OpenSSL: Don't provide implementation of DES/RC4 for FIPS builds

DES and RC4 are not allowed in such builds, so comment out des_encrypt()
and rc4_skip() from the build to force compile time failures for cases
that cannot be supported instead of failing the operations at runtime.
This makes it easier to detect and fix accidental cases where DES/RC4
could still be used in some older protocols.

Signed-off-by: Norman Hamer <nhamer@absolute.com>
This commit is contained in:
Norman Hamer 2022-10-14 18:37:34 +00:00 committed by Jouni Malinen
parent 1d42dafce6
commit fef4c6cb0d

View file

@ -320,12 +320,12 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
#ifndef CONFIG_FIPS
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
openssl_load_legacy_provider();
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
}
#endif /* CONFIG_FIPS */
int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
@ -404,11 +404,11 @@ out:
#endif /* CONFIG_NO_RC4 */
#ifndef CONFIG_FIPS
int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
{
return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac);
}
#endif /* CONFIG_FIPS */