From 26655341fcad9ca5b8026e0f0c7cd5c14ae8894e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 2 Jun 2005 00:09:25 +0000
Subject: [PATCH] Update symbols. Add #ifdef OPENSSL_FIPS in various places.

---
 crypto/bn/bn_x931p.c      | 3 +++
 crypto/rsa/rsa.h          | 2 +-
 fips/fipshashes.c         | 6 +++---
 fips/rsa/fips_rsa_x931g.c | 3 +++
 fips/rsa/fips_rsavtest.c  | 1 +
 fips/sha/fips_sha256.c    | 5 +++++
 fips/sha/fips_sha512.c    | 5 +++++
 util/libeay.num           | 5 +++++
 8 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index 6b8543aef4..c64410dd3a 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -59,6 +59,8 @@
 #include <stdio.h>
 #include <openssl/bn.h>
 
+#ifdef OPENSSL_FIPS
+
 /* X9.31 routines for prime derivation */
 
 
@@ -277,3 +279,4 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 
 	}
 
+#endif
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index f5b36bf630..f9495863cc 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -204,7 +204,7 @@ int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
 int	RSA_check_key(const RSA *);
-#ifndef FIPS
+#ifdef OPENSSL_FIPS
 int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
 			void (*cb)(int, int, void *), void *cb_arg,
 			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
diff --git a/fips/fipshashes.c b/fips/fipshashes.c
index 040ab28400..59aca13d5f 100644
--- a/fips/fipshashes.c
+++ b/fips/fipshashes.c
@@ -24,7 +24,7 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(rsa/fips_rsa_eay.c)= 2512f849a220daa083f346b10effdb2ee96d4395",
 "HMAC-SHA1(rsa/fips_rsa_gen.c)= 577466931c054d99caf4ac2aefff0e35efd94024",
 "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
-"HMAC-SHA1(rsa/fips_rsa_x931g.c)= 62ecb2622cf61010561d5800ba2c74f54a3d2526",
+"HMAC-SHA1(rsa/fips_rsa_x931g.c)= 1827d381bb21c53a38a7194cb1c428a2b5f1e3ab",
 "HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
 "HMAC-SHA1(sha/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
 "HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
@@ -32,8 +32,8 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
 "HMAC-SHA1(sha/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
 "HMAC-SHA1(sha/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
-"HMAC-SHA1(sha/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
-"HMAC-SHA1(sha/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd",
+"HMAC-SHA1(sha/fips_sha256.c)= 97e6dee22a1fe993cc48aa8ff37af10701d7f599",
+"HMAC-SHA1(sha/fips_sha512.c)= 74e6ef26de96f774d233888b831289e69834dd79",
 "HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
 "HMAC-SHA1(hmac/fips_hmac_selftest.c)= ebb32b205babf4300017de767fd6e3f1879765c9",
 };
diff --git a/fips/rsa/fips_rsa_x931g.c b/fips/rsa/fips_rsa_x931g.c
index cb89937304..41e1473bca 100644
--- a/fips/rsa/fips_rsa_x931g.c
+++ b/fips/rsa/fips_rsa_x931g.c
@@ -64,6 +64,8 @@
 #include <openssl/rsa.h>
 #include <openssl/fips.h>
 
+#ifdef OPENSSL_FIPS
+
 extern int fips_check_rsa(RSA *rsa);
 
 
@@ -284,3 +286,4 @@ RSA *RSA_X931_generate_key(FIPS_RSA_SIZE_T bits, const BIGNUM *e,
 
 	}
 
+#endif
diff --git a/fips/rsa/fips_rsavtest.c b/fips/rsa/fips_rsavtest.c
index 1a3a1db5d1..0762a9c7a0 100644
--- a/fips/rsa/fips_rsavtest.c
+++ b/fips/rsa/fips_rsavtest.c
@@ -403,6 +403,7 @@ static int rsa_printver(BIO *err, BIO *out,
 
 	if (r < 0)
 		goto error;
+ERR_print_errors(err);
 	ERR_clear_error();
 
 	if (r == 0)
diff --git a/fips/sha/fips_sha256.c b/fips/sha/fips_sha256.c
index 203e5594fc..b5a1ca0cac 100644
--- a/fips/sha/fips_sha256.c
+++ b/fips/sha/fips_sha256.c
@@ -15,6 +15,8 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>
 
+#ifdef OPENSSL_FIPS
+
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 
 int SHA224_Init (SHA256_CTX *c)
@@ -317,4 +319,7 @@ void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 {   sha256_block (ctx,in,num,0);   }
 
+#endif
+
 #endif /* OPENSSL_NO_SHA256 */
+
diff --git a/fips/sha/fips_sha512.c b/fips/sha/fips_sha512.c
index 7ac75891c3..9e906af315 100644
--- a/fips/sha/fips_sha512.c
+++ b/fips/sha/fips_sha512.c
@@ -49,6 +49,8 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>
 
+#ifdef OPENSSL_FIPS
+
 const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 
 #if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
@@ -479,4 +481,7 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
 
 #endif /* SHA512_ASM */
 
+#endif
+
 #endif /* OPENSSL_NO_SHA512 */
+
diff --git a/util/libeay.num b/util/libeay.num
index 0bbdbe5117..c445777752 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -2882,3 +2882,8 @@ RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
 RSA_padding_add_X931                    3322	EXIST::FUNCTION:RSA
 RSA_padding_add_PKCS1_PSS               3323	EXIST::FUNCTION:RSA
 PKCS1_MGF1                              3324	EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq                    3325	EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_generate_key                   3326	EXIST:OPENSSL_FIPS:FUNCTION:RSA
+BN_X931_derive_prime                    3327	EXIST:OPENSSL_FIPS:FUNCTION:
+BN_X931_generate_prime                  3328	EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_derive                         3329	EXIST:OPENSSL_FIPS:FUNCTION:RSA
-- 
2.25.1