diff --git a/.gitignore b/.gitignore
index 5a227f8..9cbbd5b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.0b-hobbled.tar.xz
/openssl-1.1.0c-hobbled.tar.xz
/openssl-1.1.0d-hobbled.tar.xz
+/openssl-1.1.0e-hobbled.tar.xz
diff --git a/openssl-1.1.0-backports.patch b/openssl-1.1.0-backports.patch
deleted file mode 100644
index 1db6e65..0000000
--- a/openssl-1.1.0-backports.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From 3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Thu, 26 Jan 2017 17:11:14 +0000
-Subject: [PATCH] Use correct signature algorithm list when sending or
- checking.
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2297)
----
- ssl/ssl_locl.h | 2 +-
- ssl/statem/statem_srvr.c | 2 +-
- ssl/t1_lib.c | 12 ++++++------
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 4079b31..9a997cf 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -2062,7 +2062,7 @@ __owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out,
- const unsigned char *psig, size_t psiglen);
- __owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
- __owur int tls1_process_sigalgs(SSL *s);
--__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
-+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
- __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
- const unsigned char *sig, EVP_PKEY *pkey);
- void ssl_set_client_disabled(SSL *s);
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index d36d194..ad89e93 100644
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -2002,7 +2002,7 @@ int tls_construct_certificate_request(SSL *s)
- if (SSL_USE_SIGALGS(s)) {
- const unsigned char *psigs;
- unsigned char *etmp = p;
-- nl = tls12_get_psigalgs(s, &psigs);
-+ nl = tls12_get_psigalgs(s, 1, &psigs);
- /* Skip over length for now */
- p += 2;
- nl = tls12_copy_sigalgs(s, p, psigs, nl);
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 1205f99..b75e568 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -711,7 +711,7 @@ static const unsigned char suiteb_sigalgs[] = {
- tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
- };
- #endif
--size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
-+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
- {
- /*
- * If Suite B mode use Suite B sigalgs only, ignore any other
-@@ -733,7 +733,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
- }
- #endif
- /* If server use client authentication sigalgs if not NULL */
-- if (s->server && s->cert->client_sigalgs) {
-+ if (s->server == sent && s->cert->client_sigalgs) {
- *psigs = s->cert->client_sigalgs;
- return s->cert->client_sigalgslen;
- } else if (s->cert->conf_sigalgs) {
-@@ -797,7 +797,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
- #endif
-
- /* Check signature matches a type we sent */
-- sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
-+ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
- for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
- if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
- break;
-@@ -1189,7 +1189,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
- size_t salglen;
- const unsigned char *salg;
- unsigned char *etmp;
-- salglen = tls12_get_psigalgs(s, &salg);
-+ salglen = tls12_get_psigalgs(s, 1, &salg);
-
- /*-
- * check for enough space.
-@@ -3396,7 +3396,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
- * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep
- * down calls to security callback only check if we have to.
- */
-- sigalgslen = tls12_get_psigalgs(s, &sigalgs);
-+ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
- for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
- switch (sigalgs[1]) {
- #ifndef OPENSSL_NO_RSA
-@@ -3491,7 +3491,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
- conf = c->conf_sigalgs;
- conflen = c->conf_sigalgslen;
- } else
-- conflen = tls12_get_psigalgs(s, &conf);
-+ conflen = tls12_get_psigalgs(s, 0, &conf);
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
- pref = conf;
- preflen = conflen;
---
-2.9.3
-
-From b431b094330da3e54805c49fb262192e34bc3864 Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Sat, 28 Jan 2017 17:43:17 +0100
-Subject: [PATCH] X509_CRL_digest() - ensure precomputed sha1 hash before
- returning it
-
-X509_CRL_digest() didn't check if the precomputed sha1 hash was actually
-present. This also makes sure there's an appropriate flag to check.
-
-Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/2314)
-(cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436)
----
- crypto/x509/x_all.c | 2 +-
- crypto/x509/x_crl.c | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
-index 59f96a5..124dd2d 100644
---- a/crypto/x509/x_all.c
-+++ b/crypto/x509/x_all.c
-@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
- int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len)
- {
-- if (type == EVP_sha1()) {
-+ if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) {
- /* Asking for SHA1; always computed in CRL d2i. */
- if (len != NULL)
- *len = sizeof(data->sha1_hash);
-diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
-index da9c6b6..dbed850 100644
---- a/crypto/x509/x_crl.c
-+++ b/crypto/x509/x_crl.c
-@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
- if (crl->meth->crl_init(crl) == 0)
- return 0;
- }
-+
-+ crl->flags |= EXFLAG_SET;
- break;
-
- case ASN1_OP_FREE_POST:
---
-2.9.3
-
diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch
index dc976f2..41446ed 100644
--- a/openssl-1.1.0-build.patch
+++ b/openssl-1.1.0-build.patch
@@ -29,99 +29,3 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
-diff -up openssl-1.1.0c/crypto/ec/ec_lib.c.build openssl-1.1.0c/crypto/ec/ec_lib.c
---- openssl-1.1.0c/crypto/ec/ec_lib.c.build 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/ec/ec_lib.c 2016-11-11 13:26:36.097400901 +0100
-@@ -74,9 +74,6 @@ void EC_pre_comp_free(EC_GROUP *group)
- break;
- #endif
- #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-- case PCT_nistp224:
-- EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
-- break;
- case PCT_nistp256:
- EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
- break;
-@@ -152,9 +149,6 @@ int EC_GROUP_copy(EC_GROUP *dest, const
- break;
- #endif
- #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-- case PCT_nistp224:
-- dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
-- break;
- case PCT_nistp256:
- dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
- break;
-diff -up openssl-1.1.0c/test/ecdhtest_cavs.h.build openssl-1.1.0c/test/ecdhtest_cavs.h
---- openssl-1.1.0c/test/ecdhtest_cavs.h.build 2016-11-11 13:26:36.079400491 +0100
-+++ openssl-1.1.0c/test/ecdhtest_cavs.h 2016-11-11 13:26:36.097400901 +0100
-@@ -29,6 +29,7 @@ typedef struct {
-
- static const ecdh_cavs_kat_t ecdh_cavs_kats[] = {
- /* curves over prime fields go here */
-+#if 0
- { NID_X9_62_prime192v1,
- "42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0",
- "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523",
-@@ -379,6 +380,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k
- "a6b29632db94da2125dc1cf80e03702687b2acc1122022fa2174765a",
- "61723edd73e10daed73775278f1958ba56f1fc9d085ebc2b64c84fe5",
- "71954e2261e8510be1a060733671d2e9d0a2d012eb4e09556d697d2a" },
-+#endif
- { NID_X9_62_prime256v1,
- "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
- "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
-diff -up openssl-1.1.0c/test/ecdhtest.c.build openssl-1.1.0c/test/ecdhtest.c
---- openssl-1.1.0c/test/ecdhtest.c.build 2016-11-10 15:03:47.000000000 +0100
-+++ openssl-1.1.0c/test/ecdhtest.c 2016-11-11 13:26:36.097400901 +0100
-@@ -252,6 +252,7 @@ typedef struct {
-
- static const ecdh_kat_t ecdh_kats[] = {
- /* Keys and shared secrets from RFC 5114 */
-+#if 0
- { NID_X9_62_prime192v1,
- "323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426",
- "631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62",
-@@ -260,6 +261,7 @@ static const ecdh_kat_t ecdh_kats[] = {
- "B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F",
- "AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18",
- "52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA" },
-+#endif
- { NID_X9_62_prime256v1,
- "814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF",
- "2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41",
-@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = {
- "01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04"
- "D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3"
- "DDEA" },
-+#if 0
- /* Keys and shared secrets from RFC 7027 */
- { NID_brainpoolP256r1,
- "81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D",
-@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = {
- "ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429",
- "A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76"
- "D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" }
-+#endif
- };
-
- /* Given private value and NID, create EC_KEY structure */
-diff -up openssl-1.1.0c/test/ecdsatest.c.build openssl-1.1.0c/test/ecdsatest.c
---- openssl-1.1.0c/test/ecdsatest.c.build 2016-11-10 15:03:47.000000000 +0100
-+++ openssl-1.1.0c/test/ecdsatest.c 2016-11-11 13:26:36.097400901 +0100
-@@ -216,6 +216,7 @@ int x9_62_tests(BIO *out)
- if (!change_rand())
- goto x962_err;
-
-+#if 0
- if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
- "3342403536405981729393488334694600415596881826869351677613",
- "5735822328888155254683894997897571951568553642892029982342"))
-@@ -226,6 +227,7 @@ int x9_62_tests(BIO *out)
- "3238135532097973577080787768312505059318910517550078427819"
- "78505179448783"))
- goto x962_err;
-+#endif
- # ifndef OPENSSL_NO_EC2M
- if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
- "87194383164871543355722284926904419997237591535066528048",
diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch
index 2b6059e..32cfb08 100644
--- a/openssl-1.1.0-ec-curves.patch
+++ b/openssl-1.1.0-ec-curves.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.0d/apps/speed.c.curves openssl-1.1.0d/apps/speed.c
---- openssl-1.1.0d/apps/speed.c.curves 2017-01-26 14:10:21.000000000 +0100
-+++ openssl-1.1.0d/apps/speed.c 2017-01-26 15:53:33.913324153 +0100
+diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c
+--- openssl-1.1.0e/apps/speed.c.curves 2017-02-16 12:58:20.000000000 +0100
++++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:46:22.271504354 +0100
@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = {
#define R_EC_X25519 16
#ifndef OPENSSL_NO_EC
@@ -44,9 +44,9 @@ diff -up openssl-1.1.0d/apps/speed.c.curves openssl-1.1.0d/apps/speed.c
{"ecdhx25519", R_EC_X25519},
{NULL}
};
-diff -up openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves openssl-1.1.0d/crypto/ec/ecp_smpl.c
---- openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/ec/ecp_smpl.c 2017-01-26 15:53:33.913324153 +0100
+diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp_smpl.c
+--- openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/ec/ecp_smpl.c 2017-02-16 15:46:22.264504188 +0100
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0;
}
@@ -59,3 +59,73 @@ diff -up openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves openssl-1.1.0d/crypto/ec/ecp
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
+diff -up openssl-1.1.0e/test/ecdhtest_cavs.h.curves openssl-1.1.0e/test/ecdhtest_cavs.h
+--- openssl-1.1.0e/test/ecdhtest_cavs.h.curves 2017-02-16 15:46:22.237503550 +0100
++++ openssl-1.1.0e/test/ecdhtest_cavs.h 2017-02-16 16:08:16.091687111 +0100
+@@ -29,6 +29,7 @@ typedef struct {
+
+ static const ecdh_cavs_kat_t ecdh_cavs_kats[] = {
+ /* curves over prime fields go here */
++#if 0
+ { NID_X9_62_prime192v1,
+ "42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0",
+ "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523",
+@@ -204,6 +205,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k
+ "fcd345a976c720caaa97de6697226825615e1287a9eff67e",
+ "58ea42edbeeafca9ff44cfd7f29abd2cbde7626d79e422c9",
+ "72e88f3ea67d46d46dbf83926e7e2a6b85b54536741e6d2c" },
++#endif
+ { NID_secp224r1,
+ "af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280",
+ "882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7",
+diff -up openssl-1.1.0e/test/ecdhtest.c.curves openssl-1.1.0e/test/ecdhtest.c
+--- openssl-1.1.0e/test/ecdhtest.c.curves 2017-02-16 12:58:24.000000000 +0100
++++ openssl-1.1.0e/test/ecdhtest.c 2017-02-16 16:07:30.412629758 +0100
+@@ -252,10 +252,12 @@ typedef struct {
+
+ static const ecdh_kat_t ecdh_kats[] = {
+ /* Keys and shared secrets from RFC 5114 */
++#if 0
+ { NID_X9_62_prime192v1,
+ "323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426",
+ "631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62",
+ "AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE" },
++#endif
+ { NID_secp224r1,
+ "B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F",
+ "AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18",
+@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = {
+ "01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04"
+ "D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3"
+ "DDEA" },
++#if 0
+ /* Keys and shared secrets from RFC 7027 */
+ { NID_brainpoolP256r1,
+ "81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D",
+@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = {
+ "ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429",
+ "A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76"
+ "D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" }
++#endif
+ };
+
+ /* Given private value and NID, create EC_KEY structure */
+diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c
+--- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100
++++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100
+@@ -216,6 +216,7 @@ int x9_62_tests(BIO *out)
+ if (!change_rand())
+ goto x962_err;
+
++#if 0
+ if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+ "3342403536405981729393488334694600415596881826869351677613",
+ "5735822328888155254683894997897571951568553642892029982342"))
+@@ -226,6 +227,7 @@ int x9_62_tests(BIO *out)
+ "3238135532097973577080787768312505059318910517550078427819"
+ "78505179448783"))
+ goto x962_err;
++#endif
+ # ifndef OPENSSL_NO_EC2M
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+ "87194383164871543355722284926904419997237591535066528048",
diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch
index e5fb17b..ebdcc55 100644
--- a/openssl-1.1.0-fips.patch
+++ b/openssl-1.1.0-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.0d/apps/speed.c.fips openssl-1.1.0d/apps/speed.c
---- openssl-1.1.0d/apps/speed.c.fips 2017-01-26 16:02:29.004335278 +0100
-+++ openssl-1.1.0d/apps/speed.c 2017-01-26 16:02:29.013335037 +0100
+diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c
+--- openssl-1.1.0e/apps/speed.c.fips 2017-02-16 15:42:44.967362611 +0100
++++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:42:44.975362800 +0100
@@ -1442,7 +1442,9 @@ int speed_main(int argc, char **argv)
}
# endif
@@ -113,9 +113,9 @@ diff -up openssl-1.1.0d/apps/speed.c.fips openssl-1.1.0d/apps/speed.c
if (loopargs[i].hctx == NULL) {
BIO_printf(bio_err, "HMAC malloc failure, exiting...");
exit(1);
-diff -up openssl-1.1.0d/Configure.fips openssl-1.1.0d/Configure
---- openssl-1.1.0d/Configure.fips 2017-01-26 16:02:29.010335117 +0100
-+++ openssl-1.1.0d/Configure 2017-01-26 16:02:29.014335010 +0100
+diff -up openssl-1.1.0e/Configure.fips openssl-1.1.0e/Configure
+--- openssl-1.1.0e/Configure.fips 2017-02-16 15:42:44.972362729 +0100
++++ openssl-1.1.0e/Configure 2017-02-16 15:42:44.975362800 +0100
@@ -312,7 +312,7 @@ $config{sdirs} = [
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
"des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
@@ -125,9 +125,9 @@ diff -up openssl-1.1.0d/Configure.fips openssl-1.1.0d/Configure
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
-diff -up openssl-1.1.0d/crypto/bn/bn_rand.c.fips openssl-1.1.0d/crypto/bn/bn_rand.c
---- openssl-1.1.0d/crypto/bn/bn_rand.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/bn/bn_rand.c 2017-01-26 16:02:29.014335010 +0100
+diff -up openssl-1.1.0e/crypto/bn/bn_rand.c.fips openssl-1.1.0e/crypto/bn/bn_rand.c
+--- openssl-1.1.0e/crypto/bn/bn_rand.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/bn/bn_rand.c 2017-02-16 15:42:44.975362800 +0100
@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
}
@@ -143,9 +143,9 @@ diff -up openssl-1.1.0d/crypto/bn/bn_rand.c.fips openssl-1.1.0d/crypto/bn/bn_ran
if (RAND_bytes(buf, bytes) <= 0)
goto err;
-diff -up openssl-1.1.0d/crypto/dh/dh_err.c.fips openssl-1.1.0d/crypto/dh/dh_err.c
---- openssl-1.1.0d/crypto/dh/dh_err.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dh/dh_err.c 2017-01-26 16:02:29.014335010 +0100
+diff -up openssl-1.1.0e/crypto/dh/dh_err.c.fips openssl-1.1.0e/crypto/dh/dh_err.c
+--- openssl-1.1.0e/crypto/dh/dh_err.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dh/dh_err.c 2017-02-16 15:42:44.975362800 +0100
@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
@@ -168,9 +168,9 @@ diff -up openssl-1.1.0d/crypto/dh/dh_err.c.fips openssl-1.1.0d/crypto/dh/dh_err.
{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
{ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
-diff -up openssl-1.1.0d/crypto/dh/dh_gen.c.fips openssl-1.1.0d/crypto/dh/dh_gen.c
---- openssl-1.1.0d/crypto/dh/dh_gen.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dh/dh_gen.c 2017-01-26 16:02:29.014335010 +0100
+diff -up openssl-1.1.0e/crypto/dh/dh_gen.c.fips openssl-1.1.0e/crypto/dh/dh_gen.c
+--- openssl-1.1.0e/crypto/dh/dh_gen.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dh/dh_gen.c 2017-02-16 15:42:44.975362800 +0100
@@ -16,6 +16,9 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -214,9 +214,9 @@ diff -up openssl-1.1.0d/crypto/dh/dh_gen.c.fips openssl-1.1.0d/crypto/dh/dh_gen.
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.0d/crypto/dh/dh_key.c.fips openssl-1.1.0d/crypto/dh/dh_key.c
---- openssl-1.1.0d/crypto/dh/dh_key.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dh/dh_key.c 2017-01-26 16:02:29.014335010 +0100
+diff -up openssl-1.1.0e/crypto/dh/dh_key.c.fips openssl-1.1.0e/crypto/dh/dh_key.c
+--- openssl-1.1.0e/crypto/dh/dh_key.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dh/dh_key.c 2017-02-16 15:42:44.976362824 +0100
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
#include "dh_locl.h"
@@ -300,9 +300,9 @@ diff -up openssl-1.1.0d/crypto/dh/dh_key.c.fips openssl-1.1.0d/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0d/crypto/dsa/dsa_err.c.fips openssl-1.1.0d/crypto/dsa/dsa_err.c
---- openssl-1.1.0d/crypto/dsa/dsa_err.c.fips 2017-01-26 16:02:29.028334636 +0100
-+++ openssl-1.1.0d/crypto/dsa/dsa_err.c 2017-01-26 16:05:40.306217789 +0100
+diff -up openssl-1.1.0e/crypto/dsa/dsa_err.c.fips openssl-1.1.0e/crypto/dsa/dsa_err.c
+--- openssl-1.1.0e/crypto/dsa/dsa_err.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dsa/dsa_err.c 2017-02-16 15:42:44.976362824 +0100
@@ -21,10 +21,13 @@
static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -330,9 +330,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_err.c.fips openssl-1.1.0d/crypto/dsa/dsa_
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
{ERR_REASON(DSA_R_SEED_LEN_SMALL),
-diff -up openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips openssl-1.1.0d/crypto/dsa/dsa_gen.c
---- openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dsa/dsa_gen.c 2017-01-26 16:02:29.029334609 +0100
+diff -up openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips openssl-1.1.0e/crypto/dsa/dsa_gen.c
+--- openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dsa/dsa_gen.c 2017-02-16 15:42:44.976362824 +0100
@@ -22,12 +22,22 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -494,9 +494,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips openssl-1.1.0d/crypto/dsa/dsa_
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/dsa/dsa_key.c.fips openssl-1.1.0d/crypto/dsa/dsa_key.c
---- openssl-1.1.0d/crypto/dsa/dsa_key.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dsa/dsa_key.c 2017-01-26 16:02:29.029334609 +0100
+diff -up openssl-1.1.0e/crypto/dsa/dsa_key.c.fips openssl-1.1.0e/crypto/dsa/dsa_key.c
+--- openssl-1.1.0e/crypto/dsa/dsa_key.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dsa/dsa_key.c 2017-02-16 15:42:44.976362824 +0100
@@ -13,10 +13,49 @@
#include <openssl/bn.h>
#include "dsa_locl.h"
@@ -576,9 +576,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_key.c.fips openssl-1.1.0d/crypto/dsa/dsa_
ok = 1;
err:
-diff -up openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0d/crypto/dsa/dsa_ossl.c
---- openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dsa/dsa_ossl.c 2017-01-26 16:02:29.029334609 +0100
+diff -up openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0e/crypto/dsa/dsa_ossl.c
+--- openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dsa/dsa_ossl.c 2017-02-16 15:42:44.976362824 +0100
@@ -15,6 +15,9 @@
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -638,9 +638,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0d/crypto/dsa/dsa
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0d/crypto/dsa/dsa_pmeth.c
---- openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/dsa/dsa_pmeth.c 2017-01-26 16:02:29.029334609 +0100
+diff -up openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0e/crypto/dsa/dsa_pmeth.c
+--- openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/dsa/dsa_pmeth.c 2017-02-16 15:42:44.976362824 +0100
@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
BN_GENCB_free(pcb);
return 0;
@@ -652,9 +652,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0d/crypto/dsa/ds
BN_GENCB_free(pcb);
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
-diff -up openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdh_ossl.c
---- openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/ec/ecdh_ossl.c 2017-01-26 16:02:29.029334609 +0100
+diff -up openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdh_ossl.c
+--- openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/ec/ecdh_ossl.c 2017-02-16 15:42:44.976362824 +0100
@@ -33,9 +33,20 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -676,9 +676,9 @@ diff -up openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdh
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
return 0;
-diff -up openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdsa_ossl.c
---- openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/ec/ecdsa_ossl.c 2017-01-26 16:02:29.030334582 +0100
+diff -up openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdsa_ossl.c
+--- openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/ec/ecdsa_ossl.c 2017-02-16 15:42:44.976362824 +0100
@@ -15,6 +15,10 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -718,9 +718,9 @@ diff -up openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0d/crypto/ec/ecd
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.1.0d/crypto/ec/ec_key.c.fips openssl-1.1.0d/crypto/ec/ec_key.c
---- openssl-1.1.0d/crypto/ec/ec_key.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/ec/ec_key.c 2017-01-26 16:02:29.030334582 +0100
+diff -up openssl-1.1.0e/crypto/ec/ec_key.c.fips openssl-1.1.0e/crypto/ec/ec_key.c
+--- openssl-1.1.0e/crypto/ec/ec_key.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/ec/ec_key.c 2017-02-16 15:42:44.977362848 +0100
@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r)
return ((i > 1) ? 1 : 0);
}
@@ -785,9 +785,9 @@ diff -up openssl-1.1.0d/crypto/ec/ec_key.c.fips openssl-1.1.0d/crypto/ec/ec_key.
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
return 0;
}
-diff -up openssl-1.1.0d/crypto/err/err_all.c.fips openssl-1.1.0d/crypto/err/err_all.c
---- openssl-1.1.0d/crypto/err/err_all.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/err/err_all.c 2017-01-26 16:02:29.030334582 +0100
+diff -up openssl-1.1.0e/crypto/err/err_all.c.fips openssl-1.1.0e/crypto/err/err_all.c
+--- openssl-1.1.0e/crypto/err/err_all.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/err/err_all.c 2017-02-16 15:42:44.977362848 +0100
@@ -43,9 +43,6 @@
int err_load_crypto_strings_int(void)
{
@@ -798,9 +798,9 @@ diff -up openssl-1.1.0d/crypto/err/err_all.c.fips openssl-1.1.0d/crypto/err/err_
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
ERR_load_BN_strings() == 0 ||
-diff -up openssl-1.1.0d/crypto/evp/c_allc.c.fips openssl-1.1.0d/crypto/evp/c_allc.c
---- openssl-1.1.0d/crypto/evp/c_allc.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/c_allc.c 2017-01-26 16:02:29.030334582 +0100
+diff -up openssl-1.1.0e/crypto/evp/c_allc.c.fips openssl-1.1.0e/crypto/evp/c_allc.c
+--- openssl-1.1.0e/crypto/evp/c_allc.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/c_allc.c 2017-02-16 15:42:44.977362848 +0100
@@ -17,6 +17,9 @@
void openssl_add_all_ciphers_int(void)
{
@@ -882,9 +882,9 @@ diff -up openssl-1.1.0d/crypto/evp/c_allc.c.fips openssl-1.1.0d/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0d/crypto/evp/c_alld.c.fips openssl-1.1.0d/crypto/evp/c_alld.c
---- openssl-1.1.0d/crypto/evp/c_alld.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/c_alld.c 2017-01-26 16:02:29.030334582 +0100
+diff -up openssl-1.1.0e/crypto/evp/c_alld.c.fips openssl-1.1.0e/crypto/evp/c_alld.c
+--- openssl-1.1.0e/crypto/evp/c_alld.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/c_alld.c 2017-02-16 15:42:44.977362848 +0100
@@ -16,6 +16,9 @@
void openssl_add_all_digests_int(void)
@@ -911,9 +911,9 @@ diff -up openssl-1.1.0d/crypto/evp/c_alld.c.fips openssl-1.1.0d/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0d/crypto/evp/digest.c.fips openssl-1.1.0d/crypto/evp/digest.c
---- openssl-1.1.0d/crypto/evp/digest.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/digest.c 2017-01-26 16:02:29.030334582 +0100
+diff -up openssl-1.1.0e/crypto/evp/digest.c.fips openssl-1.1.0e/crypto/evp/digest.c
+--- openssl-1.1.0e/crypto/evp/digest.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/digest.c 2017-02-16 15:42:44.977362848 +0100
@@ -14,6 +14,9 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -973,9 +973,9 @@ diff -up openssl-1.1.0d/crypto/evp/digest.c.fips openssl-1.1.0d/crypto/evp/diges
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
if (size != NULL)
-diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.c
---- openssl-1.1.0d/crypto/evp/e_aes.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/e_aes.c 2017-01-26 16:02:29.031334556 +0100
+diff -up openssl-1.1.0e/crypto/evp/e_aes.c.fips openssl-1.1.0e/crypto/evp/e_aes.c
+--- openssl-1.1.0e/crypto/evp/e_aes.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/e_aes.c 2017-02-16 15:42:44.978362871 +0100
@@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
return 1;
}
@@ -989,7 +989,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
-@@ -1307,6 +1307,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
+@@ -1309,6 +1309,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
@@ -1001,7 +1001,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
-@@ -1767,11 +1772,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
+@@ -1769,11 +1774,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
@@ -1019,7 +1019,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -1906,6 +1914,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1908,6 +1916,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
return 0;
if (!out || !in || len < AES_BLOCK_SIZE)
return 0;
@@ -1034,7 +1034,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
if (xctx->stream)
(*xctx->stream) (in, out, len,
xctx->xts.key1, xctx->xts.key2,
-@@ -1923,8 +1939,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1925,8 +1941,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY)
@@ -1047,7 +1047,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -2187,11 +2205,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
+@@ -2189,11 +2207,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
#define aes_ccm_cleanup NULL
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
@@ -1062,7 +1062,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
typedef struct {
union {
-@@ -2284,7 +2302,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
+@@ -2286,7 +2304,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
return rv ? (int)rv : -1;
}
@@ -1071,9 +1071,9 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-diff -up openssl-1.1.0d/crypto/evp/e_des3.c.fips openssl-1.1.0d/crypto/evp/e_des3.c
---- openssl-1.1.0d/crypto/evp/e_des3.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/e_des3.c 2017-01-26 16:02:29.031334556 +0100
+diff -up openssl-1.1.0e/crypto/evp/e_des3.c.fips openssl-1.1.0e/crypto/evp/e_des3.c
+--- openssl-1.1.0e/crypto/evp/e_des3.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/e_des3.c 2017-02-16 15:42:44.978362871 +0100
@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
# define des_ede3_cbc_cipher des_ede_cbc_cipher
# define des_ede3_ecb_cipher des_ede_ecb_cipher
@@ -1100,9 +1100,9 @@ diff -up openssl-1.1.0d/crypto/evp/e_des3.c.fips openssl-1.1.0d/crypto/evp/e_des
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff -up openssl-1.1.0d/crypto/evp/e_null.c.fips openssl-1.1.0d/crypto/evp/e_null.c
---- openssl-1.1.0d/crypto/evp/e_null.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/e_null.c 2017-01-26 16:02:29.031334556 +0100
+diff -up openssl-1.1.0e/crypto/evp/e_null.c.fips openssl-1.1.0e/crypto/evp/e_null.c
+--- openssl-1.1.0e/crypto/evp/e_null.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/e_null.c 2017-02-16 15:42:44.978362871 +0100
@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
@@ -1113,9 +1113,9 @@ diff -up openssl-1.1.0d/crypto/evp/e_null.c.fips openssl-1.1.0d/crypto/evp/e_nul
null_init_key,
null_cipher,
NULL,
-diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_enc.c
---- openssl-1.1.0d/crypto/evp/evp_enc.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/evp_enc.c 2017-01-26 16:02:29.032334529 +0100
+diff -up openssl-1.1.0e/crypto/evp/evp_enc.c.fips openssl-1.1.0e/crypto/evp/evp_enc.c
+--- openssl-1.1.0e/crypto/evp/evp_enc.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/evp_enc.c 2017-02-16 15:45:17.526972401 +0100
@@ -16,10 +16,19 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -1163,7 +1163,7 @@ diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_
#ifndef OPENSSL_NO_ENGINE
/*
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
-@@ -133,7 +154,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -134,7 +155,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
}
ctx->key_len = cipher->key_len;
/* Preserve wrap enable flag, zero everything else */
@@ -1171,8 +1171,8 @@ diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_
+ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW;
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-@@ -191,6 +212,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+ ctx->cipher = NULL;
+@@ -193,6 +214,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
return 0;
}
}
@@ -1191,9 +1191,9 @@ diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if (!ctx->cipher->init(ctx, key, iv, enc))
-diff -up openssl-1.1.0d/crypto/evp/evp_err.c.fips openssl-1.1.0d/crypto/evp/evp_err.c
---- openssl-1.1.0d/crypto/evp/evp_err.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/evp_err.c 2017-01-26 16:07:34.336167390 +0100
+diff -up openssl-1.1.0e/crypto/evp/evp_err.c.fips openssl-1.1.0e/crypto/evp/evp_err.c
+--- openssl-1.1.0e/crypto/evp/evp_err.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/evp_err.c 2017-02-16 15:42:44.978362871 +0100
@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
{ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
@@ -1218,9 +1218,9 @@ diff -up openssl-1.1.0d/crypto/evp/evp_err.c.fips openssl-1.1.0d/crypto/evp/evp_
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-diff -up openssl-1.1.0d/crypto/evp/evp_lib.c.fips openssl-1.1.0d/crypto/evp/evp_lib.c
---- openssl-1.1.0d/crypto/evp/evp_lib.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/evp_lib.c 2017-01-26 16:02:29.032334529 +0100
+diff -up openssl-1.1.0e/crypto/evp/evp_lib.c.fips openssl-1.1.0e/crypto/evp/evp_lib.c
+--- openssl-1.1.0e/crypto/evp/evp_lib.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/evp_lib.c 2017-02-16 15:42:44.978362871 +0100
@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
@@ -1231,9 +1231,9 @@ diff -up openssl-1.1.0d/crypto/evp/evp_lib.c.fips openssl-1.1.0d/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
-diff -up openssl-1.1.0d/crypto/evp/m_sha1.c.fips openssl-1.1.0d/crypto/evp/m_sha1.c
---- openssl-1.1.0d/crypto/evp/m_sha1.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/evp/m_sha1.c 2017-01-26 16:02:29.032334529 +0100
+diff -up openssl-1.1.0e/crypto/evp/m_sha1.c.fips openssl-1.1.0e/crypto/evp/m_sha1.c
+--- openssl-1.1.0e/crypto/evp/m_sha1.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/evp/m_sha1.c 2017-02-16 15:42:44.978362871 +0100
@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = {
NID_sha1,
NID_sha1WithRSAEncryption,
@@ -1279,9 +1279,9 @@ diff -up openssl-1.1.0d/crypto/evp/m_sha1.c.fips openssl-1.1.0d/crypto/evp/m_sha
init512,
update512,
final512,
-diff -up openssl-1.1.0d/crypto/fips/build.info.fips openssl-1.1.0d/crypto/fips/build.info
---- openssl-1.1.0d/crypto/fips/build.info.fips 2017-01-26 16:02:29.032334529 +0100
-+++ openssl-1.1.0d/crypto/fips/build.info 2017-01-26 16:02:29.032334529 +0100
+diff -up openssl-1.1.0e/crypto/fips/build.info.fips openssl-1.1.0e/crypto/fips/build.info
+--- openssl-1.1.0e/crypto/fips/build.info.fips 2017-02-16 15:42:44.979362895 +0100
++++ openssl-1.1.0e/crypto/fips/build.info 2017-02-16 15:42:44.979362895 +0100
@@ -0,0 +1,15 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
@@ -1298,9 +1298,9 @@ diff -up openssl-1.1.0d/crypto/fips/build.info.fips openssl-1.1.0d/crypto/fips/b
+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
+INCLUDE[fips_standalone_hmac]=../../include
+DEPEND[fips_standalone_hmac]=../../libcrypto
-diff -up openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_aes_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_aes_selftest.c 2017-01-26 16:02:29.033334502 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_aes_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100
++++ openssl-1.1.0e/crypto/fips/fips_aes_selftest.c 2017-02-16 15:42:44.979362895 +0100
@@ -0,0 +1,372 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -1674,9 +1674,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0d/cryp
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips.c.fips openssl-1.1.0d/crypto/fips/fips.c
---- openssl-1.1.0d/crypto/fips/fips.c.fips 2017-01-26 16:02:29.033334502 +0100
-+++ openssl-1.1.0d/crypto/fips/fips.c 2017-01-26 16:02:29.033334502 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips.c.fips openssl-1.1.0e/crypto/fips/fips.c
+--- openssl-1.1.0e/crypto/fips/fips.c.fips 2017-02-16 15:42:44.979362895 +0100
++++ openssl-1.1.0e/crypto/fips/fips.c 2017-02-16 15:42:44.979362895 +0100
@@ -0,0 +1,526 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2204,9 +2204,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips.c.fips openssl-1.1.0d/crypto/fips/fips.
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c 2017-01-26 16:02:29.033334502 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100
++++ openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c 2017-02-16 15:42:44.979362895 +0100
@@ -0,0 +1,156 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2364,9 +2364,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0d/cry
+ return rv;
+}
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_des_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_des_selftest.c 2017-01-26 16:02:29.033334502 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_des_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100
++++ openssl-1.1.0e/crypto/fips/fips_des_selftest.c 2017-02-16 15:42:44.979362895 +0100
@@ -0,0 +1,133 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2501,9 +2501,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0d/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_dh_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips 2017-01-26 16:02:29.035334448 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_dh_selftest.c 2017-01-26 16:02:29.035334448 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_dh_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100
++++ openssl-1.1.0e/crypto/fips/fips_dh_selftest.c 2017-02-16 15:42:44.979362895 +0100
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2685,9 +2685,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0d/crypt
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c
---- openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips 2017-01-26 16:02:29.035334448 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c 2017-01-26 16:02:29.035334448 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips 2017-02-16 15:42:44.980362918 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c 2017-02-16 15:42:44.980362918 +0100
@@ -0,0 +1,415 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3104,9 +3104,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0d/crypto/f
+
+ return 1;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_hash.c
---- openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips 2017-01-26 16:02:29.036334422 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_hash.c 2017-01-26 16:02:29.035334448 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_hash.c
+--- openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips 2017-02-16 15:42:44.980362918 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_hash.c 2017-02-16 15:42:44.980362918 +0100
@@ -0,0 +1,361 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3469,9 +3469,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0d/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c
---- openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips 2017-01-26 16:02:29.036334422 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c 2017-01-26 16:02:29.036334422 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips 2017-02-16 15:42:44.980362918 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c 2017-02-16 15:42:44.980362918 +0100
@@ -0,0 +1,272 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3745,9 +3745,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0d/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips 2017-01-26 16:02:29.036334422 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_lib.c 2017-01-26 16:02:29.036334422 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_lib.c
+--- openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips 2017-02-16 15:42:44.980362918 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_lib.c 2017-02-16 15:42:44.980362918 +0100
@@ -0,0 +1,555 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
@@ -4304,9 +4304,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0d/crypto/f
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips 2017-01-26 16:02:29.036334422 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_rand.c 2017-01-26 16:02:29.036334422 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_rand.c
+--- openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips 2017-02-16 15:42:44.980362918 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_rand.c 2017-02-16 15:42:44.980362918 +0100
@@ -0,0 +1,183 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4491,9 +4491,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0d/crypto/
+{
+ return &rand_drbg_meth;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips 2017-01-26 16:02:29.037334395 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c 2017-01-26 16:02:29.037334395 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips 2017-02-16 15:42:44.981362942 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c 2017-02-16 15:42:44.981362942 +0100
@@ -0,0 +1,828 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5323,9 +5323,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0d/cry
+ FIPS_drbg_free(dctx);
+ return rv;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h
---- openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips 2017-01-26 16:02:29.037334395 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h 2017-01-26 16:02:29.037334395 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips 2017-02-16 15:42:44.982362966 +0100
++++ openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h 2017-02-16 15:42:44.982362966 +0100
@@ -0,0 +1,1791 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7118,9 +7118,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0d/cry
+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
+ 0xc2, 0xd6, 0xfd, 0xa5
+};
-diff -up openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c 2017-01-26 16:02:29.038334368 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100
++++ openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c 2017-02-16 15:42:44.982362966 +0100
@@ -0,0 +1,195 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7317,9 +7317,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0d/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c 2017-01-26 16:02:29.038334368 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100
++++ openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c 2017-02-16 15:42:44.982362966 +0100
@@ -0,0 +1,242 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7563,9 +7563,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0d/cry
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c 2017-01-26 16:02:29.038334368 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100
++++ openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c 2017-02-16 15:42:44.982362966 +0100
@@ -0,0 +1,166 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7733,9 +7733,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0d/cr
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_enc.c.fips openssl-1.1.0d/crypto/fips/fips_enc.c
---- openssl-1.1.0d/crypto/fips/fips_enc.c.fips 2017-01-26 16:02:29.038334368 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_enc.c 2017-01-26 16:02:29.038334368 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_enc.c.fips openssl-1.1.0e/crypto/fips/fips_enc.c
+--- openssl-1.1.0e/crypto/fips/fips_enc.c.fips 2017-02-16 15:42:44.982362966 +0100
++++ openssl-1.1.0e/crypto/fips/fips_enc.c 2017-02-16 15:42:44.982362966 +0100
@@ -0,0 +1,189 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -7926,9 +7926,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_enc.c.fips openssl-1.1.0d/crypto/fips/f
+
+ }
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_err.h.fips openssl-1.1.0d/crypto/fips/fips_err.h
---- openssl-1.1.0d/crypto/fips/fips_err.h.fips 2017-01-26 16:02:29.038334368 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_err.h 2017-01-26 16:02:29.038334368 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_err.h.fips openssl-1.1.0e/crypto/fips/fips_err.h
+--- openssl-1.1.0e/crypto/fips/fips_err.h.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_err.h 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,196 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -8126,9 +8126,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_err.h.fips openssl-1.1.0d/crypto/fips/f
+#endif
+ return 1;
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_ers.c.fips openssl-1.1.0d/crypto/fips/fips_ers.c
---- openssl-1.1.0d/crypto/fips/fips_ers.c.fips 2017-01-26 16:02:29.039334342 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_ers.c 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_ers.c.fips openssl-1.1.0e/crypto/fips/fips_ers.c
+--- openssl-1.1.0e/crypto/fips/fips_ers.c.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_ers.c 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -8137,9 +8137,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_ers.c.fips openssl-1.1.0d/crypto/fips/f
+#else
+static void *dummy = &dummy;
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips 2017-01-26 16:02:29.039334342 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -8275,9 +8275,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0d/cry
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_locl.h.fips openssl-1.1.0d/crypto/fips/fips_locl.h
---- openssl-1.1.0d/crypto/fips/fips_locl.h.fips 2017-01-26 16:02:29.039334342 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_locl.h 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_locl.h.fips openssl-1.1.0e/crypto/fips/fips_locl.h
+--- openssl-1.1.0e/crypto/fips/fips_locl.h.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_locl.h 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8350,9 +8350,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_locl.h.fips openssl-1.1.0d/crypto/fips/
+}
+# endif
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_md.c.fips openssl-1.1.0d/crypto/fips/fips_md.c
---- openssl-1.1.0d/crypto/fips/fips_md.c.fips 2017-01-26 16:02:29.039334342 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_md.c 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_md.c.fips openssl-1.1.0e/crypto/fips/fips_md.c
+--- openssl-1.1.0e/crypto/fips/fips_md.c.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_md.c 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,144 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -8498,9 +8498,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_md.c.fips openssl-1.1.0d/crypto/fips/fi
+ return NULL;
+ }
+}
-diff -up openssl-1.1.0d/crypto/fips/fips_post.c.fips openssl-1.1.0d/crypto/fips/fips_post.c
---- openssl-1.1.0d/crypto/fips/fips_post.c.fips 2017-01-26 16:02:29.039334342 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_post.c 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_post.c.fips openssl-1.1.0e/crypto/fips/fips_post.c
+--- openssl-1.1.0e/crypto/fips/fips_post.c.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_post.c 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,222 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8724,9 +8724,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_post.c.fips openssl-1.1.0d/crypto/fips/
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0d/crypto/fips/fips_rand_lcl.h
---- openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips 2017-01-26 16:02:29.039334342 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_rand_lcl.h 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0e/crypto/fips/fips_rand_lcl.h
+--- openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips 2017-02-16 15:42:44.983362989 +0100
++++ openssl-1.1.0e/crypto/fips/fips_rand_lcl.h 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,209 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8937,9 +8937,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0d/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0d/crypto/fips/fips_rand_lib.c
---- openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips 2017-01-26 16:02:29.040334315 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_rand_lib.c 2017-01-26 16:02:29.039334342 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0e/crypto/fips/fips_rand_lib.c
+--- openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips 2017-02-16 15:42:44.984363013 +0100
++++ openssl-1.1.0e/crypto/fips/fips_rand_lib.c 2017-02-16 15:42:44.983362989 +0100
@@ -0,0 +1,234 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9175,9 +9175,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0d/crypto/f
+# endif
+}
+
-diff -up openssl-1.1.0d/crypto/fips/fips_randtest.c.fips openssl-1.1.0d/crypto/fips/fips_randtest.c
---- openssl-1.1.0d/crypto/fips/fips_randtest.c.fips 2017-01-26 16:02:29.040334315 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_randtest.c 2017-01-26 16:02:29.040334315 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_randtest.c.fips openssl-1.1.0e/crypto/fips/fips_randtest.c
+--- openssl-1.1.0e/crypto/fips/fips_randtest.c.fips 2017-02-16 15:42:44.984363013 +0100
++++ openssl-1.1.0e/crypto/fips/fips_randtest.c 2017-02-16 15:42:44.984363013 +0100
@@ -0,0 +1,247 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
@@ -9426,9 +9426,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_randtest.c.fips openssl-1.1.0d/crypto/f
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips 2017-01-26 16:02:29.040334315 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c 2017-01-26 16:02:29.040334315 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips 2017-02-16 15:42:44.984363013 +0100
++++ openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c 2017-02-16 15:42:44.984363013 +0100
@@ -0,0 +1,578 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -10008,9 +10008,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0d/cryp
+}
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_sha_selftest.c
---- openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips 2017-01-26 16:02:29.040334315 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_sha_selftest.c 2017-01-26 16:02:29.040334315 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_sha_selftest.c
+--- openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips 2017-02-16 15:42:44.984363013 +0100
++++ openssl-1.1.0e/crypto/fips/fips_sha_selftest.c 2017-02-16 15:42:44.984363013 +0100
@@ -0,0 +1,138 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10150,9 +10150,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0d/cryp
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c
---- openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips 2017-01-26 16:02:29.040334315 +0100
-+++ openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c 2017-01-26 16:02:29.040334315 +0100
+diff -up openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips 2017-02-16 15:42:44.984363013 +0100
++++ openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c 2017-02-16 15:42:44.984363013 +0100
@@ -0,0 +1,127 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10281,9 +10281,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0d/c
+#endif
+ return 0;
+}
-diff -up openssl-1.1.0d/crypto/hmac/hmac.c.fips openssl-1.1.0d/crypto/hmac/hmac.c
---- openssl-1.1.0d/crypto/hmac/hmac.c.fips 2017-01-26 14:10:22.000000000 +0100
-+++ openssl-1.1.0d/crypto/hmac/hmac.c 2017-01-26 16:02:29.041334288 +0100
+diff -up openssl-1.1.0e/crypto/hmac/hmac.c.fips openssl-1.1.0e/crypto/hmac/hmac.c
+--- openssl-1.1.0e/crypto/hmac/hmac.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/hmac/hmac.c 2017-02-16 15:42:44.984363013 +0100
@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
}
@@ -10298,9 +10298,9 @@ diff -up openssl-1.1.0d/crypto/hmac/hmac.c.fips openssl-1.1.0d/crypto/hmac/hmac.
reset = 1;
j = EVP_MD_block_size(md);
OPENSSL_assert(j <= (int)sizeof(ctx->key));
-diff -up openssl-1.1.0d/crypto/include/internal/fips_int.h.fips openssl-1.1.0d/crypto/include/internal/fips_int.h
---- openssl-1.1.0d/crypto/include/internal/fips_int.h.fips 2017-01-26 16:02:29.041334288 +0100
-+++ openssl-1.1.0d/crypto/include/internal/fips_int.h 2017-01-26 16:02:29.041334288 +0100
+diff -up openssl-1.1.0e/crypto/include/internal/fips_int.h.fips openssl-1.1.0e/crypto/include/internal/fips_int.h
+--- openssl-1.1.0e/crypto/include/internal/fips_int.h.fips 2017-02-16 15:42:44.985363037 +0100
++++ openssl-1.1.0e/crypto/include/internal/fips_int.h 2017-02-16 15:42:44.985363037 +0100
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10403,9 +10403,9 @@ diff -up openssl-1.1.0d/crypto/include/internal/fips_int.h.fips openssl-1.1.0d/c
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+#endif
-diff -up openssl-1.1.0d/crypto/o_fips.c.fips openssl-1.1.0d/crypto/o_fips.c
---- openssl-1.1.0d/crypto/o_fips.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/o_fips.c 2017-01-26 16:02:29.041334288 +0100
+diff -up openssl-1.1.0e/crypto/o_fips.c.fips openssl-1.1.0e/crypto/o_fips.c
+--- openssl-1.1.0e/crypto/o_fips.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/o_fips.c 2017-02-16 15:42:44.985363037 +0100
@@ -9,7 +9,10 @@
#include "internal/cryptlib.h"
@@ -10434,9 +10434,9 @@ diff -up openssl-1.1.0d/crypto/o_fips.c.fips openssl-1.1.0d/crypto/o_fips.c
#else
if (r == 0)
return 1;
-diff -up openssl-1.1.0d/crypto/o_init.c.fips openssl-1.1.0d/crypto/o_init.c
---- openssl-1.1.0d/crypto/o_init.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/o_init.c 2017-01-26 16:02:29.041334288 +0100
+diff -up openssl-1.1.0e/crypto/o_init.c.fips openssl-1.1.0e/crypto/o_init.c
+--- openssl-1.1.0e/crypto/o_init.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/o_init.c 2017-02-16 15:42:44.985363037 +0100
@@ -7,11 +7,50 @@
* https://www.openssl.org/source/license.html
*/
@@ -10523,9 +10523,9 @@ diff -up openssl-1.1.0d/crypto/o_init.c.fips openssl-1.1.0d/crypto/o_init.c
+{
+ OPENSSL_init_library();
+}
-diff -up openssl-1.1.0d/crypto/rand/md_rand.c.fips openssl-1.1.0d/crypto/rand/md_rand.c
---- openssl-1.1.0d/crypto/rand/md_rand.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rand/md_rand.c 2017-01-26 16:02:29.041334288 +0100
+diff -up openssl-1.1.0e/crypto/rand/md_rand.c.fips openssl-1.1.0e/crypto/rand/md_rand.c
+--- openssl-1.1.0e/crypto/rand/md_rand.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/rand/md_rand.c 2017-02-16 15:42:44.985363037 +0100
@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf
CRYPTO_THREAD_unlock(rand_tmp_lock);
crypto_lock_rand = 1;
@@ -10535,9 +10535,9 @@ diff -up openssl-1.1.0d/crypto/rand/md_rand.c.fips openssl-1.1.0d/crypto/rand/md
RAND_poll();
initialized = 1;
}
-diff -up openssl-1.1.0d/crypto/rand/rand_err.c.fips openssl-1.1.0d/crypto/rand/rand_err.c
---- openssl-1.1.0d/crypto/rand/rand_err.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rand/rand_err.c 2017-01-26 16:02:29.041334288 +0100
+diff -up openssl-1.1.0e/crypto/rand/rand_err.c.fips openssl-1.1.0e/crypto/rand/rand_err.c
+--- openssl-1.1.0e/crypto/rand/rand_err.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/rand/rand_err.c 2017-02-16 15:42:44.985363037 +0100
@@ -20,10 +20,13 @@
static ERR_STRING_DATA RAND_str_functs[] = {
@@ -10552,9 +10552,9 @@ diff -up openssl-1.1.0d/crypto/rand/rand_err.c.fips openssl-1.1.0d/crypto/rand/r
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
{0, NULL}
};
-diff -up openssl-1.1.0d/crypto/rand/rand_lcl.h.fips openssl-1.1.0d/crypto/rand/rand_lcl.h
---- openssl-1.1.0d/crypto/rand/rand_lcl.h.fips 2017-01-26 16:02:28.830339932 +0100
-+++ openssl-1.1.0d/crypto/rand/rand_lcl.h 2017-01-26 16:02:29.045334181 +0100
+diff -up openssl-1.1.0e/crypto/rand/rand_lcl.h.fips openssl-1.1.0e/crypto/rand/rand_lcl.h
+--- openssl-1.1.0e/crypto/rand/rand_lcl.h.fips 2017-02-16 15:42:44.817359061 +0100
++++ openssl-1.1.0e/crypto/rand/rand_lcl.h 2017-02-16 15:42:44.985363037 +0100
@@ -10,7 +10,7 @@
#ifndef HEADER_RAND_LCL_H
# define HEADER_RAND_LCL_H
@@ -10564,9 +10564,9 @@ diff -up openssl-1.1.0d/crypto/rand/rand_lcl.h.fips openssl-1.1.0d/crypto/rand/r
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
# define USE_SHA1_RAND
-diff -up openssl-1.1.0d/crypto/rand/rand_lib.c.fips openssl-1.1.0d/crypto/rand/rand_lib.c
---- openssl-1.1.0d/crypto/rand/rand_lib.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rand/rand_lib.c 2017-01-26 16:02:29.047334128 +0100
+diff -up openssl-1.1.0e/crypto/rand/rand_lib.c.fips openssl-1.1.0e/crypto/rand/rand_lib.c
+--- openssl-1.1.0e/crypto/rand/rand_lib.c.fips 2017-02-16 12:58:21.000000000 +0100
++++ openssl-1.1.0e/crypto/rand/rand_lib.c 2017-02-16 15:42:44.985363037 +0100
@@ -18,6 +18,8 @@
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
@@ -10704,9 +10704,9 @@ diff -up openssl-1.1.0d/crypto/rand/rand_lib.c.fips openssl-1.1.0d/crypto/rand/r
+}
+
+#endif
-diff -up openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0d/crypto/rsa/rsa_crpt.c
---- openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rsa/rsa_crpt.c 2017-01-26 16:02:29.048334101 +0100
+diff -up openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0e/crypto/rsa/rsa_crpt.c
+--- openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/rsa/rsa_crpt.c 2017-02-16 15:42:44.986363060 +0100
@@ -28,24 +28,52 @@ int RSA_size(const RSA *r)
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
@@ -10760,9 +10760,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0d/crypto/rsa/rsa
return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-diff -up openssl-1.1.0d/crypto/rsa/rsa_err.c.fips openssl-1.1.0d/crypto/rsa/rsa_err.c
---- openssl-1.1.0d/crypto/rsa/rsa_err.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rsa/rsa_err.c 2017-01-26 16:02:29.049334074 +0100
+diff -up openssl-1.1.0e/crypto/rsa/rsa_err.c.fips openssl-1.1.0e/crypto/rsa/rsa_err.c
+--- openssl-1.1.0e/crypto/rsa/rsa_err.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/rsa/rsa_err.c 2017-02-16 15:42:44.986363060 +0100
@@ -21,6 +21,7 @@
static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
@@ -10808,9 +10808,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_err.c.fips openssl-1.1.0d/crypto/rsa/rsa_
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
-diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips openssl-1.1.0d/crypto/rsa/rsa_gen.c
---- openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips 2017-01-26 16:02:29.007335198 +0100
-+++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:02:29.051334021 +0100
+diff -up openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips openssl-1.1.0e/crypto/rsa/rsa_gen.c
+--- openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips 2017-02-16 15:42:44.969362658 +0100
++++ openssl-1.1.0e/crypto/rsa/rsa_gen.c 2017-02-16 15:42:44.986363060 +0100
@@ -18,6 +18,75 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -11189,9 +11189,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips openssl-1.1.0d/crypto/rsa/rsa_
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips openssl-1.1.0d/crypto/rsa/rsa_lib.c
---- openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rsa/rsa_lib.c 2017-01-26 16:02:29.052333994 +0100
+diff -up openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips openssl-1.1.0e/crypto/rsa/rsa_lib.c
+--- openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/rsa/rsa_lib.c 2017-02-16 15:42:44.986363060 +0100
@@ -26,6 +26,12 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -11247,9 +11247,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips openssl-1.1.0d/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
goto err;
}
-diff -up openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0d/crypto/rsa/rsa_ossl.c
---- openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rsa/rsa_ossl.c 2017-01-26 16:02:29.053333967 +0100
+diff -up openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0e/crypto/rsa/rsa_ossl.c
+--- openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/rsa/rsa_ossl.c 2017-02-16 15:42:44.986363060 +0100
@@ -11,6 +11,10 @@
#include "internal/bn_int.h"
#include "rsa_locl.h"
@@ -11353,9 +11353,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0d/crypto/rsa/rsa
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
-diff -up openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips openssl-1.1.0d/crypto/rsa/rsa_sign.c
---- openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/rsa/rsa_sign.c 2017-01-26 16:02:29.054333940 +0100
+diff -up openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips openssl-1.1.0e/crypto/rsa/rsa_sign.c
+--- openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/rsa/rsa_sign.c 2017-02-16 15:42:44.986363060 +0100
@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
@@ -11382,9 +11382,22 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips openssl-1.1.0d/crypto/rsa/rsa
if (encrypt_len <= 0)
goto err;
-diff -up openssl-1.1.0d/crypto/sha/sha256.c.fips openssl-1.1.0d/crypto/sha/sha256.c
---- openssl-1.1.0d/crypto/sha/sha256.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/sha/sha256.c 2017-01-26 16:02:29.055333914 +0100
+diff -up openssl-1.1.0e/crypto/sha/sha_locl.h.fips openssl-1.1.0e/crypto/sha/sha_locl.h
+--- openssl-1.1.0e/crypto/sha/sha_locl.h.fips 2017-02-16 15:42:44.738357192 +0100
++++ openssl-1.1.0e/crypto/sha/sha_locl.h 2017-02-16 15:42:44.987363084 +0100
+@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
+
+ int HASH_INIT(SHA_CTX *c)
+ {
++#if defined(OPENSSL_FIPS)
++ FIPS_selftest_check();
++#endif
+ memset(c, 0, sizeof(*c));
+ c->h0 = INIT_DATA_h0;
+ c->h1 = INIT_DATA_h1;
+diff -up openssl-1.1.0e/crypto/sha/sha256.c.fips openssl-1.1.0e/crypto/sha/sha256.c
+--- openssl-1.1.0e/crypto/sha/sha256.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/sha/sha256.c 2017-02-16 15:42:44.986363060 +0100
@@ -18,6 +18,9 @@
int SHA224_Init(SHA256_CTX *c)
@@ -11405,9 +11418,9 @@ diff -up openssl-1.1.0d/crypto/sha/sha256.c.fips openssl-1.1.0d/crypto/sha/sha25
memset(c, 0, sizeof(*c));
c->h[0] = 0x6a09e667UL;
c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.1.0d/crypto/sha/sha512.c.fips openssl-1.1.0d/crypto/sha/sha512.c
---- openssl-1.1.0d/crypto/sha/sha512.c.fips 2017-01-26 14:10:23.000000000 +0100
-+++ openssl-1.1.0d/crypto/sha/sha512.c 2017-01-26 16:02:29.055333914 +0100
+diff -up openssl-1.1.0e/crypto/sha/sha512.c.fips openssl-1.1.0e/crypto/sha/sha512.c
+--- openssl-1.1.0e/crypto/sha/sha512.c.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/crypto/sha/sha512.c 2017-02-16 15:42:44.987363084 +0100
@@ -62,6 +62,9 @@
int SHA384_Init(SHA512_CTX *c)
@@ -11428,22 +11441,9 @@ diff -up openssl-1.1.0d/crypto/sha/sha512.c.fips openssl-1.1.0d/crypto/sha/sha51
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.1.0d/crypto/sha/sha_locl.h.fips openssl-1.1.0d/crypto/sha/sha_locl.h
---- openssl-1.1.0d/crypto/sha/sha_locl.h.fips 2017-01-26 16:02:28.826340039 +0100
-+++ openssl-1.1.0d/crypto/sha/sha_locl.h 2017-01-26 16:02:29.054333940 +0100
-@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
-
- int HASH_INIT(SHA_CTX *c)
- {
-+#if defined(OPENSSL_FIPS)
-+ FIPS_selftest_check();
-+#endif
- memset(c, 0, sizeof(*c));
- c->h0 = INIT_DATA_h0;
- c->h1 = INIT_DATA_h1;
-diff -up openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod
---- openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips 2017-01-26 14:10:24.000000000 +0100
-+++ openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod 2017-01-26 16:02:29.056333887 +0100
+diff -up openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod
+--- openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod 2017-02-16 15:42:44.987363084 +0100
@@ -29,8 +29,10 @@ B<bits> is the length of the prime p to
For lengths under 2048 bits, the length of q is 160 bits; for lengths
greater than or equal to 2048 bits, the length of q is set to 256 bits.
@@ -11457,9 +11457,9 @@ diff -up openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.
DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
-diff -up openssl-1.1.0d/include/openssl/crypto.h.fips openssl-1.1.0d/include/openssl/crypto.h
---- openssl-1.1.0d/include/openssl/crypto.h.fips 2017-01-26 14:10:24.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/crypto.h 2017-01-26 16:02:29.057333860 +0100
+diff -up openssl-1.1.0e/include/openssl/crypto.h.fips openssl-1.1.0e/include/openssl/crypto.h
+--- openssl-1.1.0e/include/openssl/crypto.h.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/crypto.h 2017-02-16 15:42:44.987363084 +0100
@@ -332,6 +332,11 @@ int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
@@ -11472,9 +11472,9 @@ diff -up openssl-1.1.0d/include/openssl/crypto.h.fips openssl-1.1.0d/include/ope
void OPENSSL_init(void);
struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-diff -up openssl-1.1.0d/include/openssl/dh.h.fips openssl-1.1.0d/include/openssl/dh.h
---- openssl-1.1.0d/include/openssl/dh.h.fips 2017-01-26 14:10:24.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/dh.h 2017-01-26 16:02:29.058333833 +0100
+diff -up openssl-1.1.0e/include/openssl/dh.h.fips openssl-1.1.0e/include/openssl/dh.h
+--- openssl-1.1.0e/include/openssl/dh.h.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/dh.h 2017-02-16 15:42:44.987363084 +0100
@@ -30,6 +30,7 @@ extern "C" {
# endif
@@ -11506,9 +11506,9 @@ diff -up openssl-1.1.0d/include/openssl/dh.h.fips openssl-1.1.0d/include/openssl
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
-diff -up openssl-1.1.0d/include/openssl/dsa.h.fips openssl-1.1.0d/include/openssl/dsa.h
---- openssl-1.1.0d/include/openssl/dsa.h.fips 2017-01-26 14:10:24.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/dsa.h 2017-01-26 16:08:36.807496229 +0100
+diff -up openssl-1.1.0e/include/openssl/dsa.h.fips openssl-1.1.0e/include/openssl/dsa.h
+--- openssl-1.1.0e/include/openssl/dsa.h.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/dsa.h 2017-02-16 15:42:44.987363084 +0100
@@ -36,6 +36,7 @@ extern "C" {
# endif
@@ -11554,9 +11554,9 @@ diff -up openssl-1.1.0d/include/openssl/dsa.h.fips openssl-1.1.0d/include/openss
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
-diff -up openssl-1.1.0d/include/openssl/evp.h.fips openssl-1.1.0d/include/openssl/evp.h
---- openssl-1.1.0d/include/openssl/evp.h.fips 2017-01-26 14:10:24.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/evp.h 2017-01-26 16:09:01.024848394 +0100
+diff -up openssl-1.1.0e/include/openssl/evp.h.fips openssl-1.1.0e/include/openssl/evp.h
+--- openssl-1.1.0e/include/openssl/evp.h.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/evp.h 2017-02-16 15:42:44.988363108 +0100
@@ -1458,6 +1458,7 @@ int ERR_load_EVP_strings(void);
# define EVP_F_AES_OCB_CIPHER 169
# define EVP_F_AES_T4_INIT_KEY 178
@@ -11581,9 +11581,9 @@ diff -up openssl-1.1.0d/include/openssl/evp.h.fips openssl-1.1.0d/include/openss
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-diff -up openssl-1.1.0d/include/openssl/fips.h.fips openssl-1.1.0d/include/openssl/fips.h
---- openssl-1.1.0d/include/openssl/fips.h.fips 2017-01-26 16:02:29.060333780 +0100
-+++ openssl-1.1.0d/include/openssl/fips.h 2017-01-26 16:02:29.059333807 +0100
+diff -up openssl-1.1.0e/include/openssl/fips.h.fips openssl-1.1.0e/include/openssl/fips.h
+--- openssl-1.1.0e/include/openssl/fips.h.fips 2017-02-16 15:42:44.988363108 +0100
++++ openssl-1.1.0e/include/openssl/fips.h 2017-02-16 15:42:44.988363108 +0100
@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11771,9 +11771,9 @@ diff -up openssl-1.1.0d/include/openssl/fips.h.fips openssl-1.1.0d/include/opens
+}
+# endif
+#endif
-diff -up openssl-1.1.0d/include/openssl/fips_rand.h.fips openssl-1.1.0d/include/openssl/fips_rand.h
---- openssl-1.1.0d/include/openssl/fips_rand.h.fips 2017-01-26 16:02:29.060333780 +0100
-+++ openssl-1.1.0d/include/openssl/fips_rand.h 2017-01-26 16:02:29.060333780 +0100
+diff -up openssl-1.1.0e/include/openssl/fips_rand.h.fips openssl-1.1.0e/include/openssl/fips_rand.h
+--- openssl-1.1.0e/include/openssl/fips_rand.h.fips 2017-02-16 15:42:44.988363108 +0100
++++ openssl-1.1.0e/include/openssl/fips_rand.h 2017-02-16 15:42:44.988363108 +0100
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11920,9 +11920,9 @@ diff -up openssl-1.1.0d/include/openssl/fips_rand.h.fips openssl-1.1.0d/include/
+# endif
+# endif
+#endif
-diff -up openssl-1.1.0d/include/openssl/opensslconf.h.in.fips openssl-1.1.0d/include/openssl/opensslconf.h.in
---- openssl-1.1.0d/include/openssl/opensslconf.h.in.fips 2017-01-26 14:10:25.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/opensslconf.h.in 2017-01-26 16:02:29.060333780 +0100
+diff -up openssl-1.1.0e/include/openssl/opensslconf.h.in.fips openssl-1.1.0e/include/openssl/opensslconf.h.in
+--- openssl-1.1.0e/include/openssl/opensslconf.h.in.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/opensslconf.h.in 2017-02-16 15:42:44.988363108 +0100
@@ -136,6 +136,11 @@ extern "C" {
#define RC4_INT {- $config{rc4_int} -}
@@ -11935,9 +11935,9 @@ diff -up openssl-1.1.0d/include/openssl/opensslconf.h.in.fips openssl-1.1.0d/inc
#ifdef __cplusplus
}
#endif
-diff -up openssl-1.1.0d/include/openssl/rand.h.fips openssl-1.1.0d/include/openssl/rand.h
---- openssl-1.1.0d/include/openssl/rand.h.fips 2017-01-26 14:10:25.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/rand.h 2017-01-26 16:02:29.061333753 +0100
+diff -up openssl-1.1.0e/include/openssl/rand.h.fips openssl-1.1.0e/include/openssl/rand.h
+--- openssl-1.1.0e/include/openssl/rand.h.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/rand.h 2017-02-16 15:42:44.988363108 +0100
@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
#endif
@@ -11962,9 +11962,9 @@ diff -up openssl-1.1.0d/include/openssl/rand.h.fips openssl-1.1.0d/include/opens
# define RAND_R_PRNG_NOT_SEEDED 100
# ifdef __cplusplus
-diff -up openssl-1.1.0d/include/openssl/rsa.h.fips openssl-1.1.0d/include/openssl/rsa.h
---- openssl-1.1.0d/include/openssl/rsa.h.fips 2017-01-26 14:10:25.000000000 +0100
-+++ openssl-1.1.0d/include/openssl/rsa.h 2017-01-26 16:02:29.061333753 +0100
+diff -up openssl-1.1.0e/include/openssl/rsa.h.fips openssl-1.1.0e/include/openssl/rsa.h
+--- openssl-1.1.0e/include/openssl/rsa.h.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/rsa.h 2017-02-16 15:42:44.988363108 +0100
@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void);
/* Function codes. */
# define RSA_F_CHECK_PADDING_MD 140
@@ -12009,9 +12009,9 @@ diff -up openssl-1.1.0d/include/openssl/rsa.h.fips openssl-1.1.0d/include/openss
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
-diff -up openssl-1.1.0d/ssl/ssl_ciph.c.fips openssl-1.1.0d/ssl/ssl_ciph.c
---- openssl-1.1.0d/ssl/ssl_ciph.c.fips 2017-01-26 16:02:29.011335091 +0100
-+++ openssl-1.1.0d/ssl/ssl_ciph.c 2017-01-26 16:02:29.062333726 +0100
+diff -up openssl-1.1.0e/ssl/ssl_ciph.c.fips openssl-1.1.0e/ssl/ssl_ciph.c
+--- openssl-1.1.0e/ssl/ssl_ciph.c.fips 2017-02-16 15:42:44.973362753 +0100
++++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 15:42:44.989363131 +0100
@@ -404,7 +404,8 @@ void ssl_load_ciphers(void)
}
}
@@ -12031,9 +12031,9 @@ diff -up openssl-1.1.0d/ssl/ssl_ciph.c.fips openssl-1.1.0d/ssl/ssl_ciph.c
continue;
if ((c->algorithm_mkey & disabled_mkey) ||
(c->algorithm_auth & disabled_auth) ||
-diff -up openssl-1.1.0d/ssl/ssl_init.c.fips openssl-1.1.0d/ssl/ssl_init.c
---- openssl-1.1.0d/ssl/ssl_init.c.fips 2017-01-26 14:10:25.000000000 +0100
-+++ openssl-1.1.0d/ssl/ssl_init.c 2017-01-26 16:02:29.062333726 +0100
+diff -up openssl-1.1.0e/ssl/ssl_init.c.fips openssl-1.1.0e/ssl/ssl_init.c
+--- openssl-1.1.0e/ssl/ssl_init.c.fips 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/ssl/ssl_init.c 2017-02-16 15:42:44.989363131 +0100
@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
@@ -12077,10 +12077,10 @@ diff -up openssl-1.1.0d/ssl/ssl_init.c.fips openssl-1.1.0d/ssl/ssl_init.c
#ifndef OPENSSL_NO_COMP
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-diff -up openssl-1.1.0d/ssl/ssl_lib.c.fips openssl-1.1.0d/ssl/ssl_lib.c
---- openssl-1.1.0d/ssl/ssl_lib.c.fips 2017-01-26 16:02:29.012335064 +0100
-+++ openssl-1.1.0d/ssl/ssl_lib.c 2017-01-26 16:02:29.063333699 +0100
-@@ -2405,13 +2405,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.1.0e/ssl/ssl_lib.c.fips openssl-1.1.0e/ssl/ssl_lib.c
+--- openssl-1.1.0e/ssl/ssl_lib.c.fips 2017-02-16 15:42:44.973362753 +0100
++++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 15:42:44.989363131 +0100
+@@ -2413,13 +2413,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (ret->param == NULL)
goto err;
@@ -12105,9 +12105,9 @@ diff -up openssl-1.1.0d/ssl/ssl_lib.c.fips openssl-1.1.0d/ssl/ssl_lib.c
}
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
-diff -up openssl-1.1.0d/test/dsatest.c.fips openssl-1.1.0d/test/dsatest.c
---- openssl-1.1.0d/test/dsatest.c.fips 2017-01-26 14:10:25.000000000 +0100
-+++ openssl-1.1.0d/test/dsatest.c 2017-01-26 16:02:29.063333699 +0100
+diff -up openssl-1.1.0e/test/dsatest.c.fips openssl-1.1.0e/test/dsatest.c
+--- openssl-1.1.0e/test/dsatest.c.fips 2017-02-16 12:58:24.000000000 +0100
++++ openssl-1.1.0e/test/dsatest.c 2017-02-16 15:42:44.989363131 +0100
@@ -32,41 +32,42 @@ int main(int argc, char *argv[])
static int dsa_cb(int p, int n, BN_GENCB *arg);
@@ -12196,9 +12196,9 @@ diff -up openssl-1.1.0d/test/dsatest.c.fips openssl-1.1.0d/test/dsatest.c
goto end;
}
if (h != 2) {
-diff -up openssl-1.1.0d/util/mkdef.pl.fips openssl-1.1.0d/util/mkdef.pl
---- openssl-1.1.0d/util/mkdef.pl.fips 2017-01-26 14:10:26.000000000 +0100
-+++ openssl-1.1.0d/util/mkdef.pl 2017-01-26 16:02:29.064333673 +0100
+diff -up openssl-1.1.0e/util/mkdef.pl.fips openssl-1.1.0e/util/mkdef.pl
+--- openssl-1.1.0e/util/mkdef.pl.fips 2017-02-16 12:58:24.000000000 +0100
++++ openssl-1.1.0e/util/mkdef.pl 2017-02-16 15:42:44.989363131 +0100
@@ -307,6 +307,8 @@ $crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";
$crypto.=" include/openssl/ct.h";
diff --git a/openssl-1.1.0-system-cipherlist.patch b/openssl-1.1.0-system-cipherlist.patch
index 859fd37..9f63162 100644
--- a/openssl-1.1.0-system-cipherlist.patch
+++ b/openssl-1.1.0-system-cipherlist.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0b/Configurations/unix-Makefile.tmpl
---- openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist 2016-09-26 15:57:34.000000000 +0200
-+++ openssl-1.1.0b/Configurations/unix-Makefile.tmpl 2016-09-26 16:41:17.796148764 +0200
-@@ -157,6 +157,10 @@ MANDIR=$(INSTALLTOP)/share/man
+diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0e/Configurations/unix-Makefile.tmpl
+--- openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist 2017-02-16 16:15:38.658931413 +0100
++++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl 2017-02-16 16:15:38.675931806 +0100
+@@ -161,6 +161,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
@@ -12,7 +12,7 @@ diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist open
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
-@@ -167,7 +171,7 @@ HTMLSUFFIX=html
+@@ -171,7 +175,7 @@ HTMLSUFFIX=html
CROSS_COMPILE= {- $config{cross_compile_prefix} -}
CC= $(CROSS_COMPILE){- $target{cc} -}
@@ -21,9 +21,9 @@ diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist open
CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
LDFLAGS= {- $target{lflags} -}
PLIB_LDFLAGS= {- $target{plib_lflags} -}
-diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure
---- openssl-1.1.0b/Configure.system-cipherlist 2016-09-26 15:57:34.000000000 +0200
-+++ openssl-1.1.0b/Configure 2016-09-26 16:41:45.002787753 +0200
+diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure
+--- openssl-1.1.0e/Configure.system-cipherlist 2017-02-16 12:58:20.000000000 +0100
++++ openssl-1.1.0e/Configure 2017-02-16 16:15:38.679931899 +0100
@@ -18,7 +18,7 @@ use if $^O ne "VMS", 'File::Glob' => qw/
# see INSTALL for instructions.
@@ -43,7 +43,7 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure
# --cross-compile-prefix Add specified prefix to binutils components.
#
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
-@@ -292,6 +295,7 @@ $config{openssldir}="";
+@@ -293,6 +296,7 @@ $config{openssldir}="";
$config{processor}="";
$config{libdir}="";
$config{cross_compile_prefix}="";
@@ -51,7 +51,7 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure
$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
$config{baseaddr}="0xFB00000";
-@@ -716,6 +720,10 @@ foreach (@argvcopy)
+@@ -718,6 +722,10 @@ while (@argvcopy)
{
$config{baseaddr}="$1";
}
@@ -62,7 +62,7 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure
elsif (/^--cross-compile-prefix=(.*)$/)
{
$config{cross_compile_prefix}=$1;
-@@ -841,6 +849,8 @@ if ($target =~ m/^CygWin32(-.*)$/) {
+@@ -851,6 +859,8 @@ if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
@@ -71,9 +71,28 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure
foreach (sort (keys %disabled))
{
$config{options} .= " no-$_";
-diff -up openssl-1.1.0b/include/openssl/ssl.h.system-cipherlist openssl-1.1.0b/include/openssl/ssl.h
---- openssl-1.1.0b/include/openssl/ssl.h.system-cipherlist 2016-09-26 11:46:07.000000000 +0200
-+++ openssl-1.1.0b/include/openssl/ssl.h 2016-09-26 16:58:03.752760070 +0200
+diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/doc/apps/ciphers.pod
+--- openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist 2017-02-16 12:58:22.000000000 +0100
++++ openssl-1.1.0e/doc/apps/ciphers.pod 2017-02-16 16:37:14.043219953 +0100
+@@ -181,6 +181,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
+
+ The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+
++=item B<PROFILE=SYSTEM>
++
++The list of enabled cipher suites will be loaded from the system crypto policy
++configuration file B</etc/crypto-policies/back-ends/openssl.config>.
++See also L<update-crypto-policies(8)>.
++This is the default behavior unless an application explicitly sets a cipher
++list. If used in a cipher list configuration value this string must be at the
++beginning of the cipher list, otherwise it will not be recognized.
++
+ =item B<HIGH>
+
+ "high" encryption cipher suites. This currently means those with key lengths
+diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/include/openssl/ssl.h
+--- openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/include/openssl/ssl.h 2017-02-16 16:15:38.676931830 +0100
@@ -201,6 +201,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
@@ -86,9 +105,9 @@ diff -up openssl-1.1.0b/include/openssl/ssl.h.system-cipherlist openssl-1.1.0b/i
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
-diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ciph.c
---- openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist 2016-09-26 11:46:07.000000000 +0200
-+++ openssl-1.1.0b/ssl/ssl_ciph.c 2016-09-26 16:51:33.056591689 +0200
+diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ciph.c
+--- openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist 2017-02-16 12:58:23.000000000 +0100
++++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 16:15:38.691932177 +0100
@@ -1289,6 +1289,50 @@ static int check_suiteb_cipher_list(cons
}
#endif
@@ -140,7 +159,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
**cipher_list, STACK_OF(SSL_CIPHER)
**cipher_list_by_id,
-@@ -1296,19 +1340,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1296,19 +1341,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
@@ -173,7 +192,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
#endif
/*
-@@ -1331,7 +1385,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1331,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
@@ -182,7 +201,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1401,8 +1455,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1401,8 +1456,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
@@ -192,7 +211,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
}
/*
-@@ -1447,9 +1500,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1447,9 +1501,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
@@ -203,7 +222,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
-@@ -1475,8 +1527,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1475,8 +1528,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
@@ -213,7 +232,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
}
/*
-@@ -1484,8 +1535,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1484,8 +1536,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@@ -223,7 +242,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
}
/*
-@@ -1496,21 +1546,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1496,21 +1547,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
if (curr->active
&& (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) {
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
@@ -249,7 +268,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
}
sk_SSL_CIPHER_free(*cipher_list);
*cipher_list = cipherstack;
-@@ -1520,6 +1570,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1520,6 +1571,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
@@ -262,9 +281,9 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_
return (cipherstack);
}
-diff -up openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0b/ssl/ssl_lib.c
---- openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist 2016-09-26 15:57:34.000000000 +0200
-+++ openssl-1.1.0b/ssl/ssl_lib.c 2016-09-26 16:55:23.668003396 +0200
+diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_lib.c
+--- openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist 2017-02-16 16:15:38.673931760 +0100
++++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 16:15:38.692932200 +0100
@@ -509,7 +509,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
@@ -274,7 +293,7 @@ diff -up openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0b/ssl/ssl_l
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return (0);
-@@ -2395,7 +2395,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+@@ -2403,7 +2403,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
#endif
if (!ssl_create_cipher_list(ret->method,
&ret->cipher_list, &ret->cipher_list_by_id,
@@ -283,9 +302,9 @@ diff -up openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0b/ssl/ssl_l
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
-diff -up openssl-1.1.0b/test/cipherlist_test.c.system-cipherlist openssl-1.1.0b/test/cipherlist_test.c
---- openssl-1.1.0b/test/cipherlist_test.c.system-cipherlist 2016-09-26 11:46:08.000000000 +0200
-+++ openssl-1.1.0b/test/cipherlist_test.c 2016-09-26 17:18:29.380513853 +0200
+diff -up openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist openssl-1.1.0e/test/cipherlist_test.c
+--- openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist 2017-02-16 12:58:24.000000000 +0100
++++ openssl-1.1.0e/test/cipherlist_test.c 2017-02-16 16:15:38.677931853 +0100
@@ -190,7 +190,9 @@ int main(int argc, char **argv)
{
int result = 0;
diff --git a/openssl.spec b/openssl.spec
index 4876a57..4f2d57d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.0d
-Release: 3%{?dist}
+Version: 1.1.0e
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -61,7 +61,6 @@ Patch42: openssl-1.1.0-fips.patch
Patch43: openssl-1.1.0-afalg-eventfd2.patch
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
# Backported fixes including security fixes
-Patch60: openssl-1.1.0-backports.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -162,8 +161,6 @@ cp %{SOURCE13} test/
%patch43 -p1 -b .eventfd2
%patch44 -p1 -b .preserve-nl
-%patch60 -p1 -b .backports
-
%build
# Figure out which flags we want to use.
# default
@@ -430,6 +427,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Feb 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0e-1
+- update to upstream version 1.1.0e
+- add documentation of the PROFILE=SYSTEM special cipher string (#1420232)
+
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0d-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
diff --git a/sources b/sources
index e0f4a59..bbc4696 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-1.1.0d-hobbled.tar.xz) = 375cecff07762593606d5e3ea145cf3dfad8ab5ce2fa2b696ffa2fbff9b45b929259f481c44d1db475183030e70eb443ae8c73ee9257fb766597032b27654349
+SHA512 (openssl-1.1.0e-hobbled.tar.xz) = 7db753907c211427ed494d92915c255d05faf9b47f22febfffbfe2be602777b6b82d7c71793003c2ebbbf7f67708c80a72aacde2582501ae63761b1090523974