| 1 |
diff -up openssl-fips-0.9.8e/crypto/engine/eng_all.c.nonfips openssl-fips-0.9.8e/crypto/engine/eng_all.c |
| 2 |
--- openssl-fips-0.9.8e/crypto/engine/eng_all.c.nonfips 2009-04-15 14:26:12.000000000 +0200 |
| 3 |
+++ openssl-fips-0.9.8e/crypto/engine/eng_all.c 2009-04-15 14:24:20.000000000 +0200 |
| 4 |
@@ -58,9 +58,23 @@ |
| 5 |
|
| 6 |
#include "cryptlib.h" |
| 7 |
#include "eng_int.h" |
| 8 |
+#ifdef OPENSSL_FIPS |
| 9 |
+#include <openssl/fips.h> |
| 10 |
+#endif |
| 11 |
|
| 12 |
void ENGINE_load_builtin_engines(void) |
| 13 |
{ |
| 14 |
+#ifdef OPENSSL_FIPS |
| 15 |
+ OPENSSL_init(); |
| 16 |
+ if (FIPS_mode()) { |
| 17 |
+ /* We allow loading dynamic engine as a third party |
| 18 |
+ engine might be FIPS validated. |
| 19 |
+ User is disallowed to load non-validated engines |
| 20 |
+ by security policy. */ |
| 21 |
+ ENGINE_load_dynamic(); |
| 22 |
+ return; |
| 23 |
+ } |
| 24 |
+#endif |
| 25 |
/* There's no longer any need for an "openssl" ENGINE unless, one day, |
| 26 |
* it is the *only* way for standard builtin implementations to be be |
| 27 |
* accessed (ie. it would be possible to statically link binaries with |
| 28 |
diff -up openssl-fips-0.9.8e/crypto/evp/c_allc.c.nonfips openssl-fips-0.9.8e/crypto/evp/c_allc.c |
| 29 |
--- openssl-fips-0.9.8e/crypto/evp/c_allc.c.nonfips 2007-04-24 13:30:34.000000000 +0200 |
| 30 |
+++ openssl-fips-0.9.8e/crypto/evp/c_allc.c 2009-04-15 13:48:51.000000000 +0200 |
| 31 |
@@ -65,6 +65,11 @@ |
| 32 |
void OpenSSL_add_all_ciphers(void) |
| 33 |
{ |
| 34 |
|
| 35 |
+#ifdef OPENSSL_FIPS |
| 36 |
+ OPENSSL_init(); |
| 37 |
+ if(!FIPS_mode()) |
| 38 |
+ { |
| 39 |
+#endif |
| 40 |
#ifndef OPENSSL_NO_DES |
| 41 |
EVP_add_cipher(EVP_des_cfb()); |
| 42 |
EVP_add_cipher(EVP_des_cfb1()); |
| 43 |
@@ -219,6 +224,63 @@ void OpenSSL_add_all_ciphers(void) |
| 44 |
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); |
| 45 |
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); |
| 46 |
#endif |
| 47 |
+#ifdef OPENSSL_FIPS |
| 48 |
+ } |
| 49 |
+ else |
| 50 |
+ { |
| 51 |
+#ifndef OPENSSL_NO_DES |
| 52 |
+ EVP_add_cipher(EVP_des_ede_cfb()); |
| 53 |
+ EVP_add_cipher(EVP_des_ede3_cfb()); |
| 54 |
+ |
| 55 |
+ EVP_add_cipher(EVP_des_ede_ofb()); |
| 56 |
+ EVP_add_cipher(EVP_des_ede3_ofb()); |
| 57 |
+ |
| 58 |
+ EVP_add_cipher(EVP_des_ede_cbc()); |
| 59 |
+ EVP_add_cipher(EVP_des_ede3_cbc()); |
| 60 |
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); |
| 61 |
+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); |
| 62 |
+ |
| 63 |
+ EVP_add_cipher(EVP_des_ede()); |
| 64 |
+ EVP_add_cipher(EVP_des_ede3()); |
| 65 |
+#endif |
| 66 |
+ |
| 67 |
+#ifndef OPENSSL_NO_AES |
| 68 |
+ EVP_add_cipher(EVP_aes_128_ecb()); |
| 69 |
+ EVP_add_cipher(EVP_aes_128_cbc()); |
| 70 |
+ EVP_add_cipher(EVP_aes_128_cfb()); |
| 71 |
+ EVP_add_cipher(EVP_aes_128_cfb1()); |
| 72 |
+ EVP_add_cipher(EVP_aes_128_cfb8()); |
| 73 |
+ EVP_add_cipher(EVP_aes_128_ofb()); |
| 74 |
+#if 0 |
| 75 |
+ EVP_add_cipher(EVP_aes_128_ctr()); |
| 76 |
+#endif |
| 77 |
+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); |
| 78 |
+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); |
| 79 |
+ EVP_add_cipher(EVP_aes_192_ecb()); |
| 80 |
+ EVP_add_cipher(EVP_aes_192_cbc()); |
| 81 |
+ EVP_add_cipher(EVP_aes_192_cfb()); |
| 82 |
+ EVP_add_cipher(EVP_aes_192_cfb1()); |
| 83 |
+ EVP_add_cipher(EVP_aes_192_cfb8()); |
| 84 |
+ EVP_add_cipher(EVP_aes_192_ofb()); |
| 85 |
+#if 0 |
| 86 |
+ EVP_add_cipher(EVP_aes_192_ctr()); |
| 87 |
+#endif |
| 88 |
+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); |
| 89 |
+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); |
| 90 |
+ EVP_add_cipher(EVP_aes_256_ecb()); |
| 91 |
+ EVP_add_cipher(EVP_aes_256_cbc()); |
| 92 |
+ EVP_add_cipher(EVP_aes_256_cfb()); |
| 93 |
+ EVP_add_cipher(EVP_aes_256_cfb1()); |
| 94 |
+ EVP_add_cipher(EVP_aes_256_cfb8()); |
| 95 |
+ EVP_add_cipher(EVP_aes_256_ofb()); |
| 96 |
+#if 0 |
| 97 |
+ EVP_add_cipher(EVP_aes_256_ctr()); |
| 98 |
+#endif |
| 99 |
+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); |
| 100 |
+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); |
| 101 |
+#endif |
| 102 |
+ } |
| 103 |
+#endif |
| 104 |
|
| 105 |
PKCS12_PBE_add(); |
| 106 |
PKCS5_PBE_add(); |
| 107 |
diff -up openssl-fips-0.9.8e/crypto/evp/c_alld.c.nonfips openssl-fips-0.9.8e/crypto/evp/c_alld.c |
| 108 |
--- openssl-fips-0.9.8e/crypto/evp/c_alld.c.nonfips 2005-04-30 23:51:40.000000000 +0200 |
| 109 |
+++ openssl-fips-0.9.8e/crypto/evp/c_alld.c 2009-04-15 13:48:51.000000000 +0200 |
| 110 |
@@ -64,6 +64,11 @@ |
| 111 |
|
| 112 |
void OpenSSL_add_all_digests(void) |
| 113 |
{ |
| 114 |
+#ifdef OPENSSL_FIPS |
| 115 |
+ OPENSSL_init(); |
| 116 |
+ if (!FIPS_mode()) |
| 117 |
+ { |
| 118 |
+#endif |
| 119 |
#ifndef OPENSSL_NO_MD2 |
| 120 |
EVP_add_digest(EVP_md2()); |
| 121 |
#endif |
| 122 |
@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void) |
| 123 |
EVP_add_digest(EVP_sha384()); |
| 124 |
EVP_add_digest(EVP_sha512()); |
| 125 |
#endif |
| 126 |
+#ifdef OPENSSL_FIPS |
| 127 |
+ } |
| 128 |
+ else |
| 129 |
+ { |
| 130 |
+#ifndef OPENSSL_NO_SHA |
| 131 |
+ EVP_add_digest(EVP_sha1()); |
| 132 |
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); |
| 133 |
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); |
| 134 |
+#ifndef OPENSSL_NO_DSA |
| 135 |
+ EVP_add_digest(EVP_dss1()); |
| 136 |
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); |
| 137 |
+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); |
| 138 |
+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); |
| 139 |
+#endif |
| 140 |
+#ifndef OPENSSL_NO_ECDSA |
| 141 |
+ EVP_add_digest(EVP_ecdsa()); |
| 142 |
+#endif |
| 143 |
+#endif |
| 144 |
+#ifndef OPENSSL_NO_SHA256 |
| 145 |
+ EVP_add_digest(EVP_sha224()); |
| 146 |
+ EVP_add_digest(EVP_sha256()); |
| 147 |
+#endif |
| 148 |
+#ifndef OPENSSL_NO_SHA512 |
| 149 |
+ EVP_add_digest(EVP_sha384()); |
| 150 |
+ EVP_add_digest(EVP_sha512()); |
| 151 |
+#endif |
| 152 |
+ } |
| 153 |
+#endif |
| 154 |
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
