openssl/openssl-1.0.0-fips-aesni.patch
2011-06-09 16:22:08 +02:00

48 lines
1.4 KiB
Diff

diff -up openssl-1.0.0/crypto/engine/eng_aesni.c.fips-aesni openssl-1.0.0/crypto/engine/eng_aesni.c
--- openssl-1.0.0/crypto/engine/eng_aesni.c.fips-aesni 2011-05-24 15:20:29.000000000 +0200
+++ openssl-1.0.0/crypto/engine/eng_aesni.c 2011-06-08 14:19:22.000000000 +0200
@@ -323,7 +323,7 @@ static const EVP_CIPHER aesni_##ksize##_
EVP_CIPHER_block_size_##umode, \
ksize / 8, \
AES_BLOCK_SIZE, \
- 0 | EVP_CIPH_##umode##_MODE, \
+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_##umode##_MODE, \
aesni_init_key, \
aesni_cipher_##lmode, \
NULL, \
diff -up openssl-1.0.0/crypto/fips/fips.c.fips-aesni openssl-1.0.0/crypto/fips/fips.c
--- openssl-1.0.0/crypto/fips/fips.c.fips-aesni 2011-05-24 15:20:29.000000000 +0200
+++ openssl-1.0.0/crypto/fips/fips.c 2011-06-08 17:31:35.000000000 +0200
@@ -55,6 +55,7 @@
#include <openssl/bio.h>
#include <openssl/hmac.h>
#include <openssl/rsa.h>
+#include <openssl/engine.h>
#include <string.h>
#include <limits.h>
#include <dlfcn.h>
@@ -444,14 +445,17 @@ int FIPS_mode_set(int onoff)
}
if(FIPS_selftest())
- fips_set_mode(1);
- else
{
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
+ ENGINE_load_aesni();
+ if (FIPS_selftest_aes())
+ {
+ fips_set_mode(1);
+ ret = 1;
+ goto end;
+ }
}
- ret = 1;
+ fips_selftest_fail = 1;
+ ret = 0;
goto end;
}
fips_set_mode(0);