diff --git a/openssl-1.0.0d-cms-keyid.patch b/openssl-1.0.0d-cms-keyid.patch deleted file mode 100644 index 9fe9358..0000000 --- a/openssl-1.0.0d-cms-keyid.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.0d/apps/cms.c.keyid openssl-1.0.0d/apps/cms.c ---- openssl-1.0.0d/apps/cms.c.keyid 2009-10-18 16:42:26.000000000 +0200 -+++ openssl-1.0.0d/apps/cms.c 2011-07-26 12:56:48.000000000 +0200 -@@ -618,7 +618,7 @@ int MAIN(int argc, char **argv) - BIO_printf (bio_err, "-certsout file certificate output file\n"); - BIO_printf (bio_err, "-signer file signer certificate file\n"); - BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); -- BIO_printf (bio_err, "-skeyid use subject key identifier\n"); -+ BIO_printf (bio_err, "-keyid use subject key identifier\n"); - BIO_printf (bio_err, "-in file input file\n"); - BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); - BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); diff --git a/openssl-1.0.0-beta3-defaults.patch b/openssl-1.0.0f-defaults.patch similarity index 81% rename from openssl-1.0.0-beta3-defaults.patch rename to openssl-1.0.0f-defaults.patch index 4a9d4ed..d20c7fc 100644 --- a/openssl-1.0.0-beta3-defaults.patch +++ b/openssl-1.0.0f-defaults.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta3/apps/openssl.cnf.defaults openssl-1.0.0-beta3/apps/openssl.cnf ---- openssl-1.0.0-beta3/apps/openssl.cnf.defaults 2009-04-04 20:09:43.000000000 +0200 -+++ openssl-1.0.0-beta3/apps/openssl.cnf 2009-08-04 22:57:16.000000000 +0200 +diff -up openssl-1.0.0f/apps/openssl.cnf.defaults openssl-1.0.0f/apps/openssl.cnf +--- openssl-1.0.0f/apps/openssl.cnf.defaults 2011-12-06 01:01:00.000000000 +0100 ++++ openssl-1.0.0f/apps/openssl.cnf 2012-01-05 13:16:15.000000000 +0100 @@ -103,7 +103,8 @@ emailAddress = optional #################################################################### @@ -37,7 +37,7 @@ diff -up openssl-1.0.0-beta3/apps/openssl.cnf.defaults openssl-1.0.0-beta3/apps/ organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = --commonName = Common Name (eg, YOUR name) +-commonName = Common Name (e.g. server FQDN or YOUR name) +commonName = Common Name (eg, your name or your server\'s hostname) commonName_max = 64 diff --git a/openssl-1.0.0a-fips.patch b/openssl-1.0.0f-fips.patch similarity index 91% rename from openssl-1.0.0a-fips.patch rename to openssl-1.0.0f-fips.patch index 421e507..435d72f 100644 --- a/openssl-1.0.0a-fips.patch +++ b/openssl-1.0.0f-fips.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure ---- openssl-1.0.0a/Configure.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/Configure 2010-06-04 12:25:15.000000000 +0200 -@@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml +diff -up openssl-1.0.0f/Configure.fips openssl-1.0.0f/Configure +--- openssl-1.0.0f/Configure.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/Configure 2012-01-05 13:22:30.000000000 +0100 +@@ -663,6 +663,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; my $perl; @@ -9,7 +9,7 @@ diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure # All of the following is disabled by default (RC5 was enabled before 0.9.8): -@@ -806,6 +807,10 @@ PROCESS_ARGS: +@@ -809,6 +810,10 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } @@ -20,7 +20,7 @@ diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. -@@ -1368,6 +1373,11 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no +@@ -1383,6 +1388,11 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); @@ -32,7 +32,7 @@ diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); -@@ -1535,6 +1545,10 @@ while () +@@ -1550,6 +1560,10 @@ while () s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0a/crypto/bf/bf_skey.c.fips openssl-1.0.0a/crypto/bf/bf_skey.c ---- openssl-1.0.0a/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0a/crypto/bf/bf_skey.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/bf/bf_skey.c.fips openssl-1.0.0f/crypto/bf/bf_skey.c +--- openssl-1.0.0f/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0f/crypto/bf/bf_skey.c 2012-01-05 13:22:30.000000000 +0100 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0a/crypto/bf/bf_skey.c.fips openssl-1.0.0a/crypto/bf/bf_ske { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0a/crypto/bf/blowfish.h.fips openssl-1.0.0a/crypto/bf/blowfish.h ---- openssl-1.0.0a/crypto/bf/blowfish.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/bf/blowfish.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/bf/blowfish.h.fips openssl-1.0.0f/crypto/bf/blowfish.h +--- openssl-1.0.0f/crypto/bf/blowfish.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/bf/blowfish.h 2012-01-05 13:22:30.000000000 +0100 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,10 +77,10 @@ diff -up openssl-1.0.0a/crypto/bf/blowfish.h.fips openssl-1.0.0a/crypto/bf/blowf void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0a/crypto/bn/bn.h.fips openssl-1.0.0a/crypto/bn/bn.h ---- openssl-1.0.0a/crypto/bn/bn.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/bn/bn.h 2010-06-04 12:25:15.000000000 +0200 -@@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n +diff -up openssl-1.0.0f/crypto/bn/bn.h.fips openssl-1.0.0f/crypto/bn/bn.h +--- openssl-1.0.0f/crypto/bn/bn.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/bn/bn.h 2012-01-05 13:22:30.000000000 +0100 +@@ -558,6 +558,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0a/crypto/bn/bn.h.fips openssl-1.0.0a/crypto/bn/bn.h BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up openssl-1.0.0a/crypto/bn/bn_x931p.c.fips openssl-1.0.0a/crypto/bn/bn_x931p.c ---- openssl-1.0.0a/crypto/bn/bn_x931p.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/bn/bn_x931p.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/bn/bn_x931p.c.fips openssl-1.0.0f/crypto/bn/bn_x931p.c +--- openssl-1.0.0f/crypto/bn/bn_x931p.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/bn/bn_x931p.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up openssl-1.0.0a/crypto/bn/bn_x931p.c.fips openssl-1.0.0a/crypto/bn/bn_x9 + + } + -diff -up openssl-1.0.0a/crypto/bn/Makefile.fips openssl-1.0.0a/crypto/bn/Makefile ---- openssl-1.0.0a/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0a/crypto/bn/Makefile 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/bn/Makefile.fips openssl-1.0.0f/crypto/bn/Makefile +--- openssl-1.0.0f/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0f/crypto/bn/Makefile 2012-01-05 13:22:30.000000000 +0100 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0a/crypto/bn/Makefile.fips openssl-1.0.0a/crypto/bn/Makefil SRC= $(LIBSRC) -diff -up openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0f/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0f/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0f/crypto/camellia/asm/cmll-x86.pl 2012-01-05 13:22:30.000000000 +0100 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0a/cryp } @SBOX=( -diff -up openssl-1.0.0a/crypto/camellia/camellia.h.fips openssl-1.0.0a/crypto/camellia/camellia.h ---- openssl-1.0.0a/crypto/camellia/camellia.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/camellia/camellia.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/camellia/camellia.h.fips openssl-1.0.0f/crypto/camellia/camellia.h +--- openssl-1.0.0f/crypto/camellia/camellia.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/camellia/camellia.h 2012-01-05 13:22:30.000000000 +0100 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0a/crypto/camellia/camellia.h.fips openssl-1.0.0a/crypto/ca int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0a/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/camellia/cmll_fblk.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0f/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0f/crypto/camellia/cmll_fblk.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/camellia/cmll_fblk.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0a/crypto/c + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips openssl-1.0.0a/crypto/camellia/cmll_misc.c ---- openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0a/crypto/camellia/cmll_misc.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/camellia/cmll_misc.c.fips openssl-1.0.0f/crypto/camellia/cmll_misc.c +--- openssl-1.0.0f/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0f/crypto/camellia/cmll_misc.c 2012-01-05 13:22:30.000000000 +0100 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips openssl-1.0.0a/crypto/c { if(!userKey || !key) return -1; -diff -up openssl-1.0.0a/crypto/camellia/Makefile.fips openssl-1.0.0a/crypto/camellia/Makefile ---- openssl-1.0.0a/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0a/crypto/camellia/Makefile 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/camellia/Makefile.fips openssl-1.0.0f/crypto/camellia/Makefile +--- openssl-1.0.0f/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0f/crypto/camellia/Makefile 2012-01-05 13:22:30.000000000 +0100 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0a/crypto/camellia/Makefile.fips openssl-1.0.0a/crypto/came SRC= $(LIBSRC) -diff -up openssl-1.0.0a/crypto/cast/cast.h.fips openssl-1.0.0a/crypto/cast/cast.h ---- openssl-1.0.0a/crypto/cast/cast.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/cast/cast.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/cast/cast.h.fips openssl-1.0.0f/crypto/cast/cast.h +--- openssl-1.0.0f/crypto/cast/cast.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/cast/cast.h 2012-01-05 13:22:30.000000000 +0100 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0a/crypto/cast/cast.h.fips openssl-1.0.0a/crypto/cast/cast. void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0a/crypto/cast/c_skey.c.fips openssl-1.0.0a/crypto/cast/c_skey.c ---- openssl-1.0.0a/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0a/crypto/cast/c_skey.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/cast/c_skey.c.fips openssl-1.0.0f/crypto/cast/c_skey.c +--- openssl-1.0.0f/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0f/crypto/cast/c_skey.c 2012-01-05 13:22:30.000000000 +0100 @@ -57,6 +57,11 @@ */ @@ -586,9 +586,9 @@ diff -up openssl-1.0.0a/crypto/cast/c_skey.c.fips openssl-1.0.0a/crypto/cast/c_s { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0a/crypto/crypto.h.fips openssl-1.0.0a/crypto/crypto.h ---- openssl-1.0.0a/crypto/crypto.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/crypto.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/crypto.h.fips openssl-1.0.0f/crypto/crypto.h +--- openssl-1.0.0f/crypto/crypto.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/crypto.h 2012-01-05 13:22:30.000000000 +0100 @@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); @@ -660,9 +660,9 @@ diff -up openssl-1.0.0a/crypto/crypto.h.fips openssl-1.0.0a/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0a/crypto/dh/dh_err.c.fips openssl-1.0.0a/crypto/dh/dh_err.c ---- openssl-1.0.0a/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0a/crypto/dh/dh_err.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dh/dh_err.c.fips openssl-1.0.0f/crypto/dh/dh_err.c +--- openssl-1.0.0f/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0f/crypto/dh/dh_err.c 2012-01-05 13:22:30.000000000 +0100 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -680,9 +680,9 @@ diff -up openssl-1.0.0a/crypto/dh/dh_err.c.fips openssl-1.0.0a/crypto/dh/dh_err. {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0a/crypto/dh/dh_gen.c.fips openssl-1.0.0a/crypto/dh/dh_gen.c ---- openssl-1.0.0a/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/dh/dh_gen.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dh/dh_gen.c.fips openssl-1.0.0f/crypto/dh/dh_gen.c +--- openssl-1.0.0f/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0f/crypto/dh/dh_gen.c 2012-01-05 13:22:30.000000000 +0100 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -715,9 +715,9 @@ diff -up openssl-1.0.0a/crypto/dh/dh_gen.c.fips openssl-1.0.0a/crypto/dh/dh_gen. ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0a/crypto/dh/dh.h.fips openssl-1.0.0a/crypto/dh/dh.h ---- openssl-1.0.0a/crypto/dh/dh.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/dh/dh.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dh/dh.h.fips openssl-1.0.0f/crypto/dh/dh.h +--- openssl-1.0.0f/crypto/dh/dh.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/dh/dh.h 2012-01-05 13:22:30.000000000 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -744,9 +744,9 @@ diff -up openssl-1.0.0a/crypto/dh/dh.h.fips openssl-1.0.0a/crypto/dh/dh.h #ifdef __cplusplus } -diff -up openssl-1.0.0a/crypto/dh/dh_key.c.fips openssl-1.0.0a/crypto/dh/dh_key.c ---- openssl-1.0.0a/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0a/crypto/dh/dh_key.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dh/dh_key.c.fips openssl-1.0.0f/crypto/dh/dh_key.c +--- openssl-1.0.0f/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0f/crypto/dh/dh_key.c 2012-01-05 13:22:30.000000000 +0100 @@ -61,6 +61,9 @@ #include #include @@ -796,9 +796,9 @@ diff -up openssl-1.0.0a/crypto/dh/dh_key.c.fips openssl-1.0.0a/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips openssl-1.0.0a/crypto/dsa/dsa_gen.c ---- openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0a/crypto/dsa/dsa_gen.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dsa/dsa_gen.c.fips openssl-1.0.0f/crypto/dsa/dsa_gen.c +--- openssl-1.0.0f/crypto/dsa/dsa_gen.c.fips 2010-06-15 19:25:07.000000000 +0200 ++++ openssl-1.0.0f/crypto/dsa/dsa_gen.c 2012-01-05 13:22:30.000000000 +0100 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -834,9 +834,9 @@ diff -up openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips openssl-1.0.0a/crypto/dsa/dsa_ if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0a/crypto/dsa/dsa.h.fips openssl-1.0.0a/crypto/dsa/dsa.h ---- openssl-1.0.0a/crypto/dsa/dsa.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/dsa/dsa.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dsa/dsa.h.fips openssl-1.0.0f/crypto/dsa/dsa.h +--- openssl-1.0.0f/crypto/dsa/dsa.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/dsa/dsa.h 2012-01-05 13:22:30.000000000 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -893,9 +893,9 @@ diff -up openssl-1.0.0a/crypto/dsa/dsa.h.fips openssl-1.0.0a/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0a/crypto/dsa/dsa_key.c.fips openssl-1.0.0a/crypto/dsa/dsa_key.c ---- openssl-1.0.0a/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0a/crypto/dsa/dsa_key.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dsa/dsa_key.c.fips openssl-1.0.0f/crypto/dsa/dsa_key.c +--- openssl-1.0.0f/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0f/crypto/dsa/dsa_key.c 2012-01-05 13:22:30.000000000 +0100 @@ -63,9 +63,55 @@ #include #include @@ -983,9 +983,9 @@ diff -up openssl-1.0.0a/crypto/dsa/dsa_key.c.fips openssl-1.0.0a/crypto/dsa/dsa_ ok=1; err: -diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0a/crypto/dsa/dsa_ossl.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0f/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0f/crypto/dsa/dsa_ossl.c.fips 2011-02-01 13:54:04.000000000 +0100 ++++ openssl-1.0.0f/crypto/dsa/dsa_ossl.c 2012-01-05 13:22:30.000000000 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1026,7 +1026,7 @@ diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa BN_init(&m); BN_init(&xr); -@@ -312,6 +329,20 @@ static int dsa_do_verify(const unsigned +@@ -303,6 +320,20 @@ static int dsa_do_verify(const unsigned return -1; } @@ -1047,7 +1047,7 @@ diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa i = BN_num_bits(dsa->q); /* fips 186-3 allows only different sizes for q */ if (i != 160 && i != 224 && i != 256) -@@ -403,6 +434,9 @@ static int dsa_do_verify(const unsigned +@@ -385,6 +416,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -1057,9 +1057,9 @@ diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0a/crypto/err/err_all.c.fips openssl-1.0.0a/crypto/err/err_all.c ---- openssl-1.0.0a/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0a/crypto/err/err_all.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/err/err_all.c.fips openssl-1.0.0f/crypto/err/err_all.c +--- openssl-1.0.0f/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0f/crypto/err/err_all.c 2012-01-05 13:22:30.000000000 +0100 @@ -96,6 +96,9 @@ #include #include @@ -1080,9 +1080,9 @@ diff -up openssl-1.0.0a/crypto/err/err_all.c.fips openssl-1.0.0a/crypto/err/err_ #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0a/crypto/evp/digest.c.fips openssl-1.0.0a/crypto/evp/digest.c ---- openssl-1.0.0a/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/digest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/digest.c.fips openssl-1.0.0f/crypto/evp/digest.c +--- openssl-1.0.0f/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/digest.c 2012-01-05 13:22:30.000000000 +0100 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1181,9 +1181,9 @@ diff -up openssl-1.0.0a/crypto/evp/digest.c.fips openssl-1.0.0a/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0a/crypto/evp/e_aes.c.fips openssl-1.0.0a/crypto/evp/e_aes.c ---- openssl-1.0.0a/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/e_aes.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/e_aes.c.fips openssl-1.0.0f/crypto/evp/e_aes.c +--- openssl-1.0.0f/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/e_aes.c 2012-01-05 13:22:30.000000000 +0100 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1236,9 +1236,9 @@ diff -up openssl-1.0.0a/crypto/evp/e_aes.c.fips openssl-1.0.0a/crypto/evp/e_aes. static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0a/crypto/evp/e_camellia.c.fips openssl-1.0.0a/crypto/evp/e_camellia.c ---- openssl-1.0.0a/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/e_camellia.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/e_camellia.c.fips openssl-1.0.0f/crypto/evp/e_camellia.c +--- openssl-1.0.0f/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/e_camellia.c 2012-01-05 13:22:30.000000000 +0100 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1248,9 +1248,9 @@ diff -up openssl-1.0.0a/crypto/evp/e_camellia.c.fips openssl-1.0.0a/crypto/evp/e IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0a/crypto/evp/e_des3.c.fips openssl-1.0.0a/crypto/evp/e_des3.c ---- openssl-1.0.0a/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/e_des3.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/e_des3.c.fips openssl-1.0.0f/crypto/evp/e_des3.c +--- openssl-1.0.0f/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/e_des3.c 2012-01-05 13:22:30.000000000 +0100 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1295,9 +1295,9 @@ diff -up openssl-1.0.0a/crypto/evp/e_des3.c.fips openssl-1.0.0a/crypto/evp/e_des des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0a/crypto/evp/e_null.c.fips openssl-1.0.0a/crypto/evp/e_null.c ---- openssl-1.0.0a/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/e_null.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/e_null.c.fips openssl-1.0.0f/crypto/evp/e_null.c +--- openssl-1.0.0f/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/e_null.c 2012-01-05 13:22:30.000000000 +0100 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1307,9 +1307,9 @@ diff -up openssl-1.0.0a/crypto/evp/e_null.c.fips openssl-1.0.0a/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0a/crypto/evp/e_rc4.c.fips openssl-1.0.0a/crypto/evp/e_rc4.c ---- openssl-1.0.0a/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/e_rc4.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/e_rc4.c.fips openssl-1.0.0f/crypto/evp/e_rc4.c +--- openssl-1.0.0f/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/e_rc4.c 2012-01-05 13:22:30.000000000 +0100 @@ -64,6 +64,7 @@ #include #include @@ -1318,9 +1318,9 @@ diff -up openssl-1.0.0a/crypto/evp/e_rc4.c.fips openssl-1.0.0a/crypto/evp/e_rc4. /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_enc.c ---- openssl-1.0.0a/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/evp_enc.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/evp_enc.c.fips openssl-1.0.0f/crypto/evp/evp_enc.c +--- openssl-1.0.0f/crypto/evp/evp_enc.c.fips 2010-10-12 01:24:49.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/evp_enc.c 2012-01-05 13:22:30.000000000 +0100 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1390,7 +1390,7 @@ diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -219,6 +272,22 @@ skip_to_init: +@@ -220,6 +273,22 @@ skip_to_init: } } @@ -1413,9 +1413,9 @@ diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_ if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0a/crypto/evp/evp_err.c.fips openssl-1.0.0a/crypto/evp/evp_err.c ---- openssl-1.0.0a/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/evp_err.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/evp_err.c.fips openssl-1.0.0f/crypto/evp/evp_err.c +--- openssl-1.0.0f/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/evp_err.c 2012-01-05 13:22:30.000000000 +0100 @@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1424,9 +1424,9 @@ diff -up openssl-1.0.0a/crypto/evp/evp_err.c.fips openssl-1.0.0a/crypto/evp/evp_ {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0a/crypto/evp/evp.h.fips openssl-1.0.0a/crypto/evp/evp.h ---- openssl-1.0.0a/crypto/evp/evp.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/evp.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/evp.h.fips openssl-1.0.0f/crypto/evp/evp.h +--- openssl-1.0.0f/crypto/evp/evp.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/evp.h 2012-01-05 13:22:30.000000000 +0100 @@ -75,6 +75,10 @@ #include #endif @@ -1496,9 +1496,9 @@ diff -up openssl-1.0.0a/crypto/evp/evp.h.fips openssl-1.0.0a/crypto/evp/evp.h #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0a/crypto/evp/evp_lib.c.fips openssl-1.0.0a/crypto/evp/evp_lib.c ---- openssl-1.0.0a/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/evp_lib.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/evp_lib.c.fips openssl-1.0.0f/crypto/evp/evp_lib.c +--- openssl-1.0.0f/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/evp_lib.c 2012-01-05 13:22:30.000000000 +0100 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1527,9 +1527,9 @@ diff -up openssl-1.0.0a/crypto/evp/evp_lib.c.fips openssl-1.0.0a/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.0a/crypto/evp/evp_locl.h.fips openssl-1.0.0a/crypto/evp/evp_locl.h ---- openssl-1.0.0a/crypto/evp/evp_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/evp_locl.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/evp_locl.h.fips openssl-1.0.0f/crypto/evp/evp_locl.h +--- openssl-1.0.0f/crypto/evp/evp_locl.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/evp_locl.h 2012-01-05 13:22:30.000000000 +0100 @@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1568,9 +1568,9 @@ diff -up openssl-1.0.0a/crypto/evp/evp_locl.h.fips openssl-1.0.0a/crypto/evp/evp struct evp_pkey_ctx_st { -diff -up openssl-1.0.0a/crypto/evp/m_dss.c.fips openssl-1.0.0a/crypto/evp/m_dss.c ---- openssl-1.0.0a/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/m_dss.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_dss.c.fips openssl-1.0.0f/crypto/evp/m_dss.c +--- openssl-1.0.0f/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/m_dss.c 2012-01-05 13:22:30.000000000 +0100 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1580,9 +1580,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_dss.c.fips openssl-1.0.0a/crypto/evp/m_dss. init, update, final, -diff -up openssl-1.0.0a/crypto/evp/m_dss1.c.fips openssl-1.0.0a/crypto/evp/m_dss1.c ---- openssl-1.0.0a/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/m_dss1.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_dss1.c.fips openssl-1.0.0f/crypto/evp/m_dss1.c +--- openssl-1.0.0f/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/m_dss1.c 2012-01-05 13:22:30.000000000 +0100 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1592,9 +1592,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_dss1.c.fips openssl-1.0.0a/crypto/evp/m_dss init, update, final, -diff -up openssl-1.0.0a/crypto/evp/m_mdc2.c.fips openssl-1.0.0a/crypto/evp/m_mdc2.c ---- openssl-1.0.0a/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/m_mdc2.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_mdc2.c.fips openssl-1.0.0f/crypto/evp/m_mdc2.c +--- openssl-1.0.0f/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/m_mdc2.c 2012-01-05 13:22:30.000000000 +0100 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1603,9 +1603,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_mdc2.c.fips openssl-1.0.0a/crypto/evp/m_mdc static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -diff -up openssl-1.0.0a/crypto/evp/m_md2.c.fips openssl-1.0.0a/crypto/evp/m_md2.c ---- openssl-1.0.0a/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/m_md2.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_md2.c.fips openssl-1.0.0f/crypto/evp/m_md2.c +--- openssl-1.0.0f/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/m_md2.c 2012-01-05 13:22:30.000000000 +0100 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1614,9 +1614,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_md2.c.fips openssl-1.0.0a/crypto/evp/m_md2. static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.0a/crypto/evp/m_md4.c.fips openssl-1.0.0a/crypto/evp/m_md4.c ---- openssl-1.0.0a/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/m_md4.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_md4.c.fips openssl-1.0.0f/crypto/evp/m_md4.c +--- openssl-1.0.0f/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/m_md4.c 2012-01-05 13:22:30.000000000 +0100 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1625,9 +1625,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_md4.c.fips openssl-1.0.0a/crypto/evp/m_md4. static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -diff -up openssl-1.0.0a/crypto/evp/m_md5.c.fips openssl-1.0.0a/crypto/evp/m_md5.c ---- openssl-1.0.0a/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/m_md5.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_md5.c.fips openssl-1.0.0f/crypto/evp/m_md5.c +--- openssl-1.0.0f/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/m_md5.c 2012-01-05 13:22:30.000000000 +0100 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1636,9 +1636,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_md5.c.fips openssl-1.0.0a/crypto/evp/m_md5. static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -diff -up openssl-1.0.0a/crypto/evp/m_ripemd.c.fips openssl-1.0.0a/crypto/evp/m_ripemd.c ---- openssl-1.0.0a/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/m_ripemd.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_ripemd.c.fips openssl-1.0.0f/crypto/evp/m_ripemd.c +--- openssl-1.0.0f/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0f/crypto/evp/m_ripemd.c 2012-01-05 13:22:30.000000000 +0100 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1647,9 +1647,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_ripemd.c.fips openssl-1.0.0a/crypto/evp/m_r static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -diff -up openssl-1.0.0a/crypto/evp/m_sha1.c.fips openssl-1.0.0a/crypto/evp/m_sha1.c ---- openssl-1.0.0a/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/m_sha1.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_sha1.c.fips openssl-1.0.0f/crypto/evp/m_sha1.c +--- openssl-1.0.0f/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/m_sha1.c 2012-01-05 13:22:30.000000000 +0100 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1700,9 +1700,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_sha1.c.fips openssl-1.0.0a/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.0.0a/crypto/evp/m_wp.c.fips openssl-1.0.0a/crypto/evp/m_wp.c ---- openssl-1.0.0a/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/m_wp.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/m_wp.c.fips openssl-1.0.0f/crypto/evp/m_wp.c +--- openssl-1.0.0f/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/m_wp.c 2012-01-05 13:22:30.000000000 +0100 @@ -9,6 +9,7 @@ #include #include @@ -1711,9 +1711,9 @@ diff -up openssl-1.0.0a/crypto/evp/m_wp.c.fips openssl-1.0.0a/crypto/evp/m_wp.c static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } -diff -up openssl-1.0.0a/crypto/evp/names.c.fips openssl-1.0.0a/crypto/evp/names.c ---- openssl-1.0.0a/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/names.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/names.c.fips openssl-1.0.0f/crypto/evp/names.c +--- openssl-1.0.0f/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/names.c 2012-01-05 13:22:30.000000000 +0100 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1736,9 +1736,9 @@ diff -up openssl-1.0.0a/crypto/evp/names.c.fips openssl-1.0.0a/crypto/evp/names. name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0a/crypto/evp/p_sign.c.fips openssl-1.0.0a/crypto/evp/p_sign.c ---- openssl-1.0.0a/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0a/crypto/evp/p_sign.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/p_sign.c.fips openssl-1.0.0f/crypto/evp/p_sign.c +--- openssl-1.0.0f/crypto/evp/p_sign.c.fips 2010-11-27 18:34:57.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/p_sign.c 2012-01-05 13:22:30.000000000 +0100 @@ -61,6 +61,7 @@ #include #include @@ -1770,9 +1770,9 @@ diff -up openssl-1.0.0a/crypto/evp/p_sign.c.fips openssl-1.0.0a/crypto/evp/p_sig if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0a/crypto/evp/p_verify.c.fips openssl-1.0.0a/crypto/evp/p_verify.c ---- openssl-1.0.0a/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0a/crypto/evp/p_verify.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/evp/p_verify.c.fips openssl-1.0.0f/crypto/evp/p_verify.c +--- openssl-1.0.0f/crypto/evp/p_verify.c.fips 2010-11-27 18:34:57.000000000 +0100 ++++ openssl-1.0.0f/crypto/evp/p_verify.c 2012-01-05 13:22:30.000000000 +0100 @@ -61,6 +61,7 @@ #include #include @@ -1804,9 +1804,9 @@ diff -up openssl-1.0.0a/crypto/evp/p_verify.c.fips openssl-1.0.0a/crypto/evp/p_v i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_aesavs.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_aesavs.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2747,9 +2747,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0a/crypt + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_desmovs.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_desmovs.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3453,9 +3453,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0a/cryp + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_dssvs.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_dssvs.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,537 @@ +#include + @@ -3994,9 +3994,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0a/crypto + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_rngvs.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_rngvs.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4228,9 +4228,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0a/crypto + return 0; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_rsagtest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_rsagtest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4622,9 +4622,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0a/cry + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_rsastest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_rsastest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4996,9 +4996,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0a/cry + return ret; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_rsavtest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_rsavtest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5377,9 +5377,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0a/cry + return ret; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0f/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0f/crypto/fips/cavs/fips_shatest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_shatest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5769,9 +5769,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0a/cryp + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0a/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/cavs/fips_utl.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0f/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0f/crypto/fips/cavs/fips_utl.h.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/cavs/fips_utl.h 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6116,9 +6116,9 @@ diff -up openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0a/crypto/f +#endif + } + -diff -up openssl-1.0.0a/crypto/fips_err.c.fips openssl-1.0.0a/crypto/fips_err.c ---- openssl-1.0.0a/crypto/fips_err.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips_err.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips_err.c.fips openssl-1.0.0f/crypto/fips_err.c +--- openssl-1.0.0f/crypto/fips_err.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips_err.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,7 @@ +#include + @@ -6127,9 +6127,9 @@ diff -up openssl-1.0.0a/crypto/fips_err.c.fips openssl-1.0.0a/crypto/fips_err.c +#else +static void *dummy=&dummy; +#endif -diff -up openssl-1.0.0a/crypto/fips_err.h.fips openssl-1.0.0a/crypto/fips_err.h ---- openssl-1.0.0a/crypto/fips_err.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips_err.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips_err.h.fips openssl-1.0.0f/crypto/fips_err.h +--- openssl-1.0.0f/crypto/fips_err.h.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips_err.h 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6268,9 +6268,9 @@ diff -up openssl-1.0.0a/crypto/fips_err.h.fips openssl-1.0.0a/crypto/fips_err.h + } +#endif + } -diff -up openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_aes_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_aes_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_aes_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6375,9 +6375,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0a/cryp + return ret; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/fips.c.fips openssl-1.0.0a/crypto/fips/fips.c ---- openssl-1.0.0a/crypto/fips/fips.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips.c.fips openssl-1.0.0f/crypto/fips/fips.c +--- openssl-1.0.0f/crypto/fips/fips.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6798,9 +6798,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips.c.fips openssl-1.0.0a/crypto/fips/fips. + + +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_des_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_des_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_des_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6941,9 +6941,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0a/cryp + return ret; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_dsa_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_dsa_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7131,9 +7131,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0a/cryp + return ret; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/fips.h.fips openssl-1.0.0a/crypto/fips/fips.h ---- openssl-1.0.0a/crypto/fips/fips.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips.h.fips openssl-1.0.0f/crypto/fips/fips.h +--- openssl-1.0.0f/crypto/fips/fips.h.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips.h 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7298,9 +7298,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips.h.fips openssl-1.0.0a/crypto/fips/fips. +} +#endif +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_hmac_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_hmac_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7439,9 +7439,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0a/cry + return 1; + } +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_rand.c.fips openssl-1.0.0a/crypto/fips/fips_rand.c ---- openssl-1.0.0a/crypto/fips/fips_rand.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_rand.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_rand.c.fips openssl-1.0.0f/crypto/fips/fips_rand.c +--- openssl-1.0.0f/crypto/fips/fips_rand.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_rand.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7855,9 +7855,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_rand.c.fips openssl-1.0.0a/crypto/fips/ +} + +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_rand.h.fips openssl-1.0.0a/crypto/fips/fips_rand.h ---- openssl-1.0.0a/crypto/fips/fips_rand.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_rand.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_rand.h.fips openssl-1.0.0f/crypto/fips/fips_rand.h +--- openssl-1.0.0f/crypto/fips/fips_rand.h.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_rand.h 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7936,9 +7936,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_rand.h.fips openssl-1.0.0a/crypto/fips/ +#endif +#endif +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_rand_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_rand_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_rand_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8313,9 +8313,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0a/cry + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_randtest.c.fips openssl-1.0.0a/crypto/fips/fips_randtest.c ---- openssl-1.0.0a/crypto/fips/fips_randtest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_randtest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_randtest.c.fips openssl-1.0.0f/crypto/fips/fips_randtest.c +--- openssl-1.0.0f/crypto/fips/fips_randtest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_randtest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8565,9 +8565,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_randtest.c.fips openssl-1.0.0a/crypto/f + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_rsa_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_rsa_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9010,9 +9010,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0a/cryp + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0f/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0f/crypto/fips/fips_rsa_x931g.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_rsa_x931g.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9295,9 +9295,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0a/crypto/ + return 0; + + } -diff -up openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0f/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0f/crypto/fips/fips_sha1_selftest.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_sha1_selftest.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9398,9 +9398,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0a/cry + } + +#endif -diff -up openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c ---- openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0f/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0f/crypto/fips/fips_standalone_sha1.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_standalone_sha1.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9575,9 +9575,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0a/c + } + + -diff -up openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips openssl-1.0.0a/crypto/fips/fips_test_suite.c ---- openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/fips_test_suite.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/fips_test_suite.c.fips openssl-1.0.0f/crypto/fips/fips_test_suite.c +--- openssl-1.0.0f/crypto/fips/fips_test_suite.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/fips_test_suite.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10167,9 +10167,9 @@ diff -up openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips openssl-1.0.0a/crypto + } + +#endif -diff -up openssl-1.0.0a/crypto/fips_locl.h.fips openssl-1.0.0a/crypto/fips_locl.h ---- openssl-1.0.0a/crypto/fips_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips_locl.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips_locl.h.fips openssl-1.0.0f/crypto/fips_locl.h +--- openssl-1.0.0f/crypto/fips_locl.h.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips_locl.h 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10243,9 +10243,9 @@ diff -up openssl-1.0.0a/crypto/fips_locl.h.fips openssl-1.0.0a/crypto/fips_locl. +} +#endif +#endif -diff -up openssl-1.0.0a/crypto/fips/Makefile.fips openssl-1.0.0a/crypto/fips/Makefile ---- openssl-1.0.0a/crypto/fips/Makefile.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/fips/Makefile 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/fips/Makefile.fips openssl-1.0.0f/crypto/fips/Makefile +--- openssl-1.0.0f/crypto/fips/Makefile.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/fips/Makefile 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10328,9 +10328,9 @@ diff -up openssl-1.0.0a/crypto/fips/Makefile.fips openssl-1.0.0a/crypto/fips/Mak + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0a/crypto/hmac/hmac.c.fips openssl-1.0.0a/crypto/hmac/hmac.c ---- openssl-1.0.0a/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 -+++ openssl-1.0.0a/crypto/hmac/hmac.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/hmac/hmac.c.fips openssl-1.0.0f/crypto/hmac/hmac.c +--- openssl-1.0.0f/crypto/hmac/hmac.c.fips 2010-06-15 19:25:09.000000000 +0200 ++++ openssl-1.0.0f/crypto/hmac/hmac.c 2012-01-05 13:22:30.000000000 +0100 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10345,9 +10345,9 @@ diff -up openssl-1.0.0a/crypto/hmac/hmac.c.fips openssl-1.0.0a/crypto/hmac/hmac. reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.0.0a/crypto/Makefile.fips openssl-1.0.0a/crypto/Makefile ---- openssl-1.0.0a/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0a/crypto/Makefile 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/Makefile.fips openssl-1.0.0f/crypto/Makefile +--- openssl-1.0.0f/crypto/Makefile.fips 2010-07-27 00:09:59.000000000 +0200 ++++ openssl-1.0.0f/crypto/Makefile 2012-01-05 13:22:30.000000000 +0100 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10366,9 +10366,9 @@ diff -up openssl-1.0.0a/crypto/Makefile.fips openssl-1.0.0a/crypto/Makefile ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0a/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0a/crypto/mdc2/mdc2dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0f/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0f/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0f/crypto/mdc2/mdc2dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -61,6 +61,11 @@ #include #include @@ -10390,9 +10390,9 @@ diff -up openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0a/crypto/mdc2/m { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0a/crypto/mdc2/mdc2.h.fips openssl-1.0.0a/crypto/mdc2/mdc2.h ---- openssl-1.0.0a/crypto/mdc2/mdc2.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/mdc2/mdc2.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/mdc2/mdc2.h.fips openssl-1.0.0f/crypto/mdc2/mdc2.h +--- openssl-1.0.0f/crypto/mdc2/mdc2.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/mdc2/mdc2.h 2012-01-05 13:22:30.000000000 +0100 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10404,9 +10404,9 @@ diff -up openssl-1.0.0a/crypto/mdc2/mdc2.h.fips openssl-1.0.0a/crypto/mdc2/mdc2. int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0a/crypto/md2/md2_dgst.c.fips openssl-1.0.0a/crypto/md2/md2_dgst.c ---- openssl-1.0.0a/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0a/crypto/md2/md2_dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/md2/md2_dgst.c.fips openssl-1.0.0f/crypto/md2/md2_dgst.c +--- openssl-1.0.0f/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0f/crypto/md2/md2_dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -62,6 +62,11 @@ #include #include @@ -10428,9 +10428,9 @@ diff -up openssl-1.0.0a/crypto/md2/md2_dgst.c.fips openssl-1.0.0a/crypto/md2/md2 { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0a/crypto/md2/md2.h.fips openssl-1.0.0a/crypto/md2/md2.h ---- openssl-1.0.0a/crypto/md2/md2.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/md2/md2.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/md2/md2.h.fips openssl-1.0.0f/crypto/md2/md2.h +--- openssl-1.0.0f/crypto/md2/md2.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/md2/md2.h 2012-01-05 13:22:30.000000000 +0100 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10441,9 +10441,9 @@ diff -up openssl-1.0.0a/crypto/md2/md2.h.fips openssl-1.0.0a/crypto/md2/md2.h int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0a/crypto/md4/md4_dgst.c.fips openssl-1.0.0a/crypto/md4/md4_dgst.c ---- openssl-1.0.0a/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0a/crypto/md4/md4_dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/md4/md4_dgst.c.fips openssl-1.0.0f/crypto/md4/md4_dgst.c +--- openssl-1.0.0f/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0f/crypto/md4/md4_dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10465,9 +10465,9 @@ diff -up openssl-1.0.0a/crypto/md4/md4_dgst.c.fips openssl-1.0.0a/crypto/md4/md4 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0a/crypto/md4/md4.h.fips openssl-1.0.0a/crypto/md4/md4.h ---- openssl-1.0.0a/crypto/md4/md4.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/md4/md4.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/md4/md4.h.fips openssl-1.0.0f/crypto/md4/md4.h +--- openssl-1.0.0f/crypto/md4/md4.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/md4/md4.h 2012-01-05 13:22:30.000000000 +0100 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10478,9 +10478,9 @@ diff -up openssl-1.0.0a/crypto/md4/md4.h.fips openssl-1.0.0a/crypto/md4/md4.h int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0a/crypto/md5/md5_dgst.c.fips openssl-1.0.0a/crypto/md5/md5_dgst.c ---- openssl-1.0.0a/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0a/crypto/md5/md5_dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/md5/md5_dgst.c.fips openssl-1.0.0f/crypto/md5/md5_dgst.c +--- openssl-1.0.0f/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0f/crypto/md5/md5_dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10502,9 +10502,9 @@ diff -up openssl-1.0.0a/crypto/md5/md5_dgst.c.fips openssl-1.0.0a/crypto/md5/md5 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0a/crypto/md5/md5.h.fips openssl-1.0.0a/crypto/md5/md5.h ---- openssl-1.0.0a/crypto/md5/md5.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/md5/md5.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/md5/md5.h.fips openssl-1.0.0f/crypto/md5/md5.h +--- openssl-1.0.0f/crypto/md5/md5.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/md5/md5.h 2012-01-05 13:22:30.000000000 +0100 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10515,9 +10515,9 @@ diff -up openssl-1.0.0a/crypto/md5/md5.h.fips openssl-1.0.0a/crypto/md5/md5.h int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0a/crypto/mem.c.fips openssl-1.0.0a/crypto/mem.c ---- openssl-1.0.0a/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0a/crypto/mem.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/mem.c.fips openssl-1.0.0f/crypto/mem.c +--- openssl-1.0.0f/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0f/crypto/mem.c 2012-01-05 13:22:30.000000000 +0100 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10527,9 +10527,9 @@ diff -up openssl-1.0.0a/crypto/mem.c.fips openssl-1.0.0a/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up openssl-1.0.0a/crypto/o_init.c.fips openssl-1.0.0a/crypto/o_init.c ---- openssl-1.0.0a/crypto/o_init.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/o_init.c.fips openssl-1.0.0f/crypto/o_init.c +--- openssl-1.0.0f/crypto/o_init.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/o_init.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10611,9 +10611,9 @@ diff -up openssl-1.0.0a/crypto/o_init.c.fips openssl-1.0.0a/crypto/o_init.c + } + + -diff -up openssl-1.0.0a/crypto/opensslconf.h.in.fips openssl-1.0.0a/crypto/opensslconf.h.in ---- openssl-1.0.0a/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0a/crypto/opensslconf.h.in 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/opensslconf.h.in.fips openssl-1.0.0f/crypto/opensslconf.h.in +--- openssl-1.0.0f/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0f/crypto/opensslconf.h.in 2012-01-05 13:22:30.000000000 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10635,9 +10635,9 @@ diff -up openssl-1.0.0a/crypto/opensslconf.h.in.fips openssl-1.0.0a/crypto/opens /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0a/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0a/crypto/pkcs12/p12_crt.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0f/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0f/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0f/crypto/pkcs12/p12_crt.c 2012-01-05 13:22:30.000000000 +0100 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10664,9 +10664,9 @@ diff -up openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0a/crypto/pkcs1 if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0a/crypto/rand/md_rand.c.fips openssl-1.0.0a/crypto/rand/md_rand.c ---- openssl-1.0.0a/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0a/crypto/rand/md_rand.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rand/md_rand.c.fips openssl-1.0.0f/crypto/rand/md_rand.c +--- openssl-1.0.0f/crypto/rand/md_rand.c.fips 2010-06-16 15:17:22.000000000 +0200 ++++ openssl-1.0.0f/crypto/rand/md_rand.c 2012-01-05 13:22:30.000000000 +0100 @@ -126,6 +126,10 @@ #include @@ -10693,9 +10693,9 @@ diff -up openssl-1.0.0a/crypto/rand/md_rand.c.fips openssl-1.0.0a/crypto/rand/md #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0a/crypto/rand/rand_err.c.fips openssl-1.0.0a/crypto/rand/rand_err.c ---- openssl-1.0.0a/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0a/crypto/rand/rand_err.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rand/rand_err.c.fips openssl-1.0.0f/crypto/rand/rand_err.c +--- openssl-1.0.0f/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0f/crypto/rand/rand_err.c 2012-01-05 13:22:30.000000000 +0100 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10728,9 +10728,9 @@ diff -up openssl-1.0.0a/crypto/rand/rand_err.c.fips openssl-1.0.0a/crypto/rand/r {0,NULL} }; -diff -up openssl-1.0.0a/crypto/rand/rand.h.fips openssl-1.0.0a/crypto/rand/rand.h ---- openssl-1.0.0a/crypto/rand/rand.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/rand/rand.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rand/rand.h.fips openssl-1.0.0f/crypto/rand/rand.h +--- openssl-1.0.0f/crypto/rand/rand.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/rand/rand.h 2012-01-05 13:22:30.000000000 +0100 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10760,9 +10760,9 @@ diff -up openssl-1.0.0a/crypto/rand/rand.h.fips openssl-1.0.0a/crypto/rand/rand. #ifdef __cplusplus } -diff -up openssl-1.0.0a/crypto/rand/rand_lib.c.fips openssl-1.0.0a/crypto/rand/rand_lib.c ---- openssl-1.0.0a/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0a/crypto/rand/rand_lib.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rand/rand_lib.c.fips openssl-1.0.0f/crypto/rand/rand_lib.c +--- openssl-1.0.0f/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0f/crypto/rand/rand_lib.c 2012-01-05 13:22:30.000000000 +0100 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10796,9 +10796,9 @@ diff -up openssl-1.0.0a/crypto/rand/rand_lib.c.fips openssl-1.0.0a/crypto/rand/r return default_RAND_meth; } -diff -up openssl-1.0.0a/crypto/rc2/rc2.h.fips openssl-1.0.0a/crypto/rc2/rc2.h ---- openssl-1.0.0a/crypto/rc2/rc2.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/rc2/rc2.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc2/rc2.h.fips openssl-1.0.0f/crypto/rc2/rc2.h +--- openssl-1.0.0f/crypto/rc2/rc2.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc2/rc2.h 2012-01-05 13:22:30.000000000 +0100 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10810,9 +10810,9 @@ diff -up openssl-1.0.0a/crypto/rc2/rc2.h.fips openssl-1.0.0a/crypto/rc2/rc2.h void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips openssl-1.0.0a/crypto/rc2/rc2_skey.c ---- openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0a/crypto/rc2/rc2_skey.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc2/rc2_skey.c.fips openssl-1.0.0f/crypto/rc2/rc2_skey.c +--- openssl-1.0.0f/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0f/crypto/rc2/rc2_skey.c 2012-01-05 13:22:30.000000000 +0100 @@ -57,6 +57,11 @@ */ @@ -10846,9 +10846,9 @@ diff -up openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips openssl-1.0.0a/crypto/rc2/rc2 int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0f/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0f/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc4/asm/rc4-s390x.pl 2012-01-05 13:22:30.000000000 +0100 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10856,9 +10856,9 @@ diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0a/crypto/r +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0f/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0f/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0f/crypto/rc4/asm/rc4-x86_64.pl 2012-01-05 13:22:30.000000000 +0100 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10868,9 +10868,9 @@ diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0a/crypto/ print $code; close STDOUT; -diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0f/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0f/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc4/asm/rc4-586.pl 2012-01-05 13:22:30.000000000 +0100 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10894,9 +10894,9 @@ diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0a/crypto/rc4 # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0a/crypto/rc4/Makefile.fips openssl-1.0.0a/crypto/rc4/Makefile ---- openssl-1.0.0a/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0a/crypto/rc4/Makefile 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/Makefile.fips openssl-1.0.0f/crypto/rc4/Makefile +--- openssl-1.0.0f/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc4/Makefile 2012-01-05 13:22:30.000000000 +0100 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10908,9 +10908,9 @@ diff -up openssl-1.0.0a/crypto/rc4/Makefile.fips openssl-1.0.0a/crypto/rc4/Makef SRC= $(LIBSRC) -diff -up openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0a/crypto/rc4/rc4_fblk.c ---- openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/rc4/rc4_fblk.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0f/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0f/crypto/rc4/rc4_fblk.c.fips 2012-01-05 13:22:30.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc4/rc4_fblk.c 2012-01-05 13:22:30.000000000 +0100 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10987,9 +10987,9 @@ diff -up openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0a/crypto/rc4/rc4 + } +#endif + -diff -up openssl-1.0.0a/crypto/rc4/rc4.h.fips openssl-1.0.0a/crypto/rc4/rc4.h ---- openssl-1.0.0a/crypto/rc4/rc4.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/rc4/rc4.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/rc4.h.fips openssl-1.0.0f/crypto/rc4/rc4.h +--- openssl-1.0.0f/crypto/rc4/rc4.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc4/rc4.h 2012-01-05 13:22:30.000000000 +0100 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -11000,9 +11000,9 @@ diff -up openssl-1.0.0a/crypto/rc4/rc4.h.fips openssl-1.0.0a/crypto/rc4/rc4.h void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips openssl-1.0.0a/crypto/rc4/rc4_skey.c ---- openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0a/crypto/rc4/rc4_skey.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rc4/rc4_skey.c.fips openssl-1.0.0f/crypto/rc4/rc4_skey.c +--- openssl-1.0.0f/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0f/crypto/rc4/rc4_skey.c 2012-01-05 13:22:30.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11040,9 +11040,9 @@ diff -up openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips openssl-1.0.0a/crypto/rc4/rc4 unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0a/crypto/ripemd/ripemd.h.fips openssl-1.0.0a/crypto/ripemd/ripemd.h ---- openssl-1.0.0a/crypto/ripemd/ripemd.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/ripemd/ripemd.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/ripemd/ripemd.h.fips openssl-1.0.0f/crypto/ripemd/ripemd.h +--- openssl-1.0.0f/crypto/ripemd/ripemd.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/ripemd/ripemd.h 2012-01-05 13:22:30.000000000 +0100 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11053,9 +11053,9 @@ diff -up openssl-1.0.0a/crypto/ripemd/ripemd.h.fips openssl-1.0.0a/crypto/ripemd int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0a/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0a/crypto/ripemd/rmd_dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0f/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0f/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0f/crypto/ripemd/rmd_dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11077,9 +11077,9 @@ diff -up openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0a/crypto/ripe { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_eay.c ---- openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0a/crypto/rsa/rsa_eay.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rsa/rsa_eay.c.fips openssl-1.0.0f/crypto/rsa/rsa_eay.c +--- openssl-1.0.0f/crypto/rsa/rsa_eay.c.fips 2011-10-19 16:58:34.000000000 +0200 ++++ openssl-1.0.0f/crypto/rsa/rsa_eay.c 2012-01-05 13:27:00.000000000 +0100 @@ -114,6 +114,10 @@ #include #include @@ -11152,8 +11152,8 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -355,6 +384,23 @@ static int RSA_eay_private_encrypt(int f - int local_blinding = 0; +@@ -361,6 +390,23 @@ static int RSA_eay_private_encrypt(int f + BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; +#ifdef OPENSSL_FIPS @@ -11162,7 +11162,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; ++ return -1; + } + + if (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) @@ -11176,7 +11176,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); -@@ -432,9 +478,7 @@ static int RSA_eay_private_encrypt(int f +@@ -444,9 +490,7 @@ static int RSA_eay_private_encrypt(int f else d= rsa->d; @@ -11187,8 +11187,8 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -488,6 +532,23 @@ static int RSA_eay_private_decrypt(int f - int local_blinding = 0; +@@ -504,6 +548,23 @@ static int RSA_eay_private_decrypt(int f + BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; +#ifdef OPENSSL_FIPS @@ -11197,7 +11197,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; ++ return -1; + } + + if (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) @@ -11211,7 +11211,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); -@@ -555,9 +616,7 @@ static int RSA_eay_private_decrypt(int f +@@ -577,9 +638,7 @@ static int RSA_eay_private_decrypt(int f else d = rsa->d; @@ -11222,7 +11222,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -617,6 +676,23 @@ static int RSA_eay_public_decrypt(int fl +@@ -639,6 +698,23 @@ static int RSA_eay_public_decrypt(int fl unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -11246,7 +11246,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -@@ -667,9 +743,7 @@ static int RSA_eay_public_decrypt(int fl +@@ -689,9 +765,7 @@ static int RSA_eay_public_decrypt(int fl goto err; } @@ -11257,7 +11257,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -717,6 +791,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c +@@ -739,6 +813,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; @@ -11265,7 +11265,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ int ret=0; BN_CTX_start(ctx); -@@ -724,41 +799,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c +@@ -746,41 +821,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); @@ -11330,7 +11330,7 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -@@ -875,6 +940,9 @@ err: +@@ -897,6 +962,9 @@ err: static int RSA_eay_init(RSA *rsa) { @@ -11340,9 +11340,9 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_ rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0a/crypto/rsa/rsa_err.c.fips openssl-1.0.0a/crypto/rsa/rsa_err.c ---- openssl-1.0.0a/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0a/crypto/rsa/rsa_err.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rsa/rsa_err.c.fips openssl-1.0.0f/crypto/rsa/rsa_err.c +--- openssl-1.0.0f/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0f/crypto/rsa/rsa_err.c 2012-01-05 13:22:30.000000000 +0100 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11369,9 +11369,9 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_err.c.fips openssl-1.0.0a/crypto/rsa/rsa_ {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips openssl-1.0.0a/crypto/rsa/rsa_gen.c ---- openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0a/crypto/rsa/rsa_gen.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rsa/rsa_gen.c.fips openssl-1.0.0f/crypto/rsa/rsa_gen.c +--- openssl-1.0.0f/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0f/crypto/rsa/rsa_gen.c 2012-01-05 13:22:30.000000000 +0100 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11497,9 +11497,9 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips openssl-1.0.0a/crypto/rsa/rsa_ ok=1; err: if (ok == -1) -diff -up openssl-1.0.0a/crypto/rsa/rsa.h.fips openssl-1.0.0a/crypto/rsa/rsa.h ---- openssl-1.0.0a/crypto/rsa/rsa.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/rsa/rsa.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rsa/rsa.h.fips openssl-1.0.0f/crypto/rsa/rsa.h +--- openssl-1.0.0f/crypto/rsa/rsa.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/rsa/rsa.h 2012-01-05 13:22:30.000000000 +0100 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11569,9 +11569,9 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa.h.fips openssl-1.0.0a/crypto/rsa/rsa.h #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips openssl-1.0.0a/crypto/rsa/rsa_lib.c ---- openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 -+++ openssl-1.0.0a/crypto/rsa/rsa_lib.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rsa/rsa_lib.c.fips openssl-1.0.0f/crypto/rsa/rsa_lib.c +--- openssl-1.0.0f/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0f/crypto/rsa/rsa_lib.c 2012-01-05 13:22:30.000000000 +0100 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11647,9 +11647,9 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips openssl-1.0.0a/crypto/rsa/rsa_ return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips openssl-1.0.0a/crypto/rsa/rsa_sign.c ---- openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0a/crypto/rsa/rsa_sign.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/rsa/rsa_sign.c.fips openssl-1.0.0f/crypto/rsa/rsa_sign.c +--- openssl-1.0.0f/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0f/crypto/rsa/rsa_sign.c 2012-01-05 13:22:30.000000000 +0100 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11681,9 +11681,9 @@ diff -up openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips openssl-1.0.0a/crypto/rsa/rsa if (i <= 0) goto err; -diff -up openssl-1.0.0a/crypto/seed/seed.c.fips openssl-1.0.0a/crypto/seed/seed.c ---- openssl-1.0.0a/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 -+++ openssl-1.0.0a/crypto/seed/seed.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/seed/seed.c.fips openssl-1.0.0f/crypto/seed/seed.c +--- openssl-1.0.0f/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0f/crypto/seed/seed.c 2012-01-05 13:22:30.000000000 +0100 @@ -34,6 +34,9 @@ #include @@ -11713,9 +11713,9 @@ diff -up openssl-1.0.0a/crypto/seed/seed.c.fips openssl-1.0.0a/crypto/seed/seed. { seed_word x1, x2, x3, x4; seed_word t0, t1; -diff -up openssl-1.0.0a/crypto/seed/seed.h.fips openssl-1.0.0a/crypto/seed/seed.h ---- openssl-1.0.0a/crypto/seed/seed.h.fips 2010-06-04 12:25:14.000000000 +0200 -+++ openssl-1.0.0a/crypto/seed/seed.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/seed/seed.h.fips openssl-1.0.0f/crypto/seed/seed.h +--- openssl-1.0.0f/crypto/seed/seed.h.fips 2012-01-05 13:22:28.000000000 +0100 ++++ openssl-1.0.0f/crypto/seed/seed.h 2012-01-05 13:22:30.000000000 +0100 @@ -117,6 +117,9 @@ typedef struct seed_key_st { } SEED_KEY_SCHEDULE; @@ -11726,9 +11726,9 @@ diff -up openssl-1.0.0a/crypto/seed/seed.h.fips openssl-1.0.0a/crypto/seed/seed. void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); -diff -up openssl-1.0.0a/crypto/sha/sha_dgst.c.fips openssl-1.0.0a/crypto/sha/sha_dgst.c ---- openssl-1.0.0a/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0a/crypto/sha/sha_dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/sha/sha_dgst.c.fips openssl-1.0.0f/crypto/sha/sha_dgst.c +--- openssl-1.0.0f/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0f/crypto/sha/sha_dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -57,6 +57,12 @@ */ @@ -11742,9 +11742,9 @@ diff -up openssl-1.0.0a/crypto/sha/sha_dgst.c.fips openssl-1.0.0a/crypto/sha/sha #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0a/crypto/sha/sha.h.fips openssl-1.0.0a/crypto/sha/sha.h ---- openssl-1.0.0a/crypto/sha/sha.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/sha/sha.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/sha/sha.h.fips openssl-1.0.0f/crypto/sha/sha.h +--- openssl-1.0.0f/crypto/sha/sha.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/sha/sha.h 2012-01-05 13:22:30.000000000 +0100 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11755,9 +11755,9 @@ diff -up openssl-1.0.0a/crypto/sha/sha.h.fips openssl-1.0.0a/crypto/sha/sha.h int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0a/crypto/sha/sha_locl.h.fips openssl-1.0.0a/crypto/sha/sha_locl.h ---- openssl-1.0.0a/crypto/sha/sha_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/sha/sha_locl.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/sha/sha_locl.h.fips openssl-1.0.0f/crypto/sha/sha_locl.h +--- openssl-1.0.0f/crypto/sha/sha_locl.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/sha/sha_locl.h 2012-01-05 13:22:30.000000000 +0100 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11774,9 +11774,9 @@ diff -up openssl-1.0.0a/crypto/sha/sha_locl.h.fips openssl-1.0.0a/crypto/sha/sha memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0a/crypto/sha/sha1dgst.c.fips openssl-1.0.0a/crypto/sha/sha1dgst.c ---- openssl-1.0.0a/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0a/crypto/sha/sha1dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/sha/sha1dgst.c.fips openssl-1.0.0f/crypto/sha/sha1dgst.c +--- openssl-1.0.0f/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0f/crypto/sha/sha1dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11788,9 +11788,9 @@ diff -up openssl-1.0.0a/crypto/sha/sha1dgst.c.fips openssl-1.0.0a/crypto/sha/sha const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0a/crypto/sha/sha256.c.fips openssl-1.0.0a/crypto/sha/sha256.c ---- openssl-1.0.0a/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0a/crypto/sha/sha256.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/sha/sha256.c.fips openssl-1.0.0f/crypto/sha/sha256.c +--- openssl-1.0.0f/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0f/crypto/sha/sha256.c 2012-01-05 13:22:30.000000000 +0100 @@ -12,12 +12,19 @@ #include @@ -11821,9 +11821,9 @@ diff -up openssl-1.0.0a/crypto/sha/sha256.c.fips openssl-1.0.0a/crypto/sha/sha25 memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0a/crypto/sha/sha512.c.fips openssl-1.0.0a/crypto/sha/sha512.c ---- openssl-1.0.0a/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 -+++ openssl-1.0.0a/crypto/sha/sha512.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/sha/sha512.c.fips openssl-1.0.0f/crypto/sha/sha512.c +--- openssl-1.0.0f/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0f/crypto/sha/sha512.c 2012-01-05 13:22:30.000000000 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11855,9 +11855,9 @@ diff -up openssl-1.0.0a/crypto/sha/sha512.c.fips openssl-1.0.0a/crypto/sha/sha51 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -diff -up openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0a/crypto/whrlpool/whrlpool.h ---- openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/crypto/whrlpool/whrlpool.h 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0f/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0f/crypto/whrlpool/whrlpool.h.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/crypto/whrlpool/whrlpool.h 2012-01-05 13:22:30.000000000 +0100 @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; @@ -11868,9 +11868,9 @@ diff -up openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0a/crypto/wh int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -diff -up openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0a/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 -+++ openssl-1.0.0a/crypto/whrlpool/wp_dgst.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0f/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0f/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0f/crypto/whrlpool/wp_dgst.c 2012-01-05 13:22:30.000000000 +0100 @@ -53,8 +53,12 @@ #include "wp_locl.h" @@ -11885,9 +11885,9 @@ diff -up openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0a/crypto/whr { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.0a/Makefile.org.fips openssl-1.0.0a/Makefile.org ---- openssl-1.0.0a/Makefile.org.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/Makefile.org 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/Makefile.org.fips openssl-1.0.0f/Makefile.org +--- openssl-1.0.0f/Makefile.org.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/Makefile.org 2012-01-05 13:22:30.000000000 +0100 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11915,10 +11915,10 @@ diff -up openssl-1.0.0a/Makefile.org.fips openssl-1.0.0a/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0a/ssl/ssl_ciph.c.fips openssl-1.0.0a/ssl/ssl_ciph.c ---- openssl-1.0.0a/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0a/ssl/ssl_ciph.c 2010-06-04 12:25:15.000000000 +0200 -@@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c +diff -up openssl-1.0.0f/ssl/ssl_ciph.c.fips openssl-1.0.0f/ssl/ssl_ciph.c +--- openssl-1.0.0f/ssl/ssl_ciph.c.fips 2011-12-02 13:51:05.000000000 +0100 ++++ openssl-1.0.0f/ssl/ssl_ciph.c 2012-01-05 13:22:30.000000000 +0100 +@@ -728,6 +728,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && !(c->algorithm_mac & disabled_mac) && @@ -11940,10 +11940,10 @@ diff -up openssl-1.0.0a/ssl/ssl_ciph.c.fips openssl-1.0.0a/ssl/ssl_ciph.c { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0a/ssl/ssl_lib.c.fips openssl-1.0.0a/ssl/ssl_lib.c ---- openssl-1.0.0a/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 -+++ openssl-1.0.0a/ssl/ssl_lib.c 2010-06-04 12:25:15.000000000 +0200 -@@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.0.0f/ssl/ssl_lib.c.fips openssl-1.0.0f/ssl/ssl_lib.c +--- openssl-1.0.0f/ssl/ssl_lib.c.fips 2011-09-26 19:04:49.000000000 +0200 ++++ openssl-1.0.0f/ssl/ssl_lib.c 2012-01-05 13:22:30.000000000 +0100 +@@ -1524,6 +1524,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11958,9 +11958,9 @@ diff -up openssl-1.0.0a/ssl/ssl_lib.c.fips openssl-1.0.0a/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c ---- openssl-1.0.0a/ssl/ssltest.c.fips 2010-06-04 12:25:15.000000000 +0200 -+++ openssl-1.0.0a/ssl/ssltest.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/ssl/ssltest.c.fips openssl-1.0.0f/ssl/ssltest.c +--- openssl-1.0.0f/ssl/ssltest.c.fips 2012-01-05 13:22:29.000000000 +0100 ++++ openssl-1.0.0f/ssl/ssltest.c 2012-01-05 13:22:30.000000000 +0100 @@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -12020,7 +12020,7 @@ diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c if (print_time) { if (!bio_pair) -@@ -2156,12 +2185,12 @@ static int MS_CALLBACK app_verify_callba +@@ -2153,12 +2182,12 @@ static int MS_CALLBACK app_verify_callba } #ifndef OPENSSL_NO_X509_VERIFY @@ -12035,9 +12035,9 @@ diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0a/ssl/s23_clnt.c.fips openssl-1.0.0a/ssl/s23_clnt.c ---- openssl-1.0.0a/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0a/ssl/s23_clnt.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/ssl/s23_clnt.c.fips openssl-1.0.0f/ssl/s23_clnt.c +--- openssl-1.0.0f/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0f/ssl/s23_clnt.c 2012-01-05 13:22:30.000000000 +0100 @@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; @@ -12068,9 +12068,9 @@ diff -up openssl-1.0.0a/ssl/s23_clnt.c.fips openssl-1.0.0a/ssl/s23_clnt.c s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0a/ssl/s23_srvr.c.fips openssl-1.0.0a/ssl/s23_srvr.c ---- openssl-1.0.0a/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0a/ssl/s23_srvr.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/ssl/s23_srvr.c.fips openssl-1.0.0f/ssl/s23_srvr.c +--- openssl-1.0.0f/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0f/ssl/s23_srvr.c 2012-01-05 13:22:30.000000000 +0100 @@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12087,9 +12087,9 @@ diff -up openssl-1.0.0a/ssl/s23_srvr.c.fips openssl-1.0.0a/ssl/s23_srvr.c if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c ---- openssl-1.0.0a/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 -+++ openssl-1.0.0a/ssl/s3_clnt.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/ssl/s3_clnt.c.fips openssl-1.0.0f/ssl/s3_clnt.c +--- openssl-1.0.0f/ssl/s3_clnt.c.fips 2011-12-26 20:38:19.000000000 +0100 ++++ openssl-1.0.0f/ssl/s3_clnt.c 2012-01-05 13:22:30.000000000 +0100 @@ -156,6 +156,10 @@ #include #include @@ -12101,7 +12101,7 @@ diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c #ifndef OPENSSL_NO_DH #include #endif -@@ -1546,6 +1550,8 @@ int ssl3_get_key_exchange(SSL *s) +@@ -1550,6 +1554,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { @@ -12110,9 +12110,9 @@ diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c ---- openssl-1.0.0a/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0a/ssl/s3_enc.c 2010-06-04 12:25:15.000000000 +0200 +diff -up openssl-1.0.0f/ssl/s3_enc.c.fips openssl-1.0.0f/ssl/s3_enc.c +--- openssl-1.0.0f/ssl/s3_enc.c.fips 2012-01-04 16:38:54.000000000 +0100 ++++ openssl-1.0.0f/ssl/s3_enc.c 2012-01-05 13:22:30.000000000 +0100 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12121,7 +12121,7 @@ diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c EVP_MD_CTX_init(&s1); for (i=0; (int)is3->tmp.new_cipher->algorithm2) && md) { s->s3->handshake_dgst[i]=EVP_MD_CTX_create(); @@ -12130,7 +12130,7 @@ diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL); EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen); } -@@ -670,6 +673,7 @@ static int ssl3_handshake_mac(SSL *s, in +@@ -672,6 +675,7 @@ static int ssl3_handshake_mac(SSL *s, in return 0; } EVP_MD_CTX_init(&ctx); @@ -12138,10 +12138,10 @@ diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0a/ssl/s3_srvr.c.fips openssl-1.0.0a/ssl/s3_srvr.c ---- openssl-1.0.0a/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 -+++ openssl-1.0.0a/ssl/s3_srvr.c 2010-06-04 12:25:15.000000000 +0200 -@@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s +diff -up openssl-1.0.0f/ssl/s3_srvr.c.fips openssl-1.0.0f/ssl/s3_srvr.c +--- openssl-1.0.0f/ssl/s3_srvr.c.fips 2012-01-04 16:27:54.000000000 +0100 ++++ openssl-1.0.0f/ssl/s3_srvr.c 2012-01-05 13:22:30.000000000 +0100 +@@ -1770,6 +1770,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) { @@ -12150,9 +12150,9 @@ diff -up openssl-1.0.0a/ssl/s3_srvr.c.fips openssl-1.0.0a/ssl/s3_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0a/ssl/t1_enc.c.fips openssl-1.0.0a/ssl/t1_enc.c ---- openssl-1.0.0a/ssl/t1_enc.c.fips 2010-05-17 13:26:56.000000000 +0200 -+++ openssl-1.0.0a/ssl/t1_enc.c 2010-06-04 13:28:01.000000000 +0200 +diff -up openssl-1.0.0f/ssl/t1_enc.c.fips openssl-1.0.0f/ssl/t1_enc.c +--- openssl-1.0.0f/ssl/t1_enc.c.fips 2010-06-15 19:25:15.000000000 +0200 ++++ openssl-1.0.0f/ssl/t1_enc.c 2012-01-05 13:22:30.000000000 +0100 @@ -170,6 +170,8 @@ static int tls1_P_hash(const EVP_MD *md, HMAC_CTX_init(&ctx); diff --git a/openssl-1.0.0e-version.patch b/openssl-1.0.0f-version.patch similarity index 57% rename from openssl-1.0.0e-version.patch rename to openssl-1.0.0f-version.patch index 0a45f74..6c67a5e 100644 --- a/openssl-1.0.0e-version.patch +++ b/openssl-1.0.0f-version.patch @@ -1,22 +1,22 @@ -diff -up openssl-1.0.0e/crypto/opensslv.h.version openssl-1.0.0e/crypto/opensslv.h ---- openssl-1.0.0e/crypto/opensslv.h.version 2011-09-07 13:55:52.000000000 +0200 -+++ openssl-1.0.0e/crypto/opensslv.h 2011-09-07 13:59:28.000000000 +0200 +diff -up openssl-1.0.0f/crypto/opensslv.h.version openssl-1.0.0f/crypto/opensslv.h +--- openssl-1.0.0f/crypto/opensslv.h.version 2012-01-05 13:28:32.000000000 +0100 ++++ openssl-1.0.0f/crypto/opensslv.h 2012-01-05 13:29:37.000000000 +0100 @@ -25,7 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ --#define OPENSSL_VERSION_NUMBER 0x1000005fL +-#define OPENSSL_VERSION_NUMBER 0x1000006fL +/* we have to keep the version number to not break the abi */ +#define OPENSSL_VERSION_NUMBER 0x10000003 #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0f-fips 4 Jan 2012" #else @@ -83,7 +84,7 @@ * should only keep the versions that are binary compatible with the current. */ #define SHLIB_VERSION_HISTORY "" -#define SHLIB_VERSION_NUMBER "1.0.0" -+#define SHLIB_VERSION_NUMBER "1.0.0e" ++#define SHLIB_VERSION_NUMBER "1.0.0f" #endif /* HEADER_OPENSSLV_H */