|
 |
c4366c |
diff -up openssl-fips-0.9.8e/crypto/engine/eng_all.c.nonfips openssl-fips-0.9.8e/crypto/engine/eng_all.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/crypto/engine/eng_all.c.nonfips 2009-04-15 14:26:12.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/crypto/engine/eng_all.c 2009-04-15 14:24:20.000000000 +0200
|
|
 |
c4366c |
@@ -58,9 +58,23 @@
|
|
 |
c4366c |
|
|
 |
c4366c |
#include "cryptlib.h"
|
|
 |
c4366c |
#include "eng_int.h"
|
|
 |
c4366c |
+#ifdef OPENSSL_FIPS
|
|
 |
c4366c |
+#include <openssl/fips.h>
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
|
|
 |
c4366c |
void ENGINE_load_builtin_engines(void)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
+#ifdef OPENSSL_FIPS
|
|
 |
c4366c |
+ OPENSSL_init();
|
|
 |
c4366c |
+ if (FIPS_mode()) {
|
|
 |
c4366c |
+ /* We allow loading dynamic engine as a third party
|
|
 |
c4366c |
+ engine might be FIPS validated.
|
|
 |
c4366c |
+ User is disallowed to load non-validated engines
|
|
 |
c4366c |
+ by security policy. */
|
|
 |
c4366c |
+ ENGINE_load_dynamic();
|
|
 |
c4366c |
+ return;
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
/* There's no longer any need for an "openssl" ENGINE unless, one day,
|
|
 |
c4366c |
* it is the *only* way for standard builtin implementations to be be
|
|
 |
c4366c |
* accessed (ie. it would be possible to statically link binaries with
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/crypto/evp/c_allc.c.nonfips openssl-fips-0.9.8e/crypto/evp/c_allc.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/crypto/evp/c_allc.c.nonfips 2007-04-24 13:30:34.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/crypto/evp/c_allc.c 2009-04-15 13:48:51.000000000 +0200
|
|
 |
c4366c |
@@ -65,6 +65,11 @@
|
|
 |
c4366c |
void OpenSSL_add_all_ciphers(void)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
|
|
 |
c4366c |
+#ifdef OPENSSL_FIPS
|
|
 |
c4366c |
+ OPENSSL_init();
|
|
 |
c4366c |
+ if(!FIPS_mode())
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
#ifndef OPENSSL_NO_DES
|
|
 |
c4366c |
EVP_add_cipher(EVP_des_cfb());
|
|
 |
c4366c |
EVP_add_cipher(EVP_des_cfb1());
|
|
 |
c4366c |
@@ -219,6 +224,63 @@ void OpenSSL_add_all_ciphers(void)
|
|
 |
c4366c |
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
|
|
 |
c4366c |
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
|
|
 |
c4366c |
#endif
|
|
 |
c4366c |
+#ifdef OPENSSL_FIPS
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+ else
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_DES
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede_cfb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede3_cfb());
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede_ofb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede3_ofb());
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede_cbc());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede3_cbc());
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_des_ede3());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_AES
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_ecb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_cbc());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_cfb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_cfb1());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_cfb8());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_ofb());
|
|
 |
c4366c |
+#if 0
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_128_ctr());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_ecb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_cbc());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_cfb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_cfb1());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_cfb8());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_ofb());
|
|
 |
c4366c |
+#if 0
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_192_ctr());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_ecb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_cbc());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_cfb());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_cfb1());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_cfb8());
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_ofb());
|
|
 |
c4366c |
+#if 0
|
|
 |
c4366c |
+ EVP_add_cipher(EVP_aes_256_ctr());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
|
|
 |
c4366c |
+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
|
|
 |
c4366c |
PKCS12_PBE_add();
|
|
 |
c4366c |
PKCS5_PBE_add();
|
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/crypto/evp/c_alld.c.nonfips openssl-fips-0.9.8e/crypto/evp/c_alld.c
|
|
 |
c4366c |
--- openssl-fips-0.9.8e/crypto/evp/c_alld.c.nonfips 2005-04-30 23:51:40.000000000 +0200
|
|
 |
c4366c |
+++ openssl-fips-0.9.8e/crypto/evp/c_alld.c 2009-04-15 13:48:51.000000000 +0200
|
|
 |
c4366c |
@@ -64,6 +64,11 @@
|
|
 |
c4366c |
|
|
 |
c4366c |
void OpenSSL_add_all_digests(void)
|
|
 |
c4366c |
{
|
|
 |
c4366c |
+#ifdef OPENSSL_FIPS
|
|
 |
c4366c |
+ OPENSSL_init();
|
|
 |
c4366c |
+ if (!FIPS_mode())
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
#ifndef OPENSSL_NO_MD2
|
|
 |
c4366c |
EVP_add_digest(EVP_md2());
|
|
 |
c4366c |
#endif
|
|
 |
c4366c |
@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
|
|
 |
c4366c |
EVP_add_digest(EVP_sha384());
|
|
 |
c4366c |
EVP_add_digest(EVP_sha512());
|
|
 |
c4366c |
#endif
|
|
 |
c4366c |
+#ifdef OPENSSL_FIPS
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+ else
|
|
 |
c4366c |
+ {
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_SHA
|
|
 |
c4366c |
+ EVP_add_digest(EVP_sha1());
|
|
 |
c4366c |
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
|
 |
c4366c |
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_DSA
|
|
 |
c4366c |
+ EVP_add_digest(EVP_dss1());
|
|
 |
c4366c |
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
|
 |
c4366c |
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
|
|
 |
c4366c |
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_ECDSA
|
|
 |
c4366c |
+ EVP_add_digest(EVP_ecdsa());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_SHA256
|
|
 |
c4366c |
+ EVP_add_digest(EVP_sha224());
|
|
 |
c4366c |
+ EVP_add_digest(EVP_sha256());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+#ifndef OPENSSL_NO_SHA512
|
|
 |
c4366c |
+ EVP_add_digest(EVP_sha384());
|
|
 |
c4366c |
+ EVP_add_digest(EVP_sha512());
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
+ }
|
|
 |
c4366c |
+#endif
|
|
 |
c4366c |
}
|