Update OpenSSL to 1.0.1g and statically link OpenVPN with it

author: Arne Schwabe <arne@rfc2549.org> 2014-04-23 09:56:37 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-04-23 09:56:37 +0200
commit: e436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree: 240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/rsa/rsa_gen.c
parent: 6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/main/openssl/crypto/rsa/rsa_gen.c b/main/openssl/crypto/rsa/rsa_gen.c
index 767f7ab6..42290cce 100644
--- a/main/openssl/crypto/rsa/rsa_gen.c
+++ b/main/openssl/crypto/rsa/rsa_gen.c
@@ -67,6 +67,9 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -77,8 +80,20 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 	{
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+		{
+		RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+		return 0;
+		}
+#endif
 	if(rsa->meth->rsa_keygen)
 		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+#endif
 	return rsa_builtin_keygen(rsa, bits, e_value, cb);
 	}
author	Arne Schwabe <arne@rfc2549.org>	2014-04-23 09:56:37 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-04-23 09:56:37 +0200
commit	e436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree	240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/rsa/rsa_gen.c
parent	6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)