From ac2b786dc83590065a2880507aa34876aaec0698 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Tue, 29 Sep 2009 05:49:00 +0000 Subject: [PATCH 01/20] Initialize branch F-12 for openssl --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..06de2d2 --- /dev/null +++ b/branch @@ -0,0 +1 @@ +F-12 From 0d4bee2e574b0bf7c06d117d4dc54a1d9c809088 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Wed, 30 Sep 2009 18:34:35 +0000 Subject: [PATCH 02/20] - fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127) --- openssl-1.0.0-beta3-camellia-rounds.patch | 12 + openssl-1.0.0-beta3-cmll-noasm.patch | 12 - openssl-1.0.0-beta3-fips.patch | 1134 +++++++++++---------- openssl.spec | 10 +- 4 files changed, 640 insertions(+), 528 deletions(-) create mode 100644 openssl-1.0.0-beta3-camellia-rounds.patch delete mode 100644 openssl-1.0.0-beta3-cmll-noasm.patch diff --git a/openssl-1.0.0-beta3-camellia-rounds.patch b/openssl-1.0.0-beta3-camellia-rounds.patch new file mode 100644 index 0000000..a43b602 --- /dev/null +++ b/openssl-1.0.0-beta3-camellia-rounds.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl.rounds openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl +--- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl.rounds 2009-09-15 12:09:08.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl 2009-09-15 12:09:48.000000000 +0200 +@@ -656,7 +656,7 @@ Camellia_cbc_encrypt: + mov %rsi,$out # out argument + mov %r8,%rbx # ivp argument + mov %rcx,$key # key argument +- mov 272(%rcx),$keyend # grandRounds ++ mov 272(%rcx),${keyend}d # grandRounds + + mov %r8,$_ivp + mov %rbp,$_rsp diff --git a/openssl-1.0.0-beta3-cmll-noasm.patch b/openssl-1.0.0-beta3-cmll-noasm.patch deleted file mode 100644 index 2df67a5..0000000 --- a/openssl-1.0.0-beta3-cmll-noasm.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.0-beta3/Configure.cmll-noasm openssl-1.0.0-beta3/Configure ---- openssl-1.0.0-beta3/Configure.cmll-noasm 2009-09-04 13:44:53.000000000 +0200 -+++ openssl-1.0.0-beta3/Configure 2009-09-04 13:46:08.000000000 +0200 -@@ -125,7 +125,7 @@ my $x86_asm="x86cpuid.o:bn-586.o co-586. - - my $x86_elf_asm="$x86_asm:elf"; - --my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; -+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:"; - my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void"; - my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void"; - my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void"; diff --git a/openssl-1.0.0-beta3-fips.patch b/openssl-1.0.0-beta3-fips.patch index 707a0b9..99404e6 100644 --- a/openssl-1.0.0-beta3-fips.patch +++ b/openssl-1.0.0-beta3-fips.patch @@ -1,6 +1,6 @@ diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure ---- openssl-1.0.0-beta3/Configure.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/Configure 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/Configure.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/Configure 2009-09-30 13:25:58.000000000 +0200 @@ -654,6 +654,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -45,7 +45,7 @@ diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto/bf/bf_skey.c --- openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-09-30 13:25:58.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -64,8 +64,8 @@ diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto int i; BF_LONG *p,ri,in[2]; diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypto/bf/blowfish.h ---- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-09-30 13:25:58.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -78,8 +78,8 @@ diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypt void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/bn.h ---- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-09-30 13:25:58.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -99,8 +99,8 @@ diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/b void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -376,7 +376,7 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c + diff -up openssl-1.0.0-beta3/crypto/bn/Makefile.fips openssl-1.0.0-beta3/crypto/bn/Makefile --- openssl-1.0.0-beta3/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/bn/Makefile 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/bn/Makefile 2009-09-30 13:25:58.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -395,7 +395,7 @@ diff -up openssl-1.0.0-beta3/crypto/bn/Makefile.fips openssl-1.0.0-beta3/crypto/ diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl --- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl 2009-08-20 16:54:59.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl 2009-09-30 13:25:58.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -423,8 +423,8 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0- @SBOX=( diff -up openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips openssl-1.0.0-beta3/crypto/camellia/camellia.h ---- openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips 2009-08-11 18:07:29.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/camellia.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips 2009-09-30 13:25:56.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/camellia/camellia.h 2009-09-30 13:25:58.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips openssl-1.0.0-beta3 int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c.fips 2009-08-20 17:01:56.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c 2009-08-20 17:03:21.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -511,7 +511,7 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta +#endif diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c --- openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c 2009-08-20 17:04:10.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c 2009-09-30 13:25:58.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -535,7 +535,7 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta return -1; diff -up openssl-1.0.0-beta3/crypto/camellia/Makefile.fips openssl-1.0.0-beta3/crypto/camellia/Makefile --- openssl-1.0.0-beta3/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/camellia/Makefile 2009-08-20 17:02:56.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/camellia/Makefile 2009-09-30 13:25:58.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -549,8 +549,8 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/Makefile.fips openssl-1.0.0-beta3/c SRC= $(LIBSRC) diff -up openssl-1.0.0-beta3/crypto/cast/cast.h.fips openssl-1.0.0-beta3/crypto/cast/cast.h ---- openssl-1.0.0-beta3/crypto/cast/cast.h.fips 2009-08-11 18:07:29.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/cast/cast.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/cast/cast.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/cast/cast.h 2009-09-30 13:25:58.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -564,7 +564,7 @@ diff -up openssl-1.0.0-beta3/crypto/cast/cast.h.fips openssl-1.0.0-beta3/crypto/ int enc); diff -up openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips openssl-1.0.0-beta3/crypto/cast/c_skey.c --- openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/cast/c_skey.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/cast/c_skey.c 2009-09-30 13:25:58.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -587,8 +587,8 @@ diff -up openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips openssl-1.0.0-beta3/crypt CAST_LONG x[16]; CAST_LONG z[16]; diff -up openssl-1.0.0-beta3/crypto/crypto.h.fips openssl-1.0.0-beta3/crypto/crypto.h ---- openssl-1.0.0-beta3/crypto/crypto.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/crypto.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/crypto.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/crypto.h 2009-09-30 13:25:58.000000000 +0200 @@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) @@ -661,7 +661,7 @@ diff -up openssl-1.0.0-beta3/crypto/crypto.h.fips openssl-1.0.0-beta3/crypto/cry /* Function codes. */ diff -up openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips openssl-1.0.0-beta3/crypto/dh/dh_err.c --- openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/dh/dh_err.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dh/dh_err.c 2009-09-30 13:25:58.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -681,7 +681,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips openssl-1.0.0-beta3/crypto/ {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, diff -up openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta3/crypto/dh/dh_gen.c --- openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dh/dh_gen.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dh/dh_gen.c 2009-09-30 13:25:58.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -715,8 +715,8 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta3/crypto/ if (ctx == NULL) goto err; BN_CTX_start(ctx); diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/dh.h ---- openssl-1.0.0-beta3/crypto/dh/dh.h.fips 2009-08-11 18:07:29.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dh/dh.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/dh/dh.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dh/dh.h 2009-09-30 13:25:58.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -745,7 +745,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/d } diff -up openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips openssl-1.0.0-beta3/crypto/dh/dh_key.c --- openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dh/dh_key.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dh/dh_key.c 2009-09-30 13:25:58.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -797,7 +797,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips openssl-1.0.0-beta3/crypto/ } diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c --- openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c 2009-09-30 13:25:58.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -834,8 +834,8 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta3/crypt qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips openssl-1.0.0-beta3/crypto/dsa/dsa.h ---- openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dsa/dsa.h 2009-09-30 13:25:58.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -894,8 +894,8 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips openssl-1.0.0-beta3/crypto/ds #ifdef __cplusplus diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_key.c --- openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_key.c 2009-08-11 18:09:42.000000000 +0200 -@@ -63,9 +63,40 @@ ++++ openssl-1.0.0-beta3/crypto/dsa/dsa_key.c 2009-09-30 17:01:34.000000000 +0200 +@@ -63,9 +63,53 @@ #include #include #include @@ -917,26 +917,39 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypt + +int fips_check_dsa(DSA *dsa) + { -+ EVP_PKEY pk; ++ EVP_PKEY *pk; + unsigned char tbs[] = "DSA Pairwise Check Data"; -+ pk.type = EVP_PKEY_DSA; -+ pk.pkey.dsa = dsa; ++ int ret = 0; + -+ if (!fips_pkey_signature_test(&pk, tbs, -1, -+ NULL, 0, EVP_dss1(), 0, NULL)) ++ if ((pk=EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_DSA(pk, dsa); ++ ++ if (!fips_pkey_signature_test(pk, tbs, -1, ++ NULL, 0, EVP_sha1(), 0, NULL)) ++ goto err; ++ ++ ret = 1; ++ ++err: ++ if (ret == 0) + { -+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); + fips_set_selftest_fail(); -+ return 0; ++ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); + } -+ return 1; ++ ++ if (pk) ++ EVP_PKEY_free(pk); ++ ++ return ret; + } +#endif + int DSA_generate_key(DSA *dsa) { if(dsa->meth->dsa_keygen) -@@ -79,6 +110,14 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -79,6 +123,14 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -951,7 +964,7 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypt if ((ctx=BN_CTX_new()) == NULL) goto err; if (dsa->priv_key == NULL) -@@ -117,6 +156,15 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -117,6 +169,15 @@ static int dsa_builtin_keygen(DSA *dsa) dsa->priv_key=priv_key; dsa->pub_key=pub_key; @@ -969,7 +982,7 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypt err: diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c --- openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c 2009-09-30 13:25:58.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1043,7 +1056,7 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta3/cryp } diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypto/err/err_all.c --- openssl-1.0.0-beta3/crypto/err/err_all.c.fips 2008-11-24 18:27:06.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/err/err_all.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/err/err_all.c 2009-09-30 13:25:58.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1066,7 +1079,7 @@ diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypt #endif diff -up openssl-1.0.0-beta3/crypto/evp/digest.c.fips openssl-1.0.0-beta3/crypto/evp/digest.c --- openssl-1.0.0-beta3/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/digest.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/digest.c 2009-09-30 13:25:58.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1167,7 +1180,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/digest.c.fips openssl-1.0.0-beta3/crypto ret=ctx->digest->final(ctx,md); diff -up openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips openssl-1.0.0-beta3/crypto/evp/e_aes.c --- openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/e_aes.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/e_aes.c 2009-09-30 13:25:58.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1222,7 +1235,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips openssl-1.0.0-beta3/crypto/ const unsigned char *iv, int enc) diff -up openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta3/crypto/evp/e_camellia.c --- openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/e_camellia.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/e_camellia.c 2009-09-30 13:25:58.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1234,7 +1247,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta3/cr IMPLEMENT_CAMELLIA_CFBR(192,1) diff -up openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips openssl-1.0.0-beta3/crypto/evp/e_des3.c --- openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/e_des3.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/e_des3.c 2009-09-30 13:25:58.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1281,7 +1294,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips openssl-1.0.0-beta3/crypto static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff -up openssl-1.0.0-beta3/crypto/evp/e_null.c.fips openssl-1.0.0-beta3/crypto/evp/e_null.c --- openssl-1.0.0-beta3/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/e_null.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/e_null.c 2009-09-30 13:25:58.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1293,7 +1306,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_null.c.fips openssl-1.0.0-beta3/crypto NULL, diff -up openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta3/crypto/evp/evp_enc.c --- openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/evp_enc.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/evp_enc.c 2009-09-30 13:25:58.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1388,7 +1401,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta3/crypt } diff -up openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips openssl-1.0.0-beta3/crypto/evp/evp_err.c --- openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/evp_err.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/evp_err.c 2009-09-30 13:25:58.000000000 +0200 @@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1398,8 +1411,8 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips openssl-1.0.0-beta3/crypt {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/evp/evp.h ---- openssl-1.0.0-beta3/crypto/evp/evp.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/evp.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/evp/evp.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/evp.h 2009-09-30 14:40:54.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1431,7 +1444,18 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/ev #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest * in FIPS mode */ -@@ -330,6 +332,14 @@ struct evp_cipher_st +@@ -284,6 +286,10 @@ struct env_md_ctx_st + #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ + #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ + #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ ++#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ ++ ((ctx->flags>>16) &0xFFFF) /* seed length */ ++#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ ++#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ + + #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ + +@@ -330,6 +336,14 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 @@ -1446,7 +1470,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/ev /* ctrl() values */ -@@ -507,6 +517,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ +@@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ const unsigned char *salt, const unsigned char *data, int datal, int count, unsigned char *key,unsigned char *iv); @@ -1457,7 +1481,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/ev int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -@@ -1225,6 +1239,7 @@ void ERR_load_EVP_strings(void); +@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_DIFFERENT_PARAMETERS 153 @@ -1467,7 +1491,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/ev #define EVP_R_EXPECTING_AN_RSA_KEY 127 diff -up openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta3/crypto/evp/evp_lib.c --- openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/evp_lib.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/evp_lib.c 2009-09-30 13:25:58.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1516,8 +1540,8 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta3/crypt + return (ctx->flags & flags); + } diff -up openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta3/crypto/evp/evp_locl.h ---- openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/evp_locl.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/evp_locl.h 2009-09-30 13:25:58.000000000 +0200 @@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ @@ -1567,33 +1591,33 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta3/cryp struct evp_pkey_ctx_st { -diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss1.c ---- openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/m_dss1.c 2009-08-11 18:07:30.000000000 +0200 -@@ -82,7 +82,7 @@ static const EVP_MD dss1_md= - NID_dsa, - NID_dsaWithSHA1, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_DIGEST, -+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, - init, - update, - final, diff -up openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss.c --- openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/m_dss.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/m_dss.c 2009-09-30 13:25:58.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_DIGEST, ++ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, + init, + update, + final, +diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss1.c +--- openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/m_dss1.c 2009-09-30 13:25:58.000000000 +0200 +@@ -82,7 +82,7 @@ static const EVP_MD dss1_md= + NID_dsa, + NID_dsaWithSHA1, + SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_PKEY_DIGEST, + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, init, update, final, diff -up openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta3/crypto/evp/m_sha1.c --- openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/m_sha1.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/m_sha1.c 2009-09-30 13:25:58.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1646,7 +1670,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta3/crypto final512, diff -up openssl-1.0.0-beta3/crypto/evp/names.c.fips openssl-1.0.0-beta3/crypto/evp/names.c --- openssl-1.0.0-beta3/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/names.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/names.c 2009-09-30 13:25:58.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1669,9 +1693,77 @@ diff -up openssl-1.0.0-beta3/crypto/evp/names.c.fips openssl-1.0.0-beta3/crypto/ name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); +diff -up openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips openssl-1.0.0-beta3/crypto/evp/p_sign.c +--- openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/evp/p_sign.c 2009-09-30 15:07:14.000000000 +0200 +@@ -61,6 +61,7 @@ + #include + #include + #include ++#include + + #ifdef undef + void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) +@@ -101,6 +102,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; ++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931) ++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0) ++ goto err; ++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) ++ { ++ int saltlen; ++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) ++ goto err; ++ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx); ++ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN) ++ saltlen = -1; ++ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC) ++ saltlen = -2; ++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) ++ goto err; ++ } + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; +diff -up openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips openssl-1.0.0-beta3/crypto/evp/p_verify.c +--- openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0-beta3/crypto/evp/p_verify.c 2009-09-30 15:07:27.000000000 +0200 +@@ -61,6 +61,7 @@ + #include + #include + #include ++#include + + int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey) +@@ -86,6 +87,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; ++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931) ++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0) ++ goto err; ++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) ++ { ++ int saltlen; ++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) ++ goto err; ++ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx); ++ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN) ++ saltlen = -1; ++ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC) ++ saltlen = -2; ++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) ++ goto err; ++ } + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); + err: + EVP_PKEY_CTX_free(pkctx); diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2613,8 +2705,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3319,8 +3411,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -3860,8 +3952,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4094,8 +4186,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4488,8 +4580,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4862,8 +4954,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5243,8 +5335,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5635,8 +5727,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -5982,8 +6074,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h + } + diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips_err.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips_err.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -5993,8 +6085,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.c +static void *dummy=&dummy; +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.h ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips_err.h 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips_err.h 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6134,8 +6226,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.h +#endif + } diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6239,8 +6331,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6662,8 +6754,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6803,9 +6895,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c 2009-08-11 18:07:30.000000000 +0200 -@@ -0,0 +1,180 @@ +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c 2009-09-30 13:25:58.000000000 +0200 +@@ -0,0 +1,184 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -6923,13 +7015,13 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c + +int FIPS_selftest_dsa() + { -+ DSA *dsa=NULL; ++ DSA *dsa; + int counter,i,j, ret = 0; + unsigned int slen; + unsigned char buf[256]; + unsigned long h; + EVP_MD_CTX mctx; -+ EVP_PKEY pk; ++ EVP_PKEY *pk = NULL; + + EVP_MD_CTX_init(&mctx); + @@ -6958,28 +7050,32 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c + if (i != j || memcmp(buf,out_g,i) != 0) + goto err; + DSA_generate_key(dsa); -+ pk.type = EVP_PKEY_DSA; -+ pk.pkey.dsa = dsa; ++ ++ if ((pk=EVP_PKEY_new()) == NULL) ++ goto err; ++ EVP_PKEY_assign_DSA(pk, dsa); + + if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL)) + goto err; + if (!EVP_SignUpdate(&mctx, str1, 20)) + goto err; -+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) ++ if (!EVP_SignFinal(&mctx, buf, &slen, pk)) + goto err; + + if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL)) + goto err; + if (!EVP_VerifyUpdate(&mctx, str1, 20)) + goto err; -+ if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1) ++ if (EVP_VerifyFinal(&mctx, buf, slen, pk) != 1) + goto err; + + ret = 1; + + err: + EVP_MD_CTX_cleanup(&mctx); -+ if (dsa) ++ if (pk) ++ EVP_PKEY_free(pk); ++ else if (dsa) + DSA_free(dsa); + if (ret == 0) + FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED); @@ -6987,8 +7083,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.h ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips.h 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips.h 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7154,8 +7250,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.h +#endif +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,135 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7293,8 +7389,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,410 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7707,8 +7803,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.h ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.h 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_rand.h 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7788,8 +7884,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.h +#endif +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,371 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8163,8 +8259,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_randtest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_randtest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_randtest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8415,9 +8511,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_randtest.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c 2009-08-11 18:07:30.000000000 +0200 -@@ -0,0 +1,432 @@ +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c 2009-09-30 13:25:58.000000000 +0200 +@@ -0,0 +1,439 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. + * @@ -8759,83 +8855,87 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c +int FIPS_selftest_rsa() + { + int ret = 0; -+ RSA *key = NULL; -+ EVP_PKEY pk; -+ key=RSA_new(); -+ setrsakey(key); -+ pk.type = EVP_PKEY_RSA; -+ pk.pkey.rsa = key; ++ RSA *key; ++ EVP_PKEY *pk = NULL; + -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if ((key=RSA_new()) == NULL) ++ goto err; ++ setrsakey(key); ++ if ((pk=EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_assign_RSA(pk, key); ++ ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_SHA1, sizeof(kat_RSA_SHA1), + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, + "RSA SHA1 PKCS#1")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_SHA224, sizeof(kat_RSA_SHA224), + EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1, + "RSA SHA224 PKCS#1")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_SHA256, sizeof(kat_RSA_SHA256), + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1, + "RSA SHA256 PKCS#1")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_SHA384, sizeof(kat_RSA_SHA384), + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1, + "RSA SHA384 PKCS#1")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_SHA512, sizeof(kat_RSA_SHA512), + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1, + "RSA SHA512 PKCS#1")) + goto err; + -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1), + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, + "RSA SHA1 PSS")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224), + EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS, + "RSA SHA224 PSS")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256), + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS, + "RSA SHA256 PSS")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384), + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS, + "RSA SHA384 PSS")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512), + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS, + "RSA SHA512 PSS")) + goto err; + + -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1), + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, + "RSA SHA1 X931")) + goto err; + /* NB: SHA224 not supported in X9.31 */ -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256), + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931, + "RSA SHA256 X931")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384), + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931, + "RSA SHA384 X931")) + goto err; -+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, ++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512), + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931, + "RSA SHA512 X931")) @@ -8845,14 +8945,17 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c + ret = 1; + + err: -+ RSA_free(key); ++ if (pk) ++ EVP_PKEY_free(pk); ++ else if (key) ++ RSA_free(key); + return ret; + } + +#endif /* def OPENSSL_FIPS */ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9136,8 +9239,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c + + } diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,97 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9237,8 +9340,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9414,8 +9517,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c + + diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10006,8 +10109,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c + +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_locl.h ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips_locl.h 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips_locl.h 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10082,8 +10185,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_locl.h +#endif +#endif diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/Makefile ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10168,7 +10271,7 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/Makefile + diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips openssl-1.0.0-beta3/crypto/hmac/hmac.c --- openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/hmac/hmac.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/hmac/hmac.c 2009-09-30 13:25:58.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10195,8 +10298,8 @@ diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips openssl-1.0.0-beta3/crypto/ + } + diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips openssl-1.0.0-beta3/crypto/hmac/hmac.h ---- openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/hmac/hmac.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/hmac/hmac.h 2009-09-30 13:25:58.000000000 +0200 @@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md unsigned int *md_len); int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); @@ -10207,7 +10310,7 @@ diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips openssl-1.0.0-beta3/crypto/ } diff -up openssl-1.0.0-beta3/crypto/Makefile.fips openssl-1.0.0-beta3/crypto/Makefile --- openssl-1.0.0-beta3/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/Makefile 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/Makefile 2009-09-30 13:25:58.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10226,120 +10329,9 @@ diff -up openssl-1.0.0-beta3/crypto/Makefile.fips openssl-1.0.0-beta3/crypto/Mak ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta3/crypto/md2/md2_dgst.c ---- openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md2/md2_dgst.c 2009-08-11 18:07:30.000000000 +0200 -@@ -62,6 +62,11 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS -+#include -+#endif -+ -+#include - - const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; - -@@ -116,7 +121,7 @@ const char *MD2_options(void) - return("md2(int)"); - } - --int MD2_Init(MD2_CTX *c) -+FIPS_NON_FIPS_MD_Init(MD2) - { - c->num=0; - memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0-beta3/crypto/md2/md2.h.fips openssl-1.0.0-beta3/crypto/md2/md2.h ---- openssl-1.0.0-beta3/crypto/md2/md2.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md2/md2.h 2009-08-11 18:07:30.000000000 +0200 -@@ -81,6 +81,9 @@ typedef struct MD2state_st - } MD2_CTX; - - const char *MD2_options(void); -+#ifdef OPENSSL_FIPS -+int private_MD2_Init(MD2_CTX *c); -+#endif - int MD2_Init(MD2_CTX *c); - int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); - int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta3/crypto/md4/md4_dgst.c ---- openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/md4/md4_dgst.c 2009-08-11 18:07:30.000000000 +0200 -@@ -59,6 +59,11 @@ - #include - #include "md4_locl.h" - #include -+#include -+#ifdef OPENSSL_FIPS -+#include -+#endif -+ - - const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; - -@@ -70,7 +75,7 @@ const char MD4_version[]="MD4" OPENSSL_V - #define INIT_DATA_C (unsigned long)0x98badcfeL - #define INIT_DATA_D (unsigned long)0x10325476L - --int MD4_Init(MD4_CTX *c) -+FIPS_NON_FIPS_MD_Init(MD4) - { - memset (c,0,sizeof(*c)); - c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta3/crypto/md4/md4.h.fips openssl-1.0.0-beta3/crypto/md4/md4.h ---- openssl-1.0.0-beta3/crypto/md4/md4.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md4/md4.h 2009-08-11 18:07:30.000000000 +0200 -@@ -105,6 +105,9 @@ typedef struct MD4state_st - unsigned int num; - } MD4_CTX; - -+#ifdef OPENSSL_FIPS -+int private_MD4_Init(MD4_CTX *c); -+#endif - int MD4_Init(MD4_CTX *c); - int MD4_Update(MD4_CTX *c, const void *data, size_t len); - int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta3/crypto/md5/md5_dgst.c ---- openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/md5/md5_dgst.c 2009-08-11 18:07:30.000000000 +0200 -@@ -59,6 +59,11 @@ - #include - #include "md5_locl.h" - #include -+#include -+#ifdef OPENSSL_FIPS -+#include -+#endif -+ - - const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; - -@@ -70,7 +75,7 @@ const char MD5_version[]="MD5" OPENSSL_V - #define INIT_DATA_C (unsigned long)0x98badcfeL - #define INIT_DATA_D (unsigned long)0x10325476L - --int MD5_Init(MD5_CTX *c) -+FIPS_NON_FIPS_MD_Init(MD5) - { - memset (c,0,sizeof(*c)); - c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta3/crypto/md5/md5.h.fips openssl-1.0.0-beta3/crypto/md5/md5.h ---- openssl-1.0.0-beta3/crypto/md5/md5.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md5/md5.h 2009-08-11 18:07:30.000000000 +0200 -@@ -105,6 +105,9 @@ typedef struct MD5state_st - unsigned int num; - } MD5_CTX; - -+#ifdef OPENSSL_FIPS -+int private_MD5_Init(MD5_CTX *c); -+#endif - int MD5_Init(MD5_CTX *c); - int MD5_Update(MD5_CTX *c, const void *data, size_t len); - int MD5_Final(unsigned char *md, MD5_CTX *c); diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c --- openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c 2009-09-30 13:25:58.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10362,8 +10354,8 @@ diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta3/cry c->num=0; c->pad_type=1; diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2.h ---- openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/mdc2/mdc2.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/mdc2/mdc2.h 2009-09-30 13:25:58.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10375,9 +10367,120 @@ diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta3/crypto/ int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); +diff -up openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta3/crypto/md2/md2_dgst.c +--- openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/md2/md2_dgst.c 2009-09-30 13:25:58.000000000 +0200 +@@ -62,6 +62,11 @@ + #include + #include + #include ++#ifdef OPENSSL_FIPS ++#include ++#endif ++ ++#include + + const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; + +@@ -116,7 +121,7 @@ const char *MD2_options(void) + return("md2(int)"); + } + +-int MD2_Init(MD2_CTX *c) ++FIPS_NON_FIPS_MD_Init(MD2) + { + c->num=0; + memset(c->state,0,sizeof c->state); +diff -up openssl-1.0.0-beta3/crypto/md2/md2.h.fips openssl-1.0.0-beta3/crypto/md2/md2.h +--- openssl-1.0.0-beta3/crypto/md2/md2.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/md2/md2.h 2009-09-30 13:25:58.000000000 +0200 +@@ -81,6 +81,9 @@ typedef struct MD2state_st + } MD2_CTX; + + const char *MD2_options(void); ++#ifdef OPENSSL_FIPS ++int private_MD2_Init(MD2_CTX *c); ++#endif + int MD2_Init(MD2_CTX *c); + int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); + int MD2_Final(unsigned char *md, MD2_CTX *c); +diff -up openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta3/crypto/md4/md4_dgst.c +--- openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0-beta3/crypto/md4/md4_dgst.c 2009-09-30 13:25:58.000000000 +0200 +@@ -59,6 +59,11 @@ + #include + #include "md4_locl.h" + #include ++#include ++#ifdef OPENSSL_FIPS ++#include ++#endif ++ + + const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; + +@@ -70,7 +75,7 @@ const char MD4_version[]="MD4" OPENSSL_V + #define INIT_DATA_C (unsigned long)0x98badcfeL + #define INIT_DATA_D (unsigned long)0x10325476L + +-int MD4_Init(MD4_CTX *c) ++FIPS_NON_FIPS_MD_Init(MD4) + { + memset (c,0,sizeof(*c)); + c->A=INIT_DATA_A; +diff -up openssl-1.0.0-beta3/crypto/md4/md4.h.fips openssl-1.0.0-beta3/crypto/md4/md4.h +--- openssl-1.0.0-beta3/crypto/md4/md4.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/md4/md4.h 2009-09-30 13:25:58.000000000 +0200 +@@ -105,6 +105,9 @@ typedef struct MD4state_st + unsigned int num; + } MD4_CTX; + ++#ifdef OPENSSL_FIPS ++int private_MD4_Init(MD4_CTX *c); ++#endif + int MD4_Init(MD4_CTX *c); + int MD4_Update(MD4_CTX *c, const void *data, size_t len); + int MD4_Final(unsigned char *md, MD4_CTX *c); +diff -up openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta3/crypto/md5/md5_dgst.c +--- openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0-beta3/crypto/md5/md5_dgst.c 2009-09-30 13:25:58.000000000 +0200 +@@ -59,6 +59,11 @@ + #include + #include "md5_locl.h" + #include ++#include ++#ifdef OPENSSL_FIPS ++#include ++#endif ++ + + const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; + +@@ -70,7 +75,7 @@ const char MD5_version[]="MD5" OPENSSL_V + #define INIT_DATA_C (unsigned long)0x98badcfeL + #define INIT_DATA_D (unsigned long)0x10325476L + +-int MD5_Init(MD5_CTX *c) ++FIPS_NON_FIPS_MD_Init(MD5) + { + memset (c,0,sizeof(*c)); + c->A=INIT_DATA_A; +diff -up openssl-1.0.0-beta3/crypto/md5/md5.h.fips openssl-1.0.0-beta3/crypto/md5/md5.h +--- openssl-1.0.0-beta3/crypto/md5/md5.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/md5/md5.h 2009-09-30 13:25:58.000000000 +0200 +@@ -105,6 +105,9 @@ typedef struct MD5state_st + unsigned int num; + } MD5_CTX; + ++#ifdef OPENSSL_FIPS ++int private_MD5_Init(MD5_CTX *c); ++#endif + int MD5_Init(MD5_CTX *c); + int MD5_Update(MD5_CTX *c, const void *data, size_t len); + int MD5_Final(unsigned char *md, MD5_CTX *c); diff -up openssl-1.0.0-beta3/crypto/mem.c.fips openssl-1.0.0-beta3/crypto/mem.c --- openssl-1.0.0-beta3/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/mem.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/mem.c 2009-09-30 13:25:58.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10388,8 +10491,8 @@ diff -up openssl-1.0.0-beta3/crypto/mem.c.fips openssl-1.0.0-beta3/crypto/mem.c static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; diff -up /dev/null openssl-1.0.0-beta3/crypto/o_init.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/o_init.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10473,7 +10576,7 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/o_init.c + diff -up openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips openssl-1.0.0-beta3/crypto/opensslconf.h.in --- openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/opensslconf.h.in 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/opensslconf.h.in 2009-09-30 13:25:58.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10497,7 +10600,7 @@ diff -up openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips openssl-1.0.0-beta3/cr diff -up openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c --- openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c 2009-09-30 13:25:58.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10526,7 +10629,7 @@ diff -up openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta3/cr if (!iter) diff -up openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips openssl-1.0.0-beta3/crypto/rand/md_rand.c --- openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rand/md_rand.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rand/md_rand.c 2009-09-30 13:25:58.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10555,7 +10658,7 @@ diff -up openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips openssl-1.0.0-beta3/cryp { diff -up openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips openssl-1.0.0-beta3/crypto/rand/rand_err.c --- openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rand/rand_err.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rand/rand_err.c 2009-09-30 13:25:58.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10589,8 +10692,8 @@ diff -up openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips openssl-1.0.0-beta3/cry }; diff -up openssl-1.0.0-beta3/crypto/rand/rand.h.fips openssl-1.0.0-beta3/crypto/rand/rand.h ---- openssl-1.0.0-beta3/crypto/rand/rand.h.fips 2009-08-11 18:07:29.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rand/rand.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/rand/rand.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rand/rand.h 2009-09-30 13:25:58.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10622,7 +10725,7 @@ diff -up openssl-1.0.0-beta3/crypto/rand/rand.h.fips openssl-1.0.0-beta3/crypto/ } diff -up openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta3/crypto/rand/rand_lib.c --- openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rand/rand_lib.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rand/rand_lib.c 2009-09-30 13:25:58.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10657,8 +10760,8 @@ diff -up openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta3/cry } diff -up openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips openssl-1.0.0-beta3/crypto/rc2/rc2.h ---- openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc2/rc2.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc2/rc2.h 2009-09-30 13:25:58.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10672,7 +10775,7 @@ diff -up openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips openssl-1.0.0-beta3/crypto/rc int enc); diff -up openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c --- openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c 2009-09-30 13:25:58.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10706,9 +10809,31 @@ diff -up openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta3/cryp int i,j; unsigned char *k; RC2_INT *ki; +diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl 2009-09-30 13:25:58.000000000 +0200 +@@ -202,4 +202,6 @@ RC4_options: + .string "rc4(8x,char)" + ___ + ++$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); ++ + print $code; +diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl 2009-09-30 13:25:58.000000000 +0200 +@@ -499,6 +499,8 @@ ___ + + $code =~ s/#([bwd])/$1/gm; + ++$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); ++ + print $code; + + close STDOUT; diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl --- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl 2009-09-30 13:25:58.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10732,31 +10857,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta3/ # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl 2009-08-11 18:07:30.000000000 +0200 -@@ -202,4 +202,6 @@ RC4_options: - .string "rc4(8x,char)" - ___ - -+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); -+ - print $code; -diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl 2009-08-11 18:07:30.000000000 +0200 -@@ -499,6 +499,8 @@ ___ - - $code =~ s/#([bwd])/$1/gm; - -+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); -+ - print $code; - - close STDOUT; diff -up openssl-1.0.0-beta3/crypto/rc4/Makefile.fips openssl-1.0.0-beta3/crypto/rc4/Makefile --- openssl-1.0.0-beta3/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/Makefile 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc4/Makefile 2009-09-30 13:25:58.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10769,8 +10872,8 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/Makefile.fips openssl-1.0.0-beta3/crypto SRC= $(LIBSRC) diff -up /dev/null openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c ---- /dev/null 2009-07-27 08:39:22.849064505 +0200 -+++ openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c 2009-08-11 18:07:30.000000000 +0200 +--- /dev/null 2009-09-23 10:56:02.148001752 +0200 ++++ openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c 2009-09-30 13:25:58.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10848,8 +10951,8 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c +#endif + diff -up openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips openssl-1.0.0-beta3/crypto/rc4/rc4.h ---- openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc4/rc4.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc4/rc4.h 2009-09-30 13:25:58.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -10862,7 +10965,7 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips openssl-1.0.0-beta3/crypto/rc unsigned char *outdata); diff -up openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c --- openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c 2009-09-30 13:25:58.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -10901,8 +11004,8 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta3/cryp for (i=0;i<256;i++) cp[i]=i; diff -up openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta3/crypto/ripemd/ripemd.h ---- openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/ripemd/ripemd.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/ripemd/ripemd.h 2009-09-30 13:25:58.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -10915,7 +11018,7 @@ diff -up openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta3/cry int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff -up openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c --- openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c 2009-09-30 13:25:58.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -10939,7 +11042,7 @@ diff -up openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta3/c c->A=RIPEMD160_A; diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c --- openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c 2009-09-30 13:25:58.000000000 +0200 @@ -114,6 +114,8 @@ #include #include @@ -11200,7 +11303,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta3/crypt } diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_err.c --- openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_err.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rsa/rsa_err.c 2009-09-30 13:25:58.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11229,8 +11332,8 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta3/crypt {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c --- openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c 2009-08-11 18:07:30.000000000 +0200 -@@ -67,6 +67,77 @@ ++++ openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c 2009-09-30 16:55:26.000000000 +0200 +@@ -67,6 +67,82 @@ #include "cryptlib.h" #include #include @@ -11252,16 +11355,19 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypt + const unsigned char tbs[] = "RSA Pairwise Check Data"; + unsigned char *ctbuf = NULL, *ptbuf = NULL; + int len, ret = 0; -+ EVP_PKEY pk; -+ pk.type = EVP_PKEY_RSA; -+ pk.pkey.rsa = rsa; ++ EVP_PKEY *pk; ++ ++ if ((pk=EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_RSA(pk, rsa); + + /* Perform pairwise consistency signature test */ -+ if (!fips_pkey_signature_test(&pk, tbs, -1, ++ if (!fips_pkey_signature_test(pk, tbs, -1, + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL) -+ || !fips_pkey_signature_test(&pk, tbs, -1, ++ || !fips_pkey_signature_test(pk, tbs, -1, + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL) -+ || !fips_pkey_signature_test(&pk, tbs, -1, ++ || !fips_pkey_signature_test(pk, tbs, -1, + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL)) + goto err; + /* Now perform pairwise consistency encrypt/decrypt test */ @@ -11301,6 +11407,8 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypt + OPENSSL_free(ctbuf); + if (ptbuf) + OPENSSL_free(ptbuf); ++ if (pk) ++ EVP_PKEY_free(pk); + + return ret; + } @@ -11308,7 +11416,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypt static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); -@@ -90,6 +161,23 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -90,6 +166,23 @@ static int rsa_builtin_keygen(RSA *rsa, int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; @@ -11332,7 +11440,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypt ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -@@ -201,6 +289,17 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -201,6 +294,17 @@ static int rsa_builtin_keygen(RSA *rsa, p = rsa->p; if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; @@ -11351,8 +11459,8 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypt err: if (ok == -1) diff -up openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips openssl-1.0.0-beta3/crypto/rsa/rsa.h ---- openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips 2009-08-11 18:07:29.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa.h 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips 2009-09-30 13:25:56.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rsa/rsa.h 2009-09-30 13:25:58.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11424,7 +11532,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips openssl-1.0.0-beta3/crypto/rs #define RSA_R_P_NOT_PRIME 128 diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c --- openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips 2008-08-06 17:54:14.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c 2009-09-30 13:25:58.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11556,7 +11664,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta3/crypt - } diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c --- openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c 2009-09-30 13:25:58.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11588,9 +11696,57 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta3/cryp if (i <= 0) goto err; +diff -up openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha_dgst.c +--- openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0-beta3/crypto/sha/sha_dgst.c 2009-09-30 13:25:58.000000000 +0200 +@@ -57,6 +57,12 @@ + */ + + #include ++#include ++#ifdef OPENSSL_FIPS ++#include ++#endif ++ ++#include + #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) + + #undef SHA_1 +diff -up openssl-1.0.0-beta3/crypto/sha/sha.h.fips openssl-1.0.0-beta3/crypto/sha/sha.h +--- openssl-1.0.0-beta3/crypto/sha/sha.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/sha/sha.h 2009-09-30 13:25:58.000000000 +0200 +@@ -106,6 +106,9 @@ typedef struct SHAstate_st + } SHA_CTX; + + #ifndef OPENSSL_NO_SHA0 ++#ifdef OPENSSL_FIPS ++int private_SHA_Init(SHA_CTX *c); ++#endif + int SHA_Init(SHA_CTX *c); + int SHA_Update(SHA_CTX *c, const void *data, size_t len); + int SHA_Final(unsigned char *md, SHA_CTX *c); +diff -up openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta3/crypto/sha/sha_locl.h +--- openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/sha/sha_locl.h 2009-09-30 13:25:58.000000000 +0200 +@@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, + #define INIT_DATA_h3 0x10325476UL + #define INIT_DATA_h4 0xc3d2e1f0UL + ++#if defined(SHA_0) && defined(OPENSSL_FIPS) ++FIPS_NON_FIPS_MD_Init(SHA) ++#else + int HASH_INIT (SHA_CTX *c) ++#endif + { ++#if defined(SHA_1) && defined(OPENSSL_FIPS) ++ FIPS_selftest_check(); ++#endif + memset (c,0,sizeof(*c)); + c->h0=INIT_DATA_h0; + c->h1=INIT_DATA_h1; diff -up openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha1dgst.c --- openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha1dgst.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/sha/sha1dgst.c 2009-09-30 13:25:58.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11604,7 +11760,7 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta3/cryp diff -up openssl-1.0.0-beta3/crypto/sha/sha256.c.fips openssl-1.0.0-beta3/crypto/sha/sha256.c --- openssl-1.0.0-beta3/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha256.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/sha/sha256.c 2009-09-30 13:25:58.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11637,7 +11793,7 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha256.c.fips openssl-1.0.0-beta3/crypto c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; diff -up openssl-1.0.0-beta3/crypto/sha/sha512.c.fips openssl-1.0.0-beta3/crypto/sha/sha512.c --- openssl-1.0.0-beta3/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha512.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/crypto/sha/sha512.c 2009-09-30 13:25:58.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11678,57 +11834,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha512.c.fips openssl-1.0.0-beta3/crypto asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) -diff -up openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha_dgst.c ---- openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha_dgst.c 2009-08-11 18:07:30.000000000 +0200 -@@ -57,6 +57,12 @@ - */ - - #include -+#include -+#ifdef OPENSSL_FIPS -+#include -+#endif -+ -+#include - #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) - - #undef SHA_1 -diff -up openssl-1.0.0-beta3/crypto/sha/sha.h.fips openssl-1.0.0-beta3/crypto/sha/sha.h ---- openssl-1.0.0-beta3/crypto/sha/sha.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/sha/sha.h 2009-08-11 18:07:30.000000000 +0200 -@@ -106,6 +106,9 @@ typedef struct SHAstate_st - } SHA_CTX; - - #ifndef OPENSSL_NO_SHA0 -+#ifdef OPENSSL_FIPS -+int private_SHA_Init(SHA_CTX *c); -+#endif - int SHA_Init(SHA_CTX *c); - int SHA_Update(SHA_CTX *c, const void *data, size_t len); - int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta3/crypto/sha/sha_locl.h ---- openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/sha/sha_locl.h 2009-08-11 18:07:30.000000000 +0200 -@@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, - #define INIT_DATA_h3 0x10325476UL - #define INIT_DATA_h4 0xc3d2e1f0UL - -+#if defined(SHA_0) && defined(OPENSSL_FIPS) -+FIPS_NON_FIPS_MD_Init(SHA) -+#else - int HASH_INIT (SHA_CTX *c) -+#endif - { -+#if defined(SHA_1) && defined(OPENSSL_FIPS) -+ FIPS_selftest_check(); -+#endif - memset (c,0,sizeof(*c)); - c->h0=INIT_DATA_h0; - c->h1=INIT_DATA_h1; diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org ---- openssl-1.0.0-beta3/Makefile.org.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/Makefile.org 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/Makefile.org.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/Makefile.org 2009-09-30 13:25:58.000000000 +0200 @@ -109,6 +109,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11756,124 +11864,9 @@ diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_clnt.c ---- openssl-1.0.0-beta3/ssl/s23_clnt.c.fips 2009-04-07 19:01:07.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s23_clnt.c 2009-08-11 18:07:30.000000000 +0200 -@@ -332,6 +332,14 @@ static int ssl23_client_hello(SSL *s) - version_major = TLS1_VERSION_MAJOR; - version_minor = TLS1_VERSION_MINOR; - } -+#ifdef OPENSSL_FIPS -+ else if(FIPS_mode()) -+ { -+ SSLerr(SSL_F_SSL23_CLIENT_HELLO, -+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); -+ return -1; -+ } -+#endif - else if (version == SSL3_VERSION) - { - version_major = SSL3_VERSION_MAJOR; -@@ -615,6 +623,14 @@ static int ssl23_get_server_hello(SSL *s - if ((p[2] == SSL3_VERSION_MINOR) && - !(s->options & SSL_OP_NO_SSLv3)) - { -+#ifdef OPENSSL_FIPS -+ if(FIPS_mode()) -+ { -+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, -+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); -+ goto err; -+ } -+#endif - s->version=SSL3_VERSION; - s->method=SSLv3_client_method(); - } -diff -up openssl-1.0.0-beta3/ssl/s23_srvr.c.fips openssl-1.0.0-beta3/ssl/s23_srvr.c ---- openssl-1.0.0-beta3/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s23_srvr.c 2009-08-11 18:07:30.000000000 +0200 -@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) - } - } - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && (s->version < TLS1_VERSION)) -+ { -+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, -+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); -+ goto err; -+ } -+#endif -+ - if (s->state == SSL23_ST_SR_CLNT_HELLO_B) - { - /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt.c ---- openssl-1.0.0-beta3/ssl/s3_clnt.c.fips 2009-06-16 18:39:20.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_clnt.c 2009-08-11 18:07:30.000000000 +0200 -@@ -156,6 +156,10 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS -+#include -+#endif -+ - #ifndef OPENSSL_NO_DH - #include - #endif -@@ -1524,6 +1528,8 @@ int ssl3_get_key_exchange(SSL *s) - q=md_buf; - for (num=2; num > 0; num--) - { -+ EVP_MD_CTX_set_flags(&md_ctx, -+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c ---- openssl-1.0.0-beta3/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_enc.c 2009-08-11 18:07:30.000000000 +0200 -@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * - #endif - k=0; - EVP_MD_CTX_init(&m5); -+ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_init(&s1); - for (i=0; (int)is3->tmp.new_cipher->algorithm2) && md) - { - s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); -+ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], -+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); - EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); - } -@@ -670,6 +673,7 @@ static int ssl3_handshake_mac(SSL *s, in - return 0; - } - EVP_MD_CTX_init(&ctx); -+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_copy_ex(&ctx,d); - n=EVP_MD_CTX_size(&ctx); - if (n < 0) -diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr.c ---- openssl-1.0.0-beta3/ssl/s3_srvr.c.fips 2009-06-26 17:04:22.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_srvr.c 2009-08-11 18:07:30.000000000 +0200 -@@ -1674,6 +1674,8 @@ int ssl3_send_server_key_exchange(SSL *s - j=0; - for (num=2; num > 0; num--) - { -+ EVP_MD_CTX_set_flags(&md_ctx, -+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips openssl-1.0.0-beta3/ssl/ssl_ciph.c --- openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips 2009-04-07 14:10:59.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-09-30 13:25:58.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11898,7 +11891,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips openssl-1.0.0-beta3/ssl/ssl_cip #ifdef CIPHER_DEBUG diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.fips openssl-1.0.0-beta3/ssl/ssl_lib.c --- openssl-1.0.0-beta3/ssl/ssl_lib.c.fips 2009-06-30 13:57:24.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-09-30 13:25:58.000000000 +0200 @@ -1470,6 +1470,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11915,8 +11908,8 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.fips openssl-1.0.0-beta3/ssl/ssl_lib. { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); diff -up openssl-1.0.0-beta3/ssl/ssltest.c.fips openssl-1.0.0-beta3/ssl/ssltest.c ---- openssl-1.0.0-beta3/ssl/ssltest.c.fips 2009-08-11 18:07:30.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssltest.c 2009-08-11 18:07:30.000000000 +0200 +--- openssl-1.0.0-beta3/ssl/ssltest.c.fips 2009-09-30 13:25:57.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/ssltest.c 2009-09-30 13:25:58.000000000 +0200 @@ -265,6 +265,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -11991,9 +11984,124 @@ diff -up openssl-1.0.0-beta3/ssl/ssltest.c.fips openssl-1.0.0-beta3/ssl/ssltest. if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif +diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_clnt.c +--- openssl-1.0.0-beta3/ssl/s23_clnt.c.fips 2009-04-07 19:01:07.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/s23_clnt.c 2009-09-30 13:25:58.000000000 +0200 +@@ -332,6 +332,14 @@ static int ssl23_client_hello(SSL *s) + version_major = TLS1_VERSION_MAJOR; + version_minor = TLS1_VERSION_MINOR; + } ++#ifdef OPENSSL_FIPS ++ else if(FIPS_mode()) ++ { ++ SSLerr(SSL_F_SSL23_CLIENT_HELLO, ++ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif + else if (version == SSL3_VERSION) + { + version_major = SSL3_VERSION_MAJOR; +@@ -615,6 +623,14 @@ static int ssl23_get_server_hello(SSL *s + if ((p[2] == SSL3_VERSION_MINOR) && + !(s->options & SSL_OP_NO_SSLv3)) + { ++#ifdef OPENSSL_FIPS ++ if(FIPS_mode()) ++ { ++ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, ++ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); ++ goto err; ++ } ++#endif + s->version=SSL3_VERSION; + s->method=SSLv3_client_method(); + } +diff -up openssl-1.0.0-beta3/ssl/s23_srvr.c.fips openssl-1.0.0-beta3/ssl/s23_srvr.c +--- openssl-1.0.0-beta3/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/s23_srvr.c 2009-09-30 13:25:58.000000000 +0200 +@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) + } + } + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && (s->version < TLS1_VERSION)) ++ { ++ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, ++ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); ++ goto err; ++ } ++#endif ++ + if (s->state == SSL23_ST_SR_CLNT_HELLO_B) + { + /* we have SSLv3/TLSv1 in an SSLv2 header +diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt.c +--- openssl-1.0.0-beta3/ssl/s3_clnt.c.fips 2009-06-16 18:39:20.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/s3_clnt.c 2009-09-30 13:25:58.000000000 +0200 +@@ -156,6 +156,10 @@ + #include + #include + #include ++#ifdef OPENSSL_FIPS ++#include ++#endif ++ + #ifndef OPENSSL_NO_DH + #include + #endif +@@ -1524,6 +1528,8 @@ int ssl3_get_key_exchange(SSL *s) + q=md_buf; + for (num=2; num > 0; num--) + { ++ EVP_MD_CTX_set_flags(&md_ctx, ++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); + EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); +diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c +--- openssl-1.0.0-beta3/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/s3_enc.c 2009-09-30 13:25:58.000000000 +0200 +@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * + #endif + k=0; + EVP_MD_CTX_init(&m5); ++ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_MD_CTX_init(&s1); + for (i=0; (int)is3->tmp.new_cipher->algorithm2) && md) + { + s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); ++ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], ++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); + EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); + } +@@ -670,6 +673,7 @@ static int ssl3_handshake_mac(SSL *s, in + return 0; + } + EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_MD_CTX_copy_ex(&ctx,d); + n=EVP_MD_CTX_size(&ctx); + if (n < 0) +diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr.c +--- openssl-1.0.0-beta3/ssl/s3_srvr.c.fips 2009-06-26 17:04:22.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/s3_srvr.c 2009-09-30 13:25:58.000000000 +0200 +@@ -1674,6 +1674,8 @@ int ssl3_send_server_key_exchange(SSL *s + j=0; + for (num=2; num > 0; num--) + { ++ EVP_MD_CTX_set_flags(&md_ctx, ++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(&md_ctx,(num == 2) + ?s->ctx->md5:s->ctx->sha1, NULL); + EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff -up openssl-1.0.0-beta3/ssl/t1_enc.c.fips openssl-1.0.0-beta3/ssl/t1_enc.c --- openssl-1.0.0-beta3/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/t1_enc.c 2009-08-11 18:07:30.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/t1_enc.c 2009-09-30 13:25:58.000000000 +0200 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md HMAC_CTX_init(&ctx); diff --git a/openssl.spec b/openssl.spec index f0cf488..09dc467 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.7.%{beta}%{?dist} +Release: 0.8.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -63,10 +63,10 @@ Patch49: openssl-0.9.8k-algo-doc.patch Patch50: openssl-1.0.0-beta3-curl.patch Patch51: openssl-1.0.0-beta3-const.patch Patch52: openssl-1.0.0-beta3-dss1.patch -Patch53: openssl-1.0.0-beta3-cmll-noasm.patch # Backported fixes including security fixes Patch60: openssl-1.0.0-beta3-namingstr.patch Patch61: openssl-1.0.0-beta3-namingblk.patch +Patch62: openssl-1.0.0-beta3-camellia-rounds.patch License: OpenSSL Group: System Environment/Libraries @@ -148,9 +148,9 @@ from other formats to the formats used by the OpenSSL toolkit. %patch50 -p1 -b .curl %patch51 -p1 -b .const %patch52 -p1 -b .dss1 -%patch53 -p1 -b .cmll-noasm %patch60 -p1 -b .namingstr %patch61 -p1 -b .namingblk +%patch62 -p1 -b .cmll-rounds # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -399,6 +399,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Wed Sep 30 2009 Tomas Mraz 1.0.0-0.8.beta3 +- fix RSA and DSA FIPS selftests +- reenable fixed x86_64 camellia assembler code (#521127) + * Fri Sep 4 2009 Tomas Mraz 1.0.0-0.7.beta3 - temporarily disable x86_64 camellia assembler code (#521127) From 5c062c1ba91cbbf694bdf55beaec16243b7e2d0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Thu, 8 Oct 2009 19:01:43 +0000 Subject: [PATCH 03/20] - fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION() --- openssl-1.0.0-beta3-dtls1-fix.patch | 28 +++++++++++++++++++++++++++ openssl-1.0.0-beta3-ssl-session.patch | 27 ++++++++++++++++++++++++++ openssl.spec | 10 +++++++++- 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 openssl-1.0.0-beta3-dtls1-fix.patch create mode 100644 openssl-1.0.0-beta3-ssl-session.patch diff --git a/openssl-1.0.0-beta3-dtls1-fix.patch b/openssl-1.0.0-beta3-dtls1-fix.patch new file mode 100644 index 0000000..32e7b56 --- /dev/null +++ b/openssl-1.0.0-beta3-dtls1-fix.patch @@ -0,0 +1,28 @@ +Index: openssl/ssl/d1_clnt.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v +rcsdiff -q -kk '-r1.16.2.10' '-r1.16.2.11' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null +--- openssl/ssl/d1_clnt.c 2009/07/15 11:32:57 1.16.2.10 ++++ openssl/ssl/d1_clnt.c 2009/07/24 11:52:32 1.16.2.11 +@@ -223,6 +223,8 @@ + s->init_num=0; + /* mark client_random uninitialized */ + memset(s->s3->client_random,0,sizeof(s->s3->client_random)); ++ s->d1->send_cookie = 0; ++ s->hit = 0; + break; + + case SSL3_ST_CW_CLNT_HELLO_A: +Index: openssl/ssl/d1_pkt.c +RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v +rcsdiff -q -kk '-r1.27.2.13' '-r1.27.2.14' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null +--- openssl/ssl/d1_pkt.c 2009/07/13 11:44:04 1.27.2.13 ++++ openssl/ssl/d1_pkt.c 2009/07/24 11:52:32 1.27.2.14 +@@ -775,7 +775,7 @@ + /* Check for timeout */ + if (dtls1_is_timer_expired(s)) + { +- if (dtls1_read_failed(s, -1) > 0); ++ if (dtls1_read_failed(s, -1) > 0) + goto start; + } + diff --git a/openssl-1.0.0-beta3-ssl-session.patch b/openssl-1.0.0-beta3-ssl-session.patch new file mode 100644 index 0000000..923b871 --- /dev/null +++ b/openssl-1.0.0-beta3-ssl-session.patch @@ -0,0 +1,27 @@ +Index: openssl/ssl/ssl_asn1.c +RCS File: /v/openssl/cvs/openssl/ssl/ssl_asn1.c,v +rcsdiff -q -kk '-r1.36.2.2' '-r1.36.2.3' -u '/v/openssl/cvs/openssl/ssl/ssl_asn1.c,v' 2>/dev/null +--- openssl/ssl/ssl_asn1.c 2009/08/05 15:29:14 1.36.2.2 ++++ openssl/ssl/ssl_asn1.c 2009/09/02 13:20:22 1.36.2.3 +@@ -413,8 +413,8 @@ + } + else + { +- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); +- return(NULL); ++ c.error=SSL_R_UNKNOWN_SSL_VERSION; ++ goto err; + } + + ret->cipher=NULL; +@@ -505,8 +505,8 @@ + { + if (os.length > SSL_MAX_SID_CTX_LENGTH) + { +- ret->sid_ctx_length=os.length; +- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); ++ c.error=SSL_R_BAD_LENGTH; ++ goto err; + } + else + { diff --git a/openssl.spec b/openssl.spec index 09dc467..ff3176a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.8.%{beta}%{?dist} +Release: 0.9.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -67,6 +67,8 @@ Patch52: openssl-1.0.0-beta3-dss1.patch Patch60: openssl-1.0.0-beta3-namingstr.patch Patch61: openssl-1.0.0-beta3-namingblk.patch Patch62: openssl-1.0.0-beta3-camellia-rounds.patch +Patch63: openssl-1.0.0-beta3-dtls1-fix.patch +Patch64: openssl-1.0.0-beta3-ssl-session.patch License: OpenSSL Group: System Environment/Libraries @@ -151,6 +153,8 @@ from other formats to the formats used by the OpenSSL toolkit. %patch60 -p1 -b .namingstr %patch61 -p1 -b .namingblk %patch62 -p1 -b .cmll-rounds +%patch63 -p1 -b .dtls1-fix +%patch64 -p1 -b .ssl-session # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -399,6 +403,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Thu Oct 8 2009 Tomas Mraz 1.0.0-0.9.beta3 +- fix typo in DTLS1 code (#527015) +- fix leak in error handling of d2i_SSL_SESSION() + * Wed Sep 30 2009 Tomas Mraz 1.0.0-0.8.beta3 - fix RSA and DSA FIPS selftests - reenable fixed x86_64 camellia assembler code (#521127) From a650e4abcbfc71c7aee6a0cae06c38544e36342e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 16 Oct 2009 11:40:27 +0000 Subject: [PATCH 04/20] - fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342) --- openssl-1.0.0-beta3-ssl-free.patch | 31 ++++++++++++++++++++++++++++++ openssl.spec | 8 +++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 openssl-1.0.0-beta3-ssl-free.patch diff --git a/openssl-1.0.0-beta3-ssl-free.patch b/openssl-1.0.0-beta3-ssl-free.patch new file mode 100644 index 0000000..61f56ea --- /dev/null +++ b/openssl-1.0.0-beta3-ssl-free.patch @@ -0,0 +1,31 @@ +diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.ctx-free openssl-1.0.0-beta3/ssl/ssl_lib.c +--- openssl-1.0.0-beta3/ssl/ssl_lib.c.ctx-free 2009-10-08 20:44:26.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-10-16 11:56:53.000000000 +0200 +@@ -556,7 +556,6 @@ void SSL_free(SSL *s) + if (s->cert != NULL) ssl_cert_free(s->cert); + /* Free up if allocated */ + +- if (s->ctx) SSL_CTX_free(s->ctx); + #ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_hostname) + OPENSSL_free(s->tlsext_hostname); +@@ -580,6 +579,8 @@ void SSL_free(SSL *s) + + if (s->method != NULL) s->method->ssl_free(s); + ++ if (s->ctx) SSL_CTX_free(s->ctx); ++ + #ifndef OPENSSL_NO_KRB5 + if (s->kssl_ctx != NULL) + kssl_ctx_free(s->kssl_ctx); +diff -up openssl-1.0.0-beta3/ssl/s3_lib.c.hbuf-clear openssl-1.0.0-beta3/ssl/s3_lib.c +--- openssl-1.0.0-beta3/ssl/s3_lib.c.hbuf-clear 2009-05-28 20:10:47.000000000 +0200 ++++ openssl-1.0.0-beta3/ssl/s3_lib.c 2009-10-16 09:50:24.000000000 +0200 +@@ -2211,6 +2211,7 @@ void ssl3_clear(SSL *s) + wlen = s->s3->wbuf.len; + if (s->s3->handshake_buffer) { + BIO_free(s->s3->handshake_buffer); ++ s->s3->handshake_buffer = NULL; + } + if (s->s3->handshake_dgst) { + ssl3_free_digest_list(s); diff --git a/openssl.spec b/openssl.spec index ff3176a..1412c86 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.9.%{beta}%{?dist} +Release: 0.10.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -69,6 +69,7 @@ Patch61: openssl-1.0.0-beta3-namingblk.patch Patch62: openssl-1.0.0-beta3-camellia-rounds.patch Patch63: openssl-1.0.0-beta3-dtls1-fix.patch Patch64: openssl-1.0.0-beta3-ssl-session.patch +Patch65: openssl-1.0.0-beta3-ssl-free.patch License: OpenSSL Group: System Environment/Libraries @@ -155,6 +156,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch62 -p1 -b .cmll-rounds %patch63 -p1 -b .dtls1-fix %patch64 -p1 -b .ssl-session +%patch65 -p1 -b .ssl-free # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -403,6 +405,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Fri Oct 16 2009 Tomas Mraz 1.0.0-0.10.beta3 +- fix use of freed memory if SSL_CTX_free() is called before + SSL_free() (#521342) + * Thu Oct 8 2009 Tomas Mraz 1.0.0-0.9.beta3 - fix typo in DTLS1 code (#527015) - fix leak in error handling of d2i_SSL_SESSION() From 27847ae31820b1348530be491a8c9575a39bdb5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Thu, 12 Nov 2009 21:15:24 +0000 Subject: [PATCH 05/20] - update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final. --- .cvsignore | 2 +- openssl-0.9.8b-aliasing-bug.patch | 24 - openssl-0.9.8j-ca-dir.patch | 36 - openssl-1.0.0-beta3-camellia-rounds.patch | 12 - openssl-1.0.0-beta3-const.patch | 36 - openssl-1.0.0-beta3-curl.patch | 27 - openssl-1.0.0-beta3-dss1.patch | 11 - openssl-1.0.0-beta3-dtls1-fix.patch | 28 - openssl-1.0.0-beta3-enginesdir.patch | 52 - openssl-1.0.0-beta3-fipsmode.patch | 4 +- openssl-1.0.0-beta3-krb5.patch | 12 - openssl-1.0.0-beta3-namingblk.patch | 253 --- openssl-1.0.0-beta3-namingstr.patch | 1663 ----------------- openssl-1.0.0-beta3-ssl-free.patch | 31 - openssl-1.0.0-beta3-ssl-session.patch | 27 - ...atch => openssl-1.0.0-beta4-algo-doc.patch | 16 +- openssl-1.0.0-beta4-binutils.patch | 56 + openssl-1.0.0-beta4-ca-dir.patch | 36 + ...=> openssl-1.0.0-beta4-default-paths.patch | 28 +- openssl-1.0.0-beta4-dtls1-abi.patch | 25 + openssl-1.0.0-beta4-enginesdir.patch | 52 + ...ps.patch => openssl-1.0.0-beta4-fips.patch | 798 ++++---- ....patch => openssl-1.0.0-beta4-redhat.patch | 14 +- openssl-1.0.0-beta4-reneg.patch | 237 +++ openssl.spec | 52 +- sources | 2 +- 26 files changed, 833 insertions(+), 2701 deletions(-) delete mode 100644 openssl-0.9.8b-aliasing-bug.patch delete mode 100644 openssl-0.9.8j-ca-dir.patch delete mode 100644 openssl-1.0.0-beta3-camellia-rounds.patch delete mode 100644 openssl-1.0.0-beta3-const.patch delete mode 100644 openssl-1.0.0-beta3-curl.patch delete mode 100644 openssl-1.0.0-beta3-dss1.patch delete mode 100644 openssl-1.0.0-beta3-dtls1-fix.patch delete mode 100644 openssl-1.0.0-beta3-enginesdir.patch delete mode 100644 openssl-1.0.0-beta3-krb5.patch delete mode 100644 openssl-1.0.0-beta3-namingblk.patch delete mode 100644 openssl-1.0.0-beta3-namingstr.patch delete mode 100644 openssl-1.0.0-beta3-ssl-free.patch delete mode 100644 openssl-1.0.0-beta3-ssl-session.patch rename openssl-0.9.8k-algo-doc.patch => openssl-1.0.0-beta4-algo-doc.patch (86%) create mode 100644 openssl-1.0.0-beta4-binutils.patch create mode 100644 openssl-1.0.0-beta4-ca-dir.patch rename openssl-1.0.0-beta3-default-paths.patch => openssl-1.0.0-beta4-default-paths.patch (66%) create mode 100644 openssl-1.0.0-beta4-dtls1-abi.patch create mode 100644 openssl-1.0.0-beta4-enginesdir.patch rename openssl-1.0.0-beta3-fips.patch => openssl-1.0.0-beta4-fips.patch (91%) rename openssl-1.0.0-beta3-redhat.patch => openssl-1.0.0-beta4-redhat.patch (92%) create mode 100644 openssl-1.0.0-beta4-reneg.patch diff --git a/.cvsignore b/.cvsignore index 37e2722..3819647 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-beta3-usa.tar.bz2 +openssl-1.0.0-beta4-usa.tar.bz2 diff --git a/openssl-0.9.8b-aliasing-bug.patch b/openssl-0.9.8b-aliasing-bug.patch deleted file mode 100644 index 8d3b36a..0000000 --- a/openssl-0.9.8b-aliasing-bug.patch +++ /dev/null @@ -1,24 +0,0 @@ - -This patch fixes a violation of the C aliasing rules that can cause -miscompilation with some compiler versions. - ---- openssl-0.9.8b/crypto/dso/dso_dlfcn.c.orig 2006-10-30 18:21:35.000000000 +0100 -+++ openssl-0.9.8b/crypto/dso/dso_dlfcn.c 2006-10-30 18:21:37.000000000 +0100 -@@ -237,7 +237,7 @@ static void *dlfcn_bind_var(DSO *dso, co - static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) - { - void *ptr; -- DSO_FUNC_TYPE sym, *tsym = &sym; -+ DSO_FUNC_TYPE sym; - - if((dso == NULL) || (symname == NULL)) - { -@@ -255,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO - DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); - return(NULL); - } -- *(void **)(tsym) = dlsym(ptr, symname); -+ sym = dlsym(ptr, symname); - if(sym == NULL) - { - DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); diff --git a/openssl-0.9.8j-ca-dir.patch b/openssl-0.9.8j-ca-dir.patch deleted file mode 100644 index 17cd3f9..0000000 --- a/openssl-0.9.8j-ca-dir.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up openssl-0.9.8j/apps/openssl.cnf.ca-dir openssl-0.9.8j/apps/openssl.cnf ---- openssl-0.9.8j/apps/openssl.cnf.ca-dir 2009-01-13 23:20:10.000000000 +0100 -+++ openssl-0.9.8j/apps/openssl.cnf 2009-01-13 23:20:10.000000000 +0100 -@@ -34,7 +34,7 @@ default_ca = CA_default # The default c - #################################################################### - [ CA_default ] - --dir = ./demoCA # Where everything is kept -+dir = /etc/pki/CA # Where everything is kept - certs = $dir/certs # Where the issued certs are kept - crl_dir = $dir/crl # Where the issued crl are kept - database = $dir/index.txt # database index file. -diff -up openssl-0.9.8j/apps/CA.sh.ca-dir openssl-0.9.8j/apps/CA.sh ---- openssl-0.9.8j/apps/CA.sh.ca-dir 2005-07-04 23:44:22.000000000 +0200 -+++ openssl-0.9.8j/apps/CA.sh 2009-01-13 23:20:10.000000000 +0100 -@@ -39,7 +39,7 @@ CA="$OPENSSL ca $SSLEAY_CONFIG" - VERIFY="$OPENSSL verify" - X509="$OPENSSL x509" - --CATOP=./demoCA -+CATOP=/etc/pki/CA - CAKEY=./cakey.pem - CAREQ=./careq.pem - CACERT=./cacert.pem -diff -up openssl-0.9.8j/apps/CA.pl.in.ca-dir openssl-0.9.8j/apps/CA.pl.in ---- openssl-0.9.8j/apps/CA.pl.in.ca-dir 2006-04-28 02:28:51.000000000 +0200 -+++ openssl-0.9.8j/apps/CA.pl.in 2009-01-13 23:20:10.000000000 +0100 -@@ -53,7 +53,7 @@ $VERIFY="$openssl verify"; - $X509="$openssl x509"; - $PKCS12="$openssl pkcs12"; - --$CATOP="./demoCA"; -+$CATOP="/etc/pki/CA"; - $CAKEY="cakey.pem"; - $CAREQ="careq.pem"; - $CACERT="cacert.pem"; diff --git a/openssl-1.0.0-beta3-camellia-rounds.patch b/openssl-1.0.0-beta3-camellia-rounds.patch deleted file mode 100644 index a43b602..0000000 --- a/openssl-1.0.0-beta3-camellia-rounds.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl.rounds openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl ---- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl.rounds 2009-09-15 12:09:08.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl 2009-09-15 12:09:48.000000000 +0200 -@@ -656,7 +656,7 @@ Camellia_cbc_encrypt: - mov %rsi,$out # out argument - mov %r8,%rbx # ivp argument - mov %rcx,$key # key argument -- mov 272(%rcx),$keyend # grandRounds -+ mov 272(%rcx),${keyend}d # grandRounds - - mov %r8,$_ivp - mov %rbp,$_rsp diff --git a/openssl-1.0.0-beta3-const.patch b/openssl-1.0.0-beta3-const.patch deleted file mode 100644 index 77c1c95..0000000 --- a/openssl-1.0.0-beta3-const.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod ---- openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const 2009-02-14 22:49:37.000000000 +0100 -+++ openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod 2009-08-22 16:15:32.000000000 +0200 -@@ -11,7 +11,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits - const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); - int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); - char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); -- char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); -+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); - - =head1 DESCRIPTION - -diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.const openssl-1.0.0-beta3/ssl/ssl_ciph.c ---- openssl-1.0.0-beta3/ssl/ssl_ciph.c.const 2009-08-22 15:56:12.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-08-22 15:56:12.000000000 +0200 -@@ -1458,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - return(cipherstack); - } - --char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) -+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) - { - int is_export,pkl,kl; - const char *ver,*exp_str; -diff -up openssl-1.0.0-beta3/ssl/ssl.h.const openssl-1.0.0-beta3/ssl/ssl.h ---- openssl-1.0.0-beta3/ssl/ssl.h.const 2009-08-22 15:56:11.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-22 15:56:12.000000000 +0200 -@@ -1638,7 +1638,7 @@ long SSL_get_default_timeout(const SSL * - - int SSL_library_init(void ); - --char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); -+char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); - STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); - - SSL *SSL_dup(SSL *ssl); diff --git a/openssl-1.0.0-beta3-curl.patch b/openssl-1.0.0-beta3-curl.patch deleted file mode 100644 index 6141c0e..0000000 --- a/openssl-1.0.0-beta3-curl.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up openssl-1.0.0-beta3/apps/tsget.curl openssl-1.0.0-beta3/apps/tsget ---- openssl-1.0.0-beta3/apps/tsget.curl 2006-02-13 00:11:21.000000000 +0100 -+++ openssl-1.0.0-beta3/apps/tsget 2009-08-21 15:37:24.000000000 +0200 -@@ -7,7 +7,7 @@ use strict; - use IO::Handle; - use Getopt::Std; - use File::Basename; --use WWW::Curl::easy; -+use WWW::Curl::Easy; - - use vars qw(%options); - -@@ -37,7 +37,7 @@ sub create_curl { - my $url = shift; - - # Create Curl object. -- my $curl = WWW::Curl::easy::new(); -+ my $curl = WWW::Curl::Easy::new(); - - # Error-handling related options. - $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d}; -@@ -192,4 +192,4 @@ REQUEST: foreach (@ARGV) { - STDERR->printflush(", $output written.\n") if $options{v}; - } - $curl->cleanup(); --WWW::Curl::easy::global_cleanup(); -+WWW::Curl::Easy::global_cleanup(); diff --git a/openssl-1.0.0-beta3-dss1.patch b/openssl-1.0.0-beta3-dss1.patch deleted file mode 100644 index 983ddc8..0000000 --- a/openssl-1.0.0-beta3-dss1.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c.dss1 openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c.dss1 2008-11-05 19:38:56.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_pmeth.c 2009-08-31 12:53:47.000000000 +0200 -@@ -186,6 +186,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *c - - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && -+ EVP_MD_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256) - { diff --git a/openssl-1.0.0-beta3-dtls1-fix.patch b/openssl-1.0.0-beta3-dtls1-fix.patch deleted file mode 100644 index 32e7b56..0000000 --- a/openssl-1.0.0-beta3-dtls1-fix.patch +++ /dev/null @@ -1,28 +0,0 @@ -Index: openssl/ssl/d1_clnt.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v -rcsdiff -q -kk '-r1.16.2.10' '-r1.16.2.11' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null ---- openssl/ssl/d1_clnt.c 2009/07/15 11:32:57 1.16.2.10 -+++ openssl/ssl/d1_clnt.c 2009/07/24 11:52:32 1.16.2.11 -@@ -223,6 +223,8 @@ - s->init_num=0; - /* mark client_random uninitialized */ - memset(s->s3->client_random,0,sizeof(s->s3->client_random)); -+ s->d1->send_cookie = 0; -+ s->hit = 0; - break; - - case SSL3_ST_CW_CLNT_HELLO_A: -Index: openssl/ssl/d1_pkt.c -RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v -rcsdiff -q -kk '-r1.27.2.13' '-r1.27.2.14' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null ---- openssl/ssl/d1_pkt.c 2009/07/13 11:44:04 1.27.2.13 -+++ openssl/ssl/d1_pkt.c 2009/07/24 11:52:32 1.27.2.14 -@@ -775,7 +775,7 @@ - /* Check for timeout */ - if (dtls1_is_timer_expired(s)) - { -- if (dtls1_read_failed(s, -1) > 0); -+ if (dtls1_read_failed(s, -1) > 0) - goto start; - } - diff --git a/openssl-1.0.0-beta3-enginesdir.patch b/openssl-1.0.0-beta3-enginesdir.patch deleted file mode 100644 index 78a3c50..0000000 --- a/openssl-1.0.0-beta3-enginesdir.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up openssl-1.0.0-beta3/Configure.enginesdir openssl-1.0.0-beta3/Configure ---- openssl-1.0.0-beta3/Configure.enginesdir 2009-08-10 19:46:32.000000000 +0200 -+++ openssl-1.0.0-beta3/Configure 2009-08-10 19:46:32.000000000 +0200 -@@ -616,6 +616,7 @@ my $idx_multilib = $idx++; - - my $prefix=""; - my $openssldir=""; -+my $enginesdir=""; - my $exe_ext=""; - my $install_prefix=""; - my $cross_compile_prefix=""; -@@ -820,6 +821,10 @@ PROCESS_ARGS: - { - $openssldir=$1; - } -+ elsif (/^--enginesdir=(.*)$/) -+ { -+ $enginesdir=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -1037,7 +1042,7 @@ chop $prefix if $prefix =~ /.\/$/; - - $openssldir=$prefix . "/ssl" if $openssldir eq ""; - $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -- -+$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; - - print "IsMK1MF=$IsMK1MF\n"; - -@@ -1645,7 +1650,7 @@ while () - # $foo is to become "$prefix/lib$multilib/engines"; - # as Makefile.org and engines/Makefile are adapted for - # $multilib suffix. -- my $foo = "$prefix/lib/engines"; -+ my $foo = "$enginesdir"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } -diff -up openssl-1.0.0-beta3/engines/Makefile.enginesdir openssl-1.0.0-beta3/engines/Makefile ---- openssl-1.0.0-beta3/engines/Makefile.enginesdir 2009-06-14 04:37:22.000000000 +0200 -+++ openssl-1.0.0-beta3/engines/Makefile 2009-08-10 19:46:48.000000000 +0200 -@@ -123,7 +123,7 @@ install: - sfx=".so"; \ - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \ -+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx ); \ - done; \ - fi diff --git a/openssl-1.0.0-beta3-fipsmode.patch b/openssl-1.0.0-beta3-fipsmode.patch index 643654e..2fbf0a6 100644 --- a/openssl-1.0.0-beta3-fipsmode.patch +++ b/openssl-1.0.0-beta3-fipsmode.patch @@ -222,7 +222,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -115,6 +121,38 @@ int SSL_library_init(void) +@@ -115,6 +121,40 @@ int SSL_library_init(void) EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif @@ -241,6 +241,8 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl +#ifndef OPENSSL_NO_MD5 + /* needed even in the FIPS mode for TLS MAC */ + EVP_add_digest(EVP_md5()); ++ EVP_add_digest_alias(SN_md5,"ssl2-md5"); ++ EVP_add_digest_alias(SN_md5,"ssl3-md5"); +#endif +#ifndef OPENSSL_NO_SHA + EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ diff --git a/openssl-1.0.0-beta3-krb5.patch b/openssl-1.0.0-beta3-krb5.patch deleted file mode 100644 index ef7ccde..0000000 --- a/openssl-1.0.0-beta3-krb5.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.0-beta3/Makefile.org.krb5 openssl-1.0.0-beta3/Makefile.org ---- openssl-1.0.0-beta3/Makefile.org.krb5 2009-04-23 18:12:09.000000000 +0200 -+++ openssl-1.0.0-beta3/Makefile.org 2009-08-04 23:01:16.000000000 +0200 -@@ -299,7 +299,7 @@ build-shared: do_$(SHLIB_TARGET) link-sh - - do_$(SHLIB_TARGET): - @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ -- if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \ -+ if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ diff --git a/openssl-1.0.0-beta3-namingblk.patch b/openssl-1.0.0-beta3-namingblk.patch deleted file mode 100644 index d43e56c..0000000 --- a/openssl-1.0.0-beta3-namingblk.patch +++ /dev/null @@ -1,253 +0,0 @@ -Index: openssl/crypto/asn1/a_set.c -RCS File: /v/openssl/cvs/openssl/crypto/asn1/a_set.c,v -rcsdiff -q -kk '-r1.20' '-r1.20.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/a_set.c,v' 2>/dev/null ---- openssl/crypto/asn1/a_set.c 2009/01/01 18:30:50 1.20 -+++ openssl/crypto/asn1/a_set.c 2009/07/27 21:21:25 1.20.2.1 -@@ -85,7 +85,7 @@ - } - - /* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ --int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp, -+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, - i2d_of_void *i2d, int ex_tag, int ex_class, - int is_set) - { -@@ -97,8 +97,8 @@ - int totSize; - - if (a == NULL) return(0); -- for (i=sk_BLOCK_num(a)-1; i>=0; i--) -- ret+=i2d(sk_BLOCK_value(a,i),NULL); -+ for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--) -+ ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL); - r=ASN1_object_size(1,ret,ex_tag); - if (pp == NULL) return(r); - -@@ -109,10 +109,10 @@ - /* And then again by Ben */ - /* And again by Steve */ - -- if(!is_set || (sk_BLOCK_num(a) < 2)) -+ if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) - { -- for (i=0; i/dev/null ---- openssl/crypto/asn1/asn1.h 2009/07/24 11:15:55 1.166.2.3 -+++ openssl/crypto/asn1/asn1.h 2009/07/27 21:21:25 1.166.2.4 -@@ -887,12 +887,13 @@ - ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); - int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); - --int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp, -+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, - i2d_of_void *i2d, int ex_tag, int ex_class, - int is_set); --STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp, -+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, -+ const unsigned char **pp, - long length, d2i_of_void *d2i, -- void (*free_func)(BLOCK), int ex_tag, -+ void (*free_func)(OPENSSL_BLOCK), int ex_tag, - int ex_class); - - #ifndef OPENSSL_NO_BIO -@@ -1045,9 +1046,9 @@ - int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, - unsigned char *data, int max_len); - --STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, -- d2i_of_void *d2i, void (*free_func)(BLOCK)); --unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d, -+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, -+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK)); -+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, - unsigned char **buf, int *len ); - void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); - void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); -Index: openssl/crypto/asn1/asn_pack.c -RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v -rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v' 2>/dev/null ---- openssl/crypto/asn1/asn_pack.c 2008/11/12 03:57:49 1.19 -+++ openssl/crypto/asn1/asn_pack.c 2009/07/27 21:21:25 1.19.2.1 -@@ -66,10 +66,10 @@ - - /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ - --STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, -- d2i_of_void *d2i, void (*free_func)(BLOCK)) -+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, -+ d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK)) - { -- STACK_OF(BLOCK) *sk; -+ STACK_OF(OPENSSL_BLOCK) *sk; - const unsigned char *pbuf; - pbuf = buf; - if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, -@@ -82,7 +82,7 @@ - * OPENSSL_malloc'ed buffer - */ - --unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d, -+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, - unsigned char **buf, int *len) - { - int safelen; -Index: openssl/crypto/stack/safestack.h -RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v -rcsdiff -q -kk '-r1.72.2.4' '-r1.72.2.5' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null ---- openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4 -+++ openssl/crypto/stack/safestack.h 2009/07/27 21:21:25 1.72.2.5 -@@ -128,8 +128,8 @@ - * nul-terminated. These should also be distinguished from "normal" - * stacks. */ - --typedef void *BLOCK; --DECLARE_SPECIAL_STACK_OF(BLOCK, void) -+typedef void *OPENSSL_BLOCK; -+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) - - /* SKM_sk_... stack macros are internal to safestack.h: - * never use them directly, use sk__... instead */ -@@ -2055,29 +2055,29 @@ - #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) - - --#define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) --#define sk_BLOCK_new_null() ((STACK_OF(BLOCK) *)sk_new_null()) --#define sk_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val)) --#define sk_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val)) --#define sk_BLOCK_value(st, i) ((BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(BLOCK), st), i)) --#define sk_BLOCK_num(st) SKM_sk_num(BLOCK, st) --#define sk_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_FREE_FUNC2(BLOCK, free_func)) --#define sk_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val), i) --#define sk_BLOCK_free(st) SKM_sk_free(BLOCK, st) --#define sk_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), i, CHECKED_PTR_OF(void, val)) --#define sk_BLOCK_zero(st) SKM_sk_zero(BLOCK, (st)) --#define sk_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val)) --#define sk_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) --#define sk_BLOCK_delete(st, i) SKM_sk_delete(BLOCK, (st), (i)) --#define sk_BLOCK_delete_ptr(st, ptr) (BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, ptr)) --#define sk_BLOCK_set_cmp_func(st, cmp) \ -+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) -+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i)) -+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) -+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) -+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i) -+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) -+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val)) -+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) -+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) -+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) -+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) -+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr)) -+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ - ((int (*)(const void * const *,const void * const *)) \ -- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) --#define sk_BLOCK_dup(st) SKM_sk_dup(BLOCK, st) --#define sk_BLOCK_shift(st) SKM_sk_shift(BLOCK, (st)) --#define sk_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st)) --#define sk_BLOCK_sort(st) SKM_sk_sort(BLOCK, (st)) --#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st)) -+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) -+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) -+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) -+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st)) -+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) -+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) - - - #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) diff --git a/openssl-1.0.0-beta3-namingstr.patch b/openssl-1.0.0-beta3-namingstr.patch deleted file mode 100644 index 44dee95..0000000 --- a/openssl-1.0.0-beta3-namingstr.patch +++ /dev/null @@ -1,1663 +0,0 @@ -Index: openssl/apps/apps.c -RCS File: /v/openssl/cvs/openssl/apps/apps.c,v -rcsdiff -q -kk '-r1.133.2.6' '-r1.133.2.7' -u '/v/openssl/cvs/openssl/apps/apps.c,v' 2>/dev/null ---- openssl/apps/apps.c 2009/06/29 16:09:58 1.133.2.6 -+++ openssl/apps/apps.c 2009/07/27 21:08:43 1.133.2.7 -@@ -1488,7 +1488,7 @@ - return p; - } - --static unsigned long index_serial_hash(const CSTRING *a) -+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) - { - const char *n; - -@@ -1497,7 +1497,7 @@ - return(lh_strhash(n)); - } - --static int index_serial_cmp(const CSTRING *a, const CSTRING *b) -+static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) - { - const char *aa,*bb; - -@@ -1509,16 +1509,16 @@ - static int index_name_qual(char **a) - { return(a[0][0] == 'V'); } - --static unsigned long index_name_hash(const CSTRING *a) -+static unsigned long index_name_hash(const OPENSSL_CSTRING *a) - { return(lh_strhash(a[DB_name])); } - --int index_name_cmp(const CSTRING *a, const CSTRING *b) -+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) - { return(strcmp(a[DB_name], b[DB_name])); } - --static IMPLEMENT_LHASH_HASH_FN(index_serial, CSTRING) --static IMPLEMENT_LHASH_COMP_FN(index_serial, CSTRING) --static IMPLEMENT_LHASH_HASH_FN(index_name, CSTRING) --static IMPLEMENT_LHASH_COMP_FN(index_name, CSTRING) -+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) -+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING) -+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) -+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) - - #undef BSIZE - #define BSIZE 256 -Index: openssl/apps/apps.h -RCS File: /v/openssl/cvs/openssl/apps/apps.h,v -rcsdiff -q -kk '-r1.91' '-r1.91.2.1' -u '/v/openssl/cvs/openssl/apps/apps.h,v' 2>/dev/null ---- openssl/apps/apps.h 2008/11/24 17:27:05 1.91 -+++ openssl/apps/apps.h 2009/07/27 21:08:44 1.91.2.1 -@@ -295,9 +295,9 @@ - int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); - void free_index(CA_DB *db); - #define index_name_cmp_noconst(a, b) \ -- index_name_cmp((const CSTRING *)CHECKED_PTR_OF(STRING, a), \ -- (const CSTRING *)CHECKED_PTR_OF(STRING, b)) --int index_name_cmp(const CSTRING *a, const CSTRING *b); -+ index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ -+ (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) -+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); - int parse_yesno(const char *str, int def); - - X509_NAME *parse_name(char *str, long chtype, int multirdn); -Index: openssl/apps/asn1pars.c -RCS File: /v/openssl/cvs/openssl/apps/asn1pars.c,v -rcsdiff -q -kk '-r1.26' '-r1.26.2.1' -u '/v/openssl/cvs/openssl/apps/asn1pars.c,v' 2>/dev/null ---- openssl/apps/asn1pars.c 2008/11/05 18:38:51 1.26 -+++ openssl/apps/asn1pars.c 2009/07/27 21:08:44 1.26.2.1 -@@ -96,7 +96,7 @@ - unsigned char *tmpbuf; - const unsigned char *ctmpbuf; - BUF_MEM *buf=NULL; -- STACK_OF(STRING) *osk=NULL; -+ STACK_OF(OPENSSL_STRING) *osk=NULL; - ASN1_TYPE *at=NULL; - - informat=FORMAT_PEM; -@@ -113,7 +113,7 @@ - prog=argv[0]; - argc--; - argv++; -- if ((osk=sk_STRING_new_null()) == NULL) -+ if ((osk=sk_OPENSSL_STRING_new_null()) == NULL) - { - BIO_printf(bio_err,"Memory allocation failure\n"); - goto end; -@@ -169,7 +169,7 @@ - else if (strcmp(*argv,"-strparse") == 0) - { - if (--argc < 1) goto bad; -- sk_STRING_push(osk,*(++argv)); -+ sk_OPENSSL_STRING_push(osk,*(++argv)); - } - else if (strcmp(*argv,"-genstr") == 0) - { -@@ -302,18 +302,18 @@ - - /* If any structs to parse go through in sequence */ - -- if (sk_STRING_num(osk)) -+ if (sk_OPENSSL_STRING_num(osk)) - { - tmpbuf=(unsigned char *)str; - tmplen=num; -- for (i=0; i/dev/null ---- openssl/apps/ca.c 2009/03/09 13:59:07 1.167 -+++ openssl/apps/ca.c 2009/07/27 21:08:44 1.167.2.1 -@@ -883,9 +883,9 @@ - if (db == NULL) goto err; - - /* Lets check some fields */ -- for (i=0; idb->data); i++) -+ for (i=0; idb->data); i++) - { -- pp=sk_PSTRING_value(db->db->data,i); -+ pp=sk_OPENSSL_PSTRING_value(db->db->data,i); - if ((pp[DB_type][0] != DB_TYPE_REV) && - (pp[DB_rev_date][0] != '\0')) - { -@@ -938,7 +938,7 @@ - #endif - TXT_DB_write(out,db->db); - BIO_printf(bio_err,"%d entries loaded from the database\n", -- sk_PSTRING_num(db->db->data)); -+ sk_OPENSSL_PSTRING_num(db->db->data)); - BIO_printf(bio_err,"generating index\n"); - } - -@@ -1408,9 +1408,9 @@ - - ASN1_TIME_free(tmptm); - -- for (i=0; idb->data); i++) -+ for (i=0; idb->data); i++) - { -- pp=sk_PSTRING_value(db->db->data,i); -+ pp=sk_OPENSSL_PSTRING_value(db->db->data,i); - if (pp[DB_type][0] == DB_TYPE_REV) - { - if ((r=X509_REVOKED_new()) == NULL) goto err; -@@ -1685,9 +1685,9 @@ - int ok= -1,i,j,last,nid; - const char *p; - CONF_VALUE *cv; -- STRING row[DB_NUMBER]; -- STRING *irow=NULL; -- STRING *rrow=NULL; -+ OPENSSL_STRING row[DB_NUMBER]; -+ OPENSSL_STRING *irow=NULL; -+ OPENSSL_STRING *rrow=NULL; - char buf[25]; - - tmptm=ASN1_UTCTIME_new(); -@@ -1929,7 +1929,7 @@ - - if (db->attributes.unique_subject) - { -- STRING *crow=row; -+ OPENSSL_STRING *crow=row; - - rrow=TXT_DB_get_by_index(db->db,DB_name,crow); - if (rrow != NULL) -@@ -2632,9 +2632,9 @@ - else - a_y2k = 0; - -- for (i = 0; i < sk_PSTRING_num(db->db->data); i++) -+ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) - { -- rrow = sk_PSTRING_value(db->db->data, i); -+ rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); - - if (rrow[DB_type][0] == 'V') - { -Index: openssl/apps/cms.c -RCS File: /v/openssl/cvs/openssl/apps/cms.c,v -rcsdiff -q -kk '-r1.23.2.1' '-r1.23.2.2' -u '/v/openssl/cvs/openssl/apps/cms.c,v' 2>/dev/null ---- openssl/apps/cms.c 2009/04/16 17:22:47 1.23.2.1 -+++ openssl/apps/cms.c 2009/07/27 21:08:44 1.23.2.2 -@@ -71,9 +71,9 @@ - static int save_certs(char *signerfile, STACK_OF(X509) *signers); - static int cms_cb(int ok, X509_STORE_CTX *ctx); - static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); --static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to, -+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, - int rr_allorfirst, -- STACK_OF(STRING) *rr_from); -+ STACK_OF(OPENSSL_STRING) *rr_from); - - #define SMIME_OP 0x10 - #define SMIME_IP 0x20 -@@ -108,7 +108,7 @@ - const char *inmode = "r", *outmode = "w"; - char *infile = NULL, *outfile = NULL, *rctfile = NULL; - char *signerfile = NULL, *recipfile = NULL; -- STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL; -+ STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile=NULL; - char *certsoutfile = NULL; - const EVP_CIPHER *cipher = NULL; -@@ -122,7 +122,7 @@ - int flags = CMS_DETACHED, noout = 0, print = 0; - int verify_retcode = 0; - int rr_print = 0, rr_allorfirst = -1; -- STACK_OF(STRING) *rr_to = NULL, *rr_from = NULL; -+ STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; - CMS_ReceiptRequest *rr = NULL; - char *to = NULL, *from = NULL, *subject = NULL; - char *CAfile = NULL, *CApath = NULL; -@@ -281,8 +281,8 @@ - goto argerr; - args++; - if (!rr_from) -- rr_from = sk_STRING_new_null(); -- sk_STRING_push(rr_from, *args); -+ rr_from = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(rr_from, *args); - } - else if (!strcmp(*args,"-receipt_request_to")) - { -@@ -290,8 +290,8 @@ - goto argerr; - args++; - if (!rr_to) -- rr_to = sk_STRING_new_null(); -- sk_STRING_push(rr_to, *args); -+ rr_to = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(rr_to, *args); - } - else if (!strcmp (*args, "-print")) - { -@@ -387,13 +387,13 @@ - if (signerfile) - { - if (!sksigners) -- sksigners = sk_STRING_new_null(); -- sk_STRING_push(sksigners, signerfile); -+ sksigners = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!keyfile) - keyfile = signerfile; - if (!skkeys) -- skkeys = sk_STRING_new_null(); -- sk_STRING_push(skkeys, keyfile); -+ skkeys = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(skkeys, keyfile); - keyfile = NULL; - } - signerfile = *++args; -@@ -435,12 +435,12 @@ - goto argerr; - } - if (!sksigners) -- sksigners = sk_STRING_new_null(); -- sk_STRING_push(sksigners, signerfile); -+ sksigners = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(sksigners, signerfile); - signerfile = NULL; - if (!skkeys) -- skkeys = sk_STRING_new_null(); -- sk_STRING_push(skkeys, keyfile); -+ skkeys = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = *++args; - } -@@ -539,13 +539,13 @@ - if (signerfile) - { - if (!sksigners) -- sksigners = sk_STRING_new_null(); -- sk_STRING_push(sksigners, signerfile); -+ sksigners = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!skkeys) -- skkeys = sk_STRING_new_null(); -+ skkeys = sk_OPENSSL_STRING_new_null(); - if (!keyfile) - keyfile = signerfile; -- sk_STRING_push(skkeys, keyfile); -+ sk_OPENSSL_STRING_push(skkeys, keyfile); - } - if (!sksigners) - { -@@ -980,11 +980,11 @@ - } - else - flags |= CMS_REUSE_DIGEST; -- for (i = 0; i < sk_STRING_num(sksigners); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) - { - CMS_SignerInfo *si; -- signerfile = sk_STRING_value(sksigners, i); -- keyfile = sk_STRING_value(skkeys, i); -+ signerfile = sk_OPENSSL_STRING_value(sksigners, i); -+ keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, - e, "signer certificate"); - if (!signer) -@@ -1160,9 +1160,9 @@ - if (vpm) - X509_VERIFY_PARAM_free(vpm); - if (sksigners) -- sk_STRING_free(sksigners); -+ sk_OPENSSL_STRING_free(sksigners); - if (skkeys) -- sk_STRING_free(skkeys); -+ sk_OPENSSL_STRING_free(skkeys); - if (secret_key) - OPENSSL_free(secret_key); - if (secret_keyid) -@@ -1172,9 +1172,9 @@ - if (rr) - CMS_ReceiptRequest_free(rr); - if (rr_to) -- sk_STRING_free(rr_to); -+ sk_OPENSSL_STRING_free(rr_to); - if (rr_from) -- sk_STRING_free(rr_from); -+ sk_OPENSSL_STRING_free(rr_from); - X509_STORE_free(store); - X509_free(cert); - X509_free(recip); -@@ -1296,7 +1296,7 @@ - } - } - --static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns) -+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) - { - int i; - STACK_OF(GENERAL_NAMES) *ret; -@@ -1305,9 +1305,9 @@ - ret = sk_GENERAL_NAMES_new_null(); - if (!ret) - goto err; -- for (i = 0; i < sk_STRING_num(ns); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) - { -- char *str = sk_STRING_value(ns, i); -+ char *str = sk_OPENSSL_STRING_value(ns, i); - gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); - if (!gen) - goto err; -@@ -1335,9 +1335,9 @@ - } - - --static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to, -+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, - int rr_allorfirst, -- STACK_OF(STRING) *rr_from) -+ STACK_OF(OPENSSL_STRING) *rr_from) - { - STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; - CMS_ReceiptRequest *rr; -Index: openssl/apps/crl2p7.c -RCS File: /v/openssl/cvs/openssl/apps/crl2p7.c,v -rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/apps/crl2p7.c,v' 2>/dev/null ---- openssl/apps/crl2p7.c 2008/06/04 11:00:45 1.19 -+++ openssl/apps/crl2p7.c 2009/07/27 21:08:45 1.19.2.1 -@@ -92,7 +92,7 @@ - PKCS7 *p7 = NULL; - PKCS7_SIGNED *p7s = NULL; - X509_CRL *crl=NULL; -- STACK_OF(STRING) *certflst=NULL; -+ STACK_OF(OPENSSL_STRING) *certflst=NULL; - STACK_OF(X509_CRL) *crl_stack=NULL; - STACK_OF(X509) *cert_stack=NULL; - int ret=1,nocrl=0; -@@ -140,8 +140,8 @@ - else if (strcmp(*argv,"-certfile") == 0) - { - if (--argc < 1) goto bad; -- if(!certflst) certflst = sk_STRING_new_null(); -- sk_STRING_push(certflst,*(++argv)); -+ if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(certflst,*(++argv)); - } - else - { -@@ -226,8 +226,8 @@ - if ((cert_stack=sk_X509_new_null()) == NULL) goto end; - p7s->cert=cert_stack; - -- if(certflst) for(i = 0; i < sk_STRING_num(certflst); i++) { -- certfile = sk_STRING_value(certflst, i); -+ if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { -+ certfile = sk_OPENSSL_STRING_value(certflst, i); - if (add_certs_from_file(cert_stack,certfile) < 0) - { - BIO_printf(bio_err, "error loading certificates\n"); -@@ -236,7 +236,7 @@ - } - } - -- sk_STRING_free(certflst); -+ sk_OPENSSL_STRING_free(certflst); - - if (outfile == NULL) - { -Index: openssl/apps/dgst.c -RCS File: /v/openssl/cvs/openssl/apps/dgst.c,v -rcsdiff -q -kk '-r1.54.2.3' '-r1.54.2.4' -u '/v/openssl/cvs/openssl/apps/dgst.c,v' 2>/dev/null ---- openssl/apps/dgst.c 2009/04/26 12:16:12 1.54.2.3 -+++ openssl/apps/dgst.c 2009/07/27 21:08:45 1.54.2.4 -@@ -127,7 +127,7 @@ - #endif - char *hmac_key=NULL; - char *mac_name=NULL; -- STACK_OF(STRING) *sigopts = NULL, *macopts = NULL; -+ STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; - - apps_startup(); - -@@ -230,8 +230,8 @@ - if (--argc < 1) - break; - if (!sigopts) -- sigopts = sk_STRING_new_null(); -- if (!sigopts || !sk_STRING_push(sigopts, *(++argv))) -+ sigopts = sk_OPENSSL_STRING_new_null(); -+ if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) - break; - } - else if (strcmp(*argv,"-macopt") == 0) -@@ -239,8 +239,8 @@ - if (--argc < 1) - break; - if (!macopts) -- macopts = sk_STRING_new_null(); -- if (!macopts || !sk_STRING_push(macopts, *(++argv))) -+ macopts = sk_OPENSSL_STRING_new_null(); -+ if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) - break; - } - else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) -@@ -365,9 +365,9 @@ - if (macopts) - { - char *macopt; -- for (i = 0; i < sk_STRING_num(macopts); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) - { -- macopt = sk_STRING_value(macopts, i); -+ macopt = sk_OPENSSL_STRING_value(macopts, i); - if (pkey_ctrl_string(mac_ctx, macopt) <= 0) - { - BIO_printf(bio_err, -@@ -424,9 +424,9 @@ - if (sigopts) - { - char *sigopt; -- for (i = 0; i < sk_STRING_num(sigopts); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) - { -- sigopt = sk_STRING_value(sigopts, i); -+ sigopt = sk_OPENSSL_STRING_value(sigopts, i); - if (pkey_ctrl_string(pctx, sigopt) <= 0) - { - BIO_printf(bio_err, -@@ -531,9 +531,9 @@ - BIO_free_all(out); - EVP_PKEY_free(sigkey); - if (sigopts) -- sk_STRING_free(sigopts); -+ sk_OPENSSL_STRING_free(sigopts); - if (macopts) -- sk_STRING_free(macopts); -+ sk_OPENSSL_STRING_free(macopts); - if(sigbuf) OPENSSL_free(sigbuf); - if (bmd != NULL) BIO_free(bmd); - apps_shutdown(); -Index: openssl/apps/engine.c -RCS File: /v/openssl/cvs/openssl/apps/engine.c,v -rcsdiff -q -kk '-r1.34' '-r1.34.2.1' -u '/v/openssl/cvs/openssl/apps/engine.c,v' 2>/dev/null ---- openssl/apps/engine.c 2009/02/15 15:29:59 1.34 -+++ openssl/apps/engine.c 2009/07/27 21:08:45 1.34.2.1 -@@ -200,7 +200,7 @@ - char *desc = NULL; - int flags; - int xpos = 0; -- STACK_OF(STRING) *cmds = NULL; -+ STACK_OF(OPENSSL_STRING) *cmds = NULL; - if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || - ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, - 0, NULL, NULL)) <= 0)) -@@ -211,7 +211,7 @@ - return 1; - } - -- cmds = sk_STRING_new_null(); -+ cmds = sk_OPENSSL_STRING_new_null(); - - if(!cmds) - goto err; -@@ -284,16 +284,16 @@ - BIO_printf(bio_out, "\n"); - ret = 1; - err: -- if(cmds) sk_STRING_pop_free(cmds, identity); -+ if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); - if(name) OPENSSL_free(name); - if(desc) OPENSSL_free(desc); - return ret; - } - --static void util_do_cmds(ENGINE *e, STACK_OF(STRING) *cmds, BIO *bio_out, -- const char *indent) -+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, -+ BIO *bio_out, const char *indent) - { -- int loop, res, num = sk_STRING_num(cmds); -+ int loop, res, num = sk_OPENSSL_STRING_num(cmds); - - if(num < 0) - { -@@ -304,7 +304,7 @@ - { - char buf[256]; - const char *cmd, *arg; -- cmd = sk_STRING_value(cmds, loop); -+ cmd = sk_OPENSSL_STRING_value(cmds, loop); - res = 1; /* assume success */ - /* Check if this command has no ":arg" */ - if((arg = strstr(cmd, ":")) == NULL) -@@ -344,9 +344,9 @@ - const char **pp; - int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; - ENGINE *e; -- STACK_OF(STRING) *engines = sk_STRING_new_null(); -- STACK_OF(STRING) *pre_cmds = sk_STRING_new_null(); -- STACK_OF(STRING) *post_cmds = sk_STRING_new_null(); -+ STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); -+ STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); -+ STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); - int badops=1; - BIO *bio_out=NULL; - const char *indent = " "; -@@ -393,20 +393,20 @@ - argc--; argv++; - if (argc == 0) - goto skip_arg_loop; -- sk_STRING_push(pre_cmds,*argv); -+ sk_OPENSSL_STRING_push(pre_cmds,*argv); - } - else if (strcmp(*argv,"-post") == 0) - { - argc--; argv++; - if (argc == 0) - goto skip_arg_loop; -- sk_STRING_push(post_cmds,*argv); -+ sk_OPENSSL_STRING_push(post_cmds,*argv); - } - else if ((strncmp(*argv,"-h",2) == 0) || - (strcmp(*argv,"-?") == 0)) - goto skip_arg_loop; - else -- sk_STRING_push(engines,*argv); -+ sk_OPENSSL_STRING_push(engines,*argv); - argc--; - argv++; - } -@@ -421,17 +421,17 @@ - goto end; - } - -- if (sk_STRING_num(engines) == 0) -+ if (sk_OPENSSL_STRING_num(engines) == 0) - { - for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) - { -- sk_STRING_push(engines,(char *)ENGINE_get_id(e)); -+ sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e)); - } - } - -- for (i=0; i/dev/null ---- openssl/apps/ocsp.c 2009/04/02 15:19:03 1.54.2.1 -+++ openssl/apps/ocsp.c 2009/07/27 21:08:45 1.54.2.2 -@@ -99,7 +99,7 @@ - static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); - static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, -- STACK_OF(STRING) *names, -+ STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage); - -@@ -153,7 +153,7 @@ - int badarg = 0; - int i; - int ignore_err = 0; -- STACK_OF(STRING) *reqnames = NULL; -+ STACK_OF(OPENSSL_STRING) *reqnames = NULL; - STACK_OF(OCSP_CERTID) *ids = NULL; - - X509 *rca_cert = NULL; -@@ -170,7 +170,7 @@ - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); - args = argv + 1; -- reqnames = sk_STRING_new_null(); -+ reqnames = sk_OPENSSL_STRING_new_null(); - ids = sk_OCSP_CERTID_new_null(); - while (!badarg && *args && *args[0] == '-') - { -@@ -432,7 +432,7 @@ - if (!cert_id_md) cert_id_md = EVP_sha1(); - if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) - goto end; -- if(!sk_STRING_push(reqnames, *args)) -+ if(!sk_OPENSSL_STRING_push(reqnames, *args)) - goto end; - } - else badarg = 1; -@@ -445,7 +445,7 @@ - if (!cert_id_md) cert_id_md = EVP_sha1(); - if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) - goto end; -- if(!sk_STRING_push(reqnames, *args)) -+ if(!sk_OPENSSL_STRING_push(reqnames, *args)) - goto end; - } - else badarg = 1; -@@ -901,7 +901,7 @@ - OCSP_REQUEST_free(req); - OCSP_RESPONSE_free(resp); - OCSP_BASICRESP_free(bs); -- sk_STRING_free(reqnames); -+ sk_OPENSSL_STRING_free(reqnames); - sk_OCSP_CERTID_free(ids); - sk_X509_pop_free(sign_other, X509_free); - sk_X509_pop_free(verify_other, X509_free); -@@ -971,7 +971,7 @@ - } - - static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, -- STACK_OF(STRING) *names, -+ STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage) - { -@@ -983,13 +983,13 @@ - - ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; - -- if (!bs || !req || !sk_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) -+ if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) - return 1; - - for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) - { - id = sk_OCSP_CERTID_value(ids, i); -- name = sk_STRING_value(names, i); -+ name = sk_OPENSSL_STRING_value(names, i); - BIO_printf(out, "%s: ", name); - - if(!OCSP_resp_find_status(bs, id, &status, &reason, -Index: openssl/apps/pkcs12.c -RCS File: /v/openssl/cvs/openssl/apps/pkcs12.c,v -rcsdiff -q -kk '-r1.92.2.1' '-r1.92.2.2' -u '/v/openssl/cvs/openssl/apps/pkcs12.c,v' 2>/dev/null ---- openssl/apps/pkcs12.c 2009/06/17 12:05:49 1.92.2.1 -+++ openssl/apps/pkcs12.c 2009/07/27 21:08:45 1.92.2.2 -@@ -117,7 +117,7 @@ - int ret = 1; - int macver = 1; - int noprompt = 0; -- STACK_OF(STRING) *canames = NULL; -+ STACK_OF(OPENSSL_STRING) *canames = NULL; - char *cpass = NULL, *mpass = NULL; - char *passargin = NULL, *passargout = NULL, *passarg = NULL; - char *passin = NULL, *passout = NULL; -@@ -222,8 +222,8 @@ - } else if (!strcmp (*args, "-caname")) { - if (args[1]) { - args++; -- if (!canames) canames = sk_STRING_new_null(); -- sk_STRING_push(canames, *args); -+ if (!canames) canames = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(canames, *args); - } else badarg = 1; - } else if (!strcmp (*args, "-in")) { - if (args[1]) { -@@ -549,9 +549,9 @@ - - /* Add any CA names */ - -- for (i = 0; i < sk_STRING_num(canames); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) - { -- catmp = (unsigned char *)sk_STRING_value(canames, i); -+ catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); - X509_alias_set1(sk_X509_value(certs, i), catmp, -1); - } - -@@ -687,7 +687,7 @@ - #endif - BIO_free(in); - BIO_free_all(out); -- if (canames) sk_STRING_free(canames); -+ if (canames) sk_OPENSSL_STRING_free(canames); - if(passin) OPENSSL_free(passin); - if(passout) OPENSSL_free(passout); - apps_shutdown(); -Index: openssl/apps/req.c -RCS File: /v/openssl/cvs/openssl/apps/req.c,v -rcsdiff -q -kk '-r1.139.2.2' '-r1.139.2.3' -u '/v/openssl/cvs/openssl/apps/req.c,v' 2>/dev/null ---- openssl/apps/req.c 2009/04/23 17:16:38 1.139.2.2 -+++ openssl/apps/req.c 2009/07/27 21:08:45 1.139.2.3 -@@ -165,7 +165,7 @@ - EVP_PKEY_CTX *genctx = NULL; - const char *keyalg = NULL; - char *keyalgstr = NULL; -- STACK_OF(STRING) *pkeyopts = NULL; -+ STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; - EVP_PKEY *pkey=NULL; - int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1; - long newkey = -1; -@@ -306,8 +306,8 @@ - if (--argc < 1) - goto bad; - if (!pkeyopts) -- pkeyopts = sk_STRING_new_null(); -- if (!pkeyopts || !sk_STRING_push(pkeyopts, *(++argv))) -+ pkeyopts = sk_OPENSSL_STRING_new_null(); -+ if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv))) - goto bad; - } - else if (strcmp(*argv,"-batch") == 0) -@@ -667,9 +667,9 @@ - if (pkeyopts) - { - char *genopt; -- for (i = 0; i < sk_STRING_num(pkeyopts); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) - { -- genopt = sk_STRING_value(pkeyopts, i); -+ genopt = sk_OPENSSL_STRING_value(pkeyopts, i); - if (pkey_ctrl_string(genctx, genopt) <= 0) - { - BIO_printf(bio_err, -@@ -1083,7 +1083,7 @@ - if (genctx) - EVP_PKEY_CTX_free(genctx); - if (pkeyopts) -- sk_STRING_free(pkeyopts); -+ sk_OPENSSL_STRING_free(pkeyopts); - #ifndef OPENSSL_NO_ENGINE - if (gen_eng) - ENGINE_free(gen_eng); -Index: openssl/apps/s_server.c -RCS File: /v/openssl/cvs/openssl/apps/s_server.c,v -rcsdiff -q -kk '-r1.136.2.4' '-r1.136.2.5' -u '/v/openssl/cvs/openssl/apps/s_server.c,v' 2>/dev/null ---- openssl/apps/s_server.c 2009/06/30 16:10:24 1.136.2.4 -+++ openssl/apps/s_server.c 2009/07/27 21:08:46 1.136.2.5 -@@ -712,7 +712,7 @@ - int use_ssl; - unsigned char *rspder = NULL; - int rspderlen; -- STACK_OF(STRING) *aia = NULL; -+ STACK_OF(OPENSSL_STRING) *aia = NULL; - X509 *x = NULL; - X509_STORE_CTX inctx; - X509_OBJECT obj; -@@ -734,7 +734,7 @@ - aia = X509_get1_ocsp(x); - if (aia) - { -- if (!OCSP_parse_url(sk_STRING_value(aia, 0), -+ if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), - &host, &port, &path, &use_ssl)) - { - BIO_puts(err, "cert_status: can't parse AIA URL\n"); -@@ -742,7 +742,7 @@ - } - if (srctx->verbose) - BIO_printf(err, "cert_status: AIA URL: %s\n", -- sk_STRING_value(aia, 0)); -+ sk_OPENSSL_STRING_value(aia, 0)); - } - else - { -Index: openssl/apps/smime.c -RCS File: /v/openssl/cvs/openssl/apps/smime.c,v -rcsdiff -q -kk '-r1.69' '-r1.69.2.1' -u '/v/openssl/cvs/openssl/apps/smime.c,v' 2>/dev/null ---- openssl/apps/smime.c 2008/11/05 18:38:51 1.69 -+++ openssl/apps/smime.c 2009/07/27 21:08:46 1.69.2.1 -@@ -93,7 +93,7 @@ - const char *inmode = "r", *outmode = "w"; - char *infile = NULL, *outfile = NULL; - char *signerfile = NULL, *recipfile = NULL; -- STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL; -+ STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile=NULL; - const EVP_CIPHER *cipher = NULL; - PKCS7 *p7 = NULL; -@@ -260,13 +260,13 @@ - if (signerfile) - { - if (!sksigners) -- sksigners = sk_STRING_new_null(); -- sk_STRING_push(sksigners, signerfile); -+ sksigners = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!keyfile) - keyfile = signerfile; - if (!skkeys) -- skkeys = sk_STRING_new_null(); -- sk_STRING_push(skkeys, keyfile); -+ skkeys = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(skkeys, keyfile); - keyfile = NULL; - } - signerfile = *++args; -@@ -302,12 +302,12 @@ - goto argerr; - } - if (!sksigners) -- sksigners = sk_STRING_new_null(); -- sk_STRING_push(sksigners, signerfile); -+ sksigners = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(sksigners, signerfile); - signerfile = NULL; - if (!skkeys) -- skkeys = sk_STRING_new_null(); -- sk_STRING_push(skkeys, keyfile); -+ skkeys = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = *++args; - } -@@ -389,13 +389,13 @@ - if (signerfile) - { - if (!sksigners) -- sksigners = sk_STRING_new_null(); -- sk_STRING_push(sksigners, signerfile); -+ sksigners = sk_OPENSSL_STRING_new_null(); -+ sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!skkeys) -- skkeys = sk_STRING_new_null(); -+ skkeys = sk_OPENSSL_STRING_new_null(); - if (!keyfile) - keyfile = signerfile; -- sk_STRING_push(skkeys, keyfile); -+ sk_OPENSSL_STRING_push(skkeys, keyfile); - } - if (!sksigners) - { -@@ -707,10 +707,10 @@ - } - else - flags |= PKCS7_REUSE_DIGEST; -- for (i = 0; i < sk_STRING_num(sksigners); i++) -+ for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) - { -- signerfile = sk_STRING_value(sksigners, i); -- keyfile = sk_STRING_value(skkeys, i); -+ signerfile = sk_OPENSSL_STRING_value(sksigners, i); -+ keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, - e, "signer certificate"); - if (!signer) -@@ -807,9 +807,9 @@ - if (vpm) - X509_VERIFY_PARAM_free(vpm); - if (sksigners) -- sk_STRING_free(sksigners); -+ sk_OPENSSL_STRING_free(sksigners); - if (skkeys) -- sk_STRING_free(skkeys); -+ sk_OPENSSL_STRING_free(skkeys); - X509_STORE_free(store); - X509_free(cert); - X509_free(recip); -Index: openssl/apps/x509.c -RCS File: /v/openssl/cvs/openssl/apps/x509.c,v -rcsdiff -q -kk '-r1.102.2.3' '-r1.102.2.4' -u '/v/openssl/cvs/openssl/apps/x509.c,v' 2>/dev/null ---- openssl/apps/x509.c 2009/07/14 15:14:39 1.102.2.3 -+++ openssl/apps/x509.c 2009/07/27 21:08:46 1.102.2.4 -@@ -738,14 +738,14 @@ - else if ((email == i) || (ocsp_uri == i)) - { - int j; -- STACK_OF(STRING) *emlst; -+ STACK_OF(OPENSSL_STRING) *emlst; - if (email == i) - emlst = X509_get1_email(x); - else - emlst = X509_get1_ocsp(x); -- for (j = 0; j < sk_STRING_num(emlst); j++) -+ for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) - BIO_printf(STDout, "%s\n", -- sk_STRING_value(emlst, j)); -+ sk_OPENSSL_STRING_value(emlst, j)); - X509_email_free(emlst); - } - else if (aliasout == i) -Index: openssl/crypto/cryptlib.c -RCS File: /v/openssl/cvs/openssl/crypto/cryptlib.c,v -rcsdiff -q -kk '-r1.75.2.2' '-r1.75.2.3' -u '/v/openssl/cvs/openssl/crypto/cryptlib.c,v' 2>/dev/null ---- openssl/crypto/cryptlib.c 2009/05/05 19:23:14 1.75.2.2 -+++ openssl/crypto/cryptlib.c 2009/07/27 21:08:48 1.75.2.3 -@@ -174,7 +174,7 @@ - - /* This is for applications to allocate new type names in the non-dynamic - array of lock names. These are numbered with positive numbers. */ --static STACK_OF(STRING) *app_locks=NULL; -+static STACK_OF(OPENSSL_STRING) *app_locks=NULL; - - /* For applications that want a more dynamic way of handling threads, the - following stack is used. These are externally numbered with negative -@@ -210,7 +210,7 @@ - SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; - #endif - -- if ((app_locks == NULL) && ((app_locks=sk_STRING_new_null()) == NULL)) -+ if ((app_locks == NULL) && ((app_locks=sk_OPENSSL_STRING_new_null()) == NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); -@@ -220,7 +220,7 @@ - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } -- i=sk_STRING_push(app_locks,str); -+ i=sk_OPENSSL_STRING_push(app_locks,str); - if (!i) - OPENSSL_free(str); - else -@@ -651,10 +651,10 @@ - return("dynamic"); - else if (type < CRYPTO_NUM_LOCKS) - return(lock_names[type]); -- else if (type-CRYPTO_NUM_LOCKS > sk_STRING_num(app_locks)) -+ else if (type-CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks)) - return("ERROR"); - else -- return(sk_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS)); -+ return(sk_OPENSSL_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS)); - } - - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -Index: openssl/crypto/engine/eng_dyn.c -RCS File: /v/openssl/cvs/openssl/crypto/engine/eng_dyn.c,v -rcsdiff -q -kk '-r1.14' '-r1.14.2.1' -u '/v/openssl/cvs/openssl/crypto/engine/eng_dyn.c,v' 2>/dev/null ---- openssl/crypto/engine/eng_dyn.c 2008/06/04 11:01:29 1.14 -+++ openssl/crypto/engine/eng_dyn.c 2009/07/27 21:08:49 1.14.2.1 -@@ -146,7 +146,7 @@ - * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ - int dir_load; - /* A stack of directories from which ENGINEs could be loaded */ -- STACK_OF(STRING) *dirs; -+ STACK_OF(OPENSSL_STRING) *dirs; - }; - - /* This is the "ex_data" index we obtain and reserve for use with our context -@@ -174,7 +174,7 @@ - if(ctx->engine_id) - OPENSSL_free((void*)ctx->engine_id); - if(ctx->dirs) -- sk_STRING_pop_free(ctx->dirs, int_free_str); -+ sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); - OPENSSL_free(ctx); - } - } -@@ -203,7 +203,7 @@ - c->DYNAMIC_F1 = "v_check"; - c->DYNAMIC_F2 = "bind_engine"; - c->dir_load = 1; -- c->dirs = sk_STRING_new_null(); -+ c->dirs = sk_OPENSSL_STRING_new_null(); - if(!c->dirs) - { - ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); -@@ -393,7 +393,7 @@ - ERR_R_MALLOC_FAILURE); - return 0; - } -- sk_STRING_insert(ctx->dirs, tmp_str, -1); -+ sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1); - } - return 1; - default: -@@ -411,11 +411,11 @@ - ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) - return 1; - /* If we're not allowed to use 'dirs' or we have none, fail */ -- if(!ctx->dir_load || (num = sk_STRING_num(ctx->dirs)) < 1) -+ if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1) - return 0; - for(loop = 0; loop < num; loop++) - { -- const char *s = sk_STRING_value(ctx->dirs, loop); -+ const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop); - char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); - if(!merge) - return 0; -Index: openssl/crypto/lhash/lhash.h -RCS File: /v/openssl/cvs/openssl/crypto/lhash/lhash.h,v -rcsdiff -q -kk '-r1.23' '-r1.23.2.1' -u '/v/openssl/cvs/openssl/crypto/lhash/lhash.h,v' 2>/dev/null ---- openssl/crypto/lhash/lhash.h 2008/06/04 11:01:31 1.23 -+++ openssl/crypto/lhash/lhash.h 2009/07/27 21:08:50 1.23.2.1 -@@ -230,8 +230,8 @@ - lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) - #define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) - --DECLARE_LHASH_OF(STRING); --DECLARE_LHASH_OF(CSTRING); -+DECLARE_LHASH_OF(OPENSSL_STRING); -+DECLARE_LHASH_OF(OPENSSL_CSTRING); - - #ifdef __cplusplus - } -Index: openssl/crypto/stack/safestack.h -RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v -rcsdiff -q -kk '-r1.72.2.3' '-r1.72.2.4' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null ---- openssl/crypto/stack/safestack.h 2009/04/28 21:56:04 1.72.2.3 -+++ openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4 -@@ -110,9 +110,9 @@ - * string. For now, I'm settling for dealing with the fact it is a - * string at all. - */ --typedef char *STRING; -+typedef char *OPENSSL_STRING; - --typedef const char *CSTRING; -+typedef const char *OPENSSL_CSTRING; - - /* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but - * STACK_OF(STRING) is really more like STACK_OF(char), only, as -@@ -122,7 +122,7 @@ - * macros below. - */ - --DECLARE_SPECIAL_STACK_OF(STRING, char) -+DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) - - /* Similarly, we sometimes use a block of characters, NOT - * nul-terminated. These should also be distinguished from "normal" -@@ -2030,29 +2030,29 @@ - #define sk_void_sort(st) SKM_sk_sort(void, (st)) - #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) - --#define sk_STRING_new(cmp) ((STACK_OF(STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) --#define sk_STRING_new_null() ((STACK_OF(STRING) *)sk_new_null()) --#define sk_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val)) --#define sk_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val)) --#define sk_STRING_value(st, i) ((STRING)sk_value(CHECKED_PTR_OF(STACK_OF(STRING), st), i)) --#define sk_STRING_num(st) SKM_sk_num(STRING, st) --#define sk_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_SK_FREE_FUNC2(STRING, free_func)) --#define sk_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val), i) --#define sk_STRING_free(st) SKM_sk_free(STRING, st) --#define sk_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), i, CHECKED_PTR_OF(char, val)) --#define sk_STRING_zero(st) SKM_sk_zero(STRING, (st)) --#define sk_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, val)) --#define sk_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(STRING), st), CHECKED_CONST_PTR_OF(char, val)) --#define sk_STRING_delete(st, i) SKM_sk_delete(STRING, (st), (i)) --#define sk_STRING_delete_ptr(st, ptr) (STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_PTR_OF(char, ptr)) --#define sk_STRING_set_cmp_func(st, cmp) \ -+#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) -+#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) -+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) -+#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) -+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) -+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) -+#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) -+#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) -+#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) -+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) -+#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) -+#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) -+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) -+#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ - ((int (*)(const char * const *,const char * const *)) \ -- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) --#define sk_STRING_dup(st) SKM_sk_dup(STRING, st) --#define sk_STRING_shift(st) SKM_sk_shift(STRING, (st)) --#define sk_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(STRING), st)) --#define sk_STRING_sort(st) SKM_sk_sort(STRING, (st)) --#define sk_STRING_is_sorted(st) SKM_sk_is_sorted(STRING, (st)) -+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) -+#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) -+#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) -+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) -+#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) -+#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) - - - #define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) -@@ -2080,29 +2080,29 @@ - #define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st)) - - --#define sk_PSTRING_new(cmp) ((STACK_OF(PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(STRING, cmp))) --#define sk_PSTRING_new_null() ((STACK_OF(PSTRING) *)sk_new_null()) --#define sk_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val)) --#define sk_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val)) --#define sk_PSTRING_value(st, i) ((PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(PSTRING), st), i)) --#define sk_PSTRING_num(st) SKM_sk_num(PSTRING, st) --#define sk_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_SK_FREE_FUNC2(PSTRING, free_func)) --#define sk_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val), i) --#define sk_PSTRING_free(st) SKM_sk_free(PSTRING, st) --#define sk_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), i, CHECKED_PTR_OF(STRING, val)) --#define sk_PSTRING_zero(st) SKM_sk_zero(PSTRING, (st)) --#define sk_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, val)) --#define sk_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(PSTRING), st), CHECKED_CONST_PTR_OF(STRING, val)) --#define sk_PSTRING_delete(st, i) SKM_sk_delete(PSTRING, (st), (i)) --#define sk_PSTRING_delete_ptr(st, ptr) (PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_PTR_OF(STRING, ptr)) --#define sk_PSTRING_set_cmp_func(st, cmp) \ -- ((int (*)(const STRING * const *,const STRING * const *)) \ -- sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st), CHECKED_SK_CMP_FUNC(STRING, cmp))) --#define sk_PSTRING_dup(st) SKM_sk_dup(PSTRING, st) --#define sk_PSTRING_shift(st) SKM_sk_shift(PSTRING, (st)) --#define sk_PSTRING_pop(st) (STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(PSTRING), st)) --#define sk_PSTRING_sort(st) SKM_sk_sort(PSTRING, (st)) --#define sk_PSTRING_is_sorted(st) SKM_sk_is_sorted(PSTRING, (st)) -+#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -+#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i)) -+#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) -+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) -+#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) -+#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -+#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) -+#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) -+#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ -+ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ -+ sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -+#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) -+#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st)) -+#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) -+#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) - - - #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ -@@ -2390,24 +2390,6 @@ - LHM_lh_stats_bio(CONF_VALUE,lh,out) - #define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) - --#define lh_CSTRING_new() LHM_lh_new(CSTRING,cstring) --#define lh_CSTRING_insert(lh,inst) LHM_lh_insert(CSTRING,lh,inst) --#define lh_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(CSTRING,lh,inst) --#define lh_CSTRING_delete(lh,inst) LHM_lh_delete(CSTRING,lh,inst) --#define lh_CSTRING_doall(lh,fn) LHM_lh_doall(CSTRING,lh,fn) --#define lh_CSTRING_doall_arg(lh,fn,arg_type,arg) \ -- LHM_lh_doall_arg(CSTRING,lh,fn,arg_type,arg) --#define lh_CSTRING_error(lh) LHM_lh_error(CSTRING,lh) --#define lh_CSTRING_num_items(lh) LHM_lh_num_items(CSTRING,lh) --#define lh_CSTRING_down_load(lh) LHM_lh_down_load(CSTRING,lh) --#define lh_CSTRING_node_stats_bio(lh,out) \ -- LHM_lh_node_stats_bio(CSTRING,lh,out) --#define lh_CSTRING_node_usage_stats_bio(lh,out) \ -- LHM_lh_node_usage_stats_bio(CSTRING,lh,out) --#define lh_CSTRING_stats_bio(lh,out) \ -- LHM_lh_stats_bio(CSTRING,lh,out) --#define lh_CSTRING_free(lh) LHM_lh_free(CSTRING,lh) -- - #define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) - #define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) - #define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) -@@ -2534,6 +2516,42 @@ - LHM_lh_stats_bio(OBJ_NAME,lh,out) - #define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) - -+#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) -+#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) -+#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) -+#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) -+#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) -+#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) -+#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) -+#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) -+#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) -+#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) -+#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) -+#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) -+#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) -+ -+#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) -+#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) -+#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) -+#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) -+#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) -+#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ -+ LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) -+#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) -+#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) -+#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) -+#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ -+ LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) -+#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ -+ LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) -+#define lh_OPENSSL_STRING_stats_bio(lh,out) \ -+ LHM_lh_stats_bio(OPENSSL_STRING,lh,out) -+#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) -+ - #define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) - #define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) - #define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) -@@ -2551,24 +2569,6 @@ - #define lh_SSL_SESSION_stats_bio(lh,out) \ - LHM_lh_stats_bio(SSL_SESSION,lh,out) - #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) -- --#define lh_STRING_new() LHM_lh_new(STRING,string) --#define lh_STRING_insert(lh,inst) LHM_lh_insert(STRING,lh,inst) --#define lh_STRING_retrieve(lh,inst) LHM_lh_retrieve(STRING,lh,inst) --#define lh_STRING_delete(lh,inst) LHM_lh_delete(STRING,lh,inst) --#define lh_STRING_doall(lh,fn) LHM_lh_doall(STRING,lh,fn) --#define lh_STRING_doall_arg(lh,fn,arg_type,arg) \ -- LHM_lh_doall_arg(STRING,lh,fn,arg_type,arg) --#define lh_STRING_error(lh) LHM_lh_error(STRING,lh) --#define lh_STRING_num_items(lh) LHM_lh_num_items(STRING,lh) --#define lh_STRING_down_load(lh) LHM_lh_down_load(STRING,lh) --#define lh_STRING_node_stats_bio(lh,out) \ -- LHM_lh_node_stats_bio(STRING,lh,out) --#define lh_STRING_node_usage_stats_bio(lh,out) \ -- LHM_lh_node_usage_stats_bio(STRING,lh,out) --#define lh_STRING_stats_bio(lh,out) \ -- LHM_lh_stats_bio(STRING,lh,out) --#define lh_STRING_free(lh) LHM_lh_free(STRING,lh) - /* End of util/mkstack.pl block, you may now edit :-) */ - - #endif /* !defined HEADER_SAFESTACK_H */ -Index: openssl/crypto/txt_db/txt_db.c -RCS File: /v/openssl/cvs/openssl/crypto/txt_db/txt_db.c,v -rcsdiff -q -kk '-r1.25' '-r1.25.2.1' -u '/v/openssl/cvs/openssl/crypto/txt_db/txt_db.c,v' 2>/dev/null ---- openssl/crypto/txt_db/txt_db.c 2008/07/04 23:12:51 1.25 -+++ openssl/crypto/txt_db/txt_db.c 2009/07/27 21:08:51 1.25.2.1 -@@ -78,7 +78,7 @@ - int size=BUFSIZE; - int offset=0; - char *p,*f; -- STRING *pp; -+ OPENSSL_STRING *pp; - BUF_MEM *buf=NULL; - - if ((buf=BUF_MEM_new()) == NULL) goto err; -@@ -89,7 +89,7 @@ - ret->num_fields=num; - ret->index=NULL; - ret->qual=NULL; -- if ((ret->data=sk_PSTRING_new_null()) == NULL) -+ if ((ret->data=sk_OPENSSL_PSTRING_new_null()) == NULL) - goto err; - if ((ret->index=OPENSSL_malloc(sizeof(*ret->index)*num)) == NULL) - goto err; -@@ -163,7 +163,7 @@ - goto err; - } - pp[n]=p; -- if (!sk_PSTRING_push(ret->data,pp)) -+ if (!sk_OPENSSL_PSTRING_push(ret->data,pp)) - { - #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary fix :-( */ - fprintf(stderr,"failure in sk_push\n"); -@@ -182,7 +182,7 @@ - #endif - if (ret != NULL) - { -- if (ret->data != NULL) sk_PSTRING_free(ret->data); -+ if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data); - if (ret->index != NULL) OPENSSL_free(ret->index); - if (ret->qual != NULL) OPENSSL_free(ret->qual); - if (ret != NULL) OPENSSL_free(ret); -@@ -193,10 +193,10 @@ - return(ret); - } - --STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, STRING *value) -+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value) - { -- STRING *ret; -- LHASH_OF(STRING) *lh; -+ OPENSSL_STRING *ret; -+ LHASH_OF(OPENSSL_STRING) *lh; - - if (idx >= db->num_fields) - { -@@ -209,16 +209,16 @@ - db->error=DB_ERROR_NO_INDEX; - return(NULL); - } -- ret=lh_STRING_retrieve(lh,value); -+ ret=lh_OPENSSL_STRING_retrieve(lh,value); - db->error=DB_ERROR_OK; - return(ret); - } - --int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(STRING *), -+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), - LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) - { -- LHASH_OF(STRING) *idx; -- STRING *r; -+ LHASH_OF(OPENSSL_STRING) *idx; -+ OPENSSL_STRING *r; - int i,n; - - if (field >= db->num_fields) -@@ -227,26 +227,26 @@ - return(0); - } - /* FIXME: we lose type checking at this point */ -- if ((idx=(LHASH_OF(STRING) *)lh_new(hash,cmp)) == NULL) -+ if ((idx=(LHASH_OF(OPENSSL_STRING) *)lh_new(hash,cmp)) == NULL) - { - db->error=DB_ERROR_MALLOC; - return(0); - } -- n=sk_PSTRING_num(db->data); -+ n=sk_OPENSSL_PSTRING_num(db->data); - for (i=0; idata,i); -+ r=sk_OPENSSL_PSTRING_value(db->data,i); - if ((qual != NULL) && (qual(r) == 0)) continue; -- if ((r=lh_STRING_insert(idx,r)) != NULL) -+ if ((r=lh_OPENSSL_STRING_insert(idx,r)) != NULL) - { - db->error=DB_ERROR_INDEX_CLASH; -- db->arg1=sk_PSTRING_find(db->data,r); -+ db->arg1=sk_OPENSSL_PSTRING_find(db->data,r); - db->arg2=i; -- lh_STRING_free(idx); -+ lh_OPENSSL_STRING_free(idx); - return(0); - } - } -- if (db->index[field] != NULL) lh_STRING_free(db->index[field]); -+ if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]); - db->index[field]=idx; - db->qual[field]=qual; - return(1); -@@ -261,11 +261,11 @@ - - if ((buf=BUF_MEM_new()) == NULL) - goto err; -- n=sk_PSTRING_num(db->data); -+ n=sk_OPENSSL_PSTRING_num(db->data); - nn=db->num_fields; - for (i=0; idata,i); -+ pp=sk_OPENSSL_PSTRING_value(db->data,i); - - l=0; - for (j=0; jnum_fields; i++) - { -@@ -311,7 +311,7 @@ - { - if ((db->qual[i] != NULL) && - (db->qual[i](row) == 0)) continue; -- r=lh_STRING_retrieve(db->index[i],row); -+ r=lh_OPENSSL_STRING_retrieve(db->index[i],row); - if (r != NULL) - { - db->error=DB_ERROR_INDEX_CLASH; -@@ -322,7 +322,7 @@ - } - } - /* We have passed the index checks, now just append and insert */ -- if (!sk_PSTRING_push(db->data,row)) -+ if (!sk_OPENSSL_PSTRING_push(db->data,row)) - { - db->error=DB_ERROR_MALLOC; - goto err; -@@ -334,7 +334,7 @@ - { - if ((db->qual[i] != NULL) && - (db->qual[i](row) == 0)) continue; -- (void)lh_STRING_insert(db->index[i],row); -+ (void)lh_OPENSSL_STRING_insert(db->index[i],row); - } - } - return(1); -@@ -353,18 +353,18 @@ - if (db->index != NULL) - { - for (i=db->num_fields-1; i>=0; i--) -- if (db->index[i] != NULL) lh_STRING_free(db->index[i]); -+ if (db->index[i] != NULL) lh_OPENSSL_STRING_free(db->index[i]); - OPENSSL_free(db->index); - } - if (db->qual != NULL) - OPENSSL_free(db->qual); - if (db->data != NULL) - { -- for (i=sk_PSTRING_num(db->data)-1; i>=0; i--) -+ for (i=sk_OPENSSL_PSTRING_num(db->data)-1; i>=0; i--) - { - /* check if any 'fields' have been allocated - * from outside of the initial block */ -- p=sk_PSTRING_value(db->data,i); -+ p=sk_OPENSSL_PSTRING_value(db->data,i); - max=p[db->num_fields]; /* last address */ - if (max == NULL) /* new row */ - { -@@ -380,9 +380,9 @@ - OPENSSL_free(p[n]); - } - } -- OPENSSL_free(sk_PSTRING_value(db->data,i)); -+ OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data,i)); - } -- sk_PSTRING_free(db->data); -+ sk_OPENSSL_PSTRING_free(db->data); - } - OPENSSL_free(db); - } -Index: openssl/crypto/txt_db/txt_db.h -RCS File: /v/openssl/cvs/openssl/crypto/txt_db/txt_db.h,v -rcsdiff -q -kk '-r1.11' '-r1.11.2.1' -u '/v/openssl/cvs/openssl/crypto/txt_db/txt_db.h,v' 2>/dev/null ---- openssl/crypto/txt_db/txt_db.h 2008/06/04 11:01:38 1.11 -+++ openssl/crypto/txt_db/txt_db.h 2009/07/27 21:08:51 1.11.2.1 -@@ -77,19 +77,19 @@ - extern "C" { - #endif - --typedef STRING *PSTRING; --DECLARE_SPECIAL_STACK_OF(PSTRING, STRING) -+typedef OPENSSL_STRING *OPENSSL_PSTRING; -+DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) - - typedef struct txt_db_st - { - int num_fields; -- STACK_OF(PSTRING) *data; -- LHASH_OF(STRING) **index; -- int (**qual)(STRING *); -+ STACK_OF(OPENSSL_PSTRING) *data; -+ LHASH_OF(OPENSSL_STRING) **index; -+ int (**qual)(OPENSSL_STRING *); - long error; - long arg1; - long arg2; -- STRING *arg_row; -+ OPENSSL_STRING *arg_row; - } TXT_DB; - - #ifndef OPENSSL_NO_BIO -@@ -99,11 +99,11 @@ - TXT_DB *TXT_DB_read(char *in, int num); - long TXT_DB_write(char *out, TXT_DB *db); - #endif --int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(STRING *), -+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *), - LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); - void TXT_DB_free(TXT_DB *db); --STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, STRING *value); --int TXT_DB_insert(TXT_DB *db, STRING *value); -+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value); -+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); - - #ifdef __cplusplus - } -Index: openssl/crypto/x509v3/v3_utl.c -RCS File: /v/openssl/cvs/openssl/crypto/x509v3/v3_utl.c,v -rcsdiff -q -kk '-r1.44' '-r1.44.2.1' -u '/v/openssl/cvs/openssl/crypto/x509v3/v3_utl.c,v' 2>/dev/null ---- openssl/crypto/x509v3/v3_utl.c 2009/02/14 21:49:36 1.44 -+++ openssl/crypto/x509v3/v3_utl.c 2009/07/27 21:08:53 1.44.2.1 -@@ -67,9 +67,9 @@ - - static char *strip_spaces(char *name); - static int sk_strcmp(const char * const *a, const char * const *b); --static STACK_OF(STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); --static void str_free(STRING str); --static int append_ia5(STACK_OF(STRING) **sk, ASN1_IA5STRING *email); -+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); -+static void str_free(OPENSSL_STRING str); -+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); - - static int ipv4_from_asc(unsigned char *v4, const char *in); - static int ipv6_from_asc(unsigned char *v6, const char *in); -@@ -463,10 +463,10 @@ - return strcmp(*a, *b); - } - --STACK_OF(STRING) *X509_get1_email(X509 *x) -+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) - { - GENERAL_NAMES *gens; -- STACK_OF(STRING) *ret; -+ STACK_OF(OPENSSL_STRING) *ret; - - gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); - ret = get_email(X509_get_subject_name(x), gens); -@@ -474,10 +474,10 @@ - return ret; - } - --STACK_OF(STRING) *X509_get1_ocsp(X509 *x) -+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) - { - AUTHORITY_INFO_ACCESS *info; -- STACK_OF(STRING) *ret = NULL; -+ STACK_OF(OPENSSL_STRING) *ret = NULL; - int i; - - info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); -@@ -499,11 +499,11 @@ - return ret; - } - --STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x) -+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) - { - GENERAL_NAMES *gens; - STACK_OF(X509_EXTENSION) *exts; -- STACK_OF(STRING) *ret; -+ STACK_OF(OPENSSL_STRING) *ret; - - exts = X509_REQ_get_extensions(x); - gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); -@@ -514,9 +514,9 @@ - } - - --static STACK_OF(STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) -+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) - { -- STACK_OF(STRING) *ret = NULL; -+ STACK_OF(OPENSSL_STRING) *ret = NULL; - X509_NAME_ENTRY *ne; - ASN1_IA5STRING *email; - GENERAL_NAME *gen; -@@ -539,23 +539,23 @@ - return ret; - } - --static void str_free(STRING str) -+static void str_free(OPENSSL_STRING str) - { - OPENSSL_free(str); - } - --static int append_ia5(STACK_OF(STRING) **sk, ASN1_IA5STRING *email) -+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) - { - char *emtmp; - /* First some sanity checks */ - if(email->type != V_ASN1_IA5STRING) return 1; - if(!email->data || !email->length) return 1; -- if(!*sk) *sk = sk_STRING_new(sk_strcmp); -+ if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if(!*sk) return 0; - /* Don't add duplicates */ -- if(sk_STRING_find(*sk, (char *)email->data) != -1) return 1; -+ if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; - emtmp = BUF_strdup((char *)email->data); -- if(!emtmp || !sk_STRING_push(*sk, emtmp)) { -+ if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { - X509_email_free(*sk); - *sk = NULL; - return 0; -@@ -563,9 +563,9 @@ - return 1; - } - --void X509_email_free(STACK_OF(STRING) *sk) -+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) - { -- sk_STRING_pop_free(sk, str_free); -+ sk_OPENSSL_STRING_pop_free(sk, str_free); - } - - /* Convert IP addresses both IPv4 and IPv6 into an -Index: openssl/crypto/x509v3/x509v3.h -RCS File: /v/openssl/cvs/openssl/crypto/x509v3/x509v3.h,v -rcsdiff -q -kk '-r1.126.2.1' '-r1.126.2.2' -u '/v/openssl/cvs/openssl/crypto/x509v3/x509v3.h,v' 2>/dev/null ---- openssl/crypto/x509v3/x509v3.h 2009/04/19 17:58:01 1.126.2.1 -+++ openssl/crypto/x509v3/x509v3.h 2009/07/27 21:08:53 1.126.2.2 -@@ -693,10 +693,10 @@ - void X509_PURPOSE_cleanup(void); - int X509_PURPOSE_get_id(X509_PURPOSE *); - --STACK_OF(STRING) *X509_get1_email(X509 *x); --STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x); --void X509_email_free(STACK_OF(STRING) *sk); --STACK_OF(STRING) *X509_get1_ocsp(X509 *x); -+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); -+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); -+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); -+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); - - ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); - ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); diff --git a/openssl-1.0.0-beta3-ssl-free.patch b/openssl-1.0.0-beta3-ssl-free.patch deleted file mode 100644 index 61f56ea..0000000 --- a/openssl-1.0.0-beta3-ssl-free.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.ctx-free openssl-1.0.0-beta3/ssl/ssl_lib.c ---- openssl-1.0.0-beta3/ssl/ssl_lib.c.ctx-free 2009-10-08 20:44:26.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-10-16 11:56:53.000000000 +0200 -@@ -556,7 +556,6 @@ void SSL_free(SSL *s) - if (s->cert != NULL) ssl_cert_free(s->cert); - /* Free up if allocated */ - -- if (s->ctx) SSL_CTX_free(s->ctx); - #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_hostname) - OPENSSL_free(s->tlsext_hostname); -@@ -580,6 +579,8 @@ void SSL_free(SSL *s) - - if (s->method != NULL) s->method->ssl_free(s); - -+ if (s->ctx) SSL_CTX_free(s->ctx); -+ - #ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx != NULL) - kssl_ctx_free(s->kssl_ctx); -diff -up openssl-1.0.0-beta3/ssl/s3_lib.c.hbuf-clear openssl-1.0.0-beta3/ssl/s3_lib.c ---- openssl-1.0.0-beta3/ssl/s3_lib.c.hbuf-clear 2009-05-28 20:10:47.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_lib.c 2009-10-16 09:50:24.000000000 +0200 -@@ -2211,6 +2211,7 @@ void ssl3_clear(SSL *s) - wlen = s->s3->wbuf.len; - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); -+ s->s3->handshake_buffer = NULL; - } - if (s->s3->handshake_dgst) { - ssl3_free_digest_list(s); diff --git a/openssl-1.0.0-beta3-ssl-session.patch b/openssl-1.0.0-beta3-ssl-session.patch deleted file mode 100644 index 923b871..0000000 --- a/openssl-1.0.0-beta3-ssl-session.patch +++ /dev/null @@ -1,27 +0,0 @@ -Index: openssl/ssl/ssl_asn1.c -RCS File: /v/openssl/cvs/openssl/ssl/ssl_asn1.c,v -rcsdiff -q -kk '-r1.36.2.2' '-r1.36.2.3' -u '/v/openssl/cvs/openssl/ssl/ssl_asn1.c,v' 2>/dev/null ---- openssl/ssl/ssl_asn1.c 2009/08/05 15:29:14 1.36.2.2 -+++ openssl/ssl/ssl_asn1.c 2009/09/02 13:20:22 1.36.2.3 -@@ -413,8 +413,8 @@ - } - else - { -- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); -- return(NULL); -+ c.error=SSL_R_UNKNOWN_SSL_VERSION; -+ goto err; - } - - ret->cipher=NULL; -@@ -505,8 +505,8 @@ - { - if (os.length > SSL_MAX_SID_CTX_LENGTH) - { -- ret->sid_ctx_length=os.length; -- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); -+ c.error=SSL_R_BAD_LENGTH; -+ goto err; - } - else - { diff --git a/openssl-0.9.8k-algo-doc.patch b/openssl-1.0.0-beta4-algo-doc.patch similarity index 86% rename from openssl-0.9.8k-algo-doc.patch rename to openssl-1.0.0-beta4-algo-doc.patch index 27521a4..2f18f3f 100644 --- a/openssl-0.9.8k-algo-doc.patch +++ b/openssl-1.0.0-beta4-algo-doc.patch @@ -1,6 +1,6 @@ -diff -up openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod ---- openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc 2004-05-20 23:39:50.000000000 +0200 -+++ openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod 2009-06-30 12:04:47.000000000 +0200 +diff -up openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod +--- openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod.algo-doc 2009-10-16 17:29:34.000000000 +0200 ++++ openssl-1.0.0-beta4/doc/crypto/EVP_DigestInit.pod 2009-11-12 14:13:21.000000000 +0100 @@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_ EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, @@ -45,8 +45,8 @@ diff -up openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-0.9.8k/do +signature algorithm is RSA in each case. EVP_dss() and EVP_dss1() return B structures for SHA and SHA1 digest - algorithms but using DSS (DSA) for the signature algorithm. -@@ -156,7 +163,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_ + algorithms but using DSS (DSA) for the signature algorithm. Note: there is +@@ -158,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_ EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block size in bytes. @@ -56,9 +56,9 @@ diff -up openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-0.9.8k/do EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the corresponding EVP_MD structures. -diff -up openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod ---- openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200 -+++ openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod 2009-06-30 12:04:47.000000000 +0200 +diff -up openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod +--- openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200 ++++ openssl-1.0.0-beta4/doc/crypto/EVP_EncryptInit.pod 2009-11-12 14:11:03.000000000 +0100 @@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); diff --git a/openssl-1.0.0-beta4-binutils.patch b/openssl-1.0.0-beta4-binutils.patch new file mode 100644 index 0000000..d39b2e6 --- /dev/null +++ b/openssl-1.0.0-beta4-binutils.patch @@ -0,0 +1,56 @@ +diff -up openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl +--- openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl 2009-11-12 17:26:08.000000000 +0100 +@@ -19,6 +19,7 @@ my $code; + sub round1_step + { + my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; ++ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal + $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1); + $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); + $code .= <) + # $foo is to become "$prefix/lib$multilib/engines"; + # as Makefile.org and engines/Makefile are adapted for + # $multilib suffix. +- my $foo = "$prefix/lib/engines"; ++ my $foo = "$enginesdir"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } +diff -up openssl-1.0.0-beta4/engines/Makefile.enginesdir openssl-1.0.0-beta4/engines/Makefile +--- openssl-1.0.0-beta4/engines/Makefile.enginesdir 2009-11-10 02:52:52.000000000 +0100 ++++ openssl-1.0.0-beta4/engines/Makefile 2009-11-12 12:23:06.000000000 +0100 +@@ -124,7 +124,7 @@ install: + sfx=".so"; \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi diff --git a/openssl-1.0.0-beta3-fips.patch b/openssl-1.0.0-beta4-fips.patch similarity index 91% rename from openssl-1.0.0-beta3-fips.patch rename to openssl-1.0.0-beta4-fips.patch index 99404e6..bc81d71 100644 --- a/openssl-1.0.0-beta3-fips.patch +++ b/openssl-1.0.0-beta4-fips.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure ---- openssl-1.0.0-beta3/Configure.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/Configure 2009-09-30 13:25:58.000000000 +0200 -@@ -654,6 +654,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml +diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure +--- openssl-1.0.0-beta4/Configure.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/Configure 2009-11-12 12:36:50.000000000 +0100 +@@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; my $perl; @@ -9,7 +9,7 @@ diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure # All of the following is disabled by default (RC5 was enabled before 0.9.8): -@@ -797,6 +798,10 @@ PROCESS_ARGS: +@@ -806,6 +807,10 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } @@ -20,7 +20,7 @@ diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. -@@ -1349,6 +1354,11 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no +@@ -1368,6 +1373,11 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); @@ -32,7 +32,7 @@ diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); -@@ -1504,6 +1514,10 @@ while () +@@ -1535,6 +1545,10 @@ while () s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto/bf/bf_skey.c ---- openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto/bf/bf_skey.c +--- openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bf/bf_skey.c 2009-11-12 12:36:50.000000000 +0100 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypto/bf/blowfish.h ---- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypto/bf/blowfish.h +--- openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bf/blowfish.h 2009-11-12 12:36:50.000000000 +0100 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypt void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/bn.h ---- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/bn.h +--- openssl-1.0.0-beta4/crypto/bn/bn.h.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bn/bn.h 2009-11-12 12:36:50.000000000 +0100 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/b BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/bn/bn_x931p.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c + + } + -diff -up openssl-1.0.0-beta3/crypto/bn/Makefile.fips openssl-1.0.0-beta3/crypto/bn/Makefile ---- openssl-1.0.0-beta3/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/bn/Makefile 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/bn/Makefile +--- openssl-1.0.0-beta4/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bn/Makefile 2009-11-12 12:36:50.000000000 +0100 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0-beta3/crypto/bn/Makefile.fips openssl-1.0.0-beta3/crypto/ SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl 2009-11-12 12:36:50.000000000 +0100 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0- } @SBOX=( -diff -up openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips openssl-1.0.0-beta3/crypto/camellia/camellia.h ---- openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips 2009-09-30 13:25:56.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/camellia.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4/crypto/camellia/camellia.h +--- openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/camellia.h 2009-11-12 12:36:50.000000000 +0100 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips openssl-1.0.0-beta3 int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up /dev/null openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c ---- openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c +--- openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c 2009-11-12 12:36:50.000000000 +0100 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta { if(!userKey || !key) return -1; -diff -up openssl-1.0.0-beta3/crypto/camellia/Makefile.fips openssl-1.0.0-beta3/crypto/camellia/Makefile ---- openssl-1.0.0-beta3/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/camellia/Makefile 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/crypto/camellia/Makefile +--- openssl-1.0.0-beta4/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/Makefile 2009-11-12 12:36:50.000000000 +0100 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0-beta3/crypto/camellia/Makefile.fips openssl-1.0.0-beta3/c SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta3/crypto/cast/cast.h.fips openssl-1.0.0-beta3/crypto/cast/cast.h ---- openssl-1.0.0-beta3/crypto/cast/cast.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/cast/cast.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/cast/cast.h +--- openssl-1.0.0-beta4/crypto/cast/cast.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/cast/cast.h 2009-11-12 12:36:50.000000000 +0100 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0-beta3/crypto/cast/cast.h.fips openssl-1.0.0-beta3/crypto/ void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, int enc); -diff -up openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips openssl-1.0.0-beta3/crypto/cast/c_skey.c ---- openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/cast/c_skey.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypto/cast/c_skey.c +--- openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/cast/c_skey.c 2009-11-12 12:36:50.000000000 +0100 @@ -57,6 +57,11 @@ */ @@ -586,9 +586,9 @@ diff -up openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips openssl-1.0.0-beta3/crypt { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0-beta3/crypto/crypto.h.fips openssl-1.0.0-beta3/crypto/crypto.h ---- openssl-1.0.0-beta3/crypto/crypto.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/crypto.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/crypto.h +--- openssl-1.0.0-beta4/crypto/crypto.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/crypto.h 2009-11-12 12:36:50.000000000 +0100 @@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) @@ -659,9 +659,9 @@ diff -up openssl-1.0.0-beta3/crypto/crypto.h.fips openssl-1.0.0-beta3/crypto/cry /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips openssl-1.0.0-beta3/crypto/dh/dh_err.c ---- openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/dh/dh_err.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/dh/dh_err.c +--- openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dh/dh_err.c 2009-11-12 12:36:50.000000000 +0100 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -679,9 +679,9 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips openssl-1.0.0-beta3/crypto/ {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta3/crypto/dh/dh_gen.c ---- openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dh/dh_gen.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/dh/dh_gen.c +--- openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/dh/dh_gen.c 2009-11-12 12:36:50.000000000 +0100 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -714,9 +714,9 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta3/crypto/ ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/dh.h ---- openssl-1.0.0-beta3/crypto/dh/dh.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dh/dh.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/dh.h +--- openssl-1.0.0-beta4/crypto/dh/dh.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dh/dh.h 2009-11-12 12:36:50.000000000 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -726,7 +726,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/d #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time -@@ -240,6 +242,8 @@ void ERR_load_DH_strings(void); +@@ -241,6 +243,8 @@ void ERR_load_DH_strings(void); #define DH_F_GENERATE_PARAMETERS 104 #define DH_F_PKEY_DH_DERIVE 112 #define DH_F_PKEY_DH_KEYGEN 113 @@ -735,7 +735,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/d /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 -@@ -252,6 +256,7 @@ void ERR_load_DH_strings(void); +@@ -253,6 +257,7 @@ void ERR_load_DH_strings(void); #define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_PARAMETER_ENCODING_ERROR 105 @@ -743,9 +743,9 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/d #ifdef __cplusplus } -diff -up openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips openssl-1.0.0-beta3/crypto/dh/dh_key.c ---- openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dh/dh_key.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/dh/dh_key.c +--- openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/dh/dh_key.c 2009-11-12 12:36:50.000000000 +0100 @@ -61,6 +61,9 @@ #include #include @@ -795,9 +795,9 @@ diff -up openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips openssl-1.0.0-beta3/crypto/ dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c ---- openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c +--- openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c 2009-11-12 12:36:50.000000000 +0100 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -833,9 +833,9 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta3/crypt if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips openssl-1.0.0-beta3/crypto/dsa/dsa.h ---- openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/dsa/dsa.h +--- openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa.h 2009-11-12 12:36:50.000000000 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -892,9 +892,9 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips openssl-1.0.0-beta3/crypto/ds #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_key.c ---- openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_key.c 2009-09-30 17:01:34.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c +--- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c 2009-11-12 12:36:50.000000000 +0100 @@ -63,9 +63,53 @@ #include #include @@ -980,9 +980,9 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypt ok=1; err: -diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c 2009-11-12 12:36:50.000000000 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1054,9 +1054,9 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta3/cryp dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypto/err/err_all.c ---- openssl-1.0.0-beta3/crypto/err/err_all.c.fips 2008-11-24 18:27:06.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/err/err_all.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypto/err/err_all.c +--- openssl-1.0.0-beta4/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/err/err_all.c 2009-11-12 12:36:50.000000000 +0100 @@ -96,6 +96,9 @@ #include #include @@ -1067,7 +1067,7 @@ diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypt #ifndef OPENSSL_NO_CMS #include #endif -@@ -148,6 +151,9 @@ void ERR_load_crypto_strings(void) +@@ -149,6 +152,9 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); @@ -1077,9 +1077,9 @@ diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypt #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0-beta3/crypto/evp/digest.c.fips openssl-1.0.0-beta3/crypto/evp/digest.c ---- openssl-1.0.0-beta3/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/digest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto/evp/digest.c +--- openssl-1.0.0-beta4/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/digest.c 2009-11-12 12:36:50.000000000 +0100 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1178,9 +1178,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/digest.c.fips openssl-1.0.0-beta3/crypto OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips openssl-1.0.0-beta3/crypto/evp/e_aes.c ---- openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/e_aes.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/evp/e_aes.c +--- openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_aes.c 2009-11-12 12:36:50.000000000 +0100 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1233,9 +1233,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips openssl-1.0.0-beta3/crypto/ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta3/crypto/evp/e_camellia.c ---- openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/e_camellia.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/crypto/evp/e_camellia.c +--- openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/e_camellia.c 2009-11-12 12:36:50.000000000 +0100 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1245,9 +1245,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta3/cr IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips openssl-1.0.0-beta3/crypto/evp/e_des3.c ---- openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/e_des3.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto/evp/e_des3.c +--- openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_des3.c 2009-11-12 12:36:50.000000000 +0100 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1292,9 +1292,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips openssl-1.0.0-beta3/crypto des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0-beta3/crypto/evp/e_null.c.fips openssl-1.0.0-beta3/crypto/evp/e_null.c ---- openssl-1.0.0-beta3/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/e_null.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto/evp/e_null.c +--- openssl-1.0.0-beta4/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_null.c 2009-11-12 12:36:50.000000000 +0100 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1304,9 +1304,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/e_null.c.fips openssl-1.0.0-beta3/crypto null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta3/crypto/evp/evp_enc.c ---- openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/evp_enc.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypto/evp/evp_enc.c +--- openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_enc.c 2009-11-12 12:36:50.000000000 +0100 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1399,9 +1399,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta3/crypt if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips openssl-1.0.0-beta3/crypto/evp/evp_err.c ---- openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/evp_err.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypto/evp/evp_err.c +--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2009-11-12 12:36:50.000000000 +0100 @@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1410,9 +1410,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips openssl-1.0.0-beta3/crypt {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/evp/evp.h ---- openssl-1.0.0-beta3/crypto/evp/evp.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/evp.h 2009-09-30 14:40:54.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/evp/evp.h +--- openssl-1.0.0-beta4/crypto/evp/evp.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp.h 2009-11-12 12:36:50.000000000 +0100 @@ -75,6 +75,10 @@ #include #endif @@ -1489,9 +1489,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/ev #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta3/crypto/evp/evp_lib.c ---- openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/evp_lib.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypto/evp/evp_lib.c +--- openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/evp_lib.c 2009-11-12 12:36:50.000000000 +0100 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1539,9 +1539,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta3/crypt + { + return (ctx->flags & flags); + } -diff -up openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta3/crypto/evp/evp_locl.h ---- openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/evp_locl.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/crypto/evp/evp_locl.h +--- openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_locl.h 2009-11-12 12:36:50.000000000 +0100 @@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ @@ -1591,9 +1591,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta3/cryp struct evp_pkey_ctx_st { -diff -up openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss.c ---- openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/m_dss.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss.c +--- openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/m_dss.c 2009-11-12 12:36:50.000000000 +0100 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1603,9 +1603,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips openssl-1.0.0-beta3/crypto/ init, update, final, -diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss1.c ---- openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/m_dss1.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss1.c +--- openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/m_dss1.c 2009-11-12 12:36:50.000000000 +0100 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1615,9 +1615,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto init, update, final, -diff -up openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta3/crypto/evp/m_sha1.c ---- openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/m_sha1.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto/evp/m_sha1.c +--- openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/m_sha1.c 2009-11-12 12:36:50.000000000 +0100 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1668,9 +1668,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta3/crypto init512, update512, final512, -diff -up openssl-1.0.0-beta3/crypto/evp/names.c.fips openssl-1.0.0-beta3/crypto/evp/names.c ---- openssl-1.0.0-beta3/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/names.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/evp/names.c +--- openssl-1.0.0-beta4/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/names.c 2009-11-12 12:36:50.000000000 +0100 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1693,9 +1693,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/names.c.fips openssl-1.0.0-beta3/crypto/ name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips openssl-1.0.0-beta3/crypto/evp/p_sign.c ---- openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/p_sign.c 2009-09-30 15:07:14.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto/evp/p_sign.c +--- openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/p_sign.c 2009-11-12 12:36:50.000000000 +0100 @@ -61,6 +61,7 @@ #include #include @@ -1727,9 +1727,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips openssl-1.0.0-beta3/crypto if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips openssl-1.0.0-beta3/crypto/evp/p_verify.c ---- openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/evp/p_verify.c 2009-09-30 15:07:27.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/crypto/evp/p_verify.c +--- openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/p_verify.c 2009-11-12 12:36:50.000000000 +0100 @@ -61,6 +61,7 @@ #include #include @@ -1761,9 +1761,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips openssl-1.0.0-beta3/cryp i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2704,9 +2704,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3410,9 +3410,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,537 @@ +#include + @@ -3951,9 +3951,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4185,9 +4185,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c + return 0; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4579,9 +4579,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4953,9 +4953,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5334,9 +5334,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5726,9 +5726,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6073,9 +6073,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h +#endif + } + -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips_err.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips_err.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,7 @@ +#include + @@ -6084,9 +6084,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.c +#else +static void *dummy=&dummy; +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.h ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips_err.h 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips_err.h 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6225,9 +6225,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.h + } +#endif + } -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6330,9 +6330,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6753,9 +6753,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.c + + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6894,9 +6894,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,184 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7082,9 +7082,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.h ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips.h 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips.h 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7249,9 +7249,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.h +} +#endif +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,135 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7388,9 +7388,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c + return 1; + } +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,410 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7802,9 +7802,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.c +} + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.h ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.h 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rand.h 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7883,9 +7883,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.h +#endif +#endif +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,371 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8258,9 +8258,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_randtest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_randtest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_randtest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8510,9 +8510,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_randtest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,439 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -8953,9 +8953,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c + } + +#endif /* def OPENSSL_FIPS */ -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9238,9 +9238,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c + return 0; + + } -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,97 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9339,9 +9339,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9516,9 +9516,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c + } + + -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10108,9 +10108,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_locl.h ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips_locl.h 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips_locl.h 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10184,9 +10184,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_locl.h +} +#endif +#endif -diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/Makefile ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/Makefile 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10269,9 +10269,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/Makefile + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips openssl-1.0.0-beta3/crypto/hmac/hmac.c ---- openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/hmac/hmac.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/hmac/hmac.c +--- openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/hmac/hmac.c 2009-11-12 12:36:50.000000000 +0100 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10297,9 +10297,9 @@ diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips openssl-1.0.0-beta3/crypto/ + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } + -diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips openssl-1.0.0-beta3/crypto/hmac/hmac.h ---- openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/hmac/hmac.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips openssl-1.0.0-beta4/crypto/hmac/hmac.h +--- openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/hmac/hmac.h 2009-11-12 12:36:50.000000000 +0100 @@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md unsigned int *md_len); int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); @@ -10308,9 +10308,9 @@ diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips openssl-1.0.0-beta3/crypto/ #ifdef __cplusplus } -diff -up openssl-1.0.0-beta3/crypto/Makefile.fips openssl-1.0.0-beta3/crypto/Makefile ---- openssl-1.0.0-beta3/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/Makefile 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Makefile +--- openssl-1.0.0-beta4/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/Makefile 2009-11-12 12:36:50.000000000 +0100 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10329,9 +10329,9 @@ diff -up openssl-1.0.0-beta3/crypto/Makefile.fips openssl-1.0.0-beta3/crypto/Mak ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -61,6 +61,11 @@ #include #include @@ -10353,9 +10353,9 @@ diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta3/cry { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2.h ---- openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/mdc2/mdc2.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2.h +--- openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/mdc2/mdc2.h 2009-11-12 12:36:50.000000000 +0100 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10367,9 +10367,9 @@ diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta3/crypto/ int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta3/crypto/md2/md2_dgst.c ---- openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md2/md2_dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/crypto/md2/md2_dgst.c +--- openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/md2/md2_dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -62,6 +62,11 @@ #include #include @@ -10391,9 +10391,9 @@ diff -up openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta3/cryp { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0-beta3/crypto/md2/md2.h.fips openssl-1.0.0-beta3/crypto/md2/md2.h ---- openssl-1.0.0-beta3/crypto/md2/md2.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md2/md2.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md2/md2.h +--- openssl-1.0.0-beta4/crypto/md2/md2.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md2/md2.h 2009-11-12 12:36:50.000000000 +0100 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10404,9 +10404,9 @@ diff -up openssl-1.0.0-beta3/crypto/md2/md2.h.fips openssl-1.0.0-beta3/crypto/md int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta3/crypto/md4/md4_dgst.c ---- openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/md4/md4_dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/crypto/md4/md4_dgst.c +--- openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md4/md4_dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10428,9 +10428,9 @@ diff -up openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta3/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta3/crypto/md4/md4.h.fips openssl-1.0.0-beta3/crypto/md4/md4.h ---- openssl-1.0.0-beta3/crypto/md4/md4.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md4/md4.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md4/md4.h +--- openssl-1.0.0-beta4/crypto/md4/md4.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md4/md4.h 2009-11-12 12:36:50.000000000 +0100 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10441,9 +10441,9 @@ diff -up openssl-1.0.0-beta3/crypto/md4/md4.h.fips openssl-1.0.0-beta3/crypto/md int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta3/crypto/md5/md5_dgst.c ---- openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/md5/md5_dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/crypto/md5/md5_dgst.c +--- openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md5/md5_dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10465,9 +10465,9 @@ diff -up openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta3/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta3/crypto/md5/md5.h.fips openssl-1.0.0-beta3/crypto/md5/md5.h ---- openssl-1.0.0-beta3/crypto/md5/md5.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/md5/md5.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md5/md5.h +--- openssl-1.0.0-beta4/crypto/md5/md5.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md5/md5.h 2009-11-12 12:36:50.000000000 +0100 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10478,9 +10478,9 @@ diff -up openssl-1.0.0-beta3/crypto/md5/md5.h.fips openssl-1.0.0-beta3/crypto/md int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/mem.c.fips openssl-1.0.0-beta3/crypto/mem.c ---- openssl-1.0.0-beta3/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/mem.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c +--- openssl-1.0.0-beta4/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/mem.c 2009-11-12 12:36:50.000000000 +0100 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10490,9 +10490,9 @@ diff -up openssl-1.0.0-beta3/crypto/mem.c.fips openssl-1.0.0-beta3/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up /dev/null openssl-1.0.0-beta3/crypto/o_init.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/o_init.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10574,9 +10574,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/o_init.c + } + + -diff -up openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips openssl-1.0.0-beta3/crypto/opensslconf.h.in ---- openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/opensslconf.h.in 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/crypto/opensslconf.h.in +--- openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/opensslconf.h.in 2009-11-12 12:36:50.000000000 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10598,9 +10598,9 @@ diff -up openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips openssl-1.0.0-beta3/cr /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c 2009-11-12 12:36:50.000000000 +0100 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10627,9 +10627,9 @@ diff -up openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta3/cr if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips openssl-1.0.0-beta3/crypto/rand/md_rand.c ---- openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rand/md_rand.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/crypto/rand/md_rand.c +--- openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/md_rand.c 2009-11-12 12:36:50.000000000 +0100 @@ -126,6 +126,10 @@ #include @@ -10656,9 +10656,9 @@ diff -up openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips openssl-1.0.0-beta3/cryp #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips openssl-1.0.0-beta3/crypto/rand/rand_err.c ---- openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rand/rand_err.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/crypto/rand/rand_err.c +--- openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/rand_err.c 2009-11-12 12:36:50.000000000 +0100 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10691,9 +10691,9 @@ diff -up openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips openssl-1.0.0-beta3/cry {0,NULL} }; -diff -up openssl-1.0.0-beta3/crypto/rand/rand.h.fips openssl-1.0.0-beta3/crypto/rand/rand.h ---- openssl-1.0.0-beta3/crypto/rand/rand.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rand/rand.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/rand/rand.h +--- openssl-1.0.0-beta4/crypto/rand/rand.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/rand.h 2009-11-12 12:36:50.000000000 +0100 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10723,9 +10723,9 @@ diff -up openssl-1.0.0-beta3/crypto/rand/rand.h.fips openssl-1.0.0-beta3/crypto/ #ifdef __cplusplus } -diff -up openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta3/crypto/rand/rand_lib.c ---- openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rand/rand_lib.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/crypto/rand/rand_lib.c +--- openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/rand_lib.c 2009-11-12 12:36:50.000000000 +0100 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10759,9 +10759,9 @@ diff -up openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta3/cry return default_RAND_meth; } -diff -up openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips openssl-1.0.0-beta3/crypto/rc2/rc2.h ---- openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc2/rc2.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc2/rc2.h +--- openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc2/rc2.h 2009-11-12 12:36:50.000000000 +0100 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10773,9 +10773,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips openssl-1.0.0-beta3/crypto/rc void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c ---- openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c +--- openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c 2009-11-12 12:36:50.000000000 +0100 @@ -57,6 +57,11 @@ */ @@ -10809,9 +10809,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta3/cryp int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl 2009-11-12 12:36:50.000000000 +0100 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10819,9 +10819,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl 2009-11-12 12:36:50.000000000 +0100 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10831,9 +10831,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet print $code; close STDOUT; -diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl 2009-11-12 12:36:50.000000000 +0100 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10857,9 +10857,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta3/ # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0-beta3/crypto/rc4/Makefile.fips openssl-1.0.0-beta3/crypto/rc4/Makefile ---- openssl-1.0.0-beta3/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/Makefile 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto/rc4/Makefile +--- openssl-1.0.0-beta4/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/Makefile 2009-11-12 12:36:50.000000000 +0100 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10871,9 +10871,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/Makefile.fips openssl-1.0.0-beta3/crypto SRC= $(LIBSRC) -diff -up /dev/null openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c ---- /dev/null 2009-09-23 10:56:02.148001752 +0200 -+++ openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c 2009-09-30 13:25:58.000000000 +0200 +diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c +--- /dev/null 2009-11-04 12:00:58.801002276 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c 2009-11-12 12:36:50.000000000 +0100 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10950,9 +10950,9 @@ diff -up /dev/null openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c + } +#endif + -diff -up openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips openssl-1.0.0-beta3/crypto/rc4/rc4.h ---- openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rc4/rc4.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc4/rc4.h +--- openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/rc4.h 2009-11-12 12:36:50.000000000 +0100 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -10963,9 +10963,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips openssl-1.0.0-beta3/crypto/rc void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c ---- openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c +--- openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c 2009-11-12 12:36:50.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11003,9 +11003,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta3/cryp unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta3/crypto/ripemd/ripemd.h ---- openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/ripemd/ripemd.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/crypto/ripemd/ripemd.h +--- openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/ripemd/ripemd.h 2009-11-12 12:36:50.000000000 +0100 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11016,9 +11016,9 @@ diff -up openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta3/cry int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11040,9 +11040,9 @@ diff -up openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta3/c { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c ---- openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c +--- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c 2009-11-12 12:36:50.000000000 +0100 @@ -114,6 +114,8 @@ #include #include @@ -11301,9 +11301,9 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta3/crypt rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_err.c ---- openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_err.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_err.c +--- openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_err.c 2009-11-12 12:36:50.000000000 +0100 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11330,9 +11330,9 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta3/crypt {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c ---- openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c 2009-09-30 16:55:26.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c +--- openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c 2009-11-12 12:36:50.000000000 +0100 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11458,9 +11458,9 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypt ok=1; err: if (ok == -1) -diff -up openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips openssl-1.0.0-beta3/crypto/rsa/rsa.h ---- openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips 2009-09-30 13:25:56.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rsa/rsa.h +--- openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa.h 2009-11-12 12:36:50.000000000 +0100 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11530,9 +11530,9 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips openssl-1.0.0-beta3/crypto/rs #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c ---- openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips 2008-08-06 17:54:14.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c +--- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips 2009-08-05 17:04:16.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2009-11-12 12:36:50.000000000 +0100 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11608,63 +11608,9 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta3/crypt return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -@@ -422,51 +462,8 @@ err: - BN_CTX_end(ctx); - if (in_ctx == NULL) - BN_CTX_free(ctx); -+ if(rsa->e == NULL) -+ BN_free(e); - - return ret; - } -- --int RSA_memory_lock(RSA *r) -- { -- int i,j,k,off; -- char *p; -- BIGNUM *bn,**t[6],*b; -- BN_ULONG *ul; -- -- if (r->d == NULL) return(1); -- t[0]= &r->d; -- t[1]= &r->p; -- t[2]= &r->q; -- t[3]= &r->dmp1; -- t[4]= &r->dmq1; -- t[5]= &r->iqmp; -- k=sizeof(BIGNUM)*6; -- off=k/sizeof(BN_ULONG)+1; -- j=1; -- for (i=0; i<6; i++) -- j+= (*t[i])->top; -- if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) -- { -- RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); -- return(0); -- } -- bn=(BIGNUM *)p; -- ul=(BN_ULONG *)&(p[off]); -- for (i=0; i<6; i++) -- { -- b= *(t[i]); -- *(t[i])= &(bn[i]); -- memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); -- bn[i].flags=BN_FLG_STATIC_DATA; -- bn[i].d=ul; -- memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); -- ul+=b->top; -- BN_clear_free(b); -- } -- -- /* I should fix this so it can still be done */ -- r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); -- -- r->bignum_data=p; -- return(1); -- } -diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c ---- openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c +--- openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c 2009-11-12 12:36:50.000000000 +0100 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11696,9 +11642,9 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta3/cryp if (i <= 0) goto err; -diff -up openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha_dgst.c ---- openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha_dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha_dgst.c +--- openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha_dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -57,6 +57,12 @@ */ @@ -11712,9 +11658,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta3/cryp #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0-beta3/crypto/sha/sha.h.fips openssl-1.0.0-beta3/crypto/sha/sha.h ---- openssl-1.0.0-beta3/crypto/sha/sha.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/sha/sha.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sha/sha.h +--- openssl-1.0.0-beta4/crypto/sha/sha.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha.h 2009-11-12 12:36:50.000000000 +0100 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11725,9 +11671,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha.h.fips openssl-1.0.0-beta3/crypto/sh int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta3/crypto/sha/sha_locl.h ---- openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/sha/sha_locl.h 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/crypto/sha/sha_locl.h +--- openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips 2009-11-12 12:36:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha_locl.h 2009-11-12 12:36:50.000000000 +0100 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11744,9 +11690,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta3/cryp memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha1dgst.c ---- openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha1dgst.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha1dgst.c +--- openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha1dgst.c 2009-11-12 12:36:50.000000000 +0100 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11758,9 +11704,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta3/cryp const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0-beta3/crypto/sha/sha256.c.fips openssl-1.0.0-beta3/crypto/sha/sha256.c ---- openssl-1.0.0-beta3/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha256.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto/sha/sha256.c +--- openssl-1.0.0-beta4/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha256.c 2009-11-12 12:36:50.000000000 +0100 @@ -12,12 +12,19 @@ #include @@ -11791,9 +11737,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha256.c.fips openssl-1.0.0-beta3/crypto memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0-beta3/crypto/sha/sha512.c.fips openssl-1.0.0-beta3/crypto/sha/sha512.c ---- openssl-1.0.0-beta3/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100 -+++ openssl-1.0.0-beta3/crypto/sha/sha512.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto/sha/sha512.c +--- openssl-1.0.0-beta4/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha512.c 2009-11-12 12:36:50.000000000 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11834,10 +11780,10 @@ diff -up openssl-1.0.0-beta3/crypto/sha/sha512.c.fips openssl-1.0.0-beta3/crypto asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) -diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org ---- openssl-1.0.0-beta3/Makefile.org.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/Makefile.org 2009-09-30 13:25:58.000000000 +0200 -@@ -109,6 +109,9 @@ LIBKRB5= +diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org +--- openssl-1.0.0-beta4/Makefile.org.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/Makefile.org 2009-11-12 12:36:50.000000000 +0100 +@@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11847,7 +11793,7 @@ diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org DIRS= crypto ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl -@@ -121,7 +124,7 @@ SDIRS= \ +@@ -122,7 +125,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ @@ -11856,7 +11802,7 @@ diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... -@@ -204,6 +207,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS +@@ -206,6 +209,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ WP_ASM_OBJ='$(WP_ASM_OBJ)' \ PERLASM_SCHEME='$(PERLASM_SCHEME)' \ @@ -11864,9 +11810,9 @@ diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips openssl-1.0.0-beta3/ssl/ssl_ciph.c ---- openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips 2009-04-07 14:10:59.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_ciph.c +--- openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/ssl_ciph.c 2009-11-12 12:36:50.000000000 +0100 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11889,10 +11835,10 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips openssl-1.0.0-beta3/ssl/ssl_cip { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.fips openssl-1.0.0-beta3/ssl/ssl_lib.c ---- openssl-1.0.0-beta3/ssl/ssl_lib.c.fips 2009-06-30 13:57:24.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-09-30 13:25:58.000000000 +0200 -@@ -1470,6 +1470,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.c +--- openssl-1.0.0-beta4/ssl/ssl_lib.c.fips 2009-10-16 15:41:52.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2009-11-12 12:36:50.000000000 +0100 +@@ -1471,6 +1471,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11907,9 +11853,9 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.fips openssl-1.0.0-beta3/ssl/ssl_lib. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0-beta3/ssl/ssltest.c.fips openssl-1.0.0-beta3/ssl/ssltest.c ---- openssl-1.0.0-beta3/ssl/ssltest.c.fips 2009-09-30 13:25:57.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssltest.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.c +--- openssl-1.0.0-beta4/ssl/ssltest.c.fips 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssltest.c 2009-11-12 12:36:50.000000000 +0100 @@ -265,6 +265,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -11984,10 +11930,10 @@ diff -up openssl-1.0.0-beta3/ssl/ssltest.c.fips openssl-1.0.0-beta3/ssl/ssltest. if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_clnt.c ---- openssl-1.0.0-beta3/ssl/s23_clnt.c.fips 2009-04-07 19:01:07.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s23_clnt.c 2009-09-30 13:25:58.000000000 +0200 -@@ -332,6 +332,14 @@ static int ssl23_client_hello(SSL *s) +diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_clnt.c +--- openssl-1.0.0-beta4/ssl/s23_clnt.c.fips 2009-08-05 17:29:14.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/s23_clnt.c 2009-11-12 12:36:50.000000000 +0100 +@@ -335,6 +335,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } @@ -12002,7 +11948,7 @@ diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_cln else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; -@@ -615,6 +623,14 @@ static int ssl23_get_server_hello(SSL *s +@@ -618,6 +626,14 @@ static int ssl23_get_server_hello(SSL *s if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -12017,9 +11963,9 @@ diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_cln s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0-beta3/ssl/s23_srvr.c.fips openssl-1.0.0-beta3/ssl/s23_srvr.c ---- openssl-1.0.0-beta3/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s23_srvr.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srvr.c +--- openssl-1.0.0-beta4/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-12 12:36:50.000000000 +0100 @@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12036,9 +11982,9 @@ diff -up openssl-1.0.0-beta3/ssl/s23_srvr.c.fips openssl-1.0.0-beta3/ssl/s23_srv if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt.c ---- openssl-1.0.0-beta3/ssl/s3_clnt.c.fips 2009-06-16 18:39:20.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_clnt.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.c +--- openssl-1.0.0-beta4/ssl/s3_clnt.c.fips 2009-10-30 15:06:18.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2009-11-12 12:36:50.000000000 +0100 @@ -156,6 +156,10 @@ #include #include @@ -12050,7 +11996,7 @@ diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt. #ifndef OPENSSL_NO_DH #include #endif -@@ -1524,6 +1528,8 @@ int ssl3_get_key_exchange(SSL *s) +@@ -1530,6 +1534,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { @@ -12059,9 +12005,9 @@ diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c ---- openssl-1.0.0-beta3/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_enc.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c +--- openssl-1.0.0-beta4/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/s3_enc.c 2009-11-12 12:36:50.000000000 +0100 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12087,10 +12033,10 @@ diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr.c ---- openssl-1.0.0-beta3/ssl/s3_srvr.c.fips 2009-06-26 17:04:22.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/s3_srvr.c 2009-09-30 13:25:58.000000000 +0200 -@@ -1674,6 +1674,8 @@ int ssl3_send_server_key_exchange(SSL *s +diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.c +--- openssl-1.0.0-beta4/ssl/s3_srvr.c.fips 2009-10-30 14:22:44.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2009-11-12 12:36:50.000000000 +0100 +@@ -1679,6 +1679,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) { @@ -12099,9 +12045,9 @@ diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta3/ssl/t1_enc.c.fips openssl-1.0.0-beta3/ssl/t1_enc.c ---- openssl-1.0.0-beta3/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/t1_enc.c 2009-09-30 13:25:58.000000000 +0200 +diff -up openssl-1.0.0-beta4/ssl/t1_enc.c.fips openssl-1.0.0-beta4/ssl/t1_enc.c +--- openssl-1.0.0-beta4/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 ++++ openssl-1.0.0-beta4/ssl/t1_enc.c 2009-11-12 12:36:50.000000000 +0100 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md HMAC_CTX_init(&ctx); diff --git a/openssl-1.0.0-beta3-redhat.patch b/openssl-1.0.0-beta4-redhat.patch similarity index 92% rename from openssl-1.0.0-beta3-redhat.patch rename to openssl-1.0.0-beta4-redhat.patch index bd6b9af..ad61bf8 100644 --- a/openssl-1.0.0-beta3-redhat.patch +++ b/openssl-1.0.0-beta4-redhat.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure ---- openssl-1.0.0-beta3/Configure.redhat 2009-07-08 10:50:52.000000000 +0200 -+++ openssl-1.0.0-beta3/Configure 2009-08-04 22:46:59.000000000 +0200 -@@ -331,32 +331,32 @@ my %table=( +diff -up openssl-1.0.0-beta4/Configure.redhat openssl-1.0.0-beta4/Configure +--- openssl-1.0.0-beta4/Configure.redhat 2009-11-09 15:11:13.000000000 +0100 ++++ openssl-1.0.0-beta4/Configure 2009-11-12 12:15:27.000000000 +0100 +@@ -336,32 +336,32 @@ my %table=( #### # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... @@ -27,9 +27,9 @@ diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", ++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", +"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", #### SPARC Linux setups # Ray Miller has patiently @@ -46,7 +46,7 @@ diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -370,8 +370,8 @@ my %table=( +@@ -375,8 +375,8 @@ my %table=( # # # diff --git a/openssl-1.0.0-beta4-reneg.patch b/openssl-1.0.0-beta4-reneg.patch new file mode 100644 index 0000000..92e206d --- /dev/null +++ b/openssl-1.0.0-beta4-reneg.patch @@ -0,0 +1,237 @@ +diff -up openssl-1.0.0-beta4/apps/s_cb.c.reneg openssl-1.0.0-beta4/apps/s_cb.c +--- openssl-1.0.0-beta4/apps/s_cb.c.reneg 2009-10-15 20:48:47.000000000 +0200 ++++ openssl-1.0.0-beta4/apps/s_cb.c 2009-11-12 15:02:30.000000000 +0100 +@@ -669,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int c + extname = "server ticket"; + break; + ++ case TLSEXT_TYPE_renegotiate: ++ extname = "renegotiate"; ++ break; ++ + #ifdef TLSEXT_TYPE_opaque_prf_input + case TLSEXT_TYPE_opaque_prf_input: + extname = "opaque PRF input"; +diff -up openssl-1.0.0-beta4/apps/s_client.c.reneg openssl-1.0.0-beta4/apps/s_client.c +--- openssl-1.0.0-beta4/apps/s_client.c.reneg 2009-11-12 14:57:48.000000000 +0100 ++++ openssl-1.0.0-beta4/apps/s_client.c 2009-11-12 15:01:48.000000000 +0100 +@@ -343,6 +343,7 @@ static void sc_usage(void) + BIO_printf(bio_err," -status - request certificate status from server\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + #endif ++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + } + + #ifndef OPENSSL_NO_TLSEXT +@@ -657,6 +658,8 @@ int MAIN(int argc, char **argv) + #endif + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; ++ else if (strcmp(*argv,"-legacy_renegotiation") == 0) ++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +diff -up openssl-1.0.0-beta4/apps/s_server.c.reneg openssl-1.0.0-beta4/apps/s_server.c +--- openssl-1.0.0-beta4/apps/s_server.c.reneg 2009-11-12 14:57:48.000000000 +0100 ++++ openssl-1.0.0-beta4/apps/s_server.c 2009-11-12 15:01:48.000000000 +0100 +@@ -491,6 +491,7 @@ static void sv_usage(void) + BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); ++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + #endif + } + +@@ -1013,6 +1014,8 @@ int MAIN(int argc, char *argv[]) + verify_return_error = 1; + else if (strcmp(*argv,"-serverpref") == 0) + { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } ++ else if (strcmp(*argv,"-legacy_renegotiation") == 0) ++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +diff -up openssl-1.0.0-beta4/ssl/tls1.h.reneg openssl-1.0.0-beta4/ssl/tls1.h +--- openssl-1.0.0-beta4/ssl/tls1.h.reneg 2009-11-12 14:57:47.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/tls1.h 2009-11-12 15:02:30.000000000 +0100 +@@ -201,6 +201,9 @@ extern "C" { + # define TLSEXT_TYPE_opaque_prf_input ?? */ + #endif + ++/* Temporary extension type */ ++#define TLSEXT_TYPE_renegotiate 0xff01 ++ + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 + /* status request value from RFC 3546 */ +diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg openssl-1.0.0-beta4/ssl/t1_lib.c +--- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg 2009-11-08 15:36:32.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-12 15:02:30.000000000 +0100 +@@ -315,6 +315,30 @@ unsigned char *ssl_add_clienthello_tlsex + ret+=size_str; + } + ++ /* Add the renegotiation option: TODOEKR switch */ ++ { ++ int el; ++ ++ if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) ++ { ++ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ if((limit - p - 4 - el) < 0) return NULL; ++ ++ s2n(TLSEXT_TYPE_renegotiate,ret); ++ s2n(el,ret); ++ ++ if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) ++ { ++ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ ret += el; ++ } ++ + #ifndef OPENSSL_NO_EC + if (s->tlsext_ecpointformatlist != NULL) + { +@@ -490,6 +514,31 @@ unsigned char *ssl_add_serverhello_tlsex + s2n(TLSEXT_TYPE_server_name,ret); + s2n(0,ret); + } ++ ++ if(s->s3->send_connection_binding) ++ { ++ int el; ++ ++ if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) ++ { ++ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ if((limit - p - 4 - el) < 0) return NULL; ++ ++ s2n(TLSEXT_TYPE_renegotiate,ret); ++ s2n(el,ret); ++ ++ if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) ++ { ++ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ ret += el; ++ } ++ + #ifndef OPENSSL_NO_EC + if (s->tlsext_ecpointformatlist != NULL) + { +@@ -574,11 +623,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, + unsigned short size; + unsigned short len; + unsigned char *data = *p; ++ int renegotiate_seen = 0; ++ + s->servername_done = 0; + s->tlsext_status_type = -1; ++ s->s3->send_connection_binding = 0; + + if (data >= (d+n-2)) ++ { ++ if (s->new_session ++ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ /* We should always see one extension: the renegotiate extension */ ++ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ return 0; ++ } + return 1; ++ } + n2s(data,len); + + if (data > (d+n-len)) +@@ -790,6 +851,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, + return 0; + } + } ++ else if (type == TLSEXT_TYPE_renegotiate) ++ { ++ if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) ++ return 0; ++ renegotiate_seen = 1; ++ } + else if (type == TLSEXT_TYPE_status_request + && s->ctx->tlsext_status_cb) + { +@@ -894,6 +961,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, + /* session ticket processed earlier */ + data+=size; + } ++ ++ if (s->new_session && !renegotiate_seen ++ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ return 0; ++ } ++ + + *p = data; + return 1; +@@ -905,11 +980,22 @@ int ssl_parse_serverhello_tlsext(SSL *s, + unsigned short size; + unsigned short len; + unsigned char *data = *p; +- + int tlsext_servername = 0; ++ int renegotiate_seen = 0; + + if (data >= (d+n-2)) ++ { ++ /* Because the client does not see any renegotiation during an ++ attack, we must enforce this on all server hellos, even the ++ first */ ++ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ /* We should always see one extension: the renegotiate extension */ ++ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ return 0; ++ } + return 1; ++ } + + n2s(data,len); + +@@ -1025,7 +1111,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, + /* Set flag to expect CertificateStatus message */ + s->tlsext_status_expected = 1; + } +- ++ else if (type == TLSEXT_TYPE_renegotiate) ++ { ++ if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) ++ return 0; ++ renegotiate_seen = 1; ++ } + data+=size; + } + +@@ -1035,6 +1126,13 @@ int ssl_parse_serverhello_tlsext(SSL *s, + return 0; + } + ++ if (!renegotiate_seen ++ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ return 0; ++ } ++ + if (!s->hit && tlsext_servername == 1) + { + if (s->tlsext_hostname) diff --git a/openssl.spec b/openssl.spec index 1412c86..0066aba 100644 --- a/openssl.spec +++ b/openssl.spec @@ -11,7 +11,7 @@ # 1.0.0 soversion = 10 %define soversion 10 -%define beta beta3 +%define beta beta4 # Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.10.%{beta}%{?dist} +Release: 0.11.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -35,41 +35,33 @@ Source9: opensslconf-new.h Source10: opensslconf-new-warning.h Source11: README.FIPS # Build changes -Patch0: openssl-1.0.0-beta3-redhat.patch +Patch0: openssl-1.0.0-beta4-redhat.patch Patch1: openssl-1.0.0-beta3-defaults.patch -Patch2: openssl-1.0.0-beta3-krb5.patch Patch3: openssl-1.0.0-beta3-soversion.patch -Patch4: openssl-1.0.0-beta3-enginesdir.patch +Patch4: openssl-1.0.0-beta4-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch # Bug fixes -Patch21: openssl-0.9.8b-aliasing-bug.patch -Patch23: openssl-1.0.0-beta3-default-paths.patch +Patch23: openssl-1.0.0-beta4-default-paths.patch +Patch24: openssl-1.0.0-beta4-binutils.patch # Functionality changes Patch32: openssl-0.9.8g-ia64.patch -Patch33: openssl-0.9.8j-ca-dir.patch +Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-1.0.0-beta3-cipher-change.patch Patch39: openssl-1.0.0-beta3-ipv6-apps.patch -Patch40: openssl-1.0.0-beta3-fips.patch +Patch40: openssl-1.0.0-beta4-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-0.9.8j-readme-warning.patch Patch48: openssl-0.9.8j-bad-mime.patch -Patch49: openssl-0.9.8k-algo-doc.patch -Patch50: openssl-1.0.0-beta3-curl.patch -Patch51: openssl-1.0.0-beta3-const.patch -Patch52: openssl-1.0.0-beta3-dss1.patch +Patch49: openssl-1.0.0-beta4-algo-doc.patch +Patch50: openssl-1.0.0-beta4-dtls1-abi.patch # Backported fixes including security fixes -Patch60: openssl-1.0.0-beta3-namingstr.patch -Patch61: openssl-1.0.0-beta3-namingblk.patch -Patch62: openssl-1.0.0-beta3-camellia-rounds.patch -Patch63: openssl-1.0.0-beta3-dtls1-fix.patch -Patch64: openssl-1.0.0-beta3-ssl-session.patch -Patch65: openssl-1.0.0-beta3-ssl-free.patch +Patch60: openssl-1.0.0-beta4-reneg.patch License: OpenSSL Group: System Environment/Libraries @@ -124,15 +116,13 @@ from other formats to the formats used by the OpenSSL toolkit. %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat %patch1 -p1 -b .defaults -# Fix link line for libssl (bug #111154). -%patch2 -p1 -b .krb5 %patch3 -p1 -b .soversion %patch4 -p1 -b .enginesdir %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost -%patch21 -p1 -b .aliasing-bug %patch23 -p1 -b .default-paths +%patch24 -p1 -b .binutils %patch32 -p1 -b .ia64 %patch33 -p1 -b .ca-dir @@ -148,15 +138,9 @@ from other formats to the formats used by the OpenSSL toolkit. %patch47 -p1 -b .warning %patch48 -p1 -b .bad-mime %patch49 -p1 -b .algo-doc -%patch50 -p1 -b .curl -%patch51 -p1 -b .const -%patch52 -p1 -b .dss1 -%patch60 -p1 -b .namingstr -%patch61 -p1 -b .namingblk -%patch62 -p1 -b .cmll-rounds -%patch63 -p1 -b .dtls1-fix -%patch64 -p1 -b .ssl-session -%patch65 -p1 -b .ssl-free +%patch50 -p1 -b .dtls1-abi + +%patch60 -p1 -b .reneg # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -405,6 +389,12 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Thu Nov 12 2009 Tomas Mraz 1.0.0-0.11.beta4 +- update to new upstream version, no soname bump needed +- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used + so the compatibility with unfixed clients is not broken. The + protocol extension is also not final. + * Fri Oct 16 2009 Tomas Mraz 1.0.0-0.10.beta3 - fix use of freed memory if SSL_CTX_free() is called before SSL_free() (#521342) diff --git a/sources b/sources index ccd2532..8a2c648 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9926dcf78e797a12d8e3ffd7a018824b openssl-1.0.0-beta3-usa.tar.bz2 +1fc0e41c230d0698f834413dfba864ad openssl-1.0.0-beta4-usa.tar.bz2 From 5404b487381d109768cef3d6e1f61be95b17e010 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 13 Nov 2009 12:46:47 +0000 Subject: [PATCH 06/20] - keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check --- openssl.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index 0066aba..62d1c52 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.11.%{beta}%{?dist} +Release: 0.12.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -60,6 +60,7 @@ Patch47: openssl-0.9.8j-readme-warning.patch Patch48: openssl-0.9.8j-bad-mime.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch +Patch51: openssl-1.0.0-beta4-version.patch # Backported fixes including security fixes Patch60: openssl-1.0.0-beta4-reneg.patch @@ -139,6 +140,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch48 -p1 -b .bad-mime %patch49 -p1 -b .algo-doc %patch50 -p1 -b .dtls1-abi +%patch51 -p1 -b .version %patch60 -p1 -b .reneg @@ -389,6 +391,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Fri Nov 13 2009 Tomas Mraz 1.0.0-0.12.beta4 +- keep the beta status in version number at 3 so we do not have to rebuild + openssh and possibly other dependencies with too strict version check + * Thu Nov 12 2009 Tomas Mraz 1.0.0-0.11.beta4 - update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used From 6b512f341424880b8f8c54008207b646dbbe35e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 13 Nov 2009 13:22:59 +0000 Subject: [PATCH 07/20] - add missing patch --- openssl-1.0.0-beta4-version.patch | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 openssl-1.0.0-beta4-version.patch diff --git a/openssl-1.0.0-beta4-version.patch b/openssl-1.0.0-beta4-version.patch new file mode 100644 index 0000000..ab12be0 --- /dev/null +++ b/openssl-1.0.0-beta4-version.patch @@ -0,0 +1,14 @@ +We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist +on having the same beta status of OpenSSL library as they were built against. +diff -up openssl-1.0.0-beta4/crypto/opensslv.h.version openssl-1.0.0-beta4/crypto/opensslv.h +--- openssl-1.0.0-beta4/crypto/opensslv.h.version 2009-11-12 15:17:28.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/opensslv.h 2009-11-13 12:39:08.000000000 +0100 +@@ -25,7 +25,7 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x10000004L ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta4 10 Nov 2009" + #else From e88edba9c7892c051862775e5ccb323ad088b68d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Wed, 18 Nov 2009 14:03:10 +0000 Subject: [PATCH 08/20] - disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot --- openssl-1.0.0-beta4-backports.patch | 45 ++++++++++++++++++++++++++ openssl-1.0.0-beta4-client-reneg.patch | 35 ++++++++++++++++++++ openssl.spec | 11 ++++++- 3 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 openssl-1.0.0-beta4-backports.patch create mode 100644 openssl-1.0.0-beta4-client-reneg.patch diff --git a/openssl-1.0.0-beta4-backports.patch b/openssl-1.0.0-beta4-backports.patch new file mode 100644 index 0000000..ad4c7e4 --- /dev/null +++ b/openssl-1.0.0-beta4-backports.patch @@ -0,0 +1,45 @@ +diff -up openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c +--- openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports 2008-11-12 04:57:49.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c 2009-11-18 14:11:14.000000000 +0100 +@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PK + } + else ret= *a; + +- ret->save_type=type; +- ret->type=EVP_PKEY_type(type); +- switch (ret->type) ++ if (!EVP_PKEY_set_type(ret, type)) ++ { ++ ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB); ++ goto err; ++ } ++ ++ switch (EVP_PKEY_id(ret)) + { + #ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: +diff -up openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports openssl-1.0.0-beta4/crypto/evp/p_lib.c +--- openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports 2006-07-04 22:27:44.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/evp/p_lib.c 2009-11-18 14:11:26.000000000 +0100 +@@ -220,7 +220,10 @@ static int pkey_set_type(EVP_PKEY *pkey, + #ifndef OPENSSL_NO_ENGINE + /* If we have an ENGINE release it */ + if (pkey->engine) ++ { + ENGINE_finish(pkey->engine); ++ pkey->engine = NULL; ++ } + #endif + } + if (str) +diff -up openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports openssl-1.0.0-beta4/crypto/x509/x509_vfy.c +--- openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports 2009-10-31 20:21:47.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/x509/x509_vfy.c 2009-11-18 14:11:31.000000000 +0100 +@@ -1727,6 +1727,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, + offset= -offset; + } + atm.type=ctm->type; ++ atm.flags = 0; + atm.length=sizeof(buff2); + atm.data=(unsigned char *)buff2; + diff --git a/openssl-1.0.0-beta4-client-reneg.patch b/openssl-1.0.0-beta4-client-reneg.patch new file mode 100644 index 0000000..11b9ab7 --- /dev/null +++ b/openssl-1.0.0-beta4-client-reneg.patch @@ -0,0 +1,35 @@ +Do not enforce the renegotiation extension on the client - too many broken servers remain. +diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.client-reneg openssl-1.0.0-beta4/ssl/t1_lib.c +--- openssl-1.0.0-beta4/ssl/t1_lib.c.client-reneg 2009-11-12 15:17:29.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-18 14:04:19.000000000 +0100 +@@ -985,6 +985,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, + + if (data >= (d+n-2)) + { ++#if 0 + /* Because the client does not see any renegotiation during an + attack, we must enforce this on all server hellos, even the + first */ +@@ -994,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, + *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ + return 0; + } ++#endif + return 1; + } + +@@ -1126,12 +1128,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, + return 0; + } + ++#if 0 + if (!renegotiate_seen + && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ + return 0; + } ++#endif + + if (!s->hit && tlsext_servername == 1) + { diff --git a/openssl.spec b/openssl.spec index 62d1c52..8f1d2ba 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.12.%{beta}%{?dist} +Release: 0.13.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -63,6 +63,9 @@ Patch50: openssl-1.0.0-beta4-dtls1-abi.patch Patch51: openssl-1.0.0-beta4-version.patch # Backported fixes including security fixes Patch60: openssl-1.0.0-beta4-reneg.patch +# This one is not backported but has to be applied after reneg patch +Patch61: openssl-1.0.0-beta4-client-reneg.patch +Patch62: openssl-1.0.0-beta4-backports.patch License: OpenSSL Group: System Environment/Libraries @@ -143,6 +146,8 @@ from other formats to the formats used by the OpenSSL toolkit. %patch51 -p1 -b .version %patch60 -p1 -b .reneg +%patch61 -p1 -b .client-reneg +%patch62 -p1 -b .backports # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -391,6 +396,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Wed Nov 18 2009 Tomas Mraz 1.0.0-0.13.beta4 +- disable enforcement of the renegotiation extension on the client (#537962) +- add fixes from the current upstream snapshot + * Fri Nov 13 2009 Tomas Mraz 1.0.0-0.12.beta4 - keep the beta status in version number at 3 so we do not have to rebuild openssh and possibly other dependencies with too strict version check From 30ef066514df6f08b2b60921843a6ad6cb44f21c Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 26 Nov 2009 01:24:58 +0000 Subject: [PATCH 09/20] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c2eed84..f3167ab 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Makefile for source rpm: openssl -# $Id: Makefile,v 1.1 2004/09/09 09:35:04 cvsdist Exp $ +# $Id: Makefile,v 1.2 2007/10/15 19:12:21 notting Exp $ NAME := openssl SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From e8799f082e57d39aedbbca0c35fb322a455ffb83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 15 Dec 2009 18:12:29 +0000 Subject: [PATCH 10/20] - fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS --- openssl-1.0.0-beta4-dtls-ipv6.patch | 219 ++++++++++++++++++++++++++++ openssl-1.0.0-beta4-reneg-err.patch | 93 ++++++++++++ openssl.spec | 18 ++- 3 files changed, 328 insertions(+), 2 deletions(-) create mode 100644 openssl-1.0.0-beta4-dtls-ipv6.patch create mode 100644 openssl-1.0.0-beta4-reneg-err.patch diff --git a/openssl-1.0.0-beta4-dtls-ipv6.patch b/openssl-1.0.0-beta4-dtls-ipv6.patch new file mode 100644 index 0000000..1173f1a --- /dev/null +++ b/openssl-1.0.0-beta4-dtls-ipv6.patch @@ -0,0 +1,219 @@ +diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c +--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 2009-11-09 15:09:53.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2009-11-23 08:50:45.000000000 +0100 +@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr) + if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) + { + OPENSSL_assert(sa.len.s<=sizeof(sa.from)); +- sa.len.i = (unsigned int)sa.len.s; ++ sa.len.i = (int)sa.len.s; ++ /* use sa.len.i from this point */ + } + if (ret == INVALID_SOCKET) + { +diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c +--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2009-11-23 08:50:45.000000000 +0100 +@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp= + + typedef struct bio_dgram_data_st + { ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; + #if OPENSSL_USE_IPV6 +- struct sockaddr_storage peer; +-#else +- struct sockaddr_in peer; ++ struct sockaddr_in6 sa_in6; + #endif ++ } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; +@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out, + int ret=0; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + ++ struct { ++ /* ++ * See commentary in b_sock.c. ++ */ ++ union { size_t s; int i; } len; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; + #if OPENSSL_USE_IPV6 +- struct sockaddr_storage peer; +-#else +- struct sockaddr_in peer; ++ struct sockaddr_in6 sa_in6; + #endif +- int peerlen = sizeof(peer); ++ } peer; ++ } sa; ++ ++ sa.len.s=0; ++ sa.len.i=sizeof(sa.peer); + + if (out != NULL) + { + clear_socket_error(); +- memset(&peer, 0x00, peerlen); +- /* Last arg in recvfrom is signed on some platforms and +- * unsigned on others. It is of type socklen_t on some +- * but this is not universal. Cast to (void *) to avoid +- * compiler warnings. +- */ ++ memset(&sa.peer, 0x00, sizeof(sa.peer)); + dgram_adjust_rcv_timeout(b); +- ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen); ++ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len); ++ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) ++ { ++ OPENSSL_assert(sa.len.s<=sizeof(sa.peer)); ++ sa.len.i = (int)sa.len.s; ++ } + dgram_reset_rcv_timeout(b); + + if ( ! data->connected && ret >= 0) +- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); ++ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); + + BIO_clear_retry_flags(b); + if (ret < 0) +@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha + if ( data->connected ) + ret=writesocket(b->num,in,inl); + else +-#if OPENSSL_USE_IPV6 +- if (data->peer.ss_family == AF_INET) + #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); ++ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer)); + #else +- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); +-#endif +- else +-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6)); +-#else +- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6)); +-#endif +-#else +-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); +-#else +- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); +-#endif ++ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer)); + #endif + + BIO_clear_retry_flags(b); +@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd, + else + { + #endif ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage)); +-#else +- memcpy(&(data->peer),to, sizeof(struct sockaddr_in)); +-#endif ++ case AF_INET6: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); ++ break; ++#endif ++ default: ++ memcpy(&data->peer,to,sizeof(data->peer.sa)); ++ break; ++ } + #if 0 + } + #endif +@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd, + if ( to != NULL) + { + data->connected = 1; ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage)); +-#else +- memcpy(&(data->peer),to, sizeof(struct sockaddr_in)); +-#endif ++ case AF_INET6: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); ++ break; ++#endif ++ default: ++ memcpy(&data->peer,to,sizeof(data->peer.sa)); ++ break; ++ } + } + else + { + data->connected = 0; +-#if OPENSSL_USE_IPV6 +- memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage)); +-#else +- memset(&(data->peer), 0x00, sizeof(struct sockaddr_in)); +-#endif ++ memset(&(data->peer), 0x00, sizeof(data->peer)); + } + break; + case BIO_CTRL_DGRAM_GET_PEER: + to = (struct sockaddr *) ptr; +- ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in))); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(to, &(data->peer), sizeof(struct sockaddr_storage)); +- ret = sizeof(struct sockaddr_storage); +-#else +- memcpy(to, &(data->peer), sizeof(struct sockaddr_in)); +- ret = sizeof(struct sockaddr_in); +-#endif ++ case AF_INET6: ++ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6))); ++ break; ++#endif ++ default: ++ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa))); ++ break; ++ } + break; + case BIO_CTRL_DGRAM_SET_PEER: + to = (struct sockaddr *) ptr; +- ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(&(data->peer), to, sizeof(struct sockaddr_storage)); +-#else +- memcpy(&(data->peer), to, sizeof(struct sockaddr_in)); +-#endif ++ case AF_INET6: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); ++ break; ++#endif ++ default: ++ memcpy(&data->peer,to,sizeof(data->peer.sa)); ++ break; ++ } + break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); diff --git a/openssl-1.0.0-beta4-reneg-err.patch b/openssl-1.0.0-beta4-reneg-err.patch new file mode 100644 index 0000000..271dbe7 --- /dev/null +++ b/openssl-1.0.0-beta4-reneg-err.patch @@ -0,0 +1,93 @@ +Better error reporting for unsafe renegotiation. +diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err openssl-1.0.0-beta4/ssl/ssl_err.c +--- openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err 2009-11-09 19:45:42.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_err.c 2009-11-20 17:56:57.000000000 +0100 +@@ -226,7 +226,9 @@ static ERR_STRING_DATA SSL_str_functs[]= + {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, + {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, + {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, ++{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, ++{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, +@@ -526,6 +528,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, + {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, + {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, ++{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, + {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, + {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, + {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, +diff -up openssl-1.0.0-beta4/ssl/ssl.h.reneg-err openssl-1.0.0-beta4/ssl/ssl.h +--- openssl-1.0.0-beta4/ssl/ssl.h.reneg-err 2009-11-12 15:17:29.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl.h 2009-11-20 17:56:57.000000000 +0100 +@@ -1934,7 +1934,9 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 + #define SSL_F_SSL_NEW 186 + #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 ++#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 + #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 ++#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 + #define SSL_F_SSL_PEEK 270 + #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 + #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 +@@ -2231,6 +2233,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 + #define SSL_R_UNKNOWN_SSL_VERSION 254 + #define SSL_R_UNKNOWN_STATE 255 ++#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 + #define SSL_R_UNSUPPORTED_CIPHER 256 + #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 + #define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 +diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err openssl-1.0.0-beta4/ssl/s23_srvr.c +--- openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err 2009-11-12 15:17:29.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-20 17:57:23.000000000 +0100 +@@ -497,6 +497,11 @@ int ssl23_get_client_hello(SSL *s) + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + #else ++ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ++ goto err; ++ } + /* we are talking sslv2 */ + /* we need to clean up the SSLv3/TLSv1 setup and put in the + * sslv2 stuff. */ +diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err openssl-1.0.0-beta4/ssl/t1_lib.c +--- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err 2009-11-18 14:04:19.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-20 17:56:57.000000000 +0100 +@@ -636,6 +636,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, + { + /* We should always see one extension: the renegotiate extension */ + *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + return 1; +@@ -965,6 +966,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, + if (s->new_session && !renegotiate_seen + && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ + return 0; + } +@@ -993,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, + { + /* We should always see one extension: the renegotiate extension */ + *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + #endif +@@ -1133,6 +1136,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, + && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + return 0; + } + #endif diff --git a/openssl.spec b/openssl.spec index 8f1d2ba..2729e7e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.13.%{beta}%{?dist} +Release: 0.16.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-%{beta}-usa.tar.bz2 @@ -66,6 +66,8 @@ Patch60: openssl-1.0.0-beta4-reneg.patch # This one is not backported but has to be applied after reneg patch Patch61: openssl-1.0.0-beta4-client-reneg.patch Patch62: openssl-1.0.0-beta4-backports.patch +Patch63: openssl-1.0.0-beta4-reneg-err.patch +Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch License: OpenSSL Group: System Environment/Libraries @@ -148,6 +150,8 @@ from other formats to the formats used by the OpenSSL toolkit. %patch60 -p1 -b .reneg %patch61 -p1 -b .client-reneg %patch62 -p1 -b .backports +%patch63 -p1 -b .reneg-err +%patch64 -p1 -b .dtls-ipv6 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -181,7 +185,7 @@ sslarch=linux-alpha-gcc sslarch="linux-generic32 -DB_ENDIAN" %endif %ifarch s390x -sslarch="linux-generic64 -DB_ENDIAN" +sslarch="linux-s390x" %endif %ifarch %{arm} sh3 sh4 sslarch=linux-generic32 @@ -396,6 +400,16 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Mon Nov 23 2009 Tomas Mraz 1.0.0-0.16.beta4 +- fix non-fips mingw build (patch by Kalev Lember) +- add IPV6 fix for DTLS + +* Fri Nov 20 2009 Tomas Mraz 1.0.0-0.15.beta4 +- add better error reporting for the unsafe renegotiation + +* Fri Nov 20 2009 Tomas Mraz 1.0.0-0.14.beta4 +- fix build on s390x + * Wed Nov 18 2009 Tomas Mraz 1.0.0-0.13.beta4 - disable enforcement of the renegotiation extension on the client (#537962) - add fixes from the current upstream snapshot From 129cd80b24e9f5da4754172412f2f6c859e0f268 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Wed, 17 Feb 2010 02:17:55 +0000 Subject: [PATCH 11/20] Initialize branch F-13 for openssl --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..baa94ef --- /dev/null +++ b/branch @@ -0,0 +1 @@ +F-13 From f07ff38d38b800e030d61fbbb81895c9866304dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 30 Mar 2010 09:57:36 +0000 Subject: [PATCH 12/20] - update to final 1.0.0 upstream release --- .cvsignore | 2 +- openssl-1.0.0-beta5-cleanse.patch | 109 --- openssl-1.0.0-beta5-version.patch | 14 - ...ta5-fips.patch => openssl-1.0.0-fips.patch | 893 ++++++++---------- openssl-1.0.0-version.patch | 13 + openssl.spec | 17 +- sources | 2 +- 7 files changed, 439 insertions(+), 611 deletions(-) delete mode 100644 openssl-1.0.0-beta5-cleanse.patch delete mode 100644 openssl-1.0.0-beta5-version.patch rename openssl-1.0.0-beta5-fips.patch => openssl-1.0.0-fips.patch (89%) create mode 100644 openssl-1.0.0-version.patch diff --git a/.cvsignore b/.cvsignore index f133f6d..3930a9d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-beta5-usa.tar.bz2 +openssl-1.0.0-usa.tar.bz2 diff --git a/openssl-1.0.0-beta5-cleanse.patch b/openssl-1.0.0-beta5-cleanse.patch deleted file mode 100644 index 92f7446..0000000 --- a/openssl-1.0.0-beta5-cleanse.patch +++ /dev/null @@ -1,109 +0,0 @@ -Gracefully handle zero length in assembler implementations of OPENSSL_cleanse. -diff -up openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse openssl-1.0.0-beta5/crypto/ia64cpuid.S ---- openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse 2007-07-27 20:03:27.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/ia64cpuid.S 2010-02-12 18:13:52.000000000 +0100 -@@ -130,9 +130,11 @@ OPENSSL_wipe_cpu: - .global OPENSSL_cleanse# - .proc OPENSSL_cleanse# - OPENSSL_cleanse: -+{ .mib; cmp.eq p6,p0=0,r33 // len==0 - #if defined(_HPUX_SOURCE) && !defined(_LP64) --{ .mmi; addp4 r32=0,r32 };; -+ addp4 r32=0,r32 - #endif -+(p6) br.ret.spnt b0 };; - { .mib; and r2=7,r32 - cmp.leu p6,p0=15,r33 // len>=15 - (p6) br.cond.dptk .Lot };; -diff -up openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl ---- openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse 2008-01-13 23:01:29.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -101,6 +101,13 @@ my $bnelr = sub { - " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : - " bclr $bo,2"; - }; -+my $beqlr = sub { -+ my $f = shift; -+ my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint -+ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints -+ " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : -+ " bclr $bo,2"; -+}; - # GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two - # arguments is 64, with "operand out of range" error. - my $extrdi = sub { -diff -up openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse openssl-1.0.0-beta5/crypto/ppccpuid.pl ---- openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse 2008-09-12 16:45:53.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/ppccpuid.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -67,6 +67,8 @@ Loop: lwarx r5,0,r3 - $CMPLI r4,7 - li r0,0 - bge Lot -+ $CMPLI r4,0 -+ beqlr- - Little: mtctr r4 - stb r0,0(r3) - addi r3,r3,1 -diff -up openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse openssl-1.0.0-beta5/crypto/sparccpuid.S ---- openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse 2007-05-19 19:26:48.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/sparccpuid.S 2010-02-12 18:13:52.000000000 +0100 -@@ -242,6 +242,10 @@ OPENSSL_cleanse: - #else - bgu .Lot - #endif -+ cmp %o1,0 -+ bne .Little -+ nop -+ retl - nop - - .Little: -diff -up openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse openssl-1.0.0-beta5/crypto/s390xcpuid.S ---- openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse 2010-01-19 22:40:56.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/s390xcpuid.S 2010-02-12 18:13:52.000000000 +0100 -@@ -62,6 +62,8 @@ OPENSSL_cleanse: - lghi %r0,0 - clgr %r3,%r4 - jh .Lot -+ clgr %r3,%r0 -+ bcr 8,%r14 - .Little: - stc %r0,0(%r2) - la %r2,1(%r2) -diff -up openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86cpuid.pl ---- openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/x86cpuid.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -279,11 +279,14 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 - &xor ("eax","eax"); - &cmp ("ecx",7); - &jae (&label("lot")); -+ &cmp ("ecx",0); -+ &je (&label("ret")); - &set_label("little"); - &mov (&BP(0,"edx"),"al"); - &sub ("ecx",1); - &lea ("edx",&DWP(1,"edx")); - &jnz (&label("little")); -+&set_label("ret"); - &ret (); - - &set_label("lot",16); -diff -up openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86_64cpuid.pl ---- openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/x86_64cpuid.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -145,12 +145,14 @@ OPENSSL_cleanse: - xor %rax,%rax - cmp \$15,$arg2 - jae .Lot -+ cmp \$0,$arg2 -+ je .Lret - .Little: - mov %al,($arg1) - sub \$1,$arg2 - lea 1($arg1),$arg1 - jnz .Little -- ret -+.Lret: ret - .align 16 - .Lot: - test \$7,$arg1 diff --git a/openssl-1.0.0-beta5-version.patch b/openssl-1.0.0-beta5-version.patch deleted file mode 100644 index cf3bcf6..0000000 --- a/openssl-1.0.0-beta5-version.patch +++ /dev/null @@ -1,14 +0,0 @@ -We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist -on having the same beta status of OpenSSL library as they were built against. -diff -up openssl-1.0.0-beta5/crypto/opensslv.h.version openssl-1.0.0-beta5/crypto/opensslv.h ---- openssl-1.0.0-beta5/crypto/opensslv.h.version 2010-01-20 18:16:43.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/opensslv.h 2010-01-20 20:20:23.000000000 +0100 -@@ -25,7 +25,7 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x10000005L -+#define OPENSSL_VERSION_NUMBER 0x10000003L - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta5 20 Jan 2010" - #else diff --git a/openssl-1.0.0-beta5-fips.patch b/openssl-1.0.0-fips.patch similarity index 89% rename from openssl-1.0.0-beta5-fips.patch rename to openssl-1.0.0-fips.patch index 0a57f67..e5b6de7 100644 --- a/openssl-1.0.0-beta5-fips.patch +++ b/openssl-1.0.0-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta5/Configure.fips openssl-1.0.0-beta5/Configure ---- openssl-1.0.0-beta5/Configure.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/Configure 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure +--- openssl-1.0.0/Configure.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/Configure 2010-03-30 10:33:46.000000000 +0200 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0-beta5/Configure.fips openssl-1.0.0-beta5/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0-beta5/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta5/crypto/bf/bf_skey.c ---- openssl-1.0.0-beta5/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bf/bf_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c +--- openssl-1.0.0/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0/crypto/bf/bf_skey.c 2010-03-30 10:33:46.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0-beta5/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta5/crypto { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0-beta5/crypto/bf/blowfish.h.fips openssl-1.0.0-beta5/crypto/bf/blowfish.h ---- openssl-1.0.0-beta5/crypto/bf/blowfish.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bf/blowfish.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h +--- openssl-1.0.0/crypto/bf/blowfish.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/bf/blowfish.h 2010-03-30 10:33:46.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0-beta5/crypto/bf/blowfish.h.fips openssl-1.0.0-beta5/crypt void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0-beta5/crypto/bn/bn.h.fips openssl-1.0.0-beta5/crypto/bn/bn.h ---- openssl-1.0.0-beta5/crypto/bn/bn.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bn/bn.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h +--- openssl-1.0.0/crypto/bn/bn.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/bn/bn.h 2010-03-30 10:33:46.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0-beta5/crypto/bn/bn.h.fips openssl-1.0.0-beta5/crypto/bn/b BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up openssl-1.0.0-beta5/crypto/bn/bn_x931p.c.fips openssl-1.0.0-beta5/crypto/bn/bn_x931p.c ---- openssl-1.0.0-beta5/crypto/bn/bn_x931p.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bn/bn_x931p.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c +--- openssl-1.0.0/crypto/bn/bn_x931p.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/bn/bn_x931p.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up openssl-1.0.0-beta5/crypto/bn/bn_x931p.c.fips openssl-1.0.0-beta5/crypt + + } + -diff -up openssl-1.0.0-beta5/crypto/bn/Makefile.fips openssl-1.0.0-beta5/crypto/bn/Makefile ---- openssl-1.0.0-beta5/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bn/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile +--- openssl-1.0.0/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0/crypto/bn/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0-beta5/crypto/bn/Makefile.fips openssl-1.0.0-beta5/crypto/ SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl 2010-03-30 10:33:46.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0- } @SBOX=( -diff -up openssl-1.0.0-beta5/crypto/camellia/camellia.h.fips openssl-1.0.0-beta5/crypto/camellia/camellia.h ---- openssl-1.0.0-beta5/crypto/camellia/camellia.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/camellia.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h +--- openssl-1.0.0/crypto/camellia/camellia.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/camellia.h 2010-03-30 10:33:46.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/camellia.h.fips openssl-1.0.0-beta5 int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/cmll_fblk.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c ---- openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c +--- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0/crypto/camellia/cmll_misc.c 2010-03-30 10:33:46.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta { if(!userKey || !key) return -1; -diff -up openssl-1.0.0-beta5/crypto/camellia/Makefile.fips openssl-1.0.0-beta5/crypto/camellia/Makefile ---- openssl-1.0.0-beta5/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile +--- openssl-1.0.0/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0/crypto/camellia/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/Makefile.fips openssl-1.0.0-beta5/c SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta5/crypto/cast/cast.h.fips openssl-1.0.0-beta5/crypto/cast/cast.h ---- openssl-1.0.0-beta5/crypto/cast/cast.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/cast/cast.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h +--- openssl-1.0.0/crypto/cast/cast.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/cast/cast.h 2010-03-30 10:33:46.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0-beta5/crypto/cast/cast.h.fips openssl-1.0.0-beta5/crypto/ void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0-beta5/crypto/cast/c_skey.c.fips openssl-1.0.0-beta5/crypto/cast/c_skey.c ---- openssl-1.0.0-beta5/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/cast/c_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c +--- openssl-1.0.0/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0/crypto/cast/c_skey.c 2010-03-30 10:33:46.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -586,13 +586,14 @@ diff -up openssl-1.0.0-beta5/crypto/cast/c_skey.c.fips openssl-1.0.0-beta5/crypt { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0-beta5/crypto/crypto.h.fips openssl-1.0.0-beta5/crypto/crypto.h ---- openssl-1.0.0-beta5/crypto/crypto.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/crypto.h 2010-02-16 22:58:31.000000000 +0100 -@@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin - unsigned long *OPENSSL_ia32cap_loc(void); +diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h +--- openssl-1.0.0/crypto/crypto.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/crypto.h 2010-03-30 10:36:06.000000000 +0200 +@@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); ++ +#ifdef OPENSSL_FIPS +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ + alg " previous FIPS forbidden algorithm error ignored"); @@ -659,9 +660,9 @@ diff -up openssl-1.0.0-beta5/crypto/crypto.h.fips openssl-1.0.0-beta5/crypto/cry /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0-beta5/crypto/dh/dh_err.c.fips openssl-1.0.0-beta5/crypto/dh/dh_err.c ---- openssl-1.0.0-beta5/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dh/dh_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c +--- openssl-1.0.0/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0/crypto/dh/dh_err.c 2010-03-30 10:33:46.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -679,9 +680,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh_err.c.fips openssl-1.0.0-beta5/crypto/ {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0-beta5/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta5/crypto/dh/dh_gen.c ---- openssl-1.0.0-beta5/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dh/dh_gen.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c +--- openssl-1.0.0/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh_gen.c 2010-03-30 10:33:46.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -714,9 +715,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta5/crypto/ ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0-beta5/crypto/dh/dh.h.fips openssl-1.0.0-beta5/crypto/dh/dh.h ---- openssl-1.0.0-beta5/crypto/dh/dh.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dh/dh.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h +--- openssl-1.0.0/crypto/dh/dh.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh.h 2010-03-30 10:33:46.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -743,9 +744,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh.h.fips openssl-1.0.0-beta5/crypto/dh/d #ifdef __cplusplus } -diff -up openssl-1.0.0-beta5/crypto/dh/dh_key.c.fips openssl-1.0.0-beta5/crypto/dh/dh_key.c ---- openssl-1.0.0-beta5/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dh/dh_key.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c +--- openssl-1.0.0/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh_key.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -795,9 +796,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh_key.c.fips openssl-1.0.0-beta5/crypto/ dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c ---- openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c +--- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0/crypto/dsa/dsa_gen.c 2010-03-30 10:33:46.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -833,9 +834,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta5/crypt if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa.h.fips openssl-1.0.0-beta5/crypto/dsa/dsa.h ---- openssl-1.0.0-beta5/crypto/dsa/dsa.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h +--- openssl-1.0.0/crypto/dsa/dsa.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa.h 2010-03-30 10:33:46.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -892,9 +893,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa.h.fips openssl-1.0.0-beta5/crypto/ds #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta5/crypto/dsa/dsa_key.c ---- openssl-1.0.0-beta5/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa_key.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c +--- openssl-1.0.0/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa_key.c 2010-03-30 10:33:46.000000000 +0200 @@ -63,9 +63,55 @@ #include #include @@ -982,9 +983,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta5/crypt ok=1; err: -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa_ossl.c 2010-03-30 10:33:46.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1056,9 +1057,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta5/cryp dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta5/crypto/err/err_all.c.fips openssl-1.0.0-beta5/crypto/err/err_all.c ---- openssl-1.0.0-beta5/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/err/err_all.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c +--- openssl-1.0.0/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0/crypto/err/err_all.c 2010-03-30 10:33:46.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1079,9 +1080,9 @@ diff -up openssl-1.0.0-beta5/crypto/err/err_all.c.fips openssl-1.0.0-beta5/crypt #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto/evp/digest.c ---- openssl-1.0.0-beta5/crypto/evp/digest.c.fips 2009-12-09 16:02:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/digest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c +--- openssl-1.0.0/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/digest.c 2010-03-30 10:33:46.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1141,7 +1142,7 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -196,6 +238,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -197,6 +239,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c #endif if (ctx->digest != type) { @@ -1160,7 +1161,7 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; -@@ -229,6 +283,9 @@ skip_to_init: +@@ -230,6 +284,9 @@ skip_to_init: int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { @@ -1170,7 +1171,7 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto return ctx->update(ctx,data,count); } -@@ -245,6 +302,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns +@@ -246,6 +303,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; @@ -1180,9 +1181,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0-beta5/crypto/evp/e_aes.c.fips openssl-1.0.0-beta5/crypto/evp/e_aes.c ---- openssl-1.0.0-beta5/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_aes.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c +--- openssl-1.0.0/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_aes.c 2010-03-30 10:33:46.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1235,9 +1236,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_aes.c.fips openssl-1.0.0-beta5/crypto/ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0-beta5/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta5/crypto/evp/e_camellia.c ---- openssl-1.0.0-beta5/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/e_camellia.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c +--- openssl-1.0.0/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/e_camellia.c 2010-03-30 10:33:46.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1247,9 +1248,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta5/cr IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0-beta5/crypto/evp/e_des3.c.fips openssl-1.0.0-beta5/crypto/evp/e_des3.c ---- openssl-1.0.0-beta5/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_des3.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c +--- openssl-1.0.0/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_des3.c 2010-03-30 10:33:46.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1294,9 +1295,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_des3.c.fips openssl-1.0.0-beta5/crypto des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0-beta5/crypto/evp/e_null.c.fips openssl-1.0.0-beta5/crypto/evp/e_null.c ---- openssl-1.0.0-beta5/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_null.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c +--- openssl-1.0.0/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_null.c 2010-03-30 10:33:46.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1306,9 +1307,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_null.c.fips openssl-1.0.0-beta5/crypto null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0-beta5/crypto/evp/e_rc4.c.fips openssl-1.0.0-beta5/crypto/evp/e_rc4.c ---- openssl-1.0.0-beta5/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_rc4.c 2010-02-16 23:47:04.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c +--- openssl-1.0.0/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_rc4.c 2010-03-30 10:33:46.000000000 +0200 @@ -64,6 +64,7 @@ #include #include @@ -1317,9 +1318,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_rc4.c.fips openssl-1.0.0-beta5/crypto/ /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -diff -up openssl-1.0.0-beta5/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta5/crypto/evp/evp_enc.c ---- openssl-1.0.0-beta5/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_enc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c +--- openssl-1.0.0/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_enc.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1412,10 +1413,10 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta5/crypt if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0-beta5/crypto/evp/evp_err.c.fips openssl-1.0.0-beta5/crypto/evp/evp_err.c ---- openssl-1.0.0-beta5/crypto/evp/evp_err.c.fips 2009-12-17 16:28:44.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_err.c 2010-02-16 22:58:31.000000000 +0100 -@@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c +--- openssl-1.0.0/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_err.c 2010-03-30 10:33:46.000000000 +0200 +@@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, @@ -1423,9 +1424,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_err.c.fips openssl-1.0.0-beta5/crypt {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0-beta5/crypto/evp/evp.h.fips openssl-1.0.0-beta5/crypto/evp/evp.h ---- openssl-1.0.0-beta5/crypto/evp/evp.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h +--- openssl-1.0.0/crypto/evp/evp.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/evp.h 2010-03-30 10:40:12.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1468,33 +1469,26 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp.h.fips openssl-1.0.0-beta5/crypto/ev #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ -@@ -330,6 +336,14 @@ struct evp_cipher_st +@@ -330,12 +336,16 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 +-/* cipher has its own additional copying logic */ +-#define EVP_CIPH_CUSTOM_COPY 0x400 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x400 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 -+/* Allow use default ASN1 get/set iv */ -+#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 -+/* Buffer length in bits not bytes: CFB1 mode only */ -+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 + /* Allow use default ASN1 get/set iv */ + #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 + /* Buffer length in bits not bytes: CFB1 mode only */ + #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 ++/* cipher has its own additional copying logic */ ++#define EVP_CIPH_CUSTOM_COPY 0x4000 /* ctrl() values */ -@@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key,unsigned char *iv); - -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); -+ - int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); - int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void); +@@ -1239,6 +1249,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_DIFFERENT_PARAMETERS 153 @@ -1502,9 +1496,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp.h.fips openssl-1.0.0-beta5/crypto/ev #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0-beta5/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta5/crypto/evp/evp_lib.c ---- openssl-1.0.0-beta5/crypto/evp/evp_lib.c.fips 2009-12-25 15:12:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c +--- openssl-1.0.0/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_lib.c 2010-03-30 10:33:46.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1533,42 +1527,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta5/crypt return ctx->cipher->do_cipher(ctx,out,in,inl); } -@@ -295,3 +302,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_C - { - return (ctx->flags & flags); - } -+ -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -+ { -+ ctx->flags |= flags; -+ } -+ -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -+ { -+ ctx->flags &= ~flags; -+ } -+ -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -+ { -+ return (ctx->flags & flags); -+ } -diff -up openssl-1.0.0-beta5/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta5/crypto/evp/evp_locl.h ---- openssl-1.0.0-beta5/crypto/evp/evp_locl.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_locl.h 2010-02-16 23:44:44.000000000 +0100 -@@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER - static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ - {\ - size_t chunk=EVP_MAXCHUNK;\ -- if (cbits==1) chunk>>=3;\ -+ if (cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) chunk>>=3;\ - if (inl=chunk)\ - {\ -- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ -+ cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ +diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h +--- openssl-1.0.0/crypto/evp/evp_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/evp_locl.h 2010-03-30 10:33:46.000000000 +0200 @@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1607,9 +1568,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta5/cryp struct evp_pkey_ctx_st { -diff -up openssl-1.0.0-beta5/crypto/evp/m_dss.c.fips openssl-1.0.0-beta5/crypto/evp/m_dss.c ---- openssl-1.0.0-beta5/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_dss.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c +--- openssl-1.0.0/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_dss.c 2010-03-30 10:33:46.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1619,9 +1580,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_dss.c.fips openssl-1.0.0-beta5/crypto/ init, update, final, -diff -up openssl-1.0.0-beta5/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta5/crypto/evp/m_dss1.c ---- openssl-1.0.0-beta5/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_dss1.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c +--- openssl-1.0.0/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_dss1.c 2010-03-30 10:33:46.000000000 +0200 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1631,20 +1592,20 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta5/crypto init, update, final, -diff -up openssl-1.0.0-beta5/crypto/evp/m_mdc2.c.fips openssl-1.0.0-beta5/crypto/evp/m_mdc2.c ---- openssl-1.0.0-beta5/crypto/evp/m_mdc2.c.fips 2004-05-15 13:29:48.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_mdc2.c 2010-02-16 23:48:44.000000000 +0100 -@@ -66,6 +66,7 @@ - #include - #include +diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c +--- openssl-1.0.0/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_mdc2.c 2010-03-30 10:57:02.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA #include + #endif +#include "evp_locl.h" static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_md2.c.fips openssl-1.0.0-beta5/crypto/evp/m_md2.c ---- openssl-1.0.0-beta5/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_md2.c 2010-02-16 23:47:52.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c +--- openssl-1.0.0/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md2.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1653,9 +1614,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_md2.c.fips openssl-1.0.0-beta5/crypto/ static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_md4.c.fips openssl-1.0.0-beta5/crypto/evp/m_md4.c ---- openssl-1.0.0-beta5/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_md4.c 2010-02-16 23:48:07.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c +--- openssl-1.0.0/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md4.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1664,9 +1625,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_md4.c.fips openssl-1.0.0-beta5/crypto/ static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_md5.c.fips openssl-1.0.0-beta5/crypto/evp/m_md5.c ---- openssl-1.0.0-beta5/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_md5.c 2010-02-16 23:48:24.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c +--- openssl-1.0.0/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md5.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1675,9 +1636,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_md5.c.fips openssl-1.0.0-beta5/crypto/ static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_ripemd.c.fips openssl-1.0.0-beta5/crypto/evp/m_ripemd.c ---- openssl-1.0.0-beta5/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_ripemd.c 2010-02-16 23:49:03.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c +--- openssl-1.0.0/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_ripemd.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1686,9 +1647,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_ripemd.c.fips openssl-1.0.0-beta5/cryp static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta5/crypto/evp/m_sha1.c ---- openssl-1.0.0-beta5/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/m_sha1.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c +--- openssl-1.0.0/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_sha1.c 2010-03-30 10:33:46.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1739,9 +1700,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta5/crypto init512, update512, final512, -diff -up openssl-1.0.0-beta5/crypto/evp/m_wp.c.fips openssl-1.0.0-beta5/crypto/evp/m_wp.c ---- openssl-1.0.0-beta5/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/m_wp.c 2010-02-16 23:49:22.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c +--- openssl-1.0.0/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_wp.c 2010-03-30 10:33:46.000000000 +0200 @@ -9,6 +9,7 @@ #include #include @@ -1750,9 +1711,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_wp.c.fips openssl-1.0.0-beta5/crypto/e static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/names.c.fips openssl-1.0.0-beta5/crypto/evp/names.c ---- openssl-1.0.0-beta5/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/names.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c +--- openssl-1.0.0/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/names.c 2010-03-30 10:33:46.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1775,9 +1736,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/names.c.fips openssl-1.0.0-beta5/crypto/ name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0-beta5/crypto/evp/p_sign.c.fips openssl-1.0.0-beta5/crypto/evp/p_sign.c ---- openssl-1.0.0-beta5/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/p_sign.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c +--- openssl-1.0.0/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/p_sign.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1809,9 +1770,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/p_sign.c.fips openssl-1.0.0-beta5/crypto if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0-beta5/crypto/evp/p_verify.c.fips openssl-1.0.0-beta5/crypto/evp/p_verify.c ---- openssl-1.0.0-beta5/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/p_verify.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c +--- openssl-1.0.0/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/p_verify.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1843,9 +1804,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/p_verify.c.fips openssl-1.0.0-beta5/cryp i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2786,9 +2747,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0-b + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3492,9 +3453,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0- + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -4033,9 +3994,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0-be + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4267,9 +4228,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0-be + return 0; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4661,9 +4622,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0 + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5035,9 +4996,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0 + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5416,9 +5377,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0 + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5808,9 +5769,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0- + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6155,9 +6116,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0-beta +#endif + } + -diff -up openssl-1.0.0-beta5/crypto/fips_err.c.fips openssl-1.0.0-beta5/crypto/fips_err.c ---- openssl-1.0.0-beta5/crypto/fips_err.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c +--- openssl-1.0.0/crypto/fips_err.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_err.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -6166,9 +6127,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips_err.c.fips openssl-1.0.0-beta5/crypto/f +#else +static void *dummy=&dummy; +#endif -diff -up openssl-1.0.0-beta5/crypto/fips_err.h.fips openssl-1.0.0-beta5/crypto/fips_err.h ---- openssl-1.0.0-beta5/crypto/fips_err.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips_err.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h +--- openssl-1.0.0/crypto/fips_err.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_err.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6307,9 +6268,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips_err.h.fips openssl-1.0.0-beta5/crypto/f + } +#endif + } -diff -up openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6414,9 +6375,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0- + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips.c.fips openssl-1.0.0-beta5/crypto/fips/fips.c ---- openssl-1.0.0-beta5/crypto/fips/fips.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c +--- openssl-1.0.0/crypto/fips/fips.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6837,9 +6798,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips.c.fips openssl-1.0.0-beta5/crypto/ + + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_des_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6980,9 +6941,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0- + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7170,9 +7131,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0- + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips.h.fips openssl-1.0.0-beta5/crypto/fips/fips.h ---- openssl-1.0.0-beta5/crypto/fips/fips.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h +--- openssl-1.0.0/crypto/fips/fips.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7337,9 +7298,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips.h.fips openssl-1.0.0-beta5/crypto/ +} +#endif +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7478,9 +7439,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0 + return 1; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rand.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rand.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rand.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c +--- openssl-1.0.0/crypto/fips/fips_rand.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7894,9 +7855,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.c.fips openssl-1.0.0-beta5/cr +} + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.h.fips openssl-1.0.0-beta5/crypto/fips/fips_rand.h ---- openssl-1.0.0-beta5/crypto/fips/fips_rand.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rand.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h +--- openssl-1.0.0/crypto/fips/fips_rand.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7975,9 +7936,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.h.fips openssl-1.0.0-beta5/cr +#endif +#endif +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8352,9 +8313,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0 + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_randtest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_randtest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_randtest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_randtest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c +--- openssl-1.0.0/crypto/fips/fips_randtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_randtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8604,9 +8565,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_randtest.c.fips openssl-1.0.0-beta + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9049,9 +9010,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0- + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9334,9 +9295,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0-bet + return 0; + + } -diff -up openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9437,9 +9398,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0 + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c ---- openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9614,9 +9575,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0 + } + + -diff -up openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c.fips openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c ---- openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c +--- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_test_suite.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10206,9 +10167,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c.fips openssl-1.0.0-be + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips_locl.h.fips openssl-1.0.0-beta5/crypto/fips_locl.h ---- openssl-1.0.0-beta5/crypto/fips_locl.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips_locl.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h +--- openssl-1.0.0/crypto/fips_locl.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_locl.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10282,9 +10243,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips_locl.h.fips openssl-1.0.0-beta5/crypto/ +} +#endif +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/Makefile.fips openssl-1.0.0-beta5/crypto/fips/Makefile ---- openssl-1.0.0-beta5/crypto/fips/Makefile.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile +--- openssl-1.0.0/crypto/fips/Makefile.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10367,9 +10328,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/Makefile.fips openssl-1.0.0-beta5/crypt + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0-beta5/crypto/hmac/hmac.c.fips openssl-1.0.0-beta5/crypto/hmac/hmac.c ---- openssl-1.0.0-beta5/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/hmac/hmac.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c +--- openssl-1.0.0/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 ++++ openssl-1.0.0/crypto/hmac/hmac.c 2010-03-30 10:33:46.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10384,31 +10345,9 @@ diff -up openssl-1.0.0-beta5/crypto/hmac/hmac.c.fips openssl-1.0.0-beta5/crypto/ reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -@@ -209,3 +216,10 @@ unsigned char *HMAC(const EVP_MD *evp_md - return NULL; - } - -+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) -+ { -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); -+ } -+ -diff -up openssl-1.0.0-beta5/crypto/hmac/hmac.h.fips openssl-1.0.0-beta5/crypto/hmac/hmac.h ---- openssl-1.0.0-beta5/crypto/hmac/hmac.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/hmac/hmac.h 2010-02-16 22:58:31.000000000 +0100 -@@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md - unsigned int *md_len); - int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); - -+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); - - #ifdef __cplusplus - } -diff -up openssl-1.0.0-beta5/crypto/Makefile.fips openssl-1.0.0-beta5/crypto/Makefile ---- openssl-1.0.0-beta5/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile +--- openssl-1.0.0/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0/crypto/Makefile 2010-03-30 10:34:41.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10427,9 +10366,9 @@ diff -up openssl-1.0.0-beta5/crypto/Makefile.fips openssl-1.0.0-beta5/crypto/Mak ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10451,9 +10390,9 @@ diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta5/cry { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta5/crypto/mdc2/mdc2.h ---- openssl-1.0.0-beta5/crypto/mdc2/mdc2.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/mdc2/mdc2.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h +--- openssl-1.0.0/crypto/mdc2/mdc2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/mdc2/mdc2.h 2010-03-30 10:34:41.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10465,9 +10404,9 @@ diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta5/crypto/ int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta5/crypto/md2/md2_dgst.c ---- openssl-1.0.0-beta5/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/md2/md2_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c +--- openssl-1.0.0/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0/crypto/md2/md2_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -62,6 +62,11 @@ #include #include @@ -10489,9 +10428,9 @@ diff -up openssl-1.0.0-beta5/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta5/cryp { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0-beta5/crypto/md2/md2.h.fips openssl-1.0.0-beta5/crypto/md2/md2.h ---- openssl-1.0.0-beta5/crypto/md2/md2.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md2/md2.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h +--- openssl-1.0.0/crypto/md2/md2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md2/md2.h 2010-03-30 10:34:41.000000000 +0200 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10502,9 +10441,9 @@ diff -up openssl-1.0.0-beta5/crypto/md2/md2.h.fips openssl-1.0.0-beta5/crypto/md int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta5/crypto/md4/md4_dgst.c ---- openssl-1.0.0-beta5/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md4/md4_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c +--- openssl-1.0.0/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0/crypto/md4/md4_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10526,9 +10465,9 @@ diff -up openssl-1.0.0-beta5/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta5/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta5/crypto/md4/md4.h.fips openssl-1.0.0-beta5/crypto/md4/md4.h ---- openssl-1.0.0-beta5/crypto/md4/md4.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md4/md4.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h +--- openssl-1.0.0/crypto/md4/md4.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md4/md4.h 2010-03-30 10:34:41.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10539,9 +10478,9 @@ diff -up openssl-1.0.0-beta5/crypto/md4/md4.h.fips openssl-1.0.0-beta5/crypto/md int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta5/crypto/md5/md5_dgst.c ---- openssl-1.0.0-beta5/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md5/md5_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c +--- openssl-1.0.0/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0/crypto/md5/md5_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10563,9 +10502,9 @@ diff -up openssl-1.0.0-beta5/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta5/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta5/crypto/md5/md5.h.fips openssl-1.0.0-beta5/crypto/md5/md5.h ---- openssl-1.0.0-beta5/crypto/md5/md5.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md5/md5.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h +--- openssl-1.0.0/crypto/md5/md5.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md5/md5.h 2010-03-30 10:34:41.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10576,9 +10515,9 @@ diff -up openssl-1.0.0-beta5/crypto/md5/md5.h.fips openssl-1.0.0-beta5/crypto/md int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/mem.c.fips openssl-1.0.0-beta5/crypto/mem.c ---- openssl-1.0.0-beta5/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/mem.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c +--- openssl-1.0.0/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0/crypto/mem.c 2010-03-30 10:34:41.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10588,9 +10527,9 @@ diff -up openssl-1.0.0-beta5/crypto/mem.c.fips openssl-1.0.0-beta5/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up openssl-1.0.0-beta5/crypto/o_init.c.fips openssl-1.0.0-beta5/crypto/o_init.c ---- openssl-1.0.0-beta5/crypto/o_init.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/o_init.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c +--- openssl-1.0.0/crypto/o_init.c.fips 2010-03-30 10:34:41.000000000 +0200 ++++ openssl-1.0.0/crypto/o_init.c 2010-03-30 10:34:41.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10672,9 +10611,9 @@ diff -up openssl-1.0.0-beta5/crypto/o_init.c.fips openssl-1.0.0-beta5/crypto/o_i + } + + -diff -up openssl-1.0.0-beta5/crypto/opensslconf.h.in.fips openssl-1.0.0-beta5/crypto/opensslconf.h.in ---- openssl-1.0.0-beta5/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/opensslconf.h.in 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in +--- openssl-1.0.0/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0/crypto/opensslconf.h.in 2010-03-30 10:34:41.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10696,9 +10635,9 @@ diff -up openssl-1.0.0-beta5/crypto/opensslconf.h.in.fips openssl-1.0.0-beta5/cr /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0/crypto/pkcs12/p12_crt.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10725,9 +10664,9 @@ diff -up openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta5/cr if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0-beta5/crypto/rand/md_rand.c.fips openssl-1.0.0-beta5/crypto/rand/md_rand.c ---- openssl-1.0.0-beta5/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/md_rand.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c +--- openssl-1.0.0/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/md_rand.c 2010-03-30 10:34:41.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10754,9 +10693,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/md_rand.c.fips openssl-1.0.0-beta5/cryp #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0-beta5/crypto/rand/rand_err.c.fips openssl-1.0.0-beta5/crypto/rand/rand_err.c ---- openssl-1.0.0-beta5/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/rand_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c +--- openssl-1.0.0/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/rand_err.c 2010-03-30 10:34:41.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10789,9 +10728,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/rand_err.c.fips openssl-1.0.0-beta5/cry {0,NULL} }; -diff -up openssl-1.0.0-beta5/crypto/rand/rand.h.fips openssl-1.0.0-beta5/crypto/rand/rand.h ---- openssl-1.0.0-beta5/crypto/rand/rand.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/rand.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h +--- openssl-1.0.0/crypto/rand/rand.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rand/rand.h 2010-03-30 10:34:41.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10821,9 +10760,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/rand.h.fips openssl-1.0.0-beta5/crypto/ #ifdef __cplusplus } -diff -up openssl-1.0.0-beta5/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta5/crypto/rand/rand_lib.c ---- openssl-1.0.0-beta5/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/rand_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c +--- openssl-1.0.0/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/rand_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10857,9 +10796,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta5/cry return default_RAND_meth; } -diff -up openssl-1.0.0-beta5/crypto/rc2/rc2.h.fips openssl-1.0.0-beta5/crypto/rc2/rc2.h ---- openssl-1.0.0-beta5/crypto/rc2/rc2.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc2/rc2.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h +--- openssl-1.0.0/crypto/rc2/rc2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rc2/rc2.h 2010-03-30 10:34:41.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10871,9 +10810,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc2/rc2.h.fips openssl-1.0.0-beta5/crypto/rc void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c ---- openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c +--- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0/crypto/rc2/rc2_skey.c 2010-03-30 10:34:41.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10907,9 +10846,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta5/cryp int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl 2010-03-30 10:34:41.000000000 +0200 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10917,9 +10856,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl 2010-03-30 10:34:41.000000000 +0200 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10929,9 +10868,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet print $code; close STDOUT; -diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl 2010-03-30 10:34:41.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10955,9 +10894,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta5/ # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0-beta5/crypto/rc4/Makefile.fips openssl-1.0.0-beta5/crypto/rc4/Makefile ---- openssl-1.0.0-beta5/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile +--- openssl-1.0.0/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/Makefile 2010-03-30 10:34:41.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10969,9 +10908,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/Makefile.fips openssl-1.0.0-beta5/crypto SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c ---- openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips 2010-03-30 10:34:41.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/rc4_fblk.c 2010-03-30 10:34:41.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11048,9 +10987,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0-beta5/cryp + } +#endif + -diff -up openssl-1.0.0-beta5/crypto/rc4/rc4.h.fips openssl-1.0.0-beta5/crypto/rc4/rc4.h ---- openssl-1.0.0-beta5/crypto/rc4/rc4.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/rc4.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h +--- openssl-1.0.0/crypto/rc4/rc4.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/rc4.h 2010-03-30 10:34:41.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -11061,9 +11000,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/rc4.h.fips openssl-1.0.0-beta5/crypto/rc void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c ---- openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c +--- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/rc4_skey.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11101,9 +11040,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta5/cryp unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0-beta5/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta5/crypto/ripemd/ripemd.h ---- openssl-1.0.0-beta5/crypto/ripemd/ripemd.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/ripemd/ripemd.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h +--- openssl-1.0.0/crypto/ripemd/ripemd.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/ripemd/ripemd.h 2010-03-30 10:34:41.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11114,9 +11053,9 @@ diff -up openssl-1.0.0-beta5/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta5/cry int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11138,9 +11077,9 @@ diff -up openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta5/c { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c +--- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_eay.c 2010-03-30 10:34:41.000000000 +0200 @@ -114,6 +114,10 @@ #include #include @@ -11401,9 +11340,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta5/crypt rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_err.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c +--- openssl-1.0.0/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0/crypto/rsa/rsa_err.c 2010-03-30 10:34:41.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11430,9 +11369,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta5/crypt {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c +--- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_gen.c 2010-03-30 10:34:41.000000000 +0200 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11558,9 +11497,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta5/crypt ok=1; err: if (ok == -1) -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa.h.fips openssl-1.0.0-beta5/crypto/rsa/rsa.h ---- openssl-1.0.0-beta5/crypto/rsa/rsa.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h +--- openssl-1.0.0/crypto/rsa/rsa.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa.h 2010-03-30 10:34:41.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11630,9 +11569,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa.h.fips openssl-1.0.0-beta5/crypto/rs #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c +--- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0/crypto/rsa/rsa_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11708,9 +11647,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta5/crypt return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c +--- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_sign.c 2010-03-30 10:34:41.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11742,9 +11681,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta5/cryp if (i <= 0) goto err; -diff -up openssl-1.0.0-beta5/crypto/seed/seed.c.fips openssl-1.0.0-beta5/crypto/seed/seed.c ---- openssl-1.0.0-beta5/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/seed/seed.c 2010-02-16 23:43:46.000000000 +0100 +diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c +--- openssl-1.0.0/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0/crypto/seed/seed.c 2010-03-30 10:34:41.000000000 +0200 @@ -34,6 +34,9 @@ #include @@ -11774,9 +11713,9 @@ diff -up openssl-1.0.0-beta5/crypto/seed/seed.c.fips openssl-1.0.0-beta5/crypto/ { seed_word x1, x2, x3, x4; seed_word t0, t1; -diff -up openssl-1.0.0-beta5/crypto/seed/seed.h.fips openssl-1.0.0-beta5/crypto/seed/seed.h ---- openssl-1.0.0-beta5/crypto/seed/seed.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/seed/seed.h 2010-02-16 23:35:57.000000000 +0100 +diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h +--- openssl-1.0.0/crypto/seed/seed.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/seed/seed.h 2010-03-30 10:34:41.000000000 +0200 @@ -117,6 +117,9 @@ typedef struct seed_key_st { } SEED_KEY_SCHEDULE; @@ -11787,9 +11726,9 @@ diff -up openssl-1.0.0-beta5/crypto/seed/seed.h.fips openssl-1.0.0-beta5/crypto/ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); -diff -up openssl-1.0.0-beta5/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta5/crypto/sha/sha_dgst.c ---- openssl-1.0.0-beta5/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c +--- openssl-1.0.0/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -57,6 +57,12 @@ */ @@ -11803,9 +11742,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta5/cryp #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0-beta5/crypto/sha/sha.h.fips openssl-1.0.0-beta5/crypto/sha/sha.h ---- openssl-1.0.0-beta5/crypto/sha/sha.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h +--- openssl-1.0.0/crypto/sha/sha.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/sha/sha.h 2010-03-30 10:34:41.000000000 +0200 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11816,9 +11755,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha.h.fips openssl-1.0.0-beta5/crypto/sh int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta5/crypto/sha/sha_locl.h ---- openssl-1.0.0-beta5/crypto/sha/sha_locl.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha_locl.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h +--- openssl-1.0.0/crypto/sha/sha_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/sha/sha_locl.h 2010-03-30 10:34:41.000000000 +0200 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11835,9 +11774,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta5/cryp memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0-beta5/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta5/crypto/sha/sha1dgst.c ---- openssl-1.0.0-beta5/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha1dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c +--- openssl-1.0.0/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha1dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11849,9 +11788,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta5/cryp const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0-beta5/crypto/sha/sha256.c.fips openssl-1.0.0-beta5/crypto/sha/sha256.c ---- openssl-1.0.0-beta5/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha256.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c +--- openssl-1.0.0/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha256.c 2010-03-30 10:34:41.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11882,9 +11821,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha256.c.fips openssl-1.0.0-beta5/crypto memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0-beta5/crypto/sha/sha512.c.fips openssl-1.0.0-beta5/crypto/sha/sha512.c ---- openssl-1.0.0-beta5/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha512.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c +--- openssl-1.0.0/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha512.c 2010-03-30 10:34:41.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11916,9 +11855,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha512.c.fips openssl-1.0.0-beta5/crypto #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -diff -up openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h ---- openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h.fips 2010-02-16 23:41:05.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h 2010-02-16 23:40:39.000000000 +0100 +diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/whrlpool/whrlpool.h 2010-03-30 10:34:41.000000000 +0200 @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; @@ -11929,9 +11868,9 @@ diff -up openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0-beta5 int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -diff -up openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c 2010-02-16 23:42:49.000000000 +0100 +diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -53,8 +53,12 @@ #include "wp_locl.h" @@ -11946,9 +11885,9 @@ diff -up openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0-beta5/ { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.0-beta5/Makefile.org.fips openssl-1.0.0-beta5/Makefile.org ---- openssl-1.0.0-beta5/Makefile.org.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/Makefile.org 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org +--- openssl-1.0.0/Makefile.org.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/Makefile.org 2010-03-30 10:34:41.000000000 +0200 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11976,9 +11915,9 @@ diff -up openssl-1.0.0-beta5/Makefile.org.fips openssl-1.0.0-beta5/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0-beta5/ssl/ssl_ciph.c.fips openssl-1.0.0-beta5/ssl/ssl_ciph.c ---- openssl-1.0.0-beta5/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0-beta5/ssl/ssl_ciph.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c +--- openssl-1.0.0/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0/ssl/ssl_ciph.c 2010-03-30 10:34:41.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -12001,9 +11940,9 @@ diff -up openssl-1.0.0-beta5/ssl/ssl_ciph.c.fips openssl-1.0.0-beta5/ssl/ssl_cip { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0-beta5/ssl/ssl_lib.c.fips openssl-1.0.0-beta5/ssl/ssl_lib.c ---- openssl-1.0.0-beta5/ssl/ssl_lib.c.fips 2010-01-07 20:05:03.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/ssl_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c +--- openssl-1.0.0/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 ++++ openssl-1.0.0/ssl/ssl_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -12019,10 +11958,10 @@ diff -up openssl-1.0.0-beta5/ssl/ssl_lib.c.fips openssl-1.0.0-beta5/ssl/ssl_lib. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest.c ---- openssl-1.0.0-beta5/ssl/ssltest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/ssltest.c 2010-02-16 22:58:31.000000000 +0100 -@@ -266,6 +266,9 @@ static void sv_usage(void) +diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c +--- openssl-1.0.0/ssl/ssltest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/ssl/ssltest.c 2010-03-30 10:34:41.000000000 +0200 +@@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); @@ -12032,7 +11971,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); -@@ -485,6 +488,9 @@ int main(int argc, char *argv[]) +@@ -487,6 +490,9 @@ int main(int argc, char *argv[]) #endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; @@ -12042,7 +11981,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. verbose = 0; debug = 0; -@@ -516,7 +522,16 @@ int main(int argc, char *argv[]) +@@ -518,7 +524,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { @@ -12060,7 +11999,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; -@@ -712,6 +727,20 @@ bad: +@@ -714,6 +729,20 @@ bad: EXIT(1); } @@ -12081,7 +12020,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. if (print_time) { if (!bio_pair) -@@ -2154,12 +2183,12 @@ static int MS_CALLBACK app_verify_callba +@@ -2156,12 +2185,12 @@ static int MS_CALLBACK app_verify_callba } #ifndef OPENSSL_NO_X509_VERIFY @@ -12096,10 +12035,10 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0-beta5/ssl/s23_clnt.c.fips openssl-1.0.0-beta5/ssl/s23_clnt.c ---- openssl-1.0.0-beta5/ssl/s23_clnt.c.fips 2009-11-18 15:45:32.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s23_clnt.c 2010-02-16 22:58:31.000000000 +0100 -@@ -337,6 +337,14 @@ static int ssl23_client_hello(SSL *s) +diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c +--- openssl-1.0.0/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0/ssl/s23_clnt.c 2010-03-30 10:34:41.000000000 +0200 +@@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } @@ -12114,7 +12053,7 @@ diff -up openssl-1.0.0-beta5/ssl/s23_clnt.c.fips openssl-1.0.0-beta5/ssl/s23_cln else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; -@@ -620,6 +628,14 @@ static int ssl23_get_server_hello(SSL *s +@@ -617,6 +625,14 @@ static int ssl23_get_server_hello(SSL *s if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -12129,9 +12068,9 @@ diff -up openssl-1.0.0-beta5/ssl/s23_clnt.c.fips openssl-1.0.0-beta5/ssl/s23_cln s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0-beta5/ssl/s23_srvr.c.fips openssl-1.0.0-beta5/ssl/s23_srvr.c ---- openssl-1.0.0-beta5/ssl/s23_srvr.c.fips 2010-01-13 20:08:29.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s23_srvr.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c +--- openssl-1.0.0/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0/ssl/s23_srvr.c 2010-03-30 10:34:41.000000000 +0200 @@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12148,9 +12087,9 @@ diff -up openssl-1.0.0-beta5/ssl/s23_srvr.c.fips openssl-1.0.0-beta5/ssl/s23_srv if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0-beta5/ssl/s3_clnt.c.fips openssl-1.0.0-beta5/ssl/s3_clnt.c ---- openssl-1.0.0-beta5/ssl/s3_clnt.c.fips 2010-01-05 17:46:39.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s3_clnt.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c +--- openssl-1.0.0/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 ++++ openssl-1.0.0/ssl/s3_clnt.c 2010-03-30 10:34:41.000000000 +0200 @@ -156,6 +156,10 @@ #include #include @@ -12162,7 +12101,7 @@ diff -up openssl-1.0.0-beta5/ssl/s3_clnt.c.fips openssl-1.0.0-beta5/ssl/s3_clnt. #ifndef OPENSSL_NO_DH #include #endif -@@ -1548,6 +1552,8 @@ int ssl3_get_key_exchange(SSL *s) +@@ -1546,6 +1550,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { @@ -12171,9 +12110,9 @@ diff -up openssl-1.0.0-beta5/ssl/s3_clnt.c.fips openssl-1.0.0-beta5/ssl/s3_clnt. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta5/ssl/s3_enc.c.fips openssl-1.0.0-beta5/ssl/s3_enc.c ---- openssl-1.0.0-beta5/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0-beta5/ssl/s3_enc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c +--- openssl-1.0.0/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0/ssl/s3_enc.c 2010-03-30 10:34:41.000000000 +0200 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12199,10 +12138,10 @@ diff -up openssl-1.0.0-beta5/ssl/s3_enc.c.fips openssl-1.0.0-beta5/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0-beta5/ssl/s3_srvr.c.fips openssl-1.0.0-beta5/ssl/s3_srvr.c ---- openssl-1.0.0-beta5/ssl/s3_srvr.c.fips 2010-01-01 15:39:51.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s3_srvr.c 2010-02-16 22:58:31.000000000 +0100 -@@ -1732,6 +1732,8 @@ int ssl3_send_server_key_exchange(SSL *s +diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c +--- openssl-1.0.0/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 ++++ openssl-1.0.0/ssl/s3_srvr.c 2010-03-30 10:34:41.000000000 +0200 +@@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) { @@ -12211,9 +12150,9 @@ diff -up openssl-1.0.0-beta5/ssl/s3_srvr.c.fips openssl-1.0.0-beta5/ssl/s3_srvr. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta5/ssl/t1_enc.c.fips openssl-1.0.0-beta5/ssl/t1_enc.c ---- openssl-1.0.0-beta5/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0-beta5/ssl/t1_enc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c +--- openssl-1.0.0/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 ++++ openssl-1.0.0/ssl/t1_enc.c 2010-03-30 10:34:41.000000000 +0200 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md HMAC_CTX_init(&ctx); diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch new file mode 100644 index 0000000..adaea6a --- /dev/null +++ b/openssl-1.0.0-version.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h +--- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200 ++++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200 +@@ -25,7 +25,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x1000000fL ++/* we have to keep the version number to not break the abi */ ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" + #else diff --git a/openssl.spec b/openssl.spec index b2a780f..e946180 100644 --- a/openssl.spec +++ b/openssl.spec @@ -11,8 +11,6 @@ # 1.0.0 soversion = 10 %define soversion 10 -%define beta beta5 - # Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -23,10 +21,10 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.22.%{beta}%{?dist} +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. -Source: openssl-%{version}-%{beta}-usa.tar.bz2 +Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert @@ -51,7 +49,7 @@ Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch Patch39: openssl-1.0.0-beta5-ipv6-apps.patch -Patch40: openssl-1.0.0-beta5-fips.patch +Patch40: openssl-1.0.0-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch @@ -59,10 +57,9 @@ Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0-beta5-version.patch +Patch51: openssl-1.0.0-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch # Backported fixes including security fixes -Patch53: openssl-1.0.0-beta5-cleanse.patch License: OpenSSL Group: System Environment/Libraries @@ -112,7 +109,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version}-%{beta} +%setup -q -n %{name}-%{version} %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat @@ -141,7 +138,6 @@ from other formats to the formats used by the OpenSSL toolkit. %patch50 -p1 -b .dtls1-abi %patch51 -p1 -b .version %patch52 -p1 -b .aesni -%patch53 -p1 -b .cleanse # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -387,6 +383,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Tue Mar 30 2010 Tomas Mraz 1.0.0-1 +- update to final 1.0.0 upstream release + * Tue Feb 16 2010 Tomas Mraz 1.0.0-0.22.beta5 - make TLS work in the FIPS mode diff --git a/sources b/sources index acb119b..dadae2c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -531160d84017cb52e3c23b52cca0d5cf openssl-1.0.0-beta5-usa.tar.bz2 +f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2 From b825afeee6863006d7325a6226aafd4fc7d5ac99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 30 Mar 2010 11:48:30 +0000 Subject: [PATCH 13/20] - update to final 1.0.0 upstream release --- .cvsignore | 2 +- openssl-1.0.0-beta4-aesni.patch | 2388 +++++++++++++++++ openssl-1.0.0-beta4-backports.patch | 45 - openssl-1.0.0-beta4-binutils.patch | 56 - openssl-1.0.0-beta4-client-reneg.patch | 35 - openssl-1.0.0-beta4-dtls-ipv6.patch | 219 -- openssl-1.0.0-beta4-redhat.patch | 2 +- openssl-1.0.0-beta4-reneg-err.patch | 93 - openssl-1.0.0-beta4-reneg.patch | 237 -- openssl-1.0.0-beta4-version.patch | 14 - ...=> openssl-1.0.0-beta5-cipher-change.patch | 14 +- ...ch => openssl-1.0.0-beta5-enginesdir.patch | 24 +- ...tch => openssl-1.0.0-beta5-ipv6-apps.patch | 105 +- ...> openssl-1.0.0-beta5-readme-warning.patch | 22 +- ...ta4-fips.patch => openssl-1.0.0-fips.patch | 1071 ++++---- openssl-1.0.0-version.patch | 13 + openssl.spec | 82 +- sources | 2 +- 18 files changed, 3119 insertions(+), 1305 deletions(-) create mode 100644 openssl-1.0.0-beta4-aesni.patch delete mode 100644 openssl-1.0.0-beta4-backports.patch delete mode 100644 openssl-1.0.0-beta4-binutils.patch delete mode 100644 openssl-1.0.0-beta4-client-reneg.patch delete mode 100644 openssl-1.0.0-beta4-dtls-ipv6.patch delete mode 100644 openssl-1.0.0-beta4-reneg-err.patch delete mode 100644 openssl-1.0.0-beta4-reneg.patch delete mode 100644 openssl-1.0.0-beta4-version.patch rename openssl-1.0.0-beta3-cipher-change.patch => openssl-1.0.0-beta5-cipher-change.patch (61%) rename openssl-1.0.0-beta4-enginesdir.patch => openssl-1.0.0-beta5-enginesdir.patch (63%) rename openssl-1.0.0-beta3-ipv6-apps.patch => openssl-1.0.0-beta5-ipv6-apps.patch (86%) rename openssl-0.9.8j-readme-warning.patch => openssl-1.0.0-beta5-readme-warning.patch (55%) rename openssl-1.0.0-beta4-fips.patch => openssl-1.0.0-fips.patch (89%) create mode 100644 openssl-1.0.0-version.patch diff --git a/.cvsignore b/.cvsignore index 3819647..3930a9d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-beta4-usa.tar.bz2 +openssl-1.0.0-usa.tar.bz2 diff --git a/openssl-1.0.0-beta4-aesni.patch b/openssl-1.0.0-beta4-aesni.patch new file mode 100644 index 0000000..f57918b --- /dev/null +++ b/openssl-1.0.0-beta4-aesni.patch @@ -0,0 +1,2388 @@ +diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure +--- openssl-1.0.0-beta4/Configure.aesni 2010-01-07 23:38:31.000000000 +0100 ++++ openssl-1.0.0-beta4/Configure 2010-01-12 22:18:06.000000000 +0100 +@@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket"; + my $bits1="THIRTY_TWO_BIT "; + my $bits2="SIXTY_FOUR_BIT "; + +-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o"; ++my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o"; + + my $x86_elf_asm="$x86_asm:elf"; + +-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; ++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; + my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void"; + my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void"; + my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void"; +@@ -491,7 +491,7 @@ my %table=( + # + # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 + "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", +-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", ++"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", + # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement + # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' + "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/) + if ($aes_obj =~ /\.o$/) + { + $cflags.=" -DAES_ASM"; ++ $aes_obj =~ s/\s*aesni\-x86\.o// if ($no_sse2); + } + else { + $aes_obj=$aes_enc; +diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl +--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni 2010-01-12 22:18:06.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl 2010-01-12 22:18:06.000000000 +0100 +@@ -0,0 +1,765 @@ ++#!/usr/bin/env perl ++ ++# ==================================================================== ++# Written by Andy Polyakov for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++# ++# This module implements support for Intel AES-NI extension. In ++# OpenSSL context it's used with Intel engine, but can also be used as ++# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for ++# details]. ++ ++$PREFIX="aesni"; # if $PREFIX is set to "AES", the script ++ # generates drop-in replacement for ++ # crypto/aes/asm/aes-586.pl:-) ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++push(@INC,"${dir}","${dir}../../perlasm"); ++require "x86asm.pl"; ++ ++&asm_init($ARGV[0],$0); ++ ++$movekey = eval($RREFIX eq "aseni" ? "*movaps" : "*movups"); ++ ++$len="eax"; ++$rounds="ecx"; ++$key="edx"; ++$inp="esi"; ++$out="edi"; ++$rounds_="ebx"; # backup copy for $rounds ++$key_="ebp"; # backup copy for $key ++ ++$inout0="xmm0"; ++$inout1="xmm1"; ++$inout2="xmm2"; ++$rndkey0="xmm3"; ++$rndkey1="xmm4"; ++$ivec="xmm5"; ++$in0="xmm6"; ++$in1="xmm7"; $inout3="xmm7"; ++ ++# Inline version of internal aesni_[en|de]crypt1 ++sub aesni_inline_generate1 ++{ my $p=shift; ++ ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ &lea ($key,&DWP(32,$key)); ++ &pxor ($inout0,$rndkey0); ++ &set_label("${p}1_loop"); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &dec ($rounds); ++ &$movekey ($rndkey1,&QWP(0,$key)); ++ &lea ($key,&DWP(16,$key)); ++ &jnz (&label("${p}1_loop")); ++ eval"&aes${p}last ($inout0,$rndkey1)"; ++} ++ ++sub aesni_generate1 # fully unrolled loop ++{ my $p=shift; ++ ++ &function_begin_B("_aesni_${p}rypt1"); ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &$movekey ($rndkey1,&QWP(0x10,$key)); ++ &cmp ($rounds,11); ++ &pxor ($inout0,$rndkey0); ++ &$movekey ($rndkey0,&QWP(0x20,$key)); ++ &lea ($key,&DWP(0x30,$key)); ++ &jb (&label("${p}128")); ++ &lea ($key,&DWP(0x20,$key)); ++ &je (&label("${p}192")); ++ &lea ($key,&DWP(0x20,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(-0x40,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(-0x30,$key)); ++ &set_label("${p}192"); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(-0x20,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(-0x10,$key)); ++ &set_label("${p}128"); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x10,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0x20,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x30,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0x40,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x50,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0x60,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x70,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ eval"&aes${p}last ($inout0,$rndkey0)"; ++ &ret(); ++ &function_end_B("_aesni_${p}rypt1"); ++} ++ ++# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key); ++# &aesni_generate1("dec"); ++&function_begin_B("${PREFIX}_encrypt"); ++ &mov ("eax",&wparam(0)); ++ &mov ($key,&wparam(2)); ++ &movups ($inout0,&QWP(0,"eax")); ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ("eax",&wparam(1)); ++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1"); ++ &movups (&QWP(0,"eax"),$inout0); ++ &ret (); ++&function_end_B("${PREFIX}_encrypt"); ++ ++# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key); ++# &aesni_generate1("dec"); ++&function_begin_B("${PREFIX}_decrypt"); ++ &mov ("eax",&wparam(0)); ++ &mov ($key,&wparam(2)); ++ &movups ($inout0,&QWP(0,"eax")); ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ("eax",&wparam(1)); ++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt1"); ++ &movups (&QWP(0,"eax"),$inout0); ++ &ret (); ++&function_end_B("${PREFIX}_decrypt"); ++ ++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave ++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec] ++# latency is 6, it turned out that it can be scheduled only every ++# *second* cycle. Thus 3x interleave is the one providing optimal ++# utilization, i.e. when subroutine's throughput is virtually same as ++# of non-interleaved subroutine [for number of input blocks up to 3]. ++# This is why it makes no sense to implement 2x subroutine. As soon ++# as/if Intel improves throughput by making it possible to schedule ++# the instructions in question *every* cycles I would have to ++# implement 6x interleave and use it in loop... ++sub aesni_generate3 ++{ my $p=shift; ++ ++ &function_begin_B("_aesni_${p}rypt3"); ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &shr ($rounds,1); ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ &lea ($key,&DWP(32,$key)); ++ &pxor ($inout0,$rndkey0); ++ &pxor ($inout1,$rndkey0); ++ &pxor ($inout2,$rndkey0); ++ &jmp (&label("${p}3_loop")); ++ &set_label("${p}3_loop",16); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ &dec ($rounds); ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &lea ($key,&DWP(32,$key)); ++ eval"&aes${p} ($inout1,$rndkey0)"; ++ eval"&aes${p} ($inout2,$rndkey0)"; ++ &jnz (&label("${p}3_loop")); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ eval"&aes${p}last ($inout0,$rndkey0)"; ++ eval"&aes${p}last ($inout1,$rndkey0)"; ++ eval"&aes${p}last ($inout2,$rndkey0)"; ++ &ret(); ++ &function_end_B("_aesni_${p}rypt3"); ++} ++ ++# 4x interleave is implemented to improve small block performance, ++# most notably [and naturally] 4 block by ~30%. One can argue that one ++# should have implemented 5x as well, but improvement would be <20%, ++# so it's not worth it... ++sub aesni_generate4 ++{ my $p=shift; ++ ++ &function_begin_B("_aesni_${p}rypt4"); ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ &shr ($rounds,1); ++ &lea ($key,&DWP(32,$key)); ++ &pxor ($inout0,$rndkey0); ++ &pxor ($inout1,$rndkey0); ++ &pxor ($inout2,$rndkey0); ++ &pxor ($inout3,$rndkey0); ++ &jmp (&label("${p}3_loop")); ++ &set_label("${p}3_loop",16); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ &dec ($rounds); ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ eval"&aes${p} ($inout3,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &lea ($key,&DWP(32,$key)); ++ eval"&aes${p} ($inout1,$rndkey0)"; ++ eval"&aes${p} ($inout2,$rndkey0)"; ++ eval"&aes${p} ($inout3,$rndkey0)"; ++ &jnz (&label("${p}3_loop")); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ eval"&aes${p} ($inout3,$rndkey1)"; ++ eval"&aes${p}last ($inout0,$rndkey0)"; ++ eval"&aes${p}last ($inout1,$rndkey0)"; ++ eval"&aes${p}last ($inout2,$rndkey0)"; ++ eval"&aes${p}last ($inout3,$rndkey0)"; ++ &ret(); ++ &function_end_B("_aesni_${p}rypt4"); ++} ++&aesni_generate3("enc") if ($PREFIX eq "aesni"); ++&aesni_generate3("dec"); ++&aesni_generate4("enc") if ($PREFIX eq "aesni"); ++&aesni_generate4("dec"); ++ ++if ($PREFIX eq "aesni") { ++# void aesni_ecb_encrypt (const void *in, void *out, ++# size_t length, const AES_KEY *key, ++# int enc); ++&function_begin("aesni_ecb_encrypt"); ++ &mov ($inp,&wparam(0)); ++ &mov ($out,&wparam(1)); ++ &mov ($len,&wparam(2)); ++ &mov ($key,&wparam(3)); ++ &mov ($rounds,&wparam(4)); ++ &cmp ($len,16); ++ &jb (&label("ecb_ret")); ++ &and ($len,-16); ++ &test ($rounds,$rounds) ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ($key_,$key); # backup $key ++ &mov ($rounds_,$rounds); # backup $rounds ++ &jz (&label("ecb_decrypt")); ++ ++ &sub ($len,0x40); ++ &jbe (&label("ecb_enc_tail")); ++ &jmp (&label("ecb_enc_loop3")); ++ ++&set_label("ecb_enc_loop3",16); ++ &movups ($inout0,&QWP(0,$inp)); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &call ("_aesni_encrypt3"); ++ &sub ($len,0x30); ++ &lea ($inp,&DWP(0x30,$inp)); ++ &lea ($out,&DWP(0x30,$out)); ++ &movups (&QWP(-0x30,$out),$inout0); ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-0x20,$out),$inout1); ++ &mov ($rounds,$rounds_); # restore $rounds ++ &movups (&QWP(-0x10,$out),$inout2); ++ &ja (&label("ecb_enc_loop3")); ++ ++&set_label("ecb_enc_tail"); ++ &add ($len,0x40); ++ &jz (&label("ecb_ret")); ++ ++ &cmp ($len,0x10); ++ &movups ($inout0,&QWP(0,$inp)); ++ &je (&label("ecb_enc_one")); ++ &cmp ($len,0x20); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &je (&label("ecb_enc_two")); ++ &cmp ($len,0x30); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &je (&label("ecb_enc_three")); ++ &movups ($inout3,&QWP(0x30,$inp)); ++ &call ("_aesni_encrypt4"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &movups (&QWP(0x30,$out),$inout3); ++ jmp (&label("ecb_ret")); ++ ++&set_label("ecb_enc_one",16); ++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1"); ++ &movups (&QWP(0,$out),$inout0); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_enc_two",16); ++ &call ("_aesni_encrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_enc_three",16); ++ &call ("_aesni_encrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_decrypt",16); ++ &sub ($len,0x40); ++ &jbe (&label("ecb_dec_tail")); ++ &jmp (&label("ecb_dec_loop3")); ++ ++&set_label("ecb_dec_loop3",16); ++ &movups ($inout0,&QWP(0,$inp)); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &call ("_aesni_decrypt3"); ++ &sub ($len,0x30); ++ &lea ($inp,&DWP(0x30,$inp)); ++ &lea ($out,&DWP(0x30,$out)); ++ &movups (&QWP(-0x30,$out),$inout0); ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-0x20,$out),$inout1); ++ &mov ($rounds,$rounds_); # restore $rounds ++ &movups (&QWP(-0x10,$out),$inout2); ++ &ja (&label("ecb_dec_loop3")); ++ ++&set_label("ecb_dec_tail"); ++ &add ($len,0x40); ++ &jz (&label("ecb_ret")); ++ ++ &cmp ($len,0x10); ++ &movups ($inout0,&QWP(0,$inp)); ++ &je (&label("ecb_dec_one")); ++ &cmp ($len,0x20); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &je (&label("ecb_dec_two")); ++ &cmp ($len,0x30); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &je (&label("ecb_dec_three")); ++ &movups ($inout3,&QWP(0x30,$inp)); ++ &call ("_aesni_decrypt4"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &movups (&QWP(0x30,$out),$inout3); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_dec_one",16); ++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_dec_two",16); ++ &call ("_aesni_decrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_dec_three",16); ++ &call ("_aesni_decrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ ++&set_label("ecb_ret"); ++&function_end("aesni_ecb_encrypt"); ++} ++ ++# void $PREFIX_cbc_encrypt (const void *inp, void *out, ++# size_t length, const AES_KEY *key, ++# unsigned char *ivp,const int enc); ++&function_begin("${PREFIX}_cbc_encrypt"); ++ &mov ($inp,&wparam(0)); ++ &mov ($out,&wparam(1)); ++ &mov ($len,&wparam(2)); ++ &mov ($key,&wparam(3)); ++ &test ($len,$len); ++ &mov ($key_,&wparam(4)); ++ &jz (&label("cbc_ret")); ++ ++ &cmp (&wparam(5),0); ++ &movups ($ivec,&QWP(0,$key_)); # load IV ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ($key_,$key); # backup $key ++ &mov ($rounds_,$rounds); # backup $rounds ++ &je (&label("cbc_decrypt")); ++ ++ &movaps ($inout0,$ivec); ++ &cmp ($len,16); ++ &jb (&label("cbc_enc_tail")); ++ &sub ($len,16); ++ &jmp (&label("cbc_enc_loop")); ++ ++&set_label("cbc_enc_loop",16); ++ &movups ($ivec,&QWP(0,$inp)); ++ &lea ($inp,&DWP(16,$inp)); ++ &pxor ($inout0,$ivec); ++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt3"); ++ &sub ($len,16); ++ &lea ($out,&DWP(16,$out)); ++ &mov ($rounds,$rounds_); # restore $rounds ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-16,$out),$inout0); ++ &jnc (&label("cbc_enc_loop")); ++ &add ($len,16); ++ &jnz (&label("cbc_enc_tail")); ++ &movaps ($ivec,$inout0); ++ &jmp (&label("cbc_ret")); ++ ++&set_label("cbc_enc_tail"); ++ &mov ("ecx",$len); # zaps $rounds ++ &data_word(0xA4F3F689); # rep movsb ++ &mov ("ecx",16); # zero tail ++ &sub ("ecx",$len); ++ &xor ("eax","eax"); # zaps $len ++ &data_word(0xAAF3F689); # rep stosb ++ &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block ++ &mov ($rounds,$rounds_); # restore $rounds ++ &mov ($inp,$out); # $inp and $out are the same ++ &mov ($key,$key_); # restore $key ++ &jmp (&label("cbc_enc_loop")); ++ ++&set_label("cbc_decrypt",16); ++ &sub ($len,0x40); ++ &jbe (&label("cbc_dec_tail")); ++ &jmp (&label("cbc_dec_loop3")); ++ ++&set_label("cbc_dec_loop3",16); ++ &movups ($inout0,&QWP(0,$inp)); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &movaps ($in0,$inout0); ++ &movaps ($in1,$inout1); ++ &call ("_aesni_decrypt3"); ++ &sub ($len,0x30); ++ &lea ($inp,&DWP(0x30,$inp)); ++ &lea ($out,&DWP(0x30,$out)); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &movups ($ivec,&QWP(-0x10,$inp)); ++ &pxor ($inout2,$in1); ++ &movups (&QWP(-0x30,$out),$inout0); ++ &mov ($rounds,$rounds_) # restore $rounds ++ &movups (&QWP(-0x20,$out),$inout1); ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-0x10,$out),$inout2); ++ &ja (&label("cbc_dec_loop3")); ++ ++&set_label("cbc_dec_tail"); ++ &add ($len,0x40); ++ &jz (&label("cbc_ret")); ++ ++ &movups ($inout0,&QWP(0,$inp)); ++ &cmp ($len,0x10); ++ &movaps ($in0,$inout0); ++ &jbe (&label("cbc_dec_one")); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &cmp ($len,0x20); ++ &movaps ($in1,$inout1); ++ &jbe (&label("cbc_dec_two")); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &cmp ($len,0x30); ++ &jbe (&label("cbc_dec_three")); ++ &movups ($inout3,&QWP(0x30,$inp)); ++ &call ("_aesni_decrypt4"); ++ &movups ($rndkey0,&QWP(0x10,$inp)); ++ &movups ($rndkey1,&QWP(0x20,$inp)); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &movups ($ivec,&QWP(0x30,$inp)); ++ &movups (&QWP(0,$out),$inout0); ++ &pxor ($inout2,$rndkey0); ++ &pxor ($inout3,$rndkey1); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &movaps ($inout0,$inout3); ++ &lea ($out,&DWP(0x30,$out)); ++ &jmp (&label("cbc_dec_tail_collected")); ++ ++&set_label("cbc_dec_one"); ++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3"); ++ &pxor ($inout0,$ivec); ++ &movaps ($ivec,$in0); ++ &jmp (&label("cbc_dec_tail_collected")); ++ ++&set_label("cbc_dec_two"); ++ &call ("_aesni_decrypt3"); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &movups (&QWP(0,$out),$inout0); ++ &movaps ($inout0,$inout1); ++ &movaps ($ivec,$in1); ++ &lea ($out,&DWP(0x10,$out)); ++ &jmp (&label("cbc_dec_tail_collected")); ++ ++&set_label("cbc_dec_three"); ++ &call ("_aesni_decrypt3"); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &pxor ($inout2,$in1); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movaps ($inout0,$inout2); ++ &movups ($ivec,&QWP(0x20,$inp)); ++ &lea ($out,&DWP(0x20,$out)); ++ ++&set_label("cbc_dec_tail_collected"); ++ &and ($len,15); ++ &jnz (&label("cbc_dec_tail_partial")); ++ &movups (&QWP(0,$out),$inout0); ++ &jmp (&label("cbc_ret")); ++ ++&set_label("cbc_dec_tail_partial"); ++ &mov ($key_,"esp"); ++ &sub ("esp",16); ++ &and ("esp",-16); ++ &movaps (&QWP(0,"esp"),$inout0); ++ &mov ($inp,"esp"); ++ &mov ("ecx",$len); ++ &data_word(0xA4F3F689); # rep movsb ++ &mov ("esp",$key_); ++ ++&set_label("cbc_ret"); ++ &mov ($key_,&wparam(4)); ++ &movups (&QWP(0,$key_),$ivec); # output IV ++&function_end("${PREFIX}_cbc_encrypt"); ++ ++# Mechanical port from aesni-x86_64.pl. ++# ++# _aesni_set_encrypt_key is private interface, ++# input: ++# "eax" const unsigned char *userKey ++# $rounds int bits ++# $key AES_KEY *key ++# output: ++# "eax" return code ++# $round rounds ++ ++&function_begin_B("_aesni_set_encrypt_key"); ++ &test ("eax","eax"); ++ &jz (&label("bad_pointer")); ++ &test ($key,$key); ++ &jz (&label("bad_pointer")); ++ ++ &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey ++ &pxor ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 ++ &lea ($key,&DWP(16,$key)); ++ &cmp ($rounds,256); ++ &je (&label("14rounds")); ++ &cmp ($rounds,192); ++ &je (&label("12rounds")); ++ &cmp ($rounds,128); ++ &jne (&label("bad_keybits")); ++ ++&set_label("10rounds",16); ++ &mov ($rounds,9); ++ &$movekey (&QWP(-16,$key),"xmm0"); # round 0 ++ &aeskeygenassist("xmm1","xmm0",0x01); # round 1 ++ &call (&label("key_128_cold")); ++ &aeskeygenassist("xmm1","xmm0",0x2); # round 2 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x04); # round 3 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x08); # round 4 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x10); # round 5 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x20); # round 6 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x40); # round 7 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x80); # round 8 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x1b); # round 9 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x36); # round 10 ++ &call (&label("key_128")); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &mov (&DWP(80,$key),$rounds); ++ &xor ("eax","eax"); ++ &ret(); ++ ++&set_label("key_128",16); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &lea ($key,&DWP(16,$key)); ++&set_label("key_128_cold"); ++ &shufps ("xmm4","xmm0",0b00010000); ++ &pxor ("xmm0","xmm4"); ++ &shufps ("xmm4","xmm0",0b10001100,); ++ &pxor ("xmm0","xmm4"); ++ &pshufd ("xmm1","xmm1",0b11111111); # critical path ++ &pxor ("xmm0","xmm1"); ++ &ret(); ++ ++&set_label("12rounds",16); ++ &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey ++ &mov ($rounds,11); ++ &$movekey (&QWP(-16,$key),"xmm0") # round 0 ++ &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 ++ &call (&label("key_192a_cold")); ++ &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3 ++ &call (&label("key_192b")); ++ &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5 ++ &call (&label("key_192a")); ++ &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6 ++ &call (&label("key_192b")); ++ &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8 ++ &call (&label("key_192a")); ++ &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9 ++ &call (&label("key_192b")); ++ &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11 ++ &call (&label("key_192a")); ++ &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12 ++ &call (&label("key_192b")); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &mov (&DWP(48,$key),$rounds); ++ &xor ("eax","eax"); ++ &ret(); ++ ++&set_label("key_192a",16); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &lea ($key,&DWP(16,$key)); ++&set_label("key_192a_cold",16); ++ &movaps ("xmm5","xmm2"); ++&set_label("key_192b_warm"); ++ &shufps ("xmm4","xmm0",0b00010000); ++ &movaps ("xmm3","xmm2"); ++ &pxor ("xmm0","xmm4"); ++ &shufps ("xmm4","xmm0",0b10001100); ++ &pslldq ("xmm3",4); ++ &pxor ("xmm0","xmm4"); ++ &pshufd ("xmm1","xmm1",0b01010101); # critical path ++ &pxor ("xmm2","xmm3"); ++ &pxor ("xmm0","xmm1"); ++ &pshufd ("xmm3","xmm0",0b11111111); ++ &pxor ("xmm2","xmm3"); ++ &ret(); ++ ++&set_label("key_192b",16); ++ &movaps ("xmm3","xmm0"); ++ &shufps ("xmm5","xmm0",0b01000100); ++ &$movekey (&QWP(0,$key),"xmm5"); ++ &shufps ("xmm3","xmm2",0b01001110); ++ &$movekey (&QWP(16,$key),"xmm3"); ++ &lea ($key,&DWP(32,$key)); ++ &jmp (&label("key_192b_warm")); ++ ++&set_label("14rounds",16); ++ &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey ++ &mov ($rounds,13); ++ &lea ($key,&DWP(16,$key)); ++ &$movekey (&QWP(-32,$key),"xmm0"); # round 0 ++ &$movekey (&QWP(-16,$key),"xmm2"); # round 1 ++ &aeskeygenassist("xmm1","xmm2",0x01); # round 2 ++ &call (&label("key_256a_cold")); ++ &aeskeygenassist("xmm1","xmm0",0x01); # round 3 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x02); # round 4 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x02); # round 5 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x04); # round 6 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x04); # round 7 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x08); # round 8 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x08); # round 9 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x10); # round 10 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x10); # round 11 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x20); # round 12 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x20); # round 13 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x40); # round 14 ++ &call (&label("key_256a")); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &mov (&DWP(16,$key),$rounds); ++ &xor ("eax","eax"); ++ &ret(); ++ ++&set_label("key_256a",16); ++ &$movekey (&QWP(0,$key),"xmm2"); ++ &lea ($key,&DWP(16,$key)); ++&set_label("key_256a_cold"); ++ &shufps ("xmm4","xmm0",0b00010000); ++ &pxor ("xmm0","xmm4"); ++ &shufps ("xmm4","xmm0",0b10001100); ++ &pxor ("xmm0","xmm4"); ++ &pshufd ("xmm1","xmm1",0b11111111); # critical path ++ &pxor ("xmm0","xmm1"); ++ &ret(); ++ ++&set_label("key_256b",16); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &lea ($key,&DWP(16,$key)); ++ ++ &shufps ("xmm4","xmm2",0b00010000); ++ &pxor ("xmm2","xmm4"); ++ &shufps ("xmm4","xmm2",0b10001100); ++ &pxor ("xmm2","xmm4"); ++ &pshufd ("xmm1","xmm1",0b10101010); # critical path ++ &pxor ("xmm2","xmm1"); ++ &ret(); ++ ++&set_label("bad_pointer",4); ++ &mov ("eax",-1); ++ &ret (); ++&set_label("bad_keybits",4); ++ &mov ("eax",-2); ++ &ret (); ++&function_end_B("_aesni_set_encrypt_key"); ++ ++# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits, ++# AES_KEY *key) ++&function_begin_B("${PREFIX}_set_encrypt_key"); ++ &mov ("eax",&wparam(0)); ++ &mov ($rounds,&wparam(1)); ++ &mov ($key,&wparam(2)); ++ &call ("_aesni_set_encrypt_key"); ++ &ret (); ++&function_end_B("${PREFIX}_set_encrypt_key"); ++ ++# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits, ++# AES_KEY *key) ++&function_begin_B("${PREFIX}_set_decrypt_key"); ++ &mov ("eax",&wparam(0)); ++ &mov ($rounds,&wparam(1)); ++ &mov ($key,&wparam(2)); ++ &call ("_aesni_set_encrypt_key"); ++ &mov ($key,&wparam(2)); ++ &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key ++ &test ("eax","eax"); ++ &jnz (&label("dec_key_ret")); ++ &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule ++ ++ &$movekey ("xmm0",&QWP(0,$key)); # just swap ++ &$movekey ("xmm1",&QWP(0,"eax")); ++ &$movekey (&QWP(0,"eax"),"xmm0"); ++ &$movekey (&QWP(0,$key),"xmm1"); ++ &lea ($key,&DWP(16,$key)); ++ &lea ("eax",&DWP(-16,"eax")); ++ ++&set_label("dec_key_inverse"); ++ &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse ++ &$movekey ("xmm1",&QWP(0,"eax")); ++ &aesimc ("xmm0","xmm0"); ++ &aesimc ("xmm1","xmm1"); ++ &lea ($key,&DWP(16,$key)); ++ &lea ("eax",&DWP(-16,"eax")); ++ &cmp ("eax",$key); ++ &$movekey (&QWP(16,"eax"),"xmm0"); ++ &$movekey (&QWP(-16,$key),"xmm1"); ++ &ja (&label("dec_key_inverse")); ++ ++ &$movekey ("xmm0",&QWP(0,$key)); # inverse middle ++ &aesimc ("xmm0","xmm0"); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ ++ &xor ("eax","eax"); # return success ++&set_label("dec_key_ret"); ++ &ret (); ++&function_end_B("${PREFIX}_set_decrypt_key"); ++&asciz("AES for Intel AES-NI, CRYPTOGAMS by "); ++ ++&asm_finish(); +diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl +--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni 2010-01-12 22:18:06.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl 2010-01-12 22:18:06.000000000 +0100 +@@ -0,0 +1,991 @@ ++#!/usr/bin/env perl ++# ++# ==================================================================== ++# Written by Andy Polyakov for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++# ++# This module implements support for Intel AES-NI extension. In ++# OpenSSL context it's used with Intel engine, but can also be used as ++# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for ++# details]. ++ ++$PREFIX="aesni"; # if $PREFIX is set to "AES", the script ++ # generates drop-in replacement for ++ # crypto/aes/asm/aes-x86_64.pl:-) ++ ++$flavour = shift; ++$output = shift; ++if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } ++ ++$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or ++die "can't locate x86_64-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour $output"; ++ ++$movkey = $PREFIX eq "aesni" ? "movaps" : "movups"; ++@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order ++ ("%rdi","%rsi","%rdx","%rcx"); # Unix order ++ ++$code=".text\n"; ++ ++$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!! ++# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ... ++$inp="%rdi"; ++$out="%rsi"; ++$len="%rdx"; ++$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!! ++$ivp="%r8"; # cbc ++ ++$rnds_="%r10d"; # backup copy for $rounds ++$key_="%r11"; # backup copy for $key ++ ++# %xmm register layout ++$inout0="%xmm0"; $inout1="%xmm1"; ++$inout2="%xmm2"; $inout3="%xmm3"; ++$rndkey0="%xmm4"; $rndkey1="%xmm5"; ++ ++$iv="%xmm6"; $in0="%xmm7"; # used in CBC decrypt ++$in1="%xmm8"; $in2="%xmm9"; ++ ++# Inline version of internal aesni_[en|de]crypt1. ++# ++# Why folded loop? Because aes[enc|dec] is slow enough to accommodate ++# cycles which take care of loop variables... ++{ my $sn; ++sub aesni_generate1 { ++my ($p,$key,$rounds)=@_; ++++$sn; ++$code.=<<___; ++ $movkey ($key),$rndkey0 ++ $movkey 16($key),$rndkey1 ++ lea 32($key),$key ++ pxor $rndkey0,$inout0 ++.Loop_${p}1_$sn: ++ aes${p} $rndkey1,$inout0 ++ dec $rounds ++ $movkey ($key),$rndkey1 ++ lea 16($key),$key ++ jnz .Loop_${p}1_$sn # loop body is 16 bytes ++ aes${p}last $rndkey1,$inout0 ++___ ++}} ++# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key); ++# ++{ my ($inp,$out,$key) = @_4args; ++ ++$code.=<<___; ++.globl ${PREFIX}_encrypt ++.type ${PREFIX}_encrypt,\@abi-omnipotent ++.align 16 ++${PREFIX}_encrypt: ++ movups ($inp),$inout0 # load input ++ mov 240($key),$rounds # pull $rounds ++___ ++ &aesni_generate1("enc",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) # output ++ ret ++.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt ++ ++.globl ${PREFIX}_decrypt ++.type ${PREFIX}_decrypt,\@abi-omnipotent ++.align 16 ++${PREFIX}_decrypt: ++ movups ($inp),$inout0 # load input ++ mov 240($key),$rounds # pull $rounds ++___ ++ &aesni_generate1("dec",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) # output ++ ret ++.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt ++___ ++} ++ ++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave ++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec] ++# latency is 6, it turned out that it can be scheduled only every ++# *second* cycle. Thus 3x interleave is the one providing optimal ++# utilization, i.e. when subroutine's throughput is virtually same as ++# of non-interleaved subroutine [for number of input blocks up to 3]. ++# This is why it makes no sense to implement 2x subroutine. As soon ++# as/if Intel improves throughput by making it possible to schedule ++# the instructions in question *every* cycles I would have to ++# implement 6x interleave and use it in loop... ++sub aesni_generate3 { ++my $dir=shift; ++# As already mentioned it takes in $key and $rounds, which are *not* ++# preserved. $inout[0-2] is cipher/clear text... ++$code.=<<___; ++.type _aesni_${dir}rypt3,\@abi-omnipotent ++.align 16 ++_aesni_${dir}rypt3: ++ $movkey ($key),$rndkey0 ++ shr \$1,$rounds ++ $movkey 16($key),$rndkey1 ++ lea 32($key),$key ++ pxor $rndkey0,$inout0 ++ pxor $rndkey0,$inout1 ++ pxor $rndkey0,$inout2 ++ ++.L${dir}_loop3: ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ dec $rounds ++ aes${dir} $rndkey1,$inout2 ++ aes${dir} $rndkey0,$inout0 ++ $movkey 16($key),$rndkey1 ++ aes${dir} $rndkey0,$inout1 ++ lea 32($key),$key ++ aes${dir} $rndkey0,$inout2 ++ jnz .L${dir}_loop3 ++ ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ aes${dir} $rndkey1,$inout2 ++ aes${dir}last $rndkey0,$inout0 ++ aes${dir}last $rndkey0,$inout1 ++ aes${dir}last $rndkey0,$inout2 ++ ret ++.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 ++___ ++} ++# 4x interleave is implemented to improve small block performance, ++# most notably [and naturally] 4 block by ~30%. One can argue that one ++# should have implemented 5x as well, but improvement would be <20%, ++# so it's not worth it... ++sub aesni_generate4 { ++my $dir=shift; ++# As already mentioned it takes in $key and $rounds, which are *not* ++# preserved. $inout[0-3] is cipher/clear text... ++$code.=<<___; ++.type _aesni_${dir}rypt4,\@abi-omnipotent ++.align 16 ++_aesni_${dir}rypt4: ++ $movkey ($key),$rndkey0 ++ shr \$1,$rounds ++ $movkey 16($key),$rndkey1 ++ lea 32($key),$key ++ pxor $rndkey0,$inout0 ++ pxor $rndkey0,$inout1 ++ pxor $rndkey0,$inout2 ++ pxor $rndkey0,$inout3 ++ ++.L${dir}_loop4: ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ dec $rounds ++ aes${dir} $rndkey1,$inout2 ++ aes${dir} $rndkey1,$inout3 ++ aes${dir} $rndkey0,$inout0 ++ $movkey 16($key),$rndkey1 ++ aes${dir} $rndkey0,$inout1 ++ lea 32($key),$key ++ aes${dir} $rndkey0,$inout2 ++ aes${dir} $rndkey0,$inout3 ++ jnz .L${dir}_loop4 ++ ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ aes${dir} $rndkey1,$inout2 ++ aes${dir} $rndkey1,$inout3 ++ aes${dir}last $rndkey0,$inout0 ++ aes${dir}last $rndkey0,$inout1 ++ aes${dir}last $rndkey0,$inout2 ++ aes${dir}last $rndkey0,$inout3 ++ ret ++.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 ++___ ++} ++&aesni_generate3("enc") if ($PREFIX eq "aesni"); ++&aesni_generate3("dec"); ++&aesni_generate4("enc") if ($PREFIX eq "aesni"); ++&aesni_generate4("dec"); ++ ++if ($PREFIX eq "aesni") { ++# void aesni_ecb_encrypt (const void *in, void *out, ++# size_t length, const AES_KEY *key, ++# int enc); ++$code.=<<___; ++.globl aesni_ecb_encrypt ++.type aesni_ecb_encrypt,\@function,5 ++.align 16 ++aesni_ecb_encrypt: ++ cmp \$16,$len # check length ++ jb .Lecb_ret ++ ++ mov 240($key),$rounds # pull $rounds ++ and \$-16,$len ++ mov $key,$key_ # backup $key ++ test %r8d,%r8d # 5th argument ++ mov $rounds,$rnds_ # backup $rounds ++ jz .Lecb_decrypt ++#--------------------------- ECB ENCRYPT ------------------------------# ++ sub \$0x40,$len ++ jbe .Lecb_enc_tail ++ jmp .Lecb_enc_loop3 ++.align 16 ++.Lecb_enc_loop3: ++ movups ($inp),$inout0 ++ movups 0x10($inp),$inout1 ++ movups 0x20($inp),$inout2 ++ call _aesni_encrypt3 ++ sub \$0x30,$len ++ lea 0x30($inp),$inp ++ lea 0x30($out),$out ++ movups $inout0,-0x30($out) ++ mov $rnds_,$rounds # restore $rounds ++ movups $inout1,-0x20($out) ++ mov $key_,$key # restore $key ++ movups $inout2,-0x10($out) ++ ja .Lecb_enc_loop3 ++ ++.Lecb_enc_tail: ++ add \$0x40,$len ++ jz .Lecb_ret ++ ++ cmp \$0x10,$len ++ movups ($inp),$inout0 ++ je .Lecb_enc_one ++ cmp \$0x20,$len ++ movups 0x10($inp),$inout1 ++ je .Lecb_enc_two ++ cmp \$0x30,$len ++ movups 0x20($inp),$inout2 ++ je .Lecb_enc_three ++ movups 0x30($inp),$inout3 ++ call _aesni_encrypt4 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ movups $inout3,0x30($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_enc_one: ++___ ++ &aesni_generate1("enc",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_enc_two: ++ call _aesni_encrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_enc_three: ++ call _aesni_encrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ jmp .Lecb_ret ++ #--------------------------- ECB DECRYPT ------------------------------# ++.align 16 ++.Lecb_decrypt: ++ sub \$0x40,$len ++ jbe .Lecb_dec_tail ++ jmp .Lecb_dec_loop3 ++.align 16 ++.Lecb_dec_loop3: ++ movups ($inp),$inout0 ++ movups 0x10($inp),$inout1 ++ movups 0x20($inp),$inout2 ++ call _aesni_decrypt3 ++ sub \$0x30,$len ++ lea 0x30($inp),$inp ++ lea 0x30($out),$out ++ movups $inout0,-0x30($out) ++ mov $rnds_,$rounds # restore $rounds ++ movups $inout1,-0x20($out) ++ mov $key_,$key # restore $key ++ movups $inout2,-0x10($out) ++ ja .Lecb_dec_loop3 ++ ++.Lecb_dec_tail: ++ add \$0x40,$len ++ jz .Lecb_ret ++ ++ cmp \$0x10,$len ++ movups ($inp),$inout0 ++ je .Lecb_dec_one ++ cmp \$0x20,$len ++ movups 0x10($inp),$inout1 ++ je .Lecb_dec_two ++ cmp \$0x30,$len ++ movups 0x20($inp),$inout2 ++ je .Lecb_dec_three ++ movups 0x30($inp),$inout3 ++ call _aesni_decrypt4 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ movups $inout3,0x30($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_dec_one: ++___ ++ &aesni_generate1("dec",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_dec_two: ++ call _aesni_decrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_dec_three: ++ call _aesni_decrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ ++.Lecb_ret: ++ ret ++.size aesni_ecb_encrypt,.-aesni_ecb_encrypt ++___ ++} ++ ++# void $PREFIX_cbc_encrypt (const void *inp, void *out, ++# size_t length, const AES_KEY *key, ++# unsigned char *ivp,const int enc); ++$reserved = $win64?0x40:-0x18; # used in decrypt ++$code.=<<___; ++.globl ${PREFIX}_cbc_encrypt ++.type ${PREFIX}_cbc_encrypt,\@function,6 ++.align 16 ++${PREFIX}_cbc_encrypt: ++ test $len,$len # check length ++ jz .Lcbc_ret ++ ++ mov 240($key),$rnds_ # pull $rounds ++ mov $key,$key_ # backup $key ++ test %r9d,%r9d # 6th argument ++ jz .Lcbc_decrypt ++#--------------------------- CBC ENCRYPT ------------------------------# ++ movups ($ivp),$inout0 # load iv as initial state ++ cmp \$16,$len ++ mov $rnds_,$rounds ++ jb .Lcbc_enc_tail ++ sub \$16,$len ++ jmp .Lcbc_enc_loop ++.align 16 ++.Lcbc_enc_loop: ++ movups ($inp),$inout1 # load input ++ lea 16($inp),$inp ++ pxor $inout1,$inout0 ++___ ++ &aesni_generate1("enc",$key,$rounds); ++$code.=<<___; ++ sub \$16,$len ++ lea 16($out),$out ++ mov $rnds_,$rounds # restore $rounds ++ mov $key_,$key # restore $key ++ movups $inout0,-16($out) # store output ++ jnc .Lcbc_enc_loop ++ add \$16,$len ++ jnz .Lcbc_enc_tail ++ movups $inout0,($ivp) ++ jmp .Lcbc_ret ++ ++.Lcbc_enc_tail: ++ mov $len,%rcx # zaps $key ++ xchg $inp,$out # $inp is %rsi and $out is %rdi now ++ .long 0x9066A4F3 # rep movsb ++ mov \$16,%ecx # zero tail ++ sub $len,%rcx ++ xor %eax,%eax ++ .long 0x9066AAF3 # rep stosb ++ lea -16(%rdi),%rdi # rewind $out by 1 block ++ mov $rnds_,$rounds # restore $rounds ++ mov %rdi,%rsi # $inp and $out are the same ++ mov $key_,$key # restore $key ++ xor $len,$len # len=16 ++ jmp .Lcbc_enc_loop # one more spin ++ #--------------------------- CBC DECRYPT ------------------------------# ++.align 16 ++.Lcbc_decrypt: ++___ ++$code.=<<___ if ($win64); ++ lea -0x58(%rsp),%rsp ++ movaps %xmm6,(%rsp) ++ movaps %xmm7,0x10(%rsp) ++ movaps %xmm8,0x20(%rsp) ++ movaps %xmm9,0x30(%rsp) ++.Lcbc_decrypt_body: ++___ ++$code.=<<___; ++ movups ($ivp),$iv ++ sub \$0x40,$len ++ mov $rnds_,$rounds ++ jbe .Lcbc_dec_tail ++ jmp .Lcbc_dec_loop3 ++.align 16 ++.Lcbc_dec_loop3: ++ movups ($inp),$inout0 ++ movups 0x10($inp),$inout1 ++ movups 0x20($inp),$inout2 ++ movaps $inout0,$in0 ++ movaps $inout1,$in1 ++ movaps $inout2,$in2 ++ call _aesni_decrypt3 ++ sub \$0x30,$len ++ lea 0x30($inp),$inp ++ lea 0x30($out),$out ++ pxor $iv,$inout0 ++ pxor $in0,$inout1 ++ movaps $in2,$iv ++ pxor $in1,$inout2 ++ movups $inout0,-0x30($out) ++ mov $rnds_,$rounds # restore $rounds ++ movups $inout1,-0x20($out) ++ mov $key_,$key # restore $key ++ movups $inout2,-0x10($out) ++ ja .Lcbc_dec_loop3 ++ ++.Lcbc_dec_tail: ++ add \$0x40,$len ++ movups $iv,($ivp) ++ jz .Lcbc_dec_ret ++ ++ movups ($inp),$inout0 ++ cmp \$0x10,$len ++ movaps $inout0,$in0 ++ jbe .Lcbc_dec_one ++ movups 0x10($inp),$inout1 ++ cmp \$0x20,$len ++ movaps $inout1,$in1 ++ jbe .Lcbc_dec_two ++ movups 0x20($inp),$inout2 ++ cmp \$0x30,$len ++ movaps $inout2,$in2 ++ jbe .Lcbc_dec_three ++ movups 0x30($inp),$inout3 ++ call _aesni_decrypt4 ++ pxor $iv,$inout0 ++ movups 0x30($inp),$iv ++ pxor $in0,$inout1 ++ movups $inout0,($out) ++ pxor $in1,$inout2 ++ movups $inout1,0x10($out) ++ pxor $in2,$inout3 ++ movups $inout2,0x20($out) ++ movaps $inout3,$inout0 ++ lea 0x30($out),$out ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_one: ++___ ++ &aesni_generate1("dec",$key,$rounds); ++$code.=<<___; ++ pxor $iv,$inout0 ++ movaps $in0,$iv ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_two: ++ call _aesni_decrypt3 ++ pxor $iv,$inout0 ++ pxor $in0,$inout1 ++ movups $inout0,($out) ++ movaps $in1,$iv ++ movaps $inout1,$inout0 ++ lea 0x10($out),$out ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_three: ++ call _aesni_decrypt3 ++ pxor $iv,$inout0 ++ pxor $in0,$inout1 ++ movups $inout0,($out) ++ pxor $in1,$inout2 ++ movups $inout1,0x10($out) ++ movaps $in2,$iv ++ movaps $inout2,$inout0 ++ lea 0x20($out),$out ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_tail_collected: ++ and \$15,$len ++ movups $iv,($ivp) ++ jnz .Lcbc_dec_tail_partial ++ movups $inout0,($out) ++ jmp .Lcbc_dec_ret ++.Lcbc_dec_tail_partial: ++ movaps $inout0,$reserved(%rsp) ++ mov $out,%rdi ++ mov $len,%rcx ++ lea $reserved(%rsp),%rsi ++ .long 0x9066A4F3 # rep movsb ++ ++.Lcbc_dec_ret: ++___ ++$code.=<<___ if ($win64); ++ movaps (%rsp),%xmm6 ++ movaps 0x10(%rsp),%xmm7 ++ movaps 0x20(%rsp),%xmm8 ++ movaps 0x30(%rsp),%xmm9 ++ lea 0x58(%rsp),%rsp ++___ ++$code.=<<___; ++.Lcbc_ret: ++ ret ++.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ++___ ++ ++# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey, ++# int bits, AES_KEY *key) ++{ my ($inp,$bits,$key) = @_4args; ++ $bits =~ s/%r/%e/; ++ ++$code.=<<___; ++.globl ${PREFIX}_set_decrypt_key ++.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent ++.align 16 ++${PREFIX}_set_decrypt_key: ++ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 ++ call _aesni_set_encrypt_key ++ shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key ++ test %eax,%eax ++ jnz .Ldec_key_ret ++ lea 16($key,$bits),$inp # points at the end of key schedule ++ ++ $movkey ($key),%xmm0 # just swap ++ $movkey ($inp),%xmm1 ++ $movkey %xmm0,($inp) ++ $movkey %xmm1,($key) ++ lea 16($key),$key ++ lea -16($inp),$inp ++ ++.Ldec_key_inverse: ++ $movkey ($key),%xmm0 # swap and inverse ++ $movkey ($inp),%xmm1 ++ aesimc %xmm0,%xmm0 ++ aesimc %xmm1,%xmm1 ++ lea 16($key),$key ++ lea -16($inp),$inp ++ cmp $key,$inp ++ $movkey %xmm0,16($inp) ++ $movkey %xmm1,-16($key) ++ ja .Ldec_key_inverse ++ ++ $movkey ($key),%xmm0 # inverse middle ++ aesimc %xmm0,%xmm0 ++ $movkey %xmm0,($inp) ++.Ldec_key_ret: ++ add \$8,%rsp ++ ret ++.LSEH_end_set_decrypt_key: ++.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key ++___ ++ ++# This is based on submission by ++# ++# Huang Ying ++# Vinodh Gopal ++# Kahraman Akdemir ++# ++# Agressively optimized in respect to aeskeygenassist's critical path ++# and is contained in %xmm0-5 to meet Win64 ABI requirement. ++# ++$code.=<<___; ++.globl ${PREFIX}_set_encrypt_key ++.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent ++.align 16 ++${PREFIX}_set_encrypt_key: ++_aesni_set_encrypt_key: ++ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 ++ test $inp,$inp ++ mov \$-1,%rax ++ jz .Lenc_key_ret ++ test $key,$key ++ jz .Lenc_key_ret ++ ++ movups ($inp),%xmm0 # pull first 128 bits of *userKey ++ pxor %xmm4,%xmm4 # low dword of xmm4 is assumed 0 ++ lea 16($key),%rax ++ cmp \$256,$bits ++ je .L14rounds ++ cmp \$192,$bits ++ je .L12rounds ++ cmp \$128,$bits ++ jne .Lbad_keybits ++ ++.L10rounds: ++ mov \$9,$bits # 10 rounds for 128-bit key ++ $movkey %xmm0,($key) # round 0 ++ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 ++ call .Lkey_expansion_128_cold ++ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10 ++ call .Lkey_expansion_128 ++ $movkey %xmm0,(%rax) ++ mov $bits,80(%rax) # 240(%rdx) ++ xor %eax,%eax ++ jmp .Lenc_key_ret ++ ++.align 16 ++.L12rounds: ++ movq 16($inp),%xmm2 # remaining 1/3 of *userKey ++ mov \$11,$bits # 12 rounds for 192 ++ $movkey %xmm0,($key) # round 0 ++ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 ++ call .Lkey_expansion_192a_cold ++ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3 ++ call .Lkey_expansion_192b ++ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5 ++ call .Lkey_expansion_192a ++ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6 ++ call .Lkey_expansion_192b ++ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8 ++ call .Lkey_expansion_192a ++ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9 ++ call .Lkey_expansion_192b ++ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11 ++ call .Lkey_expansion_192a ++ aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12 ++ call .Lkey_expansion_192b ++ $movkey %xmm0,(%rax) ++ mov $bits,48(%rax) # 240(%rdx) ++ xor %rax, %rax ++ jmp .Lenc_key_ret ++ ++.align 16 ++.L14rounds: ++ movups 16($inp),%xmm2 # remaning half of *userKey ++ mov \$13,$bits # 14 rounds for 256 ++ lea 16(%rax),%rax ++ $movkey %xmm0,($key) # round 0 ++ $movkey %xmm2,16($key) # round 1 ++ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 ++ call .Lkey_expansion_256a_cold ++ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14 ++ call .Lkey_expansion_256a ++ $movkey %xmm0,(%rax) ++ mov $bits,16(%rax) # 240(%rdx) ++ xor %rax,%rax ++ jmp .Lenc_key_ret ++ ++.align 16 ++.Lbad_keybits: ++ mov \$-2,%rax ++.Lenc_key_ret: ++ add \$8,%rsp ++ ret ++.LSEH_end_set_encrypt_key: ++ ++.align 16 ++.Lkey_expansion_128: ++ $movkey %xmm0,(%rax) ++ lea 16(%rax),%rax ++.Lkey_expansion_128_cold: ++ shufps \$0b00010000,%xmm0,%xmm4 ++ pxor %xmm4, %xmm0 ++ shufps \$0b10001100,%xmm0,%xmm4 ++ pxor %xmm4, %xmm0 ++ pshufd \$0b11111111,%xmm1,%xmm1 # critical path ++ pxor %xmm1,%xmm0 ++ ret ++ ++.align 16 ++.Lkey_expansion_192a: ++ $movkey %xmm0,(%rax) ++ lea 16(%rax),%rax ++.Lkey_expansion_192a_cold: ++ movaps %xmm2, %xmm5 ++.Lkey_expansion_192b_warm: ++ shufps \$0b00010000,%xmm0,%xmm4 ++ movaps %xmm2,%xmm3 ++ pxor %xmm4,%xmm0 ++ shufps \$0b10001100,%xmm0,%xmm4 ++ pslldq \$4,%xmm3 ++ pxor %xmm4,%xmm0 ++ pshufd \$0b01010101,%xmm1,%xmm1 # critical path ++ pxor %xmm3,%xmm2 ++ pxor %xmm1,%xmm0 ++ pshufd \$0b11111111,%xmm0,%xmm3 ++ pxor %xmm3,%xmm2 ++ ret ++ ++.align 16 ++.Lkey_expansion_192b: ++ movaps %xmm0,%xmm3 ++ shufps \$0b01000100,%xmm0,%xmm5 ++ $movkey %xmm5,(%rax) ++ shufps \$0b01001110,%xmm2,%xmm3 ++ $movkey %xmm3,16(%rax) ++ lea 32(%rax),%rax ++ jmp .Lkey_expansion_192b_warm ++ ++.align 16 ++.Lkey_expansion_256a: ++ $movkey %xmm2,(%rax) ++ lea 16(%rax),%rax ++.Lkey_expansion_256a_cold: ++ shufps \$0b00010000,%xmm0,%xmm4 ++ pxor %xmm4,%xmm0 ++ shufps \$0b10001100,%xmm0,%xmm4 ++ pxor %xmm4,%xmm0 ++ pshufd \$0b11111111,%xmm1,%xmm1 # critical path ++ pxor %xmm1,%xmm0 ++ ret ++ ++.align 16 ++.Lkey_expansion_256b: ++ $movkey %xmm0,(%rax) ++ lea 16(%rax),%rax ++ ++ shufps \$0b00010000,%xmm2,%xmm4 ++ pxor %xmm4,%xmm2 ++ shufps \$0b10001100,%xmm2,%xmm4 ++ pxor %xmm4,%xmm2 ++ pshufd \$0b10101010,%xmm1,%xmm1 # critical path ++ pxor %xmm1,%xmm2 ++ ret ++.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key ++___ ++} ++ ++$code.=<<___; ++.asciz "AES for Intel AES-NI, CRYPTOGAMS by " ++.align 64 ++___ ++ ++# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, ++# CONTEXT *context,DISPATCHER_CONTEXT *disp) ++if ($win64) { ++$rec="%rcx"; ++$frame="%rdx"; ++$context="%r8"; ++$disp="%r9"; ++ ++$code.=<<___; ++.extern __imp_RtlVirtualUnwind ++.type cbc_se_handler,\@abi-omnipotent ++.align 16 ++cbc_se_handler: ++ push %rsi ++ push %rdi ++ push %rbx ++ push %rbp ++ push %r12 ++ push %r13 ++ push %r14 ++ push %r15 ++ pushfq ++ sub \$64,%rsp ++ ++ mov 152($context),%rax # pull context->Rsp ++ mov 248($context),%rbx # pull context->Rip ++ ++ lea .Lcbc_decrypt(%rip),%r10 ++ cmp %r10,%rbx # context->Rip<"prologue" label ++ jb .Lin_prologue ++ ++ lea .Lcbc_decrypt_body(%rip),%r10 ++ cmp %r10,%rbx # context->RipRip>="epilogue" label ++ jae .Lin_prologue ++ ++ lea 0(%rax),%rsi # top of stack ++ lea 512($context),%rdi # &context.Xmm6 ++ mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax) ++ .long 0xa548f3fc # cld; rep movsq ++ lea 0x58(%rax),%rax # adjust stack pointer ++ jmp .Lin_prologue ++ ++.Lrestore_rax: ++ mov 120($context),%rax ++.Lin_prologue: ++ mov 8(%rax),%rdi ++ mov 16(%rax),%rsi ++ mov %rax,152($context) # restore context->Rsp ++ mov %rsi,168($context) # restore context->Rsi ++ mov %rdi,176($context) # restore context->Rdi ++ ++ jmp .Lcommon_seh_exit ++.size cbc_se_handler,.-cbc_se_handler ++ ++.type ecb_se_handler,\@abi-omnipotent ++.align 16 ++ecb_se_handler: ++ push %rsi ++ push %rdi ++ push %rbx ++ push %rbp ++ push %r12 ++ push %r13 ++ push %r14 ++ push %r15 ++ pushfq ++ sub \$64,%rsp ++ ++ mov 152($context),%rax # pull context->Rsp ++ mov 8(%rax),%rdi ++ mov 16(%rax),%rsi ++ mov %rsi,168($context) # restore context->Rsi ++ mov %rdi,176($context) # restore context->Rdi ++ ++.Lcommon_seh_exit: ++ ++ mov 40($disp),%rdi # disp->ContextRecord ++ mov $context,%rsi # context ++ mov \$154,%ecx # sizeof(CONTEXT) ++ .long 0xa548f3fc # cld; rep movsq ++ ++ mov $disp,%rsi ++ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER ++ mov 8(%rsi),%rdx # arg2, disp->ImageBase ++ mov 0(%rsi),%r8 # arg3, disp->ControlPc ++ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry ++ mov 40(%rsi),%r10 # disp->ContextRecord ++ lea 56(%rsi),%r11 # &disp->HandlerData ++ lea 24(%rsi),%r12 # &disp->EstablisherFrame ++ mov %r10,32(%rsp) # arg5 ++ mov %r11,40(%rsp) # arg6 ++ mov %r12,48(%rsp) # arg7 ++ mov %rcx,56(%rsp) # arg8, (NULL) ++ call *__imp_RtlVirtualUnwind(%rip) ++ ++ mov \$1,%eax # ExceptionContinueSearch ++ add \$64,%rsp ++ popfq ++ pop %r15 ++ pop %r14 ++ pop %r13 ++ pop %r12 ++ pop %rbp ++ pop %rbx ++ pop %rdi ++ pop %rsi ++ ret ++.size cbc_se_handler,.-cbc_se_handler ++ ++.section .pdata ++.align 4 ++ .rva .LSEH_begin_${PREFIX}_ecb_encrypt ++ .rva .LSEH_end_${PREFIX}_ecb_encrypt ++ .rva .LSEH_info_ecb ++ ++ .rva .LSEH_begin_${PREFIX}_cbc_encrypt ++ .rva .LSEH_end_${PREFIX}_cbc_encrypt ++ .rva .LSEH_info_cbc ++ ++ .rva ${PREFIX}_set_decrypt_key ++ .rva .LSEH_end_set_decrypt_key ++ .rva .LSEH_info_key ++ ++ .rva ${PREFIX}_set_encrypt_key ++ .rva .LSEH_end_set_encrypt_key ++ .rva .LSEH_info_key ++.section .xdata ++.align 8 ++.LSEH_info_ecb: ++ .byte 9,0,0,0 ++ .rva ecb_se_handler ++.LSEH_info_cbc: ++ .byte 9,0,0,0 ++ .rva cbc_se_handler ++.LSEH_info_key: ++ .byte 0x01,0x04,0x01,0x00 ++ .byte 0x04,0x02,0x00,0x00 ++___ ++} ++ ++sub rex { ++ local *opcode=shift; ++ my ($dst,$src)=@_; ++ ++ if ($dst>=8 || $src>=8) { ++ $rex=0x40; ++ $rex|=0x04 if($dst>=8); ++ $rex|=0x01 if($src>=8); ++ push @opcode,$rex; ++ } ++} ++ ++sub aesni { ++ my $line=shift; ++ my @opcode=(0x66); ++ ++ if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { ++ rex(\@opcode,$4,$3); ++ push @opcode,0x0f,0x3a,0xdf; ++ push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M ++ my $c=$2; ++ push @opcode,$c=~/^0/?oct($c):$c; ++ return ".byte\t".join(',',@opcode); ++ } ++ elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { ++ my %opcodelet = ( ++ "aesimc" => 0xdb, ++ "aesenc" => 0xdc, "aesenclast" => 0xdd, ++ "aesdec" => 0xde, "aesdeclast" => 0xdf ++ ); ++ return undef if (!defined($opcodelet{$1})); ++ rex(\@opcode,$3,$2); ++ push @opcode,0x0f,0x38,$opcodelet{$1}; ++ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M ++ return ".byte\t".join(',',@opcode); ++ } ++ return $line; ++} ++ ++$code =~ s/\`([^\`]*)\`/eval($1)/gem; ++$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; ++ ++print $code; ++ ++close STDOUT; +diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypto/aes/Makefile +--- openssl-1.0.0-beta4/crypto/aes/Makefile.aesni 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/aes/Makefile 2010-01-12 22:18:06.000000000 +0100 +@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S + + aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl + $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ ++aesni-x86.s: asm/aesni-x86.pl ../perlasm/x86asm.pl ++ $(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ + + aes-x86_64.s: asm/aes-x86_64.pl + $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@ ++aesni-x86_64.s: asm/aesni-x86_64.pl ++ $(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@ + + aes-sparcv9.s: asm/aes-sparcv9.pl + $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ +diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_aesni.c +--- openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni 2010-01-12 22:18:06.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/engine/eng_aesni.c 2010-01-12 22:18:06.000000000 +0100 +@@ -0,0 +1,413 @@ ++/* ++ * Support for Intel AES-NI intruction set ++ * Author: Huang Ying ++ * ++ * Intel AES-NI is a new set of Single Instruction Multiple Data ++ * (SIMD) instructions that are going to be introduced in the next ++ * generation of Intel processor, as of 2009. These instructions ++ * enable fast and secure data encryption and decryption, using the ++ * Advanced Encryption Standard (AES), defined by FIPS Publication ++ * number 197. The architecture introduces six instructions that ++ * offer full hardware support for AES. Four of them support high ++ * performance data encryption and decryption, and the other two ++ * instructions support the AES key expansion procedure. ++ * ++ * The white paper can be downloaded from: ++ * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf ++ * ++ * This file is based on engines/e_padlock.c ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++ ++#include ++ ++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES) ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it ++ doesn't exist elsewhere, but it even can't be compiled on other ++ platforms! */ ++#undef COMPILE_HW_AESNI ++#if (defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) ++#define COMPILE_HW_AESNI ++static ENGINE *ENGINE_aesni (void); ++#endif ++ ++void ENGINE_load_aesni (void) ++{ ++/* On non-x86 CPUs it just returns. */ ++#ifdef COMPILE_HW_AESNI ++ ENGINE *toadd = ENGINE_aesni(); ++ if (!toadd) ++ return; ++ ENGINE_add (toadd); ++ ENGINE_register_complete (toadd); ++ ENGINE_free (toadd); ++ ERR_clear_error (); ++#endif ++} ++ ++#ifdef COMPILE_HW_AESNI ++int aesni_set_encrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++int aesni_set_decrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++ ++void aesni_encrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void aesni_decrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++ ++void aesni_ecb_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, ++ int enc); ++void aesni_cbc_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, ++ unsigned char *ivec, int enc); ++ ++/* Function for ENGINE detection and control */ ++static int aesni_init(ENGINE *e); ++ ++/* Cipher Stuff */ ++static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, ++ const int **nids, int nid); ++ ++#define AESNI_MIN_ALIGN 16 ++#define AESNI_ALIGN(x) \ ++ ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1))) ++ ++/* Engine names */ ++static const char aesni_id[] = "aesni", ++ aesni_name[] = "Intel AES-NI engine", ++ no_aesni_name[] = "Intel AES-NI engine (no-aesni)"; ++ ++/* ===== Engine "management" functions ===== */ ++ ++#if defined(_WIN32) ++typedef unsigned __int64 IA32CAP; ++#else ++typedef unsigned long long IA32CAP; ++#endif ++ ++/* Prepare the ENGINE structure for registration */ ++static int ++aesni_bind_helper(ENGINE *e) ++{ ++ int engage; ++ if (sizeof(OPENSSL_ia32cap_P) > 4) { ++ engage = (OPENSSL_ia32cap_P >> 57) & 1; ++ } else { ++ IA32CAP OPENSSL_ia32_cpuid(void); ++ engage = (OPENSSL_ia32_cpuid() >> 57) & 1; ++ } ++ ++ /* Register everything or return with an error */ ++ if (!ENGINE_set_id(e, aesni_id) || ++ !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) || ++ ++ !ENGINE_set_init_function(e, aesni_init) || ++ (engage && !ENGINE_set_ciphers (e, aesni_ciphers)) ++ ) ++ return 0; ++ ++ /* Everything looks good */ ++ return 1; ++} ++ ++/* Constructor */ ++static ENGINE * ++ENGINE_aesni(void) ++{ ++ ENGINE *eng = ENGINE_new(); ++ ++ if (!eng) { ++ return NULL; ++ } ++ ++ if (!aesni_bind_helper(eng)) { ++ ENGINE_free(eng); ++ return NULL; ++ } ++ ++ return eng; ++} ++ ++/* Check availability of the engine */ ++static int ++aesni_init(ENGINE *e) ++{ ++ return 1; ++} ++ ++#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) ++#define NID_aes_128_cfb NID_aes_128_cfb128 ++#endif ++ ++#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) ++#define NID_aes_128_ofb NID_aes_128_ofb128 ++#endif ++ ++#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) ++#define NID_aes_192_cfb NID_aes_192_cfb128 ++#endif ++ ++#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) ++#define NID_aes_192_ofb NID_aes_192_ofb128 ++#endif ++ ++#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) ++#define NID_aes_256_cfb NID_aes_256_cfb128 ++#endif ++ ++#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) ++#define NID_aes_256_ofb NID_aes_256_ofb128 ++#endif ++ ++/* List of supported ciphers. */ ++static int aesni_cipher_nids[] = { ++ NID_aes_128_ecb, ++ NID_aes_128_cbc, ++ NID_aes_128_cfb, ++ NID_aes_128_ofb, ++ ++ NID_aes_192_ecb, ++ NID_aes_192_cbc, ++ NID_aes_192_cfb, ++ NID_aes_192_ofb, ++ ++ NID_aes_256_ecb, ++ NID_aes_256_cbc, ++ NID_aes_256_cfb, ++ NID_aes_256_ofb, ++}; ++static int aesni_cipher_nids_num = ++ (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0])); ++ ++typedef struct ++{ ++ AES_KEY ks; ++ unsigned int _pad1[3]; ++} AESNI_KEY; ++ ++static int ++aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key, ++ const unsigned char *iv, int enc) ++{ ++ int ret; ++ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ ++ if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE ++ || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE ++ || enc) ++ ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key); ++ else ++ ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key); ++ ++ if(ret < 0) { ++ EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt); ++ return 1; ++} ++static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ aesni_cbc_encrypt(in, out, inl, key, ++ ctx->iv, ctx->encrypt); ++ return 1; ++} ++static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv, ++ &ctx->num, ctx->encrypt, ++ (block128_f)aesni_encrypt); ++ return 1; ++} ++static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv, ++ &ctx->num, (block128_f)aesni_encrypt); ++ return 1; ++} ++ ++#define AES_BLOCK_SIZE 16 ++ ++#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE ++#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE ++#define EVP_CIPHER_block_size_OFB 1 ++#define EVP_CIPHER_block_size_CFB 1 ++ ++/* Declaring so many ciphers by hand would be a pain. ++ Instead introduce a bit of preprocessor magic :-) */ ++#define DECLARE_AES_EVP(ksize,lmode,umode) \ ++static const EVP_CIPHER aesni_##ksize##_##lmode = { \ ++ NID_aes_##ksize##_##lmode, \ ++ EVP_CIPHER_block_size_##umode, \ ++ ksize / 8, \ ++ AES_BLOCK_SIZE, \ ++ 0 | EVP_CIPH_##umode##_MODE, \ ++ aesni_init_key, \ ++ aesni_cipher_##lmode, \ ++ NULL, \ ++ sizeof(AESNI_KEY), \ ++ EVP_CIPHER_set_asn1_iv, \ ++ EVP_CIPHER_get_asn1_iv, \ ++ NULL, \ ++ NULL \ ++} ++ ++DECLARE_AES_EVP(128,ecb,ECB); ++DECLARE_AES_EVP(128,cbc,CBC); ++DECLARE_AES_EVP(128,cfb,CFB); ++DECLARE_AES_EVP(128,ofb,OFB); ++ ++DECLARE_AES_EVP(192,ecb,ECB); ++DECLARE_AES_EVP(192,cbc,CBC); ++DECLARE_AES_EVP(192,cfb,CFB); ++DECLARE_AES_EVP(192,ofb,OFB); ++ ++DECLARE_AES_EVP(256,ecb,ECB); ++DECLARE_AES_EVP(256,cbc,CBC); ++DECLARE_AES_EVP(256,cfb,CFB); ++DECLARE_AES_EVP(256,ofb,OFB); ++ ++static int ++aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher, ++ const int **nids, int nid) ++{ ++ /* No specific cipher => return a list of supported nids ... */ ++ if (!cipher) { ++ *nids = aesni_cipher_nids; ++ return aesni_cipher_nids_num; ++ } ++ ++ /* ... or the requested "cipher" otherwise */ ++ switch (nid) { ++ case NID_aes_128_ecb: ++ *cipher = &aesni_128_ecb; ++ break; ++ case NID_aes_128_cbc: ++ *cipher = &aesni_128_cbc; ++ break; ++ case NID_aes_128_cfb: ++ *cipher = &aesni_128_cfb; ++ break; ++ case NID_aes_128_ofb: ++ *cipher = &aesni_128_ofb; ++ break; ++ ++ case NID_aes_192_ecb: ++ *cipher = &aesni_192_ecb; ++ break; ++ case NID_aes_192_cbc: ++ *cipher = &aesni_192_cbc; ++ break; ++ case NID_aes_192_cfb: ++ *cipher = &aesni_192_cfb; ++ break; ++ case NID_aes_192_ofb: ++ *cipher = &aesni_192_ofb; ++ break; ++ ++ case NID_aes_256_ecb: ++ *cipher = &aesni_256_ecb; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &aesni_256_cbc; ++ break; ++ case NID_aes_256_cfb: ++ *cipher = &aesni_256_cfb; ++ break; ++ case NID_aes_256_ofb: ++ *cipher = &aesni_256_ofb; ++ break; ++ ++ default: ++ /* Sorry, we don't support this NID */ ++ *cipher = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* COMPILE_HW_AESNI */ ++#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */ +diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_all.c +--- openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni 2010-01-07 23:38:31.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/engine/eng_all.c 2010-01-12 22:18:06.000000000 +0100 +@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void) + #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) + ENGINE_load_cryptodev(); + #endif ++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) ++ ENGINE_load_aesni(); ++#endif + ENGINE_load_dynamic(); + #ifndef OPENSSL_NO_STATIC_ENGINE + #ifndef OPENSSL_NO_HW +diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/crypto/engine/engine.h +--- openssl-1.0.0-beta4/crypto/engine/engine.h.aesni 2010-01-07 23:38:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/engine/engine.h 2010-01-12 22:18:06.000000000 +0100 +@@ -342,6 +342,7 @@ void ENGINE_load_gost(void); + #endif + #endif + void ENGINE_load_cryptodev(void); ++void ENGINE_load_aesni(void); + void ENGINE_load_builtin_engines(void); + + /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation +diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/crypto/engine/Makefile +--- openssl-1.0.0-beta4/crypto/engine/Makefile.aesni 2008-06-04 13:01:29.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/engine/Makefile 2010-01-12 22:18:06.000000000 +0100 +@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e + eng_table.c eng_pkey.c eng_fat.c eng_all.c \ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ +- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c ++ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ ++ eng_aesni.c + LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ + eng_table.o eng_pkey.o eng_fat.o eng_all.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ + tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ +- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o ++ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ ++ eng_aesni.o + + SRC= $(LIBSRC) + +diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/crypto/evp/evp_err.c +--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni 2010-01-07 23:38:31.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2010-01-12 22:18:06.000000000 +0100 +@@ -1,6 +1,6 @@ + /* crypto/evp/evp_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -70,6 +70,7 @@ + + static ERR_STRING_DATA EVP_str_functs[]= + { ++{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, + {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, + {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, + {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +@@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]= + {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +-{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"}, ++{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, + {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, + {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, + {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, +diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/evp/evp.h +--- openssl-1.0.0-beta4/crypto/evp/evp.h.aesni 2010-01-07 23:38:31.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp.h 2010-01-12 22:18:06.000000000 +0100 +@@ -1162,6 +1162,7 @@ void ERR_load_EVP_strings(void); + /* Error codes for the EVP functions. */ + + /* Function codes. */ ++#define EVP_F_AESNI_INIT_KEY 163 + #define EVP_F_AES_INIT_KEY 133 + #define EVP_F_CAMELLIA_INIT_KEY 159 + #define EVP_F_D2I_PKEY 100 +diff -up openssl-1.0.0-beta4/test/test_aesni.aesni openssl-1.0.0-beta4/test/test_aesni +--- openssl-1.0.0-beta4/test/test_aesni.aesni 2010-01-12 22:18:06.000000000 +0100 ++++ openssl-1.0.0-beta4/test/test_aesni 2010-01-12 22:18:06.000000000 +0100 +@@ -0,0 +1,69 @@ ++#!/bin/sh ++ ++PROG=$1 ++ ++if [ -x $PROG ]; then ++ if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then ++ : ++ else ++ echo "$PROG is not OpenSSL executable" ++ exit 1 ++ fi ++else ++ echo "$PROG is not executable" ++ exit 1; ++fi ++ ++if $PROG engine aesni | grep -v no-aesni; then ++ ++ HASH=`cat $PROG | $PROG dgst -hex` ++ ++ AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ ++ aes-128-cbc aes-192-cbc aes-256-cbc \ ++ aes-128-cfb aes-192-cfb aes-256-cfb \ ++ aes-128-ofb aes-192-ofb aes-256-ofb" ++ BUFSIZE="16 32 48 64 80 96 128 144 999" ++ ++ nerr=0 ++ ++ for alg in $AES_ALGS; do ++ echo $alg ++ for bufsize in $BUFSIZE; do ++ TEST=`( cat $PROG | \ ++ $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ ++ $PROG enc -d -k "$HASH" -$alg | \ ++ $PROG dgst -hex ) 2>/dev/null` ++ if [ "$TEST" != "$HASH" ]; then ++ echo "-$alg/$bufsize encrypt test failed" ++ nerr=`expr $nerr + 1` ++ fi ++ done ++ for bufsize in $BUFSIZE; do ++ TEST=`( cat $PROG | \ ++ $PROG enc -e -k "$HASH" -$alg | \ ++ $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ ++ $PROG dgst -hex ) 2>/dev/null` ++ if [ "$TEST" != "$HASH" ]; then ++ echo "-$alg/$bufsize decrypt test failed" ++ nerr=`expr $nerr + 1` ++ fi ++ done ++ TEST=`( cat $PROG | \ ++ $PROG enc -e -k "$HASH" -$alg -engine aesni | \ ++ $PROG enc -d -k "$HASH" -$alg -engine aesni | \ ++ $PROG dgst -hex ) 2>/dev/null` ++ if [ "$TEST" != "$HASH" ]; then ++ echo "-$alg en/decrypt test failed" ++ nerr=`expr $nerr + 1` ++ fi ++ done ++ ++ if [ $nerr -gt 0 ]; then ++ echo "AESNI engine test failed." ++ exit 1; ++ fi ++else ++ echo "AESNI engine is not available" ++fi ++ ++exit 0 diff --git a/openssl-1.0.0-beta4-backports.patch b/openssl-1.0.0-beta4-backports.patch deleted file mode 100644 index ad4c7e4..0000000 --- a/openssl-1.0.0-beta4-backports.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c ---- openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports 2008-11-12 04:57:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c 2009-11-18 14:11:14.000000000 +0100 -@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PK - } - else ret= *a; - -- ret->save_type=type; -- ret->type=EVP_PKEY_type(type); -- switch (ret->type) -+ if (!EVP_PKEY_set_type(ret, type)) -+ { -+ ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB); -+ goto err; -+ } -+ -+ switch (EVP_PKEY_id(ret)) - { - #ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: -diff -up openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports openssl-1.0.0-beta4/crypto/evp/p_lib.c ---- openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports 2006-07-04 22:27:44.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/p_lib.c 2009-11-18 14:11:26.000000000 +0100 -@@ -220,7 +220,10 @@ static int pkey_set_type(EVP_PKEY *pkey, - #ifndef OPENSSL_NO_ENGINE - /* If we have an ENGINE release it */ - if (pkey->engine) -+ { - ENGINE_finish(pkey->engine); -+ pkey->engine = NULL; -+ } - #endif - } - if (str) -diff -up openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports openssl-1.0.0-beta4/crypto/x509/x509_vfy.c ---- openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports 2009-10-31 20:21:47.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/x509/x509_vfy.c 2009-11-18 14:11:31.000000000 +0100 -@@ -1727,6 +1727,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, - offset= -offset; - } - atm.type=ctm->type; -+ atm.flags = 0; - atm.length=sizeof(buff2); - atm.data=(unsigned char *)buff2; - diff --git a/openssl-1.0.0-beta4-binutils.patch b/openssl-1.0.0-beta4-binutils.patch deleted file mode 100644 index d39b2e6..0000000 --- a/openssl-1.0.0-beta4-binutils.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -up openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl ---- openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl 2009-11-12 17:26:08.000000000 +0100 -@@ -19,6 +19,7 @@ my $code; - sub round1_step - { - my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; -+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal - $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1); - $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); - $code .= <= (d+n-2)) - { -+#if 0 - /* Because the client does not see any renegotiation during an - attack, we must enforce this on all server hellos, even the - first */ -@@ -994,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - return 0; - } -+#endif - return 1; - } - -@@ -1126,12 +1128,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, - return 0; - } - -+#if 0 - if (!renegotiate_seen - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - return 0; - } -+#endif - - if (!s->hit && tlsext_servername == 1) - { diff --git a/openssl-1.0.0-beta4-dtls-ipv6.patch b/openssl-1.0.0-beta4-dtls-ipv6.patch deleted file mode 100644 index 1173f1a..0000000 --- a/openssl-1.0.0-beta4-dtls-ipv6.patch +++ /dev/null @@ -1,219 +0,0 @@ -diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c ---- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 2009-11-09 15:09:53.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2009-11-23 08:50:45.000000000 +0100 -@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr) - if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) - { - OPENSSL_assert(sa.len.s<=sizeof(sa.from)); -- sa.len.i = (unsigned int)sa.len.s; -+ sa.len.i = (int)sa.len.s; -+ /* use sa.len.i from this point */ - } - if (ret == INVALID_SOCKET) - { -diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c ---- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2009-11-23 08:50:45.000000000 +0100 -@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp= - - typedef struct bio_dgram_data_st - { -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; - #if OPENSSL_USE_IPV6 -- struct sockaddr_storage peer; --#else -- struct sockaddr_in peer; -+ struct sockaddr_in6 sa_in6; - #endif -+ } peer; - unsigned int connected; - unsigned int _errno; - unsigned int mtu; -@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out, - int ret=0; - bio_dgram_data *data = (bio_dgram_data *)b->ptr; - -+ struct { -+ /* -+ * See commentary in b_sock.c. -+ */ -+ union { size_t s; int i; } len; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in sa_in; - #if OPENSSL_USE_IPV6 -- struct sockaddr_storage peer; --#else -- struct sockaddr_in peer; -+ struct sockaddr_in6 sa_in6; - #endif -- int peerlen = sizeof(peer); -+ } peer; -+ } sa; -+ -+ sa.len.s=0; -+ sa.len.i=sizeof(sa.peer); - - if (out != NULL) - { - clear_socket_error(); -- memset(&peer, 0x00, peerlen); -- /* Last arg in recvfrom is signed on some platforms and -- * unsigned on others. It is of type socklen_t on some -- * but this is not universal. Cast to (void *) to avoid -- * compiler warnings. -- */ -+ memset(&sa.peer, 0x00, sizeof(sa.peer)); - dgram_adjust_rcv_timeout(b); -- ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen); -+ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len); -+ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) -+ { -+ OPENSSL_assert(sa.len.s<=sizeof(sa.peer)); -+ sa.len.i = (int)sa.len.s; -+ } - dgram_reset_rcv_timeout(b); - - if ( ! data->connected && ret >= 0) -- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); -+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); - - BIO_clear_retry_flags(b); - if (ret < 0) -@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha - if ( data->connected ) - ret=writesocket(b->num,in,inl); - else --#if OPENSSL_USE_IPV6 -- if (data->peer.ss_family == AF_INET) - #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) -- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); -+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer)); - #else -- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); --#endif -- else --#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) -- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6)); --#else -- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6)); --#endif --#else --#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) -- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); --#else -- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); --#endif -+ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer)); - #endif - - BIO_clear_retry_flags(b); -@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd, - else - { - #endif -+ switch (to->sa_family) -+ { -+ case AF_INET: -+ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); -+ break; - #if OPENSSL_USE_IPV6 -- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage)); --#else -- memcpy(&(data->peer),to, sizeof(struct sockaddr_in)); --#endif -+ case AF_INET6: -+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); -+ break; -+#endif -+ default: -+ memcpy(&data->peer,to,sizeof(data->peer.sa)); -+ break; -+ } - #if 0 - } - #endif -@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd, - if ( to != NULL) - { - data->connected = 1; -+ switch (to->sa_family) -+ { -+ case AF_INET: -+ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); -+ break; - #if OPENSSL_USE_IPV6 -- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage)); --#else -- memcpy(&(data->peer),to, sizeof(struct sockaddr_in)); --#endif -+ case AF_INET6: -+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); -+ break; -+#endif -+ default: -+ memcpy(&data->peer,to,sizeof(data->peer.sa)); -+ break; -+ } - } - else - { - data->connected = 0; --#if OPENSSL_USE_IPV6 -- memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage)); --#else -- memset(&(data->peer), 0x00, sizeof(struct sockaddr_in)); --#endif -+ memset(&(data->peer), 0x00, sizeof(data->peer)); - } - break; - case BIO_CTRL_DGRAM_GET_PEER: - to = (struct sockaddr *) ptr; -- -+ switch (to->sa_family) -+ { -+ case AF_INET: -+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in))); -+ break; - #if OPENSSL_USE_IPV6 -- memcpy(to, &(data->peer), sizeof(struct sockaddr_storage)); -- ret = sizeof(struct sockaddr_storage); --#else -- memcpy(to, &(data->peer), sizeof(struct sockaddr_in)); -- ret = sizeof(struct sockaddr_in); --#endif -+ case AF_INET6: -+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6))); -+ break; -+#endif -+ default: -+ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa))); -+ break; -+ } - break; - case BIO_CTRL_DGRAM_SET_PEER: - to = (struct sockaddr *) ptr; -- -+ switch (to->sa_family) -+ { -+ case AF_INET: -+ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); -+ break; - #if OPENSSL_USE_IPV6 -- memcpy(&(data->peer), to, sizeof(struct sockaddr_storage)); --#else -- memcpy(&(data->peer), to, sizeof(struct sockaddr_in)); --#endif -+ case AF_INET6: -+ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); -+ break; -+#endif -+ default: -+ memcpy(&data->peer,to,sizeof(data->peer.sa)); -+ break; -+ } - break; - case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: - memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); diff --git a/openssl-1.0.0-beta4-redhat.patch b/openssl-1.0.0-beta4-redhat.patch index ad61bf8..4356e41 100644 --- a/openssl-1.0.0-beta4-redhat.patch +++ b/openssl-1.0.0-beta4-redhat.patch @@ -22,7 +22,7 @@ diff -up openssl-1.0.0-beta4/Configure.redhat openssl-1.0.0-beta4/Configure -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):\$(SHLIB_SONAMEVER)", ++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/openssl-1.0.0-beta4-reneg-err.patch b/openssl-1.0.0-beta4-reneg-err.patch deleted file mode 100644 index 271dbe7..0000000 --- a/openssl-1.0.0-beta4-reneg-err.patch +++ /dev/null @@ -1,93 +0,0 @@ -Better error reporting for unsafe renegotiation. -diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err openssl-1.0.0-beta4/ssl/ssl_err.c ---- openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err 2009-11-09 19:45:42.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/ssl_err.c 2009-11-20 17:56:57.000000000 +0100 -@@ -226,7 +226,9 @@ static ERR_STRING_DATA SSL_str_functs[]= - {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, - {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, - {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, -+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, -+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, - {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, -@@ -526,6 +528,7 @@ static ERR_STRING_DATA SSL_str_reasons[] - {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, - {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, - {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, -+{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, - {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, - {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, - {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, -diff -up openssl-1.0.0-beta4/ssl/ssl.h.reneg-err openssl-1.0.0-beta4/ssl/ssl.h ---- openssl-1.0.0-beta4/ssl/ssl.h.reneg-err 2009-11-12 15:17:29.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/ssl.h 2009-11-20 17:56:57.000000000 +0100 -@@ -1934,7 +1934,9 @@ void ERR_load_SSL_strings(void); - #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 - #define SSL_F_SSL_NEW 186 - #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 -+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 - #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 -+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 - #define SSL_F_SSL_PEEK 270 - #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 - #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 -@@ -2231,6 +2233,7 @@ void ERR_load_SSL_strings(void); - #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 - #define SSL_R_UNKNOWN_SSL_VERSION 254 - #define SSL_R_UNKNOWN_STATE 255 -+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 - #define SSL_R_UNSUPPORTED_CIPHER 256 - #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 - #define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 -diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err openssl-1.0.0-beta4/ssl/s23_srvr.c ---- openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err 2009-11-12 15:17:29.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-20 17:57:23.000000000 +0100 -@@ -497,6 +497,11 @@ int ssl23_get_client_hello(SSL *s) - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - #else -+ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) -+ { -+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); -+ goto err; -+ } - /* we are talking sslv2 */ - /* we need to clean up the SSLv3/TLSv1 setup and put in the - * sslv2 stuff. */ -diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err openssl-1.0.0-beta4/ssl/t1_lib.c ---- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err 2009-11-18 14:04:19.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-20 17:56:57.000000000 +0100 -@@ -636,6 +636,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, - { - /* We should always see one extension: the renegotiate extension */ - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - return 1; -@@ -965,6 +966,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, - if (s->new_session && !renegotiate_seen - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { -+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ - return 0; - } -@@ -993,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, - { - /* We should always see one extension: the renegotiate extension */ - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - #endif -@@ -1133,6 +1136,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, - && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - return 0; - } - #endif diff --git a/openssl-1.0.0-beta4-reneg.patch b/openssl-1.0.0-beta4-reneg.patch deleted file mode 100644 index 92e206d..0000000 --- a/openssl-1.0.0-beta4-reneg.patch +++ /dev/null @@ -1,237 +0,0 @@ -diff -up openssl-1.0.0-beta4/apps/s_cb.c.reneg openssl-1.0.0-beta4/apps/s_cb.c ---- openssl-1.0.0-beta4/apps/s_cb.c.reneg 2009-10-15 20:48:47.000000000 +0200 -+++ openssl-1.0.0-beta4/apps/s_cb.c 2009-11-12 15:02:30.000000000 +0100 -@@ -669,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int c - extname = "server ticket"; - break; - -+ case TLSEXT_TYPE_renegotiate: -+ extname = "renegotiate"; -+ break; -+ - #ifdef TLSEXT_TYPE_opaque_prf_input - case TLSEXT_TYPE_opaque_prf_input: - extname = "opaque PRF input"; -diff -up openssl-1.0.0-beta4/apps/s_client.c.reneg openssl-1.0.0-beta4/apps/s_client.c ---- openssl-1.0.0-beta4/apps/s_client.c.reneg 2009-11-12 14:57:48.000000000 +0100 -+++ openssl-1.0.0-beta4/apps/s_client.c 2009-11-12 15:01:48.000000000 +0100 -@@ -343,6 +343,7 @@ static void sc_usage(void) - BIO_printf(bio_err," -status - request certificate status from server\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); - #endif -+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); - } - - #ifndef OPENSSL_NO_TLSEXT -@@ -657,6 +658,8 @@ int MAIN(int argc, char **argv) - #endif - else if (strcmp(*argv,"-serverpref") == 0) - off|=SSL_OP_CIPHER_SERVER_PREFERENCE; -+ else if (strcmp(*argv,"-legacy_renegotiation") == 0) -+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; -diff -up openssl-1.0.0-beta4/apps/s_server.c.reneg openssl-1.0.0-beta4/apps/s_server.c ---- openssl-1.0.0-beta4/apps/s_server.c.reneg 2009-11-12 14:57:48.000000000 +0100 -+++ openssl-1.0.0-beta4/apps/s_server.c 2009-11-12 15:01:48.000000000 +0100 -@@ -491,6 +491,7 @@ static void sv_usage(void) - BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); - BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); -+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); - #endif - } - -@@ -1013,6 +1014,8 @@ int MAIN(int argc, char *argv[]) - verify_return_error = 1; - else if (strcmp(*argv,"-serverpref") == 0) - { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } -+ else if (strcmp(*argv,"-legacy_renegotiation") == 0) -+ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; - else if (strcmp(*argv,"-cipher") == 0) - { - if (--argc < 1) goto bad; -diff -up openssl-1.0.0-beta4/ssl/tls1.h.reneg openssl-1.0.0-beta4/ssl/tls1.h ---- openssl-1.0.0-beta4/ssl/tls1.h.reneg 2009-11-12 14:57:47.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/tls1.h 2009-11-12 15:02:30.000000000 +0100 -@@ -201,6 +201,9 @@ extern "C" { - # define TLSEXT_TYPE_opaque_prf_input ?? */ - #endif - -+/* Temporary extension type */ -+#define TLSEXT_TYPE_renegotiate 0xff01 -+ - /* NameType value from RFC 3546 */ - #define TLSEXT_NAMETYPE_host_name 0 - /* status request value from RFC 3546 */ -diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg openssl-1.0.0-beta4/ssl/t1_lib.c ---- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg 2009-11-08 15:36:32.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/t1_lib.c 2009-11-12 15:02:30.000000000 +0100 -@@ -315,6 +315,30 @@ unsigned char *ssl_add_clienthello_tlsex - ret+=size_str; - } - -+ /* Add the renegotiation option: TODOEKR switch */ -+ { -+ int el; -+ -+ if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) -+ { -+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); -+ return NULL; -+ } -+ -+ if((limit - p - 4 - el) < 0) return NULL; -+ -+ s2n(TLSEXT_TYPE_renegotiate,ret); -+ s2n(el,ret); -+ -+ if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) -+ { -+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); -+ return NULL; -+ } -+ -+ ret += el; -+ } -+ - #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist != NULL) - { -@@ -490,6 +514,31 @@ unsigned char *ssl_add_serverhello_tlsex - s2n(TLSEXT_TYPE_server_name,ret); - s2n(0,ret); - } -+ -+ if(s->s3->send_connection_binding) -+ { -+ int el; -+ -+ if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) -+ { -+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); -+ return NULL; -+ } -+ -+ if((limit - p - 4 - el) < 0) return NULL; -+ -+ s2n(TLSEXT_TYPE_renegotiate,ret); -+ s2n(el,ret); -+ -+ if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) -+ { -+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); -+ return NULL; -+ } -+ -+ ret += el; -+ } -+ - #ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist != NULL) - { -@@ -574,11 +623,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, - unsigned short size; - unsigned short len; - unsigned char *data = *p; -+ int renegotiate_seen = 0; -+ - s->servername_done = 0; - s->tlsext_status_type = -1; -+ s->s3->send_connection_binding = 0; - - if (data >= (d+n-2)) -+ { -+ if (s->new_session -+ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) -+ { -+ /* We should always see one extension: the renegotiate extension */ -+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ return 0; -+ } - return 1; -+ } - n2s(data,len); - - if (data > (d+n-len)) -@@ -790,6 +851,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, - return 0; - } - } -+ else if (type == TLSEXT_TYPE_renegotiate) -+ { -+ if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) -+ return 0; -+ renegotiate_seen = 1; -+ } - else if (type == TLSEXT_TYPE_status_request - && s->ctx->tlsext_status_cb) - { -@@ -894,6 +961,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, - /* session ticket processed earlier */ - data+=size; - } -+ -+ if (s->new_session && !renegotiate_seen -+ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) -+ { -+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ return 0; -+ } -+ - - *p = data; - return 1; -@@ -905,11 +980,22 @@ int ssl_parse_serverhello_tlsext(SSL *s, - unsigned short size; - unsigned short len; - unsigned char *data = *p; -- - int tlsext_servername = 0; -+ int renegotiate_seen = 0; - - if (data >= (d+n-2)) -+ { -+ /* Because the client does not see any renegotiation during an -+ attack, we must enforce this on all server hellos, even the -+ first */ -+ if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) -+ { -+ /* We should always see one extension: the renegotiate extension */ -+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ return 0; -+ } - return 1; -+ } - - n2s(data,len); - -@@ -1025,7 +1111,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, - /* Set flag to expect CertificateStatus message */ - s->tlsext_status_expected = 1; - } -- -+ else if (type == TLSEXT_TYPE_renegotiate) -+ { -+ if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) -+ return 0; -+ renegotiate_seen = 1; -+ } - data+=size; - } - -@@ -1035,6 +1126,13 @@ int ssl_parse_serverhello_tlsext(SSL *s, - return 0; - } - -+ if (!renegotiate_seen -+ && !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) -+ { -+ *al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */ -+ return 0; -+ } -+ - if (!s->hit && tlsext_servername == 1) - { - if (s->tlsext_hostname) diff --git a/openssl-1.0.0-beta4-version.patch b/openssl-1.0.0-beta4-version.patch deleted file mode 100644 index ab12be0..0000000 --- a/openssl-1.0.0-beta4-version.patch +++ /dev/null @@ -1,14 +0,0 @@ -We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist -on having the same beta status of OpenSSL library as they were built against. -diff -up openssl-1.0.0-beta4/crypto/opensslv.h.version openssl-1.0.0-beta4/crypto/opensslv.h ---- openssl-1.0.0-beta4/crypto/opensslv.h.version 2009-11-12 15:17:28.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/opensslv.h 2009-11-13 12:39:08.000000000 +0100 -@@ -25,7 +25,7 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x10000004L -+#define OPENSSL_VERSION_NUMBER 0x10000003L - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta4 10 Nov 2009" - #else diff --git a/openssl-1.0.0-beta3-cipher-change.patch b/openssl-1.0.0-beta5-cipher-change.patch similarity index 61% rename from openssl-1.0.0-beta3-cipher-change.patch rename to openssl-1.0.0-beta5-cipher-change.patch index 8fe7ada..2e8343b 100644 --- a/openssl-1.0.0-beta3-cipher-change.patch +++ b/openssl-1.0.0-beta5-cipher-change.patch @@ -1,16 +1,16 @@ -diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h ---- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change 2009-08-05 18:22:45.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-05 18:27:32.000000000 +0200 -@@ -511,7 +511,7 @@ typedef struct ssl_session_st - - #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L +diff -up openssl-1.0.0-beta5/ssl/ssl.h.cipher-change openssl-1.0.0-beta5/ssl/ssl.h +--- openssl-1.0.0-beta5/ssl/ssl.h.cipher-change 2010-01-20 18:12:07.000000000 +0100 ++++ openssl-1.0.0-beta5/ssl/ssl.h 2010-01-20 18:13:04.000000000 +0100 +@@ -513,7 +513,7 @@ typedef struct ssl_session_st #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L + /* Allow initial connection to servers that don't support RI */ + #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */ #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ -@@ -528,7 +528,7 @@ typedef struct ssl_session_st +@@ -530,7 +530,7 @@ typedef struct ssl_session_st /* SSL_OP_ALL: various bug workarounds that should be rather harmless. * This used to be 0x000FFFFFL before 0.9.7. */ diff --git a/openssl-1.0.0-beta4-enginesdir.patch b/openssl-1.0.0-beta5-enginesdir.patch similarity index 63% rename from openssl-1.0.0-beta4-enginesdir.patch rename to openssl-1.0.0-beta5-enginesdir.patch index 0a304ce..d942d6e 100644 --- a/openssl-1.0.0-beta4-enginesdir.patch +++ b/openssl-1.0.0-beta5-enginesdir.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure ---- openssl-1.0.0-beta4/Configure.enginesdir 2009-11-12 12:17:59.000000000 +0100 -+++ openssl-1.0.0-beta4/Configure 2009-11-12 12:19:45.000000000 +0100 +diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure +--- openssl-1.0.0-beta5/Configure.enginesdir 2010-01-20 18:07:05.000000000 +0100 ++++ openssl-1.0.0-beta5/Configure 2010-01-20 18:10:48.000000000 +0100 @@ -622,6 +622,7 @@ my $idx_multilib = $idx++; my $prefix=""; my $libdir=""; @@ -20,7 +20,7 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure elsif (/^--install.prefix=(.*)$/) { $install_prefix=$1; -@@ -1055,7 +1060,7 @@ chop $prefix if $prefix =~ /.\/$/; +@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/; $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; @@ -29,18 +29,18 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure print "IsMK1MF=$IsMK1MF\n"; -@@ -1676,7 +1681,7 @@ while () - # $foo is to become "$prefix/lib$multilib/engines"; - # as Makefile.org and engines/Makefile are adapted for - # $multilib suffix. -- my $foo = "$prefix/lib/engines"; +@@ -1673,7 +1678,7 @@ while () + } + elsif (/^#define\s+ENGINESDIR/) + { +- my $foo = "$prefix/$libdir/engines"; + my $foo = "$enginesdir"; $foo =~ s/\\/\\\\/g; print OUT "#define ENGINESDIR \"$foo\"\n"; } -diff -up openssl-1.0.0-beta4/engines/Makefile.enginesdir openssl-1.0.0-beta4/engines/Makefile ---- openssl-1.0.0-beta4/engines/Makefile.enginesdir 2009-11-10 02:52:52.000000000 +0100 -+++ openssl-1.0.0-beta4/engines/Makefile 2009-11-12 12:23:06.000000000 +0100 +diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile +--- openssl-1.0.0-beta5/engines/Makefile.enginesdir 2010-01-16 21:06:09.000000000 +0100 ++++ openssl-1.0.0-beta5/engines/Makefile 2010-01-20 18:07:05.000000000 +0100 @@ -124,7 +124,7 @@ install: sfx=".so"; \ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ diff --git a/openssl-1.0.0-beta3-ipv6-apps.patch b/openssl-1.0.0-beta5-ipv6-apps.patch similarity index 86% rename from openssl-1.0.0-beta3-ipv6-apps.patch rename to openssl-1.0.0-beta5-ipv6-apps.patch index 690bc98..4304c01 100644 --- a/openssl-1.0.0-beta3-ipv6-apps.patch +++ b/openssl-1.0.0-beta5-ipv6-apps.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h ---- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps 2009-08-05 21:29:58.000000000 +0200 -+++ openssl-1.0.0-beta3/apps/s_apps.h 2009-08-05 21:29:58.000000000 +0200 +diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h +--- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps 2010-02-03 09:43:49.000000000 +0100 ++++ openssl-1.0.0-beta5/apps/s_apps.h 2010-02-03 09:43:49.000000000 +0100 @@ -148,7 +148,7 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" @@ -23,10 +23,10 @@ diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c ---- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200 -+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 22:33:44.000000000 +0200 -@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv) +diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c +--- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100 ++++ openssl-1.0.0-beta5/apps/s_client.c 2010-02-03 09:43:49.000000000 +0100 +@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv) int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; fd_set readfds,writefds; @@ -35,7 +35,7 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/ int full_log=1; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; -@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv) +@@ -488,13 +488,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-port") == 0) { if (--argc < 1) goto bad; @@ -51,7 +51,7 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/ goto bad; } else if (strcmp(*argv,"-verify") == 0) -@@ -956,7 +955,7 @@ bad: +@@ -967,7 +966,7 @@ bad: re_start: @@ -60,10 +60,10 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/ { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); SHUTDOWN(s); -diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c ---- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200 -+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 21:29:58.000000000 +0200 -@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[]) +diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c +--- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100 ++++ openssl-1.0.0-beta5/apps/s_server.c 2010-02-03 09:43:49.000000000 +0100 +@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[]) { X509_VERIFY_PARAM *vpm = NULL; int badarg = 0; @@ -72,7 +72,7 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/ char *CApath=NULL,*CAfile=NULL; unsigned char *context = NULL; char *dhfile = NULL; -@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[]) +@@ -909,8 +909,7 @@ int MAIN(int argc, char *argv[]) (strcmp(*argv,"-accept") == 0)) { if (--argc < 1) goto bad; @@ -82,7 +82,7 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/ } else if (strcmp(*argv,"-verify") == 0) { -@@ -1685,9 +1684,9 @@ bad: +@@ -1700,9 +1699,9 @@ bad: BIO_printf(bio_s_out,"ACCEPT\n"); (void)BIO_flush(bio_s_out); if (www) @@ -94,10 +94,10 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/ print_stats(bio_s_out,ctx); ret=0; end: -diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c ---- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta3/apps/s_socket.c 2009-08-05 21:29:58.000000000 +0200 -@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha +diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c +--- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps 2009-08-26 13:21:50.000000000 +0200 ++++ openssl-1.0.0-beta5/apps/s_socket.c 2010-02-03 10:00:30.000000000 +0100 +@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); @@ -108,7 +108,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/ static int do_accept(int acc_sock, int *sock, char **host); static int host_ip(char *str, unsigned char ip[4]); -@@ -228,58 +226,70 @@ static int ssl_sock_init(void) +@@ -234,58 +232,70 @@ static int ssl_sock_init(void) return(1); } @@ -217,7 +217,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/ { int sock; char *name = NULL; -@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r +@@ -323,33 +333,38 @@ int do_server(int port, int type, int *r } } @@ -277,7 +277,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/ #if defined SOL_SOCKET && defined SO_REUSEADDR { int j = 1; -@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i +@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i (void *) &j, sizeof j); } #endif @@ -337,11 +337,10 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/ int len; /* struct linger ling; */ -@@ -425,137 +443,62 @@ redoit: - if (i < 0) { perror("keepalive"); return(0); } +@@ -432,136 +450,58 @@ redoit: */ -- if (host == NULL) goto end; + if (host == NULL) goto end; -#ifndef BIT_FIELD_LIMITS - /* I should use WSAAsyncGetHostByName() under windows */ - h1=gethostbyaddr((char *)&from.sin_addr.s_addr, @@ -351,50 +350,44 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/ - sizeof(struct in_addr),AF_INET); -#endif - if (h1 == NULL) -+ if (host == NULL) - { -- BIO_printf(bio_err,"bad gethostbyaddr\n"); -- *host=NULL; -- /* return(0); */ -- } -- else -- { -- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) -- { -- perror("OPENSSL_malloc"); -+ *sock=ret; - return(0); - } -- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); - -- h2=GetHostByName(*host); -- if (h2 == NULL) ++ + if (getnameinfo((struct sockaddr *)&from, sizeof(from), + buffer, sizeof(buffer), + NULL, 0, 0)) - { -- BIO_printf(bio_err,"gethostbyname failure\n"); + { +- BIO_printf(bio_err,"bad gethostbyaddr\n"); + BIO_printf(bio_err,"getnameinfo failed\n"); -+ *host=NULL; + *host=NULL; + /* return(0); */ + } + else + { +- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) ++ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) + { + perror("OPENSSL_malloc"); return(0); } +- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); +- +- h2=GetHostByName(*host); +- if (h2 == NULL) +- { +- BIO_printf(bio_err,"gethostbyname failure\n"); +- return(0); +- } - i=0; - if (h2->h_addrtype != AF_INET) -+ else - { +- { - BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) -+ { -+ perror("OPENSSL_malloc"); - return(0); - } -- } --end: +- return(0); +- } + strcpy(*host, buffer); + } + end: *sock=ret; return(1); } -+ } -int extract_host_port(char *str, char **host_ptr, unsigned char *ip, - short *port_ptr) diff --git a/openssl-0.9.8j-readme-warning.patch b/openssl-1.0.0-beta5-readme-warning.patch similarity index 55% rename from openssl-0.9.8j-readme-warning.patch rename to openssl-1.0.0-beta5-readme-warning.patch index 411e6bd..0d89720 100644 --- a/openssl-0.9.8j-readme-warning.patch +++ b/openssl-1.0.0-beta5-readme-warning.patch @@ -1,7 +1,7 @@ -diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README ---- openssl-0.9.8j/README.warning 2009-01-07 11:50:53.000000000 +0100 -+++ openssl-0.9.8j/README 2009-01-14 17:43:02.000000000 +0100 -@@ -5,6 +5,31 @@ +diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README +--- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100 ++++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100 +@@ -5,6 +5,35 @@ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -15,9 +15,15 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README + + This version also contains a few differences from the upstream code + some of which are: -+ * The FIPS integrity verification check is implemented differently -+ from the upstream FIPS validated OpenSSL module. It verifies -+ HMAC-SHA256 checksum of the whole libcrypto shared library. ++ * There are added changes forward ported from the upstream OpenSSL ++ 0.9.8 FIPS branch however the FIPS integrity verification check ++ is implemented differently from the upstream FIPS validated OpenSSL ++ module. It verifies HMAC-SHA256 checksum of the whole shared ++ libraries. For this reason the changes are ported to files in the ++ crypto directory and not in a separate fips subdirectory. Also ++ note that the FIPS integrity verification check requires unmodified ++ libcrypto and libssl shared library files which means that it will ++ fail if these files are modified for example by prelink. + * The module respects the kernel FIPS flag /proc/sys/crypto/fips and + tries to initialize the FIPS mode if it is set to 1 aborting if the + FIPS mode could not be initialized. It is also possible to force the @@ -27,8 +33,6 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README + will not automatically load the built in compression method ZLIB + when initialized. Applications can still explicitely ask for ZLIB + compression method. -+ * There is added a support for EAP-FAST through TLS extension. This code -+ is backported from OpenSSL upstream development branch. + DESCRIPTION ----------- diff --git a/openssl-1.0.0-beta4-fips.patch b/openssl-1.0.0-fips.patch similarity index 89% rename from openssl-1.0.0-beta4-fips.patch rename to openssl-1.0.0-fips.patch index bc81d71..e5b6de7 100644 --- a/openssl-1.0.0-beta4-fips.patch +++ b/openssl-1.0.0-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure ---- openssl-1.0.0-beta4/Configure.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/Configure 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure +--- openssl-1.0.0/Configure.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/Configure 2010-03-30 10:33:46.000000000 +0200 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto/bf/bf_skey.c ---- openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bf/bf_skey.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c +--- openssl-1.0.0/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0/crypto/bf/bf_skey.c 2010-03-30 10:33:46.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypto/bf/blowfish.h ---- openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bf/blowfish.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h +--- openssl-1.0.0/crypto/bf/blowfish.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/bf/blowfish.h 2010-03-30 10:33:46.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypt void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/bn.h ---- openssl-1.0.0-beta4/crypto/bn/bn.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bn/bn.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h +--- openssl-1.0.0/crypto/bn/bn.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/bn/bn.h 2010-03-30 10:33:46.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/b BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/bn/bn_x931p.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c +--- openssl-1.0.0/crypto/bn/bn_x931p.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/bn/bn_x931p.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c + + } + -diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/bn/Makefile ---- openssl-1.0.0-beta4/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bn/Makefile 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile +--- openssl-1.0.0/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0/crypto/bn/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/ SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl 2010-03-30 10:33:46.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0- } @SBOX=( -diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4/crypto/camellia/camellia.h ---- openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/camellia.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h +--- openssl-1.0.0/crypto/camellia/camellia.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/camellia.h 2010-03-30 10:33:46.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4 int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/cmll_fblk.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c ---- openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c +--- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0/crypto/camellia/cmll_misc.c 2010-03-30 10:33:46.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta { if(!userKey || !key) return -1; -diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/crypto/camellia/Makefile ---- openssl-1.0.0-beta4/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/Makefile 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile +--- openssl-1.0.0/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0/crypto/camellia/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/c SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/cast/cast.h ---- openssl-1.0.0-beta4/crypto/cast/cast.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/cast/cast.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h +--- openssl-1.0.0/crypto/cast/cast.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/cast/cast.h 2010-03-30 10:33:46.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -560,11 +560,11 @@ diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/ +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +#endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); - void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, + void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypto/cast/c_skey.c ---- openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/cast/c_skey.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c +--- openssl-1.0.0/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0/crypto/cast/c_skey.c 2010-03-30 10:33:46.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -586,13 +586,14 @@ diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypt { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/crypto.h ---- openssl-1.0.0-beta4/crypto/crypto.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/crypto.h 2009-11-12 12:36:50.000000000 +0100 -@@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin - unsigned long *OPENSSL_ia32cap_loc(void); +diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h +--- openssl-1.0.0/crypto/crypto.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/crypto.h 2010-03-30 10:36:06.000000000 +0200 +@@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); ++ +#ifdef OPENSSL_FIPS +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ + alg " previous FIPS forbidden algorithm error ignored"); @@ -659,9 +660,9 @@ diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/cry /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/dh/dh_err.c ---- openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dh/dh_err.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c +--- openssl-1.0.0/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0/crypto/dh/dh_err.c 2010-03-30 10:33:46.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -679,9 +680,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/ {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/dh/dh_gen.c ---- openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dh/dh_gen.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c +--- openssl-1.0.0/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh_gen.c 2010-03-30 10:33:46.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -714,9 +715,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/ ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/dh.h ---- openssl-1.0.0-beta4/crypto/dh/dh.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dh/dh.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h +--- openssl-1.0.0/crypto/dh/dh.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh.h 2010-03-30 10:33:46.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -743,9 +744,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/d #ifdef __cplusplus } -diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/dh/dh_key.c ---- openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dh/dh_key.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c +--- openssl-1.0.0/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh_key.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -795,9 +796,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/ dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c ---- openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c +--- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0/crypto/dsa/dsa_gen.c 2010-03-30 10:33:46.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -833,9 +834,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypt if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/dsa/dsa.h ---- openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h +--- openssl-1.0.0/crypto/dsa/dsa.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa.h 2010-03-30 10:33:46.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -892,16 +893,18 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/ds #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c ---- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c 2009-11-12 12:36:50.000000000 +0100 -@@ -63,9 +63,53 @@ +diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c +--- openssl-1.0.0/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa_key.c 2010-03-30 10:33:46.000000000 +0200 +@@ -63,9 +63,55 @@ #include #include #include +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include "fips_locl.h" static int dsa_builtin_keygen(DSA *dsa); @@ -949,7 +952,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt int DSA_generate_key(DSA *dsa) { if(dsa->meth->dsa_keygen) -@@ -79,6 +123,14 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -79,6 +125,14 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -964,7 +967,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt if ((ctx=BN_CTX_new()) == NULL) goto err; if (dsa->priv_key == NULL) -@@ -117,6 +169,15 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -117,6 +171,15 @@ static int dsa_builtin_keygen(DSA *dsa) dsa->priv_key=priv_key; dsa->pub_key=pub_key; @@ -980,9 +983,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt ok=1; err: -diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa_ossl.c 2010-03-30 10:33:46.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1054,9 +1057,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/cryp dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypto/err/err_all.c ---- openssl-1.0.0-beta4/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/err/err_all.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c +--- openssl-1.0.0/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0/crypto/err/err_all.c 2010-03-30 10:33:46.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1077,9 +1080,9 @@ diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypt #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto/evp/digest.c ---- openssl-1.0.0-beta4/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/digest.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c +--- openssl-1.0.0/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/digest.c 2010-03-30 10:33:46.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1088,7 +1091,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { -@@ -137,9 +138,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons +@@ -138,9 +139,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1139,7 +1142,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -195,6 +237,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -197,6 +239,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c #endif if (ctx->digest != type) { @@ -1158,7 +1161,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; -@@ -222,6 +276,9 @@ skip_to_init: +@@ -230,6 +284,9 @@ skip_to_init: int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { @@ -1168,7 +1171,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto return ctx->update(ctx,data,count); } -@@ -238,6 +295,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns +@@ -246,6 +303,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; @@ -1178,9 +1181,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/evp/e_aes.c ---- openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/e_aes.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c +--- openssl-1.0.0/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_aes.c 2010-03-30 10:33:46.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1233,9 +1236,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/crypto/evp/e_camellia.c ---- openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/e_camellia.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c +--- openssl-1.0.0/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/e_camellia.c 2010-03-30 10:33:46.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1245,9 +1248,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/cr IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto/evp/e_des3.c ---- openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/e_des3.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c +--- openssl-1.0.0/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_des3.c 2010-03-30 10:33:46.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1292,9 +1295,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto/evp/e_null.c ---- openssl-1.0.0-beta4/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/e_null.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c +--- openssl-1.0.0/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_null.c 2010-03-30 10:33:46.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1304,9 +1307,20 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypto/evp/evp_enc.c ---- openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp_enc.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c +--- openssl-1.0.0/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_rc4.c 2010-03-30 10:33:46.000000000 +0200 +@@ -64,6 +64,7 @@ + #include + #include + #include ++#include "evp_locl.h" + + /* FIXME: surely this is available elsewhere? */ + #define EVP_RC4_KEY_SIZE 16 +diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c +--- openssl-1.0.0/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_enc.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1399,10 +1413,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypt if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypto/evp/evp_err.c ---- openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2009-11-12 12:36:50.000000000 +0100 -@@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c +--- openssl-1.0.0/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_err.c 2010-03-30 10:33:46.000000000 +0200 +@@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, @@ -1410,9 +1424,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypt {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/evp/evp.h ---- openssl-1.0.0-beta4/crypto/evp/evp.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h +--- openssl-1.0.0/crypto/evp/evp.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/evp.h 2010-03-30 10:40:12.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1455,33 +1469,26 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ -@@ -330,6 +336,14 @@ struct evp_cipher_st +@@ -330,12 +336,16 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 +-/* cipher has its own additional copying logic */ +-#define EVP_CIPH_CUSTOM_COPY 0x400 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x400 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 -+/* Allow use default ASN1 get/set iv */ -+#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 -+/* Buffer length in bits not bytes: CFB1 mode only */ -+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 + /* Allow use default ASN1 get/set iv */ + #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 + /* Buffer length in bits not bytes: CFB1 mode only */ + #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 ++/* cipher has its own additional copying logic */ ++#define EVP_CIPH_CUSTOM_COPY 0x4000 /* ctrl() values */ -@@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key,unsigned char *iv); - -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); -+ - int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); - int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void); +@@ -1239,6 +1249,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_DIFFERENT_PARAMETERS 153 @@ -1489,9 +1496,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypto/evp/evp_lib.c ---- openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/evp_lib.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c +--- openssl-1.0.0/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_lib.c 2010-03-30 10:33:46.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1510,7 +1517,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt else ret=-1; return(ret); -@@ -180,6 +184,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ +@@ -186,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -1520,43 +1527,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt return ctx->cipher->do_cipher(ctx,out,in,inl); } -@@ -289,3 +296,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_C - { - return (ctx->flags & flags); - } -+ -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -+ { -+ ctx->flags |= flags; -+ } -+ -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -+ { -+ ctx->flags &= ~flags; -+ } -+ -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -+ { -+ return (ctx->flags & flags); -+ } -diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/crypto/evp/evp_locl.h ---- openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp_locl.h 2009-11-12 12:36:50.000000000 +0100 -@@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER - static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ - {\ - size_t chunk=EVP_MAXCHUNK;\ -- if (cbits==1) chunk>>=3;\ -+ if (cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) chunk>>=3;\ - if (inl=chunk)\ - {\ -- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ -+ cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ -@@ -254,14 +254,29 @@ const EVP_CIPHER *EVP_##cname##_ecb(void +diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h +--- openssl-1.0.0/crypto/evp/evp_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/evp_locl.h 2010-03-30 10:33:46.000000000 +0200 +@@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1578,6 +1552,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp +#define CAST_set_key private_CAST_set_key +#define RC5_32_set_key private_RC5_32_set_key +#define BF_set_key private_BF_set_key ++#define SEED_set_key private_SEED_set_key +#define Camellia_set_key private_Camellia_set_key +#define idea_set_encrypt_key private_idea_set_encrypt_key + @@ -1586,14 +1561,16 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp +#define MD2_Init private_MD2_Init +#define MDC2_Init private_MDC2_Init +#define SHA_Init private_SHA_Init ++#define RIPEMD160_Init private_RIPEMD160_Init ++#define WHIRLPOOL_Init private_WHIRLPOOL_Init + +#endif struct evp_pkey_ctx_st { -diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss.c ---- openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/m_dss.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c +--- openssl-1.0.0/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_dss.c 2010-03-30 10:33:46.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1603,9 +1580,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/ init, update, final, -diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss1.c ---- openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/m_dss1.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c +--- openssl-1.0.0/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_dss1.c 2010-03-30 10:33:46.000000000 +0200 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1615,9 +1592,64 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto init, update, final, -diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto/evp/m_sha1.c ---- openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/m_sha1.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c +--- openssl-1.0.0/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_mdc2.c 2010-03-30 10:57:02.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA + #include + #endif ++#include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { return MDC2_Init(ctx->md_data); } +diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c +--- openssl-1.0.0/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md2.c 2010-03-30 10:33:46.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA + #include + #endif ++#include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { return MD2_Init(ctx->md_data); } +diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c +--- openssl-1.0.0/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md4.c 2010-03-30 10:33:46.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA + #include + #endif ++#include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { return MD4_Init(ctx->md_data); } +diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c +--- openssl-1.0.0/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md5.c 2010-03-30 10:33:46.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA + #include + #endif ++#include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { return MD5_Init(ctx->md_data); } +diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c +--- openssl-1.0.0/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_ripemd.c 2010-03-30 10:33:46.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA + #include + #endif ++#include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { return RIPEMD160_Init(ctx->md_data); } +diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c +--- openssl-1.0.0/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_sha1.c 2010-03-30 10:33:46.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1668,9 +1700,20 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto init512, update512, final512, -diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/evp/names.c ---- openssl-1.0.0-beta4/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/names.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c +--- openssl-1.0.0/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_wp.c 2010-03-30 10:33:46.000000000 +0200 +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { return WHIRLPOOL_Init(ctx->md_data); } +diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c +--- openssl-1.0.0/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/names.c 2010-03-30 10:33:46.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1693,9 +1736,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/ name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto/evp/p_sign.c ---- openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/p_sign.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c +--- openssl-1.0.0/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/p_sign.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1727,9 +1770,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/crypto/evp/p_verify.c ---- openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/p_verify.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c +--- openssl-1.0.0/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/p_verify.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1761,9 +1804,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/cryp i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2704,9 +2747,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3410,9 +3453,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -3951,9 +3994,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4185,9 +4228,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c + return 0; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4579,9 +4622,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4953,9 +4996,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5334,9 +5377,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5726,9 +5769,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6073,9 +6116,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h +#endif + } + -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips_err.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c +--- openssl-1.0.0/crypto/fips_err.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_err.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -6084,9 +6127,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c +#else +static void *dummy=&dummy; +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips_err.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h +--- openssl-1.0.0/crypto/fips_err.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_err.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6225,10 +6268,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h + } +#endif + } -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,101 @@ +diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -6280,7 +6323,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include + +#ifdef OPENSSL_FIPS @@ -6330,9 +6375,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c +--- openssl-1.0.0/crypto/fips/fips.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6753,10 +6798,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c + + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,137 @@ +diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_des_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -6808,7 +6853,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include + @@ -6894,10 +6941,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,184 @@ +diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -6959,7 +7006,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c +#include +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include +#include @@ -7082,9 +7131,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c + return ret; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h +--- openssl-1.0.0/crypto/fips/fips.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7249,10 +7298,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h +} +#endif +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,135 @@ +diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * @@ -7304,7 +7353,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include + +#ifdef OPENSSL_FIPS @@ -7388,10 +7439,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c + return 1; + } +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,410 @@ +diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c +--- openssl-1.0.0/crypto/fips/fips_rand.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * @@ -7470,7 +7521,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c +# endif +#endif +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include "fips_locl.h" + +#ifdef OPENSSL_FIPS @@ -7802,9 +7855,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c +} + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h +--- openssl-1.0.0/crypto/fips/fips_rand.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7883,10 +7936,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h +#endif +#endif +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,371 @@ +diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -7938,7 +7991,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include + @@ -8258,9 +8313,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_randtest.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c +--- openssl-1.0.0/crypto/fips/fips_randtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_randtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8510,10 +8565,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,439 @@ +diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. + * @@ -8565,7 +8620,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include +#include @@ -8953,9 +9010,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c + } + +#endif /* def OPENSSL_FIPS */ -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9238,10 +9295,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c + return 0; + + } -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,97 @@ +diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c 2010-03-30 10:33:46.000000000 +0200 +@@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -9293,7 +9350,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include + @@ -9339,9 +9398,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9516,9 +9575,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c + } + + -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c +--- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_test_suite.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10108,9 +10167,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c + } + +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips_locl.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h +--- openssl-1.0.0/crypto/fips_locl.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_locl.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10184,9 +10243,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h +} +#endif +#endif -diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/Makefile 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile +--- openssl-1.0.0/crypto/fips/Makefile.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10269,9 +10328,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/hmac/hmac.c ---- openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/hmac/hmac.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c +--- openssl-1.0.0/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 ++++ openssl-1.0.0/crypto/hmac/hmac.c 2010-03-30 10:33:46.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10286,31 +10345,9 @@ diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/ reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -@@ -209,3 +216,10 @@ unsigned char *HMAC(const EVP_MD *evp_md - return NULL; - } - -+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) -+ { -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); -+ } -+ -diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips openssl-1.0.0-beta4/crypto/hmac/hmac.h ---- openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/hmac/hmac.h 2009-11-12 12:36:50.000000000 +0100 -@@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md - unsigned int *md_len); - int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); - -+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); - - #ifdef __cplusplus - } -diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Makefile ---- openssl-1.0.0-beta4/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/Makefile 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile +--- openssl-1.0.0/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0/crypto/Makefile 2010-03-30 10:34:41.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10329,9 +10366,9 @@ diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Mak ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10353,9 +10390,9 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/cry { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2.h ---- openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h +--- openssl-1.0.0/crypto/mdc2/mdc2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/mdc2/mdc2.h 2010-03-30 10:34:41.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10367,9 +10404,9 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/ int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/crypto/md2/md2_dgst.c ---- openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/md2/md2_dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c +--- openssl-1.0.0/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0/crypto/md2/md2_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -62,6 +62,11 @@ #include #include @@ -10391,9 +10428,9 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/cryp { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md2/md2.h ---- openssl-1.0.0-beta4/crypto/md2/md2.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md2/md2.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h +--- openssl-1.0.0/crypto/md2/md2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md2/md2.h 2010-03-30 10:34:41.000000000 +0200 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10404,9 +10441,9 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/crypto/md4/md4_dgst.c ---- openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md4/md4_dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c +--- openssl-1.0.0/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0/crypto/md4/md4_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10428,9 +10465,9 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md4/md4.h ---- openssl-1.0.0-beta4/crypto/md4/md4.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md4/md4.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h +--- openssl-1.0.0/crypto/md4/md4.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md4/md4.h 2010-03-30 10:34:41.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10441,9 +10478,9 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/crypto/md5/md5_dgst.c ---- openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md5/md5_dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c +--- openssl-1.0.0/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0/crypto/md5/md5_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10465,9 +10502,9 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md5/md5.h ---- openssl-1.0.0-beta4/crypto/md5/md5.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md5/md5.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h +--- openssl-1.0.0/crypto/md5/md5.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md5/md5.h 2010-03-30 10:34:41.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10478,9 +10515,9 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c ---- openssl-1.0.0-beta4/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/mem.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c +--- openssl-1.0.0/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0/crypto/mem.c 2010-03-30 10:34:41.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10490,9 +10527,9 @@ diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/o_init.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c +--- openssl-1.0.0/crypto/o_init.c.fips 2010-03-30 10:34:41.000000000 +0200 ++++ openssl-1.0.0/crypto/o_init.c 2010-03-30 10:34:41.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10574,9 +10611,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c + } + + -diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/crypto/opensslconf.h.in ---- openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/opensslconf.h.in 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in +--- openssl-1.0.0/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0/crypto/opensslconf.h.in 2010-03-30 10:34:41.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10598,9 +10635,9 @@ diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/cr /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0/crypto/pkcs12/p12_crt.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10627,9 +10664,9 @@ diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/cr if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/crypto/rand/md_rand.c ---- openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/md_rand.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c +--- openssl-1.0.0/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/md_rand.c 2010-03-30 10:34:41.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10656,9 +10693,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/cryp #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/crypto/rand/rand_err.c ---- openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/rand_err.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c +--- openssl-1.0.0/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/rand_err.c 2010-03-30 10:34:41.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10691,9 +10728,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/cry {0,NULL} }; -diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/rand/rand.h ---- openssl-1.0.0-beta4/crypto/rand/rand.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/rand.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h +--- openssl-1.0.0/crypto/rand/rand.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rand/rand.h 2010-03-30 10:34:41.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10723,9 +10760,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/ #ifdef __cplusplus } -diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/crypto/rand/rand_lib.c ---- openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/rand_lib.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c +--- openssl-1.0.0/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/rand_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10759,9 +10796,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/cry return default_RAND_meth; } -diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc2/rc2.h ---- openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc2/rc2.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h +--- openssl-1.0.0/crypto/rc2/rc2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rc2/rc2.h 2010-03-30 10:34:41.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10773,9 +10810,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c ---- openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c +--- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0/crypto/rc2/rc2_skey.c 2010-03-30 10:34:41.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10809,9 +10846,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/cryp int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl 2010-03-30 10:34:41.000000000 +0200 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10819,9 +10856,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl 2010-03-30 10:34:41.000000000 +0200 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10831,9 +10868,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet print $code; close STDOUT; -diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl 2010-03-30 10:34:41.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10857,9 +10894,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/ # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto/rc4/Makefile ---- openssl-1.0.0-beta4/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/Makefile 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile +--- openssl-1.0.0/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/Makefile 2010-03-30 10:34:41.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10871,9 +10908,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto SRC= $(LIBSRC) -diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips 2010-03-30 10:34:41.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/rc4_fblk.c 2010-03-30 10:34:41.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10950,9 +10987,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c + } +#endif + -diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc4/rc4.h ---- openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/rc4.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h +--- openssl-1.0.0/crypto/rc4/rc4.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/rc4.h 2010-03-30 10:34:41.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -10963,9 +11000,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c ---- openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c +--- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/rc4_skey.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11003,9 +11040,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/cryp unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/crypto/ripemd/ripemd.h ---- openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/ripemd/ripemd.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h +--- openssl-1.0.0/crypto/ripemd/ripemd.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/ripemd/ripemd.h 2010-03-30 10:34:41.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11016,9 +11053,9 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/cry int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11040,19 +11077,21 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/c { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c ---- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c 2009-11-12 12:36:50.000000000 +0100 -@@ -114,6 +114,8 @@ +diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c +--- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_eay.c 2010-03-30 10:34:41.000000000 +0200 +@@ -114,6 +114,10 @@ #include #include #include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif #ifndef RSA_NULL -@@ -138,7 +140,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ +@@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ RSA_eay_init, RSA_eay_finish, @@ -11061,7 +11100,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt NULL, 0, /* rsa_sign */ 0, /* rsa_verify */ -@@ -150,6 +152,16 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) +@@ -150,6 +154,16 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } @@ -11078,7 +11117,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { -@@ -158,6 +170,23 @@ static int RSA_eay_public_encrypt(int fl +@@ -158,6 +172,23 @@ static int RSA_eay_public_encrypt(int fl unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -11102,7 +11141,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -@@ -223,9 +252,7 @@ static int RSA_eay_public_encrypt(int fl +@@ -223,9 +254,7 @@ static int RSA_eay_public_encrypt(int fl goto err; } @@ -11113,7 +11152,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -355,6 +382,23 @@ static int RSA_eay_private_encrypt(int f +@@ -355,6 +384,23 @@ static int RSA_eay_private_encrypt(int f int local_blinding = 0; BN_BLINDING *blinding = NULL; @@ -11137,7 +11176,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); -@@ -432,9 +476,7 @@ static int RSA_eay_private_encrypt(int f +@@ -432,9 +478,7 @@ static int RSA_eay_private_encrypt(int f else d= rsa->d; @@ -11148,7 +11187,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -488,6 +530,23 @@ static int RSA_eay_private_decrypt(int f +@@ -488,6 +532,23 @@ static int RSA_eay_private_decrypt(int f int local_blinding = 0; BN_BLINDING *blinding = NULL; @@ -11172,7 +11211,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); -@@ -555,9 +614,7 @@ static int RSA_eay_private_decrypt(int f +@@ -555,9 +616,7 @@ static int RSA_eay_private_decrypt(int f else d = rsa->d; @@ -11183,7 +11222,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -617,6 +674,23 @@ static int RSA_eay_public_decrypt(int fl +@@ -617,6 +676,23 @@ static int RSA_eay_public_decrypt(int fl unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -11207,7 +11246,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -@@ -667,9 +741,7 @@ static int RSA_eay_public_decrypt(int fl +@@ -667,9 +743,7 @@ static int RSA_eay_public_decrypt(int fl goto err; } @@ -11218,7 +11257,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -717,6 +789,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c +@@ -717,6 +791,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; @@ -11226,7 +11265,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt int ret=0; BN_CTX_start(ctx); -@@ -724,41 +797,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c +@@ -724,41 +799,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); @@ -11291,7 +11330,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -@@ -875,6 +938,9 @@ err: +@@ -875,6 +940,9 @@ err: static int RSA_eay_init(RSA *rsa) { @@ -11301,9 +11340,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_err.c ---- openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_err.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c +--- openssl-1.0.0/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0/crypto/rsa/rsa_err.c 2010-03-30 10:34:41.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11330,9 +11369,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypt {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c ---- openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c +--- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_gen.c 2010-03-30 10:34:41.000000000 +0200 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11458,9 +11497,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypt ok=1; err: if (ok == -1) -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rsa/rsa.h ---- openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h +--- openssl-1.0.0/crypto/rsa/rsa.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa.h 2010-03-30 10:34:41.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11530,9 +11569,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rs #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c ---- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips 2009-08-05 17:04:16.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c +--- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0/crypto/rsa/rsa_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11580,7 +11619,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt ret->pad=0; ret->version=0; -@@ -285,6 +311,13 @@ int RSA_public_encrypt(int flen, const u +@@ -294,6 +320,13 @@ int RSA_public_encrypt(int flen, const u int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -11594,7 +11633,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } -@@ -297,6 +330,13 @@ int RSA_private_decrypt(int flen, const +@@ -306,6 +339,13 @@ int RSA_private_decrypt(int flen, const int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -11608,9 +11647,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c ---- openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c +--- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_sign.c 2010-03-30 10:34:41.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11642,9 +11681,54 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/cryp if (i <= 0) goto err; -diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha_dgst.c ---- openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha_dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c +--- openssl-1.0.0/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0/crypto/seed/seed.c 2010-03-30 10:34:41.000000000 +0200 +@@ -34,6 +34,9 @@ + + #include + #include "seed_locl.h" ++#ifdef OPENSSL_FIPS ++#include ++#endif + + static const seed_word SS[4][256] = { { + 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, +@@ -193,7 +196,18 @@ static const seed_word KC[] = { + KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 }; + #endif + ++#ifdef OPENSSL_FIPS + void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) ++ { ++ if (FIPS_mode()) ++ FIPS_BAD_ABORT(SEED) ++ private_SEED_set_key(rawkey, ks); ++ } ++ ++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) ++#else ++void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks) ++#endif + { + seed_word x1, x2, x3, x4; + seed_word t0, t1; +diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h +--- openssl-1.0.0/crypto/seed/seed.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/seed/seed.h 2010-03-30 10:34:41.000000000 +0200 +@@ -117,6 +117,9 @@ typedef struct seed_key_st { + } SEED_KEY_SCHEDULE; + + ++#ifdef OPENSSL_FIPS ++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); ++#endif + void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); + + void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); +diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c +--- openssl-1.0.0/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -57,6 +57,12 @@ */ @@ -11658,9 +11742,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/cryp #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sha/sha.h ---- openssl-1.0.0-beta4/crypto/sha/sha.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h +--- openssl-1.0.0/crypto/sha/sha.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/sha/sha.h 2010-03-30 10:34:41.000000000 +0200 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11671,9 +11755,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sh int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/crypto/sha/sha_locl.h ---- openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha_locl.h 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h +--- openssl-1.0.0/crypto/sha/sha_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/sha/sha_locl.h 2010-03-30 10:34:41.000000000 +0200 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11690,9 +11774,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/cryp memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha1dgst.c ---- openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha1dgst.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c +--- openssl-1.0.0/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha1dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11704,9 +11788,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/cryp const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto/sha/sha256.c ---- openssl-1.0.0-beta4/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha256.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c +--- openssl-1.0.0/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha256.c 2010-03-30 10:34:41.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11737,9 +11821,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto/sha/sha512.c ---- openssl-1.0.0-beta4/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha512.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c +--- openssl-1.0.0/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha512.c 2010-03-30 10:34:41.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11771,18 +11855,39 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -@@ -380,7 +390,7 @@ static const SHA_LONG64 K512[80] = { - ((SHA_LONG64)hi)<<32|lo; }) - # endif - # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) --# define ROTR(a,n) ({ unsigned long ret; \ -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rotrdi %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) -diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org ---- openssl-1.0.0-beta4/Makefile.org.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/Makefile.org 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/whrlpool/whrlpool.h 2010-03-30 10:34:41.000000000 +0200 +@@ -24,6 +24,9 @@ typedef struct { + } WHIRLPOOL_CTX; + + #ifndef OPENSSL_NO_WHIRLPOOL ++#ifdef OPENSSL_FIPS ++int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); ++#endif + int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); + int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); + void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); +diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c 2010-03-30 10:34:41.000000000 +0200 +@@ -53,8 +53,12 @@ + + #include "wp_locl.h" + #include ++#include ++#ifdef OPENSSL_FIPS ++#include ++#endif + +-int WHIRLPOOL_Init (WHIRLPOOL_CTX *c) ++FIPS_NON_FIPS_MD_Init(WHIRLPOOL) + { + memset (c,0,sizeof(*c)); + return(1); +diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org +--- openssl-1.0.0/Makefile.org.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/Makefile.org 2010-03-30 10:34:41.000000000 +0200 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11810,9 +11915,9 @@ diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_ciph.c ---- openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/ssl_ciph.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c +--- openssl-1.0.0/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0/ssl/ssl_ciph.c 2010-03-30 10:34:41.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11835,10 +11940,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_cip { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.c ---- openssl-1.0.0-beta4/ssl/ssl_lib.c.fips 2009-10-16 15:41:52.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2009-11-12 12:36:50.000000000 +0100 -@@ -1471,6 +1471,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c +--- openssl-1.0.0/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 ++++ openssl-1.0.0/ssl/ssl_lib.c 2010-03-30 10:34:41.000000000 +0200 +@@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11853,10 +11958,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.c ---- openssl-1.0.0-beta4/ssl/ssltest.c.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/ssltest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -265,6 +265,9 @@ static void sv_usage(void) +diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c +--- openssl-1.0.0/ssl/ssltest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/ssl/ssltest.c 2010-03-30 10:34:41.000000000 +0200 +@@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); @@ -11866,7 +11971,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest. fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); -@@ -484,6 +487,9 @@ int main(int argc, char *argv[]) +@@ -487,6 +490,9 @@ int main(int argc, char *argv[]) #endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; @@ -11876,7 +11981,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest. verbose = 0; debug = 0; -@@ -515,7 +521,16 @@ int main(int argc, char *argv[]) +@@ -518,7 +524,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { @@ -11894,7 +11999,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest. server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; -@@ -711,6 +726,20 @@ bad: +@@ -714,6 +729,20 @@ bad: EXIT(1); } @@ -11915,7 +12020,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest. if (print_time) { if (!bio_pair) -@@ -2153,12 +2182,12 @@ static int MS_CALLBACK app_verify_callba +@@ -2156,12 +2185,12 @@ static int MS_CALLBACK app_verify_callba } #ifndef OPENSSL_NO_X509_VERIFY @@ -11930,10 +12035,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest. if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_clnt.c ---- openssl-1.0.0-beta4/ssl/s23_clnt.c.fips 2009-08-05 17:29:14.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/s23_clnt.c 2009-11-12 12:36:50.000000000 +0100 -@@ -335,6 +335,14 @@ static int ssl23_client_hello(SSL *s) +diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c +--- openssl-1.0.0/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0/ssl/s23_clnt.c 2010-03-30 10:34:41.000000000 +0200 +@@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } @@ -11948,7 +12053,7 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; -@@ -618,6 +626,14 @@ static int ssl23_get_server_hello(SSL *s +@@ -617,6 +625,14 @@ static int ssl23_get_server_hello(SSL *s if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -11963,10 +12068,10 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srvr.c ---- openssl-1.0.0-beta4/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-12 12:36:50.000000000 +0100 -@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) +diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c +--- openssl-1.0.0/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0/ssl/s23_srvr.c 2010-03-30 10:34:41.000000000 +0200 +@@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -11982,9 +12087,9 @@ diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srv if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.c ---- openssl-1.0.0-beta4/ssl/s3_clnt.c.fips 2009-10-30 15:06:18.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c +--- openssl-1.0.0/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 ++++ openssl-1.0.0/ssl/s3_clnt.c 2010-03-30 10:34:41.000000000 +0200 @@ -156,6 +156,10 @@ #include #include @@ -11996,7 +12101,7 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt. #ifndef OPENSSL_NO_DH #include #endif -@@ -1530,6 +1534,8 @@ int ssl3_get_key_exchange(SSL *s) +@@ -1546,6 +1550,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { @@ -12005,9 +12110,9 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c ---- openssl-1.0.0-beta4/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/s3_enc.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c +--- openssl-1.0.0/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0/ssl/s3_enc.c 2010-03-30 10:34:41.000000000 +0200 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12033,10 +12138,10 @@ diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.c ---- openssl-1.0.0-beta4/ssl/s3_srvr.c.fips 2009-10-30 14:22:44.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2009-11-12 12:36:50.000000000 +0100 -@@ -1679,6 +1679,8 @@ int ssl3_send_server_key_exchange(SSL *s +diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c +--- openssl-1.0.0/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 ++++ openssl-1.0.0/ssl/s3_srvr.c 2010-03-30 10:34:41.000000000 +0200 +@@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) { @@ -12045,9 +12150,9 @@ diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta4/ssl/t1_enc.c.fips openssl-1.0.0-beta4/ssl/t1_enc.c ---- openssl-1.0.0-beta4/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/t1_enc.c 2009-11-12 12:36:50.000000000 +0100 +diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c +--- openssl-1.0.0/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 ++++ openssl-1.0.0/ssl/t1_enc.c 2010-03-30 10:34:41.000000000 +0200 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md HMAC_CTX_init(&ctx); diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch new file mode 100644 index 0000000..adaea6a --- /dev/null +++ b/openssl-1.0.0-version.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h +--- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200 ++++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200 +@@ -25,7 +25,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x1000000fL ++/* we have to keep the version number to not break the abi */ ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" + #else diff --git a/openssl.spec b/openssl.spec index 2729e7e..e946180 100644 --- a/openssl.spec +++ b/openssl.spec @@ -11,8 +11,6 @@ # 1.0.0 soversion = 10 %define soversion 10 -%define beta beta4 - # Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -23,10 +21,10 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.16.%{beta}%{?dist} +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. -Source: openssl-%{version}-%{beta}-usa.tar.bz2 +Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert @@ -38,36 +36,30 @@ Source11: README.FIPS Patch0: openssl-1.0.0-beta4-redhat.patch Patch1: openssl-1.0.0-beta3-defaults.patch Patch3: openssl-1.0.0-beta3-soversion.patch -Patch4: openssl-1.0.0-beta4-enginesdir.patch +Patch4: openssl-1.0.0-beta5-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch # Bug fixes Patch23: openssl-1.0.0-beta4-default-paths.patch -Patch24: openssl-1.0.0-beta4-binutils.patch +Patch24: openssl-0.9.8j-bad-mime.patch # Functionality changes Patch32: openssl-0.9.8g-ia64.patch Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch -Patch38: openssl-1.0.0-beta3-cipher-change.patch -Patch39: openssl-1.0.0-beta3-ipv6-apps.patch -Patch40: openssl-1.0.0-beta4-fips.patch +Patch38: openssl-1.0.0-beta5-cipher-change.patch +Patch39: openssl-1.0.0-beta5-ipv6-apps.patch +Patch40: openssl-1.0.0-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch45: openssl-0.9.8j-env-nozlib.patch -Patch47: openssl-0.9.8j-readme-warning.patch -Patch48: openssl-0.9.8j-bad-mime.patch +Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0-beta4-version.patch +Patch51: openssl-1.0.0-version.patch +Patch52: openssl-1.0.0-beta4-aesni.patch # Backported fixes including security fixes -Patch60: openssl-1.0.0-beta4-reneg.patch -# This one is not backported but has to be applied after reneg patch -Patch61: openssl-1.0.0-beta4-client-reneg.patch -Patch62: openssl-1.0.0-beta4-backports.patch -Patch63: openssl-1.0.0-beta4-reneg-err.patch -Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch License: OpenSSL Group: System Environment/Libraries @@ -117,7 +109,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version}-%{beta} +%setup -q -n %{name}-%{version} %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat @@ -128,7 +120,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch6 -p1 -b .use-localhost %patch23 -p1 -b .default-paths -%patch24 -p1 -b .binutils +%patch24 -p1 -b .bad-mime %patch32 -p1 -b .ia64 %patch33 -p1 -b .ca-dir @@ -142,16 +134,10 @@ from other formats to the formats used by the OpenSSL toolkit. %patch44 -p1 -b .fipsrng %patch45 -p1 -b .env-nozlib %patch47 -p1 -b .warning -%patch48 -p1 -b .bad-mime %patch49 -p1 -b .algo-doc %patch50 -p1 -b .dtls1-abi %patch51 -p1 -b .version - -%patch60 -p1 -b .reneg -%patch61 -p1 -b .client-reneg -%patch62 -p1 -b .backports -%patch63 -p1 -b .reneg-err -%patch64 -p1 -b .dtls-ipv6 +%patch52 -p1 -b .aesni # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -160,7 +146,7 @@ perl util/perlpath.pl `dirname %{__perl}` touch Makefile make TABLE PERL=%{__perl} -%build +%build # Figure out which flags we want to use. # default sslarch=%{_os}-%{_arch} @@ -250,12 +236,9 @@ make -C test apps tests install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} make INSTALL_PREFIX=$RPM_BUILD_ROOT install make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs -# OpenSSL install doesn't use correct _libdir on 64 bit archs -[ "%{_libdir}" != /usr/lib ] && mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT%{_libdir}/ -mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl +mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/ rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man -mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || : rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do chmod 755 ${lib} @@ -347,7 +330,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT -%files +%files %defattr(-,root,root) %doc FAQ LICENSE CHANGES NEWS INSTALL README %doc doc/c-indentation.el doc/openssl.txt @@ -400,6 +383,33 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Tue Mar 30 2010 Tomas Mraz 1.0.0-1 +- update to final 1.0.0 upstream release + +* Tue Feb 16 2010 Tomas Mraz 1.0.0-0.22.beta5 +- make TLS work in the FIPS mode + +* Fri Feb 12 2010 Tomas Mraz 1.0.0-0.21.beta5 +- gracefully handle zero length in assembler implementations of + OPENSSL_cleanse (#564029) +- do not fail in s_server if client hostname not resolvable (#561260) + +* Wed Jan 20 2010 Tomas Mraz 1.0.0-0.20.beta5 +- new upstream release + +* Thu Jan 14 2010 Tomas Mraz 1.0.0-0.19.beta4 +- fix CVE-2009-4355 - leak in applications incorrectly calling + CRYPTO_free_all_ex_data() before application exit (#546707) +- upstream fix for future TLS protocol version handling + +* Wed Jan 13 2010 Tomas Mraz 1.0.0-0.18.beta4 +- add support for Intel AES-NI + +* Thu Jan 7 2010 Tomas Mraz 1.0.0-0.17.beta4 +- upstream fix compression handling on session resumption +- various null checks and other small fixes from upstream +- upstream changes for the renegotiation info according to the latest draft + * Mon Nov 23 2009 Tomas Mraz 1.0.0-0.16.beta4 - fix non-fips mingw build (patch by Kalev Lember) - add IPV6 fix for DTLS @@ -419,7 +429,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* openssh and possibly other dependencies with too strict version check * Thu Nov 12 2009 Tomas Mraz 1.0.0-0.11.beta4 -- update to new upstream version, no soname bump needed +- update to new upstream version, no soname bump needed - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used so the compatibility with unfixed clients is not broken. The protocol extension is also not final. @@ -525,7 +535,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) -- add possibility to disable zlib by setting +- add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493) @@ -732,7 +742,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* - upgrade to new upstream version (no soname bump needed) - disable thread test - it was testing the backport of the RSA blinding - no longer needed -- added support for changing serial number to +- added support for changing serial number to Makefile.certificate (#151188) - make ca-bundle.crt a config file (#118903) diff --git a/sources b/sources index 8a2c648..dadae2c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1fc0e41c230d0698f834413dfba864ad openssl-1.0.0-beta4-usa.tar.bz2 +f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2 From bbe5f977c96a587515e75f2f418ea1a3f79d5fcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 18 May 2010 16:05:10 +0000 Subject: [PATCH 14/20] - make CA dir readable - the private keys are in private subdir (#584810) --- openssl-1.0.0-dtls1-backports.patch | 53 +++++++++++++++++++ openssl-1.0.0-init-sha256.patch | 79 +++++++++++++++++++++++++++++ openssl-1.0.0-name-hash.patch | 22 ++++++++ openssl-1.0.0-timezone.patch | 21 ++++++++ openssl.spec | 49 +++++++++++++++--- 5 files changed, 216 insertions(+), 8 deletions(-) create mode 100644 openssl-1.0.0-dtls1-backports.patch create mode 100644 openssl-1.0.0-init-sha256.patch create mode 100644 openssl-1.0.0-name-hash.patch create mode 100644 openssl-1.0.0-timezone.patch diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch new file mode 100644 index 0000000..99518cd --- /dev/null +++ b/openssl-1.0.0-dtls1-backports.patch @@ -0,0 +1,53 @@ +diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c +--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100 ++++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200 +@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s + timeleft->tv_usec += 1000000; + } + ++ /* If remaining time is less than 15 ms, set it to 0 ++ * to prevent issues because of small devergences with ++ * socket timeouts. ++ */ ++ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) ++ { ++ memset(timeleft, 0, sizeof(struct timeval)); ++ } ++ ++ + return timeleft; + } + +diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c +--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200 ++++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200 +@@ -667,14 +667,14 @@ again: + if (rr->length == 0) goto again; + + /* If this record is from the next epoch (either HM or ALERT), +- * buffer it since it cannot be processed at this time. Records +- * from the next epoch are marked as received even though they +- * are not processed, so as to prevent any potential resource +- * DoS attack */ ++ * and a handshake is currently in progress, buffer it since it ++ * cannot be processed at this time. */ + if (is_next_epoch) + { +- dtls1_record_bitmap_update(s, bitmap); +- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); ++ if (SSL_in_init(s) || s->in_handshake) ++ { ++ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); ++ } + rr->length = 0; + s->packet_length = 0; + goto again; +@@ -809,7 +809,7 @@ start: + * buffer the application data for later processing rather + * than dropping the connection. + */ +- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); ++ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + rr->length = 0; + goto start; + } diff --git a/openssl-1.0.0-init-sha256.patch b/openssl-1.0.0-init-sha256.patch new file mode 100644 index 0000000..115722c --- /dev/null +++ b/openssl-1.0.0-init-sha256.patch @@ -0,0 +1,79 @@ +diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod +--- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100 ++++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200 +@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori + + =head1 DESCRIPTION + +-SSL_library_init() registers the available ciphers and digests. ++SSL_library_init() registers the available SSL/TLS ciphers and digests. + + OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms + for SSL_library_init(). +@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant. + + =head1 WARNING + +-SSL_library_init() only registers ciphers. Another important initialization +-is the seeding of the PRNG (Pseudo Random Number Generator), which has to +-be performed separately. ++SSL_library_init() adds ciphers and digests used directly and indirectly by ++SSL/TLS. + + =head1 EXAMPLES + + A typical TLS/SSL application will start with the library initialization, +-will provide readable error messages and will seed the PRNG. ++and provide readable error messages. + + SSL_load_error_strings(); /* readable error messages */ + SSL_library_init(); /* initialize library */ +- actions_to_seed_PRNG(); + + =head1 RETURN VALUES + + SSL_library_init() always returns "1", so it is safe to discard the return + value. + ++=head1 NOTES ++ ++OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). ++Applications which need to use SHA2 in earlier versions of OpenSSL should call ++OpenSSL_add_all_algorithms() as well. ++ + =head1 SEE ALSO + + L, L, +diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c +--- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200 ++++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200 +@@ -111,6 +111,14 @@ int SSL_library_init(void) + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); + #endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); +@@ -148,6 +156,14 @@ int SSL_library_init(void) + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); + #endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch new file mode 100644 index 0000000..9098c0a --- /dev/null +++ b/openssl-1.0.0-name-hash.patch @@ -0,0 +1,22 @@ +diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c +--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100 ++++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200 +@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA + { + unsigned long ret=0; + unsigned char md[16]; ++ EVP_MD_CTX ctx; + + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x,NULL); +- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); ++ ++ EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL) ++ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length) ++ && EVP_DigestFinal_ex(&ctx, md, NULL); ++ EVP_MD_CTX_cleanup(&ctx); + + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/openssl-1.0.0-timezone.patch b/openssl-1.0.0-timezone.patch new file mode 100644 index 0000000..b1d6682 --- /dev/null +++ b/openssl-1.0.0-timezone.patch @@ -0,0 +1,21 @@ +diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org +--- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200 ++++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200 +@@ -609,7 +609,7 @@ install_docs: + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +- sh -c "$$pod2man \ ++ sh -c "TZ=UTC $$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ +@@ -626,7 +626,7 @@ install_docs: + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +- sh -c "$$pod2man \ ++ sh -c "TZ=UTC $$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ diff --git a/openssl.spec b/openssl.spec index e946180..7eb85e8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 1%{?dist} +Release: 4%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -39,6 +39,7 @@ Patch3: openssl-1.0.0-beta3-soversion.patch Patch4: openssl-1.0.0-beta5-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch +Patch7: openssl-1.0.0-timezone.patch # Bug fixes Patch23: openssl-1.0.0-beta4-default-paths.patch Patch24: openssl-0.9.8j-bad-mime.patch @@ -59,7 +60,10 @@ Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch Patch51: openssl-1.0.0-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch +Patch53: openssl-1.0.0-name-hash.patch # Backported fixes including security fixes +Patch60: openssl-1.0.0-dtls1-backports.patch +Patch61: openssl-1.0.0-init-sha256.patch License: OpenSSL Group: System Environment/Libraries @@ -118,6 +122,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch4 -p1 -b .enginesdir %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost +%patch7 -p1 -b .timezone %patch23 -p1 -b .default-paths %patch24 -p1 -b .bad-mime @@ -138,7 +143,10 @@ from other formats to the formats used by the OpenSSL toolkit. %patch50 -p1 -b .dtls1-abi %patch51 -p1 -b .version %patch52 -p1 -b .aesni +%patch53 -p1 -b .name-hash +%patch60 -p1 -b .dtls1 +%patch61 -p1 -b .sha256 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -224,8 +232,8 @@ make -C test apps tests %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ - ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ + crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{version} >$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{version}.hmac \ + ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{soversion}.hmac \ crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ %{nil} @@ -240,11 +248,17 @@ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/ rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} +mkdir $RPM_BUILD_ROOT/%{_lib} +mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} $RPM_BUILD_ROOT/%{_lib} for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do chmod 755 ${lib} ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} - +done +for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do + chmod 755 ${lib} + ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion} done # Install a makefile for generating keys and self-signed certs, and a script @@ -281,8 +295,11 @@ pushd $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc mv CA.sh CA popd -mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts # Ensure the openssl.cnf timestamp is identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade @@ -345,15 +362,20 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %{_sysconfdir}/pki/tls/misc/CA %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts %{_sysconfdir}/pki/tls/misc/c_* %{_sysconfdir}/pki/tls/private %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf %attr(0755,root,root) %{_bindir}/openssl -%attr(0755,root,root) %{_libdir}/*.so.%{version} -%attr(0755,root,root) %{_libdir}/*.so.%{soversion} -%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac +%attr(0755,root,root) /%{_lib}/libcrypto.so.%{version} +%attr(0755,root,root) /%{_lib}/libcrypto.so.%{soversion} +%attr(0755,root,root) %{_libdir}/libssl.so.%{version} +%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion} +%attr(0644,root,root) /%{_lib}/.libcrypto.so.*.hmac %attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac %attr(0755,root,root) %{_libdir}/openssl %attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]* @@ -383,6 +405,17 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Tue May 18 2010 Tomas Mraz 1.0.0-4 +- make CA dir readable - the private keys are in private subdir (#584810) + +* Fri Apr 9 2010 Tomas Mraz 1.0.0-3 +- a few fixes from upstream CVS +- move libcrypto to /lib (#559953) + +* Tue Apr 6 2010 Tomas Mraz 1.0.0-2 +- set UTC timezone on pod2man run (#578842) +- make X509_NAME_hash_old work in FIPS mode + * Tue Mar 30 2010 Tomas Mraz 1.0.0-1 - update to final 1.0.0 upstream release From 354ff9f60c1a33ff88724d67ed19434710dc329a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 18 May 2010 16:24:02 +0000 Subject: [PATCH 15/20] - make CA dir readable - the private keys are in private subdir (#584810) - do not move the libcrypto to /lib in the F12 package --- openssl-1.0.0-dtls1-backports.patch | 53 +++++++++++++++++++ openssl-1.0.0-init-sha256.patch | 79 +++++++++++++++++++++++++++++ openssl-1.0.0-name-hash.patch | 22 ++++++++ openssl-1.0.0-timezone.patch | 21 ++++++++ openssl.spec | 30 ++++++++++- 5 files changed, 203 insertions(+), 2 deletions(-) create mode 100644 openssl-1.0.0-dtls1-backports.patch create mode 100644 openssl-1.0.0-init-sha256.patch create mode 100644 openssl-1.0.0-name-hash.patch create mode 100644 openssl-1.0.0-timezone.patch diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch new file mode 100644 index 0000000..99518cd --- /dev/null +++ b/openssl-1.0.0-dtls1-backports.patch @@ -0,0 +1,53 @@ +diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c +--- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100 ++++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200 +@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s + timeleft->tv_usec += 1000000; + } + ++ /* If remaining time is less than 15 ms, set it to 0 ++ * to prevent issues because of small devergences with ++ * socket timeouts. ++ */ ++ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) ++ { ++ memset(timeleft, 0, sizeof(struct timeval)); ++ } ++ ++ + return timeleft; + } + +diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c +--- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200 ++++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200 +@@ -667,14 +667,14 @@ again: + if (rr->length == 0) goto again; + + /* If this record is from the next epoch (either HM or ALERT), +- * buffer it since it cannot be processed at this time. Records +- * from the next epoch are marked as received even though they +- * are not processed, so as to prevent any potential resource +- * DoS attack */ ++ * and a handshake is currently in progress, buffer it since it ++ * cannot be processed at this time. */ + if (is_next_epoch) + { +- dtls1_record_bitmap_update(s, bitmap); +- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); ++ if (SSL_in_init(s) || s->in_handshake) ++ { ++ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); ++ } + rr->length = 0; + s->packet_length = 0; + goto again; +@@ -809,7 +809,7 @@ start: + * buffer the application data for later processing rather + * than dropping the connection. + */ +- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); ++ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + rr->length = 0; + goto start; + } diff --git a/openssl-1.0.0-init-sha256.patch b/openssl-1.0.0-init-sha256.patch new file mode 100644 index 0000000..115722c --- /dev/null +++ b/openssl-1.0.0-init-sha256.patch @@ -0,0 +1,79 @@ +diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod +--- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100 ++++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200 +@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori + + =head1 DESCRIPTION + +-SSL_library_init() registers the available ciphers and digests. ++SSL_library_init() registers the available SSL/TLS ciphers and digests. + + OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms + for SSL_library_init(). +@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant. + + =head1 WARNING + +-SSL_library_init() only registers ciphers. Another important initialization +-is the seeding of the PRNG (Pseudo Random Number Generator), which has to +-be performed separately. ++SSL_library_init() adds ciphers and digests used directly and indirectly by ++SSL/TLS. + + =head1 EXAMPLES + + A typical TLS/SSL application will start with the library initialization, +-will provide readable error messages and will seed the PRNG. ++and provide readable error messages. + + SSL_load_error_strings(); /* readable error messages */ + SSL_library_init(); /* initialize library */ +- actions_to_seed_PRNG(); + + =head1 RETURN VALUES + + SSL_library_init() always returns "1", so it is safe to discard the return + value. + ++=head1 NOTES ++ ++OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). ++Applications which need to use SHA2 in earlier versions of OpenSSL should call ++OpenSSL_add_all_algorithms() as well. ++ + =head1 SEE ALSO + + L, L, +diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c +--- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200 ++++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200 +@@ -111,6 +111,14 @@ int SSL_library_init(void) + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); + #endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); +@@ -148,6 +156,14 @@ int SSL_library_init(void) + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); + #endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch new file mode 100644 index 0000000..9098c0a --- /dev/null +++ b/openssl-1.0.0-name-hash.patch @@ -0,0 +1,22 @@ +diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c +--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100 ++++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200 +@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA + { + unsigned long ret=0; + unsigned char md[16]; ++ EVP_MD_CTX ctx; + + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x,NULL); +- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); ++ ++ EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL) ++ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length) ++ && EVP_DigestFinal_ex(&ctx, md, NULL); ++ EVP_MD_CTX_cleanup(&ctx); + + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/openssl-1.0.0-timezone.patch b/openssl-1.0.0-timezone.patch new file mode 100644 index 0000000..b1d6682 --- /dev/null +++ b/openssl-1.0.0-timezone.patch @@ -0,0 +1,21 @@ +diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org +--- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200 ++++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200 +@@ -609,7 +609,7 @@ install_docs: + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +- sh -c "$$pod2man \ ++ sh -c "TZ=UTC $$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ +@@ -626,7 +626,7 @@ install_docs: + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ +- sh -c "$$pod2man \ ++ sh -c "TZ=UTC $$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ diff --git a/openssl.spec b/openssl.spec index e946180..9a72fd4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 1%{?dist} +Release: 4%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -39,6 +39,7 @@ Patch3: openssl-1.0.0-beta3-soversion.patch Patch4: openssl-1.0.0-beta5-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch +Patch7: openssl-1.0.0-timezone.patch # Bug fixes Patch23: openssl-1.0.0-beta4-default-paths.patch Patch24: openssl-0.9.8j-bad-mime.patch @@ -59,7 +60,10 @@ Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch Patch51: openssl-1.0.0-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch +Patch53: openssl-1.0.0-name-hash.patch # Backported fixes including security fixes +Patch60: openssl-1.0.0-dtls1-backports.patch +Patch61: openssl-1.0.0-init-sha256.patch License: OpenSSL Group: System Environment/Libraries @@ -118,6 +122,7 @@ from other formats to the formats used by the OpenSSL toolkit. %patch4 -p1 -b .enginesdir %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost +%patch7 -p1 -b .timezone %patch23 -p1 -b .default-paths %patch24 -p1 -b .bad-mime @@ -138,7 +143,10 @@ from other formats to the formats used by the OpenSSL toolkit. %patch50 -p1 -b .dtls1-abi %patch51 -p1 -b .version %patch52 -p1 -b .aesni +%patch53 -p1 -b .name-hash +%patch60 -p1 -b .dtls1 +%patch61 -p1 -b .sha256 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -281,8 +289,11 @@ pushd $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc mv CA.sh CA popd -mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl +mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts # Ensure the openssl.cnf timestamp is identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade @@ -345,6 +356,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %{_sysconfdir}/pki/tls/misc/CA %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private +%dir %{_sysconfdir}/pki/CA/certs +%dir %{_sysconfdir}/pki/CA/crl +%dir %{_sysconfdir}/pki/CA/newcerts %{_sysconfdir}/pki/tls/misc/c_* %{_sysconfdir}/pki/tls/private @@ -383,6 +397,18 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Tue May 18 2010 Tomas Mraz 1.0.0-4 +- make CA dir readable - the private keys are in private subdir (#584810) +- do not move the libcrypto to /lib in the F12 package + +* Fri Apr 9 2010 Tomas Mraz 1.0.0-3 +- a few fixes from upstream CVS +- move libcrypto to /lib (#559953) + +* Tue Apr 6 2010 Tomas Mraz 1.0.0-2 +- set UTC timezone on pod2man run (#578842) +- make X509_NAME_hash_old work in FIPS mode + * Tue Mar 30 2010 Tomas Mraz 1.0.0-1 - update to final 1.0.0 upstream release From 9847ab298b6e24e33209de611e309e3aaadc2bd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 4 Jun 2010 12:52:29 +0000 Subject: [PATCH 16/20] - new upstream patch release, fixes CVE-2010-0742 (#598738) and CVE-2010-1633 (#598732) --- .cvsignore | 2 +- openssl-1.0.0-init-sha256.patch | 79 -- openssl-1.0.0-name-hash.patch | 22 - openssl-1.0.0-version.patch | 13 - ....0-fips.patch => openssl-1.0.0a-fips.patch | 782 +++++++++--------- ...ode.patch => openssl-1.0.0a-fipsmode.patch | 49 +- openssl-1.0.0a-version.patch | 13 + openssl.spec | 31 +- sources | 2 +- 9 files changed, 446 insertions(+), 547 deletions(-) delete mode 100644 openssl-1.0.0-init-sha256.patch delete mode 100644 openssl-1.0.0-name-hash.patch delete mode 100644 openssl-1.0.0-version.patch rename openssl-1.0.0-fips.patch => openssl-1.0.0a-fips.patch (91%) rename openssl-1.0.0-beta3-fipsmode.patch => openssl-1.0.0a-fipsmode.patch (80%) create mode 100644 openssl-1.0.0a-version.patch diff --git a/.cvsignore b/.cvsignore index 3930a9d..f4623d7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-usa.tar.bz2 +openssl-1.0.0a-usa.tar.bz2 diff --git a/openssl-1.0.0-init-sha256.patch b/openssl-1.0.0-init-sha256.patch deleted file mode 100644 index 115722c..0000000 --- a/openssl-1.0.0-init-sha256.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod ---- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100 -+++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200 -@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori - - =head1 DESCRIPTION - --SSL_library_init() registers the available ciphers and digests. -+SSL_library_init() registers the available SSL/TLS ciphers and digests. - - OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms - for SSL_library_init(). -@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant. - - =head1 WARNING - --SSL_library_init() only registers ciphers. Another important initialization --is the seeding of the PRNG (Pseudo Random Number Generator), which has to --be performed separately. -+SSL_library_init() adds ciphers and digests used directly and indirectly by -+SSL/TLS. - - =head1 EXAMPLES - - A typical TLS/SSL application will start with the library initialization, --will provide readable error messages and will seed the PRNG. -+and provide readable error messages. - - SSL_load_error_strings(); /* readable error messages */ - SSL_library_init(); /* initialize library */ -- actions_to_seed_PRNG(); - - =head1 RETURN VALUES - - SSL_library_init() always returns "1", so it is safe to discard the return - value. - -+=head1 NOTES -+ -+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). -+Applications which need to use SHA2 in earlier versions of OpenSSL should call -+OpenSSL_add_all_algorithms() as well. -+ - =head1 SEE ALSO - - L, L, -diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c ---- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200 -+++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200 -@@ -111,6 +111,14 @@ int SSL_library_init(void) - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); - #endif -+#ifndef OPENSSL_NO_SHA256 -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); -@@ -148,6 +156,14 @@ int SSL_library_init(void) - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); - #endif -+#ifndef OPENSSL_NO_SHA256 -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch deleted file mode 100644 index 9098c0a..0000000 --- a/openssl-1.0.0-name-hash.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c ---- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100 -+++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200 -@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA - { - unsigned long ret=0; - unsigned char md[16]; -+ EVP_MD_CTX ctx; - - /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x,NULL); -- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); -+ -+ EVP_MD_CTX_init(&ctx); -+ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL) -+ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length) -+ && EVP_DigestFinal_ex(&ctx, md, NULL); -+ EVP_MD_CTX_cleanup(&ctx); - - ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| - ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch deleted file mode 100644 index adaea6a..0000000 --- a/openssl-1.0.0-version.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h ---- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200 -+++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200 -@@ -25,7 +25,8 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x1000000fL -+/* we have to keep the version number to not break the abi */ -+#define OPENSSL_VERSION_NUMBER 0x10000003L - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" - #else diff --git a/openssl-1.0.0-fips.patch b/openssl-1.0.0a-fips.patch similarity index 91% rename from openssl-1.0.0-fips.patch rename to openssl-1.0.0a-fips.patch index e5b6de7..421e507 100644 --- a/openssl-1.0.0-fips.patch +++ b/openssl-1.0.0a-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure ---- openssl-1.0.0/Configure.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/Configure 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure +--- openssl-1.0.0a/Configure.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/Configure 2010-06-04 12:25:15.000000000 +0200 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c ---- openssl-1.0.0/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0/crypto/bf/bf_skey.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bf/bf_skey.c.fips openssl-1.0.0a/crypto/bf/bf_skey.c +--- openssl-1.0.0a/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/bf/bf_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey. { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h ---- openssl-1.0.0/crypto/bf/blowfish.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/bf/blowfish.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bf/blowfish.h.fips openssl-1.0.0a/crypto/bf/blowfish.h +--- openssl-1.0.0a/crypto/bf/blowfish.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/bf/blowfish.h 2010-06-04 12:25:15.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfis void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h ---- openssl-1.0.0/crypto/bn/bn.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/bn/bn.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/bn.h.fips openssl-1.0.0a/crypto/bn/bn.h +--- openssl-1.0.0a/crypto/bn/bn.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/bn/bn.h 2010-06-04 12:25:15.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c ---- openssl-1.0.0/crypto/bn/bn_x931p.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/bn/bn_x931p.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/bn_x931p.c.fips openssl-1.0.0a/crypto/bn/bn_x931p.c +--- openssl-1.0.0a/crypto/bn/bn_x931p.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/bn/bn_x931p.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931 + + } + -diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile ---- openssl-1.0.0/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0/crypto/bn/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/Makefile.fips openssl-1.0.0a/crypto/bn/Makefile +--- openssl-1.0.0a/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0a/crypto/bn/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl 2010-06-04 12:25:15.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto } @SBOX=( -diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h ---- openssl-1.0.0/crypto/camellia/camellia.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/camellia.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/camellia.h.fips openssl-1.0.0a/crypto/camellia/camellia.h +--- openssl-1.0.0a/crypto/camellia/camellia.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/camellia.h 2010-06-04 12:25:15.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/came int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/cmll_fblk.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0a/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/cmll_fblk.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/cam + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c ---- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0/crypto/camellia/cmll_misc.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips openssl-1.0.0a/crypto/camellia/cmll_misc.c +--- openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/camellia/cmll_misc.c 2010-06-04 12:25:15.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/cam { if(!userKey || !key) return -1; -diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile ---- openssl-1.0.0/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0/crypto/camellia/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/Makefile.fips openssl-1.0.0a/crypto/camellia/Makefile +--- openssl-1.0.0a/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0a/crypto/camellia/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camell SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h ---- openssl-1.0.0/crypto/cast/cast.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/cast/cast.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/cast/cast.h.fips openssl-1.0.0a/crypto/cast/cast.h +--- openssl-1.0.0a/crypto/cast/cast.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/cast/cast.h 2010-06-04 12:25:15.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c ---- openssl-1.0.0/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0/crypto/cast/c_skey.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/cast/c_skey.c.fips openssl-1.0.0a/crypto/cast/c_skey.c +--- openssl-1.0.0a/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/cast/c_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -586,9 +586,9 @@ diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_ske { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h ---- openssl-1.0.0/crypto/crypto.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/crypto.h 2010-03-30 10:36:06.000000000 +0200 +diff -up openssl-1.0.0a/crypto/crypto.h.fips openssl-1.0.0a/crypto/crypto.h +--- openssl-1.0.0a/crypto/crypto.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/crypto.h 2010-06-04 12:25:15.000000000 +0200 @@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); @@ -660,9 +660,9 @@ diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c ---- openssl-1.0.0/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0/crypto/dh/dh_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_err.c.fips openssl-1.0.0a/crypto/dh/dh_err.c +--- openssl-1.0.0a/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0a/crypto/dh/dh_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -680,9 +680,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c ---- openssl-1.0.0/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh_gen.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_gen.c.fips openssl-1.0.0a/crypto/dh/dh_gen.c +--- openssl-1.0.0a/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -715,9 +715,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h ---- openssl-1.0.0/crypto/dh/dh.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh.h.fips openssl-1.0.0a/crypto/dh/dh.h +--- openssl-1.0.0a/crypto/dh/dh.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh.h 2010-06-04 12:25:15.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -744,9 +744,9 @@ diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h #ifdef __cplusplus } -diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c ---- openssl-1.0.0/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh_key.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_key.c.fips openssl-1.0.0a/crypto/dh/dh_key.c +--- openssl-1.0.0a/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh_key.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -796,9 +796,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c ---- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0/crypto/dsa/dsa_gen.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips openssl-1.0.0a/crypto/dsa/dsa_gen.c +--- openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0a/crypto/dsa/dsa_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -834,9 +834,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_ge if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h ---- openssl-1.0.0/crypto/dsa/dsa.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa.h.fips openssl-1.0.0a/crypto/dsa/dsa.h +--- openssl-1.0.0a/crypto/dsa/dsa.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa.h 2010-06-04 12:25:15.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -893,9 +893,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c ---- openssl-1.0.0/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa_key.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_key.c.fips openssl-1.0.0a/crypto/dsa/dsa_key.c +--- openssl-1.0.0a/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa_key.c 2010-06-04 12:25:15.000000000 +0200 @@ -63,9 +63,55 @@ #include #include @@ -983,9 +983,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_ke ok=1; err: -diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa_ossl.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa_ossl.c 2010-06-04 12:25:15.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1057,9 +1057,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_o dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c ---- openssl-1.0.0/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0/crypto/err/err_all.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/err/err_all.c.fips openssl-1.0.0a/crypto/err/err_all.c +--- openssl-1.0.0a/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0a/crypto/err/err_all.c 2010-06-04 12:25:15.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1080,9 +1080,9 @@ diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_al #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c ---- openssl-1.0.0/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/digest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/digest.c.fips openssl-1.0.0a/crypto/evp/digest.c +--- openssl-1.0.0a/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/digest.c 2010-06-04 12:25:15.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1181,9 +1181,9 @@ diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest. OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c ---- openssl-1.0.0/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_aes.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_aes.c.fips openssl-1.0.0a/crypto/evp/e_aes.c +--- openssl-1.0.0a/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_aes.c 2010-06-04 12:25:15.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1236,9 +1236,9 @@ diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c ---- openssl-1.0.0/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/e_camellia.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_camellia.c.fips openssl-1.0.0a/crypto/evp/e_camellia.c +--- openssl-1.0.0a/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/e_camellia.c 2010-06-04 12:25:15.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1248,9 +1248,9 @@ diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_c IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c ---- openssl-1.0.0/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_des3.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_des3.c.fips openssl-1.0.0a/crypto/evp/e_des3.c +--- openssl-1.0.0a/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_des3.c 2010-06-04 12:25:15.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1295,9 +1295,9 @@ diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3. des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c ---- openssl-1.0.0/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_null.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_null.c.fips openssl-1.0.0a/crypto/evp/e_null.c +--- openssl-1.0.0a/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_null.c 2010-06-04 12:25:15.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1307,9 +1307,9 @@ diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null. null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c ---- openssl-1.0.0/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_rc4.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_rc4.c.fips openssl-1.0.0a/crypto/evp/e_rc4.c +--- openssl-1.0.0a/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_rc4.c 2010-06-04 12:25:15.000000000 +0200 @@ -64,6 +64,7 @@ #include #include @@ -1318,9 +1318,9 @@ diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c ---- openssl-1.0.0/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_enc.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_enc.c +--- openssl-1.0.0a/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_enc.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1413,9 +1413,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_en if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c ---- openssl-1.0.0/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_err.c.fips openssl-1.0.0a/crypto/evp/evp_err.c +--- openssl-1.0.0a/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1424,9 +1424,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_er {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h ---- openssl-1.0.0/crypto/evp/evp.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/evp.h 2010-03-30 10:40:12.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp.h.fips openssl-1.0.0a/crypto/evp/evp.h +--- openssl-1.0.0a/crypto/evp/evp.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/evp.h 2010-06-04 12:25:15.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1496,9 +1496,9 @@ diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c ---- openssl-1.0.0/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_lib.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_lib.c.fips openssl-1.0.0a/crypto/evp/evp_lib.c +--- openssl-1.0.0a/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1527,9 +1527,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_li return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h ---- openssl-1.0.0/crypto/evp/evp_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/evp_locl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_locl.h.fips openssl-1.0.0a/crypto/evp/evp_locl.h +--- openssl-1.0.0a/crypto/evp/evp_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/evp_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1568,9 +1568,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_l struct evp_pkey_ctx_st { -diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c ---- openssl-1.0.0/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_dss.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_dss.c.fips openssl-1.0.0a/crypto/evp/m_dss.c +--- openssl-1.0.0a/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_dss.c 2010-06-04 12:25:15.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1580,9 +1580,9 @@ diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c init, update, final, -diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c ---- openssl-1.0.0/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_dss1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_dss1.c.fips openssl-1.0.0a/crypto/evp/m_dss1.c +--- openssl-1.0.0a/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_dss1.c 2010-06-04 12:25:15.000000000 +0200 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1592,9 +1592,9 @@ diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1. init, update, final, -diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c ---- openssl-1.0.0/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_mdc2.c 2010-03-30 10:57:02.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_mdc2.c.fips openssl-1.0.0a/crypto/evp/m_mdc2.c +--- openssl-1.0.0a/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_mdc2.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1603,9 +1603,9 @@ diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2. static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c ---- openssl-1.0.0/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md2.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md2.c.fips openssl-1.0.0a/crypto/evp/m_md2.c +--- openssl-1.0.0a/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md2.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1614,9 +1614,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c ---- openssl-1.0.0/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md4.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md4.c.fips openssl-1.0.0a/crypto/evp/m_md4.c +--- openssl-1.0.0a/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md4.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1625,9 +1625,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c ---- openssl-1.0.0/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md5.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md5.c.fips openssl-1.0.0a/crypto/evp/m_md5.c +--- openssl-1.0.0a/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md5.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1636,9 +1636,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c ---- openssl-1.0.0/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_ripemd.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_ripemd.c.fips openssl-1.0.0a/crypto/evp/m_ripemd.c +--- openssl-1.0.0a/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_ripemd.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1647,9 +1647,9 @@ diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_rip static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c ---- openssl-1.0.0/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_sha1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_sha1.c.fips openssl-1.0.0a/crypto/evp/m_sha1.c +--- openssl-1.0.0a/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_sha1.c 2010-06-04 12:25:15.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1700,9 +1700,9 @@ diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1. init512, update512, final512, -diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c ---- openssl-1.0.0/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_wp.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_wp.c.fips openssl-1.0.0a/crypto/evp/m_wp.c +--- openssl-1.0.0a/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_wp.c 2010-06-04 12:25:15.000000000 +0200 @@ -9,6 +9,7 @@ #include #include @@ -1711,9 +1711,9 @@ diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c ---- openssl-1.0.0/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/names.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/names.c.fips openssl-1.0.0a/crypto/evp/names.c +--- openssl-1.0.0a/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/names.c 2010-06-04 12:25:15.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1736,9 +1736,9 @@ diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c ---- openssl-1.0.0/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/p_sign.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/p_sign.c.fips openssl-1.0.0a/crypto/evp/p_sign.c +--- openssl-1.0.0a/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/p_sign.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1770,9 +1770,9 @@ diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign. if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c ---- openssl-1.0.0/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/p_verify.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/p_verify.c.fips openssl-1.0.0a/crypto/evp/p_verify.c +--- openssl-1.0.0a/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/p_verify.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1804,9 +1804,9 @@ diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_ver i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2747,9 +2747,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/ + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3453,9 +3453,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -3994,9 +3994,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/f + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4228,9 +4228,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/f + return 0; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4622,9 +4622,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4996,9 +4996,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypt + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5377,9 +5377,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypt + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5769,9 +5769,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0a/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_utl.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6116,9 +6116,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fip +#endif + } + -diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c ---- openssl-1.0.0/crypto/fips_err.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_err.c.fips openssl-1.0.0a/crypto/fips_err.c +--- openssl-1.0.0a/crypto/fips_err.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -6127,9 +6127,9 @@ diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c +#else +static void *dummy=&dummy; +#endif -diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h ---- openssl-1.0.0/crypto/fips_err.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_err.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_err.h.fips openssl-1.0.0a/crypto/fips_err.h +--- openssl-1.0.0a/crypto/fips_err.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_err.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6268,9 +6268,9 @@ diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h + } +#endif + } -diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_aes_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6375,9 +6375,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c ---- openssl-1.0.0/crypto/fips/fips.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips.c.fips openssl-1.0.0a/crypto/fips/fips.c +--- openssl-1.0.0a/crypto/fips/fips.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6798,9 +6798,9 @@ diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c + + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_des_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_des_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6941,9 +6941,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7131,9 +7131,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h ---- openssl-1.0.0/crypto/fips/fips.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips.h.fips openssl-1.0.0a/crypto/fips/fips.h +--- openssl-1.0.0a/crypto/fips/fips.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7298,9 +7298,9 @@ diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h +} +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7439,9 +7439,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypt + return 1; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c ---- openssl-1.0.0/crypto/fips/fips_rand.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand.c.fips openssl-1.0.0a/crypto/fips/fips_rand.c +--- openssl-1.0.0a/crypto/fips/fips_rand.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7855,9 +7855,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fi +} + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h ---- openssl-1.0.0/crypto/fips/fips_rand.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand.h.fips openssl-1.0.0a/crypto/fips/fips_rand.h +--- openssl-1.0.0a/crypto/fips/fips_rand.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7936,9 +7936,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fi +#endif +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8313,9 +8313,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c ---- openssl-1.0.0/crypto/fips/fips_randtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_randtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_randtest.c.fips openssl-1.0.0a/crypto/fips/fips_randtest.c +--- openssl-1.0.0a/crypto/fips/fips_randtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_randtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8565,9 +8565,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fip + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9010,9 +9010,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9295,9 +9295,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fi + return 0; + + } -diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9398,9 +9398,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c ---- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9575,9 +9575,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/cry + } + + -diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c ---- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_test_suite.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips openssl-1.0.0a/crypto/fips/fips_test_suite.c +--- openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_test_suite.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10167,9 +10167,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/f + } + +#endif -diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h ---- openssl-1.0.0/crypto/fips_locl.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_locl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_locl.h.fips openssl-1.0.0a/crypto/fips_locl.h +--- openssl-1.0.0a/crypto/fips_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10243,9 +10243,9 @@ diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h +} +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile ---- openssl-1.0.0/crypto/fips/Makefile.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/Makefile.fips openssl-1.0.0a/crypto/fips/Makefile +--- openssl-1.0.0a/crypto/fips/Makefile.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10328,9 +10328,9 @@ diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makef + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c ---- openssl-1.0.0/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 -+++ openssl-1.0.0/crypto/hmac/hmac.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/hmac/hmac.c.fips openssl-1.0.0a/crypto/hmac/hmac.c +--- openssl-1.0.0a/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/hmac/hmac.c 2010-06-04 12:25:15.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10345,9 +10345,9 @@ diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile ---- openssl-1.0.0/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0/crypto/Makefile 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/Makefile.fips openssl-1.0.0a/crypto/Makefile +--- openssl-1.0.0a/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10366,9 +10366,9 @@ diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0a/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0a/crypto/mdc2/mdc2dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10390,9 +10390,9 @@ diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h ---- openssl-1.0.0/crypto/mdc2/mdc2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/mdc2/mdc2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mdc2/mdc2.h.fips openssl-1.0.0a/crypto/mdc2/mdc2.h +--- openssl-1.0.0a/crypto/mdc2/mdc2.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/mdc2/mdc2.h 2010-06-04 12:25:15.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10404,9 +10404,9 @@ diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c ---- openssl-1.0.0/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0/crypto/md2/md2_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md2/md2_dgst.c.fips openssl-1.0.0a/crypto/md2/md2_dgst.c +--- openssl-1.0.0a/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/md2/md2_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -62,6 +62,11 @@ #include #include @@ -10428,9 +10428,9 @@ diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_d { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h ---- openssl-1.0.0/crypto/md2/md2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md2/md2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md2/md2.h.fips openssl-1.0.0a/crypto/md2/md2.h +--- openssl-1.0.0a/crypto/md2/md2.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/md2/md2.h 2010-06-04 12:25:15.000000000 +0200 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10441,9 +10441,9 @@ diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c ---- openssl-1.0.0/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0/crypto/md4/md4_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md4/md4_dgst.c.fips openssl-1.0.0a/crypto/md4/md4_dgst.c +--- openssl-1.0.0a/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0a/crypto/md4/md4_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10465,9 +10465,9 @@ diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_d { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h ---- openssl-1.0.0/crypto/md4/md4.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md4/md4.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md4/md4.h.fips openssl-1.0.0a/crypto/md4/md4.h +--- openssl-1.0.0a/crypto/md4/md4.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/md4/md4.h 2010-06-04 12:25:15.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10478,9 +10478,9 @@ diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c ---- openssl-1.0.0/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0/crypto/md5/md5_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md5/md5_dgst.c.fips openssl-1.0.0a/crypto/md5/md5_dgst.c +--- openssl-1.0.0a/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0a/crypto/md5/md5_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10502,9 +10502,9 @@ diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_d { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h ---- openssl-1.0.0/crypto/md5/md5.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md5/md5.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md5/md5.h.fips openssl-1.0.0a/crypto/md5/md5.h +--- openssl-1.0.0a/crypto/md5/md5.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/md5/md5.h 2010-06-04 12:25:15.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10515,9 +10515,9 @@ diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c ---- openssl-1.0.0/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0/crypto/mem.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mem.c.fips openssl-1.0.0a/crypto/mem.c +--- openssl-1.0.0a/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/mem.c 2010-06-04 12:25:15.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10527,9 +10527,9 @@ diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c ---- openssl-1.0.0/crypto/o_init.c.fips 2010-03-30 10:34:41.000000000 +0200 -+++ openssl-1.0.0/crypto/o_init.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/o_init.c.fips openssl-1.0.0a/crypto/o_init.c +--- openssl-1.0.0a/crypto/o_init.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10611,9 +10611,9 @@ diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c + } + + -diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in ---- openssl-1.0.0/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0/crypto/opensslconf.h.in 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/opensslconf.h.in.fips openssl-1.0.0a/crypto/opensslconf.h.in +--- openssl-1.0.0a/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/opensslconf.h.in 2010-06-04 12:25:15.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10635,9 +10635,9 @@ diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/openssl /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0/crypto/pkcs12/p12_crt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0a/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0a/crypto/pkcs12/p12_crt.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10664,9 +10664,9 @@ diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/ if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c ---- openssl-1.0.0/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/md_rand.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/md_rand.c.fips openssl-1.0.0a/crypto/rand/md_rand.c +--- openssl-1.0.0a/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/md_rand.c 2010-06-04 12:25:15.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10693,9 +10693,9 @@ diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_r #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c ---- openssl-1.0.0/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/rand_err.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand_err.c.fips openssl-1.0.0a/crypto/rand/rand_err.c +--- openssl-1.0.0a/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/rand_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10728,9 +10728,9 @@ diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/ran {0,NULL} }; -diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h ---- openssl-1.0.0/crypto/rand/rand.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rand/rand.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand.h.fips openssl-1.0.0a/crypto/rand/rand.h +--- openssl-1.0.0a/crypto/rand/rand.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rand/rand.h 2010-06-04 12:25:15.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10760,9 +10760,9 @@ diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h #ifdef __cplusplus } -diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c ---- openssl-1.0.0/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/rand_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand_lib.c.fips openssl-1.0.0a/crypto/rand/rand_lib.c +--- openssl-1.0.0a/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/rand_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10796,9 +10796,9 @@ diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/ran return default_RAND_meth; } -diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h ---- openssl-1.0.0/crypto/rc2/rc2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rc2/rc2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc2/rc2.h.fips openssl-1.0.0a/crypto/rc2/rc2.h +--- openssl-1.0.0a/crypto/rc2/rc2.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc2/rc2.h 2010-06-04 12:25:15.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10810,9 +10810,9 @@ diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c ---- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0/crypto/rc2/rc2_skey.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips openssl-1.0.0a/crypto/rc2/rc2_skey.c +--- openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc2/rc2_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10846,9 +10846,9 @@ diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_s int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl 2010-06-04 12:25:15.000000000 +0200 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10856,9 +10856,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4 +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl 2010-06-04 12:25:15.000000000 +0200 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10868,9 +10868,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc print $code; close STDOUT; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl 2010-06-04 12:25:15.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10894,9 +10894,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/a # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile ---- openssl-1.0.0/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/Makefile 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/Makefile.fips openssl-1.0.0a/crypto/rc4/Makefile +--- openssl-1.0.0a/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10908,9 +10908,9 @@ diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefil SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c ---- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips 2010-03-30 10:34:41.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/rc4_fblk.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0a/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/rc4_fblk.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10987,9 +10987,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_f + } +#endif + -diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h ---- openssl-1.0.0/crypto/rc4/rc4.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/rc4.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4.h.fips openssl-1.0.0a/crypto/rc4/rc4.h +--- openssl-1.0.0a/crypto/rc4/rc4.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/rc4.h 2010-06-04 12:25:15.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -11000,9 +11000,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c ---- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/rc4_skey.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips openssl-1.0.0a/crypto/rc4/rc4_skey.c +--- openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/rc4_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11040,9 +11040,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_s unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h ---- openssl-1.0.0/crypto/ripemd/ripemd.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/ripemd/ripemd.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/ripemd/ripemd.h.fips openssl-1.0.0a/crypto/ripemd/ripemd.h +--- openssl-1.0.0a/crypto/ripemd/ripemd.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/ripemd/ripemd.h 2010-06-04 12:25:15.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11053,9 +11053,9 @@ diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/r int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0a/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0a/crypto/ripemd/rmd_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11077,9 +11077,9 @@ diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c ---- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_eay.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_eay.c +--- openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_eay.c 2010-06-04 12:25:15.000000000 +0200 @@ -114,6 +114,10 @@ #include #include @@ -11340,9 +11340,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_ea rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c ---- openssl-1.0.0/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0/crypto/rsa/rsa_err.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_err.c.fips openssl-1.0.0a/crypto/rsa/rsa_err.c +--- openssl-1.0.0a/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0a/crypto/rsa/rsa_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11369,9 +11369,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_er {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c ---- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_gen.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips openssl-1.0.0a/crypto/rsa/rsa_gen.c +--- openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11497,9 +11497,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_ge ok=1; err: if (ok == -1) -diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h ---- openssl-1.0.0/crypto/rsa/rsa.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa.h.fips openssl-1.0.0a/crypto/rsa/rsa.h +--- openssl-1.0.0a/crypto/rsa/rsa.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa.h 2010-06-04 12:25:15.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11569,9 +11569,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c ---- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 -+++ openssl-1.0.0/crypto/rsa/rsa_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips openssl-1.0.0a/crypto/rsa/rsa_lib.c +--- openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0a/crypto/rsa/rsa_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11647,9 +11647,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_li return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c ---- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_sign.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips openssl-1.0.0a/crypto/rsa/rsa_sign.c +--- openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_sign.c 2010-06-04 12:25:15.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11681,9 +11681,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_s if (i <= 0) goto err; -diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c ---- openssl-1.0.0/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 -+++ openssl-1.0.0/crypto/seed/seed.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/seed/seed.c.fips openssl-1.0.0a/crypto/seed/seed.c +--- openssl-1.0.0a/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0a/crypto/seed/seed.c 2010-06-04 12:25:15.000000000 +0200 @@ -34,6 +34,9 @@ #include @@ -11713,9 +11713,9 @@ diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c { seed_word x1, x2, x3, x4; seed_word t0, t1; -diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h ---- openssl-1.0.0/crypto/seed/seed.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/seed/seed.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/seed/seed.h.fips openssl-1.0.0a/crypto/seed/seed.h +--- openssl-1.0.0a/crypto/seed/seed.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/seed/seed.h 2010-06-04 12:25:15.000000000 +0200 @@ -117,6 +117,9 @@ typedef struct seed_key_st { } SEED_KEY_SCHEDULE; @@ -11726,9 +11726,9 @@ diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); -diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c ---- openssl-1.0.0/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha_dgst.c.fips openssl-1.0.0a/crypto/sha/sha_dgst.c +--- openssl-1.0.0a/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,12 @@ */ @@ -11742,9 +11742,9 @@ diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_d #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h ---- openssl-1.0.0/crypto/sha/sha.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/sha/sha.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha.h.fips openssl-1.0.0a/crypto/sha/sha.h +--- openssl-1.0.0a/crypto/sha/sha.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/sha/sha.h 2010-06-04 12:25:15.000000000 +0200 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11755,9 +11755,9 @@ diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h ---- openssl-1.0.0/crypto/sha/sha_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/sha/sha_locl.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha_locl.h.fips openssl-1.0.0a/crypto/sha/sha_locl.h +--- openssl-1.0.0a/crypto/sha/sha_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/sha/sha_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11774,9 +11774,9 @@ diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_l memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c ---- openssl-1.0.0/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha1dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha1dgst.c.fips openssl-1.0.0a/crypto/sha/sha1dgst.c +--- openssl-1.0.0a/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha1dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11788,9 +11788,9 @@ diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1d const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c ---- openssl-1.0.0/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha256.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha256.c.fips openssl-1.0.0a/crypto/sha/sha256.c +--- openssl-1.0.0a/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha256.c 2010-06-04 12:25:15.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11821,9 +11821,9 @@ diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256. memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c ---- openssl-1.0.0/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha512.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha512.c.fips openssl-1.0.0a/crypto/sha/sha512.c +--- openssl-1.0.0a/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha512.c 2010-06-04 12:25:15.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11855,9 +11855,9 @@ diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512. #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h ---- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/whrlpool/whrlpool.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0a/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/whrlpool/whrlpool.h 2010-06-04 12:25:15.000000000 +0200 @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; @@ -11868,9 +11868,9 @@ diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrl int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 -+++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0a/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0a/crypto/whrlpool/wp_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -53,8 +53,12 @@ #include "wp_locl.h" @@ -11885,9 +11885,9 @@ diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlp { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org ---- openssl-1.0.0/Makefile.org.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/Makefile.org 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/Makefile.org.fips openssl-1.0.0a/Makefile.org +--- openssl-1.0.0a/Makefile.org.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/Makefile.org 2010-06-04 12:25:15.000000000 +0200 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11915,9 +11915,9 @@ diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c ---- openssl-1.0.0/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0/ssl/ssl_ciph.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_ciph.c.fips openssl-1.0.0a/ssl/ssl_ciph.c +--- openssl-1.0.0a/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssl_ciph.c 2010-06-04 12:25:15.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11940,9 +11940,9 @@ diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c ---- openssl-1.0.0/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 -+++ openssl-1.0.0/ssl/ssl_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_lib.c.fips openssl-1.0.0a/ssl/ssl_lib.c +--- openssl-1.0.0a/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 ++++ openssl-1.0.0a/ssl/ssl_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11958,9 +11958,9 @@ diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c ---- openssl-1.0.0/ssl/ssltest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/ssl/ssltest.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c +--- openssl-1.0.0a/ssl/ssltest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssltest.c 2010-06-04 12:25:15.000000000 +0200 @@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -12035,9 +12035,9 @@ diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c ---- openssl-1.0.0/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0/ssl/s23_clnt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s23_clnt.c.fips openssl-1.0.0a/ssl/s23_clnt.c +--- openssl-1.0.0a/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0a/ssl/s23_clnt.c 2010-06-04 12:25:15.000000000 +0200 @@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; @@ -12068,9 +12068,9 @@ diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c ---- openssl-1.0.0/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0/ssl/s23_srvr.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s23_srvr.c.fips openssl-1.0.0a/ssl/s23_srvr.c +--- openssl-1.0.0a/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0a/ssl/s23_srvr.c 2010-06-04 12:25:15.000000000 +0200 @@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12087,9 +12087,9 @@ diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c ---- openssl-1.0.0/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 -+++ openssl-1.0.0/ssl/s3_clnt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c +--- openssl-1.0.0a/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 ++++ openssl-1.0.0a/ssl/s3_clnt.c 2010-06-04 12:25:15.000000000 +0200 @@ -156,6 +156,10 @@ #include #include @@ -12110,9 +12110,9 @@ diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c ---- openssl-1.0.0/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0/ssl/s3_enc.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c +--- openssl-1.0.0a/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0a/ssl/s3_enc.c 2010-06-04 12:25:15.000000000 +0200 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12138,9 +12138,9 @@ diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c ---- openssl-1.0.0/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 -+++ openssl-1.0.0/ssl/s3_srvr.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_srvr.c.fips openssl-1.0.0a/ssl/s3_srvr.c +--- openssl-1.0.0a/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 ++++ openssl-1.0.0a/ssl/s3_srvr.c 2010-06-04 12:25:15.000000000 +0200 @@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) @@ -12150,15 +12150,15 @@ diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c ---- openssl-1.0.0/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0/ssl/t1_enc.c 2010-03-30 10:34:41.000000000 +0200 -@@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md +diff -up openssl-1.0.0a/ssl/t1_enc.c.fips openssl-1.0.0a/ssl/t1_enc.c +--- openssl-1.0.0a/ssl/t1_enc.c.fips 2010-05-17 13:26:56.000000000 +0200 ++++ openssl-1.0.0a/ssl/t1_enc.c 2010-06-04 13:28:01.000000000 +0200 +@@ -170,6 +170,8 @@ static int tls1_P_hash(const EVP_MD *md, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); + HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); - if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); + if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) + goto err; + if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) diff --git a/openssl-1.0.0-beta3-fipsmode.patch b/openssl-1.0.0a-fipsmode.patch similarity index 80% rename from openssl-1.0.0-beta3-fipsmode.patch rename to openssl-1.0.0a-fipsmode.patch index 2fbf0a6..352e74e 100644 --- a/openssl-1.0.0-beta3-fipsmode.patch +++ b/openssl-1.0.0a-fipsmode.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c ---- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200 +diff -up openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode openssl-1.0.0a/crypto/engine/eng_all.c +--- openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200 ++++ openssl-1.0.0a/crypto/engine/eng_all.c 2010-06-04 13:32:13.000000000 +0200 @@ -58,9 +58,23 @@ #include "cryptlib.h" @@ -25,9 +25,9 @@ diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c ---- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode openssl-1.0.0a/crypto/evp/c_allc.c +--- openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode 2009-12-25 15:12:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/c_allc.c 2010-06-04 13:32:13.000000000 +0200 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -40,7 +40,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); EVP_add_cipher(EVP_des_cfb1()); -@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void) +@@ -221,4 +226,61 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); #endif @@ -102,9 +102,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr + } +#endif } -diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c ---- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode openssl-1.0.0a/crypto/evp/c_alld.c +--- openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/c_alld.c 2010-06-04 13:32:13.000000000 +0200 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -117,11 +117,10 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif -@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void) - #endif +@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); -+#endif + #endif +#ifdef OPENSSL_FIPS + } + else @@ -149,11 +148,11 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr + EVP_add_digest(EVP_sha512()); +#endif + } - #endif ++#endif } -diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c ---- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200 +diff -up openssl-1.0.0a/crypto/o_init.c.fipsmode openssl-1.0.0a/crypto/o_init.c +--- openssl-1.0.0a/crypto/o_init.c.fipsmode 2010-06-04 13:32:13.000000000 +0200 ++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 13:32:13.000000000 +0200 @@ -59,6 +59,43 @@ #include #include @@ -206,9 +205,9 @@ diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto done = 1; } #endif -diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c ---- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_algs.c.fipsmode openssl-1.0.0a/ssl/ssl_algs.c +--- openssl-1.0.0a/ssl/ssl_algs.c.fipsmode 2010-04-07 15:18:30.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssl_algs.c 2010-06-04 13:32:48.000000000 +0200 @@ -64,6 +64,12 @@ int SSL_library_init(void) { @@ -222,7 +221,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -115,6 +121,40 @@ int SSL_library_init(void) +@@ -127,6 +133,48 @@ int SSL_library_init(void) EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif @@ -249,6 +248,14 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); +#endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0a-version.patch b/openssl-1.0.0a-version.patch new file mode 100644 index 0000000..75a0233 --- /dev/null +++ b/openssl-1.0.0a-version.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h +--- openssl-1.0.0a/crypto/opensslv.h.version 2010-06-04 13:28:52.000000000 +0200 ++++ openssl-1.0.0a/crypto/opensslv.h 2010-06-04 13:29:42.000000000 +0200 +@@ -25,7 +25,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x1000001fL ++/* we have to keep the version number to not break the abi */ ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" + #else diff --git a/openssl.spec b/openssl.spec index 7eb85e8..0c7b888 100644 --- a/openssl.spec +++ b/openssl.spec @@ -20,8 +20,8 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.0 -Release: 4%{?dist} +Version: 1.0.0a +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -50,20 +50,18 @@ Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch Patch39: openssl-1.0.0-beta5-ipv6-apps.patch -Patch40: openssl-1.0.0-fips.patch +Patch40: openssl-1.0.0a-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch -Patch43: openssl-1.0.0-beta3-fipsmode.patch +Patch43: openssl-1.0.0a-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0-version.patch +Patch51: openssl-1.0.0a-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch Patch53: openssl-1.0.0-name-hash.patch # Backported fixes including security fixes -Patch60: openssl-1.0.0-dtls1-backports.patch -Patch61: openssl-1.0.0-init-sha256.patch License: OpenSSL Group: System Environment/Libraries @@ -145,8 +143,6 @@ from other formats to the formats used by the OpenSSL toolkit. %patch52 -p1 -b .aesni %patch53 -p1 -b .name-hash -%patch60 -p1 -b .dtls1 -%patch61 -p1 -b .sha256 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -305,16 +301,6 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts # mulitlib conflicts and unnecessary renames on upgrade touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf -# Fix libdir. -pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig -for i in *.pc ; do - sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ - $i >$i.tmp && \ - cat $i.tmp >$i && \ - rm -f $i.tmp -done -popd - # Determine which arch opensslconf.h is going to try to #include. basearch=%{_arch} %ifarch %{ix86} @@ -405,6 +391,13 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Fri Jun 4 2010 Tomas Mraz 1.0.0a-1 +- new upstream patch release, fixes CVE-2010-0742 (#598738) + and CVE-2010-1633 (#598732) + +* Wed May 19 2010 Tomas Mraz 1.0.0-5 +- pkgconfig files now contain the correct libdir (#593723) + * Tue May 18 2010 Tomas Mraz 1.0.0-4 - make CA dir readable - the private keys are in private subdir (#584810) diff --git a/sources b/sources index dadae2c..f42b68d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2 +36a9936e1791566b205daa7cb4bea074 openssl-1.0.0a-usa.tar.bz2 From 03d2622327dff9b00ed2a7c9c371abd8c8f7a677 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 4 Jun 2010 14:16:25 +0000 Subject: [PATCH 17/20] - oops wrong patch removed --- openssl-1.0.0-dtls1-backports.patch | 53 ----------------------------- openssl-1.0.0-name-hash.patch | 22 ++++++++++++ 2 files changed, 22 insertions(+), 53 deletions(-) delete mode 100644 openssl-1.0.0-dtls1-backports.patch create mode 100644 openssl-1.0.0-name-hash.patch diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch deleted file mode 100644 index 99518cd..0000000 --- a/openssl-1.0.0-dtls1-backports.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c ---- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100 -+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200 -@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s - timeleft->tv_usec += 1000000; - } - -+ /* If remaining time is less than 15 ms, set it to 0 -+ * to prevent issues because of small devergences with -+ * socket timeouts. -+ */ -+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) -+ { -+ memset(timeleft, 0, sizeof(struct timeval)); -+ } -+ -+ - return timeleft; - } - -diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c ---- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200 -+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200 -@@ -667,14 +667,14 @@ again: - if (rr->length == 0) goto again; - - /* If this record is from the next epoch (either HM or ALERT), -- * buffer it since it cannot be processed at this time. Records -- * from the next epoch are marked as received even though they -- * are not processed, so as to prevent any potential resource -- * DoS attack */ -+ * and a handshake is currently in progress, buffer it since it -+ * cannot be processed at this time. */ - if (is_next_epoch) - { -- dtls1_record_bitmap_update(s, bitmap); -- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); -+ if (SSL_in_init(s) || s->in_handshake) -+ { -+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); -+ } - rr->length = 0; - s->packet_length = 0; - goto again; -@@ -809,7 +809,7 @@ start: - * buffer the application data for later processing rather - * than dropping the connection. - */ -- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); -+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); - rr->length = 0; - goto start; - } diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch new file mode 100644 index 0000000..9098c0a --- /dev/null +++ b/openssl-1.0.0-name-hash.patch @@ -0,0 +1,22 @@ +diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c +--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100 ++++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200 +@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA + { + unsigned long ret=0; + unsigned char md[16]; ++ EVP_MD_CTX ctx; + + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x,NULL); +- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); ++ ++ EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL) ++ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length) ++ && EVP_DigestFinal_ex(&ctx, md, NULL); ++ EVP_MD_CTX_cleanup(&ctx); + + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) From 1df3ab4d3275a5db019180ab130e54a35338fb3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 4 Jun 2010 14:21:35 +0000 Subject: [PATCH 18/20] - new upstream patch release, fixes CVE-2010-0742 (#598738) and CVE-2010-1633 (#598732) --- .cvsignore | 2 +- openssl-1.0.0-dtls1-backports.patch | 53 -- openssl-1.0.0-init-sha256.patch | 79 -- openssl-1.0.0-version.patch | 13 - ....0-fips.patch => openssl-1.0.0a-fips.patch | 782 +++++++++--------- ...ode.patch => openssl-1.0.0a-fipsmode.patch | 49 +- openssl-1.0.0a-version.patch | 13 + openssl.spec | 31 +- sources | 2 +- 9 files changed, 446 insertions(+), 578 deletions(-) delete mode 100644 openssl-1.0.0-dtls1-backports.patch delete mode 100644 openssl-1.0.0-init-sha256.patch delete mode 100644 openssl-1.0.0-version.patch rename openssl-1.0.0-fips.patch => openssl-1.0.0a-fips.patch (91%) rename openssl-1.0.0-beta3-fipsmode.patch => openssl-1.0.0a-fipsmode.patch (80%) create mode 100644 openssl-1.0.0a-version.patch diff --git a/.cvsignore b/.cvsignore index 3930a9d..f4623d7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-usa.tar.bz2 +openssl-1.0.0a-usa.tar.bz2 diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch deleted file mode 100644 index 99518cd..0000000 --- a/openssl-1.0.0-dtls1-backports.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c ---- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100 -+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200 -@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s - timeleft->tv_usec += 1000000; - } - -+ /* If remaining time is less than 15 ms, set it to 0 -+ * to prevent issues because of small devergences with -+ * socket timeouts. -+ */ -+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) -+ { -+ memset(timeleft, 0, sizeof(struct timeval)); -+ } -+ -+ - return timeleft; - } - -diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c ---- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200 -+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200 -@@ -667,14 +667,14 @@ again: - if (rr->length == 0) goto again; - - /* If this record is from the next epoch (either HM or ALERT), -- * buffer it since it cannot be processed at this time. Records -- * from the next epoch are marked as received even though they -- * are not processed, so as to prevent any potential resource -- * DoS attack */ -+ * and a handshake is currently in progress, buffer it since it -+ * cannot be processed at this time. */ - if (is_next_epoch) - { -- dtls1_record_bitmap_update(s, bitmap); -- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); -+ if (SSL_in_init(s) || s->in_handshake) -+ { -+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); -+ } - rr->length = 0; - s->packet_length = 0; - goto again; -@@ -809,7 +809,7 @@ start: - * buffer the application data for later processing rather - * than dropping the connection. - */ -- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); -+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); - rr->length = 0; - goto start; - } diff --git a/openssl-1.0.0-init-sha256.patch b/openssl-1.0.0-init-sha256.patch deleted file mode 100644 index 115722c..0000000 --- a/openssl-1.0.0-init-sha256.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod ---- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100 -+++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200 -@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori - - =head1 DESCRIPTION - --SSL_library_init() registers the available ciphers and digests. -+SSL_library_init() registers the available SSL/TLS ciphers and digests. - - OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms - for SSL_library_init(). -@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant. - - =head1 WARNING - --SSL_library_init() only registers ciphers. Another important initialization --is the seeding of the PRNG (Pseudo Random Number Generator), which has to --be performed separately. -+SSL_library_init() adds ciphers and digests used directly and indirectly by -+SSL/TLS. - - =head1 EXAMPLES - - A typical TLS/SSL application will start with the library initialization, --will provide readable error messages and will seed the PRNG. -+and provide readable error messages. - - SSL_load_error_strings(); /* readable error messages */ - SSL_library_init(); /* initialize library */ -- actions_to_seed_PRNG(); - - =head1 RETURN VALUES - - SSL_library_init() always returns "1", so it is safe to discard the return - value. - -+=head1 NOTES -+ -+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). -+Applications which need to use SHA2 in earlier versions of OpenSSL should call -+OpenSSL_add_all_algorithms() as well. -+ - =head1 SEE ALSO - - L, L, -diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c ---- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200 -+++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200 -@@ -111,6 +111,14 @@ int SSL_library_init(void) - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); - #endif -+#ifndef OPENSSL_NO_SHA256 -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); -@@ -148,6 +156,14 @@ int SSL_library_init(void) - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); - #endif -+#ifndef OPENSSL_NO_SHA256 -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch deleted file mode 100644 index adaea6a..0000000 --- a/openssl-1.0.0-version.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h ---- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200 -+++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200 -@@ -25,7 +25,8 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x1000000fL -+/* we have to keep the version number to not break the abi */ -+#define OPENSSL_VERSION_NUMBER 0x10000003L - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" - #else diff --git a/openssl-1.0.0-fips.patch b/openssl-1.0.0a-fips.patch similarity index 91% rename from openssl-1.0.0-fips.patch rename to openssl-1.0.0a-fips.patch index e5b6de7..421e507 100644 --- a/openssl-1.0.0-fips.patch +++ b/openssl-1.0.0a-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure ---- openssl-1.0.0/Configure.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/Configure 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure +--- openssl-1.0.0a/Configure.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/Configure 2010-06-04 12:25:15.000000000 +0200 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c ---- openssl-1.0.0/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0/crypto/bf/bf_skey.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bf/bf_skey.c.fips openssl-1.0.0a/crypto/bf/bf_skey.c +--- openssl-1.0.0a/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/bf/bf_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey. { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h ---- openssl-1.0.0/crypto/bf/blowfish.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/bf/blowfish.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bf/blowfish.h.fips openssl-1.0.0a/crypto/bf/blowfish.h +--- openssl-1.0.0a/crypto/bf/blowfish.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/bf/blowfish.h 2010-06-04 12:25:15.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfis void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h ---- openssl-1.0.0/crypto/bn/bn.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/bn/bn.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/bn.h.fips openssl-1.0.0a/crypto/bn/bn.h +--- openssl-1.0.0a/crypto/bn/bn.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/bn/bn.h 2010-06-04 12:25:15.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c ---- openssl-1.0.0/crypto/bn/bn_x931p.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/bn/bn_x931p.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/bn_x931p.c.fips openssl-1.0.0a/crypto/bn/bn_x931p.c +--- openssl-1.0.0a/crypto/bn/bn_x931p.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/bn/bn_x931p.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931 + + } + -diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile ---- openssl-1.0.0/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0/crypto/bn/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/Makefile.fips openssl-1.0.0a/crypto/bn/Makefile +--- openssl-1.0.0a/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0a/crypto/bn/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl 2010-06-04 12:25:15.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto } @SBOX=( -diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h ---- openssl-1.0.0/crypto/camellia/camellia.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/camellia.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/camellia.h.fips openssl-1.0.0a/crypto/camellia/camellia.h +--- openssl-1.0.0a/crypto/camellia/camellia.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/camellia.h 2010-06-04 12:25:15.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/came int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/cmll_fblk.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0a/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/cmll_fblk.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/cam + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c ---- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0/crypto/camellia/cmll_misc.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips openssl-1.0.0a/crypto/camellia/cmll_misc.c +--- openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/camellia/cmll_misc.c 2010-06-04 12:25:15.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/cam { if(!userKey || !key) return -1; -diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile ---- openssl-1.0.0/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0/crypto/camellia/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/Makefile.fips openssl-1.0.0a/crypto/camellia/Makefile +--- openssl-1.0.0a/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0a/crypto/camellia/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camell SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h ---- openssl-1.0.0/crypto/cast/cast.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/cast/cast.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/cast/cast.h.fips openssl-1.0.0a/crypto/cast/cast.h +--- openssl-1.0.0a/crypto/cast/cast.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/cast/cast.h 2010-06-04 12:25:15.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c ---- openssl-1.0.0/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0/crypto/cast/c_skey.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/cast/c_skey.c.fips openssl-1.0.0a/crypto/cast/c_skey.c +--- openssl-1.0.0a/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/cast/c_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -586,9 +586,9 @@ diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_ske { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h ---- openssl-1.0.0/crypto/crypto.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/crypto.h 2010-03-30 10:36:06.000000000 +0200 +diff -up openssl-1.0.0a/crypto/crypto.h.fips openssl-1.0.0a/crypto/crypto.h +--- openssl-1.0.0a/crypto/crypto.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/crypto.h 2010-06-04 12:25:15.000000000 +0200 @@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); @@ -660,9 +660,9 @@ diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c ---- openssl-1.0.0/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0/crypto/dh/dh_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_err.c.fips openssl-1.0.0a/crypto/dh/dh_err.c +--- openssl-1.0.0a/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0a/crypto/dh/dh_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -680,9 +680,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c ---- openssl-1.0.0/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh_gen.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_gen.c.fips openssl-1.0.0a/crypto/dh/dh_gen.c +--- openssl-1.0.0a/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -715,9 +715,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h ---- openssl-1.0.0/crypto/dh/dh.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh.h.fips openssl-1.0.0a/crypto/dh/dh.h +--- openssl-1.0.0a/crypto/dh/dh.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh.h 2010-06-04 12:25:15.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -744,9 +744,9 @@ diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h #ifdef __cplusplus } -diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c ---- openssl-1.0.0/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh_key.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_key.c.fips openssl-1.0.0a/crypto/dh/dh_key.c +--- openssl-1.0.0a/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh_key.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -796,9 +796,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c ---- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0/crypto/dsa/dsa_gen.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips openssl-1.0.0a/crypto/dsa/dsa_gen.c +--- openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0a/crypto/dsa/dsa_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -834,9 +834,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_ge if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h ---- openssl-1.0.0/crypto/dsa/dsa.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa.h.fips openssl-1.0.0a/crypto/dsa/dsa.h +--- openssl-1.0.0a/crypto/dsa/dsa.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa.h 2010-06-04 12:25:15.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -893,9 +893,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c ---- openssl-1.0.0/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa_key.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_key.c.fips openssl-1.0.0a/crypto/dsa/dsa_key.c +--- openssl-1.0.0a/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa_key.c 2010-06-04 12:25:15.000000000 +0200 @@ -63,9 +63,55 @@ #include #include @@ -983,9 +983,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_ke ok=1; err: -diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa_ossl.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa_ossl.c 2010-06-04 12:25:15.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1057,9 +1057,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_o dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c ---- openssl-1.0.0/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0/crypto/err/err_all.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/err/err_all.c.fips openssl-1.0.0a/crypto/err/err_all.c +--- openssl-1.0.0a/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0a/crypto/err/err_all.c 2010-06-04 12:25:15.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1080,9 +1080,9 @@ diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_al #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c ---- openssl-1.0.0/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/digest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/digest.c.fips openssl-1.0.0a/crypto/evp/digest.c +--- openssl-1.0.0a/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/digest.c 2010-06-04 12:25:15.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1181,9 +1181,9 @@ diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest. OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c ---- openssl-1.0.0/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_aes.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_aes.c.fips openssl-1.0.0a/crypto/evp/e_aes.c +--- openssl-1.0.0a/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_aes.c 2010-06-04 12:25:15.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1236,9 +1236,9 @@ diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c ---- openssl-1.0.0/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/e_camellia.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_camellia.c.fips openssl-1.0.0a/crypto/evp/e_camellia.c +--- openssl-1.0.0a/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/e_camellia.c 2010-06-04 12:25:15.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1248,9 +1248,9 @@ diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_c IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c ---- openssl-1.0.0/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_des3.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_des3.c.fips openssl-1.0.0a/crypto/evp/e_des3.c +--- openssl-1.0.0a/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_des3.c 2010-06-04 12:25:15.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1295,9 +1295,9 @@ diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3. des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c ---- openssl-1.0.0/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_null.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_null.c.fips openssl-1.0.0a/crypto/evp/e_null.c +--- openssl-1.0.0a/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_null.c 2010-06-04 12:25:15.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1307,9 +1307,9 @@ diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null. null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c ---- openssl-1.0.0/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_rc4.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_rc4.c.fips openssl-1.0.0a/crypto/evp/e_rc4.c +--- openssl-1.0.0a/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_rc4.c 2010-06-04 12:25:15.000000000 +0200 @@ -64,6 +64,7 @@ #include #include @@ -1318,9 +1318,9 @@ diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c ---- openssl-1.0.0/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_enc.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_enc.c +--- openssl-1.0.0a/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_enc.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1413,9 +1413,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_en if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c ---- openssl-1.0.0/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_err.c.fips openssl-1.0.0a/crypto/evp/evp_err.c +--- openssl-1.0.0a/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1424,9 +1424,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_er {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h ---- openssl-1.0.0/crypto/evp/evp.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/evp.h 2010-03-30 10:40:12.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp.h.fips openssl-1.0.0a/crypto/evp/evp.h +--- openssl-1.0.0a/crypto/evp/evp.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/evp.h 2010-06-04 12:25:15.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1496,9 +1496,9 @@ diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c ---- openssl-1.0.0/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_lib.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_lib.c.fips openssl-1.0.0a/crypto/evp/evp_lib.c +--- openssl-1.0.0a/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1527,9 +1527,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_li return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h ---- openssl-1.0.0/crypto/evp/evp_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/evp_locl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_locl.h.fips openssl-1.0.0a/crypto/evp/evp_locl.h +--- openssl-1.0.0a/crypto/evp/evp_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/evp_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1568,9 +1568,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_l struct evp_pkey_ctx_st { -diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c ---- openssl-1.0.0/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_dss.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_dss.c.fips openssl-1.0.0a/crypto/evp/m_dss.c +--- openssl-1.0.0a/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_dss.c 2010-06-04 12:25:15.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1580,9 +1580,9 @@ diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c init, update, final, -diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c ---- openssl-1.0.0/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_dss1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_dss1.c.fips openssl-1.0.0a/crypto/evp/m_dss1.c +--- openssl-1.0.0a/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_dss1.c 2010-06-04 12:25:15.000000000 +0200 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1592,9 +1592,9 @@ diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1. init, update, final, -diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c ---- openssl-1.0.0/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_mdc2.c 2010-03-30 10:57:02.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_mdc2.c.fips openssl-1.0.0a/crypto/evp/m_mdc2.c +--- openssl-1.0.0a/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_mdc2.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1603,9 +1603,9 @@ diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2. static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c ---- openssl-1.0.0/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md2.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md2.c.fips openssl-1.0.0a/crypto/evp/m_md2.c +--- openssl-1.0.0a/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md2.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1614,9 +1614,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c ---- openssl-1.0.0/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md4.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md4.c.fips openssl-1.0.0a/crypto/evp/m_md4.c +--- openssl-1.0.0a/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md4.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1625,9 +1625,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c ---- openssl-1.0.0/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md5.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md5.c.fips openssl-1.0.0a/crypto/evp/m_md5.c +--- openssl-1.0.0a/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md5.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1636,9 +1636,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c ---- openssl-1.0.0/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_ripemd.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_ripemd.c.fips openssl-1.0.0a/crypto/evp/m_ripemd.c +--- openssl-1.0.0a/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_ripemd.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1647,9 +1647,9 @@ diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_rip static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c ---- openssl-1.0.0/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_sha1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_sha1.c.fips openssl-1.0.0a/crypto/evp/m_sha1.c +--- openssl-1.0.0a/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_sha1.c 2010-06-04 12:25:15.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1700,9 +1700,9 @@ diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1. init512, update512, final512, -diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c ---- openssl-1.0.0/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_wp.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_wp.c.fips openssl-1.0.0a/crypto/evp/m_wp.c +--- openssl-1.0.0a/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_wp.c 2010-06-04 12:25:15.000000000 +0200 @@ -9,6 +9,7 @@ #include #include @@ -1711,9 +1711,9 @@ diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c ---- openssl-1.0.0/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/names.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/names.c.fips openssl-1.0.0a/crypto/evp/names.c +--- openssl-1.0.0a/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/names.c 2010-06-04 12:25:15.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1736,9 +1736,9 @@ diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c ---- openssl-1.0.0/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/p_sign.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/p_sign.c.fips openssl-1.0.0a/crypto/evp/p_sign.c +--- openssl-1.0.0a/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/p_sign.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1770,9 +1770,9 @@ diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign. if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c ---- openssl-1.0.0/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/p_verify.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/p_verify.c.fips openssl-1.0.0a/crypto/evp/p_verify.c +--- openssl-1.0.0a/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/p_verify.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1804,9 +1804,9 @@ diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_ver i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2747,9 +2747,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/ + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3453,9 +3453,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -3994,9 +3994,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/f + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4228,9 +4228,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/f + return 0; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4622,9 +4622,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4996,9 +4996,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypt + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5377,9 +5377,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypt + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5769,9 +5769,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0a/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_utl.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6116,9 +6116,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fip +#endif + } + -diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c ---- openssl-1.0.0/crypto/fips_err.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_err.c.fips openssl-1.0.0a/crypto/fips_err.c +--- openssl-1.0.0a/crypto/fips_err.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -6127,9 +6127,9 @@ diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c +#else +static void *dummy=&dummy; +#endif -diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h ---- openssl-1.0.0/crypto/fips_err.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_err.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_err.h.fips openssl-1.0.0a/crypto/fips_err.h +--- openssl-1.0.0a/crypto/fips_err.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_err.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6268,9 +6268,9 @@ diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h + } +#endif + } -diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_aes_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6375,9 +6375,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c ---- openssl-1.0.0/crypto/fips/fips.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips.c.fips openssl-1.0.0a/crypto/fips/fips.c +--- openssl-1.0.0a/crypto/fips/fips.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6798,9 +6798,9 @@ diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c + + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_des_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_des_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6941,9 +6941,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7131,9 +7131,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h ---- openssl-1.0.0/crypto/fips/fips.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips.h.fips openssl-1.0.0a/crypto/fips/fips.h +--- openssl-1.0.0a/crypto/fips/fips.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7298,9 +7298,9 @@ diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h +} +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7439,9 +7439,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypt + return 1; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c ---- openssl-1.0.0/crypto/fips/fips_rand.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand.c.fips openssl-1.0.0a/crypto/fips/fips_rand.c +--- openssl-1.0.0a/crypto/fips/fips_rand.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7855,9 +7855,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fi +} + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h ---- openssl-1.0.0/crypto/fips/fips_rand.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand.h.fips openssl-1.0.0a/crypto/fips/fips_rand.h +--- openssl-1.0.0a/crypto/fips/fips_rand.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7936,9 +7936,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fi +#endif +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8313,9 +8313,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c ---- openssl-1.0.0/crypto/fips/fips_randtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_randtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_randtest.c.fips openssl-1.0.0a/crypto/fips/fips_randtest.c +--- openssl-1.0.0a/crypto/fips/fips_randtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_randtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8565,9 +8565,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fip + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9010,9 +9010,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9295,9 +9295,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fi + return 0; + + } -diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9398,9 +9398,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c ---- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9575,9 +9575,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/cry + } + + -diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c ---- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_test_suite.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips openssl-1.0.0a/crypto/fips/fips_test_suite.c +--- openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_test_suite.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10167,9 +10167,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/f + } + +#endif -diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h ---- openssl-1.0.0/crypto/fips_locl.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_locl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_locl.h.fips openssl-1.0.0a/crypto/fips_locl.h +--- openssl-1.0.0a/crypto/fips_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10243,9 +10243,9 @@ diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h +} +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile ---- openssl-1.0.0/crypto/fips/Makefile.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/Makefile.fips openssl-1.0.0a/crypto/fips/Makefile +--- openssl-1.0.0a/crypto/fips/Makefile.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10328,9 +10328,9 @@ diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makef + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c ---- openssl-1.0.0/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 -+++ openssl-1.0.0/crypto/hmac/hmac.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/hmac/hmac.c.fips openssl-1.0.0a/crypto/hmac/hmac.c +--- openssl-1.0.0a/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/hmac/hmac.c 2010-06-04 12:25:15.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10345,9 +10345,9 @@ diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile ---- openssl-1.0.0/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0/crypto/Makefile 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/Makefile.fips openssl-1.0.0a/crypto/Makefile +--- openssl-1.0.0a/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10366,9 +10366,9 @@ diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0a/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0a/crypto/mdc2/mdc2dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10390,9 +10390,9 @@ diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h ---- openssl-1.0.0/crypto/mdc2/mdc2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/mdc2/mdc2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mdc2/mdc2.h.fips openssl-1.0.0a/crypto/mdc2/mdc2.h +--- openssl-1.0.0a/crypto/mdc2/mdc2.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/mdc2/mdc2.h 2010-06-04 12:25:15.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10404,9 +10404,9 @@ diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c ---- openssl-1.0.0/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0/crypto/md2/md2_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md2/md2_dgst.c.fips openssl-1.0.0a/crypto/md2/md2_dgst.c +--- openssl-1.0.0a/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/md2/md2_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -62,6 +62,11 @@ #include #include @@ -10428,9 +10428,9 @@ diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_d { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h ---- openssl-1.0.0/crypto/md2/md2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md2/md2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md2/md2.h.fips openssl-1.0.0a/crypto/md2/md2.h +--- openssl-1.0.0a/crypto/md2/md2.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/md2/md2.h 2010-06-04 12:25:15.000000000 +0200 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10441,9 +10441,9 @@ diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c ---- openssl-1.0.0/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0/crypto/md4/md4_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md4/md4_dgst.c.fips openssl-1.0.0a/crypto/md4/md4_dgst.c +--- openssl-1.0.0a/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0a/crypto/md4/md4_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10465,9 +10465,9 @@ diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_d { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h ---- openssl-1.0.0/crypto/md4/md4.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md4/md4.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md4/md4.h.fips openssl-1.0.0a/crypto/md4/md4.h +--- openssl-1.0.0a/crypto/md4/md4.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/md4/md4.h 2010-06-04 12:25:15.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10478,9 +10478,9 @@ diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c ---- openssl-1.0.0/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0/crypto/md5/md5_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md5/md5_dgst.c.fips openssl-1.0.0a/crypto/md5/md5_dgst.c +--- openssl-1.0.0a/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0a/crypto/md5/md5_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10502,9 +10502,9 @@ diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_d { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h ---- openssl-1.0.0/crypto/md5/md5.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md5/md5.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md5/md5.h.fips openssl-1.0.0a/crypto/md5/md5.h +--- openssl-1.0.0a/crypto/md5/md5.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/md5/md5.h 2010-06-04 12:25:15.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10515,9 +10515,9 @@ diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c ---- openssl-1.0.0/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0/crypto/mem.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mem.c.fips openssl-1.0.0a/crypto/mem.c +--- openssl-1.0.0a/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/mem.c 2010-06-04 12:25:15.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10527,9 +10527,9 @@ diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c ---- openssl-1.0.0/crypto/o_init.c.fips 2010-03-30 10:34:41.000000000 +0200 -+++ openssl-1.0.0/crypto/o_init.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/o_init.c.fips openssl-1.0.0a/crypto/o_init.c +--- openssl-1.0.0a/crypto/o_init.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10611,9 +10611,9 @@ diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c + } + + -diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in ---- openssl-1.0.0/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0/crypto/opensslconf.h.in 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/opensslconf.h.in.fips openssl-1.0.0a/crypto/opensslconf.h.in +--- openssl-1.0.0a/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/opensslconf.h.in 2010-06-04 12:25:15.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10635,9 +10635,9 @@ diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/openssl /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0/crypto/pkcs12/p12_crt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0a/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0a/crypto/pkcs12/p12_crt.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10664,9 +10664,9 @@ diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/ if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c ---- openssl-1.0.0/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/md_rand.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/md_rand.c.fips openssl-1.0.0a/crypto/rand/md_rand.c +--- openssl-1.0.0a/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/md_rand.c 2010-06-04 12:25:15.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10693,9 +10693,9 @@ diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_r #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c ---- openssl-1.0.0/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/rand_err.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand_err.c.fips openssl-1.0.0a/crypto/rand/rand_err.c +--- openssl-1.0.0a/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/rand_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10728,9 +10728,9 @@ diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/ran {0,NULL} }; -diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h ---- openssl-1.0.0/crypto/rand/rand.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rand/rand.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand.h.fips openssl-1.0.0a/crypto/rand/rand.h +--- openssl-1.0.0a/crypto/rand/rand.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rand/rand.h 2010-06-04 12:25:15.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10760,9 +10760,9 @@ diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h #ifdef __cplusplus } -diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c ---- openssl-1.0.0/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/rand_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand_lib.c.fips openssl-1.0.0a/crypto/rand/rand_lib.c +--- openssl-1.0.0a/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/rand_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10796,9 +10796,9 @@ diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/ran return default_RAND_meth; } -diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h ---- openssl-1.0.0/crypto/rc2/rc2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rc2/rc2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc2/rc2.h.fips openssl-1.0.0a/crypto/rc2/rc2.h +--- openssl-1.0.0a/crypto/rc2/rc2.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc2/rc2.h 2010-06-04 12:25:15.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10810,9 +10810,9 @@ diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c ---- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0/crypto/rc2/rc2_skey.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips openssl-1.0.0a/crypto/rc2/rc2_skey.c +--- openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc2/rc2_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10846,9 +10846,9 @@ diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_s int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl 2010-06-04 12:25:15.000000000 +0200 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10856,9 +10856,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4 +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl 2010-06-04 12:25:15.000000000 +0200 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10868,9 +10868,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc print $code; close STDOUT; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl 2010-06-04 12:25:15.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10894,9 +10894,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/a # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile ---- openssl-1.0.0/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/Makefile 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/Makefile.fips openssl-1.0.0a/crypto/rc4/Makefile +--- openssl-1.0.0a/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10908,9 +10908,9 @@ diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefil SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c ---- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips 2010-03-30 10:34:41.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/rc4_fblk.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0a/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/rc4_fblk.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10987,9 +10987,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_f + } +#endif + -diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h ---- openssl-1.0.0/crypto/rc4/rc4.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/rc4.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4.h.fips openssl-1.0.0a/crypto/rc4/rc4.h +--- openssl-1.0.0a/crypto/rc4/rc4.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/rc4.h 2010-06-04 12:25:15.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -11000,9 +11000,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c ---- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/rc4_skey.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips openssl-1.0.0a/crypto/rc4/rc4_skey.c +--- openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/rc4_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11040,9 +11040,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_s unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h ---- openssl-1.0.0/crypto/ripemd/ripemd.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/ripemd/ripemd.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/ripemd/ripemd.h.fips openssl-1.0.0a/crypto/ripemd/ripemd.h +--- openssl-1.0.0a/crypto/ripemd/ripemd.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/ripemd/ripemd.h 2010-06-04 12:25:15.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11053,9 +11053,9 @@ diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/r int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0a/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0a/crypto/ripemd/rmd_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11077,9 +11077,9 @@ diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c ---- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_eay.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_eay.c +--- openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_eay.c 2010-06-04 12:25:15.000000000 +0200 @@ -114,6 +114,10 @@ #include #include @@ -11340,9 +11340,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_ea rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c ---- openssl-1.0.0/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0/crypto/rsa/rsa_err.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_err.c.fips openssl-1.0.0a/crypto/rsa/rsa_err.c +--- openssl-1.0.0a/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0a/crypto/rsa/rsa_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11369,9 +11369,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_er {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c ---- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_gen.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips openssl-1.0.0a/crypto/rsa/rsa_gen.c +--- openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11497,9 +11497,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_ge ok=1; err: if (ok == -1) -diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h ---- openssl-1.0.0/crypto/rsa/rsa.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa.h.fips openssl-1.0.0a/crypto/rsa/rsa.h +--- openssl-1.0.0a/crypto/rsa/rsa.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa.h 2010-06-04 12:25:15.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11569,9 +11569,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c ---- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 -+++ openssl-1.0.0/crypto/rsa/rsa_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips openssl-1.0.0a/crypto/rsa/rsa_lib.c +--- openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0a/crypto/rsa/rsa_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11647,9 +11647,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_li return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c ---- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_sign.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips openssl-1.0.0a/crypto/rsa/rsa_sign.c +--- openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_sign.c 2010-06-04 12:25:15.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11681,9 +11681,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_s if (i <= 0) goto err; -diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c ---- openssl-1.0.0/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 -+++ openssl-1.0.0/crypto/seed/seed.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/seed/seed.c.fips openssl-1.0.0a/crypto/seed/seed.c +--- openssl-1.0.0a/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0a/crypto/seed/seed.c 2010-06-04 12:25:15.000000000 +0200 @@ -34,6 +34,9 @@ #include @@ -11713,9 +11713,9 @@ diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c { seed_word x1, x2, x3, x4; seed_word t0, t1; -diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h ---- openssl-1.0.0/crypto/seed/seed.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/seed/seed.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/seed/seed.h.fips openssl-1.0.0a/crypto/seed/seed.h +--- openssl-1.0.0a/crypto/seed/seed.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/seed/seed.h 2010-06-04 12:25:15.000000000 +0200 @@ -117,6 +117,9 @@ typedef struct seed_key_st { } SEED_KEY_SCHEDULE; @@ -11726,9 +11726,9 @@ diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); -diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c ---- openssl-1.0.0/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha_dgst.c.fips openssl-1.0.0a/crypto/sha/sha_dgst.c +--- openssl-1.0.0a/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,12 @@ */ @@ -11742,9 +11742,9 @@ diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_d #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h ---- openssl-1.0.0/crypto/sha/sha.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/sha/sha.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha.h.fips openssl-1.0.0a/crypto/sha/sha.h +--- openssl-1.0.0a/crypto/sha/sha.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/sha/sha.h 2010-06-04 12:25:15.000000000 +0200 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11755,9 +11755,9 @@ diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h ---- openssl-1.0.0/crypto/sha/sha_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/sha/sha_locl.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha_locl.h.fips openssl-1.0.0a/crypto/sha/sha_locl.h +--- openssl-1.0.0a/crypto/sha/sha_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/sha/sha_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11774,9 +11774,9 @@ diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_l memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c ---- openssl-1.0.0/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha1dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha1dgst.c.fips openssl-1.0.0a/crypto/sha/sha1dgst.c +--- openssl-1.0.0a/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha1dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11788,9 +11788,9 @@ diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1d const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c ---- openssl-1.0.0/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha256.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha256.c.fips openssl-1.0.0a/crypto/sha/sha256.c +--- openssl-1.0.0a/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha256.c 2010-06-04 12:25:15.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11821,9 +11821,9 @@ diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256. memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c ---- openssl-1.0.0/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha512.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha512.c.fips openssl-1.0.0a/crypto/sha/sha512.c +--- openssl-1.0.0a/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha512.c 2010-06-04 12:25:15.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11855,9 +11855,9 @@ diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512. #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h ---- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/whrlpool/whrlpool.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0a/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/whrlpool/whrlpool.h 2010-06-04 12:25:15.000000000 +0200 @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; @@ -11868,9 +11868,9 @@ diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrl int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 -+++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0a/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0a/crypto/whrlpool/wp_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -53,8 +53,12 @@ #include "wp_locl.h" @@ -11885,9 +11885,9 @@ diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlp { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org ---- openssl-1.0.0/Makefile.org.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/Makefile.org 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/Makefile.org.fips openssl-1.0.0a/Makefile.org +--- openssl-1.0.0a/Makefile.org.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/Makefile.org 2010-06-04 12:25:15.000000000 +0200 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11915,9 +11915,9 @@ diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c ---- openssl-1.0.0/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0/ssl/ssl_ciph.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_ciph.c.fips openssl-1.0.0a/ssl/ssl_ciph.c +--- openssl-1.0.0a/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssl_ciph.c 2010-06-04 12:25:15.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11940,9 +11940,9 @@ diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c ---- openssl-1.0.0/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 -+++ openssl-1.0.0/ssl/ssl_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_lib.c.fips openssl-1.0.0a/ssl/ssl_lib.c +--- openssl-1.0.0a/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 ++++ openssl-1.0.0a/ssl/ssl_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11958,9 +11958,9 @@ diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c ---- openssl-1.0.0/ssl/ssltest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/ssl/ssltest.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c +--- openssl-1.0.0a/ssl/ssltest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssltest.c 2010-06-04 12:25:15.000000000 +0200 @@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -12035,9 +12035,9 @@ diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c ---- openssl-1.0.0/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0/ssl/s23_clnt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s23_clnt.c.fips openssl-1.0.0a/ssl/s23_clnt.c +--- openssl-1.0.0a/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0a/ssl/s23_clnt.c 2010-06-04 12:25:15.000000000 +0200 @@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; @@ -12068,9 +12068,9 @@ diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c ---- openssl-1.0.0/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0/ssl/s23_srvr.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s23_srvr.c.fips openssl-1.0.0a/ssl/s23_srvr.c +--- openssl-1.0.0a/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0a/ssl/s23_srvr.c 2010-06-04 12:25:15.000000000 +0200 @@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12087,9 +12087,9 @@ diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c ---- openssl-1.0.0/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 -+++ openssl-1.0.0/ssl/s3_clnt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c +--- openssl-1.0.0a/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 ++++ openssl-1.0.0a/ssl/s3_clnt.c 2010-06-04 12:25:15.000000000 +0200 @@ -156,6 +156,10 @@ #include #include @@ -12110,9 +12110,9 @@ diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c ---- openssl-1.0.0/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0/ssl/s3_enc.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c +--- openssl-1.0.0a/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0a/ssl/s3_enc.c 2010-06-04 12:25:15.000000000 +0200 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12138,9 +12138,9 @@ diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c ---- openssl-1.0.0/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 -+++ openssl-1.0.0/ssl/s3_srvr.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_srvr.c.fips openssl-1.0.0a/ssl/s3_srvr.c +--- openssl-1.0.0a/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 ++++ openssl-1.0.0a/ssl/s3_srvr.c 2010-06-04 12:25:15.000000000 +0200 @@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) @@ -12150,15 +12150,15 @@ diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c ---- openssl-1.0.0/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0/ssl/t1_enc.c 2010-03-30 10:34:41.000000000 +0200 -@@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md +diff -up openssl-1.0.0a/ssl/t1_enc.c.fips openssl-1.0.0a/ssl/t1_enc.c +--- openssl-1.0.0a/ssl/t1_enc.c.fips 2010-05-17 13:26:56.000000000 +0200 ++++ openssl-1.0.0a/ssl/t1_enc.c 2010-06-04 13:28:01.000000000 +0200 +@@ -170,6 +170,8 @@ static int tls1_P_hash(const EVP_MD *md, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); + HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); - if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); + if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) + goto err; + if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) diff --git a/openssl-1.0.0-beta3-fipsmode.patch b/openssl-1.0.0a-fipsmode.patch similarity index 80% rename from openssl-1.0.0-beta3-fipsmode.patch rename to openssl-1.0.0a-fipsmode.patch index 2fbf0a6..352e74e 100644 --- a/openssl-1.0.0-beta3-fipsmode.patch +++ b/openssl-1.0.0a-fipsmode.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c ---- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200 +diff -up openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode openssl-1.0.0a/crypto/engine/eng_all.c +--- openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200 ++++ openssl-1.0.0a/crypto/engine/eng_all.c 2010-06-04 13:32:13.000000000 +0200 @@ -58,9 +58,23 @@ #include "cryptlib.h" @@ -25,9 +25,9 @@ diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c ---- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode openssl-1.0.0a/crypto/evp/c_allc.c +--- openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode 2009-12-25 15:12:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/c_allc.c 2010-06-04 13:32:13.000000000 +0200 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -40,7 +40,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); EVP_add_cipher(EVP_des_cfb1()); -@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void) +@@ -221,4 +226,61 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); #endif @@ -102,9 +102,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr + } +#endif } -diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c ---- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode openssl-1.0.0a/crypto/evp/c_alld.c +--- openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/c_alld.c 2010-06-04 13:32:13.000000000 +0200 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -117,11 +117,10 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif -@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void) - #endif +@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); -+#endif + #endif +#ifdef OPENSSL_FIPS + } + else @@ -149,11 +148,11 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr + EVP_add_digest(EVP_sha512()); +#endif + } - #endif ++#endif } -diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c ---- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200 +diff -up openssl-1.0.0a/crypto/o_init.c.fipsmode openssl-1.0.0a/crypto/o_init.c +--- openssl-1.0.0a/crypto/o_init.c.fipsmode 2010-06-04 13:32:13.000000000 +0200 ++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 13:32:13.000000000 +0200 @@ -59,6 +59,43 @@ #include #include @@ -206,9 +205,9 @@ diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto done = 1; } #endif -diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c ---- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_algs.c.fipsmode openssl-1.0.0a/ssl/ssl_algs.c +--- openssl-1.0.0a/ssl/ssl_algs.c.fipsmode 2010-04-07 15:18:30.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssl_algs.c 2010-06-04 13:32:48.000000000 +0200 @@ -64,6 +64,12 @@ int SSL_library_init(void) { @@ -222,7 +221,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -115,6 +121,40 @@ int SSL_library_init(void) +@@ -127,6 +133,48 @@ int SSL_library_init(void) EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif @@ -249,6 +248,14 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); +#endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0a-version.patch b/openssl-1.0.0a-version.patch new file mode 100644 index 0000000..75a0233 --- /dev/null +++ b/openssl-1.0.0a-version.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h +--- openssl-1.0.0a/crypto/opensslv.h.version 2010-06-04 13:28:52.000000000 +0200 ++++ openssl-1.0.0a/crypto/opensslv.h 2010-06-04 13:29:42.000000000 +0200 +@@ -25,7 +25,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x1000001fL ++/* we have to keep the version number to not break the abi */ ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" + #else diff --git a/openssl.spec b/openssl.spec index 9a72fd4..bd268c2 100644 --- a/openssl.spec +++ b/openssl.spec @@ -20,8 +20,8 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.0 -Release: 4%{?dist} +Version: 1.0.0a +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -50,20 +50,18 @@ Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch Patch39: openssl-1.0.0-beta5-ipv6-apps.patch -Patch40: openssl-1.0.0-fips.patch +Patch40: openssl-1.0.0a-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch -Patch43: openssl-1.0.0-beta3-fipsmode.patch +Patch43: openssl-1.0.0a-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0-version.patch +Patch51: openssl-1.0.0a-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch Patch53: openssl-1.0.0-name-hash.patch # Backported fixes including security fixes -Patch60: openssl-1.0.0-dtls1-backports.patch -Patch61: openssl-1.0.0-init-sha256.patch License: OpenSSL Group: System Environment/Libraries @@ -145,8 +143,6 @@ from other formats to the formats used by the OpenSSL toolkit. %patch52 -p1 -b .aesni %patch53 -p1 -b .name-hash -%patch60 -p1 -b .dtls1 -%patch61 -p1 -b .sha256 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -299,16 +295,6 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts # mulitlib conflicts and unnecessary renames on upgrade touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf -# Fix libdir. -pushd $RPM_BUILD_ROOT/%{_libdir}/pkgconfig -for i in *.pc ; do - sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ - $i >$i.tmp && \ - cat $i.tmp >$i && \ - rm -f $i.tmp -done -popd - # Determine which arch opensslconf.h is going to try to #include. basearch=%{_arch} %ifarch %{ix86} @@ -397,6 +383,13 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Fri Jun 4 2010 Tomas Mraz 1.0.0a-1 +- new upstream patch release, fixes CVE-2010-0742 (#598738) + and CVE-2010-1633 (#598732) + +* Wed May 19 2010 Tomas Mraz 1.0.0-5 +- pkgconfig files now contain the correct libdir (#593723) + * Tue May 18 2010 Tomas Mraz 1.0.0-4 - make CA dir readable - the private keys are in private subdir (#584810) - do not move the libcrypto to /lib in the F12 package diff --git a/sources b/sources index dadae2c..f42b68d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2 +36a9936e1791566b205daa7cb4bea074 openssl-1.0.0a-usa.tar.bz2 From 318c05cab78ccd607d971575142e736beda5c719 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 05:17:46 +0000 Subject: [PATCH 19/20] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- branch | 1 - 3 files changed, 22 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index f3167ab..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: openssl -# $Id: Makefile,v 1.2 2007/10/15 19:12:21 notting Exp $ -NAME := openssl -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/branch b/branch deleted file mode 100644 index baa94ef..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -F-13 From f56c138b057c0ea87f49bd51e8739810122cc487 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 05:17:54 +0000 Subject: [PATCH 20/20] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- branch | 1 - 3 files changed, 22 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index f3167ab..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: openssl -# $Id: Makefile,v 1.2 2007/10/15 19:12:21 notting Exp $ -NAME := openssl -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/branch b/branch deleted file mode 100644 index 06de2d2..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -F-12