Loading crypto/md32_common.h +2 −1 Original line number Diff line number Diff line Loading @@ -130,6 +130,7 @@ #include <openssl/fips.h> #include <openssl/err.h> #include "../fips/fips_locl.h" #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) #error "DATA_ORDER must be defined!" Loading Loading @@ -559,7 +560,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) const unsigned char *cp=end; #ifdef FIPS if(FIPS_mode) if(FIPS_mode && !FIPS_md5_allowed) { FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); return 0; Loading fips/fingerprint.sha1 +1 −1 Original line number Diff line number Diff line SHA1(fips.c)= e41f98ed7cd7dbd3c45b91db526dafb7ebc3550c SHA1(fips.c)= e7af483a2ca3c0a845b4528b936e143bfdae945e SHA1(fips_err_wrapper.c)= 527047304bfaa75f6ace20b4f7ac3afb6d89d480 SHA1(fips.h)= 58386539af75f8f622b041a43bf1880fee8642f7 SHA1(fips_err.h)= 8d9fd3ab3e6ca5297c5714e7f6cd9834e22b4cba fips/fips.c +7 −0 Original line number Diff line number Diff line Loading @@ -55,9 +55,12 @@ #include <openssl/evp.h> #include <string.h> #include <limits.h> #include "fips_locl.h" #ifdef FIPS int FIPS_md5_allowed; int FIPS_selftest() { return FIPS_selftest_sha1() Loading Loading @@ -143,6 +146,10 @@ int FIPS_mode_set(int onoff,const char *path) return 1; } void FIPS_allow_md5(int onoff) { FIPS_md5_allowed=onoff; } #if 0 /* here just to cause error codes to exist */ Loading ssl/s3_clnt.c +10 −0 Original line number Diff line number Diff line Loading @@ -118,6 +118,7 @@ #include <openssl/evp.h> #include <openssl/md5.h> #include "cryptlib.h" #include "../fips/fips_locl.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); Loading Loading @@ -1166,7 +1167,16 @@ static int ssl3_get_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(1); #endif EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(1); #endif q+=i; j+=i; } Loading ssl/s3_srvr.c +9 −0 Original line number Diff line number Diff line Loading @@ -124,6 +124,7 @@ #include <openssl/krb5_asn.h> #include <openssl/md5.h> #include "cryptlib.h" #include "../fips/fips_locl.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); Loading Loading @@ -1215,8 +1216,16 @@ static int ssl3_send_server_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(1); #endif EVP_DigestFinal_ex(&md_ctx,q, (unsigned int *)&i); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(0); #endif q+=i; j+=i; } Loading Loading
crypto/md32_common.h +2 −1 Original line number Diff line number Diff line Loading @@ -130,6 +130,7 @@ #include <openssl/fips.h> #include <openssl/err.h> #include "../fips/fips_locl.h" #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) #error "DATA_ORDER must be defined!" Loading Loading @@ -559,7 +560,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) const unsigned char *cp=end; #ifdef FIPS if(FIPS_mode) if(FIPS_mode && !FIPS_md5_allowed) { FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); return 0; Loading
fips/fingerprint.sha1 +1 −1 Original line number Diff line number Diff line SHA1(fips.c)= e41f98ed7cd7dbd3c45b91db526dafb7ebc3550c SHA1(fips.c)= e7af483a2ca3c0a845b4528b936e143bfdae945e SHA1(fips_err_wrapper.c)= 527047304bfaa75f6ace20b4f7ac3afb6d89d480 SHA1(fips.h)= 58386539af75f8f622b041a43bf1880fee8642f7 SHA1(fips_err.h)= 8d9fd3ab3e6ca5297c5714e7f6cd9834e22b4cba
fips/fips.c +7 −0 Original line number Diff line number Diff line Loading @@ -55,9 +55,12 @@ #include <openssl/evp.h> #include <string.h> #include <limits.h> #include "fips_locl.h" #ifdef FIPS int FIPS_md5_allowed; int FIPS_selftest() { return FIPS_selftest_sha1() Loading Loading @@ -143,6 +146,10 @@ int FIPS_mode_set(int onoff,const char *path) return 1; } void FIPS_allow_md5(int onoff) { FIPS_md5_allowed=onoff; } #if 0 /* here just to cause error codes to exist */ Loading
ssl/s3_clnt.c +10 −0 Original line number Diff line number Diff line Loading @@ -118,6 +118,7 @@ #include <openssl/evp.h> #include <openssl/md5.h> #include "cryptlib.h" #include "../fips/fips_locl.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); Loading Loading @@ -1166,7 +1167,16 @@ static int ssl3_get_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(1); #endif EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(1); #endif q+=i; j+=i; } Loading
ssl/s3_srvr.c +9 −0 Original line number Diff line number Diff line Loading @@ -124,6 +124,7 @@ #include <openssl/krb5_asn.h> #include <openssl/md5.h> #include "cryptlib.h" #include "../fips/fips_locl.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); Loading Loading @@ -1215,8 +1216,16 @@ static int ssl3_send_server_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(1); #endif EVP_DigestFinal_ex(&md_ctx,q, (unsigned int *)&i); #ifdef OPENSSL_FIPS if(s->version == TLS1_VERSION && num == 2) FIPS_allow_md5(0); #endif q+=i; j+=i; } Loading
