|
 |
e62613 |
--- openssl-1.0.1c/crypto/fips/fips_rand_selftest.c.orig 2012-11-03 18:59:03.620066556 +0100
|
|
|
e62613 |
+++ openssl-1.0.1c/crypto/fips/fips_rand_selftest.c 2012-11-03 19:57:33.156686682 +0100
|
|
|
e62613 |
@@ -47,6 +47,8 @@
|
|
|
e62613 |
*
|
|
|
e62613 |
*/
|
|
|
e62613 |
|
|
|
e62613 |
+#ifdef OPENSSL_FIPS
|
|
|
e62613 |
+
|
|
|
e62613 |
#include <string.h>
|
|
|
e62613 |
#include <openssl/err.h>
|
|
|
e62613 |
#include <openssl/fips.h>
|
|
|
e62613 |
@@ -54,8 +56,6 @@
|
|
|
e62613 |
#include <openssl/fips_rand.h>
|
|
|
e62613 |
#include "fips_locl.h"
|
|
|
e62613 |
|
|
|
e62613 |
-#ifdef OPENSSL_FIPS
|
|
|
e62613 |
-
|
|
|
e62613 |
typedef struct {
|
|
|
e62613 |
unsigned char DT[16];
|
|
|
e62613 |
unsigned char V[16];
|
|
|
e62613 |
--- openssl-1.0.1c/crypto/fips/fips_dsa_selftest.c.orig 2012-11-03 20:03:20.546180631 +0100
|
|
|
e62613 |
+++ openssl-1.0.1c/crypto/fips/fips_dsa_selftest.c 2012-11-03 20:03:46.069328396 +0100
|
|
|
e62613 |
@@ -47,6 +47,8 @@
|
|
|
e62613 |
*
|
|
|
e62613 |
*/
|
|
|
e62613 |
|
|
|
e62613 |
+#ifdef OPENSSL_FIPS
|
|
|
e62613 |
+
|
|
|
e62613 |
#include <string.h>
|
|
|
e62613 |
#include <openssl/crypto.h>
|
|
|
e62613 |
#include <openssl/dsa.h>
|
|
|
e62613 |
@@ -56,8 +58,6 @@
|
|
|
e62613 |
#include <openssl/bn.h>
|
|
|
e62613 |
#include "fips_locl.h"
|
|
|
e62613 |
|
|
|
e62613 |
-#ifdef OPENSSL_FIPS
|
|
|
e62613 |
-
|
|
|
e62613 |
static const unsigned char dsa_test_2048_p[] = {
|
|
|
e62613 |
0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08,
|
|
|
e62613 |
0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62,
|
|
|
e62613 |
--- openssl-1.0.1c/crypto/fips/fips_rand.c.orig 2012-11-03 20:07:49.956891942 +0100
|
|
|
e62613 |
+++ openssl-1.0.1c/crypto/fips/fips_rand.c 2012-11-03 20:08:14.260048118 +0100
|
|
|
e62613 |
@@ -47,6 +47,8 @@
|
|
|
e62613 |
*
|
|
|
e62613 |
*/
|
|
|
e62613 |
|
|
|
e62613 |
+#ifdef OPENSSL_FIPS
|
|
|
e62613 |
+
|
|
|
e62613 |
/*
|
|
|
e62613 |
* This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
|
|
|
e62613 |
*/
|
|
|
e62613 |
@@ -82,8 +84,6 @@
|
|
|
e62613 |
#include <openssl/fips.h>
|
|
|
e62613 |
#include "fips_locl.h"
|
|
|
e62613 |
|
|
|
e62613 |
-#ifdef OPENSSL_FIPS
|
|
|
e62613 |
-
|
|
|
e62613 |
void *OPENSSL_stderr(void);
|
|
|
e62613 |
|
|
|
e62613 |
# define AES_BLOCK_LENGTH 16
|
|
|
e62613 |
--- openssl-1.0.1c/crypto/rand/md_rand.c.orig 2012-11-03 20:19:31.461754618 +0100
|
|
|
e62613 |
+++ openssl-1.0.1c/crypto/rand/md_rand.c 2012-11-03 20:20:58.294282662 +0100
|
|
|
e62613 |
@@ -394,7 +394,11 @@
|
|
|
e62613 |
/* always poll for external entropy in FIPS mode, drbg provides the
|
|
|
e62613 |
* expansion
|
|
|
e62613 |
*/
|
|
|
e62613 |
+#ifdef OPENSSL_FIPS
|
|
|
e62613 |
if (!initialized || FIPS_module_mode()) {
|
|
|
e62613 |
+#else
|
|
|
e62613 |
+ if (!initialized) {
|
|
|
e62613 |
+#endif
|
|
|
e62613 |
RAND_poll();
|
|
|
e62613 |
initialized = 1;
|
|
|
e62613 |
}
|
|
|
e62613 |
--- openssl-1.0.1c/crypto/opensslconf.h.in 2012-11-09 20:34:03.434391630 +0100
|
|
|
e62613 |
+++ openssl-1.0.1c/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
|
|
|
e62613 |
@@ -1,20 +1,5 @@
|
|
|
e62613 |
/* crypto/opensslconf.h.in */
|
|
|
e62613 |
|
|
|
e62613 |
-#ifdef OPENSSL_DOING_MAKEDEPEND
|
|
|
e62613 |
-
|
|
|
e62613 |
-/* Include any symbols here that have to be explicitly set to enable a feature
|
|
|
e62613 |
- * that should be visible to makedepend.
|
|
|
e62613 |
- *
|
|
|
e62613 |
- * [Our "make depend" doesn't actually look at this, we use actual build settings
|
|
|
e62613 |
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
|
|
|
e62613 |
- */
|
|
|
e62613 |
-
|
|
|
e62613 |
-#ifndef OPENSSL_FIPS
|
|
|
e62613 |
-#define OPENSSL_FIPS
|
|
|
e62613 |
-#endif
|
|
|
e62613 |
-
|
|
|
e62613 |
-#endif
|
|
|
e62613 |
-
|
|
|
e62613 |
/* Generate 80386 code? */
|
|
|
e62613 |
#undef I386_ONLY
|
|
|
e62613 |
|