import openssl-0.9.8j

5 files changed, 20 insertions, 4 deletions

diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index baf0222d49..450f2b4051 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -66,6 +66,10 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16
 
+#ifdef OPENSSL_FIPS
+#define FIPS_AES_SIZE_T int
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index d2ba6bcdb4..373864cd4b 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
+#if !defined(OPENSSL_FIPS_AES_ASM)
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                      const unsigned long length, const AES_KEY *key,
                      unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                 }
         }
 }
+#endif
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index 3a80e18b0a..cffdd4daec 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -37,6 +37,10 @@
 
 #include <stdlib.h>
 #include <openssl/aes.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include "aes_locl.h"
 
 /*
@@ -631,6 +635,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
         int i = 0;
         u32 temp;
 
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
+
         if (!userKey || !key)
                 return -1;
         if (bits != 128 && bits != 192 && bits != 256)
diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl
index 89fa261794..3bc46a968e 100644
--- a/src/lib/libcrypto/aes/asm/aes-586.pl
+++ b/src/lib/libcrypto/aes/asm/aes-586.pl
@@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
 
     &align      (4);
     &set_label("enc_tail");
-        &push   ($key eq "edi" ? $key : "");    # push ivp
+        &mov    ($s0,$key eq "edi" ? $key : "");
         &mov    ($key,$_out);                   # load out
+        &push   ($s0);                          # push ivp
         &mov    ($s1,16);
         &sub    ($s1,$s2);
         &cmp    ($key,$acc);                    # compare with inp
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 44e0bf8cae..f616f1751f 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -1198,19 +1198,20 @@ AES_cbc_encrypt:
         ret
 .align  4
 .Lcbc_enc_tail:
-        cmp     $inp,$out
-        je      .Lcbc_enc_in_place
+        mov     %rax,%r11
+        mov     %rcx,%r12
         mov     %r10,%rcx
         mov     $inp,%rsi
         mov     $out,%rdi
         .long   0xF689A4F3              # rep movsb
-.Lcbc_enc_in_place:
         mov     \$16,%rcx               # zero tail
         sub     %r10,%rcx
         xor     %rax,%rax
         .long   0xF689AAF3              # rep stosb
         mov     $out,$inp               # this is not a mistake!
         movq    \$16,$_len              # len=16
+        mov     %r11,%rax
+        mov     %r12,%rcx
         jmp     .Lcbc_enc_loop          # one more spin...
 #----------------------------- DECRYPT -----------------------------#
 .align  16