From 7e7e3f299f4184b89482c50d577da5b1ef4b19cb Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 9 Jan 2015 10:54:51 +0100 Subject: [PATCH] new upstream release fixing multiple security issues --- .gitignore | 1 + openssl-1.0.1-beta2-dtls1-abi.patch | 23 - openssl-1.0.1k-dtls1-abi.patch | 26 + ...b.patch => openssl-1.0.1k-ecc-suiteb.patch | 58 +- ...=> openssl-1.0.1k-ephemeral-key-size.patch | 40 +- ...1j-fips.patch => openssl-1.0.1k-fips.patch | 678 +++++++++--------- ...64.patch => openssl-1.0.1k-padlock64.patch | 16 +- ...atch => openssl-1.0.1k-trusted-first.patch | 130 ++-- openssl.spec | 19 +- sources | 2 +- 10 files changed, 505 insertions(+), 488 deletions(-) delete mode 100644 openssl-1.0.1-beta2-dtls1-abi.patch create mode 100644 openssl-1.0.1k-dtls1-abi.patch rename openssl-1.0.1e-ecc-suiteb.patch => openssl-1.0.1k-ecc-suiteb.patch (74%) rename openssl-1.0.1j-ephemeral-key-size.patch => openssl-1.0.1k-ephemeral-key-size.patch (71%) rename openssl-1.0.1j-fips.patch => openssl-1.0.1k-fips.patch (95%) rename openssl-1.0.1-beta2-padlock64.patch => openssl-1.0.1k-padlock64.patch (91%) rename openssl-1.0.1i-trusted-first.patch => openssl-1.0.1k-trusted-first.patch (66%) diff --git a/.gitignore b/.gitignore index 7d51cf7..599db8e 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.1h-hobbled.tar.xz /openssl-1.0.1i-hobbled.tar.xz /openssl-1.0.1j-hobbled.tar.xz +/openssl-1.0.1k-hobbled.tar.xz diff --git a/openssl-1.0.1-beta2-dtls1-abi.patch b/openssl-1.0.1-beta2-dtls1-abi.patch deleted file mode 100644 index 6a556be..0000000 --- a/openssl-1.0.1-beta2-dtls1-abi.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi openssl-1.0.1-beta2/ssl/dtls1.h ---- openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi 2012-02-06 17:07:34.630336118 +0100 -+++ openssl-1.0.1-beta2/ssl/dtls1.h 2012-02-06 17:10:08.956623707 +0100 -@@ -222,9 +222,6 @@ typedef struct dtls1_state_st - */ - record_pqueue buffered_app_data; - -- /* Is set when listening for new connections with dtls1_listen() */ -- unsigned int listen; -- - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; -@@ -248,6 +245,9 @@ typedef struct dtls1_state_st - unsigned int retransmitting; - unsigned int change_cipher_spec_ok; - -+ /* Is set when listening for new connections with dtls1_listen() */ -+ unsigned int listen; -+ - #ifndef OPENSSL_NO_SCTP - /* used when SSL_ST_XX_FLUSH is entered */ - int next_state; diff --git a/openssl-1.0.1k-dtls1-abi.patch b/openssl-1.0.1k-dtls1-abi.patch new file mode 100644 index 0000000..e89ceba --- /dev/null +++ b/openssl-1.0.1k-dtls1-abi.patch @@ -0,0 +1,26 @@ +diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h +--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi 2015-01-09 09:58:59.332596897 +0100 ++++ openssl-1.0.1k/ssl/dtls1.h 2015-01-09 10:02:34.908472320 +0100 +@@ -231,10 +231,6 @@ typedef struct dtls1_state_st + */ + record_pqueue buffered_app_data; + +- /* Is set when listening for new connections with dtls1_listen() */ +- unsigned int listen; +- +- unsigned int link_mtu; /* max on-the-wire DTLS packet size */ + unsigned int mtu; /* max DTLS packet size */ + + struct hm_header_st w_msg_hdr; +@@ -262,6 +258,11 @@ typedef struct dtls1_state_st + */ + unsigned int change_cipher_spec_ok; + ++ /* Is set when listening for new connections with dtls1_listen() */ ++ unsigned int listen; ++ ++ unsigned int link_mtu; /* max on-the-wire DTLS packet size */ ++ + #ifndef OPENSSL_NO_SCTP + /* used when SSL_ST_XX_FLUSH is entered */ + int next_state; diff --git a/openssl-1.0.1e-ecc-suiteb.patch b/openssl-1.0.1k-ecc-suiteb.patch similarity index 74% rename from openssl-1.0.1e-ecc-suiteb.patch rename to openssl-1.0.1k-ecc-suiteb.patch index dc87b00..bf0065f 100644 --- a/openssl-1.0.1e-ecc-suiteb.patch +++ b/openssl-1.0.1k-ecc-suiteb.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c ---- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100 -+++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100 +diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c +--- openssl-1.0.1k/apps/speed.c.suiteb 2015-01-09 10:03:38.406908388 +0100 ++++ openssl-1.0.1k/apps/speed.c 2015-01-09 10:03:38.602912821 +0100 @@ -966,49 +966,23 @@ int MAIN(int argc, char **argv) else #endif @@ -87,38 +87,44 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c ecdh_doit[i]=1; #endif } -diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c ---- openssl-1.0.1e/ssl/t1_lib.c.suiteb 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/ssl/t1_lib.c 2013-11-08 18:05:27.551617554 +0100 -@@ -204,31 +204,9 @@ static int nid_list[] = - - static int pref_list[] = - { -- NID_sect571r1, /* sect571r1 (14) */ -- NID_sect571k1, /* sect571k1 (13) */ - NID_secp521r1, /* secp521r1 (25) */ -- NID_sect409k1, /* sect409k1 (11) */ -- NID_sect409r1, /* sect409r1 (12) */ - NID_secp384r1, /* secp384r1 (24) */ -- NID_sect283k1, /* sect283k1 (9) */ -- NID_sect283r1, /* sect283r1 (10) */ +diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c +--- openssl-1.0.1k/ssl/t1_lib.c.suiteb 2015-01-09 10:03:38.603912844 +0100 ++++ openssl-1.0.1k/ssl/t1_lib.c 2015-01-09 10:06:35.470912834 +0100 +@@ -218,29 +218,21 @@ static int pref_list[] = + NID_sect283k1, /* sect283k1 (9) */ + NID_sect283r1, /* sect283r1 (10) */ + #endif - NID_secp256k1, /* secp256k1 (22) */ NID_X9_62_prime256v1, /* secp256r1 (23) */ -- NID_sect239k1, /* sect239k1 (8) */ -- NID_sect233k1, /* sect233k1 (6) */ -- NID_sect233r1, /* sect233r1 (7) */ + #ifndef OPENSSL_NO_EC2M + NID_sect239k1, /* sect239k1 (8) */ + NID_sect233k1, /* sect233k1 (6) */ + NID_sect233r1, /* sect233r1 (7) */ + #endif - NID_secp224k1, /* secp224k1 (20) */ - NID_secp224r1, /* secp224r1 (21) */ -- NID_sect193r1, /* sect193r1 (4) */ -- NID_sect193r2, /* sect193r2 (5) */ + #ifndef OPENSSL_NO_EC2M + NID_sect193r1, /* sect193r1 (4) */ + NID_sect193r2, /* sect193r2 (5) */ + #endif - NID_secp192k1, /* secp192k1 (18) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */ -- NID_sect163k1, /* sect163k1 (1) */ -- NID_sect163r1, /* sect163r1 (2) */ -- NID_sect163r2, /* sect163r2 (3) */ + #ifndef OPENSSL_NO_EC2M + NID_sect163k1, /* sect163k1 (1) */ + NID_sect163r1, /* sect163r1 (2) */ + NID_sect163r2, /* sect163r2 (3) */ + #endif - NID_secp160k1, /* secp160k1 (15) */ - NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r2, /* secp160r2 (17) */ }; int tls1_ec_curve_id2nid(int curve_id) +@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL * + s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; + s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; + +- /* we support all named elliptic curves in RFC 4492 */ + if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); + s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; + if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) diff --git a/openssl-1.0.1j-ephemeral-key-size.patch b/openssl-1.0.1k-ephemeral-key-size.patch similarity index 71% rename from openssl-1.0.1j-ephemeral-key-size.patch rename to openssl-1.0.1k-ephemeral-key-size.patch index e8e8dbb..23d4f33 100644 --- a/openssl-1.0.1j-ephemeral-key-size.patch +++ b/openssl-1.0.1k-ephemeral-key-size.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h ---- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200 -+++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200 +diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h +--- openssl-1.0.1k/apps/s_apps.h.ephemeral 2015-01-09 10:22:03.289896211 +0100 ++++ openssl-1.0.1k/apps/s_apps.h 2015-01-09 10:22:03.373898111 +0100 @@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok, int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); @@ -9,9 +9,9 @@ diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h int init_client(int *sock, char *server, char *port, int type); int should_retry(int i); int extract_host_port(char *str,char **host_ptr,char **port_ptr); -diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c ---- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200 +diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c +--- openssl-1.0.1k/apps/s_cb.c.ephemeral 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/apps/s_cb.c 2015-01-09 10:22:03.373898111 +0100 @@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback( } } @@ -51,10 +51,10 @@ diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { -diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c ---- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200 -+++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200 -@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s +diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c +--- openssl-1.0.1k/apps/s_client.c.ephemeral 2015-01-09 10:22:03.367897975 +0100 ++++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:22:03.373898111 +0100 +@@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s BIO_write(bio,"\n",1); } @@ -63,18 +63,18 @@ diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); -diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h ---- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200 -+++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200 -@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) +diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h +--- openssl-1.0.1k/ssl/ssl.h.ephemeral 2015-01-09 10:22:03.358897772 +0100 ++++ openssl-1.0.1k/ssl/ssl.h 2015-01-09 10:25:08.644088146 +0100 +@@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_CHECK_PROTO_VERSION 119 - - #define DTLSv1_get_timeout(ssl, arg) \ -@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + #define DTLS_CTRL_SET_LINK_MTU 120 + #define DTLS_CTRL_GET_LINK_MIN_MTU 121 +@@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) @@ -84,9 +84,9 @@ diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); -diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c ---- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200 -+++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200 +diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c +--- openssl-1.0.1k/ssl/s3_lib.c.ephemeral 2015-01-08 15:00:56.000000000 +0100 ++++ openssl-1.0.1k/ssl/s3_lib.c 2015-01-09 10:22:03.374898133 +0100 @@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar #endif /* !OPENSSL_NO_TLSEXT */ diff --git a/openssl-1.0.1j-fips.patch b/openssl-1.0.1k-fips.patch similarity index 95% rename from openssl-1.0.1j-fips.patch rename to openssl-1.0.1k-fips.patch index dff6aca..f75329c 100644 --- a/openssl-1.0.1j-fips.patch +++ b/openssl-1.0.1k-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c ---- openssl-1.0.1j/apps/speed.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/apps/speed.c 2014-10-16 13:19:35.084306085 +0200 +diff -up openssl-1.0.1k/apps/speed.c.fips openssl-1.0.1k/apps/speed.c +--- openssl-1.0.1k/apps/speed.c.fips 2015-01-08 15:00:56.000000000 +0100 ++++ openssl-1.0.1k/apps/speed.c 2015-01-09 09:51:51.538921997 +0100 @@ -195,7 +195,6 @@ #ifdef OPENSSL_DOING_MAKEDEPEND #undef AES_set_encrypt_key @@ -126,10 +126,10 @@ diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 16,EVP_md5(), NULL); -diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure ---- openssl-1.0.1j/Configure.fips 2014-10-16 13:19:35.056305452 +0200 -+++ openssl-1.0.1j/Configure 2014-10-16 13:19:35.084306085 +0200 -@@ -998,11 +998,6 @@ if (defined($disabled{"md5"}) || defined +diff -up openssl-1.0.1k/Configure.fips openssl-1.0.1k/Configure +--- openssl-1.0.1k/Configure.fips 2015-01-09 09:51:51.257915642 +0100 ++++ openssl-1.0.1k/Configure 2015-01-09 09:51:51.539922020 +0100 +@@ -1003,11 +1003,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -141,7 +141,7 @@ diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1477,7 +1472,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1482,7 +1477,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -149,7 +149,7 @@ diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1664,9 +1658,12 @@ while () +@@ -1669,9 +1663,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -163,9 +163,9 @@ diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes_misc.c ---- openssl-1.0.1j/crypto/aes/aes_misc.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/aes/aes_misc.c 2014-10-16 13:19:35.085306107 +0200 +diff -up openssl-1.0.1k/crypto/aes/aes_misc.c.fips openssl-1.0.1k/crypto/aes/aes_misc.c +--- openssl-1.0.1k/crypto/aes/aes_misc.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/aes/aes_misc.c 2015-01-09 09:51:51.539922020 +0100 @@ -69,17 +69,11 @@ const char *AES_options(void) { int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -184,9 +184,9 @@ diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac.c ---- openssl-1.0.1j/crypto/cmac/cmac.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/cmac/cmac.c 2014-10-16 13:19:35.085306107 +0200 +diff -up openssl-1.0.1k/crypto/cmac/cmac.c.fips openssl-1.0.1k/crypto/cmac/cmac.c +--- openssl-1.0.1k/crypto/cmac/cmac.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/cmac/cmac.c 2015-01-09 09:51:51.540922042 +0100 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -235,9 +235,9 @@ diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac. if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h ---- openssl-1.0.1j/crypto/crypto.h.fips 2014-10-16 13:19:34.918302337 +0200 -+++ openssl-1.0.1j/crypto/crypto.h 2014-10-16 13:19:35.085306107 +0200 +diff -up openssl-1.0.1k/crypto/crypto.h.fips openssl-1.0.1k/crypto/crypto.h +--- openssl-1.0.1k/crypto/crypto.h.fips 2015-01-09 09:51:51.138912950 +0100 ++++ openssl-1.0.1k/crypto/crypto.h 2015-01-09 09:51:51.540922042 +0100 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -283,9 +283,9 @@ diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h ---- openssl-1.0.1j/crypto/des/des.h.fips 2014-10-16 13:19:34.967303443 +0200 -+++ openssl-1.0.1j/crypto/des/des.h 2014-10-16 13:19:35.085306107 +0200 +diff -up openssl-1.0.1k/crypto/des/des.h.fips openssl-1.0.1k/crypto/des/des.h +--- openssl-1.0.1k/crypto/des/des.h.fips 2015-01-09 09:51:51.168913629 +0100 ++++ openssl-1.0.1k/crypto/des/des.h 2015-01-09 09:51:51.540922042 +0100 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); @@ -296,9 +296,9 @@ diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h void DES_string_to_key(const char *str,DES_cblock *key); void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, -diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_key.c ---- openssl-1.0.1j/crypto/des/set_key.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/des/set_key.c 2014-10-16 13:19:35.085306107 +0200 +diff -up openssl-1.0.1k/crypto/des/set_key.c.fips openssl-1.0.1k/crypto/des/set_key.c +--- openssl-1.0.1k/crypto/des/set_key.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/des/set_key.c 2015-01-09 09:51:51.541922065 +0100 @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -313,9 +313,9 @@ diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_ { static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; -diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen.c ---- openssl-1.0.1j/crypto/dh/dh_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dh/dh_gen.c 2014-10-16 13:19:35.085306107 +0200 +diff -up openssl-1.0.1k/crypto/dh/dh_gen.c.fips openssl-1.0.1k/crypto/dh/dh_gen.c +--- openssl-1.0.1k/crypto/dh/dh_gen.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dh/dh_gen.c 2015-01-09 09:51:51.541922065 +0100 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if(ret->meth->generate_params) @@ -349,9 +349,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen. ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h ---- openssl-1.0.1j/crypto/dh/dh.h.fips 2014-10-16 13:19:34.887301637 +0200 -+++ openssl-1.0.1j/crypto/dh/dh.h 2014-10-16 13:19:35.086306130 +0200 +diff -up openssl-1.0.1k/crypto/dh/dh.h.fips openssl-1.0.1k/crypto/dh/dh.h +--- openssl-1.0.1k/crypto/dh/dh.h.fips 2015-01-09 09:51:51.112912362 +0100 ++++ openssl-1.0.1k/crypto/dh/dh.h 2015-01-09 09:51:51.541922065 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -369,9 +369,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); int i2d_DHparams(const DH *a,unsigned char **pp); #ifndef OPENSSL_NO_FP_API -diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key.c ---- openssl-1.0.1j/crypto/dh/dh_key.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dh/dh_key.c 2014-10-16 13:19:35.086306130 +0200 +diff -up openssl-1.0.1k/crypto/dh/dh_key.c.fips openssl-1.0.1k/crypto/dh/dh_key.c +--- openssl-1.0.1k/crypto/dh/dh_key.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dh/dh_key.c 2015-01-09 09:51:51.542922087 +0100 @@ -61,6 +61,9 @@ #include #include @@ -452,9 +452,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib.c ---- openssl-1.0.1j/crypto/dh/dh_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dh/dh_lib.c 2014-10-16 13:19:35.086306130 +0200 +diff -up openssl-1.0.1k/crypto/dh/dh_lib.c.fips openssl-1.0.1k/crypto/dh/dh_lib.c +--- openssl-1.0.1k/crypto/dh/dh_lib.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dh/dh_lib.c 2015-01-09 09:51:51.542922087 +0100 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v { if(!default_DH_method) @@ -470,9 +470,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib. } return default_DH_method; } -diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_err.c ---- openssl-1.0.1j/crypto/dsa/dsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_err.c 2014-10-16 13:19:35.086306130 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_err.c.fips openssl-1.0.1k/crypto/dsa/dsa_err.c +--- openssl-1.0.1k/crypto/dsa/dsa_err.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_err.c 2015-01-09 09:51:51.542922087 +0100 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -491,9 +491,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_ {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, -diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_gen.c ---- openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_gen.c 2014-10-16 13:19:35.086306130 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_gen.c.fips openssl-1.0.1k/crypto/dsa/dsa_gen.c +--- openssl-1.0.1k/crypto/dsa/dsa_gen.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_gen.c 2015-01-09 09:51:51.543922110 +0100 @@ -85,6 +85,14 @@ #include #endif @@ -900,9 +900,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_ } if (mont != NULL) BN_MONT_CTX_free(mont); return ok; -diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h ---- openssl-1.0.1j/crypto/dsa/dsa.h.fips 2014-10-16 13:19:34.791299470 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa.h 2014-10-16 13:19:35.087306152 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa.h.fips openssl-1.0.1k/crypto/dsa/dsa.h +--- openssl-1.0.1k/crypto/dsa/dsa.h.fips 2015-01-09 09:51:51.033910576 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa.h 2015-01-09 09:51:51.543922110 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -963,9 +963,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_key.c ---- openssl-1.0.1j/crypto/dsa/dsa_key.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_key.c 2014-10-16 13:19:35.087306152 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_key.c.fips openssl-1.0.1k/crypto/dsa/dsa_key.c +--- openssl-1.0.1k/crypto/dsa/dsa_key.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_key.c 2015-01-09 09:51:51.543922110 +0100 @@ -66,6 +66,35 @@ #ifdef OPENSSL_FIPS @@ -1044,9 +1044,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_ ok=1; err: -diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_lib.c ---- openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_lib.c 2014-10-16 13:19:35.087306152 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_lib.c.fips openssl-1.0.1k/crypto/dsa/dsa_lib.c +--- openssl-1.0.1k/crypto/dsa/dsa_lib.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_lib.c 2015-01-09 09:51:51.543922110 +0100 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method { if(!default_DSA_method) @@ -1062,18 +1062,18 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_ } return default_DSA_method; } -diff -up openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips openssl-1.0.1j/crypto/dsa/dsa_locl.h ---- openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips 2014-10-16 13:19:34.792299493 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_locl.h 2014-10-16 13:19:35.087306152 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_locl.h.fips openssl-1.0.1k/crypto/dsa/dsa_locl.h +--- openssl-1.0.1k/crypto/dsa/dsa_locl.h.fips 2015-01-09 09:51:51.035910621 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_locl.h 2015-01-09 09:51:51.544922133 +0100 @@ -56,5 +56,4 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa_ossl.c ---- openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c 2014-10-16 13:19:35.087306152 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1k/crypto/dsa/dsa_ossl.c +--- openssl-1.0.1k/crypto/dsa/dsa_ossl.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_ossl.c 2015-01-09 09:51:51.544922133 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1147,9 +1147,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c 2014-10-16 13:19:35.087306152 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1k/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.1k/crypto/dsa/dsa_pmeth.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsa_pmeth.c 2015-01-09 09:51:51.544922133 +0100 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1159,9 +1159,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/ds if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsatest.c ---- openssl-1.0.1j/crypto/dsa/dsatest.c.fips 2014-10-15 14:51:06.000000000 +0200 -+++ openssl-1.0.1j/crypto/dsa/dsatest.c 2014-10-16 13:19:35.088306175 +0200 +diff -up openssl-1.0.1k/crypto/dsa/dsatest.c.fips openssl-1.0.1k/crypto/dsa/dsatest.c +--- openssl-1.0.1k/crypto/dsa/dsatest.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/dsa/dsatest.c 2015-01-09 09:51:51.545922155 +0100 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1246,9 +1246,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsat goto end; } if (h != 2) -diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engine/eng_all.c ---- openssl-1.0.1j/crypto/engine/eng_all.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/engine/eng_all.c 2014-10-16 13:19:35.088306175 +0200 +diff -up openssl-1.0.1k/crypto/engine/eng_all.c.fips openssl-1.0.1k/crypto/engine/eng_all.c +--- openssl-1.0.1k/crypto/engine/eng_all.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/engine/eng_all.c 2015-01-09 09:51:51.545922155 +0100 @@ -58,11 +58,25 @@ #include "cryptlib.h" @@ -1275,9 +1275,9 @@ diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engin #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_allc.c ---- openssl-1.0.1j/crypto/evp/c_allc.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:19:35.088306175 +0200 +diff -up openssl-1.0.1k/crypto/evp/c_allc.c.fips openssl-1.0.1k/crypto/evp/c_allc.c +--- openssl-1.0.1k/crypto/evp/c_allc.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/c_allc.c 2015-01-09 09:51:51.545922155 +0100 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -1351,9 +1351,9 @@ diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_alld.c ---- openssl-1.0.1j/crypto/evp/c_alld.c.fips 2014-10-15 14:51:06.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/c_alld.c 2014-10-16 13:19:35.088306175 +0200 +diff -up openssl-1.0.1k/crypto/evp/c_alld.c.fips openssl-1.0.1k/crypto/evp/c_alld.c +--- openssl-1.0.1k/crypto/evp/c_alld.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/c_alld.c 2015-01-09 09:51:51.545922155 +0100 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -1399,9 +1399,9 @@ diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/digest.c ---- openssl-1.0.1j/crypto/evp/digest.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/digest.c 2014-10-16 13:19:35.088306175 +0200 +diff -up openssl-1.0.1k/crypto/evp/digest.c.fips openssl-1.0.1k/crypto/evp/digest.c +--- openssl-1.0.1k/crypto/evp/digest.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/digest.c 2015-01-09 09:51:51.546922178 +0100 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1550,9 +1550,9 @@ diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/diges memset(ctx,'\0',sizeof *ctx); return 1; -diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes.c ---- openssl-1.0.1j/crypto/evp/e_aes.c.fips 2014-10-16 13:19:35.048305272 +0200 -+++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:19:35.089306198 +0200 +diff -up openssl-1.0.1k/crypto/evp/e_aes.c.fips openssl-1.0.1k/crypto/evp/e_aes.c +--- openssl-1.0.1k/crypto/evp/e_aes.c.fips 2015-01-09 09:51:51.250915484 +0100 ++++ openssl-1.0.1k/crypto/evp/e_aes.c 2015-01-09 09:51:51.546922178 +0100 @@ -56,7 +56,6 @@ #include #include @@ -1584,9 +1584,9 @@ diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes. #endif -#endif -diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des3.c ---- openssl-1.0.1j/crypto/evp/e_des3.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:19:35.089306198 +0200 +diff -up openssl-1.0.1k/crypto/evp/e_des3.c.fips openssl-1.0.1k/crypto/evp/e_des3.c +--- openssl-1.0.1k/crypto/evp/e_des3.c.fips 2015-01-08 15:00:56.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/e_des3.c 2015-01-09 09:51:51.547922201 +0100 @@ -65,8 +65,6 @@ #include #include @@ -1596,7 +1596,7 @@ diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); -@@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH +@@ -207,9 +205,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, @@ -1609,7 +1609,7 @@ diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher -@@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, +@@ -218,21 +216,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, @@ -1640,14 +1640,14 @@ diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -@@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void) +@@ -315,4 +313,3 @@ const EVP_CIPHER *EVP_des_ede3(void) return &des_ede3_ecb; } #endif -#endif -diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_null.c ---- openssl-1.0.1j/crypto/evp/e_null.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/e_null.c 2014-10-16 13:19:35.089306198 +0200 +diff -up openssl-1.0.1k/crypto/evp/e_null.c.fips openssl-1.0.1k/crypto/evp/e_null.c +--- openssl-1.0.1k/crypto/evp/e_null.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/e_null.c 2015-01-09 09:51:51.547922201 +0100 @@ -61,8 +61,6 @@ #include #include @@ -1671,11 +1671,11 @@ diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_nul return 1; } -#endif -diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_enc.c ---- openssl-1.0.1j/crypto/evp/evp_enc.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:21:57.064511350 +0200 -@@ -70,17 +70,58 @@ - #include "constant_time_locl.h" +diff -up openssl-1.0.1k/crypto/evp/evp_enc.c.fips openssl-1.0.1k/crypto/evp/evp_enc.c +--- openssl-1.0.1k/crypto/evp/evp_enc.c.fips 2015-01-08 15:00:56.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/evp_enc.c 2015-01-09 09:57:57.393196087 +0100 +@@ -69,17 +69,58 @@ + #endif #include "evp_locl.h" -#ifdef OPENSSL_FIPS @@ -1737,7 +1737,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ memset(ctx,0,sizeof(EVP_CIPHER_CTX)); /* ctx->cipher=NULL; */ } -@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1752,7 +1752,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct ctx->engine = NULL; #endif @@ -1763,7 +1763,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ ctx->cipher=cipher; if (ctx->cipher->ctx_size) { -@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif @@ -1774,7 +1774,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 -@@ -250,6 +291,22 @@ skip_to_init: +@@ -249,6 +290,22 @@ skip_to_init: } } @@ -1797,7 +1797,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX +@@ -573,7 +630,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { @@ -1805,7 +1805,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ if (c->cipher != NULL) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT +@@ -584,16 +640,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT } if (c->cipher_data) OPENSSL_free(c->cipher_data); @@ -1822,9 +1822,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_ memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } -diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h ---- openssl-1.0.1j/crypto/evp/evp.h.fips 2014-10-16 13:19:34.940302834 +0200 -+++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:19:35.090306220 +0200 +diff -up openssl-1.0.1k/crypto/evp/evp.h.fips openssl-1.0.1k/crypto/evp/evp.h +--- openssl-1.0.1k/crypto/evp/evp.h.fips 2015-01-09 09:51:51.150913222 +0100 ++++ openssl-1.0.1k/crypto/evp/evp.h 2015-01-09 09:51:51.548922223 +0100 @@ -75,6 +75,10 @@ #include #endif @@ -1877,9 +1877,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h /* Cipher handles any and all padding logic as well * as finalisation. */ -diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_lib.c ---- openssl-1.0.1j/crypto/evp/evp_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:19:35.090306220 +0200 +diff -up openssl-1.0.1k/crypto/evp/evp_lib.c.fips openssl-1.0.1k/crypto/evp/evp_lib.c +--- openssl-1.0.1k/crypto/evp/evp_lib.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/evp_lib.c 2015-01-09 09:51:51.548922223 +0100 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1890,9 +1890,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx,out,in,inl); } -diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp_locl.h ---- openssl-1.0.1j/crypto/evp/evp_locl.h.fips 2014-10-16 13:19:34.933302676 +0200 -+++ openssl-1.0.1j/crypto/evp/evp_locl.h 2014-10-16 13:19:35.090306220 +0200 +diff -up openssl-1.0.1k/crypto/evp/evp_locl.h.fips openssl-1.0.1k/crypto/evp/evp_locl.h +--- openssl-1.0.1k/crypto/evp/evp_locl.h.fips 2015-01-09 09:51:51.147913154 +0100 ++++ openssl-1.0.1k/crypto/evp/evp_locl.h 2015-01-09 09:51:51.549922246 +0100 @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -1927,9 +1927,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp #define Camellia_set_key private_Camellia_set_key #endif -diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makefile ---- openssl-1.0.1j/crypto/evp/Makefile.fips 2014-10-15 14:54:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/Makefile 2014-10-16 13:19:35.090306220 +0200 +diff -up openssl-1.0.1k/crypto/evp/Makefile.fips openssl-1.0.1k/crypto/evp/Makefile +--- openssl-1.0.1k/crypto/evp/Makefile.fips 2015-01-08 15:03:32.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/Makefile 2015-01-09 09:51:51.549922246 +0100 @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -1948,9 +1948,9 @@ diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makef e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o SRC= $(LIBSRC) -diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss.c ---- openssl-1.0.1j/crypto/evp/m_dss.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/m_dss.c 2014-10-16 13:19:35.090306220 +0200 +diff -up openssl-1.0.1k/crypto/evp/m_dss.c.fips openssl-1.0.1k/crypto/evp/m_dss.c +--- openssl-1.0.1k/crypto/evp/m_dss.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/m_dss.c 2015-01-09 09:51:51.549922246 +0100 @@ -66,7 +66,6 @@ #endif @@ -1973,9 +1973,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss. } #endif -#endif -diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss1.c ---- openssl-1.0.1j/crypto/evp/m_dss1.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/m_dss1.c 2014-10-16 13:19:35.091306243 +0200 +diff -up openssl-1.0.1k/crypto/evp/m_dss1.c.fips openssl-1.0.1k/crypto/evp/m_dss1.c +--- openssl-1.0.1k/crypto/evp/m_dss1.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/m_dss1.c 2015-01-09 09:51:51.549922246 +0100 @@ -68,8 +68,6 @@ #include #endif @@ -1999,9 +1999,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss } #endif -#endif -diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2.c ---- openssl-1.0.1j/crypto/evp/m_md2.c.fips 2014-10-15 14:51:06.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/m_md2.c 2014-10-16 13:19:35.091306243 +0200 +diff -up openssl-1.0.1k/crypto/evp/m_md2.c.fips openssl-1.0.1k/crypto/evp/m_md2.c +--- openssl-1.0.1k/crypto/evp/m_md2.c.fips 2014-10-15 15:49:15.000000000 +0200 ++++ openssl-1.0.1k/crypto/evp/m_md2.c 2015-01-09 09:51:51.550922268 +0100 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -2010,9 +2010,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2. static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha1.c ---- openssl-1.0.1j/crypto/evp/m_sha1.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/m_sha1.c 2014-10-16 13:19:35.091306243 +0200 +diff -up openssl-1.0.1k/crypto/evp/m_sha1.c.fips openssl-1.0.1k/crypto/evp/m_sha1.c +--- openssl-1.0.1k/crypto/evp/m_sha1.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/m_sha1.c 2015-01-09 09:51:51.550922268 +0100 @@ -59,8 +59,6 @@ #include #include "cryptlib.h" @@ -2077,9 +2077,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha #endif /* ifndef OPENSSL_NO_SHA512 */ -#endif -diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sign.c ---- openssl-1.0.1j/crypto/evp/p_sign.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/p_sign.c 2014-10-16 13:19:35.091306243 +0200 +diff -up openssl-1.0.1k/crypto/evp/p_sign.c.fips openssl-1.0.1k/crypto/evp/p_sign.c +--- openssl-1.0.1k/crypto/evp/p_sign.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/p_sign.c 2015-01-09 09:51:51.550922268 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2111,9 +2111,9 @@ diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sig if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_verify.c ---- openssl-1.0.1j/crypto/evp/p_verify.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/evp/p_verify.c 2014-10-16 13:19:35.091306243 +0200 +diff -up openssl-1.0.1k/crypto/evp/p_verify.c.fips openssl-1.0.1k/crypto/evp/p_verify.c +--- openssl-1.0.1k/crypto/evp/p_verify.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/evp/p_verify.c 2015-01-09 09:51:51.550922268 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2145,9 +2145,9 @@ diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_v i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips 2014-10-16 13:19:35.092306265 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c 2014-10-16 13:19:35.092306265 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c.fips 2015-01-09 09:51:51.551922291 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c 2015-01-09 09:51:51.551922291 +0100 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3088,9 +3088,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypt + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips 2014-10-16 13:19:35.092306265 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c 2014-10-16 13:19:35.092306265 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c.fips 2015-01-09 09:51:51.552922314 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c 2015-01-09 09:51:51.552922314 +0100 @@ -0,0 +1,517 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3609,9 +3609,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/cry + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips 2014-10-16 13:19:35.092306265 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c 2014-10-16 13:19:35.092306265 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c.fips 2015-01-09 09:51:51.552922314 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c 2015-01-09 09:51:51.552922314 +0100 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -4315,9 +4315,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/cryp + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips 2014-10-16 13:19:35.093306288 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c 2014-10-16 13:19:35.093306288 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c.fips 2015-01-09 09:51:51.553922336 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c 2015-01-09 09:51:51.553922336 +0100 @@ -0,0 +1,292 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4611,9 +4611,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/ + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips 2014-10-16 13:19:35.093306288 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c 2014-10-16 13:19:35.093306288 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c.fips 2015-01-09 09:51:51.553922336 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c 2015-01-09 09:51:51.553922336 +0100 @@ -0,0 +1,416 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5031,9 +5031,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypt + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips 2014-10-16 13:19:35.093306288 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c 2014-10-16 13:19:35.093306288 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c.fips 2015-01-09 09:51:51.553922336 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c 2015-01-09 09:51:51.553922336 +0100 @@ -0,0 +1,537 @@ +#include + @@ -5572,9 +5572,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips 2014-10-16 13:19:35.094306310 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c 2014-10-16 13:19:35.093306288 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c.fips 2015-01-09 09:51:51.554922359 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c 2015-01-09 09:51:51.554922359 +0100 @@ -0,0 +1,571 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6147,9 +6147,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/cryp +} + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips 2014-10-16 13:19:35.094306310 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c 2014-10-16 13:19:35.094306310 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c.fips 2015-01-09 09:51:51.554922359 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c 2015-01-09 09:51:51.554922359 +0100 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -6381,9 +6381,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto + return 0; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips 2014-10-16 13:19:35.094306310 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c 2014-10-16 13:19:35.094306310 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c.fips 2015-01-09 09:51:51.555922381 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c 2015-01-09 09:51:51.555922381 +0100 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6775,9 +6775,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/cry + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips 2014-10-16 13:19:35.094306310 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c 2014-10-16 13:19:35.094306310 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c.fips 2015-01-09 09:51:51.555922381 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c 2015-01-09 09:51:51.555922381 +0100 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7149,9 +7149,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/cry + return ret; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips 2014-10-16 13:19:35.094306310 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c 2014-10-16 13:19:35.094306310 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c.fips 2015-01-09 09:51:51.555922381 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c 2015-01-09 09:51:51.555922381 +0100 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7530,9 +7530,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/cry + return ret; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips 2014-10-16 13:19:35.095306333 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c 2014-10-16 13:19:35.095306333 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c.fips 2015-01-09 09:51:51.556922404 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c 2015-01-09 09:51:51.556922404 +0100 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7922,9 +7922,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/cryp + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips 2014-10-16 13:19:35.095306333 +0200 -+++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h 2014-10-16 13:19:35.095306333 +0200 +diff -up openssl-1.0.1k/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1k/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.1k/crypto/fips/cavs/fips_utl.h.fips 2015-01-09 09:51:51.556922404 +0100 ++++ openssl-1.0.1k/crypto/fips/cavs/fips_utl.h 2015-01-09 09:51:51.556922404 +0100 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -8269,9 +8269,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/f +#endif + } + -diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips 2014-10-16 13:19:35.095306333 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c 2014-10-16 13:19:35.095306333 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_aes_selftest.c.fips 2015-01-09 09:51:51.556922404 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_aes_selftest.c 2015-01-09 09:51:51.556922404 +0100 @@ -0,0 +1,359 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8632,9 +8632,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/cryp + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips.c ---- openssl-1.0.1j/crypto/fips/fips.c.fips 2014-10-16 13:19:35.095306333 +0200 -+++ openssl-1.0.1j/crypto/fips/fips.c 2014-10-16 13:19:35.095306333 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips.c.fips openssl-1.0.1k/crypto/fips/fips.c +--- openssl-1.0.1k/crypto/fips/fips.c.fips 2015-01-09 09:51:51.557922427 +0100 ++++ openssl-1.0.1k/crypto/fips/fips.c 2015-01-09 09:51:51.557922427 +0100 @@ -0,0 +1,491 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9127,9 +9127,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips. + + +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c 2014-10-16 13:19:35.096306356 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c.fips 2015-01-09 09:51:51.557922427 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c 2015-01-09 09:51:51.557922427 +0100 @@ -0,0 +1,161 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9292,9 +9292,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/cry + return rv; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_des_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c 2014-10-16 13:19:35.096306356 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_des_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_des_selftest.c.fips 2015-01-09 09:51:51.557922427 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_des_selftest.c 2015-01-09 09:51:51.557922427 +0100 @@ -0,0 +1,147 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9443,9 +9443,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/cryp + return ret; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c ---- openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips 2014-10-16 13:19:35.096306356 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c 2014-10-16 13:19:35.096306356 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c +--- openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c.fips 2015-01-09 09:51:51.558922449 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c 2015-01-09 09:51:51.558922449 +0100 @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9883,9 +9883,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/f + + return 1; + } -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hash.c ---- openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips 2014-10-16 13:19:35.096306356 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c 2014-10-16 13:19:35.096306356 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_hash.c +--- openssl-1.0.1k/crypto/fips/fips_drbg_hash.c.fips 2015-01-09 09:51:51.558922449 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_hash.c 2015-01-09 09:51:51.558922449 +0100 @@ -0,0 +1,378 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10265,9 +10265,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/ + + return 1; + } -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c ---- openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips 2014-10-16 13:19:35.097306378 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c 2014-10-16 13:19:35.096306356 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c +--- openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c.fips 2015-01-09 09:51:51.559922472 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c 2015-01-09 09:51:51.558922449 +0100 @@ -0,0 +1,281 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10550,9 +10550,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/ + + return 1; + } -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_lib.c ---- openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips 2014-10-16 13:19:35.097306378 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c 2014-10-16 13:19:35.097306378 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_lib.c +--- openssl-1.0.1k/crypto/fips/fips_drbg_lib.c.fips 2015-01-09 09:51:51.559922472 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_lib.c 2015-01-09 09:51:51.559922472 +0100 @@ -0,0 +1,578 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -11132,9 +11132,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; + } -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_rand.c ---- openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips 2014-10-16 13:19:35.097306378 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c 2014-10-16 13:19:35.097306378 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_rand.c +--- openssl-1.0.1k/crypto/fips/fips_drbg_rand.c.fips 2015-01-09 09:51:51.559922472 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_rand.c 2015-01-09 09:51:51.559922472 +0100 @@ -0,0 +1,172 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11308,9 +11308,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/ + return &rand_drbg_meth; + } + -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips 2014-10-16 13:19:35.097306378 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c 2014-10-16 13:19:35.097306378 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c.fips 2015-01-09 09:51:51.560922495 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c 2015-01-09 09:51:51.560922495 +0100 @@ -0,0 +1,862 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12174,9 +12174,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/cry + return rv; + } + -diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h ---- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips 2014-10-16 13:19:35.098306401 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h 2014-10-16 13:19:35.098306401 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h +--- openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h.fips 2015-01-09 09:51:51.561922517 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h 2015-01-09 09:51:51.561922517 +0100 @@ -0,0 +1,2335 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14513,9 +14513,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/cry + 0xc2,0xd6,0xfd,0xa5 + }; + -diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c 2014-10-16 13:19:35.099306423 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c.fips 2015-01-09 09:51:51.562922540 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c 2015-01-09 09:51:51.562922540 +0100 @@ -0,0 +1,193 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14710,9 +14710,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/cryp + return ret; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/fips_enc.c ---- openssl-1.0.1j/crypto/fips/fips_enc.c.fips 2014-10-16 13:19:35.099306423 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_enc.c 2014-10-16 13:19:35.099306423 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_enc.c.fips openssl-1.0.1k/crypto/fips/fips_enc.c +--- openssl-1.0.1k/crypto/fips/fips_enc.c.fips 2015-01-09 09:51:51.562922540 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_enc.c 2015-01-09 09:51:51.562922540 +0100 @@ -0,0 +1,191 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -14905,9 +14905,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/f + } + } + -diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips.h ---- openssl-1.0.1j/crypto/fips/fips.h.fips 2014-10-16 13:19:35.099306423 +0200 -+++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:19:35.099306423 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips.h.fips openssl-1.0.1k/crypto/fips/fips.h +--- openssl-1.0.1k/crypto/fips/fips.h.fips 2015-01-09 09:51:51.562922540 +0100 ++++ openssl-1.0.1k/crypto/fips/fips.h 2015-01-09 09:51:51.562922540 +0100 @@ -0,0 +1,279 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -15188,9 +15188,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips. +} +#endif +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c 2014-10-16 13:19:35.099306423 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c.fips 2015-01-09 09:51:51.563922562 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c 2015-01-09 09:51:51.563922562 +0100 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -15329,9 +15329,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/cry + return 1; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/fips_locl.h ---- openssl-1.0.1j/crypto/fips/fips_locl.h.fips 2014-10-16 13:19:35.100306446 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_locl.h 2014-10-16 13:19:35.099306423 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_locl.h.fips openssl-1.0.1k/crypto/fips/fips_locl.h +--- openssl-1.0.1k/crypto/fips/fips_locl.h.fips 2015-01-09 09:51:51.563922562 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_locl.h 2015-01-09 09:51:51.563922562 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15404,9 +15404,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/ +} +#endif +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fips_md.c ---- openssl-1.0.1j/crypto/fips/fips_md.c.fips 2014-10-16 13:19:35.100306446 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_md.c 2014-10-16 13:19:35.100306446 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_md.c.fips openssl-1.0.1k/crypto/fips/fips_md.c +--- openssl-1.0.1k/crypto/fips/fips_md.c.fips 2015-01-09 09:51:51.563922562 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_md.c 2015-01-09 09:51:51.563922562 +0100 @@ -0,0 +1,145 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15553,9 +15553,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fi + return NULL; + } + } -diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/fips_post.c ---- openssl-1.0.1j/crypto/fips/fips_post.c.fips 2014-10-16 13:19:35.100306446 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:19:35.100306446 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_post.c.fips openssl-1.0.1k/crypto/fips/fips_post.c +--- openssl-1.0.1k/crypto/fips/fips_post.c.fips 2015-01-09 09:51:51.563922562 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_post.c 2015-01-09 09:51:51.563922562 +0100 @@ -0,0 +1,205 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15762,9 +15762,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/ + return 1; + } +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/fips_rand.c ---- openssl-1.0.1j/crypto/fips/fips_rand.c.fips 2014-10-16 13:19:35.100306446 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rand.c 2014-10-16 13:19:35.100306446 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rand.c.fips openssl-1.0.1k/crypto/fips/fips_rand.c +--- openssl-1.0.1k/crypto/fips/fips_rand.c.fips 2015-01-09 09:51:51.564922585 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rand.c 2015-01-09 09:51:51.564922585 +0100 @@ -0,0 +1,457 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -16223,9 +16223,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/ +} + +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/fips_rand.h ---- openssl-1.0.1j/crypto/fips/fips_rand.h.fips 2014-10-16 13:19:35.100306446 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rand.h 2014-10-16 13:19:35.100306446 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rand.h.fips openssl-1.0.1k/crypto/fips/fips_rand.h +--- openssl-1.0.1k/crypto/fips/fips_rand.h.fips 2015-01-09 09:51:51.564922585 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rand.h 2015-01-09 09:51:51.564922585 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16372,9 +16372,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/ +#endif +#endif +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/fips/fips_rand_lcl.h ---- openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips 2014-10-16 13:19:35.101306469 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h 2014-10-16 13:19:35.101306469 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1k/crypto/fips/fips_rand_lcl.h +--- openssl-1.0.1k/crypto/fips/fips_rand_lcl.h.fips 2015-01-09 09:51:51.564922585 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rand_lcl.h 2015-01-09 09:51:51.564922585 +0100 @@ -0,0 +1,219 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -16595,9 +16595,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/fips/fips_rand_lib.c ---- openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips 2014-10-16 13:19:35.101306469 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c 2014-10-16 13:19:35.101306469 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1k/crypto/fips/fips_rand_lib.c +--- openssl-1.0.1k/crypto/fips/fips_rand_lib.c.fips 2015-01-09 09:51:51.565922608 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rand_lib.c 2015-01-09 09:51:51.565922608 +0100 @@ -0,0 +1,191 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -16790,9 +16790,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/f + } + return 0; + } -diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips 2014-10-16 13:19:35.101306469 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c 2014-10-16 13:19:35.101306469 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_rand_selftest.c.fips 2015-01-09 09:51:51.565922608 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rand_selftest.c 2015-01-09 09:51:51.565922608 +0100 @@ -0,0 +1,183 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16977,9 +16977,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/cry + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/fips/fips_randtest.c ---- openssl-1.0.1j/crypto/fips/fips_randtest.c.fips 2014-10-16 13:19:35.101306469 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_randtest.c 2014-10-16 13:19:35.101306469 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_randtest.c.fips openssl-1.0.1k/crypto/fips/fips_randtest.c +--- openssl-1.0.1k/crypto/fips/fips_randtest.c.fips 2015-01-09 09:51:51.565922608 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_randtest.c 2015-01-09 09:51:51.565922608 +0100 @@ -0,0 +1,250 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -17231,9 +17231,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/f + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c 2014-10-16 13:19:35.102306491 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c.fips 2015-01-09 09:51:51.566922630 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c 2015-01-09 09:51:51.566922630 +0100 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -17679,9 +17679,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/cryp + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips 2014-10-16 13:19:35.102306491 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c 2014-10-16 13:19:35.102306491 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c.fips 2015-01-09 09:51:51.566922630 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c 2015-01-09 09:51:51.566922630 +0100 @@ -0,0 +1,282 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -17965,9 +17965,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/ + return 0; + + } -diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_sha_selftest.c ---- openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c 2014-10-16 13:19:35.102306491 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_sha_selftest.c +--- openssl-1.0.1k/crypto/fips/fips_sha_selftest.c.fips 2015-01-09 09:51:51.566922630 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_sha_selftest.c 2015-01-09 09:51:51.566922630 +0100 @@ -0,0 +1,140 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18109,9 +18109,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/cryp + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c ---- openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips 2014-10-16 13:19:35.102306491 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c 2014-10-16 13:19:35.102306491 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c +--- openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c.fips 2015-01-09 09:51:51.567922653 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c 2015-01-09 09:51:51.567922653 +0100 @@ -0,0 +1,236 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18349,9 +18349,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/c + } + + -diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto/fips/fips_test_suite.c ---- openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips 2014-10-16 13:19:35.103306514 +0200 -+++ openssl-1.0.1j/crypto/fips/fips_test_suite.c 2014-10-16 13:19:35.103306514 +0200 +diff -up openssl-1.0.1k/crypto/fips/fips_test_suite.c.fips openssl-1.0.1k/crypto/fips/fips_test_suite.c +--- openssl-1.0.1k/crypto/fips/fips_test_suite.c.fips 2015-01-09 09:51:51.567922653 +0100 ++++ openssl-1.0.1k/crypto/fips/fips_test_suite.c 2015-01-09 09:51:51.567922653 +0100 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18941,9 +18941,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto + } + +#endif -diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Makefile ---- openssl-1.0.1j/crypto/fips/Makefile.fips 2014-10-16 13:19:35.103306514 +0200 -+++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:19:35.103306514 +0200 +diff -up openssl-1.0.1k/crypto/fips/Makefile.fips openssl-1.0.1k/crypto/fips/Makefile +--- openssl-1.0.1k/crypto/fips/Makefile.fips 2015-01-09 09:51:51.568922675 +0100 ++++ openssl-1.0.1k/crypto/fips/Makefile 2015-01-09 09:51:51.568922675 +0100 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -19286,9 +19286,9 @@ diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Mak +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac.c ---- openssl-1.0.1j/crypto/hmac/hmac.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/hmac/hmac.c 2014-10-16 13:19:35.103306514 +0200 +diff -up openssl-1.0.1k/crypto/hmac/hmac.c.fips openssl-1.0.1k/crypto/hmac/hmac.c +--- openssl-1.0.1k/crypto/hmac/hmac.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/hmac/hmac.c 2015-01-09 09:51:51.568922675 +0100 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -19351,9 +19351,9 @@ diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac. EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c 2014-10-16 13:19:35.103306514 +0200 +diff -up openssl-1.0.1k/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1k/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.1k/crypto/mdc2/mdc2dgst.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/mdc2/mdc2dgst.c 2015-01-09 09:51:51.568922675 +0100 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -19363,9 +19363,9 @@ diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/m { c->num=0; c->pad_type=1; -diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2_dgst.c ---- openssl-1.0.1j/crypto/md2/md2_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/md2/md2_dgst.c 2014-10-16 13:19:35.103306514 +0200 +diff -up openssl-1.0.1k/crypto/md2/md2_dgst.c.fips openssl-1.0.1k/crypto/md2/md2_dgst.c +--- openssl-1.0.1k/crypto/md2/md2_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/md2/md2_dgst.c 2015-01-09 09:51:51.568922675 +0100 @@ -62,6 +62,11 @@ #include #include @@ -19387,9 +19387,9 @@ diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2 { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4_dgst.c ---- openssl-1.0.1j/crypto/md4/md4_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/md4/md4_dgst.c 2014-10-16 13:19:35.104306536 +0200 +diff -up openssl-1.0.1k/crypto/md4/md4_dgst.c.fips openssl-1.0.1k/crypto/md4/md4_dgst.c +--- openssl-1.0.1k/crypto/md4/md4_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/md4/md4_dgst.c 2015-01-09 09:51:51.569922698 +0100 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19399,9 +19399,9 @@ diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5_dgst.c ---- openssl-1.0.1j/crypto/md5/md5_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/md5/md5_dgst.c 2014-10-16 13:19:35.104306536 +0200 +diff -up openssl-1.0.1k/crypto/md5/md5_dgst.c.fips openssl-1.0.1k/crypto/md5/md5_dgst.c +--- openssl-1.0.1k/crypto/md5/md5_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/md5/md5_dgst.c 2015-01-09 09:51:51.569922698 +0100 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19411,9 +19411,9 @@ diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5 { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c ---- openssl-1.0.1j/crypto/o_fips.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/o_fips.c 2014-10-16 13:19:35.104306536 +0200 +diff -up openssl-1.0.1k/crypto/o_fips.c.fips openssl-1.0.1k/crypto/o_fips.c +--- openssl-1.0.1k/crypto/o_fips.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/o_fips.c 2015-01-09 09:51:51.569922698 +0100 @@ -79,6 +79,8 @@ int FIPS_mode_set(int r) #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -19423,9 +19423,9 @@ diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c ---- openssl-1.0.1j/crypto/o_init.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/o_init.c 2014-10-16 13:19:35.104306536 +0200 +diff -up openssl-1.0.1k/crypto/o_init.c.fips openssl-1.0.1k/crypto/o_init.c +--- openssl-1.0.1k/crypto/o_init.c.fips 2014-10-15 15:49:15.000000000 +0200 ++++ openssl-1.0.1k/crypto/o_init.c 2015-01-09 09:51:51.569922698 +0100 @@ -55,28 +55,68 @@ #include #include @@ -19499,9 +19499,9 @@ diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c + { + OPENSSL_init_library(); + } -diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opensslconf.h.in ---- openssl-1.0.1j/crypto/opensslconf.h.in.fips 2014-10-15 14:51:06.000000000 +0200 -+++ openssl-1.0.1j/crypto/opensslconf.h.in 2014-10-16 13:19:35.104306536 +0200 +diff -up openssl-1.0.1k/crypto/opensslconf.h.in.fips openssl-1.0.1k/crypto/opensslconf.h.in +--- openssl-1.0.1k/crypto/opensslconf.h.in.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/opensslconf.h.in 2015-01-09 09:51:51.569922698 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -19523,9 +19523,9 @@ diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opens /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md_rand.c ---- openssl-1.0.1j/crypto/rand/md_rand.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rand/md_rand.c 2014-10-16 13:19:35.104306536 +0200 +diff -up openssl-1.0.1k/crypto/rand/md_rand.c.fips openssl-1.0.1k/crypto/rand/md_rand.c +--- openssl-1.0.1k/crypto/rand/md_rand.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rand/md_rand.c 2015-01-09 09:51:51.570922721 +0100 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -19538,9 +19538,9 @@ diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md { RAND_poll(); initialized = 1; -diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand.h ---- openssl-1.0.1j/crypto/rand/rand.h.fips 2014-10-16 13:19:34.775299109 +0200 -+++ openssl-1.0.1j/crypto/rand/rand.h 2014-10-16 13:19:35.105306559 +0200 +diff -up openssl-1.0.1k/crypto/rand/rand.h.fips openssl-1.0.1k/crypto/rand/rand.h +--- openssl-1.0.1k/crypto/rand/rand.h.fips 2015-01-09 09:51:51.020910282 +0100 ++++ openssl-1.0.1k/crypto/rand/rand.h 2015-01-09 09:51:51.570922721 +0100 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -19581,9 +19581,9 @@ diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand. #ifdef __cplusplus } -diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c 2014-10-16 13:19:35.105306559 +0200 +diff -up openssl-1.0.1k/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1k/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.1k/crypto/ripemd/rmd_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/ripemd/rmd_dgst.c 2015-01-09 09:51:51.570922721 +0100 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif @@ -19593,9 +19593,9 @@ diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripe { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa_crpt.c ---- openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c 2014-10-16 13:19:35.105306559 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1k/crypto/rsa/rsa_crpt.c +--- openssl-1.0.1k/crypto/rsa/rsa_crpt.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_crpt.c 2015-01-09 09:51:51.570922721 +0100 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const RSA *rsa, int padding) { @@ -19622,9 +19622,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa return -1; } #endif -diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_eay.c ---- openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_eay.c 2014-10-16 13:19:35.105306559 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_eay.c.fips openssl-1.0.1k/crypto/rsa/rsa_eay.c +--- openssl-1.0.1k/crypto/rsa/rsa_eay.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_eay.c 2015-01-09 09:51:51.571922743 +0100 @@ -114,6 +114,10 @@ #include #include @@ -19755,9 +19755,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_ rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_err.c ---- openssl-1.0.1j/crypto/rsa/rsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_err.c 2014-10-16 13:19:35.105306559 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_err.c.fips openssl-1.0.1k/crypto/rsa/rsa_err.c +--- openssl-1.0.1k/crypto/rsa/rsa_err.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_err.c 2015-01-09 09:51:51.571922743 +0100 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -19767,9 +19767,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, -diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_gen.c ---- openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_gen.c 2014-10-16 13:19:35.106306581 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_gen.c.fips openssl-1.0.1k/crypto/rsa/rsa_gen.c +--- openssl-1.0.1k/crypto/rsa/rsa_gen.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_gen.c 2015-01-09 09:51:51.571922743 +0100 @@ -69,6 +69,78 @@ #include #ifdef OPENSSL_FIPS @@ -19911,9 +19911,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_ ok=1; err: if (ok == -1) -diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h ---- openssl-1.0.1j/crypto/rsa/rsa.h.fips 2014-10-16 13:19:34.947302992 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa.h 2014-10-16 13:24:00.824305281 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa.h.fips openssl-1.0.1k/crypto/rsa/rsa.h +--- openssl-1.0.1k/crypto/rsa/rsa.h.fips 2015-01-09 09:51:51.155913335 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa.h 2015-01-09 09:51:51.572922766 +0100 @@ -164,6 +164,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -19998,9 +19998,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_lib.c ---- openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_lib.c 2014-10-16 13:19:35.106306581 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_lib.c.fips openssl-1.0.1k/crypto/rsa/rsa_lib.c +--- openssl-1.0.1k/crypto/rsa/rsa_lib.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_lib.c 2015-01-09 09:51:51.572922766 +0100 @@ -84,6 +84,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -20076,9 +20076,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rsa_pmeth.c ---- openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c 2014-10-16 13:19:35.106306581 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1k/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.1k/crypto/rsa/rsa_pmeth.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_pmeth.c 2015-01-09 09:51:51.572922766 +0100 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -20122,9 +20122,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rs if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa_sign.c ---- openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/rsa/rsa_sign.c 2014-10-16 13:19:35.106306581 +0200 +diff -up openssl-1.0.1k/crypto/rsa/rsa_sign.c.fips openssl-1.0.1k/crypto/rsa/rsa_sign.c +--- openssl-1.0.1k/crypto/rsa/rsa_sign.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/rsa/rsa_sign.c 2015-01-09 09:51:51.572922766 +0100 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -20156,9 +20156,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa if (i <= 0) goto err; /* Oddball MDC2 case: signature can be OCTET STRING. -diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h ---- openssl-1.0.1j/crypto/sha/sha.h.fips 2014-10-16 13:19:34.667296671 +0200 -+++ openssl-1.0.1j/crypto/sha/sha.h 2014-10-16 13:19:35.107306604 +0200 +diff -up openssl-1.0.1k/crypto/sha/sha.h.fips openssl-1.0.1k/crypto/sha/sha.h +--- openssl-1.0.1k/crypto/sha/sha.h.fips 2015-01-09 09:51:50.939908450 +0100 ++++ openssl-1.0.1k/crypto/sha/sha.h 2015-01-09 09:51:51.573922789 +0100 @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -20191,9 +20191,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha_locl.h ---- openssl-1.0.1j/crypto/sha/sha_locl.h.fips 2014-10-16 13:19:34.669296716 +0200 -+++ openssl-1.0.1j/crypto/sha/sha_locl.h 2014-10-16 13:19:35.107306604 +0200 +diff -up openssl-1.0.1k/crypto/sha/sha_locl.h.fips openssl-1.0.1k/crypto/sha/sha_locl.h +--- openssl-1.0.1k/crypto/sha/sha_locl.h.fips 2015-01-09 09:51:50.942908518 +0100 ++++ openssl-1.0.1k/crypto/sha/sha_locl.h 2015-01-09 09:51:51.573922789 +0100 @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h4 0xc3d2e1f0UL @@ -20210,9 +20210,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha256.c ---- openssl-1.0.1j/crypto/sha/sha256.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/sha/sha256.c 2014-10-16 13:19:35.107306604 +0200 +diff -up openssl-1.0.1k/crypto/sha/sha256.c.fips openssl-1.0.1k/crypto/sha/sha256.c +--- openssl-1.0.1k/crypto/sha/sha256.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/sha/sha256.c 2015-01-09 09:51:51.573922789 +0100 @@ -12,12 +12,19 @@ #include @@ -20243,9 +20243,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha25 memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha512.c ---- openssl-1.0.1j/crypto/sha/sha512.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/sha/sha512.c 2014-10-16 13:19:35.107306604 +0200 +diff -up openssl-1.0.1k/crypto/sha/sha512.c.fips openssl-1.0.1k/crypto/sha/sha512.c +--- openssl-1.0.1k/crypto/sha/sha512.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/sha/sha512.c 2015-01-09 09:51:51.573922789 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -20277,9 +20277,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha51 c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); -diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c 2014-10-16 13:19:35.107306604 +0200 +diff -up openssl-1.0.1k/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1k/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.1k/crypto/whrlpool/wp_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/crypto/whrlpool/wp_dgst.c 2015-01-09 09:51:51.574922811 +0100 @@ -55,7 +55,7 @@ #include #include @@ -20289,9 +20289,9 @@ diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whr { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org ---- openssl-1.0.1j/Makefile.org.fips 2014-10-16 13:19:35.062305588 +0200 -+++ openssl-1.0.1j/Makefile.org 2014-10-16 13:19:35.108306626 +0200 +diff -up openssl-1.0.1k/Makefile.org.fips openssl-1.0.1k/Makefile.org +--- openssl-1.0.1k/Makefile.org.fips 2015-01-09 09:51:51.272915981 +0100 ++++ openssl-1.0.1k/Makefile.org 2015-01-09 09:51:51.574922811 +0100 @@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -20319,10 +20319,10 @@ diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c ---- openssl-1.0.1j/ssl/d1_srvr.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/ssl/d1_srvr.c 2014-10-16 13:19:35.108306626 +0200 -@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL * +diff -up openssl-1.0.1k/ssl/d1_srvr.c.fips openssl-1.0.1k/ssl/d1_srvr.c +--- openssl-1.0.1k/ssl/d1_srvr.c.fips 2015-01-08 15:00:56.000000000 +0100 ++++ openssl-1.0.1k/ssl/d1_srvr.c 2015-01-09 09:51:51.574922811 +0100 +@@ -1402,6 +1402,8 @@ int dtls1_send_server_key_exchange(SSL * j=0; for (num=2; num > 0; num--) { @@ -20331,9 +20331,9 @@ diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.1j/ssl/ssl_algs.c.fips openssl-1.0.1j/ssl/ssl_algs.c ---- openssl-1.0.1j/ssl/ssl_algs.c.fips 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j/ssl/ssl_algs.c 2014-10-16 13:19:35.108306626 +0200 +diff -up openssl-1.0.1k/ssl/ssl_algs.c.fips openssl-1.0.1k/ssl/ssl_algs.c +--- openssl-1.0.1k/ssl/ssl_algs.c.fips 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/ssl/ssl_algs.c 2015-01-09 09:51:51.575922834 +0100 @@ -64,6 +64,12 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.1-beta2-padlock64.patch b/openssl-1.0.1k-padlock64.patch similarity index 91% rename from openssl-1.0.1-beta2-padlock64.patch rename to openssl-1.0.1k-padlock64.patch index 4b7f7da..e70c0bf 100644 --- a/openssl-1.0.1-beta2-padlock64.patch +++ b/openssl-1.0.1k-padlock64.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c ---- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 2011-06-21 18:42:15.000000000 +0200 -+++ openssl-1.0.1-beta2/engines/e_padlock.c 2012-02-06 20:18:52.039537799 +0100 +diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c +--- openssl-1.0.1k/engines/e_padlock.c.padlock64 2015-01-08 15:00:56.000000000 +0100 ++++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 10:18:55.579650992 +0100 @@ -101,7 +101,10 @@ compiler choice is limited to GCC and Microsoft C. */ #undef COMPILE_HW_PADLOCK @@ -30,11 +30,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e /* * As for excessive "push %ebx"/"pop %ebx" found all over. * When generating position-independent code GCC won't let -@@ -383,21 +387,6 @@ padlock_available(void) +@@ -383,23 +387,6 @@ padlock_available(void) return padlock_use_ace + padlock_use_rng; } -#ifndef OPENSSL_NO_AES +-#ifndef AES_ASM -/* Our own htonl()/ntohl() */ -static inline void -padlock_bswapl(AES_KEY *ks) @@ -48,11 +49,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e - } -} -#endif +-#endif - /* Force key reload from memory to the CPU microcode. Loading EFLAGS from the stack clears EFLAGS[30] which does the trick. */ -@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \ +@@ -457,12 +444,129 @@ static inline void *name(size_t cnt, \ : "edx", "cc", "memory"); \ return iv; \ } @@ -165,6 +167,7 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ + ++#ifndef AES_ASM +/* Our own htonl()/ntohl() */ +static inline void +padlock_bswapl(AES_KEY *ks) @@ -177,10 +180,11 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e + key++; + } +} ++#endif #endif /* The RNG call itself */ -@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int +@@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int static inline unsigned char * padlock_memcpy(void *dst,const void *src,size_t n) { diff --git a/openssl-1.0.1i-trusted-first.patch b/openssl-1.0.1k-trusted-first.patch similarity index 66% rename from openssl-1.0.1i-trusted-first.patch rename to openssl-1.0.1k-trusted-first.patch index f11f36d..8d3f23a 100644 --- a/openssl-1.0.1i-trusted-first.patch +++ b/openssl-1.0.1k-trusted-first.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c ---- openssl-1.0.1i/apps/apps.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/apps/apps.c 2014-08-07 13:54:27.751103405 +0200 +diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c +--- openssl-1.0.1k/apps/apps.c.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/apps/apps.c 2015-01-09 10:19:45.476779456 +0100 @@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg flags |= X509_V_FLAG_NOTIFY_POLICY; else if (!strcmp(arg, "-check_ss_sig")) @@ -10,9 +10,9 @@ diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c else return 0; -diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c ---- openssl-1.0.1i/apps/cms.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/apps/cms.c 2014-08-07 13:54:27.751103405 +0200 +diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c +--- openssl-1.0.1k/apps/cms.c.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/apps/cms.c 2015-01-09 10:19:45.476779456 +0100 @@ -642,6 +642,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); @@ -21,20 +21,20 @@ diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c ---- openssl-1.0.1i/apps/ocsp.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/apps/ocsp.c 2014-08-07 13:54:27.752103409 +0200 +diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c +--- openssl-1.0.1k/apps/ocsp.c.trusted-first 2015-01-09 10:19:45.477779478 +0100 ++++ openssl-1.0.1k/apps/ocsp.c 2015-01-09 10:20:57.726413440 +0100 @@ -605,6 +605,7 @@ int MAIN(int argc, char **argv) - BIO_printf (bio_err, "-path path to use in OCSP request\n"); - BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); - BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); -+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n"); - BIO_printf (bio_err, "-VAfile file validator certificates file\n"); - BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); - BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); -diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_client.c ---- openssl-1.0.1i/apps/s_client.c.trusted-first 2014-08-07 13:54:27.752103409 +0200 -+++ openssl-1.0.1i/apps/s_client.c 2014-08-07 15:06:28.443918055 +0200 + BIO_printf (bio_err, "-path path to use in OCSP request\n"); + BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); + BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); ++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n"); + BIO_printf (bio_err, "-VAfile file validator certificates file\n"); + BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); + BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); +diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c +--- openssl-1.0.1k/apps/s_client.c.trusted-first 2015-01-09 10:19:45.438778596 +0100 ++++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:19:45.477779478 +0100 @@ -299,6 +299,7 @@ static void sc_usage(void) BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); @@ -43,9 +43,9 @@ diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_clie BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -prexit - print session information even on connection failure\n"); -diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c ---- openssl-1.0.1i/apps/smime.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/apps/smime.c 2014-08-07 13:54:27.753103414 +0200 +diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c +--- openssl-1.0.1k/apps/smime.c.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/apps/smime.c 2015-01-09 10:19:45.477779478 +0100 @@ -479,6 +479,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); @@ -54,9 +54,9 @@ diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_server.c ---- openssl-1.0.1i/apps/s_server.c.trusted-first 2014-08-07 13:54:27.718103241 +0200 -+++ openssl-1.0.1i/apps/s_server.c 2014-08-07 13:54:27.753103414 +0200 +diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c +--- openssl-1.0.1k/apps/s_server.c.trusted-first 2015-01-09 10:19:45.445778755 +0100 ++++ openssl-1.0.1k/apps/s_server.c 2015-01-09 10:19:45.478779501 +0100 @@ -502,6 +502,7 @@ static void sv_usage(void) BIO_printf(bio_err," -state - Print the SSL states\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); @@ -65,9 +65,9 @@ diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_serv BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); -diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c ---- openssl-1.0.1i/apps/s_time.c.trusted-first 2014-08-07 13:54:27.432101823 +0200 -+++ openssl-1.0.1i/apps/s_time.c 2014-08-07 13:54:27.753103414 +0200 +diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c +--- openssl-1.0.1k/apps/s_time.c.trusted-first 2015-01-09 10:19:45.391777534 +0100 ++++ openssl-1.0.1k/apps/s_time.c 2015-01-09 10:19:45.478779501 +0100 @@ -179,6 +179,7 @@ static void s_time_usage(void) file if not specified by this option\n\ -CApath arg - PEM format directory of CA's\n\ @@ -76,9 +76,9 @@ diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; printf( "usage: s_time \n\n" ); -diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c ---- openssl-1.0.1i/apps/ts.c.trusted-first 2014-08-07 13:54:27.707103186 +0200 -+++ openssl-1.0.1i/apps/ts.c 2014-08-07 13:54:27.753103414 +0200 +diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c +--- openssl-1.0.1k/apps/ts.c.trusted-first 2015-01-09 10:19:45.435778529 +0100 ++++ openssl-1.0.1k/apps/ts.c 2015-01-09 10:19:45.478779501 +0100 @@ -383,7 +383,7 @@ int MAIN(int argc, char **argv) "ts -verify [-data file_to_hash] [-digest digest_bytes] " "[-queryfile request.tsq] " @@ -88,9 +88,9 @@ diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c "-untrusted cert_file.pem\n"); cleanup: /* Clean up. */ -diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c ---- openssl-1.0.1i/apps/verify.c.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/apps/verify.c 2014-08-07 13:54:27.754103419 +0200 +diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c +--- openssl-1.0.1k/apps/verify.c.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/apps/verify.c 2015-01-09 10:19:45.478779501 +0100 @@ -237,7 +237,7 @@ int MAIN(int argc, char **argv) end: @@ -100,9 +100,9 @@ diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c BIO_printf(bio_err," [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," [-engine e]"); -diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.c ---- openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first 2014-08-07 13:54:27.716103231 +0200 -+++ openssl-1.0.1i/crypto/x509/x509_vfy.c 2014-08-07 13:54:27.754103419 +0200 +diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c +--- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first 2015-01-09 10:19:45.443778710 +0100 ++++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-01-09 10:19:45.479779524 +0100 @@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx /* If we are self signed, we break */ @@ -125,9 +125,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/cryp /* If we were passed a cert chain, use it first */ if (ctx->untrusted != NULL) -diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.h ---- openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first 2014-08-07 13:54:27.360101466 +0200 -+++ openssl-1.0.1i/crypto/x509/x509_vfy.h 2014-08-07 13:54:27.754103419 +0200 +diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h +--- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first 2015-01-09 10:19:45.266774706 +0100 ++++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-01-09 10:19:45.479779524 +0100 @@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE #define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ @@ -137,9 +137,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/cryp #define X509_VP_FLAG_DEFAULT 0x1 -diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/cms.pod ---- openssl-1.0.1i/doc/apps/cms.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/doc/apps/cms.pod 2014-08-07 13:54:27.754103419 +0200 +diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod +--- openssl-1.0.1k/doc/apps/cms.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/doc/apps/cms.pod 2015-01-09 10:19:45.479779524 +0100 @@ -35,6 +35,7 @@ B B [B<-print>] [B<-CAfile file>] @@ -161,9 +161,9 @@ diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/c =item B<-md digest> digest algorithm to use when signing or resigning. If not present then the -diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ocsp.pod ---- openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first 2014-08-07 13:54:27.708103191 +0200 -+++ openssl-1.0.1i/doc/apps/ocsp.pod 2014-08-07 13:54:27.755103424 +0200 +diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod +--- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first 2015-01-09 10:19:45.436778551 +0100 ++++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-01-09 10:19:45.479779524 +0100 @@ -29,6 +29,7 @@ B B [B<-path>] [B<-CApath dir>] @@ -172,7 +172,7 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ [B<-VAfile file>] [B<-validity_period n>] [B<-status_age n>] -@@ -138,6 +139,13 @@ or "/" by default. +@@ -142,6 +143,13 @@ connection timeout to the OCSP responder file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. @@ -186,9 +186,9 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ =item B<-verify_other file> file containing additional certificates to search when attempting to locate -diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/apps/s_client.pod ---- openssl-1.0.1i/doc/apps/s_client.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200 -+++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 13:54:27.755103424 +0200 +diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod +--- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100 ++++ openssl-1.0.1k/doc/apps/s_client.pod 2015-01-09 10:19:45.479779524 +0100 @@ -19,6 +19,7 @@ B B [B<-pass arg>] [B<-CApath directory>] @@ -206,9 +206,9 @@ diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/a Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. -diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps/smime.pod ---- openssl-1.0.1i/doc/apps/smime.pod.trusted-first 2014-07-22 21:43:11.000000000 +0200 -+++ openssl-1.0.1i/doc/apps/smime.pod 2014-08-07 13:54:27.755103424 +0200 +diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod +--- openssl-1.0.1k/doc/apps/smime.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/doc/apps/smime.pod 2015-01-09 10:19:45.479779524 +0100 @@ -15,6 +15,9 @@ B B [B<-pk7out>] [B<-[cipher]>] @@ -232,9 +232,9 @@ diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps =item B<-md digest> digest algorithm to use when signing or resigning. If not present then the -diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/apps/s_server.pod ---- openssl-1.0.1i/doc/apps/s_server.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200 -+++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 15:07:12.315099577 +0200 +diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod +--- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100 ++++ openssl-1.0.1k/doc/apps/s_server.pod 2015-01-09 10:19:45.479779524 +0100 @@ -33,6 +33,7 @@ B B [B<-state>] [B<-CApath directory>] @@ -256,9 +256,9 @@ diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/a =item B<-state> prints out the SSL session states. -diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/apps/s_time.pod ---- openssl-1.0.1i/doc/apps/s_time.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200 -+++ openssl-1.0.1i/doc/apps/s_time.pod 2014-08-07 13:54:27.755103424 +0200 +diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod +--- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/doc/apps/s_time.pod 2015-01-09 10:19:45.480779546 +0100 @@ -14,6 +14,7 @@ B B [B<-key filename>] [B<-CApath directory>] @@ -280,9 +280,9 @@ diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/app =item B<-new> performs the timing test using a new session ID for each connection. -diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts.pod ---- openssl-1.0.1i/doc/apps/ts.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200 -+++ openssl-1.0.1i/doc/apps/ts.pod 2014-08-07 13:54:27.756103429 +0200 +diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod +--- openssl-1.0.1k/doc/apps/ts.pod.trusted-first 2014-10-15 15:49:15.000000000 +0200 ++++ openssl-1.0.1k/doc/apps/ts.pod 2015-01-09 10:19:45.480779546 +0100 @@ -46,6 +46,7 @@ B<-verify> [B<-token_in>] [B<-CApath> trusted_cert_path] @@ -304,9 +304,9 @@ diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts =item B<-untrusted> cert_file.pem Set of additional untrusted certificates in PEM format which may be -diff -up openssl-1.0.1i/doc/apps/verify.pod.trusted-first openssl-1.0.1i/doc/apps/verify.pod ---- openssl-1.0.1i/doc/apps/verify.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/doc/apps/verify.pod 2014-08-07 13:54:27.756103429 +0200 +diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod +--- openssl-1.0.1k/doc/apps/verify.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100 ++++ openssl-1.0.1k/doc/apps/verify.pod 2015-01-09 10:19:45.480779546 +0100 @@ -9,6 +9,7 @@ verify - Utility to verify certificates. B B [B<-CApath directory>] diff --git a/openssl.spec b/openssl.spec index 25c6f9b..bac101b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,8 +22,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.1j -Release: 3%{?dist} +Version: 1.0.1k +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -58,11 +58,11 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch39: openssl-1.0.1h-ipv6-apps.patch -Patch40: openssl-1.0.1j-fips.patch +Patch40: openssl-1.0.1k-fips.patch Patch45: openssl-1.0.1e-env-zlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.1i-algo-doc.patch -Patch50: openssl-1.0.1-beta2-dtls1-abi.patch +Patch50: openssl-1.0.1k-dtls1-abi.patch Patch51: openssl-1.0.1e-version.patch Patch56: openssl-1.0.0c-rsa-x931.patch Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch @@ -75,7 +75,7 @@ Patch69: openssl-1.0.1c-dh-1024.patch Patch70: openssl-1.0.1j-fips-ec.patch Patch71: openssl-1.0.1i-manfix.patch Patch72: openssl-1.0.1e-fips-ctor.patch -Patch73: openssl-1.0.1e-ecc-suiteb.patch +Patch73: openssl-1.0.1k-ecc-suiteb.patch Patch74: openssl-1.0.1e-no-md5-verify.patch Patch75: openssl-1.0.1e-compat-symbols.patch Patch76: openssl-1.0.1i-new-fips-reqs.patch @@ -85,10 +85,10 @@ Patch92: openssl-1.0.1h-system-cipherlist.patch Patch93: openssl-1.0.1h-disable-sslv2v3.patch # Backported fixes including security fixes Patch80: openssl-1.0.1j-evp-wrap.patch -Patch81: openssl-1.0.1-beta2-padlock64.patch -Patch84: openssl-1.0.1i-trusted-first.patch +Patch81: openssl-1.0.1k-padlock64.patch +Patch84: openssl-1.0.1k-trusted-first.patch Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch -Patch89: openssl-1.0.1j-ephemeral-key-size.patch +Patch89: openssl-1.0.1k-ephemeral-key-size.patch License: OpenSSL Group: System Environment/Libraries @@ -478,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Fri Jan 9 2015 Tomáš Mráz 1.0.1k-1 +- new upstream release fixing multiple security issues + * Thu Nov 20 2014 Tomáš Mráz 1.0.1j-3 - disable SSLv3 by default again (mail servers and possibly LDAP servers should probably allow it explicitly for legacy diff --git a/sources b/sources index 615e1aa..11d2121 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d6eba044f614596f94ba27a90be2b5de openssl-1.0.1j-hobbled.tar.xz +c272aff85ade496e3eca96a41a49a06f openssl-1.0.1k-hobbled.tar.xz