/[pkgs]/devel/openssl/openssl-1.0.0-beta3-fipsrng.patch
ViewVC logotype

Contents of /devel/openssl/openssl-1.0.0-beta3-fipsrng.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download) (as text)
Thu Aug 20 14:18:42 2009 UTC (3 months ago) by tmraz
Branch: MAIN
CVS Tags: openssl-1_0_0-0_7_beta3_fc12, openssl-1_0_0-0_4_beta3_fc12, F-12-split, openssl-1_0_0-0_13_beta4_fc13, openssl-1_0_0-0_9_beta3_fc13, openssl-1_0_0-0_2_beta3_fc12, openssl-1_0_0-0_10_beta3_fc13, openssl-1_0_0-0_11_beta4_fc13, openssl-1_0_0-0_14_beta4_fc13, openssl-1_0_0-0_5_beta3_fc12, openssl-1_0_0-0_1_beta3_fc12, openssl-1_0_0-0_8_beta3_fc13, openssl-1_0_0-0_15_beta4_fc13, openssl-1_0_0-0_12_beta4_fc13, openssl-1_0_0-0_3_beta3_fc12, openssl-1_0_0-0_6_beta3_fc12, HEAD
File MIME type: text/x-patch 
* Thu Aug 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.1.beta3
- update to new major upstream release
1 diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips.c
2 --- openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
3 +++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-11 18:14:36.000000000 +0200
4 @@ -427,22 +427,22 @@ int FIPS_mode_set(int onoff)
5 goto end;
6 }
7
8 + /* now switch the RNG into FIPS mode */
9 + fips_set_rand_check(FIPS_rand_method());
10 + RAND_set_rand_method(FIPS_rand_method());
11 +
12 /* automagically seed PRNG if not already seeded */
13 if(!FIPS_rand_status())
14 {
15 - if(RAND_bytes(buf,sizeof buf) <= 0)
16 + RAND_poll();
17 + if (!FIPS_rand_status())
18 {
19 fips_selftest_fail = 1;
20 ret = 0;
21 goto end;
22 }
23 - FIPS_rand_set_key(buf,32);
24 - FIPS_rand_seed(buf+32,16);
25 }
26
27 - /* now switch into FIPS mode */
28 - fips_set_rand_check(FIPS_rand_method());
29 - RAND_set_rand_method(FIPS_rand_method());
30 if(FIPS_selftest())
31 fips_set_mode(1);
32 else
33 diff -up openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips_rand.c
34 --- openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng 2009-08-11 18:12:14.000000000 +0200
35 +++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-08-11 18:16:48.000000000 +0200
36 @@ -155,7 +155,18 @@ static int fips_set_prng_seed(FIPS_PRNG_
37 {
38 int i;
39 if (!ctx->keyed)
40 - return 0;
41 + {
42 + FIPS_RAND_SIZE_T keylen = 16;
43 +
44 + if (seedlen - keylen < AES_BLOCK_LENGTH)
45 + return 0;
46 + if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
47 + keylen += 8;
48 + if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
49 + keylen += 8;
50 + seedlen -= keylen;
51 + fips_set_prng_key(ctx, seed+seedlen, keylen);
52 + }
53 /* In test mode seed is just supplied data */
54 if (ctx->test_mode)
55 {
56 @@ -276,6 +287,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
57 unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
58 unsigned char tmp[AES_BLOCK_LENGTH];
59 int i;
60 + FIPS_selftest_check();
61 if (ctx->error)
62 {
63 RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
64 diff -up openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng openssl-1.0.0-beta3/crypto/rand/rand_lcl.h
65 --- openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng 2009-08-11 18:12:13.000000000 +0200
66 +++ openssl-1.0.0-beta3/crypto/rand/rand_lcl.h 2009-08-11 18:18:13.000000000 +0200
67 @@ -112,8 +112,11 @@
68 #ifndef HEADER_RAND_LCL_H
69 #define HEADER_RAND_LCL_H
70
71 +#ifndef OPENSSL_FIPS
72 #define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
73 -
74 +#else
75 +#define ENTROPY_NEEDED 48 /* we need 48 bytes of randomness for FIPS rng */
76 +#endif
77
78 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
79 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
admin@fedoraproject.org
 ViewVC Help
Powered by ViewVC 1.1.2