/cast/c_skey.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include "cast_lcl.h" #include "cast_s.h" @@ -71,8 +72,14 @@ #define S5 CAST_S_table5 #define S6 CAST_S_table6 #define S7 CAST_S_table7 - void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) +#ifdef OPENSSL_FIPS + { + fips_cipher_abort(CAST); + private_CAST_set_key(key, len, data); + } +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) +#endif { CAST_LONG x[16]; CAST_LONG z[16]; diff --git a/crypto/cast/cast.h b/crypto/cast/cast.h index 1a264f8143..203922ea2b 100644 --- a/crypto/cast/cast.h +++ b/crypto/cast/cast.h @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; - +#ifdef OPENSSL_FIPS +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +#endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -- cgit v1.2.3