From 5ce38c90cf43ee79cd999716ea83a5a44eeb819e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 28 Jul 2015 11:46:38 -0400
Subject: Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'Cryptlib/OpenSSL/crypto/aes/aes_misc.c')

diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
index 68a48bac..ab948ad8 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
@@ -50,6 +50,7 @@
  */
 
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -63,3 +64,23 @@ const char *AES_options(void)
     return "aes(partial)";
 #endif
 }
+
+/* FIPS wrapper functions to block low level AES calls in FIPS mode */
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(AES);
+#endif
+    return private_AES_set_encrypt_key(userKey, bits, key);
+}
+
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(AES);
+#endif
+    return private_AES_set_decrypt_key(userKey, bits, key);
+}
-- 
cgit v1.2.3