15fad7109b
key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on
21 lines
724 B
Diff
21 lines
724 B
Diff
diff -up openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.0c/crypto/md5/md5_dgst.c
|
|
--- openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow 2011-02-03 19:53:28.000000000 +0100
|
|
+++ openssl-1.0.0c/crypto/md5/md5_dgst.c 2011-02-03 20:33:14.000000000 +0100
|
|
@@ -75,7 +75,15 @@ const char MD5_version[]="MD5" OPENSSL_V
|
|
#define INIT_DATA_C (unsigned long)0x98badcfeL
|
|
#define INIT_DATA_D (unsigned long)0x10325476L
|
|
|
|
-FIPS_NON_FIPS_MD_Init(MD5)
|
|
+int MD5_Init(MD5_CTX *c)
|
|
+#ifdef OPENSSL_FIPS
|
|
+ {
|
|
+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
|
|
+ FIPS_BAD_ALGORITHM(alg)
|
|
+ return private_MD5_Init(c);
|
|
+ }
|
|
+int private_MD5_Init(MD5_CTX *c)
|
|
+#endif
|
|
{
|
|
memset (c,0,sizeof(*c));
|
|
c->A=INIT_DATA_A;
|