From efa5f39ef0b1638a42cc61de0c85301147ac28ef Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Thu, 11 Mar 2021 19:58:41 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79 --- .gitignore | 1 + openssl-1.1.0-issuer-hash.patch | 11 - openssl-1.1.1-evp-kdf.patch | 262 ++++----- openssl-1.1.1-fips-dh.patch | 135 +++-- openssl-1.1.1-fips.patch | 826 +++++++++++++-------------- openssl-1.1.1-verify-cert.patch | 113 ---- openssl-1.1.1-version-override.patch | 6 +- openssl.spec | 14 +- sources | 2 +- 9 files changed, 611 insertions(+), 759 deletions(-) delete mode 100644 openssl-1.1.0-issuer-hash.patch delete mode 100644 openssl-1.1.1-verify-cert.patch diff --git a/.gitignore b/.gitignore index d1abce3..e3a11e6 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.1g-hobbled.tar.xz /openssl-1.1.1h-hobbled.tar.xz /openssl-1.1.1i-hobbled.tar.xz +/openssl-1.1.1j-hobbled.tar.xz diff --git a/openssl-1.1.0-issuer-hash.patch b/openssl-1.1.0-issuer-hash.patch deleted file mode 100644 index 1b824e0..0000000 --- a/openssl-1.1.0-issuer-hash.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c ---- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200 -+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200 -@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has - - if (ctx == NULL) - goto err; -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) - goto err; diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch index f1d7618..6145753 100644 --- a/openssl-1.1.1-evp-kdf.patch +++ b/openssl-1.1.1-evp-kdf.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt ---- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-19 16:04:11.299063517 +0100 -@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn +diff -up openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf openssl-1.1.1j/crypto/err/openssl.txt +--- openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/err/openssl.txt 2021-03-03 14:10:13.729466935 +0100 +@@ -748,6 +748,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate @@ -11,7 +11,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex EVP_F_EVP_MD_SIZE:162:EVP_MD_size EVP_F_EVP_OPENINIT:102:EVP_OpenInit -@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k +@@ -810,12 +813,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen @@ -43,7 +43,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init -@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc +@@ -827,6 +849,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init @@ -51,15 +51,15 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid -@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ +@@ -2284,6 +2307,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_K operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized + EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow +EVP_R_PARAMETER_TOO_LARGE:187:parameter too large EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ -@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed +@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type KDF_R_VALUE_ERROR:108:value error KDF_R_VALUE_MISSING:102:value missing @@ -67,9 +67,9 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err OBJ_R_OID_EXISTS:102:oid exists OBJ_R_UNKNOWN_NID:101:unknown nid OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error -diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info ---- openssl-1.1.1e/crypto/evp/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-19 16:04:11.300063500 +0100 +diff -up openssl-1.1.1j/crypto/evp/build.info.evp-kdf openssl-1.1.1j/crypto/evp/build.info +--- openssl-1.1.1j/crypto/evp/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/build.info 2021-03-03 14:08:02.490294839 +0100 @@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -80,9 +80,9 @@ diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c cmeth_lib.c -diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c ---- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2020-03-19 16:04:11.300063500 +0100 -+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-19 16:16:46.497967633 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c +--- openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c 2021-03-03 14:08:02.490294839 +0100 @@ -14,9 +14,9 @@ # include @@ -94,9 +94,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/ typedef struct { union { -diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c ---- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf 2020-03-19 16:04:11.301063483 +0100 -+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-19 16:14:13.147628683 +0100 +diff -up openssl-1.1.1j/crypto/evp/encode.c.evp-kdf openssl-1.1.1j/crypto/evp/encode.c +--- openssl-1.1.1j/crypto/evp/encode.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/encode.c 2021-03-03 14:08:02.491294847 +0100 @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" @@ -107,9 +107,9 @@ diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/en static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); -diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c ---- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf 2020-03-19 16:04:11.218064919 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-19 16:04:11.302063465 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_err.c +--- openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf 2021-03-03 14:08:02.469294651 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 14:12:08.272351600 +0100 @@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), "EVP_EncryptFinal_ex"}, @@ -135,18 +135,18 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/e {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} }; -@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), +@@ -243,6 +248,8 @@ static const ERR_STRING_DATA EVP_str_rea "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), + "parameter too large"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, -diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h ---- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf 2020-03-19 16:04:10.657074629 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-19 16:04:20.722900404 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1j/crypto/evp/evp_local.h +--- openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf 2021-03-03 14:08:02.362293695 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_local.h 2021-03-03 14:08:02.491294847 +0100 @@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ } /* EVP_CIPHER_CTX */ ; @@ -159,9 +159,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, -diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c ---- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-19 16:11:56.425001210 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_pbe.c +--- openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_pbe.c 2021-03-03 14:08:02.491294847 +0100 @@ -12,6 +12,7 @@ #include #include @@ -170,9 +170,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/e #include "evp_local.h" /* Password based encryption (PBE) functions */ -diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c ---- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100 -+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-19 16:04:20.723900386 +0100 +diff -up openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1j/crypto/evp/kdf_lib.c +--- openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100 ++++ openssl-1.1.1j/crypto/evp/kdf_lib.c 2021-03-03 14:08:02.491294847 +0100 @@ -0,0 +1,165 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -339,9 +339,9 @@ diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/k + return ctx->kmeth->derive(ctx->impl, key, keylen); +} + -diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c ---- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-19 16:17:48.822886126 +0100 +diff -up openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1j/crypto/evp/p5_crpt2.c +--- openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/p5_crpt2.c 2021-03-03 14:08:02.491294847 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -490,9 +490,9 @@ diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/ } int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c ---- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-19 16:04:20.725900352 +0100 +diff -up openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1j/crypto/evp/pbe_scrypt.c +--- openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c 2021-03-03 14:08:02.491294847 +0100 @@ -7,135 +7,12 @@ * https://www.openssl.org/source/license.html */ @@ -763,9 +763,9 @@ diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/ev } + #endif -diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c ---- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf 2020-03-19 16:04:20.726900334 +0100 -+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-19 16:04:20.725900352 +0100 +diff -up openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1j/crypto/evp/pkey_kdf.c +--- openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100 ++++ openssl-1.1.1j/crypto/evp/pkey_kdf.c 2021-03-03 14:08:02.491294847 +0100 @@ -0,0 +1,255 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1022,17 +1022,17 @@ diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/ + pkey_kdf_ctrl_str +}; + -diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info ---- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-19 16:04:32.347699194 +0100 +diff -up openssl-1.1.1j/crypto/kdf/build.info.evp-kdf openssl-1.1.1j/crypto/kdf/build.info +--- openssl-1.1.1j/crypto/kdf/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/kdf/build.info 2021-03-03 14:08:02.491294847 +0100 @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - tls1_prf.c kdf_err.c hkdf.c scrypt.c + tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c -diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c ---- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-19 16:06:59.757147720 +0100 +diff -up openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1j/crypto/kdf/hkdf.c +--- openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/kdf/hkdf.c 2021-03-03 14:08:02.492294856 +0100 @@ -8,32 +8,33 @@ */ @@ -1498,9 +1498,9 @@ diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf err: OPENSSL_cleanse(prev, sizeof(prev)); -diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c ---- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-19 16:04:32.349699159 +0100 +diff -up openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_err.c +--- openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/kdf/kdf_err.c 2021-03-03 14:08:02.492294856 +0100 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT @@ -1556,9 +1556,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/k {0, NULL} }; -diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h ---- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf 2020-03-19 16:04:32.349699159 +0100 -+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-19 16:04:32.349699159 +0100 +diff -up openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_local.h +--- openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf 2021-03-03 14:08:02.492294856 +0100 ++++ openssl-1.1.1j/crypto/kdf/kdf_local.h 2021-03-03 14:08:02.492294856 +0100 @@ -0,0 +1,22 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1582,9 +1582,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf + int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), + int cmd, const char *md_name); + -diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c ---- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf 2020-03-19 16:04:32.350699142 +0100 -+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-19 16:04:32.350699142 +0100 +diff -up openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_util.c +--- openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100 ++++ openssl-1.1.1j/crypto/kdf/kdf_util.c 2021-03-03 14:08:02.492294856 +0100 @@ -0,0 +1,73 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1659,9 +1659,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/ + return call_ctrl(ctrl, impl, cmd, md); +} + -diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c ---- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf 2020-03-19 16:04:32.374698727 +0100 -+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-19 16:04:32.374698727 +0100 +diff -up openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1j/crypto/kdf/pbkdf2.c +--- openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100 ++++ openssl-1.1.1j/crypto/kdf/pbkdf2.c 2021-03-03 14:08:02.492294856 +0100 @@ -0,0 +1,264 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1927,9 +1927,9 @@ diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pb + HMAC_CTX_free(hctx_tpl); + return ret; +} -diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c ---- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-19 16:11:06.215872475 +0100 +diff -up openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1j/crypto/kdf/scrypt.c +--- openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/kdf/scrypt.c 2021-03-03 14:08:02.492294856 +0100 @@ -8,25 +8,35 @@ */ @@ -2517,9 +2517,9 @@ diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/sc +} #endif -diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c ---- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-19 16:10:32.317460707 +0100 +diff -up openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1j/crypto/kdf/tls1_prf.c +--- openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/kdf/tls1_prf.c 2021-03-03 14:08:02.492294856 +0100 @@ -8,11 +8,15 @@ */ @@ -2802,9 +2802,9 @@ diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/ OPENSSL_clear_free(tmp, olen); return 0; } -diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod ---- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100 -+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-19 16:04:32.377698675 +0100 +diff -up openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod +--- openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2021-03-03 14:08:02.492294856 +0100 ++++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod 2021-03-03 14:08:02.492294856 +0100 @@ -0,0 +1,217 @@ +=pod + @@ -3023,9 +3023,9 @@ diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3 +L. + +=cut -diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod ---- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-19 16:04:32.377698675 +0100 +diff -up openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod +--- openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 ++++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod 2021-03-03 14:08:02.493294865 +0100 @@ -0,0 +1,180 @@ +=pod + @@ -3207,9 +3207,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man +L. + +=cut -diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod ---- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-19 16:04:32.378698658 +0100 +diff -up openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod +--- openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 ++++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod 2021-03-03 14:08:02.493294865 +0100 @@ -0,0 +1,78 @@ +=pod + @@ -3289,9 +3289,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/m +L. + +=cut -diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod ---- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-19 16:04:32.378698658 +0100 +diff -up openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod +--- openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 ++++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod 2021-03-03 14:08:02.493294865 +0100 @@ -0,0 +1,149 @@ +=pod + @@ -3442,9 +3442,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/m +L. + +=cut -diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod ---- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-19 16:04:32.378698658 +0100 +diff -up openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod +--- openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100 ++++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod 2021-03-03 14:08:02.493294865 +0100 @@ -0,0 +1,142 @@ +=pod + @@ -3588,9 +3588,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc +L. + +=cut -diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h ---- openssl-1.1.1e/include/crypto/evp.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-19 16:04:32.347699194 +0100 +diff -up openssl-1.1.1j/include/crypto/evp.h.evp-kdf openssl-1.1.1j/include/crypto/evp.h +--- openssl-1.1.1j/include/crypto/evp.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/crypto/evp.h 2021-03-03 14:08:02.493294865 +0100 @@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m extern const EVP_PKEY_METHOD poly1305_pkey_meth; extern const EVP_PKEY_METHOD siphash_pkey_meth; @@ -3616,10 +3616,10 @@ diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/cryp struct evp_md_st { int type; int pkey_type; -diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h ---- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf 2020-03-19 16:04:11.250064365 +0100 -+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-19 16:04:32.379698640 +0100 -@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1j/include/openssl/evperr.h.evp-kdf openssl-1.1.1j/include/openssl/evperr.h +--- openssl-1.1.1j/include/openssl/evperr.h.evp-kdf 2021-03-03 14:08:02.477294722 +0100 ++++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 14:13:37.587003722 +0100 +@@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 167 @@ -3629,7 +3629,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/ # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 -@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void); +@@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 @@ -3643,17 +3643,17 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/ # define EVP_F_UPDATE 173 /* -@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void); +@@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARAMETER_TOO_LARGE 187 + # define EVP_R_OUTPUT_WOULD_OVERFLOW 184 # define EVP_R_PARTIALLY_OVERLAPPING 162 # define EVP_R_PBKDF2_ERROR 181 - # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 -diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h ---- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-19 16:04:32.379698640 +0100 +diff -up openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf openssl-1.1.1j/include/openssl/kdferr.h +--- openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/kdferr.h 2021-03-03 14:08:02.493294865 +0100 @@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void); /* * KDF function codes. @@ -3693,9 +3693,9 @@ diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/ +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 #endif -diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h ---- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-19 16:04:32.380698623 +0100 +diff -up openssl-1.1.1j/include/openssl/kdf.h.evp-kdf openssl-1.1.1j/include/openssl/kdf.h +--- openssl-1.1.1j/include/openssl/kdf.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/kdf.h 2021-03-03 14:08:02.493294865 +0100 @@ -10,10 +10,50 @@ #ifndef HEADER_KDF_H # define HEADER_KDF_H @@ -3774,9 +3774,9 @@ diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/ope } # endif #endif -diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h ---- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-19 16:04:32.381698606 +0100 +diff -up openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1j/include/openssl/ossl_typ.h +--- openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/ossl_typ.h 2021-03-03 14:08:02.493294865 +0100 @@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; @@ -3786,9 +3786,9 @@ diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/includ typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; -diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info ---- openssl-1.1.1e/test/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/build.info 2020-03-19 16:04:32.381698606 +0100 +diff -up openssl-1.1.1j/test/build.info.evp-kdf openssl-1.1.1j/test/build.info +--- openssl-1.1.1j/test/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/build.info 2021-03-03 14:08:02.493294865 +0100 @@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test \ @@ -3810,9 +3810,9 @@ diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info SOURCE[x509_time_test]=x509_time_test.c INCLUDE[x509_time_test]=../include DEPEND[x509_time_test]=../libcrypto libtestutil.a -diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c ---- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf 2020-03-19 16:04:32.382698588 +0100 -+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-19 16:04:32.382698588 +0100 +diff -up openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf openssl-1.1.1j/test/evp_kdf_test.c +--- openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf 2021-03-03 14:08:02.494294874 +0100 ++++ openssl-1.1.1j/test/evp_kdf_test.c 2021-03-03 14:08:02.494294874 +0100 @@ -0,0 +1,237 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. @@ -4051,9 +4051,9 @@ diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_ +#endif + return 1; +} -diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c ---- openssl-1.1.1e/test/evp_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/evp_test.c 2020-03-19 16:04:32.383698571 +0100 +diff -up openssl-1.1.1j/test/evp_test.c.evp-kdf openssl-1.1.1j/test/evp_test.c +--- openssl-1.1.1j/test/evp_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/evp_test.c 2021-03-03 14:08:02.494294874 +0100 @@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test encode_test_run, }; @@ -4265,9 +4265,9 @@ diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c &keypair_test_method, &keygen_test_method, &mac_test_method, -diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c ---- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-19 16:04:32.386698519 +0100 +diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pkey_meth_kdf_test.c +--- openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/pkey_meth_kdf_test.c 2021-03-03 14:08:02.494294874 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -4471,9 +4471,9 @@ diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pk } #endif -diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt ---- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-19 16:04:32.388698484 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt +--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100 @@ -1,5 +1,5 @@ # -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. @@ -4872,9 +4872,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl +Ctrl.digest = digest:sha512 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14 + -diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt ---- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2020-03-19 16:04:32.389698467 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-19 16:04:32.389698467 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt +--- openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2021-03-03 14:08:02.494294874 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt 2021-03-03 14:08:02.494294874 +0100 @@ -0,0 +1,305 @@ +# +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -5181,9 +5181,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op +Ctrl.p = p:1 +Result = INTERNAL_ERROR + -diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t ---- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf 2020-03-19 16:04:32.390698450 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-19 16:04:32.390698450 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_kdf.t +--- openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf 2021-03-03 14:08:02.494294874 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t 2021-03-03 14:08:02.494294874 +0100 @@ -0,0 +1,13 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -5198,9 +5198,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/te +use OpenSSL::Test::Simple; + +simple_test("test_evp_kdf", "evp_kdf_test"); -diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t ---- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-19 16:04:32.390698450 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp.t +--- openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp.t 2021-03-03 14:08:02.495294883 +0100 @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/ setup("test_evp"); @@ -5210,10 +5210,10 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/r "evpcase.txt", "evpccmcavs.txt" ); plan tests => scalar(@files); -diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num ---- openssl-1.1.1e/util/libcrypto.num.evp-kdf 2020-03-19 16:04:11.263064140 +0100 -+++ openssl-1.1.1e/util/libcrypto.num 2020-03-19 16:04:32.392698415 +0100 -@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength +diff -up openssl-1.1.1j/util/libcrypto.num.evp-kdf openssl-1.1.1j/util/libcrypto.num +--- openssl-1.1.1j/util/libcrypto.num.evp-kdf 2021-03-03 14:08:02.481294758 +0100 ++++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 14:08:02.495294883 +0100 +@@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: @@ -5225,9 +5225,9 @@ diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto +EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION: +EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION: +EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION: -diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num ---- openssl-1.1.1e/util/private.num.evp-kdf 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/util/private.num 2020-03-19 16:04:32.393698398 +0100 +diff -up openssl-1.1.1j/util/private.num.evp-kdf openssl-1.1.1j/util/private.num +--- openssl-1.1.1j/util/private.num.evp-kdf 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/util/private.num 2021-03-03 14:08:02.495294883 +0100 @@ -21,6 +21,7 @@ CRYPTO_EX_dup CRYPTO_EX_free datatype CRYPTO_EX_new datatype diff --git a/openssl-1.1.1-fips-dh.patch b/openssl-1.1.1-fips-dh.patch index ff895d5..e1c739b 100644 --- a/openssl-1.1.1-fips-dh.patch +++ b/openssl-1.1.1-fips-dh.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c ---- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-07-17 10:36:29.245788441 +0200 +diff -up openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh openssl-1.1.1j/crypto/bn/bn_const.c +--- openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/bn/bn_const.c 2021-03-03 14:23:27.403092418 +0100 @@ -1,13 +1,17 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -477,9 +477,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn - return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); + return COPY_BN(bn, _bignum_modp_8192_p); } -diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c ---- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-07-17 10:36:29.246788449 +0200 +diff -up openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1j/crypto/bn/bn_dh.c +--- openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/bn/bn_dh.c 2021-03-03 14:23:27.404092427 +0100 @@ -1,7 +1,7 @@ /* - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. @@ -1956,9 +1956,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh -#endif +#endif /* OPENSSL_NO_DH */ -diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c ---- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-07-17 10:36:29.246788449 +0200 +diff -up openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh openssl-1.1.1j/crypto/dh/dh_check.c +--- openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_check.c 2021-03-03 14:23:27.404092427 +0100 @@ -10,6 +10,7 @@ #include #include "internal/cryptlib.h" @@ -2043,9 +2043,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh + return dh_check_pub_key_int(dh, q, pub_key, ret); +} + -diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c ---- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-07-17 10:36:29.182787923 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-07-17 10:36:29.246788449 +0200 +diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1j/crypto/dh/dh_gen.c +--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh 2021-03-03 14:23:27.338091859 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 14:23:27.404092427 +0100 @@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i BN_GENCB *cb) { @@ -2075,10 +2075,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c ---- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-07-17 10:36:29.182787923 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-07-17 11:00:07.783777846 +0200 -@@ -100,10 +100,18 @@ static int generate_key(DH *dh) +diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh openssl-1.1.1j/crypto/dh/dh_key.c +--- openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh 2021-03-03 14:23:27.338091859 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 14:51:36.235296236 +0100 +@@ -120,10 +120,18 @@ static int generate_key(DH *dh) BIGNUM *pub_key = NULL, *priv_key = NULL; #ifdef OPENSSL_FIPS @@ -2101,7 +2101,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k } #endif -@@ -139,7 +147,15 @@ static int generate_key(DH *dh) +@@ -159,7 +167,15 @@ static int generate_key(DH *dh) } if (generate_new_key) { @@ -2118,7 +2118,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k do { if (!BN_priv_rand_range(priv_key, dh->q)) goto err; -@@ -175,6 +191,15 @@ static int generate_key(DH *dh) +@@ -195,6 +211,15 @@ static int generate_key(DH *dh) } /* We MUST free prk before any further use of priv_key */ BN_clear_free(prk); @@ -2134,7 +2134,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k } dh->pub_key = pub_key; -@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke +@@ -217,6 +242,7 @@ static int compute_key(unsigned char *ke BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *tmp; @@ -2142,7 +2142,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k int ret = -1; int check_result; -@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke +@@ -263,6 +289,18 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); goto err; } @@ -2159,11 +2159,11 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k + goto err; + } - ret = BN_bn2bin(tmp, key); + ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: -diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c ---- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-07-17 10:36:29.246788449 +0200 +diff -up openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1j/crypto/dh/dh_lib.c +--- openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_lib.c 2021-03-03 14:23:27.405092436 +0100 @@ -8,6 +8,7 @@ */ @@ -2193,9 +2193,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l dh->length = BN_num_bits(q); } -diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h ---- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-07-17 10:36:28.968786163 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-07-17 10:36:29.246788449 +0200 +diff -up openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh openssl-1.1.1j/crypto/dh/dh_local.h +--- openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh 2021-03-03 14:23:27.202090689 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_local.h 2021-03-03 14:23:27.405092436 +0100 @@ -35,6 +35,7 @@ struct dh_st { const DH_METHOD *meth; ENGINE *engine; @@ -2215,9 +2215,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh +/* FIPS mode only check which requires nid set and looks up q based on it. */ +int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret); + -diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c ---- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-07-17 10:36:29.246788449 +0200 +diff -up openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1j/crypto/dh/dh_rfc7919.c +--- openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_rfc7919.c 2021-03-03 14:23:27.405092436 +0100 @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ @@ -2387,10 +2387,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/ + return dh_match_group(dh, q, NULL) != NID_undef; +} + -diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c ---- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh 2020-07-17 11:00:53.958175227 +0200 -+++ openssl-1.1.1g/crypto/ec/ec_key.c 2020-07-20 13:24:03.941107320 +0200 -@@ -280,9 +280,18 @@ int ec_key_simple_generate_key(EC_KEY *e +diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh openssl-1.1.1j/crypto/ec/ec_key.c +--- openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh 2021-03-03 14:23:27.339091868 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 14:23:27.405092436 +0100 +@@ -281,9 +281,18 @@ int ec_key_simple_generate_key(EC_KEY *e if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) goto err; @@ -2410,7 +2410,7 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k ok = 1; err: -@@ -296,8 +305,23 @@ int ec_key_simple_generate_key(EC_KEY *e +@@ -297,8 +306,23 @@ int ec_key_simple_generate_key(EC_KEY *e int ec_key_simple_generate_public_key(EC_KEY *eckey) { @@ -2435,9 +2435,9 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k } int EC_KEY_check_key(const EC_KEY *eckey) -diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c ---- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-07-17 10:36:29.247788458 +0200 +diff -up openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh openssl-1.1.1j/crypto/evp/p_lib.c +--- openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/p_lib.c 2021-03-03 14:23:27.405092436 +0100 @@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) @@ -2448,9 +2448,9 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l int ret = EVP_PKEY_assign(pkey, type, key); if (ret) -diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h ---- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-07-17 10:36:29.239788392 +0200 -+++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-07-17 10:36:29.247788458 +0200 +diff -up openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1j/crypto/objects/obj_dat.h +--- openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh 2021-03-03 14:23:27.394092341 +0100 ++++ openssl-1.1.1j/crypto/objects/obj_dat.h 2021-03-03 14:23:27.406092444 +0100 @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ }; @@ -2512,9 +2512,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o 481, /* "nSRecord" */ 173, /* "name" */ 681, /* "onBasis" */ -diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt ---- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-07-17 10:36:29.239788392 +0200 -+++ openssl-1.1.1g/crypto/objects/objects.txt 2020-07-17 10:36:29.247788458 +0200 +diff -up openssl-1.1.1j/crypto/objects/objects.txt.fips-dh openssl-1.1.1j/crypto/objects/objects.txt +--- openssl-1.1.1j/crypto/objects/objects.txt.fips-dh 2021-03-03 14:23:27.395092350 +0100 ++++ openssl-1.1.1j/crypto/objects/objects.txt 2021-03-03 14:23:27.406092444 +0100 @@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit : ffdhe4096 : ffdhe6144 @@ -2529,9 +2529,9 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17) -diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num ---- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-07-17 10:36:29.239788392 +0200 -+++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-07-17 10:36:29.248788466 +0200 +diff -up openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1j/crypto/objects/obj_mac.num +--- openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh 2021-03-03 14:23:27.395092350 +0100 ++++ openssl-1.1.1j/crypto/objects/obj_mac.num 2021-03-03 14:23:27.406092444 +0100 @@ -1196,3 +1196,9 @@ sshkdf 1195 kbkdf 1196 krb5kdf 1197 @@ -2542,9 +2542,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto +modp_4096 1202 +modp_6144 1203 +modp_8192 1204 -diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod ---- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-07-17 10:36:29.248788466 +0200 +diff -up openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1j/doc/man3/DH_new_by_nid.pod +--- openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/doc/man3/DH_new_by_nid.pod 2021-03-03 14:23:27.406092444 +0100 @@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find #include @@ -2563,9 +2563,9 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma DH_get_nid() determines if the parameters contained in B match any named set. It returns the NID corresponding to the matching parameters or -diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod ---- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-07-17 10:36:29.248788466 +0200 +diff -up openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod +--- openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod 2021-03-03 14:23:27.406092444 +0100 @@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets If B is zero (the default) then no padding is performed. @@ -2582,9 +2582,9 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do The nid parameter and the rfc5114 parameter are mutually exclusive. The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are -diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h ---- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh 2020-04-21 14:22:39.000000000 +0200 -+++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-07-17 10:36:29.248788466 +0200 +diff -up openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh openssl-1.1.1j/include/crypto/bn_dh.h +--- openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/crypto/bn_dh.h 2021-03-03 14:23:27.406092444 +0100 @@ -1,7 +1,7 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -2633,9 +2633,9 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr +extern const BIGNUM _bignum_modp_4096_q; +extern const BIGNUM _bignum_modp_6144_q; +extern const BIGNUM _bignum_modp_8192_q; -diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h ---- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-07-17 10:36:29.240788400 +0200 -+++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-07-17 10:36:29.248788466 +0200 +diff -up openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh openssl-1.1.1j/include/openssl/obj_mac.h +--- openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh 2021-03-03 14:23:27.396092358 +0100 ++++ openssl-1.1.1j/include/openssl/obj_mac.h 2021-03-03 14:23:27.407092453 +0100 @@ -5115,6 +5115,24 @@ #define SN_ffdhe8192 "ffdhe8192" #define NID_ffdhe8192 1130 @@ -2661,10 +2661,10 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include #define SN_ISO_UA "ISO-UA" #define NID_ISO_UA 1150 #define OBJ_ISO_UA OBJ_member_body,804L -diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c ---- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-07-17 10:36:29.199788063 +0200 -+++ openssl-1.1.1g/ssl/s3_lib.c 2020-07-17 10:36:29.248788466 +0200 -@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey +diff -up openssl-1.1.1j/ssl/s3_lib.c.fips-dh openssl-1.1.1j/ssl/s3_lib.c +--- openssl-1.1.1j/ssl/s3_lib.c.fips-dh 2021-03-03 14:23:27.354091997 +0100 ++++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 14:23:27.407092453 +0100 +@@ -4849,13 +4849,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey EVP_PKEY *ssl_dh_to_pkey(DH *dh) { EVP_PKEY *ret; @@ -2716,11 +2716,10 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c return ret; } #endif - -diff -up openssl-1.1.1h/ssl/t1_lib.c.fips-dh openssl-1.1.1h/ssl/t1_lib.c ---- openssl-1.1.1h/ssl/t1_lib.c.fips-dh 2020-11-04 14:04:41.851711629 +0100 -+++ openssl-1.1.1h/ssl/t1_lib.c 2020-11-04 14:06:06.506431652 +0100 -@@ -2470,7 +2470,7 @@ +diff -up openssl-1.1.1j/ssl/t1_lib.c.fips-dh openssl-1.1.1j/ssl/t1_lib.c +--- openssl-1.1.1j/ssl/t1_lib.c.fips-dh 2021-03-03 14:23:27.401092401 +0100 ++++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 14:23:27.407092453 +0100 +@@ -2542,7 +2542,7 @@ DH *ssl_get_auto_dh(SSL *s) p = BN_get_rfc3526_prime_4096(NULL); else if (dh_secbits >= 128) p = BN_get_rfc3526_prime_3072(NULL); diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index c9137ca..aa3d33d 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.1g/apps/pkcs12.c.fips openssl-1.1.1g/apps/pkcs12.c ---- openssl-1.1.1g/apps/pkcs12.c.fips 2020-04-23 13:26:06.975649817 +0200 -+++ openssl-1.1.1g/apps/pkcs12.c 2020-04-23 13:28:27.689995889 +0200 +diff -up openssl-1.1.1j/apps/pkcs12.c.fips openssl-1.1.1j/apps/pkcs12.c +--- openssl-1.1.1j/apps/pkcs12.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/apps/pkcs12.c 2021-03-03 12:57:42.194734484 +0100 @@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv) int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; @@ -10,9 +10,9 @@ diff -up openssl-1.1.1g/apps/pkcs12.c.fips openssl-1.1.1g/apps/pkcs12.c #else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; #endif -diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c ---- openssl-1.1.1e/apps/speed.c.fips 2020-03-17 17:30:51.997567897 +0100 -+++ openssl-1.1.1e/apps/speed.c 2020-03-17 17:30:52.021567479 +0100 +diff -up openssl-1.1.1j/apps/speed.c.fips openssl-1.1.1j/apps/speed.c +--- openssl-1.1.1j/apps/speed.c.fips 2021-03-03 12:57:42.185734409 +0100 ++++ openssl-1.1.1j/apps/speed.c 2021-03-03 12:57:42.195734492 +0100 @@ -1593,7 +1593,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { @@ -163,10 +163,10 @@ diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure ---- openssl-1.1.1e/Configure.fips 2020-03-17 17:30:52.015567584 +0100 -+++ openssl-1.1.1e/Configure 2020-03-17 17:30:52.022567462 +0100 -@@ -319,7 +319,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.1j/Configure.fips openssl-1.1.1j/Configure +--- openssl-1.1.1j/Configure.fips 2021-03-03 12:57:42.192734467 +0100 ++++ openssl-1.1.1j/Configure 2021-03-03 12:57:42.195734492 +0100 +@@ -329,7 +329,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", @@ -175,9 +175,9 @@ diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/cmac/cm_pmeth.c 2020-03-17 17:30:52.022567462 +0100 +diff -up openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1j/crypto/cmac/cm_pmeth.c +--- openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/cmac/cm_pmeth.c 2021-03-03 12:57:42.195734492 +0100 @@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD cmac_pkey_meth = { @@ -187,9 +187,9 @@ diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/c pkey_cmac_init, pkey_cmac_copy, pkey_cmac_cleanup, -diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err.c ---- openssl-1.1.1e/crypto/dh/dh_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_err.c 2020-03-17 17:30:52.022567462 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_err.c.fips openssl-1.1.1j/crypto/dh/dh_err.c +--- openssl-1.1.1j/crypto/dh/dh_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_err.c 2021-03-03 12:57:42.195734492 +0100 @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -215,9 +215,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err. {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen.c ---- openssl-1.1.1e/crypto/dh/dh_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_gen.c 2020-03-17 18:03:31.005320382 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips openssl-1.1.1j/crypto/dh/dh_gen.c +--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 12:57:42.195734492 +0100 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -261,9 +261,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key.c ---- openssl-1.1.1e/crypto/dh/dh_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_key.c 2020-03-17 18:03:52.706940641 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips openssl-1.1.1j/crypto/dh/dh_key.c +--- openssl-1.1.1j/crypto/dh/dh_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 13:02:45.963247596 +0100 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_local.h" @@ -274,22 +274,10 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -22,18 +25,32 @@ static int dh_finish(DH *dh); +@@ -34,6 +37,13 @@ int DH_compute_key(unsigned char *key, c + int ret = 0, i; + volatile size_t npad = 0, mask = 1; - int DH_generate_key(DH *dh) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - return dh->meth->generate_key(dh); - } - - int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { @@ -297,18 +285,10 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. + return 0; + } +#endif - return dh->meth->compute_key(key, pub_key, dh); - } - - int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - int rv, pad; -- rv = dh->meth->compute_key(key, pub_key, dh); -+ rv = DH_compute_key(key, pub_key, dh); - if (rv <= 0) - return rv; - pad = BN_num_bytes(dh->p) - rv; -@@ -82,6 +99,14 @@ static int generate_key(DH *dh) + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; +@@ -109,6 +119,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -323,7 +303,7 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); return 0; -@@ -179,6 +204,13 @@ static int compute_key(unsigned char *ke +@@ -206,6 +224,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -337,7 +317,7 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -228,6 +260,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -255,6 +280,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -347,9 +327,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pmeth.c ---- openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_pmeth.c 2020-03-17 17:30:52.023567444 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips openssl-1.1.1j/crypto/dh/dh_pmeth.c +--- openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_pmeth.c 2021-03-03 12:57:42.196734500 +0100 @@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * const EVP_PKEY_METHOD dh_pkey_meth = { @@ -368,9 +348,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pm pkey_dh_init, pkey_dh_copy, pkey_dh_cleanup, -diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_err.c ---- openssl-1.1.1e/crypto/dsa/dsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_err.c 2020-03-17 17:30:52.023567444 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_err.c.fips openssl-1.1.1j/crypto/dsa/dsa_err.c +--- openssl-1.1.1j/crypto/dsa/dsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_err.c 2021-03-03 12:57:42.196734500 +0100 @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -402,9 +382,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_gen.c ---- openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_gen.c 2020-03-17 18:02:14.626656877 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips openssl-1.1.1j/crypto/dsa/dsa_gen.c +--- openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_gen.c 2021-03-03 12:57:42.196734500 +0100 @@ -22,12 +22,22 @@ #include #include @@ -566,9 +546,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_key.c ---- openssl-1.1.1e/crypto/dsa/dsa_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_key.c 2020-03-17 18:02:51.103018604 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_key.c.fips openssl-1.1.1j/crypto/dsa/dsa_key.c +--- openssl-1.1.1j/crypto/dsa/dsa_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_key.c 2021-03-03 12:57:42.196734500 +0100 @@ -13,10 +13,49 @@ #include #include "dsa_local.h" @@ -648,9 +628,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_ossl.c 2020-03-19 17:11:22.037994064 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1j/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -14,6 +14,9 @@ #include #include "dsa_local.h" @@ -710,9 +690,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_pmeth.c 2020-03-17 17:30:52.025567409 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1j/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_pmeth.c 2021-03-03 12:57:42.196734500 +0100 @@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -733,9 +713,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/ds pkey_dsa_init, pkey_dsa_copy, pkey_dsa_cleanup, -diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips 2020-03-17 17:30:52.025567409 +0100 -+++ openssl-1.1.1e/crypto/ec/ecdh_ossl.c 2020-03-17 18:01:24.704530440 +0100 +diff -up openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ecdh_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -19,9 +19,20 @@ #include #include "ec_local.h" @@ -757,9 +737,9 @@ diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-17 18:01:41.642234061 +0100 +diff -up openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ecdsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -14,6 +14,10 @@ #include "crypto/bn.h" #include "ec_local.h" @@ -799,10 +779,10 @@ diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key.c ---- openssl-1.1.1e/crypto/ec/ec_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ec_key.c 2020-03-17 17:30:52.026567392 +0100 -@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY +diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips openssl-1.1.1j/crypto/ec/ec_key.c +--- openssl-1.1.1j/crypto/ec/ec_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 12:57:42.196734500 +0100 +@@ -179,14 +179,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -867,9 +847,9 @@ diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pmeth.c ---- openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ec_pmeth.c 2020-03-17 17:30:52.026567392 +0100 +diff -up openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips openssl-1.1.1j/crypto/ec/ec_pmeth.c +--- openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_pmeth.c 2021-03-03 12:57:42.197734509 +0100 @@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * const EVP_PKEY_METHOD ec_pkey_meth = { @@ -879,9 +859,9 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, -diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c ---- openssl-1.1.1e/crypto/evp/digest.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/digest.c 2020-03-17 17:38:57.528093469 +0100 +diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/digest.c +--- openssl-1.1.1j/crypto/evp/digest.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/digest.c 2021-03-03 12:57:42.197734509 +0100 @@ -14,6 +14,9 @@ #include #include "crypto/evp.h" @@ -942,9 +922,9 @@ diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes.c ---- openssl-1.1.1e/crypto/evp/e_aes.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_aes.c 2020-03-17 17:30:52.028567357 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_aes.c.fips openssl-1.1.1j/crypto/evp/e_aes.c +--- openssl-1.1.1j/crypto/evp/e_aes.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_aes.c 2021-03-03 12:57:42.197734509 +0100 @@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. @@ -1067,9 +1047,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des3.c ---- openssl-1.1.1e/crypto/evp/e_des3.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_des3.c 2020-03-17 17:30:52.029567340 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_des3.c.fips openssl-1.1.1j/crypto/evp/e_des3.c +--- openssl-1.1.1j/crypto/evp/e_des3.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_des3.c 2021-03-03 12:57:42.197734509 +0100 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1096,9 +1076,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_null.c ---- openssl-1.1.1e/crypto/evp/e_null.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_null.c 2020-03-17 17:30:52.029567340 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_null.c.fips openssl-1.1.1j/crypto/evp/e_null.c +--- openssl-1.1.1j/crypto/evp/e_null.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_null.c 2021-03-03 12:57:42.197734509 +0100 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1109,10 +1089,10 @@ diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_enc.c ---- openssl-1.1.1e/crypto/evp/evp_enc.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_enc.c 2020-03-17 17:39:52.663129373 +0100 -@@ -17,9 +17,18 @@ +diff -up openssl-1.1.1j/crypto/evp/evp_enc.c.fips openssl-1.1.1j/crypto/evp/evp_enc.c +--- openssl-1.1.1j/crypto/evp/evp_enc.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_enc.c 2021-03-03 12:57:42.197734509 +0100 +@@ -18,9 +18,18 @@ #include #include "crypto/evp.h" #include "evp_local.h" @@ -1131,7 +1111,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (c == NULL) return 1; if (c->cipher != NULL) { -@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX +@@ -40,6 +49,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -1144,7 +1124,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -68,6 +83,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1157,7 +1137,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -137,7 +158,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1166,7 +1146,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; -@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -196,6 +217,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1185,9 +1165,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_err.c ---- openssl-1.1.1e/crypto/evp/evp_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_err.c.fips openssl-1.1.1j/crypto/evp/evp_err.c +--- openssl-1.1.1j/crypto/evp/evp_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 12:57:42.198734517 +0100 @@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), "aes_t4_xts_init_key"}, @@ -1204,7 +1184,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -249,6 +251,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -251,6 +253,7 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1212,7 +1192,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -274,6 +277,8 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -276,6 +279,8 @@ static const ERR_STRING_DATA EVP_str_rea "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, @@ -1221,9 +1201,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), "xts duplicated keys"}, {0, NULL} -diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_lib.c ---- openssl-1.1.1e/crypto/evp/evp_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_lib.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_lib.c.fips openssl-1.1.1j/crypto/evp/evp_lib.c +--- openssl-1.1.1j/crypto/evp/evp_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_lib.c 2021-03-03 12:57:42.198734517 +0100 @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1234,9 +1214,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha1.c ---- openssl-1.1.1e/crypto/evp/m_sha1.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/m_sha1.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/m_sha1.c.fips openssl-1.1.1j/crypto/evp/m_sha1.c +--- openssl-1.1.1j/crypto/evp/m_sha1.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/m_sha1.c 2021-03-03 12:57:42.198734517 +0100 @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1300,9 +1280,9 @@ diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha3.c ---- openssl-1.1.1e/crypto/evp/m_sha3.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/m_sha3.c 2020-03-17 17:30:52.031567305 +0100 +diff -up openssl-1.1.1j/crypto/evp/m_sha3.c.fips openssl-1.1.1j/crypto/evp/m_sha3.c +--- openssl-1.1.1j/crypto/evp/m_sha3.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/m_sha3.c 2021-03-03 12:57:42.198734517 +0100 @@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ @@ -1357,9 +1337,9 @@ diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pmeth_lib.c ---- openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/pmeth_lib.c 2020-03-17 17:30:52.031567305 +0100 +diff -up openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips openssl-1.1.1j/crypto/evp/pmeth_lib.c +--- openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/pmeth_lib.c 2021-03-03 12:57:42.198734517 +0100 @@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE pmeth = ENGINE_get_pkey_meth(e, id); else @@ -1376,9 +1356,9 @@ diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pm if (pmeth == NULL) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/build.info ---- openssl-1.1.1e/crypto/fips/build.info.fips 2020-03-17 17:30:52.032567287 +0100 -+++ openssl-1.1.1e/crypto/fips/build.info 2020-03-17 17:30:52.032567287 +0100 +diff -up openssl-1.1.1j/crypto/fips/build.info.fips openssl-1.1.1j/crypto/fips/build.info +--- openssl-1.1.1j/crypto/fips/build.info.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/build.info 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1395,9 +1375,9 @@ diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips 2020-03-17 17:30:52.033567270 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_aes_selftest.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_aes_selftest.c 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1771,9 +1751,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips.c ---- openssl-1.1.1e/crypto/fips/fips.c.fips 2020-03-17 17:30:52.033567270 +0100 -+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips.c.fips openssl-1.1.1j/crypto/fips/fips.c +--- openssl-1.1.1j/crypto/fips/fips.c.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/fips.c 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2301,9 +2281,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2461,9 +2441,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/cry + return rv; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_des_selftest.c 2020-03-17 17:30:52.034567253 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_des_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2598,9 +2578,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/cryp + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips 2020-03-17 17:30:52.038567183 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_dh_selftest.c 2020-03-17 17:30:52.038567183 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_dh_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2782,9 +2762,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypt + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips 2020-03-17 17:30:52.040567148 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c 2020-03-17 17:30:52.039567165 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3192,9 +3172,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/f + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips 2020-03-17 17:30:52.041567130 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_hash.c 2020-03-17 17:30:52.040567148 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hash.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3550,9 +3530,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/ + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips 2020-03-17 17:30:52.042567113 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c 2020-03-17 17:30:52.042567113 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3816,9 +3796,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/ + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips 2020-03-17 17:30:52.043567095 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_lib.c 2020-03-17 17:30:52.043567095 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_lib.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4348,9 +4328,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/f +{ + /* Just backwards compatibility API call with no effect. */ +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips 2020-03-17 17:30:52.044567078 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_rand.c 2020-03-17 17:30:52.044567078 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_rand.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,185 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4537,9 +4517,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips 2020-03-17 17:30:52.044567078 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-17 17:30:52.044567078 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5369,9 +5349,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips 2020-03-17 17:30:52.045567061 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h 2020-03-17 17:30:52.045567061 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7164,9 +7144,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7363,9 +7343,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/cryp + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7609,9 +7589,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/cry +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7779,9 +7759,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/cr +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/fips_err.h ---- openssl-1.1.1e/crypto/fips/fips_err.h.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_err.h 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_err.h.fips openssl-1.1.1j/crypto/fips/fips_err.h +--- openssl-1.1.1j/crypto/fips/fips_err.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_err.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,197 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -7980,9 +7960,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/fips_ers.c ---- openssl-1.1.1e/crypto/fips/fips_ers.c.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ers.c 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ers.c.fips openssl-1.1.1j/crypto/fips/fips_ers.c +--- openssl-1.1.1j/crypto/fips/fips_ers.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ers.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,7 @@ +#include + @@ -7991,9 +7971,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8129,9 +8109,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/cry + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/fips_locl.h ---- openssl-1.1.1e/crypto/fips/fips_locl.h.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_locl.h 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_locl.h.fips openssl-1.1.1j/crypto/fips/fips_locl.h +--- openssl-1.1.1j/crypto/fips/fips_locl.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_locl.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8204,9 +8184,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/fips_post.c ---- openssl-1.1.1e/crypto/fips/fips_post.c.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_post.c.fips openssl-1.1.1j/crypto/fips/fips_post.c +--- openssl-1.1.1j/crypto/fips/fips_post.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_post.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,224 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8432,9 +8412,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rand_lcl.h 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1j/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rand_lcl.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8639,9 +8619,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips 2020-03-17 17:30:52.049566991 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rand_lib.c 2020-03-17 17:30:52.049566991 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1j/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rand_lib.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8877,9 +8857,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/f +# endif +} + -diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips 2020-03-17 17:30:52.049566991 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c 2020-03-17 17:30:52.049566991 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9219,9 +9199,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_sha_selftest.c 2020-03-17 17:30:52.050566973 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_sha_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,223 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9446,9 +9426,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c 2020-03-17 17:30:52.050566973 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9577,9 +9557,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/c +#endif + return 0; +} -diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac.c ---- openssl-1.1.1e/crypto/hmac/hmac.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/hmac/hmac.c 2020-03-17 17:38:16.969802663 +0100 +diff -up openssl-1.1.1j/crypto/hmac/hmac.c.fips openssl-1.1.1j/crypto/hmac/hmac.c +--- openssl-1.1.1j/crypto/hmac/hmac.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/hmac/hmac.c 2021-03-03 12:57:42.202734550 +0100 @@ -44,6 +44,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo return 0; @@ -9594,9 +9574,9 @@ diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); -diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/hmac/hm_pmeth.c 2020-03-17 17:30:52.051566956 +0100 +diff -up openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1j/crypto/hmac/hm_pmeth.c +--- openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/hmac/hm_pmeth.c 2021-03-03 12:57:42.202734550 +0100 @@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD hmac_pkey_meth = { @@ -9606,111 +9586,9 @@ diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/h pkey_hmac_init, pkey_hmac_copy, pkey_hmac_cleanup, -diff -up openssl-1.1.1e/include/crypto/fips.h.fips openssl-1.1.1e/include/crypto/fips.h ---- openssl-1.1.1e/include/crypto/fips.h.fips 2020-03-17 17:30:52.051566956 +0100 -+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 17:30:52.051566956 +0100 -@@ -0,0 +1,98 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+# error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+int FIPS_module_mode_set(int onoff); -+int FIPS_module_mode(void); -+int FIPS_module_installed(void); -+int FIPS_selftest_sha1(void); -+int FIPS_selftest_sha2(void); -+int FIPS_selftest_sha3(void); -+int FIPS_selftest_aes_ccm(void); -+int FIPS_selftest_aes_gcm(void); -+int FIPS_selftest_aes_xts(void); -+int FIPS_selftest_aes(void); -+int FIPS_selftest_des(void); -+int FIPS_selftest_rsa(void); -+int FIPS_selftest_dsa(void); -+int FIPS_selftest_ecdsa(void); -+int FIPS_selftest_ecdh(void); -+int FIPS_selftest_dh(void); -+void FIPS_drbg_stick(int onoff); -+int FIPS_selftest_hmac(void); -+int FIPS_selftest_drbg(void); -+int FIPS_selftest_cmac(void); -+ -+int fips_pkey_signature_test(EVP_PKEY *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, -+ unsigned int katlen, -+ const EVP_MD *digest, -+ unsigned int md_flags, const char *fail_str); -+ -+int fips_cipher_test(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, int len); -+ -+void fips_set_selftest_fail(void); -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); -+ -+#endif -diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c ---- openssl-1.1.1e/crypto/o_fips.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/o_fips.c 2020-03-17 17:30:52.052566939 +0100 +diff -up openssl-1.1.1j/crypto/o_fips.c.fips openssl-1.1.1j/crypto/o_fips.c +--- openssl-1.1.1j/crypto/o_fips.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/o_fips.c 2021-03-03 12:57:42.202734550 +0100 @@ -8,17 +8,28 @@ */ @@ -9740,9 +9618,9 @@ diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c return 0; +#endif } -diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c ---- openssl-1.1.1e/crypto/o_init.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/o_init.c 2020-03-17 17:30:52.052566939 +0100 +diff -up openssl-1.1.1j/crypto/o_init.c.fips openssl-1.1.1j/crypto/o_init.c +--- openssl-1.1.1j/crypto/o_init.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/o_init.c 2021-03-03 12:57:42.202734550 +0100 @@ -7,8 +7,69 @@ * https://www.openssl.org/source/license.html */ @@ -9813,9 +9691,9 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c /* * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/rand_lib.c ---- openssl-1.1.1e/crypto/rand/rand_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rand/rand_lib.c 2020-03-17 17:35:56.471259207 +0100 +diff -up openssl-1.1.1j/crypto/rand/rand_lib.c.fips openssl-1.1.1j/crypto/rand/rand_lib.c +--- openssl-1.1.1j/crypto/rand/rand_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rand/rand_lib.c 2021-03-03 12:57:42.202734550 +0100 @@ -16,6 +16,10 @@ #include "internal/thread_once.h" #include "rand_local.h" @@ -9827,7 +9705,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/r #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -961,3 +965,15 @@ int RAND_status(void) +@@ -959,3 +963,15 @@ int RAND_status(void) return meth->status(); return 0; } @@ -9843,9 +9721,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/r + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_crpt.c 2020-03-17 17:30:52.055566886 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1j/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_crpt.c 2021-03-03 12:57:42.202734550 +0100 @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -9899,9 +9777,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_err.c ---- openssl-1.1.1e/crypto/rsa/rsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_err.c 2020-03-17 17:30:52.055566886 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_err.c.fips openssl-1.1.1j/crypto/rsa/rsa_err.c +--- openssl-1.1.1j/crypto/rsa/rsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_err.c 2021-03-03 12:57:42.202734550 +0100 @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -9970,9 +9848,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_gen.c ---- openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_gen.c 2020-03-17 17:33:55.560367363 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips openssl-1.1.1j/crypto/rsa/rsa_gen.c +--- openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_gen.c 2021-03-03 12:57:42.202734550 +0100 @@ -18,6 +18,76 @@ #include "internal/cryptlib.h" #include @@ -10365,9 +10243,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_lib.c ---- openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_lib.c 2020-03-17 17:30:52.056566869 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips openssl-1.1.1j/crypto/rsa/rsa_lib.c +--- openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_lib.c 2021-03-03 12:57:42.203734558 +0100 @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10410,9 +10288,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_ossl.c 2020-03-17 17:34:32.289726964 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1j/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_ossl.c 2021-03-03 12:57:42.203734558 +0100 @@ -12,6 +12,10 @@ #include "rsa_local.h" #include "internal/constant_time.h" @@ -10529,9 +10407,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_pmeth.c 2020-03-17 17:30:52.056566869 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1j/crypto/rsa/rsa_pmeth.c +--- openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_pmeth.c 2021-03-03 12:57:42.203734558 +0100 @@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD rsa_pkey_meth = { @@ -10550,9 +10428,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rs pkey_rsa_init, pkey_rsa_copy, pkey_rsa_cleanup, -diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa_sign.c ---- openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_sign.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips openssl-1.1.1j/crypto/rsa/rsa_sign.c +--- openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_sign.c 2021-03-03 12:57:42.203734558 +0100 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10579,9 +10457,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha256.c ---- openssl-1.1.1e/crypto/sha/sha256.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/sha/sha256.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha256.c.fips openssl-1.1.1j/crypto/sha/sha256.c +--- openssl-1.1.1j/crypto/sha/sha256.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/sha/sha256.c 2021-03-03 12:57:42.203734558 +0100 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10602,9 +10480,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha512.c ---- openssl-1.1.1e/crypto/sha/sha512.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/sha/sha512.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha512.c.fips openssl-1.1.1j/crypto/sha/sha512.c +--- openssl-1.1.1j/crypto/sha/sha512.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/sha/sha512.c 2021-03-03 12:57:42.203734558 +0100 @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10625,9 +10503,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sha_local.h ---- openssl-1.1.1e/crypto/sha/sha_local.h.fips 2020-03-17 17:30:51.766571925 +0100 -+++ openssl-1.1.1e/crypto/sha/sha_local.h 2020-03-17 17:31:00.996410998 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha_local.h.fips openssl-1.1.1j/crypto/sha/sha_local.h +--- openssl-1.1.1j/crypto/sha/sha_local.h.fips 2021-03-03 12:57:41.941732391 +0100 ++++ openssl-1.1.1j/crypto/sha/sha_local.h 2021-03-03 12:57:42.203734558 +0100 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -10638,9 +10516,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sh memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod 2020-03-17 17:31:00.996410998 +0100 +diff -up openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod 2021-03-03 12:57:42.203734558 +0100 @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10654,9 +10532,111 @@ diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/openssl/crypto.h ---- openssl-1.1.1e/include/openssl/crypto.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/crypto.h 2020-03-17 17:31:00.997410980 +0100 +diff -up openssl-1.1.1j/include/crypto/fips.h.fips openssl-1.1.1j/include/crypto/fips.h +--- openssl-1.1.1j/include/crypto/fips.h.fips 2021-03-03 12:57:42.202734550 +0100 ++++ openssl-1.1.1j/include/crypto/fips.h 2021-03-03 12:57:42.202734550 +0100 +@@ -0,0 +1,98 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++int FIPS_module_mode_set(int onoff); ++int FIPS_module_mode(void); ++int FIPS_module_installed(void); ++int FIPS_selftest_sha1(void); ++int FIPS_selftest_sha2(void); ++int FIPS_selftest_sha3(void); ++int FIPS_selftest_aes_ccm(void); ++int FIPS_selftest_aes_gcm(void); ++int FIPS_selftest_aes_xts(void); ++int FIPS_selftest_aes(void); ++int FIPS_selftest_des(void); ++int FIPS_selftest_rsa(void); ++int FIPS_selftest_dsa(void); ++int FIPS_selftest_ecdsa(void); ++int FIPS_selftest_ecdh(void); ++int FIPS_selftest_dh(void); ++void FIPS_drbg_stick(int onoff); ++int FIPS_selftest_hmac(void); ++int FIPS_selftest_drbg(void); ++int FIPS_selftest_cmac(void); ++ ++int fips_pkey_signature_test(EVP_PKEY *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, ++ unsigned int katlen, ++ const EVP_MD *digest, ++ unsigned int md_flags, const char *fail_str); ++ ++int fips_cipher_test(EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, int len); ++ ++void fips_set_selftest_fail(void); ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); ++ ++#endif +diff -up openssl-1.1.1j/include/openssl/crypto.h.fips openssl-1.1.1j/include/openssl/crypto.h +--- openssl-1.1.1j/include/openssl/crypto.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/crypto.h 2021-03-03 12:57:42.204734567 +0100 @@ -331,6 +331,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10669,9 +10649,9 @@ diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/ope void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/openssl/dherr.h ---- openssl-1.1.1e/include/openssl/dherr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dherr.h 2020-03-17 17:31:00.998410963 +0100 +diff -up openssl-1.1.1j/include/openssl/dherr.h.fips openssl-1.1.1j/include/openssl/dherr.h +--- openssl-1.1.1j/include/openssl/dherr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dherr.h 2021-03-03 12:57:42.204734567 +0100 @@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 @@ -10697,9 +10677,9 @@ diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/open # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl/dh.h ---- openssl-1.1.1e/include/openssl/dh.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dh.h 2020-03-17 17:31:00.998410963 +0100 +diff -up openssl-1.1.1j/include/openssl/dh.h.fips openssl-1.1.1j/include/openssl/dh.h +--- openssl-1.1.1j/include/openssl/dh.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dh.h 2021-03-03 12:57:42.204734567 +0100 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10708,9 +10688,9 @@ diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/openssl/dsaerr.h ---- openssl-1.1.1e/include/openssl/dsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dsaerr.h 2020-03-17 17:31:00.999410945 +0100 +diff -up openssl-1.1.1j/include/openssl/dsaerr.h.fips openssl-1.1.1j/include/openssl/dsaerr.h +--- openssl-1.1.1j/include/openssl/dsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dsaerr.h 2021-03-03 12:57:42.204734567 +0100 @@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 @@ -10737,9 +10717,9 @@ diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/ope # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openssl/dsa.h ---- openssl-1.1.1e/include/openssl/dsa.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dsa.h 2020-03-17 17:31:01.000410928 +0100 +diff -up openssl-1.1.1j/include/openssl/dsa.h.fips openssl-1.1.1j/include/openssl/dsa.h +--- openssl-1.1.1j/include/openssl/dsa.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dsa.h 2021-03-03 12:57:42.204734567 +0100 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10748,10 +10728,10 @@ diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/openssl/evperr.h ---- openssl-1.1.1e/include/openssl/evperr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-17 17:31:01.000410928 +0100 -@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1j/include/openssl/evperr.h.fips openssl-1.1.1j/include/openssl/evperr.h +--- openssl-1.1.1j/include/openssl/evperr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 12:57:42.204734567 +0100 +@@ -22,14 +22,15 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 @@ -10770,7 +10750,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 -@@ -142,6 +143,7 @@ int ERR_load_EVP_strings(void); +@@ -140,6 +141,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -10778,7 +10758,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -185,6 +187,7 @@ int ERR_load_EVP_strings(void); +@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -10786,7 +10766,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -@@ -200,6 +203,7 @@ int ERR_load_EVP_strings(void); +@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 @@ -10795,9 +10775,9 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif -diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openssl/evp.h ---- openssl-1.1.1e/include/openssl/evp.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/evp.h 2020-03-17 17:31:01.001410911 +0100 +diff -up openssl-1.1.1j/include/openssl/evp.h.fips openssl-1.1.1j/include/openssl/evp.h +--- openssl-1.1.1j/include/openssl/evp.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/evp.h 2021-03-03 12:57:42.204734567 +0100 @@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 @@ -10808,9 +10788,9 @@ diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openss const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/openssl/fips.h ---- openssl-1.1.1e/include/openssl/fips.h.fips 2020-03-17 17:31:01.002410893 +0100 -+++ openssl-1.1.1e/include/openssl/fips.h 2020-03-17 17:31:01.002410893 +0100 +diff -up openssl-1.1.1j/include/openssl/fips.h.fips openssl-1.1.1j/include/openssl/fips.h +--- openssl-1.1.1j/include/openssl/fips.h.fips 2021-03-03 12:57:42.204734567 +0100 ++++ openssl-1.1.1j/include/openssl/fips.h 2021-03-03 12:57:42.204734567 +0100 @@ -0,0 +1,187 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10999,9 +10979,9 @@ diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/opens +} +# endif +#endif -diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/openssl/fips_rand.h ---- openssl-1.1.1e/include/openssl/fips_rand.h.fips 2020-03-17 17:31:01.003410876 +0100 -+++ openssl-1.1.1e/include/openssl/fips_rand.h 2020-03-17 17:31:01.003410876 +0100 +diff -up openssl-1.1.1j/include/openssl/fips_rand.h.fips openssl-1.1.1j/include/openssl/fips_rand.h +--- openssl-1.1.1j/include/openssl/fips_rand.h.fips 2021-03-03 12:57:42.204734567 +0100 ++++ openssl-1.1.1j/include/openssl/fips_rand.h 2021-03-03 12:57:42.204734567 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11148,10 +11128,10 @@ diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/ +# endif +# endif +#endif -diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/include/openssl/opensslconf.h.in ---- openssl-1.1.1e/include/openssl/opensslconf.h.in.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/opensslconf.h.in 2020-03-17 17:31:01.003410876 +0100 -@@ -150,6 +150,11 @@ extern "C" { +diff -up openssl-1.1.1j/include/openssl/opensslconf.h.in.fips openssl-1.1.1j/include/openssl/opensslconf.h.in +--- openssl-1.1.1j/include/openssl/opensslconf.h.in.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/opensslconf.h.in 2021-03-03 12:57:42.205734575 +0100 +@@ -155,6 +155,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11163,9 +11143,9 @@ diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/openssl/randerr.h ---- openssl-1.1.1e/include/openssl/randerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/randerr.h 2020-03-17 17:31:01.004410858 +0100 +diff -up openssl-1.1.1j/include/openssl/randerr.h.fips openssl-1.1.1j/include/openssl/randerr.h +--- openssl-1.1.1j/include/openssl/randerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/randerr.h 2021-03-03 12:57:42.205734575 +0100 @@ -38,6 +38,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 @@ -11174,9 +11154,9 @@ diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/op # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/openssl/rand.h ---- openssl-1.1.1e/include/openssl/rand.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/rand.h 2020-03-17 17:31:01.004410858 +0100 +diff -up openssl-1.1.1j/include/openssl/rand.h.fips openssl-1.1.1j/include/openssl/rand.h +--- openssl-1.1.1j/include/openssl/rand.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/rand.h 2021-03-03 12:57:42.205734575 +0100 @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11189,9 +11169,9 @@ diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/opens #ifdef __cplusplus } -diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/openssl/rsaerr.h ---- openssl-1.1.1e/include/openssl/rsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/rsaerr.h 2020-03-17 17:31:01.005410841 +0100 +diff -up openssl-1.1.1j/include/openssl/rsaerr.h.fips openssl-1.1.1j/include/openssl/rsaerr.h +--- openssl-1.1.1j/include/openssl/rsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/rsaerr.h 2021-03-03 12:57:42.205734575 +0100 @@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 @@ -11247,9 +11227,9 @@ diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/ope # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c ---- openssl-1.1.1e/ssl/s3_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/s3_lib.c 2020-03-17 17:31:01.007410806 +0100 +diff -up openssl-1.1.1j/ssl/s3_lib.c.fips openssl-1.1.1j/ssl/s3_lib.c +--- openssl-1.1.1j/ssl/s3_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 12:57:42.205734575 +0100 @@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, @@ -11349,9 +11329,9 @@ diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, -diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c ---- openssl-1.1.1e/ssl/ssl_ciph.c.fips 2020-03-17 17:30:52.017567549 +0100 -+++ openssl-1.1.1e/ssl/ssl_ciph.c 2020-03-17 17:31:01.008410788 +0100 +diff -up openssl-1.1.1j/ssl/ssl_ciph.c.fips openssl-1.1.1j/ssl/ssl_ciph.c +--- openssl-1.1.1j/ssl/ssl_ciph.c.fips 2021-03-03 12:57:42.193734476 +0100 ++++ openssl-1.1.1j/ssl/ssl_ciph.c 2021-03-03 12:57:42.206734583 +0100 @@ -387,7 +387,7 @@ int ssl_load_ciphers(void) } } @@ -11390,9 +11370,9 @@ diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c ---- openssl-1.1.1e/ssl/ssl_init.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/ssl_init.c 2020-03-17 17:31:01.009410771 +0100 +diff -up openssl-1.1.1j/ssl/ssl_init.c.fips openssl-1.1.1j/ssl/ssl_init.c +--- openssl-1.1.1j/ssl/ssl_init.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/ssl_init.c 2021-03-03 12:57:42.206734583 +0100 @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11436,10 +11416,10 @@ diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c ---- openssl-1.1.1e/ssl/ssl_lib.c.fips 2020-03-17 17:30:52.018567531 +0100 -+++ openssl-1.1.1e/ssl/ssl_lib.c 2020-03-17 17:31:01.011410736 +0100 -@@ -2970,6 +2970,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1j/ssl/ssl_lib.c.fips openssl-1.1.1j/ssl/ssl_lib.c +--- openssl-1.1.1j/ssl/ssl_lib.c.fips 2021-03-03 12:57:42.193734476 +0100 ++++ openssl-1.1.1j/ssl/ssl_lib.c 2021-03-03 12:57:42.206734583 +0100 +@@ -2973,6 +2973,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11451,7 +11431,7 @@ diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; -@@ -3026,13 +3031,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -3029,13 +3034,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -11476,10 +11456,10 @@ diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h ---- openssl-1.1.1e/ssl/ssl_local.h.fips 2020-03-17 17:30:51.842570600 +0100 -+++ openssl-1.1.1e/ssl/ssl_local.h 2020-03-17 17:31:10.740241108 +0100 -@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st { +diff -up openssl-1.1.1j/ssl/ssl_local.h.fips openssl-1.1.1j/ssl/ssl_local.h +--- openssl-1.1.1j/ssl/ssl_local.h.fips 2021-03-03 12:57:42.100733706 +0100 ++++ openssl-1.1.1j/ssl/ssl_local.h 2021-03-03 12:57:42.206734583 +0100 +@@ -1515,6 +1515,7 @@ typedef struct tls_group_info_st { # define TLS_CURVE_PRIME 0x0 # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 @@ -11487,9 +11467,9 @@ diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h typedef struct cert_pkey_st CERT_PKEY; -diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c ---- openssl-1.1.1e/ssl/t1_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/t1_lib.c 2020-03-17 17:31:10.741241091 +0100 +diff -up openssl-1.1.1j/ssl/t1_lib.c.fips openssl-1.1.1j/ssl/t1_lib.c +--- openssl-1.1.1j/ssl/t1_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 12:57:42.207734591 +0100 @@ -159,11 +159,11 @@ static const TLS_GROUP_INFO nid_list[] = {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ @@ -11515,9 +11495,9 @@ diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c ctmp[0] = curve >> 8; ctmp[1] = curve & 0xff; return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c ---- openssl-1.1.1e/test/dsatest.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/dsatest.c 2020-03-17 17:31:10.741241091 +0100 +diff -up openssl-1.1.1j/test/dsatest.c.fips openssl-1.1.1j/test/dsatest.c +--- openssl-1.1.1j/test/dsatest.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/dsatest.c 2021-03-03 12:57:42.207734591 +0100 @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11600,9 +11580,9 @@ diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c goto end; if (!TEST_int_eq(h, 2)) goto end; -diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt ---- openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt 2020-03-17 17:31:10.742241073 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt +--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt 2021-03-03 12:57:42.207734591 +0100 @@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 @@ -11611,10 +11591,10 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1 Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 -diff -up openssl-1.1.1e/util/libcrypto.num.fips openssl-1.1.1e/util/libcrypto.num ---- openssl-1.1.1e/util/libcrypto.num.fips 2020-03-17 17:31:10.744241038 +0100 -+++ openssl-1.1.1e/util/libcrypto.num 2020-03-17 17:32:37.851722261 +0100 -@@ -4590,3 +4590,38 @@ X509_ALGOR_copy +diff -up openssl-1.1.1j/util/libcrypto.num.fips openssl-1.1.1j/util/libcrypto.num +--- openssl-1.1.1j/util/libcrypto.num.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 12:57:42.208734600 +0100 +@@ -4591,3 +4591,38 @@ X509_ALGOR_copy X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC diff --git a/openssl-1.1.1-verify-cert.patch b/openssl-1.1.1-verify-cert.patch deleted file mode 100644 index d3bafc3..0000000 --- a/openssl-1.1.1-verify-cert.patch +++ /dev/null @@ -1,113 +0,0 @@ -diff -up openssl-1.1.1i/crypto/x509/x509_vfy.c.verify-cert openssl-1.1.1i/crypto/x509/x509_vfy.c ---- openssl-1.1.1i/crypto/x509/x509_vfy.c.verify-cert 2021-01-20 17:24:53.100175663 +0100 -+++ openssl-1.1.1i/crypto/x509/x509_vfy.c 2021-01-20 17:24:53.156176315 +0100 -@@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X50 - } - - /* -- * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x. -- * The issuer must not be the same as x and must not yet be in ctx->chain, where the -- * exceptional case x is self-issued and ctx->chain has just one element is allowed. -+ * Find in given STACK_OF(X509) sk an issuer cert of given cert x. -+ * The issuer must not yet be in ctx->chain, where the exceptional case -+ * that x is self-issued and ctx->chain has just one element is allowed. -+ * Prefer the first one that is not expired, else take the last expired one. - */ - static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) - { -@@ -338,7 +339,7 @@ static X509 *find_issuer(X509_STORE_CTX - * Below check 'issuer != x' is an optimization and safety precaution: - * Candidate issuer cert cannot be the same as the subject cert 'x'. - */ -- if (issuer != x && ctx->check_issued(ctx, x, issuer) -+ if (ctx->check_issued(ctx, x, issuer) - && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1) - || !sk_X509_contains(ctx->chain, issuer))) { - rv = issuer; - -diff -up openssl-1.1.1i/test/recipes/70-test_verify_extra.t.verify-cert openssl-1.1.1i/test/recipes/70-test_verify_extra.t ---- openssl-1.1.1i/test/recipes/70-test_verify_extra.t.verify-cert 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/test/recipes/70-test_verify_extra.t 2021-01-20 17:24:53.156176315 +0100 -@@ -16,4 +16,5 @@ plan tests => 1; - ok(run(test(["verify_extra_test", - srctop_file("test", "certs", "roots.pem"), - srctop_file("test", "certs", "untrusted.pem"), -- srctop_file("test", "certs", "bad.pem")]))); -+ srctop_file("test", "certs", "bad.pem"), -+ srctop_file("test", "certs", "rootCA.pem")]))); -diff -up openssl-1.1.1i/test/verify_extra_test.c.verify-cert openssl-1.1.1i/test/verify_extra_test.c ---- openssl-1.1.1i/test/verify_extra_test.c.verify-cert 2020-12-08 14:20:59.000000000 +0100 -+++ openssl-1.1.1i/test/verify_extra_test.c 2021-01-20 17:24:53.156176315 +0100 -@@ -18,6 +18,21 @@ - static const char *roots_f; - static const char *untrusted_f; - static const char *bad_f; -+static const char *good_f; -+ -+static X509 *load_cert_pem(const char *file) -+{ -+ X509 *cert = NULL; -+ BIO *bio = NULL; -+ -+ if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) -+ return NULL; -+ if (TEST_int_gt(BIO_read_filename(bio, file), 0)) -+ (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)); -+ -+ BIO_free(bio); -+ return cert; -+} - - static STACK_OF(X509) *load_certs_from_file(const char *filename) - { -@@ -175,16 +190,48 @@ static int test_store_ctx(void) - return testresult; - } - -+static int test_self_signed(const char *filename, int expected) -+{ -+ X509 *cert = load_cert_pem(filename); -+ STACK_OF(X509) *trusted = sk_X509_new_null(); -+ X509_STORE_CTX *ctx = X509_STORE_CTX_new(); -+ int ret; -+ -+ ret = TEST_ptr(cert) -+ && TEST_true(sk_X509_push(trusted, cert)) -+ && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL)); -+ X509_STORE_CTX_trusted_stack(ctx, trusted); -+ ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected); -+ -+ X509_STORE_CTX_free(ctx); -+ sk_X509_free(trusted); -+ X509_free(cert); -+ return ret; -+} -+ -+static int test_self_signed_good(void) -+{ -+ return test_self_signed(good_f, 1); -+} -+ -+static int test_self_signed_bad(void) -+{ -+ return test_self_signed(bad_f, 0); -+} -+ - int setup_tests(void) - { - if (!TEST_ptr(roots_f = test_get_argument(0)) - || !TEST_ptr(untrusted_f = test_get_argument(1)) -- || !TEST_ptr(bad_f = test_get_argument(2))) { -- TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n"); -+ || !TEST_ptr(bad_f = test_get_argument(2)) -+ || !TEST_ptr(good_f = test_get_argument(3))) { -+ TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem good.pem\n"); - return 0; - } - - ADD_TEST(test_alt_chains_cert_forgery); - ADD_TEST(test_store_ctx); -+ ADD_TEST(test_self_signed_good); -+ ADD_TEST(test_self_signed_bad); - return 1; - } diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch index 727cc26..939bcb3 100644 --- a/openssl-1.1.1-version-override.patch +++ b/openssl-1.1.1-version-override.patch @@ -4,9 +4,9 @@ diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1. @@ -40,7 +40,7 @@ extern "C" { * major minor fix final patch/beta) */ - # define OPENSSL_VERSION_NUMBER 0x1010109fL --# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i 8 Dec 2020" -+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i FIPS 8 Dec 2020" + # define OPENSSL_VERSION_NUMBER 0x101010afL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j 16 Feb 2021" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j FIPS 16 Feb 2021" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/openssl.spec b/openssl.spec index 0a09d29..2a6f725 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,8 +21,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.1i -Release: 3%{?dist} +Version: 1.1.1j +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -42,10 +42,6 @@ Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-defaults.patch Patch3: openssl-1.1.1-no-html.patch Patch4: openssl-1.1.1-man-rename.patch -# Bug fixes -Patch21: openssl-1.1.0-issuer-hash.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1916594 -Patch71: openssl-1.1.1-verify-cert.patch # Functionality changes Patch31: openssl-1.1.1-conf-paths.patch @@ -158,8 +154,6 @@ cp %{SOURCE13} test/ %patch3 -p1 -b .no-html %{?_rawbuild} %patch4 -p1 -b .man-rename -%patch21 -p1 -b .issuer-hash - %patch31 -p1 -b .conf-paths %patch32 -p1 -b .version-add-engines %patch33 -p1 -b .dgst @@ -189,7 +183,6 @@ cp %{SOURCE13} test/ %patch67 -p1 -b .kdf-selftest %patch69 -p1 -b .alpn-cb %patch70 -p1 -b .rewire-fips-drbg -%patch71 -p1 -b .verify-cert %build @@ -478,6 +471,9 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog +* Tue Feb 23 2021 Sahana Prasad - 1:1.1.1j-1 +- Upgrade to version 1.1.1.j + * Wed Feb 10 2021 Sahana Prasad - 1:1.1.1i-3 - Fix regression in X509_verify_cert() (bz1916594) diff --git a/sources b/sources index 4c1e648..07f21a5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.1i-hobbled.tar.xz) = e131a05e88690a7be7c3d74cbb26620130498ced2ce3d7fd55979aab5ea736ec8b268ba92268bd5bc347989325a3950a066883007cb20c2dd9739fd1eafc513f +SHA512 (openssl-1.1.1j-hobbled.tar.xz) = ad7387f11043b46873f5cb484a83822a1e11aae3fd09cab699192034be7f6e7a8fcaa1960df8bf96871e6268b63cf7046ebb75c4df72de67bb4b3d2aa94f77e7