add back support for secp521r1 EC curve

- add aarch64 to Configure (#969692)
2013-11-08 18:16:49 +01:00 · 2013-11-08 18:16:49 +01:00 · 83d99a68af
commit 83d99a68af
parent 5714047e75
5 changed files with 111 additions and 56 deletions
--- a/ec_curve.c
+++ b/ec_curve.c
@ -120,6 +120,56 @@ static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
 	  0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
 	};

+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
+	_EC_NIST_PRIME_521 = {
+	{ NID_X9_62_prime_field,20,66,1 },
+	{ 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,	/* seed */
+	  0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
+
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+	  0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,	/* b */
+	  0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+	  0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+	  0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+	  0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+	  0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+	  0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+	  0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,	/* x */
+	  0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+	  0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+	  0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+	  0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+	  0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+	  0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+	  0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,	/* y */
+	  0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+	  0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+	  0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+	  0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+	  0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+	  0x94,0x76,0x9f,0xd1,0x66,0x50,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+	  0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+	  0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+	  0xB7,0x1E,0x91,0x38,0x64,0x09 }
+	};
+
 static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
 	_EC_X9_62_PRIME_256V1 = {
 	{ NID_X9_62_prime_field,20,32,1 },
@ -164,6 +214,11 @@ static const ec_list_element curve_list[] = {
 	/* secg curves */
 	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
 	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
+#else
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
+#endif
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
 #else
--- a/openssl-1.0.1-beta2-rpmbuild.patch
+++ b/openssl-1.0.1-beta2-rpmbuild.patch
@ -34,7 +34,7 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 # /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -373,16 +373,16 @@ my %table=(
+@@ -373,16 +373,17 @@ my %table=(
 # ldconfig and run-time linker to autodiscover. Unfortunately it
 # doesn't work just yet, because of couple of bugs in glibc
 # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
@ -52,10 +52,11 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
 # GCC 3.1 is a requirement
 -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -396,8 +396,8 @@ my %table=(
+@@ -396,8 +397,8 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
@ -66,7 +67,7 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
-@@ -1678,7 +1678,7 @@ while (<IN>)
+@@ -1678,7 +1679,7 @@ while (<IN>)
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
--- a/openssl-1.0.1e-ecc-suiteb.patch
+++ b/openssl-1.0.1e-ecc-suiteb.patch
@ -1,7 +1,7 @@
 diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
--- openssl-1.0.1e/apps/speed.c.suiteb	2013-10-18 17:38:22.288870517 +0200
-+++ openssl-1.0.1e/apps/speed.c	2013-10-18 17:38:22.336871572 +0200
-@@ -966,49 +966,21 @@ int MAIN(int argc, char **argv)
+--- openssl-1.0.1e/apps/speed.c.suiteb	2013-11-08 18:02:53.815229706 +0100
+++ openssl-1.0.1e/apps/speed.c	2013-11-08 18:04:47.016724297 +0100
+@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
 		else
 #endif
 #ifndef OPENSSL_NO_ECDSA
@ -11,7 +11,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
 -		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
 +		if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
 		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+ 		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
 -		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
 -		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
 -		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
@ -25,7 +25,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
 		else if (strcmp(*argv,"ecdsa") == 0)
 			{
 -			for (i=0; i < EC_NUM; i++)
-+			for (i=R_EC_P256; i <= R_EC_P384; i++)
+			for (i=R_EC_P256; i <= R_EC_P521; i++)
 				ecdsa_doit[i]=1;
 			}
 		else
@ -37,7 +37,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
 -		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
 +		if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
 		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+ 		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
 -		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
 -		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
 -		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
@ -51,52 +51,52 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
 		else if (strcmp(*argv,"ecdh") == 0)
 			{
 -			for (i=0; i < EC_NUM; i++)
-+			for (i=R_EC_P256; i <= R_EC_P384; i++)
+			for (i=R_EC_P256; i <= R_EC_P521; i++)
 				ecdh_doit[i]=1;
 			}
 		else
-@@ -1097,15 +1069,11 @@ int MAIN(int argc, char **argv)
+@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
 #ifndef OPENSSL_NO_ECDSA
 -			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
 -			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
 -			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-+			BIO_printf(bio_err,"ecdsap256 ecdsap384\n");
+			BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n");
 			BIO_printf(bio_err,"ecdsa\n");
 #endif
 #ifndef OPENSSL_NO_ECDH
 -			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
 -			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
 -			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-+			BIO_printf(bio_err,"ecdhp256  ecdhp384\n");
+			BIO_printf(bio_err,"ecdhp256  ecdhp384 ecdhp521\n");
 			BIO_printf(bio_err,"ecdh\n");
 #endif
 
-@@ -1184,11 +1152,11 @@ int MAIN(int argc, char **argv)
+@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv)
 		    if (!FIPS_mode() || i != R_DSA_512)
 			dsa_doit[i]=1;
 #ifndef OPENSSL_NO_ECDSA
 -		for (i=0; i<EC_NUM; i++)
-+		for (i=R_EC_P256; i <= R_EC_P384; i++)
+		for (i=R_EC_P256; i <= R_EC_P521; i++)
 			ecdsa_doit[i]=1;
 #endif
 #ifndef OPENSSL_NO_ECDH
 -		for (i=0; i<EC_NUM; i++)
-+		for (i=R_EC_P256; i <= R_EC_P384; i++)
+		for (i=R_EC_P256; i <= R_EC_P521; i++)
 			ecdh_doit[i]=1;
 #endif
 		}
 diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
 --- openssl-1.0.1e/ssl/t1_lib.c.suiteb	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/ssl/t1_lib.c	2013-10-24 09:41:11.892179845 +0200
-@@ -204,31 +204,8 @@ static int nid_list[] =
+++ openssl-1.0.1e/ssl/t1_lib.c	2013-11-08 18:05:27.551617554 +0100
+@@ -204,31 +204,9 @@ static int nid_list[] =
 
 static int pref_list[] =
 	{
 -		NID_sect571r1, /* sect571r1 (14) */ 
 -		NID_sect571k1, /* sect571k1 (13) */ 
-		NID_secp521r1, /* secp521r1 (25) */	
+ 		NID_secp521r1, /* secp521r1 (25) */	
 -		NID_sect409k1, /* sect409k1 (11) */ 
 -		NID_sect409r1, /* sect409r1 (12) */
 		NID_secp384r1, /* secp384r1 (24) */
--- a/openssl-1.0.1e-fips-ec.patch
+++ b/openssl-1.0.1e-fips-ec.patch
@ -1,6 +1,6 @@
 diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h
--- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec	2013-05-03 12:19:59.248301642 +0200
-+++ openssl-1.0.1e/crypto/ecdh/ecdh.h	2013-05-03 12:19:59.975317289 +0200
+--- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec	2013-11-08 17:59:42.755019363 +0100
+++ openssl-1.0.1e/crypto/ecdh/ecdh.h	2013-11-08 17:59:43.147028002 +0100
@@ -85,6 +85,8 @@
 extern "C" {
 #endif
@ -12,8 +12,8 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ec
 void	  ECDH_set_default_method(const ECDH_METHOD *);
 diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c
 --- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c	2013-05-03 12:19:59.975317289 +0200
-@@ -323,11 +323,15 @@ int main(int argc, char *argv[])
+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c	2013-11-08 17:59:54.712282862 +0100
+@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
 	/* NIST PRIME CURVES TESTS */
@ -23,15 +23,10 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecd
 +#endif
 	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
 	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
-+#if 0
 	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
-+#endif
- #ifndef OPENSSL_NO_EC2M
- 	/* NIST BINARY CURVES TESTS */
- 	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
 diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c
 --- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c	2013-05-03 12:19:59.976317311 +0200
+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c	2013-11-08 17:59:43.148028024 +0100
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
 	{
 	if(!default_ECDH_method) 
@ -49,7 +44,7 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh
 	}
 diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c
 --- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c	2013-05-03 12:19:59.976317311 +0200
+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c	2013-11-08 17:59:43.148028024 +0100
@@ -79,6 +79,10 @@
 #include <openssl/obj_mac.h>
 #include <openssl/bn.h>
@ -106,7 +101,7 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
 diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
 --- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c	2013-05-03 12:19:59.976317311 +0200
+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c	2013-11-08 17:59:43.148028024 +0100
@@ -138,11 +138,14 @@ int restore_rand(void)
 	}
 
@ -144,7 +139,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e
 	ret = 0;
 diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
 --- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c	2013-05-03 12:19:59.977317333 +0200
+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c	2013-11-08 17:59:43.148028024 +0100
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
 {
 	if(!default_ECDSA_method) 
@ -162,7 +157,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd
 }
 diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
 --- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c	2013-05-03 12:19:59.977317333 +0200
+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c	2013-11-08 17:59:43.148028024 +0100
@@ -60,6 +60,9 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
@ -214,7 +209,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec
 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
 diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c
 --- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ec_key.c	2013-05-03 12:19:59.978317354 +0200
+++ openssl-1.0.1e/crypto/ec/ec_key.c	2013-11-08 17:59:43.148028024 +0100
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
@ -313,7 +308,7 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k
 			EC_R_COORDINATES_OUT_OF_RANGE);
 diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c
 --- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_mont.c	2013-05-03 12:19:59.978317354 +0200
+++ openssl-1.0.1e/crypto/ec/ecp_mont.c	2013-11-08 17:59:43.149028046 +0100
@@ -63,18 +63,11 @@
 
 #include <openssl/err.h>
@ -343,7 +338,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 
 diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c
 --- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_nist.c	2013-05-03 12:19:59.978317354 +0200
+++ openssl-1.0.1e/crypto/ec/ecp_nist.c	2013-11-08 17:59:43.149028046 +0100
@@ -67,15 +67,8 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
@ -370,7 +365,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c
 --- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c	2013-05-03 12:19:59.979317376 +0200
+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c	2013-11-08 17:59:43.149028046 +0100
@@ -65,17 +65,10 @@
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
@ -412,7 +407,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 		ctx = new_ctx = BN_CTX_new();
 diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c
 --- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c	2013-05-03 12:19:59.979317376 +0200
+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c	2013-11-08 17:59:43.149028046 +0100
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 
@ -436,8 +431,8 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m
 #endif
 -#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2013-05-03 12:19:59.980317397 +0200
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c	2013-05-03 12:19:59.980317397 +0200
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2013-11-08 17:59:43.149028046 +0100
+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c	2013-11-08 17:59:43.149028046 +0100
@@ -0,0 +1,496 @@
 +/* fips/ecdh/fips_ecdhvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -936,8 +931,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2013-05-03 12:19:59.980317397 +0200
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c	2013-05-03 12:19:59.980317397 +0200
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c	2013-11-08 17:59:43.150028068 +0100
@@ -0,0 +1,533 @@
 +/* fips/ecdsa/fips_ecdsavs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1473,8 +1468,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec	2013-05-03 12:19:59.981317418 +0200
-+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c	2013-05-03 12:19:59.981317418 +0200
+--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c	2013-11-08 17:59:43.150028068 +0100
@@ -0,0 +1,252 @@
 +/* fips/ecdh/fips_ecdh_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1729,8 +1724,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2013-05-03 12:19:59.981317418 +0200
-+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c	2013-05-03 12:19:59.981317418 +0200
+--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c	2013-11-08 17:59:43.150028068 +0100
@@ -0,0 +1,167 @@
 +/* fips/ecdsa/fips_ecdsa_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1900,8 +1895,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h
--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec	2013-05-03 12:19:59.942316578 +0200
-+++ openssl-1.0.1e/crypto/fips/fips.h	2013-05-03 12:19:59.981317418 +0200
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec	2013-11-08 17:59:43.116027318 +0100
+++ openssl-1.0.1e/crypto/fips/fips.h	2013-11-08 17:59:43.150028068 +0100
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
 void FIPS_corrupt_dsa_keygen(void);
@ -1912,8 +1907,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi
 void FIPS_rng_stick(void);
 void FIPS_x931_stick(int onoff);
 diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c
--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec	2013-05-03 12:19:59.942316578 +0200
-+++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-05-03 12:19:59.982317439 +0200
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec	2013-11-08 17:59:43.117027340 +0100
+++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-11-08 17:59:43.150028068 +0100
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
 		rv = 0;
 	if (!FIPS_selftest_rsa())
@ -1928,8 +1923,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi
 	}
 
 diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile
--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec	2013-05-03 12:19:59.945316642 +0200
-+++ openssl-1.0.1e/crypto/fips/Makefile	2013-05-03 12:20:12.173579845 +0200
+--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec	2013-11-08 17:59:43.119027384 +0100
+++ openssl-1.0.1e/crypto/fips/Makefile	2013-11-08 17:59:43.151028090 +0100
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -2032,9 +2027,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
 fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map
--- openssl-1.0.1e/version.map.fips-ec	2013-05-03 12:19:59.000000000 +0200
-+++ openssl-1.0.1e/version.map	2013-05-09 11:11:08.022300608 +0200
-@@ -5,3 +5,7 @@ OPENSSL_1.0.1 {
+--- openssl-1.0.1e/version.map.fips-ec	2013-11-08 17:59:43.131027649 +0100
+++ openssl-1.0.1e/version.map	2013-11-08 17:59:43.151028090 +0100
+@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
 	    _original*;
 	    _current*;
 };
--- a/openssl.spec
+++ b/openssl.spec
@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 30%{?dist}
+Release: 31%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -456,6 +456,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig

 %changelog
+* Fri Nov  8 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-31
+- add back support for secp521r1 EC curve
+- add aarch64 to Configure (#969692)
+
 * Tue Oct 29 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-30
 - fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346)