Drop long ago obsolete part of the FIPS patch
This commit is contained in:
parent
f023424321
commit
7f27ca925c
@ -879,128 +879,6 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm
|
||||
pkey_ec_init,
|
||||
pkey_ec_copy,
|
||||
pkey_ec_cleanup,
|
||||
diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c
|
||||
--- openssl-1.1.1e/crypto/evp/c_allc.c.fips 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/c_allc.c 2020-03-17 17:30:52.027567375 +0100
|
||||
@@ -17,6 +17,9 @@
|
||||
void openssl_add_all_ciphers_int(void)
|
||||
{
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ if (!FIPS_mode()) {
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_DES
|
||||
EVP_add_cipher(EVP_des_cfb());
|
||||
EVP_add_cipher(EVP_des_cfb1());
|
||||
@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void)
|
||||
EVP_add_cipher(EVP_chacha20_poly1305());
|
||||
# endif
|
||||
#endif
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ } else {
|
||||
+# ifndef OPENSSL_NO_DES
|
||||
+ EVP_add_cipher(EVP_des_ede3_cfb());
|
||||
+
|
||||
+ EVP_add_cipher(EVP_des_ede3_ofb());
|
||||
+
|
||||
+ EVP_add_cipher(EVP_des_ede3_cbc());
|
||||
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
|
||||
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
|
||||
+
|
||||
+ EVP_add_cipher(EVP_des_ede3());
|
||||
+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
|
||||
+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
|
||||
+ EVP_add_cipher(EVP_des_ede3_wrap());
|
||||
+ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
|
||||
+# endif
|
||||
+
|
||||
+# ifndef OPENSSL_NO_AES
|
||||
+ EVP_add_cipher(EVP_aes_128_ecb());
|
||||
+ EVP_add_cipher(EVP_aes_128_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_128_cfb());
|
||||
+ EVP_add_cipher(EVP_aes_128_cfb1());
|
||||
+ EVP_add_cipher(EVP_aes_128_cfb8());
|
||||
+ EVP_add_cipher(EVP_aes_128_ofb());
|
||||
+ EVP_add_cipher(EVP_aes_128_ctr());
|
||||
+ EVP_add_cipher(EVP_aes_128_gcm());
|
||||
+ EVP_add_cipher(EVP_aes_128_xts());
|
||||
+ EVP_add_cipher(EVP_aes_128_ccm());
|
||||
+ EVP_add_cipher(EVP_aes_128_wrap());
|
||||
+ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
|
||||
+ EVP_add_cipher(EVP_aes_128_wrap_pad());
|
||||
+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
|
||||
+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
|
||||
+ EVP_add_cipher(EVP_aes_192_ecb());
|
||||
+ EVP_add_cipher(EVP_aes_192_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_192_cfb());
|
||||
+ EVP_add_cipher(EVP_aes_192_cfb1());
|
||||
+ EVP_add_cipher(EVP_aes_192_cfb8());
|
||||
+ EVP_add_cipher(EVP_aes_192_ofb());
|
||||
+ EVP_add_cipher(EVP_aes_192_ctr());
|
||||
+ EVP_add_cipher(EVP_aes_192_gcm());
|
||||
+ EVP_add_cipher(EVP_aes_192_ccm());
|
||||
+ EVP_add_cipher(EVP_aes_192_wrap());
|
||||
+ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
|
||||
+ EVP_add_cipher(EVP_aes_192_wrap_pad());
|
||||
+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
|
||||
+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
|
||||
+ EVP_add_cipher(EVP_aes_256_ecb());
|
||||
+ EVP_add_cipher(EVP_aes_256_cbc());
|
||||
+ EVP_add_cipher(EVP_aes_256_cfb());
|
||||
+ EVP_add_cipher(EVP_aes_256_cfb1());
|
||||
+ EVP_add_cipher(EVP_aes_256_cfb8());
|
||||
+ EVP_add_cipher(EVP_aes_256_ofb());
|
||||
+ EVP_add_cipher(EVP_aes_256_ctr());
|
||||
+ EVP_add_cipher(EVP_aes_256_gcm());
|
||||
+ EVP_add_cipher(EVP_aes_256_xts());
|
||||
+ EVP_add_cipher(EVP_aes_256_ccm());
|
||||
+ EVP_add_cipher(EVP_aes_256_wrap());
|
||||
+ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
|
||||
+ EVP_add_cipher(EVP_aes_256_wrap_pad());
|
||||
+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
|
||||
+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
|
||||
+# endif
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c
|
||||
--- openssl-1.1.1e/crypto/evp/c_alld.c.fips 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/c_alld.c 2020-03-17 17:30:52.027567375 +0100
|
||||
@@ -16,6 +16,9 @@
|
||||
|
||||
void openssl_add_all_digests_int(void)
|
||||
{
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ if (!FIPS_mode()) {
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_MD4
|
||||
EVP_add_digest(EVP_md4());
|
||||
#endif
|
||||
@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void)
|
||||
EVP_add_digest(EVP_sha3_512());
|
||||
EVP_add_digest(EVP_shake128());
|
||||
EVP_add_digest(EVP_shake256());
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ } else {
|
||||
+ EVP_add_digest(EVP_md5_sha1());
|
||||
+ EVP_add_digest(EVP_sha1());
|
||||
+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
|
||||
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
|
||||
+ EVP_add_digest(EVP_sha224());
|
||||
+ EVP_add_digest(EVP_sha256());
|
||||
+ EVP_add_digest(EVP_sha384());
|
||||
+ EVP_add_digest(EVP_sha512());
|
||||
+ EVP_add_digest(EVP_sha512_224());
|
||||
+ EVP_add_digest(EVP_sha512_256());
|
||||
+ EVP_add_digest(EVP_sha3_224());
|
||||
+ EVP_add_digest(EVP_sha3_256());
|
||||
+ EVP_add_digest(EVP_sha3_384());
|
||||
+ EVP_add_digest(EVP_sha3_512());
|
||||
+ EVP_add_digest(EVP_shake128());
|
||||
+ EVP_add_digest(EVP_shake256());
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c
|
||||
--- openssl-1.1.1e/crypto/evp/digest.c.fips 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/digest.c 2020-03-17 17:38:57.528093469 +0100
|
||||
|
@ -22,7 +22,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1g
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -475,6 +475,9 @@ export LD_LIBRARY_PATH
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-11
|
||||
- Drop long ago obsolete part of the FIPS patch
|
||||
|
||||
* Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-10
|
||||
- Rewire FIPS_drbg API to use the RAND_DRBG
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user