forked from rpms/openssl
65ebbaecc7
key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable to allow using MD5 when the system is in the maintenance state even if the /proc fips flag is on - make openssl pkcs12 command work by default in the FIPS mode
26 lines
711 B
Diff
26 lines
711 B
Diff
diff -up openssl-1.0.0c/apps/pkcs12.c.fips-default openssl-1.0.0c/apps/pkcs12.c
|
|
--- openssl-1.0.0c/apps/pkcs12.c.fips-default 2009-07-27 23:08:45.000000000 +0200
|
|
+++ openssl-1.0.0c/apps/pkcs12.c 2011-02-04 15:25:38.000000000 +0100
|
|
@@ -67,6 +67,9 @@
|
|
#include <openssl/err.h>
|
|
#include <openssl/pem.h>
|
|
#include <openssl/pkcs12.h>
|
|
+#ifdef OPENSSL_FIPS
|
|
+#include <openssl/fips.h>
|
|
+#endif
|
|
|
|
#define PROG pkcs12_main
|
|
|
|
@@ -130,6 +133,11 @@ int MAIN(int argc, char **argv)
|
|
|
|
apps_startup();
|
|
|
|
+#ifdef OPENSSL_FIPS
|
|
+ if (FIPS_mode())
|
|
+ cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */
|
|
+#endif
|
|
+
|
|
enc = EVP_des_ede3_cbc();
|
|
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
|
|