From 5ce38c90cf43ee79cd999716ea83a5a44eeb819e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 28 Jul 2015 11:46:38 -0400
Subject: Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c')

diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
index 55228272..2465fbde 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
@@ -67,8 +67,9 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-
-#ifndef OPENSSL_FIPS
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
                               BN_GENCB *cb);
@@ -82,8 +83,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
  */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+        return 0;
+    }
+#endif
     if (rsa->meth->rsa_keygen)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+#endif
     return rsa_builtin_keygen(rsa, bits, e_value, cb);
 }
 
@@ -234,5 +246,3 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
 
     return ok;
 }
-
-#endif
-- 
cgit v1.2.3