diff --git a/.gitignore b/.gitignore index f36a459..3243898 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.1e-usa.tar.xz /openssl-1.0.1e-hobbled.tar.xz /openssl-1.0.1i-hobbled.tar.xz +/openssl-1.0.1j-hobbled.tar.xz diff --git a/mingw-openssl.spec b/mingw-openssl.spec index c089dbc..f8be0f4 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -23,7 +23,7 @@ %global thread_test_threads %{?threads:%{threads}}%{!?threads:1} Name: mingw-openssl -Version: 1.0.1i +Version: 1.0.1j Release: 1%{?dist} Summary: MinGW port of the OpenSSL toolkit @@ -66,7 +66,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch39: openssl-1.0.1h-ipv6-apps.patch -Patch40: openssl-1.0.1g-fips.patch +Patch40: openssl-1.0.1j-fips.patch Patch45: openssl-1.0.1e-env-zlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.1i-algo-doc.patch @@ -80,7 +80,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch Patch66: openssl-1.0.1-pkgconfig-krb5.patch Patch68: openssl-1.0.1e-secure-getenv.patch Patch69: openssl-1.0.1c-dh-1024.patch -Patch70: openssl-1.0.1e-fips-ec.patch +Patch70: openssl-1.0.1j-fips-ec.patch Patch71: openssl-1.0.1i-manfix.patch Patch72: openssl-1.0.1e-fips-ctor.patch Patch73: openssl-1.0.1e-ecc-suiteb.patch @@ -92,10 +92,11 @@ Patch90: openssl-1.0.1e-enc-fail.patch Patch92: openssl-1.0.1h-system-cipherlist.patch Patch93: openssl-1.0.1h-disable-sslv2v3.patch # Backported fixes including security fixes +Patch80: openssl-1.0.1j-evp-wrap.patch Patch81: openssl-1.0.1-beta2-padlock64.patch Patch84: openssl-1.0.1i-trusted-first.patch Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch -Patch89: openssl-1.0.1e-ephemeral-key-size.patch +Patch89: openssl-1.0.1j-ephemeral-key-size.patch # MinGW-specific patches. # Rename *eay32.dll to lib*.dll @@ -111,6 +112,9 @@ Patch104: openssl_mingw64_install_fix.patch Patch105: mingw-openssl-fix-fips-build-failure.patch # The function secure_getenv is a GNU extension which isn't available on Windows Patch106: openssl-mingw64-dont-use-secure-getenv.patch +# Don't include the old winsock.h as it will cause warnings/errors in packages +# using the openssl headers like: Please include winsock2.h before windows.h +Patch107: openssl-dont-include-winsock-h.patch BuildArch: noarch @@ -252,6 +256,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch92 -p1 -b .system %patch93 -p1 -b .v2v3 +%patch80 -p1 -b .wrap %patch81 -p1 -b .padlock64 %patch84 -p1 -b .trusted-first %patch85 -p1 -b .armcap @@ -264,6 +269,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch104 -p0 -b .mingw64 %patch105 -p1 -b .fips_mingw %patch106 -p1 -b .secure_getenv_mingw +%patch107 -p0 -b .winsock sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -500,6 +506,13 @@ mkdir -m700 $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/CA/private %changelog +* Mon Dec 22 2014 Erik van Pienbroek - 1.0.1j-1 +- Synced with native openssl-1.0.1j-3.fc22 +- Add support for RFC 5649 +- Prevent compiler warning "Please include winsock2.h before windows.h" + when using the OpenSSL headers +- Fixes various CVE's (RHBZ #1127889 #1127709 #1152851) + * Thu Aug 21 2014 Marc-André Lureau - 1.0.1i-1 - Synced with native openssl-1.0.1i-3.fc21 - Fixes various flaws (RHBZ#1096234 and RHBZ#1127705) diff --git a/openssl-1.0.1e-ephemeral-key-size.patch b/openssl-1.0.1j-ephemeral-key-size.patch similarity index 66% rename from openssl-1.0.1e-ephemeral-key-size.patch rename to openssl-1.0.1j-ephemeral-key-size.patch index 14f7940..e8e8dbb 100644 --- a/openssl-1.0.1e-ephemeral-key-size.patch +++ b/openssl-1.0.1j-ephemeral-key-size.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h ---- openssl-1.0.1e/apps/s_apps.h.ephemeral 2014-02-12 14:49:14.333513753 +0100 -+++ openssl-1.0.1e/apps/s_apps.h 2014-02-12 14:49:14.417515629 +0100 +diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h +--- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200 ++++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200 @@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok, int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); @@ -9,9 +9,9 @@ diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h int init_client(int *sock, char *server, char *port, int type); int should_retry(int i); int extract_host_port(char *str,char **host_ptr,char **port_ptr); -diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c ---- openssl-1.0.1e/apps/s_cb.c.ephemeral 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/apps/s_cb.c 2014-02-12 14:56:25.584142499 +0100 +diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c +--- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200 @@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback( } } @@ -51,10 +51,10 @@ diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { -diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c ---- openssl-1.0.1e/apps/s_client.c.ephemeral 2014-02-12 14:49:14.407515406 +0100 -+++ openssl-1.0.1e/apps/s_client.c 2014-02-12 14:49:14.418515652 +0100 -@@ -2032,6 +2032,8 @@ static void print_stuff(BIO *bio, SSL *s +diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c +--- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200 ++++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200 +@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s BIO_write(bio,"\n",1); } @@ -63,19 +63,18 @@ diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); -diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h ---- openssl-1.0.1e/ssl/ssl.h.ephemeral 2014-02-12 14:49:14.391515049 +0100 -+++ openssl-1.0.1e/ssl/ssl.h 2014-02-12 14:49:14.418515652 +0100 -@@ -1563,6 +1563,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h +--- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200 ++++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200 +@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_GET_SERVER_TMP_KEY 109 -+ + #define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ - SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) - #define DTLSv1_handle_timeout(ssl) \ -@@ -1604,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) @@ -85,13 +84,13 @@ diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); -diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c ---- openssl-1.0.1e/ssl/s3_lib.c.ephemeral 2014-02-12 14:49:14.412515518 +0100 -+++ openssl-1.0.1e/ssl/s3_lib.c 2014-02-12 14:49:14.418515652 +0100 -@@ -3350,6 +3350,44 @@ long ssl3_ctrl(SSL *s, int cmd, long lar - #endif +diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c +--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200 ++++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200 +@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_GET_SERVER_TMP_KEY: + if (s->server || !s->session || !s->session->sess_cert) + return 0; @@ -130,6 +129,7 @@ diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c + EVP_PKEY_free(ptmp); + return 0; + } - default: - break; - } ++ + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, diff --git a/openssl-1.0.1j-evp-wrap.patch b/openssl-1.0.1j-evp-wrap.patch new file mode 100644 index 0000000..5e60d76 --- /dev/null +++ b/openssl-1.0.1j-evp-wrap.patch @@ -0,0 +1,1242 @@ +diff -up openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap openssl-1.0.1j/crypto/aes/aes_wrap.c +--- openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap 2014-10-15 13:15:29.000000000 +0200 ++++ openssl-1.0.1j/crypto/aes/aes_wrap.c 2014-10-16 13:30:10.679654927 +0200 +@@ -53,207 +53,18 @@ + + #include "cryptlib.h" + #include +-#include +- +-static const unsigned char default_iv[] = { +- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, +-}; ++#include + + int AES_wrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { +- unsigned char *A, B[16], *R; +- unsigned int i, j, t; +- if ((inlen & 0x7) || (inlen < 8)) +- return -1; +- A = B; +- t = 1; +- memcpy(out + 8, in, inlen); +- if (!iv) +- iv = default_iv; +- +- memcpy(A, iv, 8); +- +- for (j = 0; j < 6; j++) +- { +- R = out + 8; +- for (i = 0; i < inlen; i += 8, t++, R += 8) +- { +- memcpy(B + 8, R, 8); +- AES_encrypt(B, B, key); +- A[7] ^= (unsigned char)(t & 0xff); +- if (t > 0xff) +- { +- A[6] ^= (unsigned char)((t >> 8) & 0xff); +- A[5] ^= (unsigned char)((t >> 16) & 0xff); +- A[4] ^= (unsigned char)((t >> 24) & 0xff); +- } +- memcpy(R, B + 8, 8); +- } +- } +- memcpy(out, A, 8); +- return inlen + 8; ++ return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f)AES_encrypt); + } + + int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, unsigned int inlen) + { +- unsigned char *A, B[16], *R; +- unsigned int i, j, t; +- inlen -= 8; +- if (inlen & 0x7) +- return -1; +- if (inlen < 8) +- return -1; +- A = B; +- t = 6 * (inlen >> 3); +- memcpy(A, in, 8); +- memcpy(out, in + 8, inlen); +- for (j = 0; j < 6; j++) +- { +- R = out + inlen - 8; +- for (i = 0; i < inlen; i += 8, t--, R -= 8) +- { +- A[7] ^= (unsigned char)(t & 0xff); +- if (t > 0xff) +- { +- A[6] ^= (unsigned char)((t >> 8) & 0xff); +- A[5] ^= (unsigned char)((t >> 16) & 0xff); +- A[4] ^= (unsigned char)((t >> 24) & 0xff); +- } +- memcpy(B + 8, R, 8); +- AES_decrypt(B, B, key); +- memcpy(R, B + 8, 8); +- } +- } +- if (!iv) +- iv = default_iv; +- if (memcmp(A, iv, 8)) +- { +- OPENSSL_cleanse(out, inlen); +- return 0; +- } +- return inlen; +- } +- +-#ifdef AES_WRAP_TEST +- +-int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, +- const unsigned char *iv, +- const unsigned char *eout, +- const unsigned char *key, int keylen) +- { +- unsigned char *otmp = NULL, *ptmp = NULL; +- int r, ret = 0; +- AES_KEY wctx; +- otmp = OPENSSL_malloc(keylen + 8); +- ptmp = OPENSSL_malloc(keylen); +- if (!otmp || !ptmp) +- return 0; +- if (AES_set_encrypt_key(kek, keybits, &wctx)) +- goto err; +- r = AES_wrap_key(&wctx, iv, otmp, key, keylen); +- if (r <= 0) +- goto err; +- +- if (eout && memcmp(eout, otmp, keylen)) +- goto err; +- +- if (AES_set_decrypt_key(kek, keybits, &wctx)) +- goto err; +- r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); +- +- if (memcmp(key, ptmp, keylen)) +- goto err; +- +- ret = 1; +- +- err: +- if (otmp) +- OPENSSL_free(otmp); +- if (ptmp) +- OPENSSL_free(ptmp); +- +- return ret; +- ++ return CRYPTO_128_unwrap(key, iv, out, in, inlen, (block128_f)AES_decrypt); + } +- +- +- +-int main(int argc, char **argv) +-{ +- +-static const unsigned char kek[] = { +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +-}; +- +-static const unsigned char key[] = { +- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, +- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +-}; +- +-static const unsigned char e1[] = { +- 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, +- 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, +- 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 +-}; +- +-static const unsigned char e2[] = { +- 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, +- 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, +- 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d +-}; +- +-static const unsigned char e3[] = { +- 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, +- 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, +- 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 +-}; +- +-static const unsigned char e4[] = { +- 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, +- 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, +- 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, +- 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 +-}; +- +-static const unsigned char e5[] = { +- 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, +- 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, +- 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, +- 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 +-}; +- +-static const unsigned char e6[] = { +- 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, +- 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, +- 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, +- 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, +- 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 +-}; +- +- AES_KEY wctx, xctx; +- int ret; +- ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); +- fprintf(stderr, "Key test result %d\n", ret); +-} +- +- +-#endif +diff -up openssl-1.0.1j/crypto/evp/c_allc.c.wrap openssl-1.0.1j/crypto/evp/c_allc.c +--- openssl-1.0.1j/crypto/evp/c_allc.c.wrap 2014-10-16 13:30:10.583652760 +0200 ++++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:30:10.679654927 +0200 +@@ -98,6 +98,7 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_des_ecb()); + EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); ++ EVP_add_cipher(EVP_des_ede3_wrap()); + #endif + + #ifndef OPENSSL_NO_RC4 +@@ -177,6 +178,8 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_128_ctr()); + EVP_add_cipher(EVP_aes_128_gcm()); + EVP_add_cipher(EVP_aes_128_xts()); ++ EVP_add_cipher(EVP_aes_128_wrap()); ++ EVP_add_cipher(EVP_aes_128_wrap_pad()); + EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); + EVP_add_cipher(EVP_aes_192_ecb()); +@@ -187,6 +190,8 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_192_ofb()); + EVP_add_cipher(EVP_aes_192_ctr()); + EVP_add_cipher(EVP_aes_192_gcm()); ++ EVP_add_cipher(EVP_aes_192_wrap()); ++ EVP_add_cipher(EVP_aes_192_wrap_pad()); + EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); + EVP_add_cipher(EVP_aes_256_ecb()); +@@ -198,6 +203,8 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_256_ctr()); + EVP_add_cipher(EVP_aes_256_gcm()); + EVP_add_cipher(EVP_aes_256_xts()); ++ EVP_add_cipher(EVP_aes_256_wrap()); ++ EVP_add_cipher(EVP_aes_256_wrap_pad()); + EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +@@ -250,6 +257,7 @@ void OpenSSL_add_all_ciphers(void) + + EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); ++ EVP_add_cipher(EVP_des_ede3_wrap()); + #endif + + #ifndef OPENSSL_NO_AES +@@ -262,6 +270,8 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_128_ctr()); + EVP_add_cipher(EVP_aes_128_gcm()); + EVP_add_cipher(EVP_aes_128_xts()); ++ EVP_add_cipher(EVP_aes_128_wrap()); ++ EVP_add_cipher(EVP_aes_128_wrap_pad()); + EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); + EVP_add_cipher(EVP_aes_192_ecb()); +@@ -272,6 +282,8 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_192_ofb()); + EVP_add_cipher(EVP_aes_192_ctr()); + EVP_add_cipher(EVP_aes_192_gcm()); ++ EVP_add_cipher(EVP_aes_192_wrap()); ++ EVP_add_cipher(EVP_aes_192_wrap_pad()); + EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); + EVP_add_cipher(EVP_aes_256_ecb()); +@@ -283,6 +295,8 @@ void OpenSSL_add_all_ciphers(void) + EVP_add_cipher(EVP_aes_256_ctr()); + EVP_add_cipher(EVP_aes_256_gcm()); + EVP_add_cipher(EVP_aes_256_xts()); ++ EVP_add_cipher(EVP_aes_256_wrap()); ++ EVP_add_cipher(EVP_aes_256_wrap_pad()); + EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); + #endif +diff -up openssl-1.0.1j/crypto/evp/e_aes.c.wrap openssl-1.0.1j/crypto/evp/e_aes.c +--- openssl-1.0.1j/crypto/evp/e_aes.c.wrap 2014-10-16 13:30:10.584652782 +0200 ++++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:30:10.679654927 +0200 +@@ -1,5 +1,5 @@ + /* ==================================================================== +- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2001-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -1384,4 +1384,180 @@ BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm + BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) + ++typedef struct ++ { ++ union { double align; AES_KEY ks; } ks; ++ /* Indicates if IV has been set */ ++ unsigned char *iv; ++ } EVP_AES_WRAP_CTX; ++ ++static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) ++ { ++ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; ++ if (!iv && !key) ++ return 1; ++ if (key) ++ { ++ if (ctx->encrypt) ++ AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); ++ else ++ AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); ++ if (!iv) ++ wctx->iv = NULL; ++ } ++ if (iv) ++ { ++ memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); ++ wctx->iv = ctx->iv; ++ } ++ return 1; ++ } ++ ++static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inlen) ++ { ++ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; ++ size_t rv; ++ /* AES wrap with padding has IV length of 4, without padding 8 */ ++ int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4; ++ /* No final operation so always return zero length */ ++ if (!in) ++ return 0; ++ /* Input length must always be non-zero */ ++ if (!inlen) ++ return -1; ++ /* If decrypting need at least 16 bytes and multiple of 8 */ ++ if (!ctx->encrypt && (inlen < 16 || inlen & 0x7)) ++ return -1; ++ /* If not padding input must be multiple of 8 */ ++ if (!pad && inlen & 0x7) ++ return -1; ++ if (!out) ++ { ++ if (ctx->encrypt) ++ { ++ /* If padding round up to multiple of 8 */ ++ if (pad) ++ inlen = (inlen + 7)/8 * 8; ++ /* 8 byte prefix */ ++ return inlen + 8; ++ } ++ else ++ { ++ /* If not padding output will be exactly 8 bytes ++ * smaller than input. If padding it will be at ++ * least 8 bytes smaller but we don't know how ++ * much. ++ */ ++ return inlen - 8; ++ } ++ } ++ if (pad) ++ { ++ if (ctx->encrypt) ++ rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, ++ out, in, inlen, ++ (block128_f)AES_encrypt); ++ else ++ rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, ++ out, in, inlen, ++ (block128_f)AES_decrypt); ++ } ++ else ++ { ++ if (ctx->encrypt) ++ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, ++ out, in, inlen, ++ (block128_f)AES_encrypt); ++ else ++ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, ++ out, in, inlen, ++ (block128_f)AES_decrypt); ++ } ++ return rv ? (int)rv : -1; ++ } ++ ++#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \ ++ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ ++ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) ++ ++static const EVP_CIPHER aes_128_wrap = { ++ NID_id_aes128_wrap, ++ 8, 16, 8, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL,NULL,NULL,NULL }; ++ ++const EVP_CIPHER *EVP_aes_128_wrap(void) ++ { ++ return &aes_128_wrap; ++ } ++ ++static const EVP_CIPHER aes_192_wrap = { ++ NID_id_aes192_wrap, ++ 8, 24, 8, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL,NULL,NULL,NULL }; ++ ++const EVP_CIPHER *EVP_aes_192_wrap(void) ++ { ++ return &aes_192_wrap; ++ } ++ ++static const EVP_CIPHER aes_256_wrap = { ++ NID_id_aes256_wrap, ++ 8, 32, 8, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL,NULL,NULL,NULL }; ++ ++const EVP_CIPHER *EVP_aes_256_wrap(void) ++ { ++ return &aes_256_wrap; ++ } ++ ++static const EVP_CIPHER aes_128_wrap_pad = { ++ NID_id_aes128_wrap_pad, ++ 8, 16, 4, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL,NULL,NULL,NULL }; ++ ++const EVP_CIPHER *EVP_aes_128_wrap_pad(void) ++ { ++ return &aes_128_wrap_pad; ++ } ++ ++static const EVP_CIPHER aes_192_wrap_pad = { ++ NID_id_aes192_wrap_pad, ++ 8, 24, 4, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL,NULL,NULL,NULL }; ++ ++const EVP_CIPHER *EVP_aes_192_wrap_pad(void) ++ { ++ return &aes_192_wrap_pad; ++ } ++ ++static const EVP_CIPHER aes_256_wrap_pad = { ++ NID_id_aes256_wrap_pad, ++ 8, 32, 4, WRAP_FLAGS, ++ aes_wrap_init_key, aes_wrap_cipher, ++ NULL, ++ sizeof(EVP_AES_WRAP_CTX), ++ NULL,NULL,NULL,NULL }; ++ ++const EVP_CIPHER *EVP_aes_256_wrap_pad(void) ++ { ++ return &aes_256_wrap_pad; ++ } ++ + #endif +diff -up openssl-1.0.1j/crypto/evp/e_des3.c.wrap openssl-1.0.1j/crypto/evp/e_des3.c +--- openssl-1.0.1j/crypto/evp/e_des3.c.wrap 2014-10-16 13:30:10.584652782 +0200 ++++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:30:10.679654927 +0200 +@@ -310,4 +310,112 @@ const EVP_CIPHER *EVP_des_ede3(void) + { + return &des_ede3_ecb; + } ++ ++#ifndef OPENSSL_NO_SHA ++ ++#include ++ ++static const unsigned char wrap_iv[8] = {0x4a,0xdd,0xa2,0x2c,0x79,0xe8,0x21,0x05}; ++ ++static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++ { ++ unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH]; ++ int rv = -1; ++ if (inl < 24) ++ return -1; ++ if (!out) ++ return inl - 16; ++ memcpy(ctx->iv, wrap_iv, 8); ++ /* Decrypt first block which will end up as icv */ ++ des_ede_cbc_cipher(ctx, icv, in, 8); ++ /* Decrypt central blocks */ ++ /* If decrypting in place move whole output along a block ++ * so the next des_ede_cbc_cipher is in place. ++ */ ++ if (out == in) ++ { ++ memmove(out, out + 8, inl - 8); ++ in -= 8; ++ } ++ des_ede_cbc_cipher(ctx, out, in + 8, inl - 16); ++ /* Decrypt final block which will be IV */ ++ des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8); ++ /* Reverse order of everything */ ++ BUF_reverse(icv, NULL, 8); ++ BUF_reverse(out, NULL, inl - 16); ++ BUF_reverse(ctx->iv, iv, 8); ++ /* Decrypt again using new IV */ ++ des_ede_cbc_cipher(ctx, out, out, inl - 16); ++ des_ede_cbc_cipher(ctx, icv, icv, 8); ++ /* Work out SHA1 hash of first portion */ ++ SHA1(out, inl - 16, sha1tmp); ++ ++ if (!CRYPTO_memcmp(sha1tmp, icv, 8)) ++ rv = inl - 16; ++ OPENSSL_cleanse(icv, 8); ++ OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); ++ OPENSSL_cleanse(iv, 8); ++ OPENSSL_cleanse(ctx->iv, 8); ++ if (rv == -1) ++ OPENSSL_cleanse(out, inl - 16); ++ ++ return rv; ++ } ++ ++static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++ { ++ unsigned char sha1tmp[SHA_DIGEST_LENGTH]; ++ if (!out) ++ return inl + 16; ++ /* Copy input to output buffer + 8 so we have space for IV */ ++ memmove(out + 8, in, inl); ++ /* Work out ICV */ ++ SHA1(in, inl, sha1tmp); ++ memcpy(out + inl + 8, sha1tmp, 8); ++ OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); ++ /* Generate random IV */ ++ RAND_bytes(ctx->iv, 8); ++ memcpy(out, ctx->iv, 8); ++ /* Encrypt everything after IV in place */ ++ des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); ++ BUF_reverse(out, NULL, inl + 16); ++ memcpy(ctx->iv, wrap_iv, 8); ++ des_ede_cbc_cipher(ctx, out, out, inl + 16); ++ return inl + 16; ++ } ++ ++static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl) ++ { ++ /* Sanity check input length: we typically only wrap keys ++ * so EVP_MAXCHUNK is more than will ever be needed. Also ++ * input length must be a multiple of 8 bits. ++ */ ++ if (inl >= EVP_MAXCHUNK || inl % 8) ++ return -1; ++ if (ctx->encrypt) ++ return des_ede3_wrap(ctx, out, in, inl); ++ else ++ return des_ede3_unwrap(ctx, out, in, inl); ++ } ++ ++static const EVP_CIPHER des3_wrap = { ++ NID_id_smime_alg_CMS3DESwrap, ++ 8, 24, 0, ++ EVP_CIPH_WRAP_MODE|EVP_CIPH_CUSTOM_IV|EVP_CIPH_FLAG_CUSTOM_CIPHER ++ |EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_FIPS, ++ des_ede3_init_key, des_ede3_wrap_cipher, ++ NULL, ++ sizeof(DES_EDE_KEY), ++ NULL,NULL,NULL,NULL }; ++ ++ ++const EVP_CIPHER *EVP_des_ede3_wrap(void) ++ { ++ return &des3_wrap; ++ } ++ ++# endif + #endif +diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.wrap openssl-1.0.1j/crypto/evp/evp_enc.c +--- openssl-1.0.1j/crypto/evp/evp_enc.c.wrap 2014-10-16 13:30:10.584652782 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:30:10.680654949 +0200 +@@ -234,7 +234,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + ctx->cipher_data = NULL; + } + ctx->key_len = cipher->key_len; +- ctx->flags = 0; ++ /* Preserve wrap enable flag, zero everything else */ ++ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; + if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) + { + if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) +@@ -257,6 +258,13 @@ skip_to_init: + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); + ++ if(!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) ++ && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) ++ { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED); ++ return 0; ++ } ++ + if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + switch(EVP_CIPHER_CTX_mode(ctx)) { + +diff -up openssl-1.0.1j/crypto/evp/evp_err.c.wrap openssl-1.0.1j/crypto/evp/evp_err.c +--- openssl-1.0.1j/crypto/evp/evp_err.c.wrap 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_err.c 2014-10-16 13:30:10.680654949 +0200 +@@ -1,6 +1,6 @@ + /* crypto/evp/evp_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -220,6 +220,7 @@ static ERR_STRING_DATA EVP_str_reasons[] + {ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"}, + {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"}, ++{ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED) ,"wrap mode not allowed"}, + {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, + {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, + {0,NULL} +diff -up openssl-1.0.1j/crypto/evp/evp.h.wrap openssl-1.0.1j/crypto/evp/evp.h +--- openssl-1.0.1j/crypto/evp/evp.h.wrap 2014-10-16 13:30:10.585652805 +0200 ++++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:30:10.680654949 +0200 +@@ -336,6 +336,7 @@ struct evp_cipher_st + #define EVP_CIPH_GCM_MODE 0x6 + #define EVP_CIPH_CCM_MODE 0x7 + #define EVP_CIPH_XTS_MODE 0x10001 ++#define EVP_CIPH_WRAP_MODE 0x10002 + #define EVP_CIPH_MODE 0xF0007 + /* Set if variable length cipher */ + #define EVP_CIPH_VARIABLE_LENGTH 0x8 +@@ -367,6 +368,13 @@ struct evp_cipher_st + #define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 + #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 + ++/* Cipher context flag to indicate we can handle ++ * wrap mode: if allowed in older applications it could ++ * overflow buffers. ++ */ ++ ++#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 ++ + /* ctrl() values */ + + #define EVP_CTRL_INIT 0x0 +@@ -729,6 +737,7 @@ const EVP_CIPHER *EVP_des_cbc(void); + const EVP_CIPHER *EVP_des_ede_cbc(void); + const EVP_CIPHER *EVP_des_ede3_cbc(void); + const EVP_CIPHER *EVP_desx_cbc(void); ++const EVP_CIPHER *EVP_des_ede3_wrap(void); + /* This should now be supported through the dev_crypto ENGINE. But also, why are + * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ + #if 0 +@@ -788,6 +797,8 @@ const EVP_CIPHER *EVP_aes_128_ctr(void); + const EVP_CIPHER *EVP_aes_128_ccm(void); + const EVP_CIPHER *EVP_aes_128_gcm(void); + const EVP_CIPHER *EVP_aes_128_xts(void); ++const EVP_CIPHER *EVP_aes_128_wrap(void); ++const EVP_CIPHER *EVP_aes_128_wrap_pad(void); + const EVP_CIPHER *EVP_aes_192_ecb(void); + const EVP_CIPHER *EVP_aes_192_cbc(void); + const EVP_CIPHER *EVP_aes_192_cfb1(void); +@@ -798,6 +809,8 @@ const EVP_CIPHER *EVP_aes_192_ofb(void); + const EVP_CIPHER *EVP_aes_192_ctr(void); + const EVP_CIPHER *EVP_aes_192_ccm(void); + const EVP_CIPHER *EVP_aes_192_gcm(void); ++const EVP_CIPHER *EVP_aes_192_wrap(void); ++const EVP_CIPHER *EVP_aes_192_wrap_pad(void); + const EVP_CIPHER *EVP_aes_256_ecb(void); + const EVP_CIPHER *EVP_aes_256_cbc(void); + const EVP_CIPHER *EVP_aes_256_cfb1(void); +@@ -809,6 +822,8 @@ const EVP_CIPHER *EVP_aes_256_ctr(void); + const EVP_CIPHER *EVP_aes_256_ccm(void); + const EVP_CIPHER *EVP_aes_256_gcm(void); + const EVP_CIPHER *EVP_aes_256_xts(void); ++const EVP_CIPHER *EVP_aes_256_wrap(void); ++const EVP_CIPHER *EVP_aes_256_wrap_pad(void); + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); + const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); +@@ -1397,6 +1412,7 @@ void ERR_load_EVP_strings(void); + #define EVP_R_UNSUPPORTED_PRF 125 + #define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 + #define EVP_R_UNSUPPORTED_SALT_TYPE 126 ++#define EVP_R_WRAP_MODE_NOT_ALLOWED 170 + #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 + #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + +diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.wrap openssl-1.0.1j/crypto/evp/evp_lib.c +--- openssl-1.0.1j/crypto/evp/evp_lib.c.wrap 2014-10-16 13:30:10.585652805 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:30:10.680654949 +0200 +@@ -68,7 +68,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ + if (c->cipher->set_asn1_parameters != NULL) + ret=c->cipher->set_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) +- ret=EVP_CIPHER_set_asn1_iv(c, type); ++ { ++ if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) ++ { ++ ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ++ ret = 1; ++ } ++ else ++ ret=EVP_CIPHER_set_asn1_iv(c, type); ++ } + else + ret=-1; + return(ret); +@@ -81,7 +89,11 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_ + if (c->cipher->get_asn1_parameters != NULL) + ret=c->cipher->get_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) ++ { ++ if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) ++ return 1; + ret=EVP_CIPHER_get_asn1_iv(c, type); ++ } + else + ret=-1; + return(ret); +diff -up openssl-1.0.1j/crypto/evp/evp_test.c.wrap openssl-1.0.1j/crypto/evp/evp_test.c +--- openssl-1.0.1j/crypto/evp/evp_test.c.wrap 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_test.c 2014-10-16 13:30:10.680654949 +0200 +@@ -141,7 +141,7 @@ static void test1(const EVP_CIPHER *c,co + { + EVP_CIPHER_CTX ctx; + unsigned char out[4096]; +- int outl,outl2; ++ int outl,outl2,mode; + + printf("Testing cipher %s%s\n",EVP_CIPHER_name(c), + (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)"))); +@@ -151,6 +151,7 @@ static void test1(const EVP_CIPHER *c,co + hexdump(stdout,"Plaintext",plaintext,pn); + hexdump(stdout,"Ciphertext",ciphertext,cn); + ++ mode = EVP_CIPHER_mode(c); + if(kn != c->key_len) + { + fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn, +@@ -158,9 +159,19 @@ static void test1(const EVP_CIPHER *c,co + test1_exit(5); + } + EVP_CIPHER_CTX_init(&ctx); ++ EVP_CIPHER_CTX_set_flags(&ctx,EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if (encdec != 0) + { +- if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) ++ if (mode == EVP_CIPH_WRAP_MODE) ++ { ++ if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,in ? iv : NULL)) ++ { ++ fprintf(stderr,"EncryptInit failed\n"); ++ ERR_print_errors_fp(stderr); ++ test1_exit(10); ++ } ++ } ++ else if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) + { + fprintf(stderr,"EncryptInit failed\n"); + ERR_print_errors_fp(stderr); +@@ -199,7 +210,16 @@ static void test1(const EVP_CIPHER *c,co + + if (encdec <= 0) + { +- if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) ++ if (mode == EVP_CIPH_WRAP_MODE) ++ { ++ if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,in ? iv : NULL)) ++ { ++ fprintf(stderr,"EncryptInit failed\n"); ++ ERR_print_errors_fp(stderr); ++ test1_exit(10); ++ } ++ } ++ else if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) + { + fprintf(stderr,"DecryptInit failed\n"); + ERR_print_errors_fp(stderr); +@@ -339,7 +359,7 @@ int main(int argc,char **argv) + perror(szTestFile); + EXIT(2); + } +- ++ ERR_load_crypto_strings(); + /* Load up the software EVP_CIPHER and EVP_MD definitions */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); +diff -up openssl-1.0.1j/crypto/evp/evptests.txt.wrap openssl-1.0.1j/crypto/evp/evptests.txt +--- openssl-1.0.1j/crypto/evp/evptests.txt.wrap 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evptests.txt 2014-10-16 13:30:10.681654972 +0200 +@@ -332,3 +332,15 @@ SEED-ECB:0000000000000000000000000000000 + SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 + SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 + SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 ++ ++# AES wrap tests from RFC3394 ++id-aes128-wrap:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 ++id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D ++id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 ++id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 ++id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 ++id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 ++# AES wrap tests from RFC5649 ++id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a ++id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f ++ +diff -up openssl-1.0.1j/crypto/modes/Makefile.wrap openssl-1.0.1j/crypto/modes/Makefile +--- openssl-1.0.1j/crypto/modes/Makefile.wrap 2014-10-16 13:30:10.560652240 +0200 ++++ openssl-1.0.1j/crypto/modes/Makefile 2014-10-16 13:30:10.681654972 +0200 +@@ -22,9 +22,9 @@ APPS= + + LIB=$(TOP)/libcrypto.a + LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \ +- ccm128.c xts128.c ++ ccm128.c xts128.c wrap128.c + LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o \ +- ccm128.o xts128.o $(MODES_ASM_OBJ) ++ ccm128.o xts128.o wrap128.o $(MODES_ASM_OBJ) + + SRC= $(LIBSRC) + +diff -up openssl-1.0.1j/crypto/modes/modes.h.wrap openssl-1.0.1j/crypto/modes/modes.h +--- openssl-1.0.1j/crypto/modes/modes.h.wrap 2014-10-16 13:30:10.681654972 +0200 ++++ openssl-1.0.1j/crypto/modes/modes.h 2014-10-16 13:31:01.232796186 +0200 +@@ -136,6 +136,20 @@ typedef struct xts128_context XTS128_CON + + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, size_t len, int enc); ++ ++size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block); ++ ++size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block); ++size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block); ++size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block); + #ifdef __cplusplus + } + #endif +diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/wrap128.c +--- openssl-1.0.1j/crypto/modes/wrap128.c.wrap 2014-10-16 13:30:10.681654972 +0200 ++++ openssl-1.0.1j/crypto/modes/wrap128.c 2014-10-16 13:30:10.681654972 +0200 +@@ -0,0 +1,372 @@ ++/* crypto/modes/wrap128.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ * Mode with padding contributed by Petr Spacek (pspacek@redhat.com). ++ */ ++/* ==================================================================== ++ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ */ ++ ++/** Beware! ++ * ++ * Following wrapping modes were designed for AES but this implementation ++ * allows you to use them for any 128 bit block cipher. ++ */ ++ ++#include "cryptlib.h" ++#include ++ ++/** RFC 3394 section 2.2.3.1 Default Initial Value */ ++static const unsigned char default_iv[] = { ++ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, ++}; ++ ++/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */ ++static const unsigned char default_aiv[] = { ++ 0xA6, 0x59, 0x59, 0xA6 ++}; ++ ++/** Input size limit: lower than maximum of standards but far larger than ++ * anything that will be used in practice. ++ */ ++#define CRYPTO128_WRAP_MAX (1UL << 31) ++ ++/** Wrapping according to RFC 3394 section 2.2.1. ++ * ++ * @param[in] key Key value. ++ * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv. ++ * @param[in] in Plain text as n 64-bit blocks, n >= 2. ++ * @param[in] inlen Length of in. ++ * @param[out] out Cipher text. Minimal buffer length = (inlen + 8) bytes. ++ * Input and output buffers can overlap if block function ++ * supports that. ++ * @param[in] block Block processing function. ++ * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2. ++ * or if inlen > CRYPTO128_WRAP_MAX. ++ * Output length if wrapping succeeded. ++ */ ++size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block) ++ { ++ unsigned char *A, B[16], *R; ++ size_t i, j, t; ++ if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) ++ return 0; ++ A = B; ++ t = 1; ++ memmove(out + 8, in, inlen); ++ if (!iv) ++ iv = default_iv; ++ ++ memcpy(A, iv, 8); ++ ++ for (j = 0; j < 6; j++) ++ { ++ R = out + 8; ++ for (i = 0; i < inlen; i += 8, t++, R += 8) ++ { ++ memcpy(B + 8, R, 8); ++ block(B, B, key); ++ A[7] ^= (unsigned char)(t & 0xff); ++ if (t > 0xff) ++ { ++ A[6] ^= (unsigned char)((t >> 8) & 0xff); ++ A[5] ^= (unsigned char)((t >> 16) & 0xff); ++ A[4] ^= (unsigned char)((t >> 24) & 0xff); ++ } ++ memcpy(R, B + 8, 8); ++ } ++ } ++ memcpy(out, A, 8); ++ return inlen + 8; ++ } ++ ++ ++/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2. ++ * IV check (step 3) is responsibility of the caller. ++ * ++ * @param[in] key Key value. ++ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. ++ * @param[out] out Plain text without IV. ++ * Minimal buffer length = (inlen - 8) bytes. ++ * Input and output buffers can overlap if block function ++ * supports that. ++ * @param[in] in Ciphertext text as n 64-bit blocks ++ * @param[in] inlen Length of in. ++ * @param[in] block Block processing function. ++ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] ++ * or if inlen is not multiply of 8. ++ * Output length otherwise. ++ */ ++static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, ++ unsigned char *out, const unsigned char *in, ++ size_t inlen, block128_f block) ++ { ++ unsigned char *A, B[16], *R; ++ size_t i, j, t; ++ inlen -= 8; ++ if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) ++ return 0; ++ A = B; ++ t = 6 * (inlen >> 3); ++ memcpy(A, in, 8); ++ memmove(out, in + 8, inlen); ++ for (j = 0; j < 6; j++) ++ { ++ R = out + inlen - 8; ++ for (i = 0; i < inlen; i += 8, t--, R -= 8) ++ { ++ A[7] ^= (unsigned char)(t & 0xff); ++ if (t > 0xff) ++ { ++ A[6] ^= (unsigned char)((t >> 8) & 0xff); ++ A[5] ^= (unsigned char)((t >> 16) & 0xff); ++ A[4] ^= (unsigned char)((t >> 24) & 0xff); ++ } ++ memcpy(B + 8, R, 8); ++ block(B, B, key); ++ memcpy(R, B + 8, 8); ++ } ++ } ++ memcpy(iv, A, 8); ++ return inlen; ++ } ++ ++/** Unwrapping according to RFC 3394 section 2.2.2 including IV check. ++ * First block of plain text have to match supplied IV otherwise an error is ++ * returned. ++ * ++ * @param[in] key Key value. ++ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. ++ * @param[out] out Plain text without IV. ++ * Minimal buffer length = (inlen - 8) bytes. ++ * Input and output buffers can overlap if block function ++ * supports that. ++ * @param[in] in Ciphertext text as n 64-bit blocks ++ * @param[in] inlen Length of in. ++ * @param[in] block Block processing function. ++ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] ++ * or if inlen is not multiply of 8 ++ * or if IV doesn't match expected value. ++ * Output length otherwise. ++ */ ++size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, ++ unsigned char *out, const unsigned char *in, size_t inlen, ++ block128_f block) ++ { ++ size_t ret; ++ unsigned char got_iv[8]; ++ ++ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block); ++ if (ret != inlen) ++ return ret; ++ ++ if (!iv) ++ iv = default_iv; ++ if (CRYPTO_memcmp(out, iv, 8)) ++ { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ return inlen; ++ } ++ ++/** Wrapping according to RFC 5649 section 4.1. ++ * ++ * @param[in] key Key value. ++ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. ++ * @param[out] out Cipher text. Minimal buffer length = (inlen + 15) bytes. ++ * Input and output buffers can overlap if block function ++ * supports that. ++ * @param[in] in Plain text as n 64-bit blocks, n >= 2. ++ * @param[in] inlen Length of in. ++ * @param[in] block Block processing function. ++ * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX]. ++ * Output length if wrapping succeeded. ++ */ ++size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block) ++ { ++ /* n: number of 64-bit blocks in the padded key data */ ++ const size_t blocks_padded = (inlen + 8) / 8; ++ const size_t padded_len = blocks_padded * 8; ++ const size_t padding_len = padded_len - inlen; ++ /* RFC 5649 section 3: Alternative Initial Value */ ++ unsigned char aiv[8]; ++ int ret; ++ ++ /* Section 1: use 32-bit fixed field for plaintext octet length */ ++ if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX) ++ return 0; ++ ++ /* Section 3: Alternative Initial Value */ ++ if (!icv) ++ memcpy(aiv, default_aiv, 4); ++ else ++ memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ ++ ++ aiv[4] = (inlen >> 24) & 0xFF; ++ aiv[5] = (inlen >> 16) & 0xFF; ++ aiv[6] = (inlen >> 8) & 0xFF; ++ aiv[7] = inlen & 0xFF; ++ ++ if (padded_len == 8) ++ { ++ /* Section 4.1 - special case in step 2: ++ * If the padded plaintext contains exactly eight octets, then ++ * prepend the AIV and encrypt the resulting 128-bit block ++ * using AES in ECB mode. */ ++ memmove(out + 8, in, inlen); ++ memcpy(out, aiv, 8); ++ memset(out + 8 + inlen, 0, padding_len); ++ block(out, out, key); ++ ret = 16; /* AIV + padded input */ ++ } ++ else ++ { ++ memmove(out, in, inlen); ++ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ ++ ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block); ++ } ++ ++ return ret; ++ } ++ ++/** Unwrapping according to RFC 5649 section 4.2. ++ * ++ * @param[in] key Key value. ++ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. ++ * @param[out] out Plain text. Minimal buffer length = inlen bytes. ++ * Input and output buffers can overlap if block function ++ * supports that. ++ * @param[in] in Ciphertext text as n 64-bit blocks ++ * @param[in] inlen Length of in. ++ * @param[in] block Block processing function. ++ * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX], ++ * or if inlen is not multiply of 8 ++ * or if IV and message length indicator doesn't match. ++ * Output length if unwrapping succeeded and IV matches. ++ */ ++size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, block128_f block) ++ { ++ /* n: number of 64-bit blocks in the padded key data */ ++ size_t n = inlen / 8 - 1; ++ size_t padded_len; ++ size_t padding_len; ++ size_t ptext_len; ++ /* RFC 5649 section 3: Alternative Initial Value */ ++ unsigned char aiv[8]; ++ static unsigned char zeros[8] = {0x0}; ++ size_t ret; ++ ++ /* Section 4.2: Cipher text length has to be (n+1) 64-bit blocks. */ ++ if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) ++ return 0; ++ ++ memmove(out, in, inlen); ++ if (inlen == 16) ++ { ++ /* Section 4.2 - special case in step 1: ++ * When n=1, the ciphertext contains exactly two 64-bit ++ * blocks and they are decrypted as a single AES ++ * block using AES in ECB mode: ++ * AIV | P[1] = DEC(K, C[0] | C[1]) ++ */ ++ block(out, out, key); ++ memcpy(aiv, out, 8); ++ /* Remove AIV */ ++ memmove(out, out + 8, 8); ++ padded_len = 8; ++ } ++ else ++ { ++ padded_len = inlen - 8; ++ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); ++ if (padded_len != ret) ++ { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ } ++ ++ /* Section 3: AIV checks: Check that MSB(32,A) = A65959A6. ++ * Optionally a user-supplied value can be used ++ * (even if standard doesn't mention this). */ ++ if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4)) ++ || (icv && CRYPTO_memcmp(aiv, icv, 4))) ++ { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ ++ /* Check that 8*(n-1) < LSB(32,AIV) <= 8*n. ++ * If so, let ptext_len = LSB(32,AIV). */ ++ ++ ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7]; ++ if (8*(n-1) >= ptext_len || ptext_len > 8*n) ++ { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ ++ /* Check that the rightmost padding_len octets of the output data ++ * are zero. */ ++ padding_len = padded_len - ptext_len; ++ if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) ++ { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ ++ /* Section 4.2 step 3: Remove padding */ ++ return ptext_len; ++ } diff --git a/openssl-1.0.1e-fips-ec.patch b/openssl-1.0.1j-fips-ec.patch similarity index 89% rename from openssl-1.0.1e-fips-ec.patch rename to openssl-1.0.1j-fips-ec.patch index e1f648c..b608a9d 100644 --- a/openssl-1.0.1e-fips-ec.patch +++ b/openssl-1.0.1j-fips-ec.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h ---- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec 2013-11-08 17:59:42.755019363 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ecdh.h 2013-11-08 17:59:43.147028002 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1j/crypto/ecdh/ecdh.h +--- openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec 2014-10-16 13:25:20.248098308 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ecdh.h 2014-10-16 13:25:20.730109190 +0200 @@ -85,6 +85,8 @@ extern "C" { #endif @@ -10,9 +10,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ec const ECDH_METHOD *ECDH_OpenSSL(void); void ECDH_set_default_method(const ECDH_METHOD *); -diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c ---- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c 2013-11-08 17:59:54.712282862 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1j/crypto/ecdh/ecdhtest.c +--- openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c 2014-10-16 13:25:20.730109190 +0200 @@ -323,8 +323,10 @@ int main(int argc, char *argv[]) if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -24,9 +24,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecd if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err; if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err; if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err; -diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c ---- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_lib.c +--- openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ech_lib.c 2014-10-16 13:25:20.730109190 +0200 @@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth { if(!default_ECDH_method) @@ -42,9 +42,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh } return default_ECDH_method; } -diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c ---- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_ossl.c +--- openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c 2014-10-16 13:25:20.730109190 +0200 @@ -79,6 +79,10 @@ #include #include @@ -99,9 +99,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd if ((tmp=EC_POINT_new(group)) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c ---- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecdsatest.c +--- openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c 2014-10-16 13:25:20.731109212 +0200 @@ -138,11 +138,14 @@ int restore_rand(void) } @@ -137,9 +137,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e if (!test_builtin(out)) goto err; ret = 0; -diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c ---- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_lib.c +--- openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c 2014-10-16 13:25:20.731109212 +0200 @@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me { if(!default_ECDSA_method) @@ -155,9 +155,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd } return default_ECDSA_method; } -diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c ---- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c +--- openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c 2014-10-16 13:25:20.731109212 +0200 @@ -60,6 +60,9 @@ #include #include @@ -207,9 +207,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) -diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c ---- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ec_key.c 2013-11-08 17:59:43.148028024 +0100 +diff -up openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec openssl-1.0.1j/crypto/ec/ec_key.c +--- openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ec/ec_key.c 2014-10-16 13:25:20.731109212 +0200 @@ -64,9 +64,6 @@ #include #include "ec_lcl.h" @@ -306,10 +306,10 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, EC_R_COORDINATES_OUT_OF_RANGE); -diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c ---- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_mont.c 2013-11-08 17:59:43.149028046 +0100 -@@ -63,18 +63,11 @@ +diff -up openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_mont.c +--- openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec 2014-10-16 13:25:20.731109212 +0200 ++++ openssl-1.0.1j/crypto/ec/ecp_mont.c 2014-10-16 13:27:34.156121340 +0200 +@@ -63,10 +63,6 @@ #include @@ -320,26 +320,22 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec #include "ec_lcl.h" - const EC_METHOD *EC_GFp_mont_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_mont_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void +@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void + ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; - return &ret; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_mont_method(); -#endif +- + return &ret; } - -diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c ---- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_nist.c 2013-11-08 17:59:43.149028046 +0100 -@@ -67,15 +67,8 @@ +diff -up openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_nist.c +--- openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec 2014-10-16 13:25:20.732109235 +0200 ++++ openssl-1.0.1j/crypto/ec/ecp_nist.c 2014-10-16 13:27:53.163550441 +0200 +@@ -67,10 +67,6 @@ #include #include "ec_lcl.h" @@ -349,24 +345,23 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec - const EC_METHOD *EC_GFp_nist_method(void) { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_nist_method(); --#else static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void +@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_nist_method(void + 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_nist_method(); -#endif +- + return &ret; } - int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) -diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c ---- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c 2013-11-08 17:59:43.149028046 +0100 -@@ -65,17 +65,10 @@ +diff -up openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_smpl.c +--- openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ec/ecp_smpl.c 2014-10-16 13:28:39.386593946 +0200 +@@ -65,10 +65,6 @@ #include #include @@ -377,22 +372,19 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec #include "ec_lcl.h" const EC_METHOD *EC_GFp_simple_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_simple_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo +@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(vo + 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_simple_method(); -#endif +- + return &ret; } - -@@ -186,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO +@@ -187,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO return 0; } @@ -405,9 +397,9 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); -diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c ---- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c 2013-11-08 17:59:43.149028046 +0100 +diff -up openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1j/crypto/evp/m_ecdsa.c +--- openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_ecdsa.c 2014-10-16 13:25:20.732109235 +0200 @@ -116,7 +116,6 @@ #include @@ -430,9 +422,9 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m } #endif -#endif -diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c ---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2013-11-08 17:59:43.149028046 +0100 -+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c 2013-11-08 17:59:43.149028046 +0100 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2014-10-16 13:25:20.732109235 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c 2014-10-16 13:25:20.732109235 +0200 @@ -0,0 +1,496 @@ +/* fips/ecdh/fips_ecdhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -930,9 +922,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c ---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 -+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2014-10-16 13:25:20.733109257 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c 2014-10-16 13:25:20.733109257 +0200 @@ -0,0 +1,533 @@ +/* fips/ecdsa/fips_ecdsavs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1467,9 +1459,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 -+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec 2014-10-16 13:25:20.733109257 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c 2014-10-16 13:25:20.733109257 +0200 @@ -0,0 +1,252 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1723,9 +1715,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/ + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 -+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2014-10-16 13:25:20.733109257 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c 2014-10-16 13:25:20.733109257 +0200 @@ -0,0 +1,167 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1894,9 +1886,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e + } + +#endif -diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h ---- openssl-1.0.1e/crypto/fips/fips.h.fips-ec 2013-11-08 17:59:43.116027318 +0100 -+++ openssl-1.0.1e/crypto/fips/fips.h 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips.h.fips-ec openssl-1.0.1j/crypto/fips/fips.h +--- openssl-1.0.1j/crypto/fips/fips.h.fips-ec 2014-10-16 13:25:20.701108535 +0200 ++++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:25:20.733109257 +0200 @@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void); void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); @@ -1906,9 +1898,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c ---- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec 2013-11-08 17:59:43.117027340 +0100 -+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-11-08 17:59:43.150028068 +0100 +diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec openssl-1.0.1j/crypto/fips/fips_post.c +--- openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec 2014-10-16 13:25:20.702108557 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:25:20.733109257 +0200 @@ -95,8 +95,12 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_rsa()) @@ -1922,9 +1914,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi return rv; } -diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile ---- openssl-1.0.1e/crypto/fips/Makefile.fips-ec 2013-11-08 17:59:43.119027384 +0100 -+++ openssl-1.0.1e/crypto/fips/Makefile 2013-11-08 17:59:43.151028090 +0100 +diff -up openssl-1.0.1j/crypto/fips/Makefile.fips-ec openssl-1.0.1j/crypto/fips/Makefile +--- openssl-1.0.1j/crypto/fips/Makefile.fips-ec 2014-10-16 13:25:20.704108603 +0200 ++++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:25:20.734109280 +0200 @@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -1941,7 +1933,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ LIBCRYPTO=-L.. -lcrypto -@@ -118,6 +118,21 @@ fips_aes_selftest.o: ../../include/opens +@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens fips_aes_selftest.o: ../../include/openssl/safestack.h fips_aes_selftest.o: ../../include/openssl/stack.h fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c @@ -1963,7 +1955,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h fips_des_selftest.o: ../../include/openssl/crypto.h fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -@@ -231,6 +246,46 @@ fips_dsa_selftest.o: ../../include/opens +@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens fips_dsa_selftest.o: ../../include/openssl/stack.h fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c fips_dsa_selftest.o: fips_locl.h @@ -2010,7 +2002,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h fips_hmac_selftest.o: ../../include/openssl/crypto.h fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -@@ -245,6 +300,15 @@ fips_hmac_selftest.o: ../../include/open +@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open fips_hmac_selftest.o: ../../include/openssl/safestack.h fips_hmac_selftest.o: ../../include/openssl/stack.h fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c @@ -2026,9 +2018,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map ---- openssl-1.0.1e/version.map.fips-ec 2013-11-08 17:59:43.131027649 +0100 -+++ openssl-1.0.1e/version.map 2013-11-08 17:59:43.151028090 +0100 +diff -up openssl-1.0.1j/version.map.fips-ec openssl-1.0.1j/version.map +--- openssl-1.0.1j/version.map.fips-ec 2014-10-16 13:25:20.716108873 +0200 ++++ openssl-1.0.1j/version.map 2014-10-16 13:25:20.734109280 +0200 @@ -6,3 +6,7 @@ OPENSSL_1.0.1 { _original*; _current*; diff --git a/openssl-1.0.1g-fips.patch b/openssl-1.0.1j-fips.patch similarity index 95% rename from openssl-1.0.1g-fips.patch rename to openssl-1.0.1j-fips.patch index 449ca1c..dff6aca 100644 --- a/openssl-1.0.1g-fips.patch +++ b/openssl-1.0.1j-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1g/apps/speed.c.fips openssl-1.0.1g/apps/speed.c ---- openssl-1.0.1g/apps/speed.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/apps/speed.c 2014-05-06 16:29:50.536922993 +0200 +diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c +--- openssl-1.0.1j/apps/speed.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/apps/speed.c 2014-10-16 13:19:35.084306085 +0200 @@ -195,7 +195,6 @@ #ifdef OPENSSL_DOING_MAKEDEPEND #undef AES_set_encrypt_key @@ -126,10 +126,10 @@ diff -up openssl-1.0.1g/apps/speed.c.fips openssl-1.0.1g/apps/speed.c HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 16,EVP_md5(), NULL); -diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure ---- openssl-1.0.1g/Configure.fips 2014-05-06 16:29:50.523922693 +0200 -+++ openssl-1.0.1g/Configure 2014-05-06 16:29:50.536922993 +0200 -@@ -997,11 +997,6 @@ if (defined($disabled{"md5"}) || defined +diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure +--- openssl-1.0.1j/Configure.fips 2014-10-16 13:19:35.056305452 +0200 ++++ openssl-1.0.1j/Configure 2014-10-16 13:19:35.084306085 +0200 +@@ -998,11 +998,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -141,7 +141,7 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1476,7 +1471,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1477,7 +1472,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -149,7 +149,7 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1663,9 +1657,12 @@ while () +@@ -1664,9 +1658,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -163,9 +163,9 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.1g/crypto/aes/aes_misc.c.fips openssl-1.0.1g/crypto/aes/aes_misc.c ---- openssl-1.0.1g/crypto/aes/aes_misc.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/aes/aes_misc.c 2014-05-06 16:29:50.536922993 +0200 +diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes_misc.c +--- openssl-1.0.1j/crypto/aes/aes_misc.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/aes/aes_misc.c 2014-10-16 13:19:35.085306107 +0200 @@ -69,17 +69,11 @@ const char *AES_options(void) { int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -184,9 +184,9 @@ diff -up openssl-1.0.1g/crypto/aes/aes_misc.c.fips openssl-1.0.1g/crypto/aes/aes -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -diff -up openssl-1.0.1g/crypto/cmac/cmac.c.fips openssl-1.0.1g/crypto/cmac/cmac.c ---- openssl-1.0.1g/crypto/cmac/cmac.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/cmac/cmac.c 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac.c +--- openssl-1.0.1j/crypto/cmac/cmac.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/cmac/cmac.c 2014-10-16 13:19:35.085306107 +0200 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -235,9 +235,9 @@ diff -up openssl-1.0.1g/crypto/cmac/cmac.c.fips openssl-1.0.1g/crypto/cmac/cmac. if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -diff -up openssl-1.0.1g/crypto/crypto.h.fips openssl-1.0.1g/crypto/crypto.h ---- openssl-1.0.1g/crypto/crypto.h.fips 2014-05-06 16:29:50.419920288 +0200 -+++ openssl-1.0.1g/crypto/crypto.h 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h +--- openssl-1.0.1j/crypto/crypto.h.fips 2014-10-16 13:19:34.918302337 +0200 ++++ openssl-1.0.1j/crypto/crypto.h 2014-10-16 13:19:35.085306107 +0200 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -283,9 +283,9 @@ diff -up openssl-1.0.1g/crypto/crypto.h.fips openssl-1.0.1g/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.1g/crypto/des/des.h.fips openssl-1.0.1g/crypto/des/des.h ---- openssl-1.0.1g/crypto/des/des.h.fips 2014-05-06 16:29:50.449920982 +0200 -+++ openssl-1.0.1g/crypto/des/des.h 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h +--- openssl-1.0.1j/crypto/des/des.h.fips 2014-10-16 13:19:34.967303443 +0200 ++++ openssl-1.0.1j/crypto/des/des.h 2014-10-16 13:19:35.085306107 +0200 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); @@ -296,9 +296,9 @@ diff -up openssl-1.0.1g/crypto/des/des.h.fips openssl-1.0.1g/crypto/des/des.h void DES_string_to_key(const char *str,DES_cblock *key); void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, -diff -up openssl-1.0.1g/crypto/des/set_key.c.fips openssl-1.0.1g/crypto/des/set_key.c ---- openssl-1.0.1g/crypto/des/set_key.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/des/set_key.c 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_key.c +--- openssl-1.0.1j/crypto/des/set_key.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/des/set_key.c 2014-10-16 13:19:35.085306107 +0200 @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -313,9 +313,9 @@ diff -up openssl-1.0.1g/crypto/des/set_key.c.fips openssl-1.0.1g/crypto/des/set_ { static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; -diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips openssl-1.0.1g/crypto/dh/dh_gen.c ---- openssl-1.0.1g/crypto/dh/dh_gen.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dh/dh_gen.c 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen.c +--- openssl-1.0.1j/crypto/dh/dh_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dh/dh_gen.c 2014-10-16 13:19:35.085306107 +0200 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if(ret->meth->generate_params) @@ -349,9 +349,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips openssl-1.0.1g/crypto/dh/dh_gen. ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.1g/crypto/dh/dh.h.fips openssl-1.0.1g/crypto/dh/dh.h ---- openssl-1.0.1g/crypto/dh/dh.h.fips 2014-05-06 16:29:50.394919710 +0200 -+++ openssl-1.0.1g/crypto/dh/dh.h 2014-05-06 16:29:50.537923016 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h +--- openssl-1.0.1j/crypto/dh/dh.h.fips 2014-10-16 13:19:34.887301637 +0200 ++++ openssl-1.0.1j/crypto/dh/dh.h 2014-10-16 13:19:35.086306130 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -369,9 +369,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh.h.fips openssl-1.0.1g/crypto/dh/dh.h DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); int i2d_DHparams(const DH *a,unsigned char **pp); #ifndef OPENSSL_NO_FP_API -diff -up openssl-1.0.1g/crypto/dh/dh_key.c.fips openssl-1.0.1g/crypto/dh/dh_key.c ---- openssl-1.0.1g/crypto/dh/dh_key.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dh/dh_key.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key.c +--- openssl-1.0.1j/crypto/dh/dh_key.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dh/dh_key.c 2014-10-16 13:19:35.086306130 +0200 @@ -61,6 +61,9 @@ #include #include @@ -452,9 +452,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_key.c.fips openssl-1.0.1g/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.1g/crypto/dh/dh_lib.c.fips openssl-1.0.1g/crypto/dh/dh_lib.c ---- openssl-1.0.1g/crypto/dh/dh_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dh/dh_lib.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib.c +--- openssl-1.0.1j/crypto/dh/dh_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dh/dh_lib.c 2014-10-16 13:19:35.086306130 +0200 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v { if(!default_DH_method) @@ -470,9 +470,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_lib.c.fips openssl-1.0.1g/crypto/dh/dh_lib. } return default_DH_method; } -diff -up openssl-1.0.1g/crypto/dsa/dsa_err.c.fips openssl-1.0.1g/crypto/dsa/dsa_err.c ---- openssl-1.0.1g/crypto/dsa/dsa_err.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_err.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_err.c +--- openssl-1.0.1j/crypto/dsa/dsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_err.c 2014-10-16 13:19:35.086306130 +0200 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -491,9 +491,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_err.c.fips openssl-1.0.1g/crypto/dsa/dsa_ {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, -diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips openssl-1.0.1g/crypto/dsa/dsa_gen.c ---- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_gen.c +--- openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_gen.c 2014-10-16 13:19:35.086306130 +0200 @@ -85,6 +85,14 @@ #include #endif @@ -900,9 +900,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips openssl-1.0.1g/crypto/dsa/dsa_ } if (mont != NULL) BN_MONT_CTX_free(mont); return ok; -diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips openssl-1.0.1g/crypto/dsa/dsa.h ---- openssl-1.0.1g/crypto/dsa/dsa.h.fips 2014-05-06 16:29:50.316917907 +0200 -+++ openssl-1.0.1g/crypto/dsa/dsa.h 2014-05-06 16:29:50.538923040 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h +--- openssl-1.0.1j/crypto/dsa/dsa.h.fips 2014-10-16 13:19:34.791299470 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa.h 2014-10-16 13:19:35.087306152 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -963,9 +963,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips openssl-1.0.1g/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips openssl-1.0.1g/crypto/dsa/dsa_key.c ---- openssl-1.0.1g/crypto/dsa/dsa_key.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_key.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_key.c +--- openssl-1.0.1j/crypto/dsa/dsa_key.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_key.c 2014-10-16 13:19:35.087306152 +0200 @@ -66,6 +66,35 @@ #ifdef OPENSSL_FIPS @@ -1044,9 +1044,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips openssl-1.0.1g/crypto/dsa/dsa_ ok=1; err: -diff -up openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips openssl-1.0.1g/crypto/dsa/dsa_lib.c ---- openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_lib.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_lib.c +--- openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_lib.c 2014-10-16 13:19:35.087306152 +0200 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method { if(!default_DSA_method) @@ -1062,18 +1062,18 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips openssl-1.0.1g/crypto/dsa/dsa_ } return default_DSA_method; } -diff -up openssl-1.0.1g/crypto/dsa/dsa_locl.h.fips openssl-1.0.1g/crypto/dsa/dsa_locl.h ---- openssl-1.0.1g/crypto/dsa/dsa_locl.h.fips 2014-05-06 16:29:50.317917930 +0200 -+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips openssl-1.0.1j/crypto/dsa/dsa_locl.h +--- openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips 2014-10-16 13:19:34.792299493 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_locl.h 2014-10-16 13:19:35.087306152 +0200 @@ -56,5 +56,4 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -diff -up openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1g/crypto/dsa/dsa_ossl.c ---- openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_ossl.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa_ossl.c +--- openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c 2014-10-16 13:19:35.087306152 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1147,9 +1147,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1g/crypto/dsa/dsa dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1g/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsa_pmeth.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c 2014-10-16 13:19:35.087306152 +0200 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1159,9 +1159,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1g/crypto/dsa/ds if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -diff -up openssl-1.0.1g/crypto/dsa/dsatest.c.fips openssl-1.0.1g/crypto/dsa/dsatest.c ---- openssl-1.0.1g/crypto/dsa/dsatest.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/dsa/dsatest.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsatest.c +--- openssl-1.0.1j/crypto/dsa/dsatest.c.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/dsa/dsatest.c 2014-10-16 13:19:35.088306175 +0200 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1246,9 +1246,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsatest.c.fips openssl-1.0.1g/crypto/dsa/dsat goto end; } if (h != 2) -diff -up openssl-1.0.1g/crypto/engine/eng_all.c.fips openssl-1.0.1g/crypto/engine/eng_all.c ---- openssl-1.0.1g/crypto/engine/eng_all.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/engine/eng_all.c 2014-05-06 16:29:50.539923063 +0200 +diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engine/eng_all.c +--- openssl-1.0.1j/crypto/engine/eng_all.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/engine/eng_all.c 2014-10-16 13:19:35.088306175 +0200 @@ -58,11 +58,25 @@ #include "cryptlib.h" @@ -1275,9 +1275,9 @@ diff -up openssl-1.0.1g/crypto/engine/eng_all.c.fips openssl-1.0.1g/crypto/engin #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -diff -up openssl-1.0.1g/crypto/evp/c_allc.c.fips openssl-1.0.1g/crypto/evp/c_allc.c ---- openssl-1.0.1g/crypto/evp/c_allc.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/c_allc.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_allc.c +--- openssl-1.0.1j/crypto/evp/c_allc.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:19:35.088306175 +0200 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -1351,9 +1351,9 @@ diff -up openssl-1.0.1g/crypto/evp/c_allc.c.fips openssl-1.0.1g/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.1g/crypto/evp/c_alld.c.fips openssl-1.0.1g/crypto/evp/c_alld.c ---- openssl-1.0.1g/crypto/evp/c_alld.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/c_alld.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_alld.c +--- openssl-1.0.1j/crypto/evp/c_alld.c.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/c_alld.c 2014-10-16 13:19:35.088306175 +0200 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -1399,9 +1399,9 @@ diff -up openssl-1.0.1g/crypto/evp/c_alld.c.fips openssl-1.0.1g/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.1g/crypto/evp/digest.c.fips openssl-1.0.1g/crypto/evp/digest.c ---- openssl-1.0.1g/crypto/evp/digest.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/digest.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/digest.c +--- openssl-1.0.1j/crypto/evp/digest.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/digest.c 2014-10-16 13:19:35.088306175 +0200 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1550,9 +1550,9 @@ diff -up openssl-1.0.1g/crypto/evp/digest.c.fips openssl-1.0.1g/crypto/evp/diges memset(ctx,'\0',sizeof *ctx); return 1; -diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes.c ---- openssl-1.0.1g/crypto/evp/e_aes.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/e_aes.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes.c +--- openssl-1.0.1j/crypto/evp/e_aes.c.fips 2014-10-16 13:19:35.048305272 +0200 ++++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:19:35.089306198 +0200 @@ -56,7 +56,6 @@ #include #include @@ -1561,7 +1561,7 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes. #include "modes_lcl.h" #include -@@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -730,7 +729,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * if (arg <= 0) return 0; #ifdef OPENSSL_FIPS @@ -1570,7 +1570,7 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes. && arg < 12) return 0; #endif -@@ -1134,7 +1133,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1189,7 +1188,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; #ifdef OPENSSL_FIPS /* Requirement of SP800-38E */ @@ -1579,14 +1579,14 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes. (len > (1UL<<20)*16)) { EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); -@@ -1317,4 +1316,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm +@@ -1386,4 +1385,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/e_des3.c.fips openssl-1.0.1g/crypto/evp/e_des3.c ---- openssl-1.0.1g/crypto/evp/e_des3.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/e_des3.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des3.c +--- openssl-1.0.1j/crypto/evp/e_des3.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:19:35.089306198 +0200 @@ -65,8 +65,6 @@ #include #include @@ -1645,9 +1645,9 @@ diff -up openssl-1.0.1g/crypto/evp/e_des3.c.fips openssl-1.0.1g/crypto/evp/e_des } #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/e_null.c.fips openssl-1.0.1g/crypto/evp/e_null.c ---- openssl-1.0.1g/crypto/evp/e_null.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/e_null.c 2014-05-06 16:29:50.540923086 +0200 +diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_null.c +--- openssl-1.0.1j/crypto/evp/e_null.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/e_null.c 2014-10-16 13:19:35.089306198 +0200 @@ -61,8 +61,6 @@ #include #include @@ -1671,11 +1671,11 @@ diff -up openssl-1.0.1g/crypto/evp/e_null.c.fips openssl-1.0.1g/crypto/evp/e_nul return 1; } -#endif -diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_enc.c ---- openssl-1.0.1g/crypto/evp/evp_enc.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/evp_enc.c 2014-05-06 16:29:50.541923109 +0200 -@@ -69,17 +69,58 @@ - #endif +diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_enc.c +--- openssl-1.0.1j/crypto/evp/evp_enc.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:21:57.064511350 +0200 +@@ -70,17 +70,58 @@ + #include "constant_time_locl.h" #include "evp_locl.h" -#ifdef OPENSSL_FIPS @@ -1737,7 +1737,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ memset(ctx,0,sizeof(EVP_CIPHER_CTX)); /* ctx->cipher=NULL; */ } -@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1752,7 +1752,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct ctx->engine = NULL; #endif @@ -1763,7 +1763,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ ctx->cipher=cipher; if (ctx->cipher->ctx_size) { -@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif @@ -1774,7 +1774,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 -@@ -249,6 +290,22 @@ skip_to_init: +@@ -250,6 +291,22 @@ skip_to_init: } } @@ -1797,7 +1797,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX +@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { @@ -1805,7 +1805,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ if (c->cipher != NULL) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT +@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT } if (c->cipher_data) OPENSSL_free(c->cipher_data); @@ -1822,9 +1822,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_ memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } -diff -up openssl-1.0.1g/crypto/evp/evp.h.fips openssl-1.0.1g/crypto/evp/evp.h ---- openssl-1.0.1g/crypto/evp/evp.h.fips 2014-05-06 16:29:50.432920589 +0200 -+++ openssl-1.0.1g/crypto/evp/evp.h 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h +--- openssl-1.0.1j/crypto/evp/evp.h.fips 2014-10-16 13:19:34.940302834 +0200 ++++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:19:35.090306220 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1877,9 +1877,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp.h.fips openssl-1.0.1g/crypto/evp/evp.h /* Cipher handles any and all padding logic as well * as finalisation. */ -diff -up openssl-1.0.1g/crypto/evp/evp_lib.c.fips openssl-1.0.1g/crypto/evp/evp_lib.c ---- openssl-1.0.1g/crypto/evp/evp_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/evp_lib.c 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_lib.c +--- openssl-1.0.1j/crypto/evp/evp_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:19:35.090306220 +0200 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1890,9 +1890,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_lib.c.fips openssl-1.0.1g/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.1g/crypto/evp/evp_locl.h.fips openssl-1.0.1g/crypto/evp/evp_locl.h ---- openssl-1.0.1g/crypto/evp/evp_locl.h.fips 2014-05-06 16:29:50.428920496 +0200 -+++ openssl-1.0.1g/crypto/evp/evp_locl.h 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp_locl.h +--- openssl-1.0.1j/crypto/evp/evp_locl.h.fips 2014-10-16 13:19:34.933302676 +0200 ++++ openssl-1.0.1j/crypto/evp/evp_locl.h 2014-10-16 13:19:35.090306220 +0200 @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -1927,9 +1927,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_locl.h.fips openssl-1.0.1g/crypto/evp/evp #define Camellia_set_key private_Camellia_set_key #endif -diff -up openssl-1.0.1g/crypto/evp/Makefile.fips openssl-1.0.1g/crypto/evp/Makefile ---- openssl-1.0.1g/crypto/evp/Makefile.fips 2014-04-07 18:55:33.000000000 +0200 -+++ openssl-1.0.1g/crypto/evp/Makefile 2014-05-06 16:29:50.541923109 +0200 +diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makefile +--- openssl-1.0.1j/crypto/evp/Makefile.fips 2014-10-15 14:54:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/Makefile 2014-10-16 13:19:35.090306220 +0200 @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -1948,9 +1948,9 @@ diff -up openssl-1.0.1g/crypto/evp/Makefile.fips openssl-1.0.1g/crypto/evp/Makef e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o SRC= $(LIBSRC) -diff -up openssl-1.0.1g/crypto/evp/m_dss.c.fips openssl-1.0.1g/crypto/evp/m_dss.c ---- openssl-1.0.1g/crypto/evp/m_dss.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_dss.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss.c +--- openssl-1.0.1j/crypto/evp/m_dss.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_dss.c 2014-10-16 13:19:35.090306220 +0200 @@ -66,7 +66,6 @@ #endif @@ -1973,9 +1973,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_dss.c.fips openssl-1.0.1g/crypto/evp/m_dss. } #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/m_dss1.c.fips openssl-1.0.1g/crypto/evp/m_dss1.c ---- openssl-1.0.1g/crypto/evp/m_dss1.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_dss1.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss1.c +--- openssl-1.0.1j/crypto/evp/m_dss1.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_dss1.c 2014-10-16 13:19:35.091306243 +0200 @@ -68,8 +68,6 @@ #include #endif @@ -1999,9 +1999,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_dss1.c.fips openssl-1.0.1g/crypto/evp/m_dss } #endif -#endif -diff -up openssl-1.0.1g/crypto/evp/m_md2.c.fips openssl-1.0.1g/crypto/evp/m_md2.c ---- openssl-1.0.1g/crypto/evp/m_md2.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_md2.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2.c +--- openssl-1.0.1j/crypto/evp/m_md2.c.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_md2.c 2014-10-16 13:19:35.091306243 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -2010,9 +2010,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_md2.c.fips openssl-1.0.1g/crypto/evp/m_md2. static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.1g/crypto/evp/m_sha1.c.fips openssl-1.0.1g/crypto/evp/m_sha1.c ---- openssl-1.0.1g/crypto/evp/m_sha1.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/m_sha1.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha1.c +--- openssl-1.0.1j/crypto/evp/m_sha1.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/m_sha1.c 2014-10-16 13:19:35.091306243 +0200 @@ -59,8 +59,6 @@ #include #include "cryptlib.h" @@ -2077,9 +2077,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_sha1.c.fips openssl-1.0.1g/crypto/evp/m_sha #endif /* ifndef OPENSSL_NO_SHA512 */ -#endif -diff -up openssl-1.0.1g/crypto/evp/p_sign.c.fips openssl-1.0.1g/crypto/evp/p_sign.c ---- openssl-1.0.1g/crypto/evp/p_sign.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/p_sign.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sign.c +--- openssl-1.0.1j/crypto/evp/p_sign.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/p_sign.c 2014-10-16 13:19:35.091306243 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2111,9 +2111,9 @@ diff -up openssl-1.0.1g/crypto/evp/p_sign.c.fips openssl-1.0.1g/crypto/evp/p_sig if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.1g/crypto/evp/p_verify.c.fips openssl-1.0.1g/crypto/evp/p_verify.c ---- openssl-1.0.1g/crypto/evp/p_verify.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/evp/p_verify.c 2014-05-06 16:29:50.542923132 +0200 +diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_verify.c +--- openssl-1.0.1j/crypto/evp/p_verify.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/evp/p_verify.c 2014-10-16 13:19:35.091306243 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2145,9 +2145,9 @@ diff -up openssl-1.0.1g/crypto/evp/p_verify.c.fips openssl-1.0.1g/crypto/evp/p_v i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips 2014-10-16 13:19:35.092306265 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c 2014-10-16 13:19:35.092306265 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3088,9 +3088,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1g/crypt + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips 2014-10-16 13:19:35.092306265 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c 2014-10-16 13:19:35.092306265 +0200 @@ -0,0 +1,517 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3609,9 +3609,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1g/cry + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips 2014-10-16 13:19:35.092306265 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c 2014-10-16 13:19:35.092306265 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -4315,9 +4315,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips 2014-05-06 16:29:50.543923155 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c 2014-05-06 16:29:50.543923155 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips 2014-10-16 13:19:35.093306288 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,292 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4611,9 +4611,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1g/crypto/ + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips 2014-10-16 13:19:35.093306288 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,416 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5031,9 +5031,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1g/crypt + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips 2014-10-16 13:19:35.093306288 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,537 @@ +#include + @@ -5572,9 +5572,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1g/crypto + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c 2014-10-16 13:19:35.093306288 +0200 @@ -0,0 +1,571 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6147,9 +6147,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1g/cryp +} + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips 2014-05-06 16:29:50.544923178 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c 2014-05-06 16:29:50.544923178 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -6381,9 +6381,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1g/crypto + return 0; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6775,9 +6775,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1g/cry + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7149,9 +7149,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1g/cry + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips 2014-10-16 13:19:35.094306310 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c 2014-10-16 13:19:35.094306310 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7530,9 +7530,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1g/cry + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7922,9 +7922,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1g/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips 2014-05-06 16:29:50.545923201 +0200 -+++ openssl-1.0.1g/crypto/fips/cavs/fips_utl.h 2014-05-06 16:29:50.545923201 +0200 +diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -8269,9 +8269,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1g/crypto/f +#endif + } + -diff -up openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_aes_selftest.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,359 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8632,9 +8632,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips.c.fips openssl-1.0.1g/crypto/fips/fips.c ---- openssl-1.0.1g/crypto/fips/fips.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips.c 2014-05-06 16:33:24.309865160 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips.c +--- openssl-1.0.1j/crypto/fips/fips.c.fips 2014-10-16 13:19:35.095306333 +0200 ++++ openssl-1.0.1j/crypto/fips/fips.c 2014-10-16 13:19:35.095306333 +0200 @@ -0,0 +1,491 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9127,9 +9127,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips.c.fips openssl-1.0.1g/crypto/fips/fips. + + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,161 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9292,9 +9292,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1g/cry + return rv; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_des_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_des_selftest.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_des_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,147 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9443,9 +9443,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1g/cryp + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips 2014-05-06 16:29:50.546923224 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c 2014-05-06 16:29:50.546923224 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9883,9 +9883,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1g/crypto/f + + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_hash.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_hash.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hash.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips 2014-10-16 13:19:35.096306356 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,378 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10265,9 +10265,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1g/crypto/ + + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c 2014-10-16 13:19:35.096306356 +0200 @@ -0,0 +1,281 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10550,9 +10550,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1g/crypto/ + + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_lib.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_lib.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_lib.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c 2014-10-16 13:19:35.097306378 +0200 @@ -0,0 +1,578 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -11132,9 +11132,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1g/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; + } -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_rand.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips 2014-05-06 16:29:50.547923248 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c 2014-05-06 16:29:50.547923248 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_rand.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c 2014-10-16 13:19:35.097306378 +0200 @@ -0,0 +1,172 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11308,9 +11308,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1g/crypto/ + return &rand_drbg_meth; + } + -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips 2014-05-06 16:29:50.548923271 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c 2014-05-06 16:29:50.548923271 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips 2014-10-16 13:19:35.097306378 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c 2014-10-16 13:19:35.097306378 +0200 @@ -0,0 +1,862 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12174,9 +12174,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1g/cry + return rv; + } + -diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h ---- openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips 2014-05-06 16:29:50.548923271 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h 2014-05-06 16:29:50.548923271 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h +--- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips 2014-10-16 13:19:35.098306401 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h 2014-10-16 13:19:35.098306401 +0200 @@ -0,0 +1,2335 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14513,9 +14513,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1g/cry + 0xc2,0xd6,0xfd,0xa5 + }; + -diff -up openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c 2014-05-06 16:29:50.548923271 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,193 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14710,9 +14710,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1g/cryp + return ret; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_enc.c.fips openssl-1.0.1g/crypto/fips/fips_enc.c ---- openssl-1.0.1g/crypto/fips/fips_enc.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_enc.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/fips_enc.c +--- openssl-1.0.1j/crypto/fips/fips_enc.c.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_enc.c 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,191 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -14905,9 +14905,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_enc.c.fips openssl-1.0.1g/crypto/fips/f + } + } + -diff -up openssl-1.0.1g/crypto/fips/fips.h.fips openssl-1.0.1g/crypto/fips/fips.h ---- openssl-1.0.1g/crypto/fips/fips.h.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips.h 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips.h +--- openssl-1.0.1j/crypto/fips/fips.h.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,279 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -15188,9 +15188,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips.h.fips openssl-1.0.1g/crypto/fips/fips. +} +#endif +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -15329,9 +15329,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1g/cry + return 1; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_locl.h.fips openssl-1.0.1g/crypto/fips/fips_locl.h ---- openssl-1.0.1g/crypto/fips/fips_locl.h.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_locl.h 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/fips_locl.h +--- openssl-1.0.1j/crypto/fips/fips_locl.h.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_locl.h 2014-10-16 13:19:35.099306423 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15404,9 +15404,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_locl.h.fips openssl-1.0.1g/crypto/fips/ +} +#endif +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_md.c.fips openssl-1.0.1g/crypto/fips/fips_md.c ---- openssl-1.0.1g/crypto/fips/fips_md.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_md.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fips_md.c +--- openssl-1.0.1j/crypto/fips/fips_md.c.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_md.c 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,145 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15553,9 +15553,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_md.c.fips openssl-1.0.1g/crypto/fips/fi + return NULL; + } + } -diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips openssl-1.0.1g/crypto/fips/fips_post.c ---- openssl-1.0.1g/crypto/fips/fips_post.c.fips 2014-05-06 16:29:50.549923294 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_post.c 2014-05-06 16:29:50.549923294 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/fips_post.c +--- openssl-1.0.1j/crypto/fips/fips_post.c.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,205 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15762,9 +15762,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips openssl-1.0.1g/crypto/fips/ + return 1; + } +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rand.c.fips openssl-1.0.1g/crypto/fips/fips_rand.c ---- openssl-1.0.1g/crypto/fips/fips_rand.c.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand.c 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/fips_rand.c +--- openssl-1.0.1j/crypto/fips/fips_rand.c.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand.c 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,457 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -16223,9 +16223,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand.c.fips openssl-1.0.1g/crypto/fips/ +} + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rand.h.fips openssl-1.0.1g/crypto/fips/fips_rand.h ---- openssl-1.0.1g/crypto/fips/fips_rand.h.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand.h 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/fips_rand.h +--- openssl-1.0.1j/crypto/fips/fips_rand.h.fips 2014-10-16 13:19:35.100306446 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand.h 2014-10-16 13:19:35.100306446 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16372,9 +16372,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand.h.fips openssl-1.0.1g/crypto/fips/ +#endif +#endif +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1g/crypto/fips/fips_rand_lcl.h ---- openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand_lcl.h 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/fips/fips_rand_lcl.h +--- openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,219 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -16595,9 +16595,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1g/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1g/crypto/fips/fips_rand_lib.c ---- openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand_lib.c 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/fips/fips_rand_lib.c +--- openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,191 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -16790,9 +16790,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1g/crypto/f + } + return 0; + } -diff -up openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips 2014-05-06 16:29:50.550923317 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rand_selftest.c 2014-05-06 16:29:50.550923317 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,183 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16977,9 +16977,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1g/cry + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_randtest.c.fips openssl-1.0.1g/crypto/fips/fips_randtest.c ---- openssl-1.0.1g/crypto/fips/fips_randtest.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_randtest.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/fips/fips_randtest.c +--- openssl-1.0.1j/crypto/fips/fips_randtest.c.fips 2014-10-16 13:19:35.101306469 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_randtest.c 2014-10-16 13:19:35.101306469 +0200 @@ -0,0 +1,250 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -17231,9 +17231,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_randtest.c.fips openssl-1.0.1g/crypto/f + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -17679,9 +17679,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1g/cryp + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,282 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -17965,9 +17965,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1g/crypto/ + return 0; + + } -diff -up openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_sha_selftest.c ---- openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_sha_selftest.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_sha_selftest.c +--- openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,140 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18109,9 +18109,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1g/cryp + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c ---- openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips 2014-05-06 16:29:50.551923340 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c 2014-05-06 16:29:50.551923340 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c +--- openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips 2014-10-16 13:19:35.102306491 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c 2014-10-16 13:19:35.102306491 +0200 @@ -0,0 +1,236 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18349,9 +18349,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1g/c + } + + -diff -up openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips openssl-1.0.1g/crypto/fips/fips_test_suite.c ---- openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips 2014-05-06 16:29:50.552923363 +0200 -+++ openssl-1.0.1g/crypto/fips/fips_test_suite.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto/fips/fips_test_suite.c +--- openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips 2014-10-16 13:19:35.103306514 +0200 ++++ openssl-1.0.1j/crypto/fips/fips_test_suite.c 2014-10-16 13:19:35.103306514 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18941,9 +18941,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips openssl-1.0.1g/crypto + } + +#endif -diff -up openssl-1.0.1g/crypto/fips/Makefile.fips openssl-1.0.1g/crypto/fips/Makefile ---- openssl-1.0.1g/crypto/fips/Makefile.fips 2014-05-06 16:29:50.552923363 +0200 -+++ openssl-1.0.1g/crypto/fips/Makefile 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Makefile +--- openssl-1.0.1j/crypto/fips/Makefile.fips 2014-10-16 13:19:35.103306514 +0200 ++++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:19:35.103306514 +0200 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -19286,9 +19286,9 @@ diff -up openssl-1.0.1g/crypto/fips/Makefile.fips openssl-1.0.1g/crypto/fips/Mak +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -diff -up openssl-1.0.1g/crypto/hmac/hmac.c.fips openssl-1.0.1g/crypto/hmac/hmac.c ---- openssl-1.0.1g/crypto/hmac/hmac.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/hmac/hmac.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac.c +--- openssl-1.0.1j/crypto/hmac/hmac.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/hmac/hmac.c 2014-10-16 13:19:35.103306514 +0200 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -19351,9 +19351,9 @@ diff -up openssl-1.0.1g/crypto/hmac/hmac.c.fips openssl-1.0.1g/crypto/hmac/hmac. EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -diff -up openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1g/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/mdc2/mdc2dgst.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c 2014-10-16 13:19:35.103306514 +0200 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -19363,9 +19363,9 @@ diff -up openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1g/crypto/mdc2/m { c->num=0; c->pad_type=1; -diff -up openssl-1.0.1g/crypto/md2/md2_dgst.c.fips openssl-1.0.1g/crypto/md2/md2_dgst.c ---- openssl-1.0.1g/crypto/md2/md2_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/md2/md2_dgst.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2_dgst.c +--- openssl-1.0.1j/crypto/md2/md2_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/md2/md2_dgst.c 2014-10-16 13:19:35.103306514 +0200 @@ -62,6 +62,11 @@ #include #include @@ -19387,9 +19387,9 @@ diff -up openssl-1.0.1g/crypto/md2/md2_dgst.c.fips openssl-1.0.1g/crypto/md2/md2 { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.1g/crypto/md4/md4_dgst.c.fips openssl-1.0.1g/crypto/md4/md4_dgst.c ---- openssl-1.0.1g/crypto/md4/md4_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/md4/md4_dgst.c 2014-05-06 16:29:50.552923363 +0200 +diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4_dgst.c +--- openssl-1.0.1j/crypto/md4/md4_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/md4/md4_dgst.c 2014-10-16 13:19:35.104306536 +0200 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19399,9 +19399,9 @@ diff -up openssl-1.0.1g/crypto/md4/md4_dgst.c.fips openssl-1.0.1g/crypto/md4/md4 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.1g/crypto/md5/md5_dgst.c.fips openssl-1.0.1g/crypto/md5/md5_dgst.c ---- openssl-1.0.1g/crypto/md5/md5_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/md5/md5_dgst.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5_dgst.c +--- openssl-1.0.1j/crypto/md5/md5_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/md5/md5_dgst.c 2014-10-16 13:19:35.104306536 +0200 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19411,9 +19411,9 @@ diff -up openssl-1.0.1g/crypto/md5/md5_dgst.c.fips openssl-1.0.1g/crypto/md5/md5 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.1g/crypto/o_fips.c.fips openssl-1.0.1g/crypto/o_fips.c ---- openssl-1.0.1g/crypto/o_fips.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/o_fips.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c +--- openssl-1.0.1j/crypto/o_fips.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/o_fips.c 2014-10-16 13:19:35.104306536 +0200 @@ -79,6 +79,8 @@ int FIPS_mode_set(int r) #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -19423,9 +19423,9 @@ diff -up openssl-1.0.1g/crypto/o_fips.c.fips openssl-1.0.1g/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -diff -up openssl-1.0.1g/crypto/o_init.c.fips openssl-1.0.1g/crypto/o_init.c ---- openssl-1.0.1g/crypto/o_init.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/o_init.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c +--- openssl-1.0.1j/crypto/o_init.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/o_init.c 2014-10-16 13:19:35.104306536 +0200 @@ -55,28 +55,68 @@ #include #include @@ -19499,9 +19499,9 @@ diff -up openssl-1.0.1g/crypto/o_init.c.fips openssl-1.0.1g/crypto/o_init.c + { + OPENSSL_init_library(); + } -diff -up openssl-1.0.1g/crypto/opensslconf.h.in.fips openssl-1.0.1g/crypto/opensslconf.h.in ---- openssl-1.0.1g/crypto/opensslconf.h.in.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/opensslconf.h.in 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opensslconf.h.in +--- openssl-1.0.1j/crypto/opensslconf.h.in.fips 2014-10-15 14:51:06.000000000 +0200 ++++ openssl-1.0.1j/crypto/opensslconf.h.in 2014-10-16 13:19:35.104306536 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -19523,10 +19523,10 @@ diff -up openssl-1.0.1g/crypto/opensslconf.h.in.fips openssl-1.0.1g/crypto/opens /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips openssl-1.0.1g/crypto/rand/md_rand.c ---- openssl-1.0.1g/crypto/rand/md_rand.c.fips 2014-04-07 18:54:21.000000000 +0200 -+++ openssl-1.0.1g/crypto/rand/md_rand.c 2014-05-06 16:29:50.553923386 +0200 -@@ -395,7 +395,10 @@ static int ssleay_rand_bytes(unsigned ch +diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md_rand.c +--- openssl-1.0.1j/crypto/rand/md_rand.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rand/md_rand.c 2014-10-16 13:19:35.104306536 +0200 +@@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -19538,9 +19538,9 @@ diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips openssl-1.0.1g/crypto/rand/md { RAND_poll(); initialized = 1; -diff -up openssl-1.0.1g/crypto/rand/rand.h.fips openssl-1.0.1g/crypto/rand/rand.h ---- openssl-1.0.1g/crypto/rand/rand.h.fips 2014-05-06 16:29:50.303917606 +0200 -+++ openssl-1.0.1g/crypto/rand/rand.h 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand.h +--- openssl-1.0.1j/crypto/rand/rand.h.fips 2014-10-16 13:19:34.775299109 +0200 ++++ openssl-1.0.1j/crypto/rand/rand.h 2014-10-16 13:19:35.105306559 +0200 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -19581,9 +19581,9 @@ diff -up openssl-1.0.1g/crypto/rand/rand.h.fips openssl-1.0.1g/crypto/rand/rand. #ifdef __cplusplus } -diff -up openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1g/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/ripemd/rmd_dgst.c 2014-05-06 16:29:50.553923386 +0200 +diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c 2014-10-16 13:19:35.105306559 +0200 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif @@ -19593,9 +19593,9 @@ diff -up openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1g/crypto/ripe { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1g/crypto/rsa/rsa_crpt.c ---- openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_crpt.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa_crpt.c +--- openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c 2014-10-16 13:19:35.105306559 +0200 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const RSA *rsa, int padding) { @@ -19622,9 +19622,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1g/crypto/rsa/rsa return -1; } #endif -diff -up openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips openssl-1.0.1g/crypto/rsa/rsa_eay.c ---- openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_eay.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_eay.c +--- openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_eay.c 2014-10-16 13:19:35.105306559 +0200 @@ -114,6 +114,10 @@ #include #include @@ -19755,9 +19755,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips openssl-1.0.1g/crypto/rsa/rsa_ rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.1g/crypto/rsa/rsa_err.c.fips openssl-1.0.1g/crypto/rsa/rsa_err.c ---- openssl-1.0.1g/crypto/rsa/rsa_err.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_err.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_err.c +--- openssl-1.0.1j/crypto/rsa/rsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_err.c 2014-10-16 13:19:35.105306559 +0200 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -19767,9 +19767,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_err.c.fips openssl-1.0.1g/crypto/rsa/rsa_ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, -diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips openssl-1.0.1g/crypto/rsa/rsa_gen.c ---- openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_gen.c +--- openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_gen.c 2014-10-16 13:19:35.106306581 +0200 @@ -69,6 +69,78 @@ #include #ifdef OPENSSL_FIPS @@ -19911,9 +19911,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips openssl-1.0.1g/crypto/rsa/rsa_ ok=1; err: if (ok == -1) -diff -up openssl-1.0.1g/crypto/rsa/rsa.h.fips openssl-1.0.1g/crypto/rsa/rsa.h ---- openssl-1.0.1g/crypto/rsa/rsa.h.fips 2014-05-06 16:29:50.436920681 +0200 -+++ openssl-1.0.1g/crypto/rsa/rsa.h 2014-05-06 16:29:50.554923409 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h +--- openssl-1.0.1j/crypto/rsa/rsa.h.fips 2014-10-16 13:19:34.947302992 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa.h 2014-10-16 13:24:00.824305281 +0200 @@ -164,6 +164,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -19997,10 +19997,10 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa.h.fips openssl-1.0.1g/crypto/rsa/rsa.h +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 - #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips openssl-1.0.1g/crypto/rsa/rsa_lib.c ---- openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_lib.c 2014-05-06 16:29:50.554923409 +0200 + #define RSA_R_PKCS_DECODING_ERROR 159 +diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_lib.c +--- openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_lib.c 2014-10-16 13:19:35.106306581 +0200 @@ -84,6 +84,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -20076,9 +20076,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips openssl-1.0.1g/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1g/crypto/rsa/rsa_pmeth.c ---- openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_pmeth.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c 2014-10-16 13:19:35.106306581 +0200 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -20122,9 +20122,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1g/crypto/rsa/rs if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa_sign.c ---- openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/rsa/rsa_sign.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa_sign.c +--- openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/rsa/rsa_sign.c 2014-10-16 13:19:35.106306581 +0200 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -20135,7 +20135,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa if (i <= 0) ret=0; else -@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi +@@ -197,8 +198,8 @@ int int_rsa_verify(int dtype, const unsi if((dtype == NID_md5_sha1) && rm) { @@ -20146,7 +20146,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa if (i <= 0) return 0; *prm_len = i; -@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi +@@ -215,7 +216,8 @@ int int_rsa_verify(int dtype, const unsi RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); goto err; } @@ -20156,9 +20156,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa if (i <= 0) goto err; /* Oddball MDC2 case: signature can be OCTET STRING. -diff -up openssl-1.0.1g/crypto/sha/sha.h.fips openssl-1.0.1g/crypto/sha/sha.h ---- openssl-1.0.1g/crypto/sha/sha.h.fips 2014-05-06 16:29:50.224915780 +0200 -+++ openssl-1.0.1g/crypto/sha/sha.h 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h +--- openssl-1.0.1j/crypto/sha/sha.h.fips 2014-10-16 13:19:34.667296671 +0200 ++++ openssl-1.0.1j/crypto/sha/sha.h 2014-10-16 13:19:35.107306604 +0200 @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -20191,9 +20191,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha.h.fips openssl-1.0.1g/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -diff -up openssl-1.0.1g/crypto/sha/sha_locl.h.fips openssl-1.0.1g/crypto/sha/sha_locl.h ---- openssl-1.0.1g/crypto/sha/sha_locl.h.fips 2014-05-06 16:29:50.226915826 +0200 -+++ openssl-1.0.1g/crypto/sha/sha_locl.h 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha_locl.h +--- openssl-1.0.1j/crypto/sha/sha_locl.h.fips 2014-10-16 13:19:34.669296716 +0200 ++++ openssl-1.0.1j/crypto/sha/sha_locl.h 2014-10-16 13:19:35.107306604 +0200 @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h4 0xc3d2e1f0UL @@ -20210,9 +20210,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha_locl.h.fips openssl-1.0.1g/crypto/sha/sha memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.1g/crypto/sha/sha256.c.fips openssl-1.0.1g/crypto/sha/sha256.c ---- openssl-1.0.1g/crypto/sha/sha256.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/sha/sha256.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha256.c +--- openssl-1.0.1j/crypto/sha/sha256.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/sha/sha256.c 2014-10-16 13:19:35.107306604 +0200 @@ -12,12 +12,19 @@ #include @@ -20243,9 +20243,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha256.c.fips openssl-1.0.1g/crypto/sha/sha25 memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.1g/crypto/sha/sha512.c.fips openssl-1.0.1g/crypto/sha/sha512.c ---- openssl-1.0.1g/crypto/sha/sha512.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/sha/sha512.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha512.c +--- openssl-1.0.1j/crypto/sha/sha512.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/sha/sha512.c 2014-10-16 13:19:35.107306604 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -20277,9 +20277,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha512.c.fips openssl-1.0.1g/crypto/sha/sha51 c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); -diff -up openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1g/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/crypto/whrlpool/wp_dgst.c 2014-05-06 16:29:50.555923432 +0200 +diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c 2014-10-16 13:19:35.107306604 +0200 @@ -55,7 +55,7 @@ #include #include @@ -20289,9 +20289,9 @@ diff -up openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1g/crypto/whr { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.1g/Makefile.org.fips openssl-1.0.1g/Makefile.org ---- openssl-1.0.1g/Makefile.org.fips 2014-05-06 16:29:50.519922600 +0200 -+++ openssl-1.0.1g/Makefile.org 2014-05-06 16:29:50.556923456 +0200 +diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org +--- openssl-1.0.1j/Makefile.org.fips 2014-10-16 13:19:35.062305588 +0200 ++++ openssl-1.0.1j/Makefile.org 2014-10-16 13:19:35.108306626 +0200 @@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -20319,10 +20319,10 @@ diff -up openssl-1.0.1g/Makefile.org.fips openssl-1.0.1g/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.1g/ssl/d1_srvr.c.fips openssl-1.0.1g/ssl/d1_srvr.c ---- openssl-1.0.1g/ssl/d1_srvr.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/d1_srvr.c 2014-05-06 16:29:50.556923456 +0200 -@@ -1383,6 +1383,8 @@ int dtls1_send_server_key_exchange(SSL * +diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c +--- openssl-1.0.1j/ssl/d1_srvr.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/ssl/d1_srvr.c 2014-10-16 13:19:35.108306626 +0200 +@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL * j=0; for (num=2; num > 0; num--) { @@ -20331,9 +20331,9 @@ diff -up openssl-1.0.1g/ssl/d1_srvr.c.fips openssl-1.0.1g/ssl/d1_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.1g/ssl/ssl_algs.c.fips openssl-1.0.1g/ssl/ssl_algs.c ---- openssl-1.0.1g/ssl/ssl_algs.c.fips 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/ssl_algs.c 2014-05-06 16:29:50.556923456 +0200 +diff -up openssl-1.0.1j/ssl/ssl_algs.c.fips openssl-1.0.1j/ssl/ssl_algs.c +--- openssl-1.0.1j/ssl/ssl_algs.c.fips 2014-10-15 14:53:39.000000000 +0200 ++++ openssl-1.0.1j/ssl/ssl_algs.c 2014-10-16 13:19:35.108306626 +0200 @@ -64,6 +64,12 @@ int SSL_library_init(void) { diff --git a/openssl-dont-include-winsock-h.patch b/openssl-dont-include-winsock-h.patch new file mode 100644 index 0000000..694728d --- /dev/null +++ b/openssl-dont-include-winsock-h.patch @@ -0,0 +1,11 @@ +--- ssl/dtls1.h.orig 2014-12-22 19:03:22.442338471 +0100 ++++ ssl/dtls1.h 2014-12-22 19:03:44.061694335 +0100 +@@ -68,7 +68,7 @@ + #endif + #ifdef OPENSSL_SYS_WIN32 + /* Needed for struct timeval */ +-#include ++#include + #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) + #include + #else diff --git a/sources b/sources index b97a288..615e1aa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c152e5284765c3325301a62b01a48fc0 openssl-1.0.1i-hobbled.tar.xz +d6eba044f614596f94ba27a90be2b5de openssl-1.0.1j-hobbled.tar.xz