diff --git a/openssl-1.1.1-ec-curves.patch b/openssl-1.1.1-ec-curves.patch index b26263f..2d8dcc2 100644 --- a/openssl-1.1.1-ec-curves.patch +++ b/openssl-1.1.1-ec-curves.patch @@ -1,8 +1,40 @@ -diff -up openssl-1.1.1-pre8/apps/speed.c.curves openssl-1.1.1-pre8/apps/speed.c ---- openssl-1.1.1-pre8/apps/speed.c.curves 2018-07-17 08:48:56.106625020 +0200 -+++ openssl-1.1.1-pre8/apps/speed.c 2018-07-17 08:50:07.526521809 +0200 -@@ -511,56 +511,20 @@ static double rsa_results[RSA_NUM][2]; - #define R_EC_X448 23 +diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c +--- openssl-1.1.1/apps/speed.c.curves 2018-09-11 14:48:20.000000000 +0200 ++++ openssl-1.1.1/apps/speed.c 2018-09-13 09:24:24.840081023 +0200 +@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = { + static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ + #endif /* OPENSSL_NO_RSA */ + +-#define R_EC_P160 0 +-#define R_EC_P192 1 +-#define R_EC_P224 2 +-#define R_EC_P256 3 +-#define R_EC_P384 4 +-#define R_EC_P521 5 +-#define R_EC_K163 6 +-#define R_EC_K233 7 +-#define R_EC_K283 8 +-#define R_EC_K409 9 +-#define R_EC_K571 10 +-#define R_EC_B163 11 +-#define R_EC_B233 12 +-#define R_EC_B283 13 +-#define R_EC_B409 14 +-#define R_EC_B571 15 +-#define R_EC_BRP256R1 16 +-#define R_EC_BRP256T1 17 +-#define R_EC_BRP384R1 18 +-#define R_EC_BRP384T1 19 +-#define R_EC_BRP512R1 20 +-#define R_EC_BRP512T1 21 +-#define R_EC_X25519 22 +-#define R_EC_X448 23 ++#define R_EC_P224 0 ++#define R_EC_P256 1 ++#define R_EC_P384 2 ++#define R_EC_P521 3 ++#define R_EC_X25519 4 ++#define R_EC_X448 5 #ifndef OPENSSL_NO_EC static OPT_PAIR ecdsa_choices[] = { - {"ecdsap160", R_EC_P160}, @@ -58,10 +90,90 @@ diff -up openssl-1.1.1-pre8/apps/speed.c.curves openssl-1.1.1-pre8/apps/speed.c {"ecdhx25519", R_EC_X25519}, {"ecdhx448", R_EC_X448} }; -diff -up openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c ---- openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves 2018-06-20 16:48:10.000000000 +0200 -+++ openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c 2018-07-17 08:48:56.107625044 +0200 -@@ -141,6 +141,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO +@@ -1495,29 +1441,10 @@ int speed_main(int argc, char **argv) + unsigned int bits; + } test_curves[] = { + /* Prime Curves */ +- {"secp160r1", NID_secp160r1, 160}, +- {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, +- /* Binary Curves */ +- {"nistk163", NID_sect163k1, 163}, +- {"nistk233", NID_sect233k1, 233}, +- {"nistk283", NID_sect283k1, 283}, +- {"nistk409", NID_sect409k1, 409}, +- {"nistk571", NID_sect571k1, 571}, +- {"nistb163", NID_sect163r2, 163}, +- {"nistb233", NID_sect233r1, 233}, +- {"nistb283", NID_sect283r1, 283}, +- {"nistb409", NID_sect409r1, 409}, +- {"nistb571", NID_sect571r1, 571}, +- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, +- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, +- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, +- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, +- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, +- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} +@@ -2017,9 +1944,9 @@ int speed_main(int argc, char **argv) + # endif + + # ifndef OPENSSL_NO_EC +- ecdsa_c[R_EC_P160][0] = count / 1000; +- ecdsa_c[R_EC_P160][1] = count / 1000 / 2; +- for (i = R_EC_P192; i <= R_EC_P521; i++) { ++ ecdsa_c[R_EC_P224][0] = count / 1000; ++ ecdsa_c[R_EC_P224][1] = count / 1000 / 2; ++ for (i = R_EC_P256; i <= R_EC_P521; i++) { + ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; + ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; + if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) +@@ -2031,6 +1958,7 @@ int speed_main(int argc, char **argv) + } + } + } ++#if 0 + ecdsa_c[R_EC_K163][0] = count / 1000; + ecdsa_c[R_EC_K163][1] = count / 1000 / 2; + for (i = R_EC_K233; i <= R_EC_K571; i++) { +@@ -2059,9 +1987,9 @@ int speed_main(int argc, char **argv) + } + } + } +- +- ecdh_c[R_EC_P160][0] = count / 1000; +- for (i = R_EC_P192; i <= R_EC_P521; i++) { ++#endif ++ ecdh_c[R_EC_P224][0] = count / 1000; ++ for (i = R_EC_P256; i <= R_EC_P521; i++) { + ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; +@@ -2071,6 +1999,7 @@ int speed_main(int argc, char **argv) + } + } + } ++#if 0 + ecdh_c[R_EC_K163][0] = count / 1000; + for (i = R_EC_K233; i <= R_EC_K571; i++) { + ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; +@@ -2116,6 +2045,7 @@ int speed_main(int argc, char **argv) + } + } + } ++#endif + /* default iteration count for the last two EC Curves */ + ecdh_c[R_EC_X25519][0] = count / 1800; + ecdh_c[R_EC_X448][0] = count / 7200; +diff -up openssl-1.1.1/crypto/ec/ecp_smpl.c.curves openssl-1.1.1/crypto/ec/ecp_smpl.c +--- openssl-1.1.1/crypto/ec/ecp_smpl.c.curves 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/ec/ecp_smpl.c 2018-09-13 09:09:26.841792619 +0200 +@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO return 0; } @@ -73,9 +185,9 @@ diff -up openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves openssl-1.1.1-pre8/crypt if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) -diff -up openssl-1.1.1-pre8/test/ecdsatest.c.curves openssl-1.1.1-pre8/test/ecdsatest.c ---- openssl-1.1.1-pre8/test/ecdsatest.c.curves 2018-06-20 16:48:14.000000000 +0200 -+++ openssl-1.1.1-pre8/test/ecdsatest.c 2018-07-17 08:48:56.107625044 +0200 +diff -up openssl-1.1.1/test/ecdsatest.c.curves openssl-1.1.1/test/ecdsatest.c +--- openssl-1.1.1/test/ecdsatest.c.curves 2018-09-11 14:48:24.000000000 +0200 ++++ openssl-1.1.1/test/ecdsatest.c 2018-09-13 09:09:26.841792619 +0200 @@ -173,6 +173,7 @@ static int x9_62_tests(void) if (!change_rand()) goto x962_err; diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index 9b34b7e..3365a23 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.1-pre9/apps/speed.c.fips openssl-1.1.1-pre9/apps/speed.c ---- openssl-1.1.1-pre9/apps/speed.c.fips 2018-08-22 12:17:53.399654580 +0200 -+++ openssl-1.1.1-pre9/apps/speed.c 2018-08-22 12:17:53.418655045 +0200 -@@ -1558,7 +1558,8 @@ int speed_main(int argc, char **argv) +diff -up openssl-1.1.1/apps/speed.c.fips openssl-1.1.1/apps/speed.c +--- openssl-1.1.1/apps/speed.c.fips 2018-09-13 08:51:22.089521413 +0200 ++++ openssl-1.1.1/apps/speed.c 2018-09-13 08:51:22.101521133 +0200 +@@ -1629,7 +1629,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) @@ -11,7 +11,7 @@ diff -up openssl-1.1.1-pre9/apps/speed.c.fips openssl-1.1.1-pre9/apps/speed.c continue; } if (found(*argv, rsa_choices, &i)) { -@@ -1568,7 +1569,9 @@ int speed_main(int argc, char **argv) +@@ -1639,7 +1640,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -22,7 +22,7 @@ diff -up openssl-1.1.1-pre9/apps/speed.c.fips openssl-1.1.1-pre9/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1691,15 +1694,21 @@ int speed_main(int argc, char **argv) +@@ -1771,15 +1774,21 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -47,7 +47,7 @@ diff -up openssl-1.1.1-pre9/apps/speed.c.fips openssl-1.1.1-pre9/apps/speed.c #endif #ifndef OPENSSL_NO_EC for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) -@@ -1753,30 +1762,46 @@ int speed_main(int argc, char **argv) +@@ -1835,30 +1844,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -104,7 +104,7 @@ diff -up openssl-1.1.1-pre9/apps/speed.c.fips openssl-1.1.1-pre9/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -2067,6 +2092,7 @@ int speed_main(int argc, char **argv) +@@ -2152,6 +2177,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -112,9 +112,9 @@ diff -up openssl-1.1.1-pre9/apps/speed.c.fips openssl-1.1.1-pre9/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.1-pre9/Configure.fips openssl-1.1.1-pre9/Configure ---- openssl-1.1.1-pre9/Configure.fips 2018-08-22 12:17:53.412654898 +0200 -+++ openssl-1.1.1-pre9/Configure 2018-08-22 12:17:53.418655045 +0200 +diff -up openssl-1.1.1/Configure.fips openssl-1.1.1/Configure +--- openssl-1.1.1/Configure.fips 2018-09-13 08:51:22.097521227 +0200 ++++ openssl-1.1.1/Configure 2018-09-13 08:51:22.101521133 +0200 @@ -310,7 +310,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", @@ -124,9 +124,9 @@ diff -up openssl-1.1.1-pre9/Configure.fips openssl-1.1.1-pre9/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.1-pre9/crypto/dh/dh_err.c.fips openssl-1.1.1-pre9/crypto/dh/dh_err.c ---- openssl-1.1.1-pre9/crypto/dh/dh_err.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dh/dh_err.c 2018-08-22 12:17:53.419655070 +0200 +diff -up openssl-1.1.1/crypto/dh/dh_err.c.fips openssl-1.1.1/crypto/dh/dh_err.c +--- openssl-1.1.1/crypto/dh/dh_err.c.fips 2018-09-11 14:48:20.000000000 +0200 ++++ openssl-1.1.1/crypto/dh/dh_err.c 2018-09-13 08:51:22.101521133 +0200 @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -152,9 +152,9 @@ diff -up openssl-1.1.1-pre9/crypto/dh/dh_err.c.fips openssl-1.1.1-pre9/crypto/dh {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1-pre9/crypto/dh/dh_gen.c.fips openssl-1.1.1-pre9/crypto/dh/dh_gen.c ---- openssl-1.1.1-pre9/crypto/dh/dh_gen.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dh/dh_gen.c 2018-08-22 12:17:53.419655070 +0200 +diff -up openssl-1.1.1/crypto/dh/dh_gen.c.fips openssl-1.1.1/crypto/dh/dh_gen.c +--- openssl-1.1.1/crypto/dh/dh_gen.c.fips 2018-09-11 14:48:20.000000000 +0200 ++++ openssl-1.1.1/crypto/dh/dh_gen.c 2018-09-13 08:51:22.101521133 +0200 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -198,9 +198,9 @@ diff -up openssl-1.1.1-pre9/crypto/dh/dh_gen.c.fips openssl-1.1.1-pre9/crypto/dh ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1-pre9/crypto/dh/dh_key.c.fips openssl-1.1.1-pre9/crypto/dh/dh_key.c ---- openssl-1.1.1-pre9/crypto/dh/dh_key.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dh/dh_key.c 2018-08-22 12:17:53.419655070 +0200 +diff -up openssl-1.1.1/crypto/dh/dh_key.c.fips openssl-1.1.1/crypto/dh/dh_key.c +--- openssl-1.1.1/crypto/dh/dh_key.c.fips 2018-09-11 14:48:20.000000000 +0200 ++++ openssl-1.1.1/crypto/dh/dh_key.c 2018-09-13 08:51:22.101521133 +0200 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -284,9 +284,9 @@ diff -up openssl-1.1.1-pre9/crypto/dh/dh_key.c.fips openssl-1.1.1-pre9/crypto/dh dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_err.c.fips openssl-1.1.1-pre9/crypto/dsa/dsa_err.c ---- openssl-1.1.1-pre9/crypto/dsa/dsa_err.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dsa/dsa_err.c 2018-08-22 12:17:53.419655070 +0200 +diff -up openssl-1.1.1/crypto/dsa/dsa_err.c.fips openssl-1.1.1/crypto/dsa/dsa_err.c +--- openssl-1.1.1/crypto/dsa/dsa_err.c.fips 2018-09-11 14:48:20.000000000 +0200 ++++ openssl-1.1.1/crypto/dsa/dsa_err.c 2018-09-13 08:51:22.102521110 +0200 @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -316,9 +316,9 @@ diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_err.c.fips openssl-1.1.1-pre9/crypto/ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_gen.c.fips openssl-1.1.1-pre9/crypto/dsa/dsa_gen.c ---- openssl-1.1.1-pre9/crypto/dsa/dsa_gen.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dsa/dsa_gen.c 2018-08-22 12:17:53.419655070 +0200 +diff -up openssl-1.1.1/crypto/dsa/dsa_gen.c.fips openssl-1.1.1/crypto/dsa/dsa_gen.c +--- openssl-1.1.1/crypto/dsa/dsa_gen.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/dsa/dsa_gen.c 2018-09-13 08:51:22.102521110 +0200 @@ -22,12 +22,22 @@ #include #include @@ -480,9 +480,9 @@ diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_gen.c.fips openssl-1.1.1-pre9/crypto/ +} + +#endif -diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_key.c.fips openssl-1.1.1-pre9/crypto/dsa/dsa_key.c ---- openssl-1.1.1-pre9/crypto/dsa/dsa_key.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dsa/dsa_key.c 2018-08-22 12:17:53.419655070 +0200 +diff -up openssl-1.1.1/crypto/dsa/dsa_key.c.fips openssl-1.1.1/crypto/dsa/dsa_key.c +--- openssl-1.1.1/crypto/dsa/dsa_key.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/dsa/dsa_key.c 2018-09-13 08:51:22.102521110 +0200 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -562,9 +562,9 @@ diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_key.c.fips openssl-1.1.1-pre9/crypto/ ok = 1; err: -diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1-pre9/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1-pre9/crypto/dsa/dsa_ossl.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dsa/dsa_ossl.c 2018-08-22 12:20:54.839098914 +0200 +diff -up openssl-1.1.1/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1/crypto/dsa/dsa_ossl.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/dsa/dsa_ossl.c 2018-09-13 08:51:22.102521110 +0200 @@ -13,6 +13,9 @@ #include #include "dsa_locl.h" @@ -624,9 +624,9 @@ diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1-pre9/crypto dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1-pre9/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1-pre9/crypto/dsa/dsa_pmeth.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/dsa/dsa_pmeth.c 2018-08-22 12:17:53.420655094 +0200 +diff -up openssl-1.1.1/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1/crypto/dsa/dsa_pmeth.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/dsa/dsa_pmeth.c 2018-09-13 08:51:22.102521110 +0200 @@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -638,9 +638,9 @@ diff -up openssl-1.1.1-pre9/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1-pre9/crypt BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.1-pre9/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1-pre9/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1-pre9/crypto/ec/ecdh_ossl.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/ec/ecdh_ossl.c 2018-08-22 12:17:53.420655094 +0200 +diff -up openssl-1.1.1/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1/crypto/ec/ecdh_ossl.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/ec/ecdh_ossl.c 2018-09-13 08:51:22.102521110 +0200 @@ -19,9 +19,20 @@ #include #include "ec_lcl.h" @@ -662,9 +662,9 @@ diff -up openssl-1.1.1-pre9/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1-pre9/crypto if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.1-pre9/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1-pre9/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1-pre9/crypto/ec/ecdsa_ossl.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/ec/ecdsa_ossl.c 2018-08-22 12:21:45.828347887 +0200 +diff -up openssl-1.1.1/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1/crypto/ec/ecdsa_ossl.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/ec/ecdsa_ossl.c 2018-09-13 08:51:22.103521086 +0200 @@ -14,6 +14,10 @@ #include "internal/bn_int.h" #include "ec_lcl.h" @@ -704,9 +704,9 @@ diff -up openssl-1.1.1-pre9/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1-pre9/crypt /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1-pre9/crypto/ec/ec_key.c.fips openssl-1.1.1-pre9/crypto/ec/ec_key.c ---- openssl-1.1.1-pre9/crypto/ec/ec_key.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/ec/ec_key.c 2018-08-22 12:17:53.422655143 +0200 +diff -up openssl-1.1.1/crypto/ec/ec_key.c.fips openssl-1.1.1/crypto/ec/ec_key.c +--- openssl-1.1.1/crypto/ec/ec_key.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/ec/ec_key.c 2018-09-13 08:51:22.103521086 +0200 @@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -772,9 +772,9 @@ diff -up openssl-1.1.1-pre9/crypto/ec/ec_key.c.fips openssl-1.1.1-pre9/crypto/ec ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.1-pre9/crypto/evp/c_allc.c.fips openssl-1.1.1-pre9/crypto/evp/c_allc.c ---- openssl-1.1.1-pre9/crypto/evp/c_allc.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/c_allc.c 2018-08-22 12:17:53.422655143 +0200 +diff -up openssl-1.1.1/crypto/evp/c_allc.c.fips openssl-1.1.1/crypto/evp/c_allc.c +--- openssl-1.1.1/crypto/evp/c_allc.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/c_allc.c 2018-09-13 08:51:22.103521086 +0200 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -856,9 +856,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/c_allc.c.fips openssl-1.1.1-pre9/crypto/e + } +#endif } -diff -up openssl-1.1.1-pre9/crypto/evp/c_alld.c.fips openssl-1.1.1-pre9/crypto/evp/c_alld.c ---- openssl-1.1.1-pre9/crypto/evp/c_alld.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/c_alld.c 2018-08-22 12:17:53.422655143 +0200 +diff -up openssl-1.1.1/crypto/evp/c_alld.c.fips openssl-1.1.1/crypto/evp/c_alld.c +--- openssl-1.1.1/crypto/evp/c_alld.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/c_alld.c 2018-09-13 08:51:22.103521086 +0200 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -894,9 +894,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/c_alld.c.fips openssl-1.1.1-pre9/crypto/e + } +#endif } -diff -up openssl-1.1.1-pre9/crypto/evp/digest.c.fips openssl-1.1.1-pre9/crypto/evp/digest.c ---- openssl-1.1.1-pre9/crypto/evp/digest.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/digest.c 2018-08-22 12:17:53.423655168 +0200 +diff -up openssl-1.1.1/crypto/evp/digest.c.fips openssl-1.1.1/crypto/evp/digest.c +--- openssl-1.1.1/crypto/evp/digest.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/digest.c 2018-09-13 08:51:22.103521086 +0200 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -907,7 +907,7 @@ diff -up openssl-1.1.1-pre9/crypto/evp/digest.c.fips openssl-1.1.1-pre9/crypto/e /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) -@@ -61,6 +64,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons +@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); @@ -920,7 +920,7 @@ diff -up openssl-1.1.1-pre9/crypto/evp/digest.c.fips openssl-1.1.1-pre9/crypto/e #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -114,6 +123,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -119,6 +128,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c } #endif if (ctx->digest != type) { @@ -936,7 +936,7 @@ diff -up openssl-1.1.1-pre9/crypto/evp/digest.c.fips openssl-1.1.1-pre9/crypto/e if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; -@@ -145,6 +163,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -150,6 +168,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { @@ -946,7 +946,7 @@ diff -up openssl-1.1.1-pre9/crypto/evp/digest.c.fips openssl-1.1.1-pre9/crypto/e return ctx->update(ctx, data, count); } -@@ -162,6 +183,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, +@@ -167,6 +188,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, { int ret; @@ -956,9 +956,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/digest.c.fips openssl-1.1.1-pre9/crypto/e OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.1-pre9/crypto/evp/e_aes.c.fips openssl-1.1.1-pre9/crypto/evp/e_aes.c ---- openssl-1.1.1-pre9/crypto/evp/e_aes.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/e_aes.c 2018-08-22 12:17:53.423655168 +0200 +diff -up openssl-1.1.1/crypto/evp/e_aes.c.fips openssl-1.1.1/crypto/evp/e_aes.c +--- openssl-1.1.1/crypto/evp/e_aes.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/e_aes.c 2018-09-13 08:51:22.104521063 +0200 @@ -2794,9 +2794,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -1054,9 +1054,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/e_aes.c.fips openssl-1.1.1-pre9/crypto/ev | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.1-pre9/crypto/evp/e_des3.c.fips openssl-1.1.1-pre9/crypto/evp/e_des3.c ---- openssl-1.1.1-pre9/crypto/evp/e_des3.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/e_des3.c 2018-08-22 12:17:53.424655192 +0200 +diff -up openssl-1.1.1/crypto/evp/e_des3.c.fips openssl-1.1.1/crypto/evp/e_des3.c +--- openssl-1.1.1/crypto/evp/e_des3.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/e_des3.c 2018-09-13 08:51:22.104521063 +0200 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1083,9 +1083,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/e_des3.c.fips openssl-1.1.1-pre9/crypto/e static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.1-pre9/crypto/evp/e_null.c.fips openssl-1.1.1-pre9/crypto/evp/e_null.c ---- openssl-1.1.1-pre9/crypto/evp/e_null.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/e_null.c 2018-08-22 12:17:53.424655192 +0200 +diff -up openssl-1.1.1/crypto/evp/e_null.c.fips openssl-1.1.1/crypto/evp/e_null.c +--- openssl-1.1.1/crypto/evp/e_null.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/e_null.c 2018-09-13 08:51:22.104521063 +0200 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1096,9 +1096,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/e_null.c.fips openssl-1.1.1-pre9/crypto/e null_init_key, null_cipher, NULL, -diff -up openssl-1.1.1-pre9/crypto/evp/evp_enc.c.fips openssl-1.1.1-pre9/crypto/evp/evp_enc.c ---- openssl-1.1.1-pre9/crypto/evp/evp_enc.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/evp_enc.c 2018-08-22 12:17:53.424655192 +0200 +diff -up openssl-1.1.1/crypto/evp/evp_enc.c.fips openssl-1.1.1/crypto/evp/evp_enc.c +--- openssl-1.1.1/crypto/evp/evp_enc.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/evp_enc.c 2018-09-13 08:51:22.104521063 +0200 @@ -17,10 +17,19 @@ #include #include "internal/evp_int.h" @@ -1174,9 +1174,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/evp_enc.c.fips openssl-1.1.1-pre9/crypto/ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1-pre9/crypto/evp/evp_err.c.fips openssl-1.1.1-pre9/crypto/evp/evp_err.c ---- openssl-1.1.1-pre9/crypto/evp/evp_err.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/evp_err.c 2018-08-22 12:17:53.424655192 +0200 +diff -up openssl-1.1.1/crypto/evp/evp_err.c.fips openssl-1.1.1/crypto/evp/evp_err.c +--- openssl-1.1.1/crypto/evp/evp_err.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/evp_err.c 2018-09-13 08:51:22.104521063 +0200 @@ -20,6 +20,7 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, @@ -1201,9 +1201,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/evp_err.c.fips openssl-1.1.1-pre9/crypto/ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.1-pre9/crypto/evp/evp_lib.c.fips openssl-1.1.1-pre9/crypto/evp/evp_lib.c ---- openssl-1.1.1-pre9/crypto/evp/evp_lib.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/evp_lib.c 2018-08-22 12:17:53.424655192 +0200 +diff -up openssl-1.1.1/crypto/evp/evp_lib.c.fips openssl-1.1.1/crypto/evp/evp_lib.c +--- openssl-1.1.1/crypto/evp/evp_lib.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/evp_lib.c 2018-09-13 08:51:22.105521040 +0200 @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1214,9 +1214,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/evp_lib.c.fips openssl-1.1.1-pre9/crypto/ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.1-pre9/crypto/evp/m_sha1.c.fips openssl-1.1.1-pre9/crypto/evp/m_sha1.c ---- openssl-1.1.1-pre9/crypto/evp/m_sha1.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/evp/m_sha1.c 2018-08-22 12:17:53.424655192 +0200 +diff -up openssl-1.1.1/crypto/evp/m_sha1.c.fips openssl-1.1.1/crypto/evp/m_sha1.c +--- openssl-1.1.1/crypto/evp/m_sha1.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/evp/m_sha1.c 2018-09-13 08:51:22.105521040 +0200 @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1280,9 +1280,9 @@ diff -up openssl-1.1.1-pre9/crypto/evp/m_sha1.c.fips openssl-1.1.1-pre9/crypto/e init512, update512, final512, -diff -up openssl-1.1.1-pre9/crypto/fips/build.info.fips openssl-1.1.1-pre9/crypto/fips/build.info ---- openssl-1.1.1-pre9/crypto/fips/build.info.fips 2018-08-22 12:17:53.425655217 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/build.info 2018-08-22 12:17:53.425655217 +0200 +diff -up openssl-1.1.1/crypto/fips/build.info.fips openssl-1.1.1/crypto/fips/build.info +--- openssl-1.1.1/crypto/fips/build.info.fips 2018-09-13 08:51:22.105521040 +0200 ++++ openssl-1.1.1/crypto/fips/build.info 2018-09-13 08:51:22.105521040 +0200 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1299,9 +1299,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/build.info.fips openssl-1.1.1-pre9/crypt +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1-pre9/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_aes_selftest.c.fips 2018-08-22 12:17:53.425655217 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_aes_selftest.c 2018-08-22 12:17:53.425655217 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1/crypto/fips/fips_aes_selftest.c.fips 2018-09-13 08:51:22.105521040 +0200 ++++ openssl-1.1.1/crypto/fips/fips_aes_selftest.c 2018-09-13 08:51:22.105521040 +0200 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1675,9 +1675,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1-p +} + +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips.c.fips openssl-1.1.1-pre9/crypto/fips/fips.c ---- openssl-1.1.1-pre9/crypto/fips/fips.c.fips 2018-08-22 12:17:53.425655217 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips.c 2018-08-22 12:17:53.425655217 +0200 +diff -up openssl-1.1.1/crypto/fips/fips.c.fips openssl-1.1.1/crypto/fips/fips.c +--- openssl-1.1.1/crypto/fips/fips.c.fips 2018-09-13 08:51:22.105521040 +0200 ++++ openssl-1.1.1/crypto/fips/fips.c 2018-09-13 08:51:22.105521040 +0200 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2205,9 +2205,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips.c.fips openssl-1.1.1-pre9/crypto/fi +} + +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_cmac_selftest.c.fips 2018-08-22 12:17:53.425655217 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_cmac_selftest.c 2018-08-22 12:17:53.425655217 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1/crypto/fips/fips_cmac_selftest.c.fips 2018-09-13 08:51:22.105521040 +0200 ++++ openssl-1.1.1/crypto/fips/fips_cmac_selftest.c 2018-09-13 08:51:22.105521040 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2365,9 +2365,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1- + return rv; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_des_selftest.c.fips 2018-08-22 12:17:53.425655217 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_des_selftest.c 2018-08-22 12:17:53.425655217 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1/crypto/fips/fips_des_selftest.c.fips 2018-09-13 08:51:22.106521016 +0200 ++++ openssl-1.1.1/crypto/fips/fips_des_selftest.c 2018-09-13 08:51:22.106521016 +0200 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2502,9 +2502,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1-p + return ret; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_dh_selftest.c.fips 2018-08-22 12:17:53.426655241 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_dh_selftest.c 2018-08-22 12:17:53.426655241 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1/crypto/fips/fips_dh_selftest.c.fips 2018-09-13 08:51:22.109520946 +0200 ++++ openssl-1.1.1/crypto/fips/fips_dh_selftest.c 2018-09-13 08:51:22.109520946 +0200 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2686,9 +2686,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1-pr + return ret; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_ctr.c.fips 2018-08-22 12:17:53.426655241 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_ctr.c 2018-08-22 12:17:53.426655241 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1/crypto/fips/fips_drbg_ctr.c.fips 2018-09-13 08:51:22.109520946 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_ctr.c 2018-09-13 08:51:22.109520946 +0200 @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3096,9 +3096,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1-pre9/ + + return 1; +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_hash.c.fips 2018-08-22 12:17:53.430655339 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_hash.c 2018-08-22 12:17:53.430655339 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1/crypto/fips/fips_drbg_hash.c.fips 2018-09-13 08:51:22.109520946 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_hash.c 2018-09-13 08:51:22.109520946 +0200 @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3454,9 +3454,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1-pre9 + + return 1; +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_hmac.c.fips 2018-08-22 12:17:53.431655364 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_hmac.c 2018-08-22 12:17:53.431655364 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1/crypto/fips/fips_drbg_hmac.c.fips 2018-09-13 08:51:22.110520923 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_hmac.c 2018-09-13 08:51:22.110520923 +0200 @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3720,9 +3720,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1-pre9 + + return 1; +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_lib.c.fips 2018-08-22 12:17:53.431655364 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_lib.c 2018-08-22 12:17:53.431655364 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1/crypto/fips/fips_drbg_lib.c.fips 2018-09-13 08:51:22.110520923 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_lib.c 2018-09-13 08:51:22.110520923 +0200 @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4252,9 +4252,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1-pre9/ +{ + /* Just backwards compatibility API call with no effect. */ +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_rand.c.fips 2018-08-22 12:17:53.431655364 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_rand.c 2018-08-22 12:17:53.431655364 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1/crypto/fips/fips_drbg_rand.c.fips 2018-09-13 08:51:22.110520923 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_rand.c 2018-09-13 08:51:22.110520923 +0200 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4439,9 +4439,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1-pre9 +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.c.fips 2018-08-22 12:17:53.431655364 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.c 2018-08-22 12:17:53.431655364 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1/crypto/fips/fips_drbg_selftest.c.fips 2018-09-13 08:51:22.111520900 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_selftest.c 2018-09-13 08:51:22.111520900 +0200 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5271,9 +5271,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1- + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.h.fips 2018-08-22 12:17:53.438655535 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.h 2018-08-22 12:17:53.438655535 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1/crypto/fips/fips_drbg_selftest.h.fips 2018-09-13 08:51:22.111520900 +0200 ++++ openssl-1.1.1/crypto/fips/fips_drbg_selftest.h 2018-09-13 08:51:22.111520900 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7066,9 +7066,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1- + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.1-pre9/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_dsa_selftest.c.fips 2018-08-22 12:17:53.438655535 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_dsa_selftest.c 2018-08-22 12:17:53.438655535 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1/crypto/fips/fips_dsa_selftest.c.fips 2018-09-13 08:51:22.112520876 +0200 ++++ openssl-1.1.1/crypto/fips/fips_dsa_selftest.c 2018-09-13 08:51:22.112520876 +0200 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7265,9 +7265,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1-p + return ret; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_ecdh_selftest.c.fips 2018-08-22 12:17:53.438655535 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_ecdh_selftest.c 2018-08-22 12:17:53.438655535 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1/crypto/fips/fips_ecdh_selftest.c.fips 2018-09-13 08:51:22.112520876 +0200 ++++ openssl-1.1.1/crypto/fips/fips_ecdh_selftest.c 2018-09-13 08:51:22.112520876 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7511,9 +7511,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1- +} + +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_ecdsa_selftest.c.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_ecdsa_selftest.c 2018-08-22 12:17:53.438655535 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1/crypto/fips/fips_ecdsa_selftest.c.fips 2018-09-13 08:51:22.112520876 +0200 ++++ openssl-1.1.1/crypto/fips/fips_ecdsa_selftest.c 2018-09-13 08:51:22.112520876 +0200 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7681,9 +7681,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1 +} + +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_enc.c.fips openssl-1.1.1-pre9/crypto/fips/fips_enc.c ---- openssl-1.1.1-pre9/crypto/fips/fips_enc.c.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_enc.c 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_enc.c.fips openssl-1.1.1/crypto/fips/fips_enc.c +--- openssl-1.1.1/crypto/fips/fips_enc.c.fips 2018-09-13 08:51:22.112520876 +0200 ++++ openssl-1.1.1/crypto/fips/fips_enc.c 2018-09-13 08:51:22.112520876 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7874,9 +7874,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_enc.c.fips openssl-1.1.1-pre9/crypt + + } +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_err.h.fips openssl-1.1.1-pre9/crypto/fips/fips_err.h ---- openssl-1.1.1-pre9/crypto/fips/fips_err.h.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_err.h 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_err.h.fips openssl-1.1.1/crypto/fips/fips_err.h +--- openssl-1.1.1/crypto/fips/fips_err.h.fips 2018-09-13 08:51:22.112520876 +0200 ++++ openssl-1.1.1/crypto/fips/fips_err.h 2018-09-13 08:51:22.112520876 +0200 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8074,9 +8074,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_err.h.fips openssl-1.1.1-pre9/crypt +#endif + return 1; +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_ers.c.fips openssl-1.1.1-pre9/crypto/fips/fips_ers.c ---- openssl-1.1.1-pre9/crypto/fips/fips_ers.c.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_ers.c 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_ers.c.fips openssl-1.1.1/crypto/fips/fips_ers.c +--- openssl-1.1.1/crypto/fips/fips_ers.c.fips 2018-09-13 08:51:22.112520876 +0200 ++++ openssl-1.1.1/crypto/fips/fips_ers.c 2018-09-13 08:51:22.112520876 +0200 @@ -0,0 +1,7 @@ +#include + @@ -8085,9 +8085,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_ers.c.fips openssl-1.1.1-pre9/crypt +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_hmac_selftest.c.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_hmac_selftest.c 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1/crypto/fips/fips_hmac_selftest.c.fips 2018-09-13 08:51:22.113520853 +0200 ++++ openssl-1.1.1/crypto/fips/fips_hmac_selftest.c 2018-09-13 08:51:22.113520853 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8223,9 +8223,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1- + return 1; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_locl.h.fips openssl-1.1.1-pre9/crypto/fips/fips_locl.h ---- openssl-1.1.1-pre9/crypto/fips/fips_locl.h.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_locl.h 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_locl.h.fips openssl-1.1.1/crypto/fips/fips_locl.h +--- openssl-1.1.1/crypto/fips/fips_locl.h.fips 2018-09-13 08:51:22.113520853 +0200 ++++ openssl-1.1.1/crypto/fips/fips_locl.h 2018-09-13 08:51:22.113520853 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8298,9 +8298,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_locl.h.fips openssl-1.1.1-pre9/cryp +} +# endif +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_md.c.fips openssl-1.1.1-pre9/crypto/fips/fips_md.c ---- openssl-1.1.1-pre9/crypto/fips/fips_md.c.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_md.c 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_md.c.fips openssl-1.1.1/crypto/fips/fips_md.c +--- openssl-1.1.1/crypto/fips/fips_md.c.fips 2018-09-13 08:51:22.113520853 +0200 ++++ openssl-1.1.1/crypto/fips/fips_md.c 2018-09-13 08:51:22.113520853 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8446,9 +8446,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_md.c.fips openssl-1.1.1-pre9/crypto + return NULL; + } +} -diff -up openssl-1.1.1-pre9/crypto/fips/fips_post.c.fips openssl-1.1.1-pre9/crypto/fips/fips_post.c ---- openssl-1.1.1-pre9/crypto/fips/fips_post.c.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_post.c 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_post.c.fips openssl-1.1.1/crypto/fips/fips_post.c +--- openssl-1.1.1/crypto/fips/fips_post.c.fips 2018-09-13 08:51:22.113520853 +0200 ++++ openssl-1.1.1/crypto/fips/fips_post.c 2018-09-13 08:51:22.113520853 +0200 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8672,9 +8672,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_post.c.fips openssl-1.1.1-pre9/cryp + return 1; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1-pre9/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1-pre9/crypto/fips/fips_rand_lcl.h.fips 2018-08-22 12:17:53.439655560 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_rand_lcl.h 2018-08-22 12:17:53.439655560 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1/crypto/fips/fips_rand_lcl.h.fips 2018-09-13 08:51:22.113520853 +0200 ++++ openssl-1.1.1/crypto/fips/fips_rand_lcl.h 2018-09-13 08:51:22.113520853 +0200 @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8879,9 +8879,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1-pre9/ +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1-pre9/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1-pre9/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1-pre9/crypto/fips/fips_rand_lib.c.fips 2018-08-22 12:17:53.440655584 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_rand_lib.c 2018-08-22 12:17:53.440655584 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1/crypto/fips/fips_rand_lib.c.fips 2018-09-13 08:51:22.113520853 +0200 ++++ openssl-1.1.1/crypto/fips/fips_rand_lib.c 2018-09-13 08:51:22.113520853 +0200 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9117,9 +9117,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1-pre9/ +# endif +} + -diff -up openssl-1.1.1-pre9/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_rsa_selftest.c.fips 2018-08-22 12:17:53.440655584 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_rsa_selftest.c 2018-08-22 12:17:53.440655584 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1/crypto/fips/fips_rsa_selftest.c.fips 2018-09-13 08:51:22.114520830 +0200 ++++ openssl-1.1.1/crypto/fips/fips_rsa_selftest.c 2018-09-13 08:51:22.114520830 +0200 @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9459,9 +9459,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1-p +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1-pre9/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1-pre9/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1-pre9/crypto/fips/fips_sha_selftest.c.fips 2018-08-22 12:17:53.440655584 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_sha_selftest.c 2018-08-22 12:17:53.440655584 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1/crypto/fips/fips_sha_selftest.c.fips 2018-09-13 08:51:22.114520830 +0200 ++++ openssl-1.1.1/crypto/fips/fips_sha_selftest.c 2018-09-13 08:51:22.114520830 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9601,9 +9601,9 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1-p +} + +#endif -diff -up openssl-1.1.1-pre9/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1-pre9/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1-pre9/crypto/fips/fips_standalone_hmac.c.fips 2018-08-22 12:17:53.440655584 +0200 -+++ openssl-1.1.1-pre9/crypto/fips/fips_standalone_hmac.c 2018-08-22 12:17:53.440655584 +0200 +diff -up openssl-1.1.1/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1/crypto/fips/fips_standalone_hmac.c.fips 2018-09-13 08:51:22.114520830 +0200 ++++ openssl-1.1.1/crypto/fips/fips_standalone_hmac.c 2018-09-13 08:51:22.114520830 +0200 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9732,10 +9732,10 @@ diff -up openssl-1.1.1-pre9/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1. +#endif + return 0; +} -diff -up openssl-1.1.1-pre9/crypto/hmac/hmac.c.fips openssl-1.1.1-pre9/crypto/hmac/hmac.c ---- openssl-1.1.1-pre9/crypto/hmac/hmac.c.fips 2018-08-21 14:14:12.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/hmac/hmac.c 2018-08-22 12:17:53.440655584 +0200 -@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo +diff -up openssl-1.1.1/crypto/hmac/hmac.c.fips openssl-1.1.1/crypto/hmac/hmac.c +--- openssl-1.1.1/crypto/hmac/hmac.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/hmac/hmac.c 2018-09-13 08:51:22.114520830 +0200 +@@ -36,6 +36,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } if (key != NULL) { @@ -9749,9 +9749,9 @@ diff -up openssl-1.1.1-pre9/crypto/hmac/hmac.c.fips openssl-1.1.1-pre9/crypto/hm reset = 1; j = EVP_MD_block_size(md); if (!ossl_assert(j <= (int)sizeof(ctx->key))) -diff -up openssl-1.1.1-pre9/crypto/include/internal/fips_int.h.fips openssl-1.1.1-pre9/crypto/include/internal/fips_int.h ---- openssl-1.1.1-pre9/crypto/include/internal/fips_int.h.fips 2018-08-22 12:17:53.440655584 +0200 -+++ openssl-1.1.1-pre9/crypto/include/internal/fips_int.h 2018-08-22 12:17:53.440655584 +0200 +diff -up openssl-1.1.1/crypto/include/internal/fips_int.h.fips openssl-1.1.1/crypto/include/internal/fips_int.h +--- openssl-1.1.1/crypto/include/internal/fips_int.h.fips 2018-09-13 08:51:22.114520830 +0200 ++++ openssl-1.1.1/crypto/include/internal/fips_int.h 2018-09-13 08:51:22.114520830 +0200 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9854,9 +9854,9 @@ diff -up openssl-1.1.1-pre9/crypto/include/internal/fips_int.h.fips openssl-1.1. +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.1-pre9/crypto/o_fips.c.fips openssl-1.1.1-pre9/crypto/o_fips.c ---- openssl-1.1.1-pre9/crypto/o_fips.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/o_fips.c 2018-08-22 12:17:53.440655584 +0200 +diff -up openssl-1.1.1/crypto/o_fips.c.fips openssl-1.1.1/crypto/o_fips.c +--- openssl-1.1.1/crypto/o_fips.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/o_fips.c 2018-09-13 08:51:22.114520830 +0200 @@ -11,14 +11,25 @@ int FIPS_mode(void) @@ -9883,9 +9883,9 @@ diff -up openssl-1.1.1-pre9/crypto/o_fips.c.fips openssl-1.1.1-pre9/crypto/o_fip return 0; +#endif } -diff -up openssl-1.1.1-pre9/crypto/o_init.c.fips openssl-1.1.1-pre9/crypto/o_init.c ---- openssl-1.1.1-pre9/crypto/o_init.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/o_init.c 2018-08-22 12:17:53.441655609 +0200 +diff -up openssl-1.1.1/crypto/o_init.c.fips openssl-1.1.1/crypto/o_init.c +--- openssl-1.1.1/crypto/o_init.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/o_init.c 2018-09-13 08:51:22.115520806 +0200 @@ -7,8 +7,68 @@ * https://www.openssl.org/source/license.html */ @@ -9955,9 +9955,9 @@ diff -up openssl-1.1.1-pre9/crypto/o_init.c.fips openssl-1.1.1-pre9/crypto/o_ini /* * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1-pre9/crypto/rand/rand_lib.c.fips openssl-1.1.1-pre9/crypto/rand/rand_lib.c ---- openssl-1.1.1-pre9/crypto/rand/rand_lib.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rand/rand_lib.c 2018-08-22 12:17:53.441655609 +0200 +diff -up openssl-1.1.1/crypto/rand/rand_lib.c.fips openssl-1.1.1/crypto/rand/rand_lib.c +--- openssl-1.1.1/crypto/rand/rand_lib.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rand/rand_lib.c 2018-09-13 08:51:22.115520806 +0200 @@ -16,6 +16,10 @@ #include "internal/thread_once.h" #include "rand_lcl.h" @@ -9969,7 +9969,7 @@ diff -up openssl-1.1.1-pre9/crypto/rand/rand_lib.c.fips openssl-1.1.1-pre9/crypt #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -793,3 +797,15 @@ int RAND_status(void) +@@ -797,3 +801,15 @@ int RAND_status(void) return meth->status(); return 0; } @@ -9985,9 +9985,9 @@ diff -up openssl-1.1.1-pre9/crypto/rand/rand_lib.c.fips openssl-1.1.1-pre9/crypt + return 1; +} +#endif -diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1-pre9/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1-pre9/crypto/rsa/rsa_crpt.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rsa/rsa_crpt.c 2018-08-22 12:17:53.441655609 +0200 +diff -up openssl-1.1.1/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1/crypto/rsa/rsa_crpt.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rsa/rsa_crpt.c 2018-09-13 08:51:22.117520759 +0200 @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10041,9 +10041,9 @@ diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1-pre9/crypto return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_err.c.fips openssl-1.1.1-pre9/crypto/rsa/rsa_err.c ---- openssl-1.1.1-pre9/crypto/rsa/rsa_err.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rsa/rsa_err.c 2018-08-22 12:17:53.441655609 +0200 +diff -up openssl-1.1.1/crypto/rsa/rsa_err.c.fips openssl-1.1.1/crypto/rsa/rsa_err.c +--- openssl-1.1.1/crypto/rsa/rsa_err.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rsa/rsa_err.c 2018-09-13 08:51:22.117520759 +0200 @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -10112,9 +10112,9 @@ diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_err.c.fips openssl-1.1.1-pre9/crypto/ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_gen.c.fips openssl-1.1.1-pre9/crypto/rsa/rsa_gen.c ---- openssl-1.1.1-pre9/crypto/rsa/rsa_gen.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rsa/rsa_gen.c 2018-08-22 12:17:53.441655609 +0200 +diff -up openssl-1.1.1/crypto/rsa/rsa_gen.c.fips openssl-1.1.1/crypto/rsa/rsa_gen.c +--- openssl-1.1.1/crypto/rsa/rsa_gen.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rsa/rsa_gen.c 2018-09-13 08:51:22.118520736 +0200 @@ -18,6 +18,78 @@ #include "internal/cryptlib.h" #include @@ -10509,9 +10509,9 @@ diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_gen.c.fips openssl-1.1.1-pre9/crypto/ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_lib.c.fips openssl-1.1.1-pre9/crypto/rsa/rsa_lib.c ---- openssl-1.1.1-pre9/crypto/rsa/rsa_lib.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rsa/rsa_lib.c 2018-08-22 12:17:53.442655633 +0200 +diff -up openssl-1.1.1/crypto/rsa/rsa_lib.c.fips openssl-1.1.1/crypto/rsa/rsa_lib.c +--- openssl-1.1.1/crypto/rsa/rsa_lib.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rsa/rsa_lib.c 2018-09-13 08:51:22.118520736 +0200 @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10554,9 +10554,9 @@ diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_lib.c.fips openssl-1.1.1-pre9/crypto/ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1-pre9/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1-pre9/crypto/rsa/rsa_ossl.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rsa/rsa_ossl.c 2018-08-22 12:17:53.442655633 +0200 +diff -up openssl-1.1.1/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1/crypto/rsa/rsa_ossl.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rsa/rsa_ossl.c 2018-09-13 08:51:22.118520736 +0200 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -10673,9 +10673,9 @@ diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1-pre9/crypto if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_sign.c.fips openssl-1.1.1-pre9/crypto/rsa/rsa_sign.c ---- openssl-1.1.1-pre9/crypto/rsa/rsa_sign.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/rsa/rsa_sign.c 2018-08-22 12:17:53.442655633 +0200 +diff -up openssl-1.1.1/crypto/rsa/rsa_sign.c.fips openssl-1.1.1/crypto/rsa/rsa_sign.c +--- openssl-1.1.1/crypto/rsa/rsa_sign.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/rsa/rsa_sign.c 2018-09-13 08:51:22.118520736 +0200 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10702,22 +10702,9 @@ diff -up openssl-1.1.1-pre9/crypto/rsa/rsa_sign.c.fips openssl-1.1.1-pre9/crypto if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.1-pre9/crypto/sha/sha_locl.h.fips openssl-1.1.1-pre9/crypto/sha/sha_locl.h ---- openssl-1.1.1-pre9/crypto/sha/sha_locl.h.fips 2018-08-22 12:17:52.546633685 +0200 -+++ openssl-1.1.1-pre9/crypto/sha/sha_locl.h 2018-08-22 12:17:53.442655633 +0200 -@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c - - int HASH_INIT(SHA_CTX *c) - { -+#if defined(OPENSSL_FIPS) -+ FIPS_selftest_check(); -+#endif - memset(c, 0, sizeof(*c)); - c->h0 = INIT_DATA_h0; - c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1-pre9/crypto/sha/sha256.c.fips openssl-1.1.1-pre9/crypto/sha/sha256.c ---- openssl-1.1.1-pre9/crypto/sha/sha256.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/sha/sha256.c 2018-08-22 12:17:53.663661047 +0200 +diff -up openssl-1.1.1/crypto/sha/sha256.c.fips openssl-1.1.1/crypto/sha/sha256.c +--- openssl-1.1.1/crypto/sha/sha256.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/sha/sha256.c 2018-09-13 08:51:22.118520736 +0200 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10738,9 +10725,9 @@ diff -up openssl-1.1.1-pre9/crypto/sha/sha256.c.fips openssl-1.1.1-pre9/crypto/s memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1-pre9/crypto/sha/sha512.c.fips openssl-1.1.1-pre9/crypto/sha/sha512.c ---- openssl-1.1.1-pre9/crypto/sha/sha512.c.fips 2018-08-21 14:14:13.000000000 +0200 -+++ openssl-1.1.1-pre9/crypto/sha/sha512.c 2018-08-22 12:17:53.666661121 +0200 +diff -up openssl-1.1.1/crypto/sha/sha512.c.fips openssl-1.1.1/crypto/sha/sha512.c +--- openssl-1.1.1/crypto/sha/sha512.c.fips 2018-09-11 14:48:21.000000000 +0200 ++++ openssl-1.1.1/crypto/sha/sha512.c 2018-09-13 08:51:22.119520713 +0200 @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10761,9 +10748,22 @@ diff -up openssl-1.1.1-pre9/crypto/sha/sha512.c.fips openssl-1.1.1-pre9/crypto/s c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1-pre9/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1-pre9/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1-pre9/doc/man3/DSA_generate_parameters.pod.fips 2018-08-21 14:14:14.000000000 +0200 -+++ openssl-1.1.1-pre9/doc/man3/DSA_generate_parameters.pod 2018-08-22 12:17:53.666661121 +0200 +diff -up openssl-1.1.1/crypto/sha/sha_locl.h.fips openssl-1.1.1/crypto/sha/sha_locl.h +--- openssl-1.1.1/crypto/sha/sha_locl.h.fips 2018-09-13 08:51:21.768528910 +0200 ++++ openssl-1.1.1/crypto/sha/sha_locl.h 2018-09-13 08:51:22.118520736 +0200 +@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c + + int HASH_INIT(SHA_CTX *c) + { ++#if defined(OPENSSL_FIPS) ++ FIPS_selftest_check(); ++#endif + memset(c, 0, sizeof(*c)); + c->h0 = INIT_DATA_h0; + c->h1 = INIT_DATA_h1; +diff -up openssl-1.1.1/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1/doc/man3/DSA_generate_parameters.pod.fips 2018-09-11 14:48:22.000000000 +0200 ++++ openssl-1.1.1/doc/man3/DSA_generate_parameters.pod 2018-09-13 08:51:22.119520713 +0200 @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10777,9 +10777,9 @@ diff -up openssl-1.1.1-pre9/doc/man3/DSA_generate_parameters.pod.fips openssl-1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.1-pre9/include/openssl/crypto.h.fips openssl-1.1.1-pre9/include/openssl/crypto.h ---- openssl-1.1.1-pre9/include/openssl/crypto.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/crypto.h 2018-08-22 12:17:53.673661292 +0200 +diff -up openssl-1.1.1/include/openssl/crypto.h.fips openssl-1.1.1/include/openssl/crypto.h +--- openssl-1.1.1/include/openssl/crypto.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/crypto.h 2018-09-13 08:51:22.119520713 +0200 @@ -336,6 +336,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10792,9 +10792,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/crypto.h.fips openssl-1.1.1-pre9/inc void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1-pre9/include/openssl/dherr.h.fips openssl-1.1.1-pre9/include/openssl/dherr.h ---- openssl-1.1.1-pre9/include/openssl/dherr.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/dherr.h 2018-08-22 12:17:53.674661316 +0200 +diff -up openssl-1.1.1/include/openssl/dherr.h.fips openssl-1.1.1/include/openssl/dherr.h +--- openssl-1.1.1/include/openssl/dherr.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/dherr.h 2018-09-13 08:51:22.119520713 +0200 @@ -32,6 +32,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 @@ -10820,9 +10820,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/dherr.h.fips openssl-1.1.1-pre9/incl # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1-pre9/include/openssl/dh.h.fips openssl-1.1.1-pre9/include/openssl/dh.h ---- openssl-1.1.1-pre9/include/openssl/dh.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/dh.h 2018-08-22 12:17:53.677661390 +0200 +diff -up openssl-1.1.1/include/openssl/dh.h.fips openssl-1.1.1/include/openssl/dh.h +--- openssl-1.1.1/include/openssl/dh.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/dh.h 2018-09-13 08:51:22.119520713 +0200 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10831,9 +10831,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/dh.h.fips openssl-1.1.1-pre9/include # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.1.1-pre9/include/openssl/dsaerr.h.fips openssl-1.1.1-pre9/include/openssl/dsaerr.h ---- openssl-1.1.1-pre9/include/openssl/dsaerr.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/dsaerr.h 2018-08-22 12:17:53.685661586 +0200 +diff -up openssl-1.1.1/include/openssl/dsaerr.h.fips openssl-1.1.1/include/openssl/dsaerr.h +--- openssl-1.1.1/include/openssl/dsaerr.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/dsaerr.h 2018-09-13 08:51:22.119520713 +0200 @@ -25,8 +25,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 @@ -10859,9 +10859,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/dsaerr.h.fips openssl-1.1.1-pre9/inc # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1-pre9/include/openssl/dsa.h.fips openssl-1.1.1-pre9/include/openssl/dsa.h ---- openssl-1.1.1-pre9/include/openssl/dsa.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/dsa.h 2018-08-22 12:17:53.686661611 +0200 +diff -up openssl-1.1.1/include/openssl/dsa.h.fips openssl-1.1.1/include/openssl/dsa.h +--- openssl-1.1.1/include/openssl/dsa.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/dsa.h 2018-09-13 08:51:22.119520713 +0200 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10870,9 +10870,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/dsa.h.fips openssl-1.1.1-pre9/includ # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1-pre9/include/openssl/evperr.h.fips openssl-1.1.1-pre9/include/openssl/evperr.h ---- openssl-1.1.1-pre9/include/openssl/evperr.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/evperr.h 2018-08-22 12:17:53.687661635 +0200 +diff -up openssl-1.1.1/include/openssl/evperr.h.fips openssl-1.1.1/include/openssl/evperr.h +--- openssl-1.1.1/include/openssl/evperr.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/evperr.h 2018-09-13 08:51:22.120520689 +0200 @@ -25,6 +25,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 @@ -10897,9 +10897,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/evperr.h.fips openssl-1.1.1-pre9/inc # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.1-pre9/include/openssl/fips.h.fips openssl-1.1.1-pre9/include/openssl/fips.h ---- openssl-1.1.1-pre9/include/openssl/fips.h.fips 2018-08-22 12:17:53.687661635 +0200 -+++ openssl-1.1.1-pre9/include/openssl/fips.h 2018-08-22 12:17:53.687661635 +0200 +diff -up openssl-1.1.1/include/openssl/fips.h.fips openssl-1.1.1/include/openssl/fips.h +--- openssl-1.1.1/include/openssl/fips.h.fips 2018-09-13 08:51:22.120520689 +0200 ++++ openssl-1.1.1/include/openssl/fips.h 2018-09-13 08:51:22.120520689 +0200 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11087,9 +11087,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/fips.h.fips openssl-1.1.1-pre9/inclu +} +# endif +#endif -diff -up openssl-1.1.1-pre9/include/openssl/fips_rand.h.fips openssl-1.1.1-pre9/include/openssl/fips_rand.h ---- openssl-1.1.1-pre9/include/openssl/fips_rand.h.fips 2018-08-22 12:17:53.688661659 +0200 -+++ openssl-1.1.1-pre9/include/openssl/fips_rand.h 2018-08-22 12:17:53.688661659 +0200 +diff -up openssl-1.1.1/include/openssl/fips_rand.h.fips openssl-1.1.1/include/openssl/fips_rand.h +--- openssl-1.1.1/include/openssl/fips_rand.h.fips 2018-09-13 08:51:22.120520689 +0200 ++++ openssl-1.1.1/include/openssl/fips_rand.h 2018-09-13 08:51:22.120520689 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11236,9 +11236,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/fips_rand.h.fips openssl-1.1.1-pre9/ +# endif +# endif +#endif -diff -up openssl-1.1.1-pre9/include/openssl/opensslconf.h.in.fips openssl-1.1.1-pre9/include/openssl/opensslconf.h.in ---- openssl-1.1.1-pre9/include/openssl/opensslconf.h.in.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/opensslconf.h.in 2018-08-22 12:17:53.688661659 +0200 +diff -up openssl-1.1.1/include/openssl/opensslconf.h.in.fips openssl-1.1.1/include/openssl/opensslconf.h.in +--- openssl-1.1.1/include/openssl/opensslconf.h.in.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/opensslconf.h.in 2018-09-13 08:51:22.120520689 +0200 @@ -150,6 +150,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11251,9 +11251,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/opensslconf.h.in.fips openssl-1.1.1- #ifdef __cplusplus } #endif -diff -up openssl-1.1.1-pre9/include/openssl/randerr.h.fips openssl-1.1.1-pre9/include/openssl/randerr.h ---- openssl-1.1.1-pre9/include/openssl/randerr.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/randerr.h 2018-08-22 12:17:53.689661684 +0200 +diff -up openssl-1.1.1/include/openssl/randerr.h.fips openssl-1.1.1/include/openssl/randerr.h +--- openssl-1.1.1/include/openssl/randerr.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/randerr.h 2018-09-13 08:51:22.120520689 +0200 @@ -35,6 +35,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 @@ -11262,9 +11262,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/randerr.h.fips openssl-1.1.1-pre9/in # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1-pre9/include/openssl/rand.h.fips openssl-1.1.1-pre9/include/openssl/rand.h ---- openssl-1.1.1-pre9/include/openssl/rand.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/rand.h 2018-08-22 12:17:53.689661684 +0200 +diff -up openssl-1.1.1/include/openssl/rand.h.fips openssl-1.1.1/include/openssl/rand.h +--- openssl-1.1.1/include/openssl/rand.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/rand.h 2018-09-13 08:51:22.120520689 +0200 @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11277,9 +11277,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/rand.h.fips openssl-1.1.1-pre9/inclu #ifdef __cplusplus } -diff -up openssl-1.1.1-pre9/include/openssl/rsaerr.h.fips openssl-1.1.1-pre9/include/openssl/rsaerr.h ---- openssl-1.1.1-pre9/include/openssl/rsaerr.h.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/include/openssl/rsaerr.h 2018-08-22 12:17:53.691661733 +0200 +diff -up openssl-1.1.1/include/openssl/rsaerr.h.fips openssl-1.1.1/include/openssl/rsaerr.h +--- openssl-1.1.1/include/openssl/rsaerr.h.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/include/openssl/rsaerr.h 2018-09-13 08:51:22.121520666 +0200 @@ -21,6 +21,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 @@ -11335,9 +11335,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/rsaerr.h.fips openssl-1.1.1-pre9/inc # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.fips openssl-1.1.1-pre9/ssl/ssl_ciph.c ---- openssl-1.1.1-pre9/ssl/ssl_ciph.c.fips 2018-08-22 12:17:53.414654947 +0200 -+++ openssl-1.1.1-pre9/ssl/ssl_ciph.c 2018-08-22 12:17:53.691661733 +0200 +diff -up openssl-1.1.1/ssl/ssl_ciph.c.fips openssl-1.1.1/ssl/ssl_ciph.c +--- openssl-1.1.1/ssl/ssl_ciph.c.fips 2018-09-13 08:51:22.098521203 +0200 ++++ openssl-1.1.1/ssl/ssl_ciph.c 2018-09-13 08:51:22.121520666 +0200 @@ -385,7 +385,7 @@ int ssl_load_ciphers(void) } } @@ -11376,9 +11376,9 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.fips openssl-1.1.1-pre9/ssl/ssl_ciph. if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1-pre9/ssl/ssl_init.c.fips openssl-1.1.1-pre9/ssl/ssl_init.c ---- openssl-1.1.1-pre9/ssl/ssl_init.c.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/ssl/ssl_init.c 2018-08-22 12:17:53.691661733 +0200 +diff -up openssl-1.1.1/ssl/ssl_init.c.fips openssl-1.1.1/ssl/ssl_init.c +--- openssl-1.1.1/ssl/ssl_init.c.fips 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/ssl/ssl_init.c 2018-09-13 08:51:22.121520666 +0200 @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11422,10 +11422,10 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_init.c.fips openssl-1.1.1-pre9/ssl/ssl_init. #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.fips openssl-1.1.1-pre9/ssl/ssl_lib.c ---- openssl-1.1.1-pre9/ssl/ssl_lib.c.fips 2018-08-22 12:17:53.415654972 +0200 -+++ openssl-1.1.1-pre9/ssl/ssl_lib.c 2018-08-22 12:17:53.692661757 +0200 -@@ -2887,6 +2887,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1/ssl/ssl_lib.c.fips openssl-1.1.1/ssl/ssl_lib.c +--- openssl-1.1.1/ssl/ssl_lib.c.fips 2018-09-13 08:51:22.099521180 +0200 ++++ openssl-1.1.1/ssl/ssl_lib.c 2018-09-13 08:51:22.122520643 +0200 +@@ -2883,6 +2883,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11437,7 +11437,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.fips openssl-1.1.1-pre9/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; -@@ -2943,13 +2948,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -2939,13 +2944,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -11462,9 +11462,9 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.fips openssl-1.1.1-pre9/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1-pre9/test/dsatest.c.fips openssl-1.1.1-pre9/test/dsatest.c ---- openssl-1.1.1-pre9/test/dsatest.c.fips 2018-08-21 14:14:15.000000000 +0200 -+++ openssl-1.1.1-pre9/test/dsatest.c 2018-08-22 12:17:53.692661757 +0200 +diff -up openssl-1.1.1/test/dsatest.c.fips openssl-1.1.1/test/dsatest.c +--- openssl-1.1.1/test/dsatest.c.fips 2018-09-11 14:48:24.000000000 +0200 ++++ openssl-1.1.1/test/dsatest.c 2018-09-13 08:51:22.122520643 +0200 @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11547,13 +11547,13 @@ diff -up openssl-1.1.1-pre9/test/dsatest.c.fips openssl-1.1.1-pre9/test/dsatest. goto end; if (!TEST_int_eq(h, 2)) goto end; -diff -up openssl-1.1.1-pre9/util/libcrypto.num.fips openssl-1.1.1-pre9/util/libcrypto.num ---- openssl-1.1.1-pre9/util/libcrypto.num.fips 2018-08-22 12:17:53.693661782 +0200 -+++ openssl-1.1.1-pre9/util/libcrypto.num 2018-08-22 12:24:43.162691652 +0200 -@@ -4572,3 +4572,38 @@ EC_POINT_set_affine_coordinates - EC_POINT_get_affine_coordinates 4526 1_1_1 EXIST::FUNCTION:EC - EC_GROUP_set_curve 4527 1_1_1 EXIST::FUNCTION:EC - EC_GROUP_get_curve 4528 1_1_1 EXIST::FUNCTION:EC +diff -up openssl-1.1.1/util/libcrypto.num.fips openssl-1.1.1/util/libcrypto.num +--- openssl-1.1.1/util/libcrypto.num.fips 2018-09-13 08:51:22.123520619 +0200 ++++ openssl-1.1.1/util/libcrypto.num 2018-09-13 08:53:01.879190825 +0200 +@@ -4577,3 +4577,38 @@ OCSP_resp_get0_respdata + EVP_MD_CTX_set_pkey_ctx 4531 1_1_1 EXIST::FUNCTION: + EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION: + EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION: +FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: +FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: +FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1-rand-cleanup.patch b/openssl-1.1.1-rand-cleanup.patch deleted file mode 100644 index 5f886c5..0000000 --- a/openssl-1.1.1-rand-cleanup.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssl-1.1.1-pre9/crypto/rand/rand_lib.c.rand-cleanup openssl-1.1.1-pre9/crypto/rand/rand_lib.c ---- openssl-1.1.1-pre9/crypto/rand/rand_lib.c.rand-cleanup 2018-09-06 08:18:19.481566808 +0200 -+++ openssl-1.1.1-pre9/crypto/rand/rand_lib.c 2018-09-06 13:28:32.531777065 +0200 -@@ -353,7 +353,8 @@ void rand_cleanup_int(void) - if (meth != NULL && meth->cleanup != NULL) - meth->cleanup(); - rand_pool_cleanup(); -- RAND_set_rand_method(NULL); -+ if (meth != NULL) -+ RAND_set_rand_method(NULL); - #ifndef OPENSSL_NO_ENGINE - CRYPTO_THREAD_lock_free(rand_engine_lock); - rand_engine_lock = NULL; diff --git a/openssl-1.1.1-seclevel-check.patch b/openssl-1.1.1-seclevel-check.patch deleted file mode 100644 index e023c6e..0000000 --- a/openssl-1.1.1-seclevel-check.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c -index df5cff79c9..e740a8c25d 100644 ---- a/ssl/ssl_cert.c -+++ b/ssl/ssl_cert.c -@@ -947,7 +947,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, - if (level >= 2 && c->algorithm_enc == SSL_RC4) - return 0; - /* Level 3: forward secure ciphersuites only */ -- if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) -+ if (level >= 3 && (c->min_tls != TLS1_3_VERSION || -+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))) - return 0; - break; - } diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch index 20a6762..513f27e 100644 --- a/openssl-1.1.1-version-override.patch +++ b/openssl-1.1.1-version-override.patch @@ -1,14 +1,12 @@ -diff -up openssl-1.1.1-pre9/include/openssl/opensslv.h.version-override openssl-1.1.1-pre9/include/openssl/opensslv.h ---- openssl-1.1.1-pre9/include/openssl/opensslv.h.version-override 2018-08-22 12:25:31.959886929 +0200 -+++ openssl-1.1.1-pre9/include/openssl/opensslv.h 2018-08-22 12:26:17.997014595 +0200 -@@ -39,8 +39,8 @@ extern "C" { - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for +diff -up openssl-1.1.1/include/openssl/opensslv.h.version-override openssl-1.1.1/include/openssl/opensslv.h +--- openssl-1.1.1/include/openssl/opensslv.h.version-override 2018-09-13 08:54:38.247940128 +0200 ++++ openssl-1.1.1/include/openssl/opensslv.h 2018-09-13 08:56:10.757779555 +0200 +@@ -40,7 +40,7 @@ extern "C" { * major minor fix final patch/beta) */ --# define OPENSSL_VERSION_NUMBER 0x10101009L --# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018" -+# define OPENSSL_VERSION_NUMBER 0x1010100fL -+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018" + # define OPENSSL_VERSION_NUMBER 0x1010100fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 11 Sep 2018" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 FIPS 11 Sep 2018" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/openssl.spec b/openssl.spec index b20e505..d9f3d8f 100644 --- a/openssl.spec +++ b/openssl.spec @@ -19,17 +19,15 @@ %global _performance_build 1 -%global prerelease pre9 - Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1 -Release: 0.%{prerelease}.3%{?dist} +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-%{prerelease}-hobbled.tar.xz +Source: openssl-%{version}-hobbled.tar.xz Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert @@ -59,9 +57,7 @@ Patch42: openssl-1.1.1-fips.patch Patch43: openssl-1.1.1-ignore-bound.patch Patch44: openssl-1.1.1-version-override.patch Patch45: openssl-1.1.0-weak-ciphers.patch -Patch46: openssl-1.1.1-rand-cleanup.patch # Backported fixes including security fixes -Patch70: openssl-1.1.1-seclevel-check.patch License: OpenSSL Group: System Environment/Libraries @@ -135,7 +131,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version}-%{prerelease} +%setup -q -n %{name}-%{version} # The hobble_openssl is called here redundantly, just to be sure. # The tarball has already the sources removed. @@ -163,9 +159,7 @@ cp %{SOURCE13} test/ %patch43 -p1 -b .ignore-bound %patch44 -p1 -b .version-override %patch45 -p1 -b .weak-ciphers -%patch46 -p1 -b .rand-cleanup -%patch70 -p1 -b .seclevel-check %build # Figure out which flags we want to use. @@ -453,6 +447,9 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Thu Sep 13 2018 Tomáš Mráz 1.1.1-1 +- update to the final 1.1.1 version + * Thu Sep 6 2018 Tomáš Mráz 1.1.1-0.pre9.3 - do not try to initialize RNG in cleanup if it was not initialized before (#1624554)