Prohibit low level cipher APIs in FIPS mode.

Not complete: ciphers with assembly language key setup are not covered yet.
2011-06-01 16:54:06 +00:00
parent c7373c3dee
commit 916bcab28e
16 changed files with 93 additions and 6 deletions
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -563,9 +563,15 @@ void OPENSSL_init(void);
 	return private_##alg##_Init(c); \
 	} \
 	int private_##alg##_Init(cx##_CTX *c)
+
+#define fips_cipher_abort(alg) \
+	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+		"Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
 #else
 #define fips_md_init_ctx(alg, cx) \
 	int alg##_Init(cx##_CTX *c)
+#define fips_cipher_abort(alg) while(0)
 #endif

 /* BEGIN ERROR CODES */