From 45fb3a2724685762b803b552c94107432594ca24 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Thu, 26 Nov 2009 07:00:46 +0000 Subject: [PATCH] - Merged patches from native Fedora openssl (up to 1.0.0-0.16.beta4) - Dropped the patch to fix non-fips mingw build, as it's now merged into fips patch from native openssl --- mingw32-openssl-1.0.0-beta4-nofips.patch | 130 ------- mingw32-openssl.spec | 12 +- openssl-1.0.0-beta4-dtls-ipv6.patch | 219 ++++++++++++ openssl-1.0.0-beta4-fips.patch | 420 ++++++++++++----------- 4 files changed, 447 insertions(+), 334 deletions(-) delete mode 100644 mingw32-openssl-1.0.0-beta4-nofips.patch create mode 100644 openssl-1.0.0-beta4-dtls-ipv6.patch diff --git a/mingw32-openssl-1.0.0-beta4-nofips.patch b/mingw32-openssl-1.0.0-beta4-nofips.patch deleted file mode 100644 index fba1b6f..0000000 --- a/mingw32-openssl-1.0.0-beta4-nofips.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.mingw-nofips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c ---- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c 2009-11-22 19:07:58.000000000 +0200 -@@ -65,7 +65,9 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include "fips_locl.h" - - static int dsa_builtin_keygen(DSA *dsa); -diff -up openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -49,7 +49,9 @@ - - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - - #ifdef OPENSSL_FIPS -diff -up openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -49,7 +49,9 @@ - - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - #include - -diff -up openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -59,7 +59,9 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - #include - #include -diff -up openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -49,7 +49,9 @@ - - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - - #ifdef OPENSSL_FIPS -diff -up openssl-1.0.0-beta4/crypto/fips/fips_rand.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_rand.c ---- openssl-1.0.0-beta4/crypto/fips/fips_rand.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c 2009-11-22 19:07:58.000000000 +0200 -@@ -76,7 +76,9 @@ - # endif - #endif - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include "fips_locl.h" - - #ifdef OPENSSL_FIPS -diff -up openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -49,7 +49,9 @@ - - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - #include - -diff -up openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -49,7 +49,9 @@ - - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - #include - #include -diff -up openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c.mingw-nofips openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c 2009-11-22 19:07:58.000000000 +0200 -@@ -49,7 +49,9 @@ - - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - #include - #include - -diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.mingw-nofips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c ---- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.mingw-nofips 2009-11-22 19:07:58.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c 2009-11-22 19:07:58.000000000 +0200 -@@ -115,7 +115,9 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS - #include -+#endif - - #ifndef RSA_NULL - diff --git a/mingw32-openssl.spec b/mingw32-openssl.spec index 3f8f216..a956103 100644 --- a/mingw32-openssl.spec +++ b/mingw32-openssl.spec @@ -31,7 +31,7 @@ Name: mingw32-openssl Version: 1.0.0 -Release: 0.5.%{beta}%{?dist} +Release: 0.6.%{beta}%{?dist} Summary: MinGW port of the OpenSSL toolkit License: OpenSSL @@ -83,6 +83,7 @@ Patch60: openssl-1.0.0-beta4-reneg.patch Patch61: openssl-1.0.0-beta4-client-reneg.patch Patch62: openssl-1.0.0-beta4-backports.patch Patch63: openssl-1.0.0-beta4-reneg-err.patch +Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch # MinGW-specific patches. # Use MINGW32_CFLAGS (set below) in Configure script @@ -94,8 +95,6 @@ Patch102: mingw32-openssl-1.0.0-beta3-sfx.patch # Ugly patch to fix a compilation error (the linker can't find # some symbols mentioned in an autogenerated .def file) Patch105: mingw32-openssl-1.0.0-beta3-linker-fix.patch -# Fix build without fips -Patch106: mingw32-openssl-1.0.0-beta4-nofips.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -189,12 +188,12 @@ Static version of the MinGW port of the OpenSSL toolkit. %patch61 -p1 -b .client-reneg %patch62 -p1 -b .backports %patch63 -p1 -b .reneg-err +%patch64 -p1 -b .dtls-ipv6 %patch100 -p1 -b .mingw-configure %patch101 -p1 -b .mingw-libversion %patch102 -p1 -b .mingw-sfx %patch105 -p0 -b .mingw-linker-fix -%patch106 -p1 -b .mingw-nofips # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -353,6 +352,11 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Nov 26 2009 Kalev Lember - 1.0.0-0.6.beta4 +- Merged patches from native Fedora openssl (up to 1.0.0-0.16.beta4) +- Dropped the patch to fix non-fips mingw build, + as it's now merged into fips patch from native openssl + * Sun Nov 22 2009 Kalev Lember - 1.0.0-0.5.beta4 - Updated to version 1.0.0 beta 4 - Merged patches from native Fedora openssl (up to 1.0.0-0.15.beta4) diff --git a/openssl-1.0.0-beta4-dtls-ipv6.patch b/openssl-1.0.0-beta4-dtls-ipv6.patch new file mode 100644 index 0000000..1173f1a --- /dev/null +++ b/openssl-1.0.0-beta4-dtls-ipv6.patch @@ -0,0 +1,219 @@ +diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c +--- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 2009-11-09 15:09:53.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bio/b_sock.c 2009-11-23 08:50:45.000000000 +0100 +@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr) + if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) + { + OPENSSL_assert(sa.len.s<=sizeof(sa.from)); +- sa.len.i = (unsigned int)sa.len.s; ++ sa.len.i = (int)sa.len.s; ++ /* use sa.len.i from this point */ + } + if (ret == INVALID_SOCKET) + { +diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c +--- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 2009-10-15 19:41:44.000000000 +0200 ++++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c 2009-11-23 08:50:45.000000000 +0100 +@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp= + + typedef struct bio_dgram_data_st + { ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; + #if OPENSSL_USE_IPV6 +- struct sockaddr_storage peer; +-#else +- struct sockaddr_in peer; ++ struct sockaddr_in6 sa_in6; + #endif ++ } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; +@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out, + int ret=0; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + ++ struct { ++ /* ++ * See commentary in b_sock.c. ++ */ ++ union { size_t s; int i; } len; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; + #if OPENSSL_USE_IPV6 +- struct sockaddr_storage peer; +-#else +- struct sockaddr_in peer; ++ struct sockaddr_in6 sa_in6; + #endif +- int peerlen = sizeof(peer); ++ } peer; ++ } sa; ++ ++ sa.len.s=0; ++ sa.len.i=sizeof(sa.peer); + + if (out != NULL) + { + clear_socket_error(); +- memset(&peer, 0x00, peerlen); +- /* Last arg in recvfrom is signed on some platforms and +- * unsigned on others. It is of type socklen_t on some +- * but this is not universal. Cast to (void *) to avoid +- * compiler warnings. +- */ ++ memset(&sa.peer, 0x00, sizeof(sa.peer)); + dgram_adjust_rcv_timeout(b); +- ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen); ++ ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len); ++ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) ++ { ++ OPENSSL_assert(sa.len.s<=sizeof(sa.peer)); ++ sa.len.i = (int)sa.len.s; ++ } + dgram_reset_rcv_timeout(b); + + if ( ! data->connected && ret >= 0) +- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); ++ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); + + BIO_clear_retry_flags(b); + if (ret < 0) +@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha + if ( data->connected ) + ret=writesocket(b->num,in,inl); + else +-#if OPENSSL_USE_IPV6 +- if (data->peer.ss_family == AF_INET) + #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); ++ ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer)); + #else +- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); +-#endif +- else +-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6)); +-#else +- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6)); +-#endif +-#else +-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); +-#else +- ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in)); +-#endif ++ ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer)); + #endif + + BIO_clear_retry_flags(b); +@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd, + else + { + #endif ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage)); +-#else +- memcpy(&(data->peer),to, sizeof(struct sockaddr_in)); +-#endif ++ case AF_INET6: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); ++ break; ++#endif ++ default: ++ memcpy(&data->peer,to,sizeof(data->peer.sa)); ++ break; ++ } + #if 0 + } + #endif +@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd, + if ( to != NULL) + { + data->connected = 1; ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(&(data->peer),to, sizeof(struct sockaddr_storage)); +-#else +- memcpy(&(data->peer),to, sizeof(struct sockaddr_in)); +-#endif ++ case AF_INET6: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); ++ break; ++#endif ++ default: ++ memcpy(&data->peer,to,sizeof(data->peer.sa)); ++ break; ++ } + } + else + { + data->connected = 0; +-#if OPENSSL_USE_IPV6 +- memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage)); +-#else +- memset(&(data->peer), 0x00, sizeof(struct sockaddr_in)); +-#endif ++ memset(&(data->peer), 0x00, sizeof(data->peer)); + } + break; + case BIO_CTRL_DGRAM_GET_PEER: + to = (struct sockaddr *) ptr; +- ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in))); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(to, &(data->peer), sizeof(struct sockaddr_storage)); +- ret = sizeof(struct sockaddr_storage); +-#else +- memcpy(to, &(data->peer), sizeof(struct sockaddr_in)); +- ret = sizeof(struct sockaddr_in); +-#endif ++ case AF_INET6: ++ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6))); ++ break; ++#endif ++ default: ++ memcpy(to,&data->peer,(ret=sizeof(data->peer.sa))); ++ break; ++ } + break; + case BIO_CTRL_DGRAM_SET_PEER: + to = (struct sockaddr *) ptr; +- ++ switch (to->sa_family) ++ { ++ case AF_INET: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in)); ++ break; + #if OPENSSL_USE_IPV6 +- memcpy(&(data->peer), to, sizeof(struct sockaddr_storage)); +-#else +- memcpy(&(data->peer), to, sizeof(struct sockaddr_in)); +-#endif ++ case AF_INET6: ++ memcpy(&data->peer,to,sizeof(data->peer.sa_in6)); ++ break; ++#endif ++ default: ++ memcpy(&data->peer,to,sizeof(data->peer.sa)); ++ break; ++ } + break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); diff --git a/openssl-1.0.0-beta4-fips.patch b/openssl-1.0.0-beta4-fips.patch index bc81d71..41b3d1f 100644 --- a/openssl-1.0.0-beta4-fips.patch +++ b/openssl-1.0.0-beta4-fips.patch @@ -1,6 +1,6 @@ diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure ---- openssl-1.0.0-beta4/Configure.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/Configure 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/Configure.fips 2009-11-23 08:32:31.000000000 +0100 ++++ openssl-1.0.0-beta4/Configure 2009-11-23 08:32:31.000000000 +0100 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -45,7 +45,7 @@ diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto/bf/bf_skey.c --- openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bf/bf_skey.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bf/bf_skey.c 2009-11-23 08:32:31.000000000 +0100 @@ -59,10 +59,15 @@ #include #include @@ -64,8 +64,8 @@ diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto int i; BF_LONG *p,ri,in[2]; diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypto/bf/blowfish.h ---- openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bf/blowfish.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bf/blowfish.h 2009-11-23 08:32:31.000000000 +0100 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -78,8 +78,8 @@ diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypt void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/bn.h ---- openssl-1.0.0-beta4/crypto/bn/bn.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bn/bn.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/bn/bn.h.fips 2009-11-23 08:32:31.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bn/bn.h 2009-11-23 08:32:31.000000000 +0100 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -99,8 +99,8 @@ diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/b void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/bn/bn_x931p.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/bn/bn_x931p.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -376,7 +376,7 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c + diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/bn/Makefile --- openssl-1.0.0-beta4/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/bn/Makefile 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/bn/Makefile 2009-11-23 08:32:31.000000000 +0100 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -395,7 +395,7 @@ diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/ diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl --- openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl 2009-11-23 08:32:31.000000000 +0100 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -423,8 +423,8 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0- @SBOX=( diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4/crypto/camellia/camellia.h ---- openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/camellia.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/camellia.h 2009-11-23 08:32:31.000000000 +0100 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -438,8 +438,8 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4 CAMELLIA_KEY *key); diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -511,7 +511,7 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c +#endif diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c --- openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c 2009-11-23 08:32:31.000000000 +0100 @@ -52,11 +52,20 @@ #include #include @@ -535,7 +535,7 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta return -1; diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/crypto/camellia/Makefile --- openssl-1.0.0-beta4/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/camellia/Makefile 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/camellia/Makefile 2009-11-23 08:32:31.000000000 +0100 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -549,8 +549,8 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/c SRC= $(LIBSRC) diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/cast/cast.h ---- openssl-1.0.0-beta4/crypto/cast/cast.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/cast/cast.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/cast/cast.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/cast/cast.h 2009-11-23 08:32:31.000000000 +0100 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -564,7 +564,7 @@ diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/ int enc); diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypto/cast/c_skey.c --- openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/cast/c_skey.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/cast/c_skey.c 2009-11-23 08:32:31.000000000 +0100 @@ -57,6 +57,11 @@ */ @@ -587,8 +587,8 @@ diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypt CAST_LONG x[16]; CAST_LONG z[16]; diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/crypto.h ---- openssl-1.0.0-beta4/crypto/crypto.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/crypto.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/crypto.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/crypto.h 2009-11-23 08:32:31.000000000 +0100 @@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) @@ -661,7 +661,7 @@ diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/cry /* Function codes. */ diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/dh/dh_err.c --- openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dh/dh_err.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dh/dh_err.c 2009-11-23 08:32:31.000000000 +0100 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -681,7 +681,7 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/ {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/dh/dh_gen.c --- openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dh/dh_gen.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dh/dh_gen.c 2009-11-23 08:32:31.000000000 +0100 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -715,8 +715,8 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/ if (ctx == NULL) goto err; BN_CTX_start(ctx); diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/dh.h ---- openssl-1.0.0-beta4/crypto/dh/dh.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dh/dh.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/dh/dh.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dh/dh.h 2009-11-23 08:32:31.000000000 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -745,7 +745,7 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/d } diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/dh/dh_key.c --- openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dh/dh_key.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dh/dh_key.c 2009-11-23 08:32:31.000000000 +0100 @@ -61,6 +61,9 @@ #include #include @@ -797,7 +797,7 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/ } diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c --- openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c 2009-11-23 08:32:31.000000000 +0100 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -834,8 +834,8 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypt qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/dsa/dsa.h ---- openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa.h 2009-11-23 08:32:31.000000000 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -894,14 +894,16 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/ds #ifdef __cplusplus diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c --- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c 2009-11-12 12:36:50.000000000 +0100 -@@ -63,9 +63,53 @@ ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c 2009-11-23 08:33:32.000000000 +0100 +@@ -63,9 +63,55 @@ #include #include #include +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include "fips_locl.h" static int dsa_builtin_keygen(DSA *dsa); @@ -949,7 +951,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt int DSA_generate_key(DSA *dsa) { if(dsa->meth->dsa_keygen) -@@ -79,6 +123,14 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -79,6 +125,14 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -964,7 +966,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt if ((ctx=BN_CTX_new()) == NULL) goto err; if (dsa->priv_key == NULL) -@@ -117,6 +169,15 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -117,6 +171,15 @@ static int dsa_builtin_keygen(DSA *dsa) dsa->priv_key=priv_key; dsa->pub_key=pub_key; @@ -982,7 +984,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt err: diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c --- openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c 2009-11-23 08:32:31.000000000 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1056,7 +1058,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/cryp } diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypto/err/err_all.c --- openssl-1.0.0-beta4/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/err/err_all.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/err/err_all.c 2009-11-23 08:32:31.000000000 +0100 @@ -96,6 +96,9 @@ #include #include @@ -1079,7 +1081,7 @@ diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypt #endif diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto/evp/digest.c --- openssl-1.0.0-beta4/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/digest.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/digest.c 2009-11-23 08:32:31.000000000 +0100 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1180,7 +1182,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto ret=ctx->digest->final(ctx,md); diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/evp/e_aes.c --- openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/e_aes.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_aes.c 2009-11-23 08:32:31.000000000 +0100 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1235,7 +1237,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/ const unsigned char *iv, int enc) diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/crypto/evp/e_camellia.c --- openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/e_camellia.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_camellia.c 2009-11-23 08:32:31.000000000 +0100 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1247,7 +1249,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/cr IMPLEMENT_CAMELLIA_CFBR(192,1) diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto/evp/e_des3.c --- openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/e_des3.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_des3.c 2009-11-23 08:32:31.000000000 +0100 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1294,7 +1296,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto/evp/e_null.c --- openssl-1.0.0-beta4/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/e_null.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/e_null.c 2009-11-23 08:32:31.000000000 +0100 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1306,7 +1308,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto NULL, diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypto/evp/evp_enc.c --- openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp_enc.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_enc.c 2009-11-23 08:32:31.000000000 +0100 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1401,7 +1403,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypt } diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypto/evp/evp_err.c --- openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2009-11-23 08:32:31.000000000 +0100 @@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1411,8 +1413,8 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypt {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/evp/evp.h ---- openssl-1.0.0-beta4/crypto/evp/evp.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/evp/evp.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp.h 2009-11-23 08:32:31.000000000 +0100 @@ -75,6 +75,10 @@ #include #endif @@ -1491,7 +1493,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev #define EVP_R_EXPECTING_AN_RSA_KEY 127 diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypto/evp/evp_lib.c --- openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/evp_lib.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_lib.c 2009-11-23 08:32:31.000000000 +0100 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1540,8 +1542,8 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt + return (ctx->flags & flags); + } diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/crypto/evp/evp_locl.h ---- openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/evp_locl.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/evp_locl.h 2009-11-23 08:32:31.000000000 +0100 @@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ @@ -1593,7 +1595,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp { diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss.c --- openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/m_dss.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/m_dss.c 2009-11-23 08:32:31.000000000 +0100 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1605,7 +1607,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/ final, diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss1.c --- openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/m_dss1.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/m_dss1.c 2009-11-23 08:32:31.000000000 +0100 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1617,7 +1619,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto final, diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto/evp/m_sha1.c --- openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/m_sha1.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/m_sha1.c 2009-11-23 08:32:31.000000000 +0100 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1670,7 +1672,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto final512, diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/evp/names.c --- openssl-1.0.0-beta4/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/names.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/names.c 2009-11-23 08:32:31.000000000 +0100 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1695,7 +1697,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/ if (r == 0) return(0); diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto/evp/p_sign.c --- openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/evp/p_sign.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/p_sign.c 2009-11-23 08:32:31.000000000 +0100 @@ -61,6 +61,7 @@ #include #include @@ -1729,7 +1731,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto *siglen = sltmp; diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/crypto/evp/p_verify.c --- openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/evp/p_verify.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/evp/p_verify.c 2009-11-23 08:32:31.000000000 +0100 @@ -61,6 +61,7 @@ #include #include @@ -1762,8 +1764,8 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/cryp err: EVP_PKEY_CTX_free(pkctx); diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2705,8 +2707,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3411,8 +3413,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,537 @@ +#include + @@ -3952,8 +3954,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4186,8 +4188,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4580,8 +4582,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4954,8 +4956,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5335,8 +5337,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5727,8 +5729,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6074,8 +6076,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h + } + diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips_err.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips_err.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,7 @@ +#include + @@ -6085,8 +6087,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c +static void *dummy=&dummy; +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips_err.h 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips_err.h 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6226,9 +6228,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h +#endif + } diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,101 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -6280,7 +6282,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include + +#ifdef OPENSSL_FIPS @@ -6331,8 +6335,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6754,9 +6758,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,137 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -6808,7 +6812,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include + @@ -6895,9 +6901,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,184 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -6959,7 +6965,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c +#include +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include +#include @@ -7083,8 +7091,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips.h 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips.h 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7250,9 +7258,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h +#endif +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,135 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * @@ -7304,7 +7312,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include + +#ifdef OPENSSL_FIPS @@ -7389,9 +7399,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c + } +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,410 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * @@ -7470,7 +7480,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c +# endif +#endif +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include "fips_locl.h" + +#ifdef OPENSSL_FIPS @@ -7803,8 +7815,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.h 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rand.h 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7884,9 +7896,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h +#endif +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,371 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -7938,7 +7950,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include + @@ -8259,8 +8273,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_randtest.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_randtest.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8511,9 +8525,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,439 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. + * @@ -8565,7 +8579,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include +#include @@ -8954,8 +8970,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c + +#endif /* def OPENSSL_FIPS */ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9239,9 +9255,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c + + } diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c 2009-11-12 12:36:50.000000000 +0100 -@@ -0,0 +1,97 @@ +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c 2009-11-23 08:33:32.000000000 +0100 +@@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -9293,7 +9309,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c + +#include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif +#include +#include + @@ -9340,8 +9358,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9517,8 +9535,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c + + diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10109,8 +10127,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c + +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips_locl.h 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips_locl.h 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10185,8 +10203,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h +#endif +#endif diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/fips/Makefile 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/fips/Makefile 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10271,7 +10289,7 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile + diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/hmac/hmac.c --- openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/hmac/hmac.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/hmac/hmac.c 2009-11-23 08:32:31.000000000 +0100 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10298,8 +10316,8 @@ diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/ + } + diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips openssl-1.0.0-beta4/crypto/hmac/hmac.h ---- openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/hmac/hmac.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/hmac/hmac.h 2009-11-23 08:32:31.000000000 +0100 @@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md unsigned int *md_len); int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); @@ -10310,7 +10328,7 @@ diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips openssl-1.0.0-beta4/crypto/ } diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Makefile --- openssl-1.0.0-beta4/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/Makefile 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/Makefile 2009-11-23 08:32:31.000000000 +0100 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10331,7 +10349,7 @@ diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Mak diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c --- openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -61,6 +61,11 @@ #include #include @@ -10354,8 +10372,8 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/cry c->num=0; c->pad_type=1; diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2.h ---- openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips 2009-11-23 08:32:31.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/mdc2/mdc2.h 2009-11-23 08:32:31.000000000 +0100 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10369,7 +10387,7 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/ int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/crypto/md2/md2_dgst.c --- openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/md2/md2_dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md2/md2_dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -62,6 +62,11 @@ #include #include @@ -10392,8 +10410,8 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/cryp c->num=0; memset(c->state,0,sizeof c->state); diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md2/md2.h ---- openssl-1.0.0-beta4/crypto/md2/md2.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md2/md2.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/md2/md2.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md2/md2.h 2009-11-23 08:32:31.000000000 +0100 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10406,7 +10424,7 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md int MD2_Final(unsigned char *md, MD2_CTX *c); diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/crypto/md4/md4_dgst.c --- openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md4/md4_dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md4/md4_dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10429,8 +10447,8 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/cryp memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md4/md4.h ---- openssl-1.0.0-beta4/crypto/md4/md4.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md4/md4.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/md4/md4.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md4/md4.h 2009-11-23 08:32:31.000000000 +0100 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10443,7 +10461,7 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md int MD4_Final(unsigned char *md, MD4_CTX *c); diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/crypto/md5/md5_dgst.c --- openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md5/md5_dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md5/md5_dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10466,8 +10484,8 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/cryp memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md5/md5.h ---- openssl-1.0.0-beta4/crypto/md5/md5.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/md5/md5.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/md5/md5.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/md5/md5.h 2009-11-23 08:32:31.000000000 +0100 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10480,7 +10498,7 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md int MD5_Final(unsigned char *md, MD5_CTX *c); diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c --- openssl-1.0.0-beta4/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/mem.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/mem.c 2009-11-23 08:32:31.000000000 +0100 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10491,8 +10509,8 @@ diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/o_init.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/o_init.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10576,7 +10594,7 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c + diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/crypto/opensslconf.h.in --- openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/opensslconf.h.in 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/opensslconf.h.in 2009-11-23 08:32:31.000000000 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10600,7 +10618,7 @@ diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/cr diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c --- openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c 2009-11-23 08:32:31.000000000 +0100 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10629,7 +10647,7 @@ diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/cr if (!iter) diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/crypto/rand/md_rand.c --- openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/md_rand.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/md_rand.c 2009-11-23 08:32:31.000000000 +0100 @@ -126,6 +126,10 @@ #include @@ -10658,7 +10676,7 @@ diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/cryp { diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/crypto/rand/rand_err.c --- openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/rand_err.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/rand_err.c 2009-11-23 08:32:31.000000000 +0100 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10692,8 +10710,8 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/cry }; diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/rand/rand.h ---- openssl-1.0.0-beta4/crypto/rand/rand.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/rand.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/rand/rand.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/rand.h 2009-11-23 08:32:31.000000000 +0100 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10725,7 +10743,7 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/ } diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/crypto/rand/rand_lib.c --- openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rand/rand_lib.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rand/rand_lib.c 2009-11-23 08:32:31.000000000 +0100 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10760,8 +10778,8 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/cry } diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc2/rc2.h ---- openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc2/rc2.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc2/rc2.h 2009-11-23 08:32:31.000000000 +0100 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10775,7 +10793,7 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc int enc); diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c --- openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c 2009-11-23 08:32:31.000000000 +0100 @@ -57,6 +57,11 @@ */ @@ -10811,7 +10829,7 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/cryp RC2_INT *ki; diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl --- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl 2009-11-23 08:32:31.000000000 +0100 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10821,7 +10839,7 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta print $code; diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl --- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl 2009-11-23 08:32:31.000000000 +0100 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10833,7 +10851,7 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet close STDOUT; diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl --- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl 2009-11-23 08:32:31.000000000 +0100 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10859,7 +10877,7 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/ &function_begin_B("RC4_options"); diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto/rc4/Makefile --- openssl-1.0.0-beta4/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/Makefile 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/Makefile 2009-11-23 08:32:31.000000000 +0100 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10872,8 +10890,8 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto SRC= $(LIBSRC) diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c ---- /dev/null 2009-11-04 12:00:58.801002276 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c 2009-11-12 12:36:50.000000000 +0100 +--- /dev/null 2009-11-20 08:30:43.534002215 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c 2009-11-23 08:32:31.000000000 +0100 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10951,8 +10969,8 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c +#endif + diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc4/rc4.h ---- openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/rc4.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips 2009-11-23 08:32:31.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/rc4.h 2009-11-23 08:32:31.000000000 +0100 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -10965,7 +10983,7 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc unsigned char *outdata); diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c --- openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c 2009-11-23 08:32:31.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11004,8 +11022,8 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/cryp for (i=0;i<256;i++) cp[i]=i; diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/crypto/ripemd/ripemd.h ---- openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/ripemd/ripemd.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/ripemd/ripemd.h 2009-11-23 08:32:31.000000000 +0100 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11018,7 +11036,7 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/cry int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c --- openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11042,17 +11060,19 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/c c->A=RIPEMD160_A; diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c --- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c 2009-11-12 12:36:50.000000000 +0100 -@@ -114,6 +114,8 @@ ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c 2009-11-23 08:33:32.000000000 +0100 +@@ -114,6 +114,10 @@ #include #include #include +#include ++#ifdef OPENSSL_FIPS +#include ++#endif #ifndef RSA_NULL -@@ -138,7 +140,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ +@@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ RSA_eay_init, RSA_eay_finish, @@ -11061,7 +11081,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt NULL, 0, /* rsa_sign */ 0, /* rsa_verify */ -@@ -150,6 +152,16 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) +@@ -150,6 +154,16 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } @@ -11078,7 +11098,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { -@@ -158,6 +170,23 @@ static int RSA_eay_public_encrypt(int fl +@@ -158,6 +172,23 @@ static int RSA_eay_public_encrypt(int fl unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -11102,7 +11122,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -@@ -223,9 +252,7 @@ static int RSA_eay_public_encrypt(int fl +@@ -223,9 +254,7 @@ static int RSA_eay_public_encrypt(int fl goto err; } @@ -11113,7 +11133,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -355,6 +382,23 @@ static int RSA_eay_private_encrypt(int f +@@ -355,6 +384,23 @@ static int RSA_eay_private_encrypt(int f int local_blinding = 0; BN_BLINDING *blinding = NULL; @@ -11137,7 +11157,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); -@@ -432,9 +476,7 @@ static int RSA_eay_private_encrypt(int f +@@ -432,9 +478,7 @@ static int RSA_eay_private_encrypt(int f else d= rsa->d; @@ -11148,7 +11168,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -488,6 +530,23 @@ static int RSA_eay_private_decrypt(int f +@@ -488,6 +532,23 @@ static int RSA_eay_private_decrypt(int f int local_blinding = 0; BN_BLINDING *blinding = NULL; @@ -11172,7 +11192,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); -@@ -555,9 +614,7 @@ static int RSA_eay_private_decrypt(int f +@@ -555,9 +616,7 @@ static int RSA_eay_private_decrypt(int f else d = rsa->d; @@ -11183,7 +11203,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -617,6 +674,23 @@ static int RSA_eay_public_decrypt(int fl +@@ -617,6 +676,23 @@ static int RSA_eay_public_decrypt(int fl unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -11207,7 +11227,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -@@ -667,9 +741,7 @@ static int RSA_eay_public_decrypt(int fl +@@ -667,9 +743,7 @@ static int RSA_eay_public_decrypt(int fl goto err; } @@ -11218,7 +11238,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; -@@ -717,6 +789,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c +@@ -717,6 +791,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; @@ -11226,7 +11246,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt int ret=0; BN_CTX_start(ctx); -@@ -724,41 +797,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c +@@ -724,41 +799,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); @@ -11291,7 +11311,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -@@ -875,6 +938,9 @@ err: +@@ -875,6 +940,9 @@ err: static int RSA_eay_init(RSA *rsa) { @@ -11303,7 +11323,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt } diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_err.c --- openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_err.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_err.c 2009-11-23 08:32:31.000000000 +0100 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11332,7 +11352,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypt {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c --- openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c 2009-11-23 08:32:31.000000000 +0100 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11459,8 +11479,8 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypt err: if (ok == -1) diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rsa/rsa.h ---- openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa.h 2009-11-23 08:32:31.000000000 +0100 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11532,7 +11552,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rs #define RSA_R_P_NOT_PRIME 128 diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c --- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips 2009-08-05 17:04:16.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2009-11-23 08:32:31.000000000 +0100 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11610,7 +11630,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c --- openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c 2009-11-23 08:32:31.000000000 +0100 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11644,7 +11664,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/cryp diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha_dgst.c --- openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha_dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha_dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -57,6 +57,12 @@ */ @@ -11659,8 +11679,8 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/cryp #undef SHA_1 diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sha/sha.h ---- openssl-1.0.0-beta4/crypto/sha/sha.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/sha/sha.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha.h 2009-11-23 08:32:31.000000000 +0100 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11672,8 +11692,8 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sh int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/crypto/sha/sha_locl.h ---- openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips 2009-11-12 12:36:49.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha_locl.h 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips 2009-11-23 08:32:30.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha_locl.h 2009-11-23 08:32:31.000000000 +0100 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11692,7 +11712,7 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/cryp c->h1=INIT_DATA_h1; diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha1dgst.c --- openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha1dgst.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha1dgst.c 2009-11-23 08:32:31.000000000 +0100 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11706,7 +11726,7 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/cryp diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto/sha/sha256.c --- openssl-1.0.0-beta4/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha256.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha256.c 2009-11-23 08:32:31.000000000 +0100 @@ -12,12 +12,19 @@ #include @@ -11739,7 +11759,7 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto/sha/sha512.c --- openssl-1.0.0-beta4/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100 -+++ openssl-1.0.0-beta4/crypto/sha/sha512.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/crypto/sha/sha512.c 2009-11-23 08:32:31.000000000 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11781,8 +11801,8 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org ---- openssl-1.0.0-beta4/Makefile.org.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/Makefile.org 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/Makefile.org.fips 2009-11-23 08:32:31.000000000 +0100 ++++ openssl-1.0.0-beta4/Makefile.org 2009-11-23 08:32:31.000000000 +0100 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11812,7 +11832,7 @@ diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org # which in turn eliminates ambiguities in variable treatment with -e. diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_ciph.c --- openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/ssl_ciph.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_ciph.c 2009-11-23 08:32:31.000000000 +0100 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11837,7 +11857,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_cip #ifdef CIPHER_DEBUG diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.c --- openssl-1.0.0-beta4/ssl/ssl_lib.c.fips 2009-10-16 15:41:52.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2009-11-23 08:32:31.000000000 +0100 @@ -1471,6 +1471,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11854,8 +11874,8 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib. { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.c ---- openssl-1.0.0-beta4/ssl/ssltest.c.fips 2009-11-12 12:36:50.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/ssltest.c 2009-11-12 12:36:50.000000000 +0100 +--- openssl-1.0.0-beta4/ssl/ssltest.c.fips 2009-11-23 08:32:31.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/ssltest.c 2009-11-23 08:32:31.000000000 +0100 @@ -265,6 +265,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -11932,7 +11952,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest. # endif diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_clnt.c --- openssl-1.0.0-beta4/ssl/s23_clnt.c.fips 2009-08-05 17:29:14.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/s23_clnt.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s23_clnt.c 2009-11-23 08:32:31.000000000 +0100 @@ -335,6 +335,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; @@ -11965,7 +11985,7 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln } diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srvr.c --- openssl-1.0.0-beta4/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-23 08:32:31.000000000 +0100 @@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -11984,7 +12004,7 @@ diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srv /* we have SSLv3/TLSv1 in an SSLv2 header diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.c --- openssl-1.0.0-beta4/ssl/s3_clnt.c.fips 2009-10-30 15:06:18.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2009-11-23 08:32:31.000000000 +0100 @@ -156,6 +156,10 @@ #include #include @@ -12007,7 +12027,7 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt. EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c --- openssl-1.0.0-beta4/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/s3_enc.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_enc.c 2009-11-23 08:32:31.000000000 +0100 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12035,7 +12055,7 @@ diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c if (n < 0) diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.c --- openssl-1.0.0-beta4/ssl/s3_srvr.c.fips 2009-10-30 14:22:44.000000000 +0100 -+++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2009-11-23 08:32:31.000000000 +0100 @@ -1679,6 +1679,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) @@ -12047,7 +12067,7 @@ diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr. EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); diff -up openssl-1.0.0-beta4/ssl/t1_enc.c.fips openssl-1.0.0-beta4/ssl/t1_enc.c --- openssl-1.0.0-beta4/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0-beta4/ssl/t1_enc.c 2009-11-12 12:36:50.000000000 +0100 ++++ openssl-1.0.0-beta4/ssl/t1_enc.c 2009-11-23 08:32:31.000000000 +0100 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md HMAC_CTX_init(&ctx);