Backport of password based CMS support from HEAD.

[openssl.git] / crypto / rsa / rsa_crpt.c

diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c
index 7750366613b4cacefc452ee9beb62dd58f7fc619..d3e44785dcfbe31d4560e30984ef7546d8cf3834 100644 (file)
--- a/crypto/rsa/rsa_crpt.c
+++ b/crypto/rsa/rsa_crpt.c
@@ -75,24 +75,56 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+               return -1;
+               }
+#endif
        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+               return -1;
+               }
+#endif
        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
        }
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+               return -1;
+               }
+#endif
        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
        }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+               return -1;
+               }
+#endif
        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
        }