From 1b4b1eaf63cbb0fb73a1ed765a2b8f765c62ba42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 4 Jun 2010 12:23:14 +0000 Subject: [PATCH] - new upstream patch release, fixes CVE-2010-0742 (#598738) and CVE-2010-1633 (#598732) --- .cvsignore | 2 +- openssl-1.0.0-dtls1-backports.patch | 53 -- openssl-1.0.0-init-sha256.patch | 79 -- openssl-1.0.0-version.patch | 13 - ....0-fips.patch => openssl-1.0.0a-fips.patch | 782 +++++++++--------- ...ode.patch => openssl-1.0.0a-fipsmode.patch | 49 +- openssl-1.0.0a-version.patch | 13 + openssl.spec | 18 +- sources | 2 +- 9 files changed, 443 insertions(+), 568 deletions(-) delete mode 100644 openssl-1.0.0-dtls1-backports.patch delete mode 100644 openssl-1.0.0-init-sha256.patch delete mode 100644 openssl-1.0.0-version.patch rename openssl-1.0.0-fips.patch => openssl-1.0.0a-fips.patch (91%) rename openssl-1.0.0-beta3-fipsmode.patch => openssl-1.0.0a-fipsmode.patch (80%) create mode 100644 openssl-1.0.0a-version.patch diff --git a/.cvsignore b/.cvsignore index 3930a9d..f4623d7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-usa.tar.bz2 +openssl-1.0.0a-usa.tar.bz2 diff --git a/openssl-1.0.0-dtls1-backports.patch b/openssl-1.0.0-dtls1-backports.patch deleted file mode 100644 index 99518cd..0000000 --- a/openssl-1.0.0-dtls1-backports.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up openssl-1.0.0/ssl/d1_lib.c.dtls1 openssl-1.0.0/ssl/d1_lib.c ---- openssl-1.0.0/ssl/d1_lib.c.dtls1 2009-12-08 12:38:17.000000000 +0100 -+++ openssl-1.0.0/ssl/d1_lib.c 2010-04-09 16:29:49.000000000 +0200 -@@ -283,6 +283,16 @@ struct timeval* dtls1_get_timeout(SSL *s - timeleft->tv_usec += 1000000; - } - -+ /* If remaining time is less than 15 ms, set it to 0 -+ * to prevent issues because of small devergences with -+ * socket timeouts. -+ */ -+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) -+ { -+ memset(timeleft, 0, sizeof(struct timeval)); -+ } -+ -+ - return timeleft; - } - -diff -up openssl-1.0.0/ssl/d1_pkt.c.dtls1 openssl-1.0.0/ssl/d1_pkt.c ---- openssl-1.0.0/ssl/d1_pkt.c.dtls1 2009-10-04 18:52:35.000000000 +0200 -+++ openssl-1.0.0/ssl/d1_pkt.c 2010-04-09 16:30:49.000000000 +0200 -@@ -667,14 +667,14 @@ again: - if (rr->length == 0) goto again; - - /* If this record is from the next epoch (either HM or ALERT), -- * buffer it since it cannot be processed at this time. Records -- * from the next epoch are marked as received even though they -- * are not processed, so as to prevent any potential resource -- * DoS attack */ -+ * and a handshake is currently in progress, buffer it since it -+ * cannot be processed at this time. */ - if (is_next_epoch) - { -- dtls1_record_bitmap_update(s, bitmap); -- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); -+ if (SSL_in_init(s) || s->in_handshake) -+ { -+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); -+ } - rr->length = 0; - s->packet_length = 0; - goto again; -@@ -809,7 +809,7 @@ start: - * buffer the application data for later processing rather - * than dropping the connection. - */ -- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0); -+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); - rr->length = 0; - goto start; - } diff --git a/openssl-1.0.0-init-sha256.patch b/openssl-1.0.0-init-sha256.patch deleted file mode 100644 index 115722c..0000000 --- a/openssl-1.0.0-init-sha256.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -up openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 openssl-1.0.0/doc/ssl/SSL_library_init.pod ---- openssl-1.0.0/doc/ssl/SSL_library_init.pod.sha256 2006-03-12 01:37:55.000000000 +0100 -+++ openssl-1.0.0/doc/ssl/SSL_library_init.pod 2010-04-09 16:33:11.000000000 +0200 -@@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algori - - =head1 DESCRIPTION - --SSL_library_init() registers the available ciphers and digests. -+SSL_library_init() registers the available SSL/TLS ciphers and digests. - - OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms - for SSL_library_init(). -@@ -27,24 +27,28 @@ SSL_library_init() is not reentrant. - - =head1 WARNING - --SSL_library_init() only registers ciphers. Another important initialization --is the seeding of the PRNG (Pseudo Random Number Generator), which has to --be performed separately. -+SSL_library_init() adds ciphers and digests used directly and indirectly by -+SSL/TLS. - - =head1 EXAMPLES - - A typical TLS/SSL application will start with the library initialization, --will provide readable error messages and will seed the PRNG. -+and provide readable error messages. - - SSL_load_error_strings(); /* readable error messages */ - SSL_library_init(); /* initialize library */ -- actions_to_seed_PRNG(); - - =head1 RETURN VALUES - - SSL_library_init() always returns "1", so it is safe to discard the return - value. - -+=head1 NOTES -+ -+OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). -+Applications which need to use SHA2 in earlier versions of OpenSSL should call -+OpenSSL_add_all_algorithms() as well. -+ - =head1 SEE ALSO - - L, L, -diff -up openssl-1.0.0/ssl/ssl_algs.c.sha256 openssl-1.0.0/ssl/ssl_algs.c ---- openssl-1.0.0/ssl/ssl_algs.c.sha256 2010-04-06 12:52:38.000000000 +0200 -+++ openssl-1.0.0/ssl/ssl_algs.c 2010-04-09 16:34:41.000000000 +0200 -@@ -111,6 +111,14 @@ int SSL_library_init(void) - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); - #endif -+#ifndef OPENSSL_NO_SHA256 -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); -@@ -148,6 +156,14 @@ int SSL_library_init(void) - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); - #endif -+#ifndef OPENSSL_NO_SHA256 -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+#endif -+#ifndef OPENSSL_NO_SHA512 -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+#endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch deleted file mode 100644 index adaea6a..0000000 --- a/openssl-1.0.0-version.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h ---- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200 -+++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200 -@@ -25,7 +25,8 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x1000000fL -+/* we have to keep the version number to not break the abi */ -+#define OPENSSL_VERSION_NUMBER 0x10000003L - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" - #else diff --git a/openssl-1.0.0-fips.patch b/openssl-1.0.0a-fips.patch similarity index 91% rename from openssl-1.0.0-fips.patch rename to openssl-1.0.0a-fips.patch index e5b6de7..421e507 100644 --- a/openssl-1.0.0-fips.patch +++ b/openssl-1.0.0a-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure ---- openssl-1.0.0/Configure.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/Configure 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure +--- openssl-1.0.0a/Configure.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/Configure 2010-06-04 12:25:15.000000000 +0200 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c ---- openssl-1.0.0/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0/crypto/bf/bf_skey.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bf/bf_skey.c.fips openssl-1.0.0a/crypto/bf/bf_skey.c +--- openssl-1.0.0a/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/bf/bf_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey. { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h ---- openssl-1.0.0/crypto/bf/blowfish.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/bf/blowfish.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bf/blowfish.h.fips openssl-1.0.0a/crypto/bf/blowfish.h +--- openssl-1.0.0a/crypto/bf/blowfish.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/bf/blowfish.h 2010-06-04 12:25:15.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfis void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h ---- openssl-1.0.0/crypto/bn/bn.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/bn/bn.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/bn.h.fips openssl-1.0.0a/crypto/bn/bn.h +--- openssl-1.0.0a/crypto/bn/bn.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/bn/bn.h 2010-06-04 12:25:15.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c ---- openssl-1.0.0/crypto/bn/bn_x931p.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/bn/bn_x931p.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/bn_x931p.c.fips openssl-1.0.0a/crypto/bn/bn_x931p.c +--- openssl-1.0.0a/crypto/bn/bn_x931p.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/bn/bn_x931p.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931 + + } + -diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile ---- openssl-1.0.0/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0/crypto/bn/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/bn/Makefile.fips openssl-1.0.0a/crypto/bn/Makefile +--- openssl-1.0.0a/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0a/crypto/bn/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl 2010-06-04 12:25:15.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto } @SBOX=( -diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h ---- openssl-1.0.0/crypto/camellia/camellia.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/camellia.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/camellia.h.fips openssl-1.0.0a/crypto/camellia/camellia.h +--- openssl-1.0.0a/crypto/camellia/camellia.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/camellia.h 2010-06-04 12:25:15.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/came int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/camellia/cmll_fblk.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0a/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/camellia/cmll_fblk.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/cam + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c ---- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0/crypto/camellia/cmll_misc.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips openssl-1.0.0a/crypto/camellia/cmll_misc.c +--- openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/camellia/cmll_misc.c 2010-06-04 12:25:15.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/cam { if(!userKey || !key) return -1; -diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile ---- openssl-1.0.0/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0/crypto/camellia/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/camellia/Makefile.fips openssl-1.0.0a/crypto/camellia/Makefile +--- openssl-1.0.0a/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0a/crypto/camellia/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camell SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h ---- openssl-1.0.0/crypto/cast/cast.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/cast/cast.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/cast/cast.h.fips openssl-1.0.0a/crypto/cast/cast.h +--- openssl-1.0.0a/crypto/cast/cast.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/cast/cast.h 2010-06-04 12:25:15.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c ---- openssl-1.0.0/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0/crypto/cast/c_skey.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/cast/c_skey.c.fips openssl-1.0.0a/crypto/cast/c_skey.c +--- openssl-1.0.0a/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/cast/c_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -586,9 +586,9 @@ diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_ske { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h ---- openssl-1.0.0/crypto/crypto.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/crypto.h 2010-03-30 10:36:06.000000000 +0200 +diff -up openssl-1.0.0a/crypto/crypto.h.fips openssl-1.0.0a/crypto/crypto.h +--- openssl-1.0.0a/crypto/crypto.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/crypto.h 2010-06-04 12:25:15.000000000 +0200 @@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); @@ -660,9 +660,9 @@ diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c ---- openssl-1.0.0/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0/crypto/dh/dh_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_err.c.fips openssl-1.0.0a/crypto/dh/dh_err.c +--- openssl-1.0.0a/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0a/crypto/dh/dh_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -680,9 +680,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c ---- openssl-1.0.0/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh_gen.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_gen.c.fips openssl-1.0.0a/crypto/dh/dh_gen.c +--- openssl-1.0.0a/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -715,9 +715,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h ---- openssl-1.0.0/crypto/dh/dh.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh.h.fips openssl-1.0.0a/crypto/dh/dh.h +--- openssl-1.0.0a/crypto/dh/dh.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh.h 2010-06-04 12:25:15.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -744,9 +744,9 @@ diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h #ifdef __cplusplus } -diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c ---- openssl-1.0.0/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0/crypto/dh/dh_key.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dh/dh_key.c.fips openssl-1.0.0a/crypto/dh/dh_key.c +--- openssl-1.0.0a/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0a/crypto/dh/dh_key.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -796,9 +796,9 @@ diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c ---- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0/crypto/dsa/dsa_gen.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips openssl-1.0.0a/crypto/dsa/dsa_gen.c +--- openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0a/crypto/dsa/dsa_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -834,9 +834,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_ge if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h ---- openssl-1.0.0/crypto/dsa/dsa.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa.h.fips openssl-1.0.0a/crypto/dsa/dsa.h +--- openssl-1.0.0a/crypto/dsa/dsa.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa.h 2010-06-04 12:25:15.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -893,9 +893,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c ---- openssl-1.0.0/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa_key.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_key.c.fips openssl-1.0.0a/crypto/dsa/dsa_key.c +--- openssl-1.0.0a/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa_key.c 2010-06-04 12:25:15.000000000 +0200 @@ -63,9 +63,55 @@ #include #include @@ -983,9 +983,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_ke ok=1; err: -diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0/crypto/dsa/dsa_ossl.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0a/crypto/dsa/dsa_ossl.c 2010-06-04 12:25:15.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1057,9 +1057,9 @@ diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_o dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c ---- openssl-1.0.0/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0/crypto/err/err_all.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/err/err_all.c.fips openssl-1.0.0a/crypto/err/err_all.c +--- openssl-1.0.0a/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0a/crypto/err/err_all.c 2010-06-04 12:25:15.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1080,9 +1080,9 @@ diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_al #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c ---- openssl-1.0.0/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/digest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/digest.c.fips openssl-1.0.0a/crypto/evp/digest.c +--- openssl-1.0.0a/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/digest.c 2010-06-04 12:25:15.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1181,9 +1181,9 @@ diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest. OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c ---- openssl-1.0.0/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_aes.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_aes.c.fips openssl-1.0.0a/crypto/evp/e_aes.c +--- openssl-1.0.0a/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_aes.c 2010-06-04 12:25:15.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1236,9 +1236,9 @@ diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c ---- openssl-1.0.0/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/e_camellia.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_camellia.c.fips openssl-1.0.0a/crypto/evp/e_camellia.c +--- openssl-1.0.0a/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/e_camellia.c 2010-06-04 12:25:15.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1248,9 +1248,9 @@ diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_c IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c ---- openssl-1.0.0/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_des3.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_des3.c.fips openssl-1.0.0a/crypto/evp/e_des3.c +--- openssl-1.0.0a/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_des3.c 2010-06-04 12:25:15.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1295,9 +1295,9 @@ diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3. des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c ---- openssl-1.0.0/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_null.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_null.c.fips openssl-1.0.0a/crypto/evp/e_null.c +--- openssl-1.0.0a/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_null.c 2010-06-04 12:25:15.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1307,9 +1307,9 @@ diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null. null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c ---- openssl-1.0.0/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/e_rc4.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/e_rc4.c.fips openssl-1.0.0a/crypto/evp/e_rc4.c +--- openssl-1.0.0a/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/e_rc4.c 2010-06-04 12:25:15.000000000 +0200 @@ -64,6 +64,7 @@ #include #include @@ -1318,9 +1318,9 @@ diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c ---- openssl-1.0.0/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_enc.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_enc.c +--- openssl-1.0.0a/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_enc.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1413,9 +1413,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_en if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c ---- openssl-1.0.0/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_err.c.fips openssl-1.0.0a/crypto/evp/evp_err.c +--- openssl-1.0.0a/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, @@ -1424,9 +1424,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_er {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h ---- openssl-1.0.0/crypto/evp/evp.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/evp.h 2010-03-30 10:40:12.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp.h.fips openssl-1.0.0a/crypto/evp/evp.h +--- openssl-1.0.0a/crypto/evp/evp.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/evp.h 2010-06-04 12:25:15.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1496,9 +1496,9 @@ diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c ---- openssl-1.0.0/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/evp_lib.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_lib.c.fips openssl-1.0.0a/crypto/evp/evp_lib.c +--- openssl-1.0.0a/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/evp_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1527,9 +1527,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_li return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h ---- openssl-1.0.0/crypto/evp/evp_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/evp_locl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/evp_locl.h.fips openssl-1.0.0a/crypto/evp/evp_locl.h +--- openssl-1.0.0a/crypto/evp/evp_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/evp_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1568,9 +1568,9 @@ diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_l struct evp_pkey_ctx_st { -diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c ---- openssl-1.0.0/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_dss.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_dss.c.fips openssl-1.0.0a/crypto/evp/m_dss.c +--- openssl-1.0.0a/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_dss.c 2010-06-04 12:25:15.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1580,9 +1580,9 @@ diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c init, update, final, -diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c ---- openssl-1.0.0/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_dss1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_dss1.c.fips openssl-1.0.0a/crypto/evp/m_dss1.c +--- openssl-1.0.0a/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_dss1.c 2010-06-04 12:25:15.000000000 +0200 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1592,9 +1592,9 @@ diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1. init, update, final, -diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c ---- openssl-1.0.0/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_mdc2.c 2010-03-30 10:57:02.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_mdc2.c.fips openssl-1.0.0a/crypto/evp/m_mdc2.c +--- openssl-1.0.0a/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_mdc2.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1603,9 +1603,9 @@ diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2. static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c ---- openssl-1.0.0/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md2.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md2.c.fips openssl-1.0.0a/crypto/evp/m_md2.c +--- openssl-1.0.0a/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md2.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1614,9 +1614,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c ---- openssl-1.0.0/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md4.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md4.c.fips openssl-1.0.0a/crypto/evp/m_md4.c +--- openssl-1.0.0a/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md4.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1625,9 +1625,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c ---- openssl-1.0.0/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_md5.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_md5.c.fips openssl-1.0.0a/crypto/evp/m_md5.c +--- openssl-1.0.0a/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_md5.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1636,9 +1636,9 @@ diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c ---- openssl-1.0.0/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/m_ripemd.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_ripemd.c.fips openssl-1.0.0a/crypto/evp/m_ripemd.c +--- openssl-1.0.0a/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/m_ripemd.c 2010-06-04 12:25:15.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1647,9 +1647,9 @@ diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_rip static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c ---- openssl-1.0.0/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_sha1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_sha1.c.fips openssl-1.0.0a/crypto/evp/m_sha1.c +--- openssl-1.0.0a/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_sha1.c 2010-06-04 12:25:15.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1700,9 +1700,9 @@ diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1. init512, update512, final512, -diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c ---- openssl-1.0.0/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/m_wp.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/m_wp.c.fips openssl-1.0.0a/crypto/evp/m_wp.c +--- openssl-1.0.0a/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/m_wp.c 2010-06-04 12:25:15.000000000 +0200 @@ -9,6 +9,7 @@ #include #include @@ -1711,9 +1711,9 @@ diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } -diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c ---- openssl-1.0.0/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/names.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/names.c.fips openssl-1.0.0a/crypto/evp/names.c +--- openssl-1.0.0a/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/names.c 2010-06-04 12:25:15.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1736,9 +1736,9 @@ diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c ---- openssl-1.0.0/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0/crypto/evp/p_sign.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/p_sign.c.fips openssl-1.0.0a/crypto/evp/p_sign.c +--- openssl-1.0.0a/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/p_sign.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1770,9 +1770,9 @@ diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign. if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c ---- openssl-1.0.0/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0/crypto/evp/p_verify.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/p_verify.c.fips openssl-1.0.0a/crypto/evp/p_verify.c +--- openssl-1.0.0a/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/p_verify.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1804,9 +1804,9 @@ diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_ver i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2747,9 +2747,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/ + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3453,9 +3453,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -3994,9 +3994,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/f + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4228,9 +4228,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/f + return 0; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4622,9 +4622,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4996,9 +4996,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypt + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5377,9 +5377,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypt + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5769,9 +5769,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto + } + +#endif -diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0a/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/cavs/fips_utl.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6116,9 +6116,9 @@ diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fip +#endif + } + -diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c ---- openssl-1.0.0/crypto/fips_err.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_err.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_err.c.fips openssl-1.0.0a/crypto/fips_err.c +--- openssl-1.0.0a/crypto/fips_err.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -6127,9 +6127,9 @@ diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c +#else +static void *dummy=&dummy; +#endif -diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h ---- openssl-1.0.0/crypto/fips_err.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_err.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_err.h.fips openssl-1.0.0a/crypto/fips_err.h +--- openssl-1.0.0a/crypto/fips_err.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_err.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6268,9 +6268,9 @@ diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h + } +#endif + } -diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_aes_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6375,9 +6375,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c ---- openssl-1.0.0/crypto/fips/fips.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips.c.fips openssl-1.0.0a/crypto/fips/fips.c +--- openssl-1.0.0a/crypto/fips/fips.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6798,9 +6798,9 @@ diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c + + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_des_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_des_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6941,9 +6941,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7131,9 +7131,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto + return ret; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h ---- openssl-1.0.0/crypto/fips/fips.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips.h.fips openssl-1.0.0a/crypto/fips/fips.h +--- openssl-1.0.0a/crypto/fips/fips.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7298,9 +7298,9 @@ diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h +} +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7439,9 +7439,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypt + return 1; + } +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c ---- openssl-1.0.0/crypto/fips/fips_rand.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand.c.fips openssl-1.0.0a/crypto/fips/fips_rand.c +--- openssl-1.0.0a/crypto/fips/fips_rand.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7855,9 +7855,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fi +} + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h ---- openssl-1.0.0/crypto/fips/fips_rand.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand.h.fips openssl-1.0.0a/crypto/fips/fips_rand.h +--- openssl-1.0.0a/crypto/fips/fips_rand.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7936,9 +7936,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fi +#endif +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rand_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8313,9 +8313,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c ---- openssl-1.0.0/crypto/fips/fips_randtest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_randtest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_randtest.c.fips openssl-1.0.0a/crypto/fips/fips_randtest.c +--- openssl-1.0.0a/crypto/fips/fips_randtest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_randtest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8565,9 +8565,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fip + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9010,9 +9010,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9295,9 +9295,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fi + return 0; + + } -diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9398,9 +9398,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypt + } + +#endif -diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c ---- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9575,9 +9575,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/cry + } + + -diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c ---- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/fips_test_suite.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips openssl-1.0.0a/crypto/fips/fips_test_suite.c +--- openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/fips_test_suite.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10167,9 +10167,9 @@ diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/f + } + +#endif -diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h ---- openssl-1.0.0/crypto/fips_locl.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips_locl.h 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips_locl.h.fips openssl-1.0.0a/crypto/fips_locl.h +--- openssl-1.0.0a/crypto/fips_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10243,9 +10243,9 @@ diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h +} +#endif +#endif -diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile ---- openssl-1.0.0/crypto/fips/Makefile.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/fips/Makefile 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/fips/Makefile.fips openssl-1.0.0a/crypto/fips/Makefile +--- openssl-1.0.0a/crypto/fips/Makefile.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/fips/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10328,9 +10328,9 @@ diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makef + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c ---- openssl-1.0.0/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 -+++ openssl-1.0.0/crypto/hmac/hmac.c 2010-03-30 10:33:46.000000000 +0200 +diff -up openssl-1.0.0a/crypto/hmac/hmac.c.fips openssl-1.0.0a/crypto/hmac/hmac.c +--- openssl-1.0.0a/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 ++++ openssl-1.0.0a/crypto/hmac/hmac.c 2010-06-04 12:25:15.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10345,9 +10345,9 @@ diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile ---- openssl-1.0.0/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0/crypto/Makefile 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/Makefile.fips openssl-1.0.0a/crypto/Makefile +--- openssl-1.0.0a/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10366,9 +10366,9 @@ diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0a/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0a/crypto/mdc2/mdc2dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10390,9 +10390,9 @@ diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h ---- openssl-1.0.0/crypto/mdc2/mdc2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/mdc2/mdc2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mdc2/mdc2.h.fips openssl-1.0.0a/crypto/mdc2/mdc2.h +--- openssl-1.0.0a/crypto/mdc2/mdc2.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/mdc2/mdc2.h 2010-06-04 12:25:15.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10404,9 +10404,9 @@ diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c ---- openssl-1.0.0/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0/crypto/md2/md2_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md2/md2_dgst.c.fips openssl-1.0.0a/crypto/md2/md2_dgst.c +--- openssl-1.0.0a/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0a/crypto/md2/md2_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -62,6 +62,11 @@ #include #include @@ -10428,9 +10428,9 @@ diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_d { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h ---- openssl-1.0.0/crypto/md2/md2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md2/md2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md2/md2.h.fips openssl-1.0.0a/crypto/md2/md2.h +--- openssl-1.0.0a/crypto/md2/md2.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/md2/md2.h 2010-06-04 12:25:15.000000000 +0200 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10441,9 +10441,9 @@ diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c ---- openssl-1.0.0/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0/crypto/md4/md4_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md4/md4_dgst.c.fips openssl-1.0.0a/crypto/md4/md4_dgst.c +--- openssl-1.0.0a/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0a/crypto/md4/md4_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10465,9 +10465,9 @@ diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_d { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h ---- openssl-1.0.0/crypto/md4/md4.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md4/md4.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md4/md4.h.fips openssl-1.0.0a/crypto/md4/md4.h +--- openssl-1.0.0a/crypto/md4/md4.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/md4/md4.h 2010-06-04 12:25:15.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10478,9 +10478,9 @@ diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c ---- openssl-1.0.0/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0/crypto/md5/md5_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md5/md5_dgst.c.fips openssl-1.0.0a/crypto/md5/md5_dgst.c +--- openssl-1.0.0a/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0a/crypto/md5/md5_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10502,9 +10502,9 @@ diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_d { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h ---- openssl-1.0.0/crypto/md5/md5.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/md5/md5.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/md5/md5.h.fips openssl-1.0.0a/crypto/md5/md5.h +--- openssl-1.0.0a/crypto/md5/md5.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/md5/md5.h 2010-06-04 12:25:15.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10515,9 +10515,9 @@ diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c ---- openssl-1.0.0/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0/crypto/mem.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/mem.c.fips openssl-1.0.0a/crypto/mem.c +--- openssl-1.0.0a/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0a/crypto/mem.c 2010-06-04 12:25:15.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10527,9 +10527,9 @@ diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c ---- openssl-1.0.0/crypto/o_init.c.fips 2010-03-30 10:34:41.000000000 +0200 -+++ openssl-1.0.0/crypto/o_init.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/o_init.c.fips openssl-1.0.0a/crypto/o_init.c +--- openssl-1.0.0a/crypto/o_init.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10611,9 +10611,9 @@ diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c + } + + -diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in ---- openssl-1.0.0/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0/crypto/opensslconf.h.in 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/opensslconf.h.in.fips openssl-1.0.0a/crypto/opensslconf.h.in +--- openssl-1.0.0a/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0a/crypto/opensslconf.h.in 2010-06-04 12:25:15.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10635,9 +10635,9 @@ diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/openssl /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0/crypto/pkcs12/p12_crt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0a/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0a/crypto/pkcs12/p12_crt.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10664,9 +10664,9 @@ diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/ if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c ---- openssl-1.0.0/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/md_rand.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/md_rand.c.fips openssl-1.0.0a/crypto/rand/md_rand.c +--- openssl-1.0.0a/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/md_rand.c 2010-06-04 12:25:15.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10693,9 +10693,9 @@ diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_r #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c ---- openssl-1.0.0/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/rand_err.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand_err.c.fips openssl-1.0.0a/crypto/rand/rand_err.c +--- openssl-1.0.0a/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/rand_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10728,9 +10728,9 @@ diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/ran {0,NULL} }; -diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h ---- openssl-1.0.0/crypto/rand/rand.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rand/rand.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand.h.fips openssl-1.0.0a/crypto/rand/rand.h +--- openssl-1.0.0a/crypto/rand/rand.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rand/rand.h 2010-06-04 12:25:15.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10760,9 +10760,9 @@ diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h #ifdef __cplusplus } -diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c ---- openssl-1.0.0/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0/crypto/rand/rand_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rand/rand_lib.c.fips openssl-1.0.0a/crypto/rand/rand_lib.c +--- openssl-1.0.0a/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0a/crypto/rand/rand_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10796,9 +10796,9 @@ diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/ran return default_RAND_meth; } -diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h ---- openssl-1.0.0/crypto/rc2/rc2.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rc2/rc2.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc2/rc2.h.fips openssl-1.0.0a/crypto/rc2/rc2.h +--- openssl-1.0.0a/crypto/rc2/rc2.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc2/rc2.h 2010-06-04 12:25:15.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10810,9 +10810,9 @@ diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c ---- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0/crypto/rc2/rc2_skey.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips openssl-1.0.0a/crypto/rc2/rc2_skey.c +--- openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc2/rc2_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10846,9 +10846,9 @@ diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_s int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl 2010-06-04 12:25:15.000000000 +0200 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10856,9 +10856,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4 +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl 2010-06-04 12:25:15.000000000 +0200 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10868,9 +10868,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc print $code; close STDOUT; -diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl 2010-06-04 12:25:15.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10894,9 +10894,9 @@ diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/a # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile ---- openssl-1.0.0/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/Makefile 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/Makefile.fips openssl-1.0.0a/crypto/rc4/Makefile +--- openssl-1.0.0a/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/Makefile 2010-06-04 12:25:15.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10908,9 +10908,9 @@ diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefil SRC= $(LIBSRC) -diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c ---- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips 2010-03-30 10:34:41.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/rc4_fblk.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0a/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/rc4_fblk.c 2010-06-04 12:25:15.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10987,9 +10987,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_f + } +#endif + -diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h ---- openssl-1.0.0/crypto/rc4/rc4.h.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/crypto/rc4/rc4.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4.h.fips openssl-1.0.0a/crypto/rc4/rc4.h +--- openssl-1.0.0a/crypto/rc4/rc4.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/rc4/rc4.h 2010-06-04 12:25:15.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -11000,9 +11000,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c ---- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0/crypto/rc4/rc4_skey.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips openssl-1.0.0a/crypto/rc4/rc4_skey.c +--- openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0a/crypto/rc4/rc4_skey.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11040,9 +11040,9 @@ diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_s unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h ---- openssl-1.0.0/crypto/ripemd/ripemd.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/ripemd/ripemd.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/ripemd/ripemd.h.fips openssl-1.0.0a/crypto/ripemd/ripemd.h +--- openssl-1.0.0a/crypto/ripemd/ripemd.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/ripemd/ripemd.h 2010-06-04 12:25:15.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11053,9 +11053,9 @@ diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/r int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0a/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0a/crypto/ripemd/rmd_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11077,9 +11077,9 @@ diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c ---- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_eay.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_eay.c +--- openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_eay.c 2010-06-04 12:25:15.000000000 +0200 @@ -114,6 +114,10 @@ #include #include @@ -11340,9 +11340,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_ea rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c ---- openssl-1.0.0/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0/crypto/rsa/rsa_err.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_err.c.fips openssl-1.0.0a/crypto/rsa/rsa_err.c +--- openssl-1.0.0a/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0a/crypto/rsa/rsa_err.c 2010-06-04 12:25:15.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11369,9 +11369,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_er {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c ---- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_gen.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips openssl-1.0.0a/crypto/rsa/rsa_gen.c +--- openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_gen.c 2010-06-04 12:25:15.000000000 +0200 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11497,9 +11497,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_ge ok=1; err: if (ok == -1) -diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h ---- openssl-1.0.0/crypto/rsa/rsa.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa.h.fips openssl-1.0.0a/crypto/rsa/rsa.h +--- openssl-1.0.0a/crypto/rsa/rsa.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa.h 2010-06-04 12:25:15.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11569,9 +11569,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c ---- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 -+++ openssl-1.0.0/crypto/rsa/rsa_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips openssl-1.0.0a/crypto/rsa/rsa_lib.c +--- openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0a/crypto/rsa/rsa_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11647,9 +11647,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_li return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c ---- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0/crypto/rsa/rsa_sign.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips openssl-1.0.0a/crypto/rsa/rsa_sign.c +--- openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0a/crypto/rsa/rsa_sign.c 2010-06-04 12:25:15.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11681,9 +11681,9 @@ diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_s if (i <= 0) goto err; -diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c ---- openssl-1.0.0/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 -+++ openssl-1.0.0/crypto/seed/seed.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/seed/seed.c.fips openssl-1.0.0a/crypto/seed/seed.c +--- openssl-1.0.0a/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0a/crypto/seed/seed.c 2010-06-04 12:25:15.000000000 +0200 @@ -34,6 +34,9 @@ #include @@ -11713,9 +11713,9 @@ diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c { seed_word x1, x2, x3, x4; seed_word t0, t1; -diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h ---- openssl-1.0.0/crypto/seed/seed.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/seed/seed.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/seed/seed.h.fips openssl-1.0.0a/crypto/seed/seed.h +--- openssl-1.0.0a/crypto/seed/seed.h.fips 2010-06-04 12:25:14.000000000 +0200 ++++ openssl-1.0.0a/crypto/seed/seed.h 2010-06-04 12:25:15.000000000 +0200 @@ -117,6 +117,9 @@ typedef struct seed_key_st { } SEED_KEY_SCHEDULE; @@ -11726,9 +11726,9 @@ diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); -diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c ---- openssl-1.0.0/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha_dgst.c.fips openssl-1.0.0a/crypto/sha/sha_dgst.c +--- openssl-1.0.0a/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -57,6 +57,12 @@ */ @@ -11742,9 +11742,9 @@ diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_d #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h ---- openssl-1.0.0/crypto/sha/sha.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/sha/sha.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha.h.fips openssl-1.0.0a/crypto/sha/sha.h +--- openssl-1.0.0a/crypto/sha/sha.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/sha/sha.h 2010-06-04 12:25:15.000000000 +0200 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11755,9 +11755,9 @@ diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h ---- openssl-1.0.0/crypto/sha/sha_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/sha/sha_locl.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha_locl.h.fips openssl-1.0.0a/crypto/sha/sha_locl.h +--- openssl-1.0.0a/crypto/sha/sha_locl.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/sha/sha_locl.h 2010-06-04 12:25:15.000000000 +0200 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11774,9 +11774,9 @@ diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_l memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c ---- openssl-1.0.0/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha1dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha1dgst.c.fips openssl-1.0.0a/crypto/sha/sha1dgst.c +--- openssl-1.0.0a/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha1dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11788,9 +11788,9 @@ diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1d const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c ---- openssl-1.0.0/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha256.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha256.c.fips openssl-1.0.0a/crypto/sha/sha256.c +--- openssl-1.0.0a/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha256.c 2010-06-04 12:25:15.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11821,9 +11821,9 @@ diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256. memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c ---- openssl-1.0.0/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 -+++ openssl-1.0.0/crypto/sha/sha512.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/sha/sha512.c.fips openssl-1.0.0a/crypto/sha/sha512.c +--- openssl-1.0.0a/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0a/crypto/sha/sha512.c 2010-06-04 12:25:15.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11855,9 +11855,9 @@ diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512. #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h ---- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips 2010-03-30 10:33:45.000000000 +0200 -+++ openssl-1.0.0/crypto/whrlpool/whrlpool.h 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0a/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/crypto/whrlpool/whrlpool.h 2010-06-04 12:25:15.000000000 +0200 @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; @@ -11868,9 +11868,9 @@ diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrl int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 -+++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0a/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0a/crypto/whrlpool/wp_dgst.c 2010-06-04 12:25:15.000000000 +0200 @@ -53,8 +53,12 @@ #include "wp_locl.h" @@ -11885,9 +11885,9 @@ diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlp { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org ---- openssl-1.0.0/Makefile.org.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/Makefile.org 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/Makefile.org.fips openssl-1.0.0a/Makefile.org +--- openssl-1.0.0a/Makefile.org.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/Makefile.org 2010-06-04 12:25:15.000000000 +0200 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11915,9 +11915,9 @@ diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c ---- openssl-1.0.0/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0/ssl/ssl_ciph.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_ciph.c.fips openssl-1.0.0a/ssl/ssl_ciph.c +--- openssl-1.0.0a/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssl_ciph.c 2010-06-04 12:25:15.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -11940,9 +11940,9 @@ diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c ---- openssl-1.0.0/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 -+++ openssl-1.0.0/ssl/ssl_lib.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_lib.c.fips openssl-1.0.0a/ssl/ssl_lib.c +--- openssl-1.0.0a/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 ++++ openssl-1.0.0a/ssl/ssl_lib.c 2010-06-04 12:25:15.000000000 +0200 @@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -11958,9 +11958,9 @@ diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c ---- openssl-1.0.0/ssl/ssltest.c.fips 2010-03-30 10:33:46.000000000 +0200 -+++ openssl-1.0.0/ssl/ssltest.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c +--- openssl-1.0.0a/ssl/ssltest.c.fips 2010-06-04 12:25:15.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssltest.c 2010-06-04 12:25:15.000000000 +0200 @@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); @@ -12035,9 +12035,9 @@ diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c ---- openssl-1.0.0/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0/ssl/s23_clnt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s23_clnt.c.fips openssl-1.0.0a/ssl/s23_clnt.c +--- openssl-1.0.0a/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0a/ssl/s23_clnt.c 2010-06-04 12:25:15.000000000 +0200 @@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; @@ -12068,9 +12068,9 @@ diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c ---- openssl-1.0.0/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 -+++ openssl-1.0.0/ssl/s23_srvr.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s23_srvr.c.fips openssl-1.0.0a/ssl/s23_srvr.c +--- openssl-1.0.0a/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0a/ssl/s23_srvr.c 2010-06-04 12:25:15.000000000 +0200 @@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12087,9 +12087,9 @@ diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c ---- openssl-1.0.0/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 -+++ openssl-1.0.0/ssl/s3_clnt.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c +--- openssl-1.0.0a/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 ++++ openssl-1.0.0a/ssl/s3_clnt.c 2010-06-04 12:25:15.000000000 +0200 @@ -156,6 +156,10 @@ #include #include @@ -12110,9 +12110,9 @@ diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c ---- openssl-1.0.0/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0/ssl/s3_enc.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c +--- openssl-1.0.0a/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0a/ssl/s3_enc.c 2010-06-04 12:25:15.000000000 +0200 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12138,9 +12138,9 @@ diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c ---- openssl-1.0.0/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 -+++ openssl-1.0.0/ssl/s3_srvr.c 2010-03-30 10:34:41.000000000 +0200 +diff -up openssl-1.0.0a/ssl/s3_srvr.c.fips openssl-1.0.0a/ssl/s3_srvr.c +--- openssl-1.0.0a/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 ++++ openssl-1.0.0a/ssl/s3_srvr.c 2010-06-04 12:25:15.000000000 +0200 @@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) @@ -12150,15 +12150,15 @@ diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c ---- openssl-1.0.0/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0/ssl/t1_enc.c 2010-03-30 10:34:41.000000000 +0200 -@@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md +diff -up openssl-1.0.0a/ssl/t1_enc.c.fips openssl-1.0.0a/ssl/t1_enc.c +--- openssl-1.0.0a/ssl/t1_enc.c.fips 2010-05-17 13:26:56.000000000 +0200 ++++ openssl-1.0.0a/ssl/t1_enc.c 2010-06-04 13:28:01.000000000 +0200 +@@ -170,6 +170,8 @@ static int tls1_P_hash(const EVP_MD *md, HMAC_CTX_init(&ctx); HMAC_CTX_init(&ctx_tmp); + HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); - HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); - if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len); + if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL)) + goto err; + if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL)) diff --git a/openssl-1.0.0-beta3-fipsmode.patch b/openssl-1.0.0a-fipsmode.patch similarity index 80% rename from openssl-1.0.0-beta3-fipsmode.patch rename to openssl-1.0.0a-fipsmode.patch index 2fbf0a6..352e74e 100644 --- a/openssl-1.0.0-beta3-fipsmode.patch +++ b/openssl-1.0.0a-fipsmode.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c ---- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200 +diff -up openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode openssl-1.0.0a/crypto/engine/eng_all.c +--- openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200 ++++ openssl-1.0.0a/crypto/engine/eng_all.c 2010-06-04 13:32:13.000000000 +0200 @@ -58,9 +58,23 @@ #include "cryptlib.h" @@ -25,9 +25,9 @@ diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c ---- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode openssl-1.0.0a/crypto/evp/c_allc.c +--- openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode 2009-12-25 15:12:24.000000000 +0100 ++++ openssl-1.0.0a/crypto/evp/c_allc.c 2010-06-04 13:32:13.000000000 +0200 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -40,7 +40,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); EVP_add_cipher(EVP_des_cfb1()); -@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void) +@@ -221,4 +226,61 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); #endif @@ -102,9 +102,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr + } +#endif } -diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c ---- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200 +diff -up openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode openssl-1.0.0a/crypto/evp/c_alld.c +--- openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 ++++ openssl-1.0.0a/crypto/evp/c_alld.c 2010-06-04 13:32:13.000000000 +0200 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -117,11 +117,10 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif -@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void) - #endif +@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); -+#endif + #endif +#ifdef OPENSSL_FIPS + } + else @@ -149,11 +148,11 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr + EVP_add_digest(EVP_sha512()); +#endif + } - #endif ++#endif } -diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c ---- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200 -+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200 +diff -up openssl-1.0.0a/crypto/o_init.c.fipsmode openssl-1.0.0a/crypto/o_init.c +--- openssl-1.0.0a/crypto/o_init.c.fipsmode 2010-06-04 13:32:13.000000000 +0200 ++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 13:32:13.000000000 +0200 @@ -59,6 +59,43 @@ #include #include @@ -206,9 +205,9 @@ diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto done = 1; } #endif -diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c ---- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200 -+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200 +diff -up openssl-1.0.0a/ssl/ssl_algs.c.fipsmode openssl-1.0.0a/ssl/ssl_algs.c +--- openssl-1.0.0a/ssl/ssl_algs.c.fipsmode 2010-04-07 15:18:30.000000000 +0200 ++++ openssl-1.0.0a/ssl/ssl_algs.c 2010-06-04 13:32:48.000000000 +0200 @@ -64,6 +64,12 @@ int SSL_library_init(void) { @@ -222,7 +221,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -115,6 +121,40 @@ int SSL_library_init(void) +@@ -127,6 +133,48 @@ int SSL_library_init(void) EVP_add_digest(EVP_sha()); EVP_add_digest(EVP_dss()); #endif @@ -249,6 +248,14 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); +#endif ++#ifndef OPENSSL_NO_SHA256 ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); ++#endif +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); diff --git a/openssl-1.0.0a-version.patch b/openssl-1.0.0a-version.patch new file mode 100644 index 0000000..75a0233 --- /dev/null +++ b/openssl-1.0.0a-version.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h +--- openssl-1.0.0a/crypto/opensslv.h.version 2010-06-04 13:28:52.000000000 +0200 ++++ openssl-1.0.0a/crypto/opensslv.h 2010-06-04 13:29:42.000000000 +0200 +@@ -25,7 +25,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x1000001fL ++/* we have to keep the version number to not break the abi */ ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" + #else diff --git a/openssl.spec b/openssl.spec index 6f33d54..0c7b888 100644 --- a/openssl.spec +++ b/openssl.spec @@ -20,8 +20,8 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.0 -Release: 5%{?dist} +Version: 1.0.0a +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. Source: openssl-%{version}-usa.tar.bz2 @@ -50,20 +50,18 @@ Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch Patch39: openssl-1.0.0-beta5-ipv6-apps.patch -Patch40: openssl-1.0.0-fips.patch +Patch40: openssl-1.0.0a-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch -Patch43: openssl-1.0.0-beta3-fipsmode.patch +Patch43: openssl-1.0.0a-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0-version.patch +Patch51: openssl-1.0.0a-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch Patch53: openssl-1.0.0-name-hash.patch # Backported fixes including security fixes -Patch60: openssl-1.0.0-dtls1-backports.patch -Patch61: openssl-1.0.0-init-sha256.patch License: OpenSSL Group: System Environment/Libraries @@ -145,8 +143,6 @@ from other formats to the formats used by the OpenSSL toolkit. %patch52 -p1 -b .aesni %patch53 -p1 -b .name-hash -%patch60 -p1 -b .dtls1 -%patch61 -p1 -b .sha256 # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -395,6 +391,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Fri Jun 4 2010 Tomas Mraz 1.0.0a-1 +- new upstream patch release, fixes CVE-2010-0742 (#598738) + and CVE-2010-1633 (#598732) + * Wed May 19 2010 Tomas Mraz 1.0.0-5 - pkgconfig files now contain the correct libdir (#593723) diff --git a/sources b/sources index dadae2c..f42b68d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2 +36a9936e1791566b205daa7cb4bea074 openssl-1.0.0a-usa.tar.bz2