OpenSSL: Don't provide implementation of DES/RC4 for FIPS builds

DES and RC4 are not allowed in such builds, so comment out des_encrypt()
and rc4_skip() from the build to force compile time failures for cases
that cannot be supported instead of failing the operations at runtime.
This makes it easier to detect and fix accidental cases where DES/RC4
could still be used in some older protocols.

Signed-off-by: Norman Hamer <nhamer@absolute.com>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 6add770f735c4a9b970ae53c774fbf57cda57e96..c8013a89274fd4cb4f12f00961d83644828ecde7 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -320,12 +320,12 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
 
 
 #ifndef CONFIG_FIPS
+
 int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
        openssl_load_legacy_provider();
        return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
 }
-#endif /* CONFIG_FIPS */
 
 
 int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
@@ -404,11 +404,11 @@ out:
 #endif /* CONFIG_NO_RC4 */
 
 
-#ifndef CONFIG_FIPS
 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
        return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac);
 }
+
 #endif /* CONFIG_FIPS */