openssl/openssl-1.0.0c-fips-md5-allow.patch

diff -up openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.0c/crypto/md5/md5_dgst.c
--- openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow	2011-02-03 19:53:28.000000000 +0100
+++ openssl-1.0.0c/crypto/md5/md5_dgst.c	2011-02-03 20:33:14.000000000 +0100
@@ -75,7 +75,15 @@ const char MD5_version[]="MD5" OPENSSL_V
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-FIPS_NON_FIPS_MD_Init(MD5)
+int MD5_Init(MD5_CTX *c)
+#ifdef OPENSSL_FIPS
+	{
+	if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+		FIPS_BAD_ALGORITHM(alg)
+	return private_MD5_Init(c);
+	}
+int private_MD5_Init(MD5_CTX *c)
+#endif
 	{
 	memset (c,0,sizeof(*c));
 	c->A=INIT_DATA_A;
- add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on 2011-02-04 14:14:18 +00:00			`diff -up openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.0c/crypto/md5/md5_dgst.c`
			`--- openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow 2011-02-03 19:53:28.000000000 +0100`
			`+++ openssl-1.0.0c/crypto/md5/md5_dgst.c 2011-02-03 20:33:14.000000000 +0100`
			`@@ -75,7 +75,15 @@ const char MD5_version[]="MD5" OPENSSL_V`
			`#define INIT_DATA_C (unsigned long)0x98badcfeL`
			`#define INIT_DATA_D (unsigned long)0x10325476L`

			`-FIPS_NON_FIPS_MD_Init(MD5)`
			`+int MD5_Init(MD5_CTX *c)`
			`+#ifdef OPENSSL_FIPS`
			`+ {`
			`+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)`
			`+ FIPS_BAD_ALGORITHM(alg)`
			`+ return private_MD5_Init(c);`
			`+ }`
			`+int private_MD5_Init(MD5_CTX *c)`
			`+#endif`
			`{`
			`memset (c,0,sizeof(*c));`
			`c->A=INIT_DATA_A;`