rpms / openssl098e

Clone
Source Code
GIT

Blame SOURCES/openssl-fips-0.9.8e-evp-nonfips.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   5820f55c83d296decb4f8def2db1aa47ac8b3e88
  2.   SOURCES
  3.   openssl-fips-0.9.8e-evp-nonfips.patch
Blob History Raw
5820f5 
diff -up openssl-fips-0.9.8e/crypto/engine/eng_all.c.nonfips openssl-fips-0.9.8e/crypto/engine/eng_all.c
5820f5 
--- openssl-fips-0.9.8e/crypto/engine/eng_all.c.nonfips	2009-04-15 14:26:12.000000000 +0200
5820f5 
+++ openssl-fips-0.9.8e/crypto/engine/eng_all.c	2009-04-15 14:24:20.000000000 +0200
5820f5 
@@ -58,9 +58,23 @@
5820f5
5820f5 
 #include "cryptlib.h"
5820f5 
 #include "eng_int.h"
5820f5 
+#ifdef OPENSSL_FIPS
5820f5 
+#include <openssl/fips.h>
5820f5 
+#endif
5820f5
5820f5 
 void ENGINE_load_builtin_engines(void)
5820f5 
 	{
5820f5 
+#ifdef OPENSSL_FIPS
5820f5 
+	OPENSSL_init();
5820f5 
+	if (FIPS_mode()) {
5820f5 
+		/* We allow loading dynamic engine as a third party
5820f5 
+		   engine might be FIPS validated.
5820f5 
+		   User is disallowed to load non-validated engines
5820f5 
+		   by security policy. */
5820f5 
+		ENGINE_load_dynamic();
5820f5 
+		return;
5820f5 
+	}
5820f5 
+#endif
5820f5 
 	/* There's no longer any need for an "openssl" ENGINE unless, one day,
5820f5 
 	 * it is the *only* way for standard builtin implementations to be be
5820f5 
 	 * accessed (ie. it would be possible to statically link binaries with
5820f5 
diff -up openssl-fips-0.9.8e/crypto/evp/c_allc.c.nonfips openssl-fips-0.9.8e/crypto/evp/c_allc.c
5820f5 
--- openssl-fips-0.9.8e/crypto/evp/c_allc.c.nonfips	2007-04-24 13:30:34.000000000 +0200
5820f5 
+++ openssl-fips-0.9.8e/crypto/evp/c_allc.c	2009-04-15 13:48:51.000000000 +0200
5820f5 
@@ -65,6 +65,11 @@
5820f5 
 void OpenSSL_add_all_ciphers(void)
5820f5 
 	{
5820f5
5820f5 
+#ifdef OPENSSL_FIPS
5820f5 
+	OPENSSL_init();
5820f5 
+	if(!FIPS_mode())
5820f5 
+		{
5820f5 
+#endif
5820f5 
 #ifndef OPENSSL_NO_DES
5820f5 
 	EVP_add_cipher(EVP_des_cfb());
5820f5 
 	EVP_add_cipher(EVP_des_cfb1());
5820f5 
@@ -219,6 +224,63 @@ void OpenSSL_add_all_ciphers(void)
5820f5 
 	EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
5820f5 
 	EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
5820f5 
 #endif
5820f5 
+#ifdef OPENSSL_FIPS
5820f5 
+		}
5820f5 
+	else
5820f5 
+		{
5820f5 
+#ifndef OPENSSL_NO_DES
5820f5 
+	EVP_add_cipher(EVP_des_ede_cfb());
5820f5 
+	EVP_add_cipher(EVP_des_ede3_cfb());
5820f5 
+
5820f5 
+	EVP_add_cipher(EVP_des_ede_ofb());
5820f5 
+	EVP_add_cipher(EVP_des_ede3_ofb());
5820f5 
+
5820f5 
+	EVP_add_cipher(EVP_des_ede_cbc());
5820f5 
+	EVP_add_cipher(EVP_des_ede3_cbc());
5820f5 
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
5820f5 
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
5820f5 
+
5820f5 
+	EVP_add_cipher(EVP_des_ede());
5820f5 
+	EVP_add_cipher(EVP_des_ede3());
5820f5 
+#endif
5820f5 
+
5820f5 
+#ifndef OPENSSL_NO_AES
5820f5 
+	EVP_add_cipher(EVP_aes_128_ecb());
5820f5 
+	EVP_add_cipher(EVP_aes_128_cbc());
5820f5 
+	EVP_add_cipher(EVP_aes_128_cfb());
5820f5 
+	EVP_add_cipher(EVP_aes_128_cfb1());
5820f5 
+	EVP_add_cipher(EVP_aes_128_cfb8());
5820f5 
+	EVP_add_cipher(EVP_aes_128_ofb());
5820f5 
+#if 0
5820f5 
+	EVP_add_cipher(EVP_aes_128_ctr());
5820f5 
+#endif
5820f5 
+	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
5820f5 
+	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
5820f5 
+	EVP_add_cipher(EVP_aes_192_ecb());
5820f5 
+	EVP_add_cipher(EVP_aes_192_cbc());
5820f5 
+	EVP_add_cipher(EVP_aes_192_cfb());
5820f5 
+	EVP_add_cipher(EVP_aes_192_cfb1());
5820f5 
+	EVP_add_cipher(EVP_aes_192_cfb8());
5820f5 
+	EVP_add_cipher(EVP_aes_192_ofb());
5820f5 
+#if 0
5820f5 
+	EVP_add_cipher(EVP_aes_192_ctr());
5820f5 
+#endif
5820f5 
+	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
5820f5 
+	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
5820f5 
+	EVP_add_cipher(EVP_aes_256_ecb());
5820f5 
+	EVP_add_cipher(EVP_aes_256_cbc());
5820f5 
+	EVP_add_cipher(EVP_aes_256_cfb());
5820f5 
+	EVP_add_cipher(EVP_aes_256_cfb1());
5820f5 
+	EVP_add_cipher(EVP_aes_256_cfb8());
5820f5 
+	EVP_add_cipher(EVP_aes_256_ofb());
5820f5 
+#if 0
5820f5 
+	EVP_add_cipher(EVP_aes_256_ctr());
5820f5 
+#endif
5820f5 
+	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
5820f5 
+	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
5820f5 
+#endif
5820f5 
+		}
5820f5 
+#endif
5820f5
5820f5 
 	PKCS12_PBE_add();
5820f5 
 	PKCS5_PBE_add();
5820f5 
diff -up openssl-fips-0.9.8e/crypto/evp/c_alld.c.nonfips openssl-fips-0.9.8e/crypto/evp/c_alld.c
5820f5 
--- openssl-fips-0.9.8e/crypto/evp/c_alld.c.nonfips	2005-04-30 23:51:40.000000000 +0200
5820f5 
+++ openssl-fips-0.9.8e/crypto/evp/c_alld.c	2009-04-15 13:48:51.000000000 +0200
5820f5 
@@ -64,6 +64,11 @@
5820f5
5820f5 
 void OpenSSL_add_all_digests(void)
5820f5 
 	{
5820f5 
+#ifdef OPENSSL_FIPS
5820f5 
+	OPENSSL_init();
5820f5 
+	if (!FIPS_mode())
5820f5 
+		{
5820f5 
+#endif
5820f5 
 #ifndef OPENSSL_NO_MD2
5820f5 
 	EVP_add_digest(EVP_md2());
5820f5 
 #endif
5820f5 
@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
5820f5 
 	EVP_add_digest(EVP_sha384());
5820f5 
 	EVP_add_digest(EVP_sha512());
5820f5 
 #endif
5820f5 
+#ifdef OPENSSL_FIPS
5820f5 
+		}
5820f5 
+	else
5820f5 
+		{
5820f5 
+#ifndef OPENSSL_NO_SHA
5820f5 
+	EVP_add_digest(EVP_sha1());
5820f5 
+	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
5820f5 
+	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
5820f5 
+#ifndef OPENSSL_NO_DSA
5820f5 
+	EVP_add_digest(EVP_dss1());
5820f5 
+	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
5820f5 
+	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
5820f5 
+	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
5820f5 
+#endif
5820f5 
+#ifndef OPENSSL_NO_ECDSA
5820f5 
+	EVP_add_digest(EVP_ecdsa());
5820f5 
+#endif
5820f5 
+#endif
5820f5 
+#ifndef OPENSSL_NO_SHA256
5820f5 
+	EVP_add_digest(EVP_sha224());
5820f5 
+	EVP_add_digest(EVP_sha256());
5820f5 
+#endif
5820f5 
+#ifndef OPENSSL_NO_SHA512
5820f5 
+	EVP_add_digest(EVP_sha384());
5820f5 
+	EVP_add_digest(EVP_sha512());
5820f5 
+#endif
5820f5 
+		}
5820f5 
+#endif
5820f5 
 	}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation