From 96a259e81e47cf61d54eb0cb0dd05434eda2f301 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 16 Sep 2008 10:47:28 +0000
Subject: Merge FIPS low level algorithm blocking code. Give hard errors if
 non-FIPS algorithms are use in FIPS mode using low level API. No effect in
 non-FIPS mode.

---
 crypto/rc4/asm/rc4-x86_64.pl |  2 ++
 crypto/rc4/rc4.h             |  3 +++
 crypto/rc4/rc4_skey.c        | 16 +++++++++++++++-
 3 files changed, 20 insertions(+), 1 deletion(-)

(limited to 'crypto/rc4')

diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
index 2d47320485..00c6fa28aa 100755
--- a/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/rc4/asm/rc4-x86_64.pl
@@ -359,6 +359,8 @@ ___
 
 $code =~ s/#([bwd])/$1/gm;
 
+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne "");
+
 print $code;
 
 close STDOUT;
diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h
index 7aec04fe93..2d8620d33b 100644
--- a/crypto/rc4/rc4.h
+++ b/crypto/rc4/rc4.h
@@ -76,6 +76,9 @@ typedef struct rc4_key_st
 
  
 const char *RC4_options(void);
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+#endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
 		unsigned char *outdata);
diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
index 46b77ec321..4478d1a4b3 100644
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -59,6 +59,11 @@
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 
 const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
 
@@ -85,7 +90,11 @@ const char *RC4_options(void)
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+#else
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+#endif
 	{
         register RC4_INT tmp;
         register int id1,id2;
@@ -127,7 +136,12 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
 		 *
 		 *				<appro@fy.chalmers.se>
 		 */
-		if (OPENSSL_ia32cap_P & (1<<20)) {
+#ifdef OPENSSL_FIPS
+		unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
+		if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
+#else
+		if (OPENSSL_ia32cap_P & (1<<28)) {
+#endif
 			unsigned char *cp=(unsigned char *)d;
 
 			for (i=0;i<256;i++) cp[i]=i;
-- 
cgit v1.2.3