Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
openssl
openssl-1.0.1h-fips-engine.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-1.0.1h-fips-engine.patch of Package openssl
Index: openssl-1.0.1h/crypto/evp/digest.c =================================================================== --- openssl-1.0.1h.orig/crypto/evp/digest.c +++ openssl-1.0.1h/crypto/evp/digest.c @@ -223,6 +223,22 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c ENGINE_finish(impl); return 0; } +#ifdef OPENSSL_FIPS + /* If we have an engine, only use it if its FIPS certified, or + * non-FIPS stuff is allowed. */ + if (FIPS_mode()) { + if ((d->flags & EVP_MD_FLAG_FIPS) + || (ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) + { + type = d; + } + else + { + ENGINE_finish(impl); + } + } else +#endif + { /* We'll use the ENGINE's private digest definition */ type = d; /* Store the ENGINE functional reference so we know @@ -230,6 +246,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c * it when done. */ ctx->engine = impl; } + } else ctx->engine = NULL; } Index: openssl-1.0.1h/crypto/rsa/rsa_lib.c =================================================================== --- openssl-1.0.1h.orig/crypto/rsa/rsa_lib.c +++ openssl-1.0.1h/crypto/rsa/rsa_lib.c @@ -142,6 +142,7 @@ int RSA_set_method(RSA *rsa, const RSA_M RSA *RSA_new_method(ENGINE *engine) { RSA *ret; + RSA_METHOD *meth; ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); if (ret == NULL) @@ -166,8 +167,8 @@ RSA *RSA_new_method(ENGINE *engine) ret->engine = ENGINE_get_default_RSA(); if(ret->engine) { - ret->meth = ENGINE_get_RSA(ret->engine); - if(!ret->meth) + meth = ENGINE_get_RSA(ret->engine); + if(!meth) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); @@ -175,6 +176,17 @@ RSA *RSA_new_method(ENGINE *engine) OPENSSL_free(ret); return NULL; } +#ifdef OPENSSL_FIPS + if (!FIPS_mode() || (meth->flags & RSA_FLAG_FIPS_METHOD)) + { + ret->meth = meth; + } + else + { + ENGINE_finish(ret->engine); + ret->engine = NULL; + } +#endif } #endif #ifdef OPENSSL_FIPS
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor