OpenSSL: Don't provide implementation of DES/RC4 for FIPS builds
DES and RC4 are not allowed in such builds, so comment out des_encrypt() and rc4_skip() from the build to force compile time failures for cases that cannot be supported instead of failing the operations at runtime. This makes it easier to detect and fix accidental cases where DES/RC4 could still be used in some older protocols. Signed-off-by: Norman Hamer <nhamer@absolute.com>
This commit is contained in:
parent
1d42dafce6
commit
fef4c6cb0d
1 changed files with 2 additions and 2 deletions
|
@ -320,12 +320,12 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
|
|||
|
||||
|
||||
#ifndef CONFIG_FIPS
|
||||
|
||||
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
||||
{
|
||||
openssl_load_legacy_provider();
|
||||
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
|
||||
}
|
||||
#endif /* CONFIG_FIPS */
|
||||
|
||||
|
||||
int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
||||
|
@ -404,11 +404,11 @@ out:
|
|||
#endif /* CONFIG_NO_RC4 */
|
||||
|
||||
|
||||
#ifndef CONFIG_FIPS
|
||||
int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
||||
{
|
||||
return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_FIPS */
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue