From 613f66414168c14ec7d71787e8e7b45167c0fb8d Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 16 Oct 2014 13:50:08 +0200 Subject: [PATCH] new upstream release fixing multiple security issues --- openssl-1.0.1i-copy-algo.patch | 33 - ...=> openssl-1.0.1j-ephemeral-key-size.patch | 52 +- ...rap.patch => openssl-1.0.1j-evp-wrap.patch | 87 +-- ...s-ec.patch => openssl-1.0.1j-fips-ec.patch | 184 +++-- ...1g-fips.patch => openssl-1.0.1j-fips.patch | 686 +++++++++--------- openssl.spec | 17 +- 6 files changed, 511 insertions(+), 548 deletions(-) delete mode 100644 openssl-1.0.1i-copy-algo.patch rename openssl-1.0.1e-ephemeral-key-size.patch => openssl-1.0.1j-ephemeral-key-size.patch (66%) rename openssl-1.0.1i-evp-wrap.patch => openssl-1.0.1j-evp-wrap.patch (92%) rename openssl-1.0.1e-fips-ec.patch => openssl-1.0.1j-fips-ec.patch (89%) rename openssl-1.0.1g-fips.patch => openssl-1.0.1j-fips.patch (95%) diff --git a/openssl-1.0.1i-copy-algo.patch b/openssl-1.0.1i-copy-algo.patch deleted file mode 100644 index 927c584..0000000 --- a/openssl-1.0.1i-copy-algo.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 6a33b9d..76a5f9e 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -3177,15 +3177,26 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) - - SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) - { -+ CERT *ocert = ssl->cert; - if (ssl->ctx == ctx) - return ssl->ctx; - #ifndef OPENSSL_NO_TLSEXT - if (ctx == NULL) - ctx = ssl->initial_ctx; - #endif -- if (ssl->cert != NULL) -- ssl_cert_free(ssl->cert); - ssl->cert = ssl_cert_dup(ctx->cert); -+ if (ocert) -+ { -+ int i; -+ /* Copy negotiated digests from original */ -+ for (i = 0; i < SSL_PKEY_NUM; i++) -+ { -+ CERT_PKEY *cpk = ocert->pkeys + i; -+ CERT_PKEY *rpk = ssl->cert->pkeys + i; -+ rpk->digest = cpk->digest; -+ } -+ ssl_cert_free(ocert); -+ } - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) - SSL_CTX_free(ssl->ctx); /* decrement reference count */ diff --git a/openssl-1.0.1e-ephemeral-key-size.patch b/openssl-1.0.1j-ephemeral-key-size.patch similarity index 66% rename from openssl-1.0.1e-ephemeral-key-size.patch rename to openssl-1.0.1j-ephemeral-key-size.patch index 14f7940..e8e8dbb 100644 --- a/openssl-1.0.1e-ephemeral-key-size.patch +++ b/openssl-1.0.1j-ephemeral-key-size.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h ---- openssl-1.0.1e/apps/s_apps.h.ephemeral 2014-02-12 14:49:14.333513753 +0100 -+++ openssl-1.0.1e/apps/s_apps.h 2014-02-12 14:49:14.417515629 +0100 +diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h +--- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200 ++++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200 @@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok, int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); @@ -9,9 +9,9 @@ diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h int init_client(int *sock, char *server, char *port, int type); int should_retry(int i); int extract_host_port(char *str,char **host_ptr,char **port_ptr); -diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c ---- openssl-1.0.1e/apps/s_cb.c.ephemeral 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/apps/s_cb.c 2014-02-12 14:56:25.584142499 +0100 +diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c +--- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200 @@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback( } } @@ -51,10 +51,10 @@ diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { -diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c ---- openssl-1.0.1e/apps/s_client.c.ephemeral 2014-02-12 14:49:14.407515406 +0100 -+++ openssl-1.0.1e/apps/s_client.c 2014-02-12 14:49:14.418515652 +0100 -@@ -2032,6 +2032,8 @@ static void print_stuff(BIO *bio, SSL *s +diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c +--- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200 ++++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200 +@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s BIO_write(bio,"\n",1); } @@ -63,19 +63,18 @@ diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); -diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h ---- openssl-1.0.1e/ssl/ssl.h.ephemeral 2014-02-12 14:49:14.391515049 +0100 -+++ openssl-1.0.1e/ssl/ssl.h 2014-02-12 14:49:14.418515652 +0100 -@@ -1563,6 +1563,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h +--- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200 ++++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200 +@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_GET_SERVER_TMP_KEY 109 -+ + #define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) - #define DTLSv1_handle_timeout(ssl) \ -@@ -1604,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) @@ -85,13 +84,13 @@ diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); -diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c ---- openssl-1.0.1e/ssl/s3_lib.c.ephemeral 2014-02-12 14:49:14.412515518 +0100 -+++ openssl-1.0.1e/ssl/s3_lib.c 2014-02-12 14:49:14.418515652 +0100 -@@ -3350,6 +3350,44 @@ long ssl3_ctrl(SSL *s, int cmd, long lar - #endif +diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c +--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200 ++++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200 +@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_GET_SERVER_TMP_KEY: + if (s->server || !s->session || !s->session->sess_cert) + return 0; @@ -130,6 +129,7 @@ diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c + EVP_PKEY_free(ptmp); + return 0; + } - default: - break; - } ++ + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, diff --git a/openssl-1.0.1i-evp-wrap.patch b/openssl-1.0.1j-evp-wrap.patch similarity index 92% rename from openssl-1.0.1i-evp-wrap.patch rename to openssl-1.0.1j-evp-wrap.patch index 2affef5..5e60d76 100644 --- a/openssl-1.0.1i-evp-wrap.patch +++ b/openssl-1.0.1j-evp-wrap.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap openssl-1.0.1i/crypto/aes/aes_wrap.c ---- openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/crypto/aes/aes_wrap.c 2014-09-08 15:07:27.331994490 +0200 +diff -up openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap openssl-1.0.1j/crypto/aes/aes_wrap.c +--- openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap 2014-10-15 13:15:29.000000000 +0200 ++++ openssl-1.0.1j/crypto/aes/aes_wrap.c 2014-10-16 13:30:10.679654927 +0200 @@ -53,207 +53,18 @@ #include "cryptlib.h" @@ -212,9 +212,9 @@ diff -up openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap openssl-1.0.1i/crypto/aes/aes - - -#endif -diff -up openssl-1.0.1i/crypto/evp/c_allc.c.wrap openssl-1.0.1i/crypto/evp/c_allc.c ---- openssl-1.0.1i/crypto/evp/c_allc.c.wrap 2014-09-08 15:07:27.254992717 +0200 -+++ openssl-1.0.1i/crypto/evp/c_allc.c 2014-09-08 15:07:27.331994490 +0200 +diff -up openssl-1.0.1j/crypto/evp/c_allc.c.wrap openssl-1.0.1j/crypto/evp/c_allc.c +--- openssl-1.0.1j/crypto/evp/c_allc.c.wrap 2014-10-16 13:30:10.583652760 +0200 ++++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:30:10.679654927 +0200 @@ -98,6 +98,7 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_des_ecb()); EVP_add_cipher(EVP_des_ede()); @@ -285,9 +285,9 @@ diff -up openssl-1.0.1i/crypto/evp/c_allc.c.wrap openssl-1.0.1i/crypto/evp/c_all EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif -diff -up openssl-1.0.1i/crypto/evp/e_aes.c.wrap openssl-1.0.1i/crypto/evp/e_aes.c ---- openssl-1.0.1i/crypto/evp/e_aes.c.wrap 2014-09-08 15:07:27.255992740 +0200 -+++ openssl-1.0.1i/crypto/evp/e_aes.c 2014-09-08 15:07:27.331994490 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_aes.c.wrap openssl-1.0.1j/crypto/evp/e_aes.c +--- openssl-1.0.1j/crypto/evp/e_aes.c.wrap 2014-10-16 13:30:10.584652782 +0200 ++++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:30:10.679654927 +0200 @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. @@ -476,9 +476,9 @@ diff -up openssl-1.0.1i/crypto/evp/e_aes.c.wrap openssl-1.0.1i/crypto/evp/e_aes. + } + #endif -diff -up openssl-1.0.1i/crypto/evp/e_des3.c.wrap openssl-1.0.1i/crypto/evp/e_des3.c ---- openssl-1.0.1i/crypto/evp/e_des3.c.wrap 2014-09-08 15:07:27.255992740 +0200 -+++ openssl-1.0.1i/crypto/evp/e_des3.c 2014-09-08 15:07:27.332994513 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_des3.c.wrap openssl-1.0.1j/crypto/evp/e_des3.c +--- openssl-1.0.1j/crypto/evp/e_des3.c.wrap 2014-10-16 13:30:10.584652782 +0200 ++++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:30:10.679654927 +0200 @@ -310,4 +310,112 @@ const EVP_CIPHER *EVP_des_ede3(void) { return &des_ede3_ecb; @@ -592,10 +592,10 @@ diff -up openssl-1.0.1i/crypto/evp/e_des3.c.wrap openssl-1.0.1i/crypto/evp/e_des + +# endif #endif -diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_enc.c ---- openssl-1.0.1i/crypto/evp/evp_enc.c.wrap 2014-09-08 15:07:27.255992740 +0200 -+++ openssl-1.0.1i/crypto/evp/evp_enc.c 2014-09-08 15:07:27.332994513 +0200 -@@ -233,7 +233,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.wrap openssl-1.0.1j/crypto/evp/evp_enc.c +--- openssl-1.0.1j/crypto/evp/evp_enc.c.wrap 2014-10-16 13:30:10.584652782 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:30:10.680654949 +0200 +@@ -234,7 +234,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct ctx->cipher_data = NULL; } ctx->key_len = cipher->key_len; @@ -605,7 +605,7 @@ diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_ if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) -@@ -256,6 +257,13 @@ skip_to_init: +@@ -257,6 +258,13 @@ skip_to_init: || ctx->cipher->block_size == 8 || ctx->cipher->block_size == 16); @@ -619,9 +619,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_ if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch(EVP_CIPHER_CTX_mode(ctx)) { -diff -up openssl-1.0.1i/crypto/evp/evp_err.c.wrap openssl-1.0.1i/crypto/evp/evp_err.c ---- openssl-1.0.1i/crypto/evp/evp_err.c.wrap 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/crypto/evp/evp_err.c 2014-09-08 15:07:27.332994513 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_err.c.wrap openssl-1.0.1j/crypto/evp/evp_err.c +--- openssl-1.0.1j/crypto/evp/evp_err.c.wrap 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_err.c 2014-10-16 13:30:10.680654949 +0200 @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== @@ -638,9 +638,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_err.c.wrap openssl-1.0.1i/crypto/evp/evp_ {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, {0,NULL} -diff -up openssl-1.0.1i/crypto/evp/evp.h.wrap openssl-1.0.1i/crypto/evp/evp.h ---- openssl-1.0.1i/crypto/evp/evp.h.wrap 2014-09-08 15:07:27.256992763 +0200 -+++ openssl-1.0.1i/crypto/evp/evp.h 2014-09-08 15:07:27.332994513 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp.h.wrap openssl-1.0.1j/crypto/evp/evp.h +--- openssl-1.0.1j/crypto/evp/evp.h.wrap 2014-10-16 13:30:10.585652805 +0200 ++++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:30:10.680654949 +0200 @@ -336,6 +336,7 @@ struct evp_cipher_st #define EVP_CIPH_GCM_MODE 0x6 #define EVP_CIPH_CCM_MODE 0x7 @@ -706,9 +706,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp.h.wrap openssl-1.0.1i/crypto/evp/evp.h #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -diff -up openssl-1.0.1i/crypto/evp/evp_lib.c.wrap openssl-1.0.1i/crypto/evp/evp_lib.c ---- openssl-1.0.1i/crypto/evp/evp_lib.c.wrap 2014-09-08 15:07:27.256992763 +0200 -+++ openssl-1.0.1i/crypto/evp/evp_lib.c 2014-09-08 15:07:27.332994513 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.wrap openssl-1.0.1j/crypto/evp/evp_lib.c +--- openssl-1.0.1j/crypto/evp/evp_lib.c.wrap 2014-10-16 13:30:10.585652805 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:30:10.680654949 +0200 @@ -68,7 +68,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); @@ -738,9 +738,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_lib.c.wrap openssl-1.0.1i/crypto/evp/evp_ else ret=-1; return(ret); -diff -up openssl-1.0.1i/crypto/evp/evp_test.c.wrap openssl-1.0.1i/crypto/evp/evp_test.c ---- openssl-1.0.1i/crypto/evp/evp_test.c.wrap 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/crypto/evp/evp_test.c 2014-09-08 15:07:27.333994536 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_test.c.wrap openssl-1.0.1j/crypto/evp/evp_test.c +--- openssl-1.0.1j/crypto/evp/evp_test.c.wrap 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_test.c 2014-10-16 13:30:10.680654949 +0200 @@ -141,7 +141,7 @@ static void test1(const EVP_CIPHER *c,co { EVP_CIPHER_CTX ctx; @@ -806,9 +806,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_test.c.wrap openssl-1.0.1i/crypto/evp/evp /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -diff -up openssl-1.0.1i/crypto/evp/evptests.txt.wrap openssl-1.0.1i/crypto/evp/evptests.txt ---- openssl-1.0.1i/crypto/evp/evptests.txt.wrap 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/crypto/evp/evptests.txt 2014-09-08 15:07:27.333994536 +0200 +diff -up openssl-1.0.1j/crypto/evp/evptests.txt.wrap openssl-1.0.1j/crypto/evp/evptests.txt +--- openssl-1.0.1j/crypto/evp/evptests.txt.wrap 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evptests.txt 2014-10-16 13:30:10.681654972 +0200 @@ -332,3 +332,15 @@ SEED-ECB:0000000000000000000000000000000 SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 @@ -825,9 +825,9 @@ diff -up openssl-1.0.1i/crypto/evp/evptests.txt.wrap openssl-1.0.1i/crypto/evp/e +id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a +id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f + -diff -up openssl-1.0.1i/crypto/modes/Makefile.wrap openssl-1.0.1i/crypto/modes/Makefile ---- openssl-1.0.1i/crypto/modes/Makefile.wrap 2014-09-08 15:07:27.233992233 +0200 -+++ openssl-1.0.1i/crypto/modes/Makefile 2014-09-08 15:07:27.333994536 +0200 +diff -up openssl-1.0.1j/crypto/modes/Makefile.wrap openssl-1.0.1j/crypto/modes/Makefile +--- openssl-1.0.1j/crypto/modes/Makefile.wrap 2014-10-16 13:30:10.560652240 +0200 ++++ openssl-1.0.1j/crypto/modes/Makefile 2014-10-16 13:30:10.681654972 +0200 @@ -22,9 +22,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -840,10 +840,10 @@ diff -up openssl-1.0.1i/crypto/modes/Makefile.wrap openssl-1.0.1i/crypto/modes/M SRC= $(LIBSRC) -diff -up openssl-1.0.1i/crypto/modes/modes.h.wrap openssl-1.0.1i/crypto/modes/modes.h ---- openssl-1.0.1i/crypto/modes/modes.h.wrap 2014-09-08 15:07:26.865983757 +0200 -+++ openssl-1.0.1i/crypto/modes/modes.h 2014-09-08 15:07:27.333994536 +0200 -@@ -133,3 +133,17 @@ typedef struct xts128_context XTS128_CON +diff -up openssl-1.0.1j/crypto/modes/modes.h.wrap openssl-1.0.1j/crypto/modes/modes.h +--- openssl-1.0.1j/crypto/modes/modes.h.wrap 2014-10-16 13:30:10.681654972 +0200 ++++ openssl-1.0.1j/crypto/modes/modes.h 2014-10-16 13:31:01.232796186 +0200 +@@ -136,6 +136,20 @@ typedef struct xts128_context XTS128_CON int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, size_t len, int enc); @@ -861,9 +861,12 @@ diff -up openssl-1.0.1i/crypto/modes/modes.h.wrap openssl-1.0.1i/crypto/modes/mo +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, + unsigned char *out, + const unsigned char *in, size_t inlen, block128_f block); -diff -up openssl-1.0.1i/crypto/modes/wrap128.c.wrap openssl-1.0.1i/crypto/modes/wrap128.c ---- openssl-1.0.1i/crypto/modes/wrap128.c.wrap 2014-09-08 15:07:27.333994536 +0200 -+++ openssl-1.0.1i/crypto/modes/wrap128.c 2014-09-08 15:07:27.333994536 +0200 + #ifdef __cplusplus + } + #endif +diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/wrap128.c +--- openssl-1.0.1j/crypto/modes/wrap128.c.wrap 2014-10-16 13:30:10.681654972 +0200 ++++ openssl-1.0.1j/crypto/modes/wrap128.c 2014-10-16 13:30:10.681654972 +0200 @@ -0,0 +1,372 @@ +/* crypto/modes/wrap128.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL diff --git a/openssl-1.0.1e-fips-ec.patch b/openssl-1.0.1j-fips-ec.patch similarity index 89% rename from openssl-1.0.1e-fips-ec.patch rename to openssl-1.0.1j-fips-ec.patch index e1f648c..b608a9d 100644 --- a/openssl-1.0.1e-fips-ec.patch +++ b/openssl-1.0.1j-fips-ec.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h ---- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec 2013-11-08 17:59:42.755019363 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ecdh.h 2013-11-08 17:59:43.147028002 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1j/crypto/ecdh/ecdh.h +--- openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec 2014-10-16 13:25:20.248098308 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ecdh.h 2014-10-16 13:25:20.730109190 +0200 @@ -85,6 +85,8 @@ extern "C" { #endif @@ -10,9 +10,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ec const ECDH_METHOD *ECDH_OpenSSL(void); void ECDH_set_default_method(const ECDH_METHOD *); -diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c ---- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c 2013-11-08 17:59:54.712282862 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1j/crypto/ecdh/ecdhtest.c +--- openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c 2014-10-16 13:25:20.730109190 +0200 @@ -323,8 +323,10 @@ int main(int argc, char *argv[]) if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -24,9 +24,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecd if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err; if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err; if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err; -diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c ---- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_lib.c +--- openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ech_lib.c 2014-10-16 13:25:20.730109190 +0200 @@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth { if(!default_ECDH_method) @@ -42,9 +42,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh } return default_ECDH_method; } -diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c ---- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_ossl.c +--- openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c 2014-10-16 13:25:20.730109190 +0200 @@ -79,6 +79,10 @@ #include #include @@ -99,9 +99,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd if ((tmp=EC_POINT_new(group)) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c ---- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecdsatest.c +--- openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c 2014-10-16 13:25:20.731109212 +0200 @@ -138,11 +138,14 @@ int restore_rand(void) } @@ -137,9 +137,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e if (!test_builtin(out)) goto err; ret = 0; -diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c ---- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_lib.c +--- openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c 2014-10-16 13:25:20.731109212 +0200 @@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me { if(!default_ECDSA_method) @@ -155,9 +155,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd } return default_ECDSA_method; } -diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c ---- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c +--- openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c 2014-10-16 13:25:20.731109212 +0200 @@ -60,6 +60,9 @@ #include #include @@ -207,9 +207,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) -diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c ---- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ec_key.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec openssl-1.0.1j/crypto/ec/ec_key.c +--- openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ec/ec_key.c 2014-10-16 13:25:20.731109212 +0200 @@ -64,9 +64,6 @@ #include #include "ec_lcl.h" @@ -306,10 +306,10 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, EC_R_COORDINATES_OUT_OF_RANGE); -diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c ---- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_mont.c 2013-11-08 17:59:43.149028046 +0100 -@@ -63,18 +63,11 @@ +diff -up openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_mont.c +--- openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec 2014-10-16 13:25:20.731109212 +0200 ++++ openssl-1.0.1j/crypto/ec/ecp_mont.c 2014-10-16 13:27:34.156121340 +0200 +@@ -63,10 +63,6 @@ #include @@ -320,26 +320,22 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec #include "ec_lcl.h" - const EC_METHOD *EC_GFp_mont_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_mont_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void +@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void + ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; - return &ret; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_mont_method(); -#endif +- + return &ret; } - -diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c ---- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_nist.c 2013-11-08 17:59:43.149028046 +0100 -@@ -67,15 +67,8 @@ +diff -up openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_nist.c +--- openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec 2014-10-16 13:25:20.732109235 +0200 ++++ openssl-1.0.1j/crypto/ec/ecp_nist.c 2014-10-16 13:27:53.163550441 +0200 +@@ -67,10 +67,6 @@ #include #include "ec_lcl.h" @@ -349,24 +345,23 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec - const EC_METHOD *EC_GFp_nist_method(void) { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_nist_method(); --#else static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void +@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_nist_method(void + 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_nist_method(); -#endif +- + return &ret; } - int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) -diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c ---- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c 2013-11-08 17:59:43.149028046 +0100 -@@ -65,17 +65,10 @@ +diff -up openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_smpl.c +--- openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ec/ecp_smpl.c 2014-10-16 13:28:39.386593946 +0200 +@@ -65,10 +65,6 @@ #include #include @@ -377,22 +372,19 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec #include "ec_lcl.h" const EC_METHOD *EC_GFp_simple_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_simple_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo +@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(vo + 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_simple_method(); -#endif +- + return &ret; } - -@@ -186,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO +@@ -187,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO return 0; } @@ -405,9 +397,9 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); -diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c ---- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c 2013-11-08 17:59:43.149028046 +0100 +diff -up openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1j/crypto/evp/m_ecdsa.c +--- openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_ecdsa.c 2014-10-16 13:25:20.732109235 +0200 @@ -116,7 +116,6 @@ #include @@ -430,9 +422,9 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m } #endif -#endif -diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c ---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2013-11-08 17:59:43.149028046 +0100 -+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c 2013-11-08 17:59:43.149028046 +0100 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2014-10-16 13:25:20.732109235 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c 2014-10-16 13:25:20.732109235 +0200 @@ -0,0 +1,496 @@ +/* fips/ecdh/fips_ecdhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -930,9 +922,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c ---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 -+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2014-10-16 13:25:20.733109257 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c 2014-10-16 13:25:20.733109257 +0200 @@ -0,0 +1,533 @@ +/* fips/ecdsa/fips_ecdsavs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1467,9 +1459,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 -+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec 2014-10-16 13:25:20.733109257 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c 2014-10-16 13:25:20.733109257 +0200 @@ -0,0 +1,252 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1723,9 +1715,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/ + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 -+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2014-10-16 13:25:20.733109257 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c 2014-10-16 13:25:20.733109257 +0200 @@ -0,0 +1,167 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1894,9 +1886,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h ---- openssl-1.0.1e/crypto/fips/fips.h.fips-ec 2013-11-08 17:59:43.116027318 +0100 -+++ openssl-1.0.1e/crypto/fips/fips.h 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips.h.fips-ec openssl-1.0.1j/crypto/fips/fips.h +--- openssl-1.0.1j/crypto/fips/fips.h.fips-ec 2014-10-16 13:25:20.701108535 +0200 ++++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:25:20.733109257 +0200 @@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void); void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); @@ -1906,9 +1898,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c ---- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec 2013-11-08 17:59:43.117027340 +0100 -+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec openssl-1.0.1j/crypto/fips/fips_post.c +--- openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec 2014-10-16 13:25:20.702108557 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:25:20.733109257 +0200 @@ -95,8 +95,12 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_rsa()) @@ -1922,9 +1914,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi return rv; } -diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile ---- openssl-1.0.1e/crypto/fips/Makefile.fips-ec 2013-11-08 17:59:43.119027384 +0100 -+++ openssl-1.0.1e/crypto/fips/Makefile 2013-11-08 17:59:43.151028090 +0100 +diff -up openssl-1.0.1j/crypto/fips/Makefile.fips-ec openssl-1.0.1j/crypto/fips/Makefile +--- openssl-1.0.1j/crypto/fips/Makefile.fips-ec 2014-10-16 13:25:20.704108603 +0200 ++++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:25:20.734109280 +0200 @@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -1941,7 +1933,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ LIBCRYPTO=-L.. -lcrypto -@@ -118,6 +118,21 @@ fips_aes_selftest.o: ../../include/opens +@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens fips_aes_selftest.o: ../../include/openssl/safestack.h fips_aes_selftest.o: ../../include/openssl/stack.h fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c @@ -1963,7 +1955,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h fips_des_selftest.o: ../../include/openssl/crypto.h fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -@@ -231,6 +246,46 @@ fips_dsa_selftest.o: ../../include/opens +@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens fips_dsa_selftest.o: ../../include/openssl/stack.h fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c fips_dsa_selftest.o: fips_locl.h @@ -2010,7 +2002,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h fips_hmac_selftest.o: ../../include/openssl/crypto.h fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -@@ -245,6 +300,15 @@ fips_hmac_selftest.o: ../../include/open +@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open fips_hmac_selftest.o: ../../include/openssl/safestack.h fips_hmac_selftest.o: ../../include/openssl/stack.h fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c @@ -2026,9 +2018,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map ---- openssl-1.0.1e/version.map.fips-ec 2013-11-08 17:59:43.131027649 +0100 -+++ openssl-1.0.1e/version.map 2013-11-08 17:59:43.151028090 +0100 +diff -up openssl-1.0.1j/version.map.fips-ec openssl-1.0.1j/version.map +--- openssl-1.0.1j/version.map.fips-ec 2014-10-16 13:25:20.716108873 +0200 ++++ openssl-1.0.1j/version.map 2014-10-16 13:25:20.734109280 +0200 @@ -6,3 +6,7 @@ OPENSSL_1.0.1 { _original*; _current*; diff --git a/openssl-1.0.1g-fips.patch b/openssl-1.0.1j-fips.patch similarity index 95% rename from openssl-1.0.1g-fips.patch rename to openssl-1.0.1j-fips.patch index 449ca1c..dff6aca 100644 --- a/openssl-1.0.1g-fips.patch +++ b/openssl-1.0.1j-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1g/apps/speed.c.fips openssl-1.0.1g/apps/speed.c ---- openssl-1.0.1g/apps/speed.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/apps/speed.c 2014-05-06 16:29:50.536922993 +0200 +diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c +--- openssl-1.0.1j/apps/speed.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/apps/speed.c 2014-10-16 13:19:35.084306085 +0200 @@ -195,7 +195,6 @@ #ifdef OPENSSL_DOING_MAKEDEPEND #undef AES_set_encrypt_key @@ -126,10 +126,10 @@ diff -up openssl-1.0.1g/apps/speed.c.fips openssl-1.0.1g/apps/speed.c HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 16,EVP_md5(), NULL); -diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure ---- openssl-1.0.1g/Configure.fips 2014-05-06 16:29:50.523922693 +0200 -+++ openssl-1.0.1g/Configure 2014-05-06 16:29:50.536922993 +0200 -@@ -997,11 +997,6 @@ if (defined($disabled{"md5"}) || defined +diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure +--- openssl-1.0.1j/Configure.fips 2014-10-16 13:19:35.056305452 +0200 ++++ openssl-1.0.1j/Configure 2014-10-16 13:19:35.084306085 +0200 +@@ -998,11 +998,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -141,7 +141,7 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1476,7 +1471,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1477,7 +1472,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -149,7 +149,7 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1663,9 +1657,12 @@ while () +@@ -1664,9 +1658,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -163,9 +163,9 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.1g/crypto/aes/aes_misc.c.fips openssl-1.0.1g/crypto/aes/aes_misc.c ---- openssl-1.0.1g/crypto/aes/aes_misc.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/aes/aes_misc.c 2014-05-06 16:29:50.536922993 +0200 +diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes_misc.c +--- openssl-1.0.1j/crypto/aes/aes_misc.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/aes/aes_misc.c 2014-10-16 13:19:35.085306107 +0200 @@ -69,17 +69,11 @@ const char *AES_options(void) { int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -184,9 +184,9 @@ diff -up openssl-1.0.1g/crypto/aes/aes_misc.c.fips openssl-1.0.1g/crypto/aes/aes -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -diff -up openssl-1.0.1g/crypto/cmac/cmac.c.fips openssl-1.0.1g/crypto/cmac/cmac.c ---- openssl-1.0.1g/crypto/cmac/cmac.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/cmac/cmac.c 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac.c +--- openssl-1.0.1j/crypto/cmac/cmac.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/cmac/cmac.c 2014-10-16 13:19:35.085306107 +0200 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -235,9 +235,9 @@ diff -up openssl-1.0.1g/crypto/cmac/cmac.c.fips openssl-1.0.1g/crypto/cmac/cmac. if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -diff -up openssl-1.0.1g/crypto/crypto.h.fips openssl-1.0.1g/crypto/crypto.h ---- openssl-1.0.1g/crypto/crypto.h.fips 2014-05-06 16:29:50.419920288 +0200 -+++ openssl-1.0.1g/crypto/crypto.h 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h +--- openssl-1.0.1j/crypto/crypto.h.fips 2014-10-16 13:19:34.918302337 +0200 ++++ openssl-1.0.1j/crypto/crypto.h 2014-10-16 13:19:35.085306107 +0200 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -283,9 +283,9 @@ diff -up openssl-1.0.1g/crypto/crypto.h.fips openssl-1.0.1g/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.1g/crypto/des/des.h.fips openssl-1.0.1g/crypto/des/des.h ---- openssl-1.0.1g/crypto/des/des.h.fips 2014-05-06 16:29:50.449920982 +0200 -+++ openssl-1.0.1g/crypto/des/des.h 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h +--- openssl-1.0.1j/crypto/des/des.h.fips 2014-10-16 13:19:34.967303443 +0200 ++++ openssl-1.0.1j/crypto/des/des.h 2014-10-16 13:19:35.085306107 +0200 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); @@ -296,9 +296,9 @@ diff -up openssl-1.0.1g/crypto/des/des.h.fips openssl-1.0.1g/crypto/des/des.h void DES_string_to_key(const char *str,DES_cblock *key); void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, -diff -up openssl-1.0.1g/crypto/des/set_key.c.fips openssl-1.0.1g/crypto/des/set_key.c ---- openssl-1.0.1g/crypto/des/set_key.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/des/set_key.c 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_key.c +--- openssl-1.0.1j/crypto/des/set_key.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/des/set_key.c 2014-10-16 13:19:35.085306107 +0200 @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -313,9 +313,9 @@ diff -up openssl-1.0.1g/crypto/des/set_key.c.fips openssl-1.0.1g/crypto/des/set_ { static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; -diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips openssl-1.0.1g/crypto/dh/dh_gen.c ---- openssl-1.0.1g/crypto/dh/dh_gen.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dh/dh_gen.c 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen.c +--- openssl-1.0.1j/crypto/dh/dh_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dh/dh_gen.c 2014-10-16 13:19:35.085306107 +0200 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if(ret->meth->generate_params) @@ -349,9 +349,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips openssl-1.0.1g/crypto/dh/dh_gen. ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.1g/crypto/dh/dh.h.fips openssl-1.0.1g/crypto/dh/dh.h ---- openssl-1.0.1g/crypto/dh/dh.h.fips 2014-05-06 16:29:50.394919710 +0200 -+++ openssl-1.0.1g/crypto/dh/dh.h 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h +--- openssl-1.0.1j/crypto/dh/dh.h.fips 2014-10-16 13:19:34.887301637 +0200 ++++ openssl-1.0.1j/crypto/dh/dh.h 2014-10-16 13:19:35.086306130 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -369,9 +369,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh.h.fips openssl-1.0.1g/crypto/dh/dh.h DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); int i2d_DHparams(const DH *a,unsigned char **pp); #ifndef OPENSSL_NO_FP_API -diff -up openssl-1.0.1g/crypto/dh/dh_key.c.fips openssl-1.0.1g/crypto/dh/dh_key.c ---- openssl-1.0.1g/crypto/dh/dh_key.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dh/dh_key.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key.c +--- openssl-1.0.1j/crypto/dh/dh_key.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dh/dh_key.c 2014-10-16 13:19:35.086306130 +0200 @@ -61,6 +61,9 @@ #include #include @@ -452,9 +452,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_key.c.fips openssl-1.0.1g/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.1g/crypto/dh/dh_lib.c.fips openssl-1.0.1g/crypto/dh/dh_lib.c ---- openssl-1.0.1g/crypto/dh/dh_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dh/dh_lib.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib.c +--- openssl-1.0.1j/crypto/dh/dh_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dh/dh_lib.c 2014-10-16 13:19:35.086306130 +0200 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v { if(!default_DH_method) @@ -470,9 +470,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_lib.c.fips openssl-1.0.1g/crypto/dh/dh_lib. } return default_DH_method; } -diff -up openssl-1.0.1g/crypto/dsa/dsa_err.c.fips openssl-1.0.1g/crypto/dsa/dsa_err.c ---- openssl-1.0.1g/crypto/dsa/dsa_err.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_err.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_err.c +--- openssl-1.0.1j/crypto/dsa/dsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_err.c 2014-10-16 13:19:35.086306130 +0200 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -491,9 +491,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_err.c.fips openssl-1.0.1g/crypto/dsa/dsa_ {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, -diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips openssl-1.0.1g/crypto/dsa/dsa_gen.c ---- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_gen.c +--- openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_gen.c 2014-10-16 13:19:35.086306130 +0200 @@ -85,6 +85,14 @@ #include #endif @@ -900,9 +900,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips openssl-1.0.1g/crypto/dsa/dsa_ } if (mont != NULL) BN_MONT_CTX_free(mont); return ok; -diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips openssl-1.0.1g/crypto/dsa/dsa.h ---- openssl-1.0.1g/crypto/dsa/dsa.h.fips 2014-05-06 16:29:50.316917907 +0200 -+++ openssl-1.0.1g/crypto/dsa/dsa.h 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h +--- openssl-1.0.1j/crypto/dsa/dsa.h.fips 2014-10-16 13:19:34.791299470 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa.h 2014-10-16 13:19:35.087306152 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -963,9 +963,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips openssl-1.0.1g/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips openssl-1.0.1g/crypto/dsa/dsa_key.c ---- openssl-1.0.1g/crypto/dsa/dsa_key.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_key.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_key.c +--- openssl-1.0.1j/crypto/dsa/dsa_key.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_key.c 2014-10-16 13:19:35.087306152 +0200 @@ -66,6 +66,35 @@ #ifdef OPENSSL_FIPS @@ -1044,9 +1044,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips openssl-1.0.1g/crypto/dsa/dsa_ ok=1; err: -diff -up openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips openssl-1.0.1g/crypto/dsa/dsa_lib.c ---- openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_lib.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_lib.c +--- openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_lib.c 2014-10-16 13:19:35.087306152 +0200 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method { if(!default_DSA_method) @@ -1062,18 +1062,18 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips openssl-1.0.1g/crypto/dsa/dsa_ } return default_DSA_method; } -diff -up openssl-1.0.1g/crypto/dsa/dsa_locl.h.fips openssl-1.0.1g/crypto/dsa/dsa_locl.h ---- openssl-1.0.1g/crypto/dsa/dsa_locl.h.fips 2014-05-06 16:29:50.317917930 +0200 -+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips openssl-1.0.1j/crypto/dsa/dsa_locl.h +--- openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips 2014-10-16 13:19:34.792299493 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_locl.h 2014-10-16 13:19:35.087306152 +0200 @@ -56,5 +56,4 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -diff -up openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1g/crypto/dsa/dsa_ossl.c ---- openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_ossl.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa_ossl.c +--- openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c 2014-10-16 13:19:35.087306152 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1147,9 +1147,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1g/crypto/dsa/dsa dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1g/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_pmeth.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c 2014-10-16 13:19:35.087306152 +0200 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1159,9 +1159,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1g/crypto/dsa/ds if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -diff -up openssl-1.0.1g/crypto/dsa/dsatest.c.fips openssl-1.0.1g/crypto/dsa/dsatest.c ---- openssl-1.0.1g/crypto/dsa/dsatest.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsatest.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsatest.c +--- openssl-1.0.1j/crypto/dsa/dsatest.c.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsatest.c 2014-10-16 13:19:35.088306175 +0200 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1246,9 +1246,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsatest.c.fips openssl-1.0.1g/crypto/dsa/dsat goto end; } if (h != 2) -diff -up openssl-1.0.1g/crypto/engine/eng_all.c.fips openssl-1.0.1g/crypto/engine/eng_all.c ---- openssl-1.0.1g/crypto/engine/eng_all.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/engine/eng_all.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engine/eng_all.c +--- openssl-1.0.1j/crypto/engine/eng_all.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/engine/eng_all.c 2014-10-16 13:19:35.088306175 +0200 @@ -58,11 +58,25 @@ #include "cryptlib.h" @@ -1275,9 +1275,9 @@ diff -up openssl-1.0.1g/crypto/engine/eng_all.c.fips openssl-1.0.1g/crypto/engin #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -diff -up openssl-1.0.1g/crypto/evp/c_allc.c.fips openssl-1.0.1g/crypto/evp/c_allc.c ---- openssl-1.0.1g/crypto/evp/c_allc.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/c_allc.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_allc.c +--- openssl-1.0.1j/crypto/evp/c_allc.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:19:35.088306175 +0200 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -1351,9 +1351,9 @@ diff -up openssl-1.0.1g/crypto/evp/c_allc.c.fips openssl-1.0.1g/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.1g/crypto/evp/c_alld.c.fips openssl-1.0.1g/crypto/evp/c_alld.c ---- openssl-1.0.1g/crypto/evp/c_alld.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/c_alld.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_alld.c +--- openssl-1.0.1j/crypto/evp/c_alld.c.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/c_alld.c 2014-10-16 13:19:35.088306175 +0200 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -1399,9 +1399,9 @@ diff -up openssl-1.0.1g/crypto/evp/c_alld.c.fips openssl-1.0.1g/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.1g/crypto/evp/digest.c.fips openssl-1.0.1g/crypto/evp/digest.c ---- openssl-1.0.1g/crypto/evp/digest.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/digest.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/digest.c +--- openssl-1.0.1j/crypto/evp/digest.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/digest.c 2014-10-16 13:19:35.088306175 +0200 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1550,9 +1550,9 @@ diff -up openssl-1.0.1g/crypto/evp/digest.c.fips openssl-1.0.1g/crypto/evp/diges memset(ctx,'\0',sizeof *ctx); return 1; -diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes.c ---- openssl-1.0.1g/crypto/evp/e_aes.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/e_aes.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes.c +--- openssl-1.0.1j/crypto/evp/e_aes.c.fips 2014-10-16 13:19:35.048305272 +0200 ++++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:19:35.089306198 +0200 @@ -56,7 +56,6 @@ #include #include @@ -1561,7 +1561,7 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes. #include "modes_lcl.h" #include -@@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -730,7 +729,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * if (arg <= 0) return 0; #ifdef OPENSSL_FIPS @@ -1570,7 +1570,7 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes. && arg < 12) return 0; #endif -@@ -1134,7 +1133,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1189,7 +1188,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; #ifdef OPENSSL_FIPS /* Requirement of SP800-38E */ @@ -1579,14 +1579,14 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes. (len > (1UL<<20)*16)) { EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); -@@ -1317,4 +1316,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm +@@ -1386,4 +1385,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/e_des3.c.fips openssl-1.0.1g/crypto/evp/e_des3.c ---- openssl-1.0.1g/crypto/evp/e_des3.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/e_des3.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des3.c +--- openssl-1.0.1j/crypto/evp/e_des3.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:19:35.089306198 +0200 @@ -65,8 +65,6 @@ #include #include @@ -1645,9 +1645,9 @@ diff -up openssl-1.0.1g/crypto/evp/e_des3.c.fips openssl-1.0.1g/crypto/evp/e_des } #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/e_null.c.fips openssl-1.0.1g/crypto/evp/e_null.c ---- openssl-1.0.1g/crypto/evp/e_null.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/e_null.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_null.c +--- openssl-1.0.1j/crypto/evp/e_null.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/e_null.c 2014-10-16 13:19:35.089306198 +0200 @@ -61,8 +61,6 @@ #include #include @@ -1671,11 +1671,11 @@ diff -up openssl-1.0.1g/crypto/evp/e_null.c.fips openssl-1.0.1g/crypto/evp/e_nul return 1; } -#endif -diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_enc.c ---- openssl-1.0.1g/crypto/evp/evp_enc.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/evp_enc.c 2014-05-06 16:29:50.541923109 +0200 -@@ -69,17 +69,58 @@ - #endif +diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_enc.c +--- openssl-1.0.1j/crypto/evp/evp_enc.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:21:57.064511350 +0200 +@@ -70,17 +70,58 @@ + #include "constant_time_locl.h" #include "evp_locl.h" -#ifdef OPENSSL_FIPS @@ -1737,7 +1737,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ memset(ctx,0,sizeof(EVP_CIPHER_CTX)); /* ctx->cipher=NULL; */ } -@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1752,7 +1752,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct ctx->engine = NULL; #endif @@ -1763,7 +1763,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ ctx->cipher=cipher; if (ctx->cipher->ctx_size) { -@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif @@ -1774,7 +1774,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 -@@ -249,6 +290,22 @@ skip_to_init: +@@ -250,6 +291,22 @@ skip_to_init: } } @@ -1797,7 +1797,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX +@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { @@ -1805,7 +1805,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ if (c->cipher != NULL) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT +@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT } if (c->cipher_data) OPENSSL_free(c->cipher_data); @@ -1822,9 +1822,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } -diff -up openssl-1.0.1g/crypto/evp/evp.h.fips openssl-1.0.1g/crypto/evp/evp.h ---- openssl-1.0.1g/crypto/evp/evp.h.fips 2014-05-06 16:29:50.432920589 +0200 -+++ openssl-1.0.1g/crypto/evp/evp.h 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h +--- openssl-1.0.1j/crypto/evp/evp.h.fips 2014-10-16 13:19:34.940302834 +0200 ++++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:19:35.090306220 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1877,9 +1877,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp.h.fips openssl-1.0.1g/crypto/evp/evp.h /* Cipher handles any and all padding logic as well * as finalisation. */ -diff -up openssl-1.0.1g/crypto/evp/evp_lib.c.fips openssl-1.0.1g/crypto/evp/evp_lib.c ---- openssl-1.0.1g/crypto/evp/evp_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/evp_lib.c 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_lib.c +--- openssl-1.0.1j/crypto/evp/evp_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:19:35.090306220 +0200 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1890,9 +1890,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_lib.c.fips openssl-1.0.1g/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.1g/crypto/evp/evp_locl.h.fips openssl-1.0.1g/crypto/evp/evp_locl.h ---- openssl-1.0.1g/crypto/evp/evp_locl.h.fips 2014-05-06 16:29:50.428920496 +0200 -+++ openssl-1.0.1g/crypto/evp/evp_locl.h 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp_locl.h +--- openssl-1.0.1j/crypto/evp/evp_locl.h.fips 2014-10-16 13:19:34.933302676 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_locl.h 2014-10-16 13:19:35.090306220 +0200 @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -1927,9 +1927,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_locl.h.fips openssl-1.0.1g/crypto/evp/evp #define Camellia_set_key private_Camellia_set_key #endif -diff -up openssl-1.0.1g/crypto/evp/Makefile.fips openssl-1.0.1g/crypto/evp/Makefile ---- openssl-1.0.1g/crypto/evp/Makefile.fips 2014-04-07 18:55:33.000000000 +0200 -+++ openssl-1.0.1g/crypto/evp/Makefile 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makefile +--- openssl-1.0.1j/crypto/evp/Makefile.fips 2014-10-15 14:54:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/Makefile 2014-10-16 13:19:35.090306220 +0200 @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -1948,9 +1948,9 @@ diff -up openssl-1.0.1g/crypto/evp/Makefile.fips openssl-1.0.1g/crypto/evp/Makef e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o SRC= $(LIBSRC) -diff -up openssl-1.0.1g/crypto/evp/m_dss.c.fips openssl-1.0.1g/crypto/evp/m_dss.c ---- openssl-1.0.1g/crypto/evp/m_dss.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_dss.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss.c +--- openssl-1.0.1j/crypto/evp/m_dss.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_dss.c 2014-10-16 13:19:35.090306220 +0200 @@ -66,7 +66,6 @@ #endif @@ -1973,9 +1973,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_dss.c.fips openssl-1.0.1g/crypto/evp/m_dss. } #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/m_dss1.c.fips openssl-1.0.1g/crypto/evp/m_dss1.c ---- openssl-1.0.1g/crypto/evp/m_dss1.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_dss1.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss1.c +--- openssl-1.0.1j/crypto/evp/m_dss1.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_dss1.c 2014-10-16 13:19:35.091306243 +0200 @@ -68,8 +68,6 @@ #include #endif @@ -1999,9 +1999,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_dss1.c.fips openssl-1.0.1g/crypto/evp/m_dss } #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/m_md2.c.fips openssl-1.0.1g/crypto/evp/m_md2.c ---- openssl-1.0.1g/crypto/evp/m_md2.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_md2.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2.c +--- openssl-1.0.1j/crypto/evp/m_md2.c.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_md2.c 2014-10-16 13:19:35.091306243 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -2010,9 +2010,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_md2.c.fips openssl-1.0.1g/crypto/evp/m_md2. static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.1g/crypto/evp/m_sha1.c.fips openssl-1.0.1g/crypto/evp/m_sha1.c ---- openssl-1.0.1g/crypto/evp/m_sha1.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_sha1.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha1.c +--- openssl-1.0.1j/crypto/evp/m_sha1.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_sha1.c 2014-10-16 13:19:35.091306243 +0200 @@ -59,8 +59,6 @@ #include #include "cryptlib.h" @@ -2077,9 +2077,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_sha1.c.fips openssl-1.0.1g/crypto/evp/m_sha #endif /* ifndef OPENSSL_NO_SHA512 */ -#endif -diff -up openssl-1.0.1g/crypto/evp/p_sign.c.fips openssl-1.0.1g/crypto/evp/p_sign.c ---- openssl-1.0.1g/crypto/evp/p_sign.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/p_sign.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sign.c +--- openssl-1.0.1j/crypto/evp/p_sign.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/p_sign.c 2014-10-16 13:19:35.091306243 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2111,9 +2111,9 @@ diff -up openssl-1.0.1g/crypto/evp/p_sign.c.fips openssl-1.0.1g/crypto/evp/p_sig if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.1g/crypto/evp/p_verify.c.fips openssl-1.0.1g/crypto/evp/p_verify.c ---- openssl-1.0.1g/crypto/evp/p_verify.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/p_verify.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_verify.c +--- openssl-1.0.1j/crypto/evp/p_verify.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/p_verify.c 2014-10-16 13:19:35.091306243 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2145,9 +2145,9 @@ diff -up openssl-1.0.1g/crypto/evp/p_verify.c.fips openssl-1.0.1g/crypto/evp/p_v i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips 2014-10-16 13:19:35.092306265 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c 2014-10-16 13:19:35.092306265 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3088,9 +3088,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1g/crypt + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips 2014-10-16 13:19:35.092306265 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c 2014-10-16 13:19:35.092306265 +0200 @@ -0,0 +1,517 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3609,9 +3609,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1g/cry + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips 2014-10-16 13:19:35.092306265 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c 2014-10-16 13:19:35.092306265 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -4315,9 +4315,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips 2014-10-16 13:19:35.093306288 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,292 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4611,9 +4611,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1g/crypto/ + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips 2014-10-16 13:19:35.093306288 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,416 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5031,9 +5031,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1g/crypt + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips 2014-10-16 13:19:35.093306288 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,537 @@ +#include + @@ -5572,9 +5572,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1g/crypto + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,571 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6147,9 +6147,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1g/cryp +} + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -6381,9 +6381,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1g/crypto + return 0; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6775,9 +6775,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1g/cry + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7149,9 +7149,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1g/cry + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7530,9 +7530,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1g/cry + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7922,9 +7922,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1g/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_utl.h 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -8269,9 +8269,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1g/crypto/f +#endif + } + -diff -up openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_aes_selftest.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,359 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8632,9 +8632,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips.c.fips openssl-1.0.1g/crypto/fips/fips.c ---- openssl-1.0.1g/crypto/fips/fips.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips.c 2014-05-06 16:33:24.309865160 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips.c +--- openssl-1.0.1j/crypto/fips/fips.c.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/fips.c 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,491 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9127,9 +9127,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips.c.fips openssl-1.0.1g/crypto/fips/fips. + + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,161 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9292,9 +9292,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1g/cry + return rv; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_des_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_des_selftest.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_des_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,147 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9443,9 +9443,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1g/cryp + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9883,9 +9883,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1g/crypto/f + + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_hash.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_hash.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hash.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,378 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10265,9 +10265,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1g/crypto/ + + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,281 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10550,9 +10550,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1g/crypto/ + + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_lib.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_lib.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_lib.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c 2014-10-16 13:19:35.097306378 +0200 @@ -0,0 +1,578 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -11132,9 +11132,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1g/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_rand.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_rand.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c 2014-10-16 13:19:35.097306378 +0200 @@ -0,0 +1,172 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11308,9 +11308,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1g/crypto/ + return &rand_drbg_meth; + } + -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips 2014-05-06 16:29:50.548923271 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c 2014-05-06 16:29:50.548923271 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c 2014-10-16 13:19:35.097306378 +0200 @@ -0,0 +1,862 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12174,9 +12174,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1g/cry + return rv; + } + -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h ---- openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips 2014-05-06 16:29:50.548923271 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h 2014-05-06 16:29:50.548923271 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h +--- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips 2014-10-16 13:19:35.098306401 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h 2014-10-16 13:19:35.098306401 +0200 @@ -0,0 +1,2335 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14513,9 +14513,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1g/cry + 0xc2,0xd6,0xfd,0xa5 + }; + -diff -up openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c 2014-05-06 16:29:50.548923271 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,193 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14710,9 +14710,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1g/cryp + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_enc.c.fips openssl-1.0.1g/crypto/fips/fips_enc.c ---- openssl-1.0.1g/crypto/fips/fips_enc.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_enc.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/fips_enc.c +--- openssl-1.0.1j/crypto/fips/fips_enc.c.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_enc.c 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,191 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -14905,9 +14905,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_enc.c.fips openssl-1.0.1g/crypto/fips/f + } + } + -diff -up openssl-1.0.1g/crypto/fips/fips.h.fips openssl-1.0.1g/crypto/fips/fips.h ---- openssl-1.0.1g/crypto/fips/fips.h.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips.h 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips.h +--- openssl-1.0.1j/crypto/fips/fips.h.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,279 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -15188,9 +15188,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips.h.fips openssl-1.0.1g/crypto/fips/fips. +} +#endif +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -15329,9 +15329,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1g/cry + return 1; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_locl.h.fips openssl-1.0.1g/crypto/fips/fips_locl.h ---- openssl-1.0.1g/crypto/fips/fips_locl.h.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_locl.h 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/fips_locl.h +--- openssl-1.0.1j/crypto/fips/fips_locl.h.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_locl.h 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15404,9 +15404,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_locl.h.fips openssl-1.0.1g/crypto/fips/ +} +#endif +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_md.c.fips openssl-1.0.1g/crypto/fips/fips_md.c ---- openssl-1.0.1g/crypto/fips/fips_md.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_md.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fips_md.c +--- openssl-1.0.1j/crypto/fips/fips_md.c.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_md.c 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,145 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15553,9 +15553,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_md.c.fips openssl-1.0.1g/crypto/fips/fi + return NULL; + } + } -diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips openssl-1.0.1g/crypto/fips/fips_post.c ---- openssl-1.0.1g/crypto/fips/fips_post.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_post.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/fips_post.c +--- openssl-1.0.1j/crypto/fips/fips_post.c.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,205 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15762,9 +15762,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips openssl-1.0.1g/crypto/fips/ + return 1; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rand.c.fips openssl-1.0.1g/crypto/fips/fips_rand.c ---- openssl-1.0.1g/crypto/fips/fips_rand.c.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand.c 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/fips_rand.c +--- openssl-1.0.1j/crypto/fips/fips_rand.c.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand.c 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,457 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -16223,9 +16223,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand.c.fips openssl-1.0.1g/crypto/fips/ +} + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rand.h.fips openssl-1.0.1g/crypto/fips/fips_rand.h ---- openssl-1.0.1g/crypto/fips/fips_rand.h.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand.h 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/fips_rand.h +--- openssl-1.0.1j/crypto/fips/fips_rand.h.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand.h 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16372,9 +16372,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand.h.fips openssl-1.0.1g/crypto/fips/ +#endif +#endif +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1g/crypto/fips/fips_rand_lcl.h ---- openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand_lcl.h 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/fips/fips_rand_lcl.h +--- openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,219 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -16595,9 +16595,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1g/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1g/crypto/fips/fips_rand_lib.c ---- openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand_lib.c 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/fips/fips_rand_lib.c +--- openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,191 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -16790,9 +16790,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1g/crypto/f + } + return 0; + } -diff -up openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand_selftest.c 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,183 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16977,9 +16977,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1g/cry + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_randtest.c.fips openssl-1.0.1g/crypto/fips/fips_randtest.c ---- openssl-1.0.1g/crypto/fips/fips_randtest.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_randtest.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/fips/fips_randtest.c +--- openssl-1.0.1j/crypto/fips/fips_randtest.c.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_randtest.c 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,250 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -17231,9 +17231,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_randtest.c.fips openssl-1.0.1g/crypto/f + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -17679,9 +17679,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1g/cryp + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,282 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -17965,9 +17965,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1g/crypto/ + return 0; + + } -diff -up openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_sha_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_sha_selftest.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_sha_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,140 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18109,9 +18109,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c ---- openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c +--- openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,236 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18349,9 +18349,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1g/c + } + + -diff -up openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips openssl-1.0.1g/crypto/fips/fips_test_suite.c ---- openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips 2014-05-06 16:29:50.552923363 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_test_suite.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto/fips/fips_test_suite.c +--- openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips 2014-10-16 13:19:35.103306514 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_test_suite.c 2014-10-16 13:19:35.103306514 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18941,9 +18941,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips openssl-1.0.1g/crypto + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/Makefile.fips openssl-1.0.1g/crypto/fips/Makefile ---- openssl-1.0.1g/crypto/fips/Makefile.fips 2014-05-06 16:29:50.552923363 +0200 -+++ openssl-1.0.1g/crypto/fips/Makefile 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Makefile +--- openssl-1.0.1j/crypto/fips/Makefile.fips 2014-10-16 13:19:35.103306514 +0200 ++++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:19:35.103306514 +0200 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -19286,9 +19286,9 @@ diff -up openssl-1.0.1g/crypto/fips/Makefile.fips openssl-1.0.1g/crypto/fips/Mak +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -diff -up openssl-1.0.1g/crypto/hmac/hmac.c.fips openssl-1.0.1g/crypto/hmac/hmac.c ---- openssl-1.0.1g/crypto/hmac/hmac.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/hmac/hmac.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac.c +--- openssl-1.0.1j/crypto/hmac/hmac.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/hmac/hmac.c 2014-10-16 13:19:35.103306514 +0200 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -19351,9 +19351,9 @@ diff -up openssl-1.0.1g/crypto/hmac/hmac.c.fips openssl-1.0.1g/crypto/hmac/hmac. EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -diff -up openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1g/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/mdc2/mdc2dgst.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c 2014-10-16 13:19:35.103306514 +0200 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -19363,9 +19363,9 @@ diff -up openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1g/crypto/mdc2/m { c->num=0; c->pad_type=1; -diff -up openssl-1.0.1g/crypto/md2/md2_dgst.c.fips openssl-1.0.1g/crypto/md2/md2_dgst.c ---- openssl-1.0.1g/crypto/md2/md2_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/md2/md2_dgst.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2_dgst.c +--- openssl-1.0.1j/crypto/md2/md2_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/md2/md2_dgst.c 2014-10-16 13:19:35.103306514 +0200 @@ -62,6 +62,11 @@ #include #include @@ -19387,9 +19387,9 @@ diff -up openssl-1.0.1g/crypto/md2/md2_dgst.c.fips openssl-1.0.1g/crypto/md2/md2 { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.1g/crypto/md4/md4_dgst.c.fips openssl-1.0.1g/crypto/md4/md4_dgst.c ---- openssl-1.0.1g/crypto/md4/md4_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/md4/md4_dgst.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4_dgst.c +--- openssl-1.0.1j/crypto/md4/md4_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/md4/md4_dgst.c 2014-10-16 13:19:35.104306536 +0200 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19399,9 +19399,9 @@ diff -up openssl-1.0.1g/crypto/md4/md4_dgst.c.fips openssl-1.0.1g/crypto/md4/md4 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.1g/crypto/md5/md5_dgst.c.fips openssl-1.0.1g/crypto/md5/md5_dgst.c ---- openssl-1.0.1g/crypto/md5/md5_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/md5/md5_dgst.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5_dgst.c +--- openssl-1.0.1j/crypto/md5/md5_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/md5/md5_dgst.c 2014-10-16 13:19:35.104306536 +0200 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19411,9 +19411,9 @@ diff -up openssl-1.0.1g/crypto/md5/md5_dgst.c.fips openssl-1.0.1g/crypto/md5/md5 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.1g/crypto/o_fips.c.fips openssl-1.0.1g/crypto/o_fips.c ---- openssl-1.0.1g/crypto/o_fips.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/o_fips.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c +--- openssl-1.0.1j/crypto/o_fips.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/o_fips.c 2014-10-16 13:19:35.104306536 +0200 @@ -79,6 +79,8 @@ int FIPS_mode_set(int r) #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -19423,9 +19423,9 @@ diff -up openssl-1.0.1g/crypto/o_fips.c.fips openssl-1.0.1g/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -diff -up openssl-1.0.1g/crypto/o_init.c.fips openssl-1.0.1g/crypto/o_init.c ---- openssl-1.0.1g/crypto/o_init.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/o_init.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c +--- openssl-1.0.1j/crypto/o_init.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/o_init.c 2014-10-16 13:19:35.104306536 +0200 @@ -55,28 +55,68 @@ #include #include @@ -19499,9 +19499,9 @@ diff -up openssl-1.0.1g/crypto/o_init.c.fips openssl-1.0.1g/crypto/o_init.c + { + OPENSSL_init_library(); + } -diff -up openssl-1.0.1g/crypto/opensslconf.h.in.fips openssl-1.0.1g/crypto/opensslconf.h.in ---- openssl-1.0.1g/crypto/opensslconf.h.in.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/opensslconf.h.in 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opensslconf.h.in +--- openssl-1.0.1j/crypto/opensslconf.h.in.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/opensslconf.h.in 2014-10-16 13:19:35.104306536 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -19523,10 +19523,10 @@ diff -up openssl-1.0.1g/crypto/opensslconf.h.in.fips openssl-1.0.1g/crypto/opens /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips openssl-1.0.1g/crypto/rand/md_rand.c ---- openssl-1.0.1g/crypto/rand/md_rand.c.fips 2014-04-07 18:54:21.000000000 +0200 -+++ openssl-1.0.1g/crypto/rand/md_rand.c 2014-05-06 16:29:50.553923386 +0200 -@@ -395,7 +395,10 @@ static int ssleay_rand_bytes(unsigned ch +diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md_rand.c +--- openssl-1.0.1j/crypto/rand/md_rand.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rand/md_rand.c 2014-10-16 13:19:35.104306536 +0200 +@@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -19538,9 +19538,9 @@ diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips openssl-1.0.1g/crypto/rand/md { RAND_poll(); initialized = 1; -diff -up openssl-1.0.1g/crypto/rand/rand.h.fips openssl-1.0.1g/crypto/rand/rand.h ---- openssl-1.0.1g/crypto/rand/rand.h.fips 2014-05-06 16:29:50.303917606 +0200 -+++ openssl-1.0.1g/crypto/rand/rand.h 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand.h +--- openssl-1.0.1j/crypto/rand/rand.h.fips 2014-10-16 13:19:34.775299109 +0200 ++++ openssl-1.0.1j/crypto/rand/rand.h 2014-10-16 13:19:35.105306559 +0200 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -19581,9 +19581,9 @@ diff -up openssl-1.0.1g/crypto/rand/rand.h.fips openssl-1.0.1g/crypto/rand/rand. #ifdef __cplusplus } -diff -up openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1g/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/ripemd/rmd_dgst.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c 2014-10-16 13:19:35.105306559 +0200 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif @@ -19593,9 +19593,9 @@ diff -up openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1g/crypto/ripe { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1g/crypto/rsa/rsa_crpt.c ---- openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_crpt.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa_crpt.c +--- openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c 2014-10-16 13:19:35.105306559 +0200 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const RSA *rsa, int padding) { @@ -19622,9 +19622,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1g/crypto/rsa/rsa return -1; } #endif -diff -up openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips openssl-1.0.1g/crypto/rsa/rsa_eay.c ---- openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_eay.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_eay.c +--- openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_eay.c 2014-10-16 13:19:35.105306559 +0200 @@ -114,6 +114,10 @@ #include #include @@ -19755,9 +19755,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips openssl-1.0.1g/crypto/rsa/rsa_ rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.1g/crypto/rsa/rsa_err.c.fips openssl-1.0.1g/crypto/rsa/rsa_err.c ---- openssl-1.0.1g/crypto/rsa/rsa_err.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_err.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_err.c +--- openssl-1.0.1j/crypto/rsa/rsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_err.c 2014-10-16 13:19:35.105306559 +0200 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -19767,9 +19767,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_err.c.fips openssl-1.0.1g/crypto/rsa/rsa_ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, -diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips openssl-1.0.1g/crypto/rsa/rsa_gen.c ---- openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_gen.c +--- openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_gen.c 2014-10-16 13:19:35.106306581 +0200 @@ -69,6 +69,78 @@ #include #ifdef OPENSSL_FIPS @@ -19911,9 +19911,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips openssl-1.0.1g/crypto/rsa/rsa_ ok=1; err: if (ok == -1) -diff -up openssl-1.0.1g/crypto/rsa/rsa.h.fips openssl-1.0.1g/crypto/rsa/rsa.h ---- openssl-1.0.1g/crypto/rsa/rsa.h.fips 2014-05-06 16:29:50.436920681 +0200 -+++ openssl-1.0.1g/crypto/rsa/rsa.h 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h +--- openssl-1.0.1j/crypto/rsa/rsa.h.fips 2014-10-16 13:19:34.947302992 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa.h 2014-10-16 13:24:00.824305281 +0200 @@ -164,6 +164,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -19997,10 +19997,10 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa.h.fips openssl-1.0.1g/crypto/rsa/rsa.h +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 - #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips openssl-1.0.1g/crypto/rsa/rsa_lib.c ---- openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_lib.c 2014-05-06 16:29:50.554923409 +0200 + #define RSA_R_PKCS_DECODING_ERROR 159 +diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_lib.c +--- openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_lib.c 2014-10-16 13:19:35.106306581 +0200 @@ -84,6 +84,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -20076,9 +20076,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips openssl-1.0.1g/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1g/crypto/rsa/rsa_pmeth.c ---- openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_pmeth.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c 2014-10-16 13:19:35.106306581 +0200 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -20122,9 +20122,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1g/crypto/rsa/rs if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa_sign.c ---- openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_sign.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa_sign.c +--- openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_sign.c 2014-10-16 13:19:35.106306581 +0200 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -20135,7 +20135,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa if (i <= 0) ret=0; else -@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi +@@ -197,8 +198,8 @@ int int_rsa_verify(int dtype, const unsi if((dtype == NID_md5_sha1) && rm) { @@ -20146,7 +20146,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa if (i <= 0) return 0; *prm_len = i; -@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi +@@ -215,7 +216,8 @@ int int_rsa_verify(int dtype, const unsi RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); goto err; } @@ -20156,9 +20156,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa if (i <= 0) goto err; /* Oddball MDC2 case: signature can be OCTET STRING. -diff -up openssl-1.0.1g/crypto/sha/sha.h.fips openssl-1.0.1g/crypto/sha/sha.h ---- openssl-1.0.1g/crypto/sha/sha.h.fips 2014-05-06 16:29:50.224915780 +0200 -+++ openssl-1.0.1g/crypto/sha/sha.h 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h +--- openssl-1.0.1j/crypto/sha/sha.h.fips 2014-10-16 13:19:34.667296671 +0200 ++++ openssl-1.0.1j/crypto/sha/sha.h 2014-10-16 13:19:35.107306604 +0200 @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -20191,9 +20191,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha.h.fips openssl-1.0.1g/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -diff -up openssl-1.0.1g/crypto/sha/sha_locl.h.fips openssl-1.0.1g/crypto/sha/sha_locl.h ---- openssl-1.0.1g/crypto/sha/sha_locl.h.fips 2014-05-06 16:29:50.226915826 +0200 -+++ openssl-1.0.1g/crypto/sha/sha_locl.h 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha_locl.h +--- openssl-1.0.1j/crypto/sha/sha_locl.h.fips 2014-10-16 13:19:34.669296716 +0200 ++++ openssl-1.0.1j/crypto/sha/sha_locl.h 2014-10-16 13:19:35.107306604 +0200 @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h4 0xc3d2e1f0UL @@ -20210,9 +20210,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha_locl.h.fips openssl-1.0.1g/crypto/sha/sha memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.1g/crypto/sha/sha256.c.fips openssl-1.0.1g/crypto/sha/sha256.c ---- openssl-1.0.1g/crypto/sha/sha256.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/sha/sha256.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha256.c +--- openssl-1.0.1j/crypto/sha/sha256.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/sha/sha256.c 2014-10-16 13:19:35.107306604 +0200 @@ -12,12 +12,19 @@ #include @@ -20243,9 +20243,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha256.c.fips openssl-1.0.1g/crypto/sha/sha25 memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.1g/crypto/sha/sha512.c.fips openssl-1.0.1g/crypto/sha/sha512.c ---- openssl-1.0.1g/crypto/sha/sha512.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/sha/sha512.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha512.c +--- openssl-1.0.1j/crypto/sha/sha512.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/sha/sha512.c 2014-10-16 13:19:35.107306604 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -20277,9 +20277,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha512.c.fips openssl-1.0.1g/crypto/sha/sha51 c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); -diff -up openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1g/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/whrlpool/wp_dgst.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c 2014-10-16 13:19:35.107306604 +0200 @@ -55,7 +55,7 @@ #include #include @@ -20289,9 +20289,9 @@ diff -up openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1g/crypto/whr { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.1g/Makefile.org.fips openssl-1.0.1g/Makefile.org ---- openssl-1.0.1g/Makefile.org.fips 2014-05-06 16:29:50.519922600 +0200 -+++ openssl-1.0.1g/Makefile.org 2014-05-06 16:29:50.556923456 +0200 +diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org +--- openssl-1.0.1j/Makefile.org.fips 2014-10-16 13:19:35.062305588 +0200 ++++ openssl-1.0.1j/Makefile.org 2014-10-16 13:19:35.108306626 +0200 @@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -20319,10 +20319,10 @@ diff -up openssl-1.0.1g/Makefile.org.fips openssl-1.0.1g/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.1g/ssl/d1_srvr.c.fips openssl-1.0.1g/ssl/d1_srvr.c ---- openssl-1.0.1g/ssl/d1_srvr.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/d1_srvr.c 2014-05-06 16:29:50.556923456 +0200 -@@ -1383,6 +1383,8 @@ int dtls1_send_server_key_exchange(SSL * +diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c +--- openssl-1.0.1j/ssl/d1_srvr.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/ssl/d1_srvr.c 2014-10-16 13:19:35.108306626 +0200 +@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL * j=0; for (num=2; num > 0; num--) { @@ -20331,9 +20331,9 @@ diff -up openssl-1.0.1g/ssl/d1_srvr.c.fips openssl-1.0.1g/ssl/d1_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.1g/ssl/ssl_algs.c.fips openssl-1.0.1g/ssl/ssl_algs.c ---- openssl-1.0.1g/ssl/ssl_algs.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/ssl_algs.c 2014-05-06 16:29:50.556923456 +0200 +diff -up openssl-1.0.1j/ssl/ssl_algs.c.fips openssl-1.0.1j/ssl/ssl_algs.c +--- openssl-1.0.1j/ssl/ssl_algs.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/ssl/ssl_algs.c 2014-10-16 13:19:35.108306626 +0200 @@ -64,6 +64,12 @@ int SSL_library_init(void) { diff --git a/openssl.spec b/openssl.spec index b42bc91..79fa822 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,8 +22,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.1i -Release: 5%{?dist} +Version: 1.0.1j +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -58,7 +58,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch39: openssl-1.0.1h-ipv6-apps.patch -Patch40: openssl-1.0.1g-fips.patch +Patch40: openssl-1.0.1j-fips.patch Patch45: openssl-1.0.1e-env-zlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.1i-algo-doc.patch @@ -72,7 +72,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch Patch66: openssl-1.0.1-pkgconfig-krb5.patch Patch68: openssl-1.0.1e-secure-getenv.patch Patch69: openssl-1.0.1c-dh-1024.patch -Patch70: openssl-1.0.1e-fips-ec.patch +Patch70: openssl-1.0.1j-fips-ec.patch Patch71: openssl-1.0.1i-manfix.patch Patch72: openssl-1.0.1e-fips-ctor.patch Patch73: openssl-1.0.1e-ecc-suiteb.patch @@ -84,12 +84,11 @@ Patch90: openssl-1.0.1e-enc-fail.patch Patch92: openssl-1.0.1h-system-cipherlist.patch Patch93: openssl-1.0.1h-disable-sslv2v3.patch # Backported fixes including security fixes -Patch80: openssl-1.0.1i-evp-wrap.patch +Patch80: openssl-1.0.1j-evp-wrap.patch Patch81: openssl-1.0.1-beta2-padlock64.patch Patch84: openssl-1.0.1i-trusted-first.patch Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch -Patch89: openssl-1.0.1e-ephemeral-key-size.patch -Patch94: openssl-1.0.1i-copy-algo.patch +Patch89: openssl-1.0.1j-ephemeral-key-size.patch License: OpenSSL Group: System Environment/Libraries @@ -212,7 +211,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch84 -p1 -b .trusted-first %patch85 -p1 -b .armcap %patch89 -p1 -b .ephemeral -%patch94 -p1 -b .copy-algo sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -480,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Thu Oct 16 2014 Tomáš Mráz 1.0.1j-1 +- new upstream release fixing multiple security issues + * Fri Oct 10 2014 Tomáš Mráz 1.0.1i-5 - copy negotiated digests when switching certs by SNI (#1150032)