From 916bcab28eab0752765d05dd8767ef7ad8b47485 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 1 Jun 2011 16:54:06 +0000 Subject: Prohibit low level cipher APIs in FIPS mode. Not complete: ciphers with assembly language key setup are not covered yet. --- crypto/rc2/rc2.h | 4 +++- crypto/rc2/rc2_skey.c | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'crypto/rc2') diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h index 34c8362317..e542ec94ff 100644 --- a/crypto/rc2/rc2.h +++ b/crypto/rc2/rc2.h @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; - +#ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +#endif void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c index 0150b0e035..6668ac011f 100644 --- a/crypto/rc2/rc2_skey.c +++ b/crypto/rc2/rc2_skey.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include "rc2_locl.h" @@ -95,6 +96,13 @@ static const unsigned char key_table[256]={ * the same as specifying 1024 for the 'bits' parameter. Bsafe uses * a version where the bits parameter is the same as len*8 */ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +#ifdef OPENSSL_FIPS + { + fips_cipher_abort(RC2); + private_RC2_set_key(key, len, data, bits); + } +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +#endif { int i,j; unsigned char *k; -- cgit v1.2.3