From fa66cf4b52f1c3df522bbe6fb45f26e89487eb49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Tue, 30 Mar 2010 09:37:41 +0000 Subject: [PATCH] - update to final 1.0.0 upstream release --- .cvsignore | 2 +- openssl-1.0.0-beta5-cleanse.patch | 109 --- openssl-1.0.0-beta5-version.patch | 14 - ...ta5-fips.patch => openssl-1.0.0-fips.patch | 893 ++++++++---------- openssl-1.0.0-version.patch | 13 + openssl.spec | 17 +- sources | 2 +- 7 files changed, 439 insertions(+), 611 deletions(-) delete mode 100644 openssl-1.0.0-beta5-cleanse.patch delete mode 100644 openssl-1.0.0-beta5-version.patch rename openssl-1.0.0-beta5-fips.patch => openssl-1.0.0-fips.patch (89%) create mode 100644 openssl-1.0.0-version.patch diff --git a/.cvsignore b/.cvsignore index f133f6d..3930a9d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-1.0.0-beta5-usa.tar.bz2 +openssl-1.0.0-usa.tar.bz2 diff --git a/openssl-1.0.0-beta5-cleanse.patch b/openssl-1.0.0-beta5-cleanse.patch deleted file mode 100644 index 92f7446..0000000 --- a/openssl-1.0.0-beta5-cleanse.patch +++ /dev/null @@ -1,109 +0,0 @@ -Gracefully handle zero length in assembler implementations of OPENSSL_cleanse. -diff -up openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse openssl-1.0.0-beta5/crypto/ia64cpuid.S ---- openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse 2007-07-27 20:03:27.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/ia64cpuid.S 2010-02-12 18:13:52.000000000 +0100 -@@ -130,9 +130,11 @@ OPENSSL_wipe_cpu: - .global OPENSSL_cleanse# - .proc OPENSSL_cleanse# - OPENSSL_cleanse: -+{ .mib; cmp.eq p6,p0=0,r33 // len==0 - #if defined(_HPUX_SOURCE) && !defined(_LP64) --{ .mmi; addp4 r32=0,r32 };; -+ addp4 r32=0,r32 - #endif -+(p6) br.ret.spnt b0 };; - { .mib; and r2=7,r32 - cmp.leu p6,p0=15,r33 // len>=15 - (p6) br.cond.dptk .Lot };; -diff -up openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl ---- openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse 2008-01-13 23:01:29.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -101,6 +101,13 @@ my $bnelr = sub { - " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : - " bclr $bo,2"; - }; -+my $beqlr = sub { -+ my $f = shift; -+ my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint -+ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints -+ " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : -+ " bclr $bo,2"; -+}; - # GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two - # arguments is 64, with "operand out of range" error. - my $extrdi = sub { -diff -up openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse openssl-1.0.0-beta5/crypto/ppccpuid.pl ---- openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse 2008-09-12 16:45:53.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/ppccpuid.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -67,6 +67,8 @@ Loop: lwarx r5,0,r3 - $CMPLI r4,7 - li r0,0 - bge Lot -+ $CMPLI r4,0 -+ beqlr- - Little: mtctr r4 - stb r0,0(r3) - addi r3,r3,1 -diff -up openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse openssl-1.0.0-beta5/crypto/sparccpuid.S ---- openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse 2007-05-19 19:26:48.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/sparccpuid.S 2010-02-12 18:13:52.000000000 +0100 -@@ -242,6 +242,10 @@ OPENSSL_cleanse: - #else - bgu .Lot - #endif -+ cmp %o1,0 -+ bne .Little -+ nop -+ retl - nop - - .Little: -diff -up openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse openssl-1.0.0-beta5/crypto/s390xcpuid.S ---- openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse 2010-01-19 22:40:56.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/s390xcpuid.S 2010-02-12 18:13:52.000000000 +0100 -@@ -62,6 +62,8 @@ OPENSSL_cleanse: - lghi %r0,0 - clgr %r3,%r4 - jh .Lot -+ clgr %r3,%r0 -+ bcr 8,%r14 - .Little: - stc %r0,0(%r2) - la %r2,1(%r2) -diff -up openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86cpuid.pl ---- openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/x86cpuid.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -279,11 +279,14 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 - &xor ("eax","eax"); - &cmp ("ecx",7); - &jae (&label("lot")); -+ &cmp ("ecx",0); -+ &je (&label("ret")); - &set_label("little"); - &mov (&BP(0,"edx"),"al"); - &sub ("ecx",1); - &lea ("edx",&DWP(1,"edx")); - &jnz (&label("little")); -+&set_label("ret"); - &ret (); - - &set_label("lot",16); -diff -up openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86_64cpuid.pl ---- openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/x86_64cpuid.pl 2010-02-12 18:13:52.000000000 +0100 -@@ -145,12 +145,14 @@ OPENSSL_cleanse: - xor %rax,%rax - cmp \$15,$arg2 - jae .Lot -+ cmp \$0,$arg2 -+ je .Lret - .Little: - mov %al,($arg1) - sub \$1,$arg2 - lea 1($arg1),$arg1 - jnz .Little -- ret -+.Lret: ret - .align 16 - .Lot: - test \$7,$arg1 diff --git a/openssl-1.0.0-beta5-version.patch b/openssl-1.0.0-beta5-version.patch deleted file mode 100644 index cf3bcf6..0000000 --- a/openssl-1.0.0-beta5-version.patch +++ /dev/null @@ -1,14 +0,0 @@ -We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist -on having the same beta status of OpenSSL library as they were built against. -diff -up openssl-1.0.0-beta5/crypto/opensslv.h.version openssl-1.0.0-beta5/crypto/opensslv.h ---- openssl-1.0.0-beta5/crypto/opensslv.h.version 2010-01-20 18:16:43.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/opensslv.h 2010-01-20 20:20:23.000000000 +0100 -@@ -25,7 +25,7 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x10000005L -+#define OPENSSL_VERSION_NUMBER 0x10000003L - #ifdef OPENSSL_FIPS - #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips-beta5 20 Jan 2010" - #else diff --git a/openssl-1.0.0-beta5-fips.patch b/openssl-1.0.0-fips.patch similarity index 89% rename from openssl-1.0.0-beta5-fips.patch rename to openssl-1.0.0-fips.patch index 0a57f67..e5b6de7 100644 --- a/openssl-1.0.0-beta5-fips.patch +++ b/openssl-1.0.0-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.0-beta5/Configure.fips openssl-1.0.0-beta5/Configure ---- openssl-1.0.0-beta5/Configure.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/Configure 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure +--- openssl-1.0.0/Configure.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/Configure 2010-03-30 10:33:46.000000000 +0200 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml my $processor=""; my $default_ranlib; @@ -43,9 +43,9 @@ diff -up openssl-1.0.0-beta5/Configure.fips openssl-1.0.0-beta5/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.0-beta5/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta5/crypto/bf/bf_skey.c ---- openssl-1.0.0-beta5/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bf/bf_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c +--- openssl-1.0.0/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100 ++++ openssl-1.0.0/crypto/bf/bf_skey.c 2010-03-30 10:33:46.000000000 +0200 @@ -59,10 +59,15 @@ #include #include @@ -63,9 +63,9 @@ diff -up openssl-1.0.0-beta5/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta5/crypto { int i; BF_LONG *p,ri,in[2]; -diff -up openssl-1.0.0-beta5/crypto/bf/blowfish.h.fips openssl-1.0.0-beta5/crypto/bf/blowfish.h ---- openssl-1.0.0-beta5/crypto/bf/blowfish.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bf/blowfish.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h +--- openssl-1.0.0/crypto/bf/blowfish.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/bf/blowfish.h 2010-03-30 10:33:46.000000000 +0200 @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; @@ -77,9 +77,9 @@ diff -up openssl-1.0.0-beta5/crypto/bf/blowfish.h.fips openssl-1.0.0-beta5/crypt void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); -diff -up openssl-1.0.0-beta5/crypto/bn/bn.h.fips openssl-1.0.0-beta5/crypto/bn/bn.h ---- openssl-1.0.0-beta5/crypto/bn/bn.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bn/bn.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h +--- openssl-1.0.0/crypto/bn/bn.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/bn/bn.h 2010-03-30 10:33:46.000000000 +0200 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); @@ -98,9 +98,9 @@ diff -up openssl-1.0.0-beta5/crypto/bn/bn.h.fips openssl-1.0.0-beta5/crypto/bn/b BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, -diff -up openssl-1.0.0-beta5/crypto/bn/bn_x931p.c.fips openssl-1.0.0-beta5/crypto/bn/bn_x931p.c ---- openssl-1.0.0-beta5/crypto/bn/bn_x931p.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bn/bn_x931p.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c +--- openssl-1.0.0/crypto/bn/bn_x931p.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/bn/bn_x931p.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,272 @@ +/* bn_x931p.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -374,9 +374,9 @@ diff -up openssl-1.0.0-beta5/crypto/bn/bn_x931p.c.fips openssl-1.0.0-beta5/crypt + + } + -diff -up openssl-1.0.0-beta5/crypto/bn/Makefile.fips openssl-1.0.0-beta5/crypto/bn/Makefile ---- openssl-1.0.0-beta5/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/bn/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile +--- openssl-1.0.0/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100 ++++ openssl-1.0.0/crypto/bn/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ @@ -393,9 +393,9 @@ diff -up openssl-1.0.0-beta5/crypto/bn/Makefile.fips openssl-1.0.0-beta5/crypto/ SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl ---- openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl +--- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl 2010-03-30 10:33:46.000000000 +0200 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0; } &function_end("Camellia_Ekeygen"); @@ -422,9 +422,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0- } @SBOX=( -diff -up openssl-1.0.0-beta5/crypto/camellia/camellia.h.fips openssl-1.0.0-beta5/crypto/camellia/camellia.h ---- openssl-1.0.0-beta5/crypto/camellia/camellia.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/camellia.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h +--- openssl-1.0.0/crypto/camellia/camellia.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/camellia.h 2010-03-30 10:33:46.000000000 +0200 @@ -88,6 +88,11 @@ struct camellia_key_st }; typedef struct camellia_key_st CAMELLIA_KEY; @@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/camellia.h.fips openssl-1.0.0-beta5 int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); -diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c ---- openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c +--- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/camellia/cmll_fblk.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,68 @@ +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== @@ -509,9 +509,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta + return private_Camellia_set_key(userKey, bits, key); + } +#endif -diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c ---- openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c +--- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100 ++++ openssl-1.0.0/crypto/camellia/cmll_misc.c 2010-03-30 10:33:46.000000000 +0200 @@ -52,11 +52,20 @@ #include #include @@ -533,9 +533,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta { if(!userKey || !key) return -1; -diff -up openssl-1.0.0-beta5/crypto/camellia/Makefile.fips openssl-1.0.0-beta5/crypto/camellia/Makefile ---- openssl-1.0.0-beta5/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/camellia/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile +--- openssl-1.0.0/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100 ++++ openssl-1.0.0/crypto/camellia/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a @@ -548,9 +548,9 @@ diff -up openssl-1.0.0-beta5/crypto/camellia/Makefile.fips openssl-1.0.0-beta5/c SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta5/crypto/cast/cast.h.fips openssl-1.0.0-beta5/crypto/cast/cast.h ---- openssl-1.0.0-beta5/crypto/cast/cast.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/cast/cast.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h +--- openssl-1.0.0/crypto/cast/cast.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/cast/cast.h 2010-03-30 10:33:46.000000000 +0200 @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; @@ -562,9 +562,9 @@ diff -up openssl-1.0.0-beta5/crypto/cast/cast.h.fips openssl-1.0.0-beta5/crypto/ void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -diff -up openssl-1.0.0-beta5/crypto/cast/c_skey.c.fips openssl-1.0.0-beta5/crypto/cast/c_skey.c ---- openssl-1.0.0-beta5/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/cast/c_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c +--- openssl-1.0.0/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200 ++++ openssl-1.0.0/crypto/cast/c_skey.c 2010-03-30 10:33:46.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -586,13 +586,14 @@ diff -up openssl-1.0.0-beta5/crypto/cast/c_skey.c.fips openssl-1.0.0-beta5/crypt { CAST_LONG x[16]; CAST_LONG z[16]; -diff -up openssl-1.0.0-beta5/crypto/crypto.h.fips openssl-1.0.0-beta5/crypto/crypto.h ---- openssl-1.0.0-beta5/crypto/crypto.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/crypto.h 2010-02-16 22:58:31.000000000 +0100 -@@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin - unsigned long *OPENSSL_ia32cap_loc(void); +diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h +--- openssl-1.0.0/crypto/crypto.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/crypto.h 2010-03-30 10:36:06.000000000 +0200 +@@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void) #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); ++ +#ifdef OPENSSL_FIPS +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ + alg " previous FIPS forbidden algorithm error ignored"); @@ -659,9 +660,9 @@ diff -up openssl-1.0.0-beta5/crypto/crypto.h.fips openssl-1.0.0-beta5/crypto/cry /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.0-beta5/crypto/dh/dh_err.c.fips openssl-1.0.0-beta5/crypto/dh/dh_err.c ---- openssl-1.0.0-beta5/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dh/dh_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c +--- openssl-1.0.0/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100 ++++ openssl-1.0.0/crypto/dh/dh_err.c 2010-03-30 10:33:46.000000000 +0200 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, @@ -679,9 +680,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh_err.c.fips openssl-1.0.0-beta5/crypto/ {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -diff -up openssl-1.0.0-beta5/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta5/crypto/dh/dh_gen.c ---- openssl-1.0.0-beta5/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dh/dh_gen.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c +--- openssl-1.0.0/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh_gen.c 2010-03-30 10:33:46.000000000 +0200 @@ -65,6 +65,10 @@ #include "cryptlib.h" #include @@ -714,9 +715,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta5/crypto/ ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -diff -up openssl-1.0.0-beta5/crypto/dh/dh.h.fips openssl-1.0.0-beta5/crypto/dh/dh.h ---- openssl-1.0.0-beta5/crypto/dh/dh.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dh/dh.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h +--- openssl-1.0.0/crypto/dh/dh.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh.h 2010-03-30 10:33:46.000000000 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -743,9 +744,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh.h.fips openssl-1.0.0-beta5/crypto/dh/d #ifdef __cplusplus } -diff -up openssl-1.0.0-beta5/crypto/dh/dh_key.c.fips openssl-1.0.0-beta5/crypto/dh/dh_key.c ---- openssl-1.0.0-beta5/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dh/dh_key.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c +--- openssl-1.0.0/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200 ++++ openssl-1.0.0/crypto/dh/dh_key.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,9 @@ #include #include @@ -795,9 +796,9 @@ diff -up openssl-1.0.0-beta5/crypto/dh/dh_key.c.fips openssl-1.0.0-beta5/crypto/ dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c ---- openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c +--- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100 ++++ openssl-1.0.0/crypto/dsa/dsa_gen.c 2010-03-30 10:33:46.000000000 +0200 @@ -77,8 +77,12 @@ #include "cryptlib.h" #include @@ -833,9 +834,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta5/crypt if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && qsize != SHA256_DIGEST_LENGTH) /* invalid q size */ -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa.h.fips openssl-1.0.0-beta5/crypto/dsa/dsa.h ---- openssl-1.0.0-beta5/crypto/dsa/dsa.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h +--- openssl-1.0.0/crypto/dsa/dsa.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa.h 2010-03-30 10:33:46.000000000 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -892,9 +893,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa.h.fips openssl-1.0.0-beta5/crypto/ds #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta5/crypto/dsa/dsa_key.c ---- openssl-1.0.0-beta5/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa_key.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c +--- openssl-1.0.0/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa_key.c 2010-03-30 10:33:46.000000000 +0200 @@ -63,9 +63,55 @@ #include #include @@ -982,9 +983,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta5/crypt ok=1; err: -diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c ---- openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c +--- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200 ++++ openssl-1.0.0/crypto/dsa/dsa_ossl.c 2010-03-30 10:33:46.000000000 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1056,9 +1057,9 @@ diff -up openssl-1.0.0-beta5/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta5/cryp dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -diff -up openssl-1.0.0-beta5/crypto/err/err_all.c.fips openssl-1.0.0-beta5/crypto/err/err_all.c ---- openssl-1.0.0-beta5/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/err/err_all.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c +--- openssl-1.0.0/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200 ++++ openssl-1.0.0/crypto/err/err_all.c 2010-03-30 10:33:46.000000000 +0200 @@ -96,6 +96,9 @@ #include #include @@ -1079,9 +1080,9 @@ diff -up openssl-1.0.0-beta5/crypto/err/err_all.c.fips openssl-1.0.0-beta5/crypt #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif -diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto/evp/digest.c ---- openssl-1.0.0-beta5/crypto/evp/digest.c.fips 2009-12-09 16:02:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/digest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c +--- openssl-1.0.0/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/digest.c 2010-03-30 10:33:46.000000000 +0200 @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include @@ -1141,7 +1142,7 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -196,6 +238,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -197,6 +239,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c #endif if (ctx->digest != type) { @@ -1160,7 +1161,7 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; -@@ -229,6 +283,9 @@ skip_to_init: +@@ -230,6 +284,9 @@ skip_to_init: int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { @@ -1170,7 +1171,7 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto return ctx->update(ctx,data,count); } -@@ -245,6 +302,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns +@@ -246,6 +303,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; @@ -1180,9 +1181,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/digest.c.fips openssl-1.0.0-beta5/crypto OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); -diff -up openssl-1.0.0-beta5/crypto/evp/e_aes.c.fips openssl-1.0.0-beta5/crypto/evp/e_aes.c ---- openssl-1.0.0-beta5/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_aes.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c +--- openssl-1.0.0/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_aes.c 2010-03-30 10:33:46.000000000 +0200 @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, @@ -1235,9 +1236,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_aes.c.fips openssl-1.0.0-beta5/crypto/ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.0.0-beta5/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta5/crypto/evp/e_camellia.c ---- openssl-1.0.0-beta5/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/e_camellia.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c +--- openssl-1.0.0/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/e_camellia.c 2010-03-30 10:33:46.000000000 +0200 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, EVP_CIPHER_get_asn1_iv, NULL) @@ -1247,9 +1248,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta5/cr IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) -diff -up openssl-1.0.0-beta5/crypto/evp/e_des3.c.fips openssl-1.0.0-beta5/crypto/evp/e_des3.c ---- openssl-1.0.0-beta5/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_des3.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c +--- openssl-1.0.0/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_des3.c 2010-03-30 10:33:46.000000000 +0200 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } @@ -1294,9 +1295,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_des3.c.fips openssl-1.0.0-beta5/crypto des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -diff -up openssl-1.0.0-beta5/crypto/evp/e_null.c.fips openssl-1.0.0-beta5/crypto/evp/e_null.c ---- openssl-1.0.0-beta5/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_null.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c +--- openssl-1.0.0/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_null.c 2010-03-30 10:33:46.000000000 +0200 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, @@ -1306,9 +1307,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_null.c.fips openssl-1.0.0-beta5/crypto null_init_key, null_cipher, NULL, -diff -up openssl-1.0.0-beta5/crypto/evp/e_rc4.c.fips openssl-1.0.0-beta5/crypto/evp/e_rc4.c ---- openssl-1.0.0-beta5/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/e_rc4.c 2010-02-16 23:47:04.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c +--- openssl-1.0.0/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/e_rc4.c 2010-03-30 10:33:46.000000000 +0200 @@ -64,6 +64,7 @@ #include #include @@ -1317,9 +1318,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/e_rc4.c.fips openssl-1.0.0-beta5/crypto/ /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -diff -up openssl-1.0.0-beta5/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta5/crypto/evp/evp_enc.c ---- openssl-1.0.0-beta5/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_enc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c +--- openssl-1.0.0/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_enc.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,8 +68,53 @@ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; @@ -1412,10 +1413,10 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta5/crypt if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -diff -up openssl-1.0.0-beta5/crypto/evp/evp_err.c.fips openssl-1.0.0-beta5/crypto/evp/evp_err.c ---- openssl-1.0.0-beta5/crypto/evp/evp_err.c.fips 2009-12-17 16:28:44.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_err.c 2010-02-16 22:58:31.000000000 +0100 -@@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c +--- openssl-1.0.0/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_err.c 2010-03-30 10:33:46.000000000 +0200 +@@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, @@ -1423,9 +1424,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_err.c.fips openssl-1.0.0-beta5/crypt {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, -diff -up openssl-1.0.0-beta5/crypto/evp/evp.h.fips openssl-1.0.0-beta5/crypto/evp/evp.h ---- openssl-1.0.0-beta5/crypto/evp/evp.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h +--- openssl-1.0.0/crypto/evp/evp.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/evp.h 2010-03-30 10:40:12.000000000 +0200 @@ -75,6 +75,10 @@ #include #endif @@ -1468,33 +1469,26 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp.h.fips openssl-1.0.0-beta5/crypto/ev #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ -@@ -330,6 +336,14 @@ struct evp_cipher_st +@@ -330,12 +336,16 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 +-/* cipher has its own additional copying logic */ +-#define EVP_CIPH_CUSTOM_COPY 0x400 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x400 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 -+/* Allow use default ASN1 get/set iv */ -+#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 -+/* Buffer length in bits not bytes: CFB1 mode only */ -+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 + /* Allow use default ASN1 get/set iv */ + #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 + /* Buffer length in bits not bytes: CFB1 mode only */ + #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 ++/* cipher has its own additional copying logic */ ++#define EVP_CIPH_CUSTOM_COPY 0x4000 /* ctrl() values */ -@@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key,unsigned char *iv); - -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); -+ - int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); - int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, -@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void); +@@ -1239,6 +1249,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_DIFFERENT_PARAMETERS 153 @@ -1502,9 +1496,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp.h.fips openssl-1.0.0-beta5/crypto/ev #define EVP_R_ENCODE_ERROR 115 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 -diff -up openssl-1.0.0-beta5/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta5/crypto/evp/evp_lib.c ---- openssl-1.0.0-beta5/crypto/evp/evp_lib.c.fips 2009-12-25 15:12:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c +--- openssl-1.0.0/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/evp_lib.c 2010-03-30 10:33:46.000000000 +0200 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_ if (c->cipher->set_asn1_parameters != NULL) @@ -1533,42 +1527,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta5/crypt return ctx->cipher->do_cipher(ctx,out,in,inl); } -@@ -295,3 +302,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_C - { - return (ctx->flags & flags); - } -+ -+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -+ { -+ ctx->flags |= flags; -+ } -+ -+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -+ { -+ ctx->flags &= ~flags; -+ } -+ -+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -+ { -+ return (ctx->flags & flags); -+ } -diff -up openssl-1.0.0-beta5/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta5/crypto/evp/evp_locl.h ---- openssl-1.0.0-beta5/crypto/evp/evp_locl.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/evp_locl.h 2010-02-16 23:44:44.000000000 +0100 -@@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER - static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ - {\ - size_t chunk=EVP_MAXCHUNK;\ -- if (cbits==1) chunk>>=3;\ -+ if (cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) chunk>>=3;\ - if (inl=chunk)\ - {\ -- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ -+ cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ - inl-=chunk;\ - in +=chunk;\ - out+=chunk;\ +diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h +--- openssl-1.0.0/crypto/evp/evp_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/evp_locl.h 2010-03-30 10:33:46.000000000 +0200 @@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) @@ -1607,9 +1568,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta5/cryp struct evp_pkey_ctx_st { -diff -up openssl-1.0.0-beta5/crypto/evp/m_dss.c.fips openssl-1.0.0-beta5/crypto/evp/m_dss.c ---- openssl-1.0.0-beta5/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_dss.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c +--- openssl-1.0.0/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_dss.c 2010-03-30 10:33:46.000000000 +0200 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, @@ -1619,9 +1580,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_dss.c.fips openssl-1.0.0-beta5/crypto/ init, update, final, -diff -up openssl-1.0.0-beta5/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta5/crypto/evp/m_dss1.c ---- openssl-1.0.0-beta5/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_dss1.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c +--- openssl-1.0.0/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_dss1.c 2010-03-30 10:33:46.000000000 +0200 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, @@ -1631,20 +1592,20 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta5/crypto init, update, final, -diff -up openssl-1.0.0-beta5/crypto/evp/m_mdc2.c.fips openssl-1.0.0-beta5/crypto/evp/m_mdc2.c ---- openssl-1.0.0-beta5/crypto/evp/m_mdc2.c.fips 2004-05-15 13:29:48.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_mdc2.c 2010-02-16 23:48:44.000000000 +0100 -@@ -66,6 +66,7 @@ - #include - #include +diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c +--- openssl-1.0.0/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_mdc2.c 2010-03-30 10:57:02.000000000 +0200 +@@ -68,6 +68,7 @@ + #ifndef OPENSSL_NO_RSA #include + #endif +#include "evp_locl.h" static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_md2.c.fips openssl-1.0.0-beta5/crypto/evp/m_md2.c ---- openssl-1.0.0-beta5/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_md2.c 2010-02-16 23:47:52.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c +--- openssl-1.0.0/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md2.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1653,9 +1614,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_md2.c.fips openssl-1.0.0-beta5/crypto/ static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_md4.c.fips openssl-1.0.0-beta5/crypto/evp/m_md4.c ---- openssl-1.0.0-beta5/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_md4.c 2010-02-16 23:48:07.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c +--- openssl-1.0.0/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md4.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1664,9 +1625,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_md4.c.fips openssl-1.0.0-beta5/crypto/ static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_md5.c.fips openssl-1.0.0-beta5/crypto/evp/m_md5.c ---- openssl-1.0.0-beta5/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_md5.c 2010-02-16 23:48:24.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c +--- openssl-1.0.0/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_md5.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1675,9 +1636,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_md5.c.fips openssl-1.0.0-beta5/crypto/ static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_ripemd.c.fips openssl-1.0.0-beta5/crypto/evp/m_ripemd.c ---- openssl-1.0.0-beta5/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/m_ripemd.c 2010-02-16 23:49:03.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c +--- openssl-1.0.0/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/m_ripemd.c 2010-03-30 10:33:46.000000000 +0200 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1686,9 +1647,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_ripemd.c.fips openssl-1.0.0-beta5/cryp static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta5/crypto/evp/m_sha1.c ---- openssl-1.0.0-beta5/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/m_sha1.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c +--- openssl-1.0.0/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_sha1.c 2010-03-30 10:33:46.000000000 +0200 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, @@ -1739,9 +1700,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta5/crypto init512, update512, final512, -diff -up openssl-1.0.0-beta5/crypto/evp/m_wp.c.fips openssl-1.0.0-beta5/crypto/evp/m_wp.c ---- openssl-1.0.0-beta5/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/m_wp.c 2010-02-16 23:49:22.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c +--- openssl-1.0.0/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/m_wp.c 2010-03-30 10:33:46.000000000 +0200 @@ -9,6 +9,7 @@ #include #include @@ -1750,9 +1711,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/m_wp.c.fips openssl-1.0.0-beta5/crypto/e static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } -diff -up openssl-1.0.0-beta5/crypto/evp/names.c.fips openssl-1.0.0-beta5/crypto/evp/names.c ---- openssl-1.0.0-beta5/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/names.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c +--- openssl-1.0.0/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/names.c 2010-03-30 10:33:46.000000000 +0200 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; @@ -1775,9 +1736,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/names.c.fips openssl-1.0.0-beta5/crypto/ name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); -diff -up openssl-1.0.0-beta5/crypto/evp/p_sign.c.fips openssl-1.0.0-beta5/crypto/evp/p_sign.c ---- openssl-1.0.0-beta5/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/evp/p_sign.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c +--- openssl-1.0.0/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200 ++++ openssl-1.0.0/crypto/evp/p_sign.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1809,9 +1770,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/p_sign.c.fips openssl-1.0.0-beta5/crypto if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.0-beta5/crypto/evp/p_verify.c.fips openssl-1.0.0-beta5/crypto/evp/p_verify.c ---- openssl-1.0.0-beta5/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/evp/p_verify.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c +--- openssl-1.0.0/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100 ++++ openssl-1.0.0/crypto/evp/p_verify.c 2010-03-30 10:33:46.000000000 +0200 @@ -61,6 +61,7 @@ #include #include @@ -1843,9 +1804,9 @@ diff -up openssl-1.0.0-beta5/crypto/evp/p_verify.c.fips openssl-1.0.0-beta5/cryp i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -2786,9 +2747,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0-b + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3492,9 +3453,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0- + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,537 @@ +#include + @@ -4033,9 +3994,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0-be + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -4267,9 +4228,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0-be + return 0; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4661,9 +4622,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0 + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5035,9 +4996,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0 + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5416,9 +5377,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0 + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c +--- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5808,9 +5769,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0- + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h ---- openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h +--- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -6155,9 +6116,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0-beta +#endif + } + -diff -up openssl-1.0.0-beta5/crypto/fips_err.c.fips openssl-1.0.0-beta5/crypto/fips_err.c ---- openssl-1.0.0-beta5/crypto/fips_err.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c +--- openssl-1.0.0/crypto/fips_err.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_err.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,7 @@ +#include + @@ -6166,9 +6127,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips_err.c.fips openssl-1.0.0-beta5/crypto/f +#else +static void *dummy=&dummy; +#endif -diff -up openssl-1.0.0-beta5/crypto/fips_err.h.fips openssl-1.0.0-beta5/crypto/fips_err.h ---- openssl-1.0.0-beta5/crypto/fips_err.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips_err.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h +--- openssl-1.0.0/crypto/fips_err.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_err.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -6307,9 +6268,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips_err.h.fips openssl-1.0.0-beta5/crypto/f + } +#endif + } -diff -up openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,103 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6414,9 +6375,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0- + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips.c.fips openssl-1.0.0-beta5/crypto/fips/fips.c ---- openssl-1.0.0-beta5/crypto/fips/fips.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c +--- openssl-1.0.0/crypto/fips/fips.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,419 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6837,9 +6798,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips.c.fips openssl-1.0.0-beta5/crypto/ + + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c +--- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_des_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,139 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -6980,9 +6941,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0- + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,186 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7170,9 +7131,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0- + return ret; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips.h.fips openssl-1.0.0-beta5/crypto/fips/fips.h ---- openssl-1.0.0-beta5/crypto/fips/fips.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h +--- openssl-1.0.0/crypto/fips/fips.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7337,9 +7298,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips.h.fips openssl-1.0.0-beta5/crypto/ +} +#endif +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -7478,9 +7439,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0 + return 1; + } +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rand.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rand.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rand.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c +--- openssl-1.0.0/crypto/fips/fips_rand.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,412 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -7894,9 +7855,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.c.fips openssl-1.0.0-beta5/cr +} + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.h.fips openssl-1.0.0-beta5/crypto/fips/fips_rand.h ---- openssl-1.0.0-beta5/crypto/fips/fips_rand.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rand.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h +--- openssl-1.0.0/crypto/fips/fips_rand.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,77 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -7975,9 +7936,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand.h.fips openssl-1.0.0-beta5/cr +#endif +#endif +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,373 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8352,9 +8313,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0 + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_randtest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_randtest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_randtest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_randtest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c +--- openssl-1.0.0/crypto/fips/fips_randtest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_randtest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,248 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -8604,9 +8565,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_randtest.c.fips openssl-1.0.0-beta + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,441 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9049,9 +9010,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0- + } + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,281 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -9334,9 +9295,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0-bet + return 0; + + } -diff -up openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c ---- openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c +--- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9437,9 +9398,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0 + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c ---- openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c +--- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9614,9 +9575,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0 + } + + -diff -up openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c.fips openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c ---- openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c +--- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/fips_test_suite.c 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10206,9 +10167,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/fips_test_suite.c.fips openssl-1.0.0-be + } + +#endif -diff -up openssl-1.0.0-beta5/crypto/fips_locl.h.fips openssl-1.0.0-beta5/crypto/fips_locl.h ---- openssl-1.0.0-beta5/crypto/fips_locl.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips_locl.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h +--- openssl-1.0.0/crypto/fips_locl.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips_locl.h 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,72 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10282,9 +10243,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips_locl.h.fips openssl-1.0.0-beta5/crypto/ +} +#endif +#endif -diff -up openssl-1.0.0-beta5/crypto/fips/Makefile.fips openssl-1.0.0-beta5/crypto/fips/Makefile ---- openssl-1.0.0-beta5/crypto/fips/Makefile.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/fips/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile +--- openssl-1.0.0/crypto/fips/Makefile.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/fips/Makefile 2010-03-30 10:33:46.000000000 +0200 @@ -0,0 +1,81 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -10367,9 +10328,9 @@ diff -up openssl-1.0.0-beta5/crypto/fips/Makefile.fips openssl-1.0.0-beta5/crypt + +# DO NOT DELETE THIS LINE -- make depend depends on it. + -diff -up openssl-1.0.0-beta5/crypto/hmac/hmac.c.fips openssl-1.0.0-beta5/crypto/hmac/hmac.c ---- openssl-1.0.0-beta5/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/hmac/hmac.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c +--- openssl-1.0.0/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100 ++++ openssl-1.0.0/crypto/hmac/hmac.c 2010-03-30 10:33:46.000000000 +0200 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo if (key != NULL) @@ -10384,31 +10345,9 @@ diff -up openssl-1.0.0-beta5/crypto/hmac/hmac.c.fips openssl-1.0.0-beta5/crypto/ reset=1; j=EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -@@ -209,3 +216,10 @@ unsigned char *HMAC(const EVP_MD *evp_md - return NULL; - } - -+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) -+ { -+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); -+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); -+ } -+ -diff -up openssl-1.0.0-beta5/crypto/hmac/hmac.h.fips openssl-1.0.0-beta5/crypto/hmac/hmac.h ---- openssl-1.0.0-beta5/crypto/hmac/hmac.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/hmac/hmac.h 2010-02-16 22:58:31.000000000 +0100 -@@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md - unsigned int *md_len); - int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); - -+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); - - #ifdef __cplusplus - } -diff -up openssl-1.0.0-beta5/crypto/Makefile.fips openssl-1.0.0-beta5/crypto/Makefile ---- openssl-1.0.0-beta5/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile +--- openssl-1.0.0/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200 ++++ openssl-1.0.0/crypto/Makefile 2010-03-30 10:34:41.000000000 +0200 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i LIB= $(TOP)/libcrypto.a @@ -10427,9 +10366,9 @@ diff -up openssl-1.0.0-beta5/crypto/Makefile.fips openssl-1.0.0-beta5/crypto/Mak ALL= $(GENERAL) $(SRC) $(HEADER) -diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200 ++++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -61,6 +61,11 @@ #include #include @@ -10451,9 +10390,9 @@ diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta5/cry { c->num=0; c->pad_type=1; -diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta5/crypto/mdc2/mdc2.h ---- openssl-1.0.0-beta5/crypto/mdc2/mdc2.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/mdc2/mdc2.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h +--- openssl-1.0.0/crypto/mdc2/mdc2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/mdc2/mdc2.h 2010-03-30 10:34:41.000000000 +0200 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; @@ -10465,9 +10404,9 @@ diff -up openssl-1.0.0-beta5/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta5/crypto/ int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta5/crypto/md2/md2_dgst.c ---- openssl-1.0.0-beta5/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/md2/md2_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c +--- openssl-1.0.0/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200 ++++ openssl-1.0.0/crypto/md2/md2_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -62,6 +62,11 @@ #include #include @@ -10489,9 +10428,9 @@ diff -up openssl-1.0.0-beta5/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta5/cryp { c->num=0; memset(c->state,0,sizeof c->state); -diff -up openssl-1.0.0-beta5/crypto/md2/md2.h.fips openssl-1.0.0-beta5/crypto/md2/md2.h ---- openssl-1.0.0-beta5/crypto/md2/md2.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md2/md2.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h +--- openssl-1.0.0/crypto/md2/md2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md2/md2.h 2010-03-30 10:34:41.000000000 +0200 @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; @@ -10502,9 +10441,9 @@ diff -up openssl-1.0.0-beta5/crypto/md2/md2.h.fips openssl-1.0.0-beta5/crypto/md int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta5/crypto/md4/md4_dgst.c ---- openssl-1.0.0-beta5/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md4/md4_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c +--- openssl-1.0.0/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0/crypto/md4/md4_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md4_locl.h" @@ -10526,9 +10465,9 @@ diff -up openssl-1.0.0-beta5/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta5/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta5/crypto/md4/md4.h.fips openssl-1.0.0-beta5/crypto/md4/md4.h ---- openssl-1.0.0-beta5/crypto/md4/md4.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md4/md4.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h +--- openssl-1.0.0/crypto/md4/md4.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md4/md4.h 2010-03-30 10:34:41.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; @@ -10539,9 +10478,9 @@ diff -up openssl-1.0.0-beta5/crypto/md4/md4.h.fips openssl-1.0.0-beta5/crypto/md int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta5/crypto/md5/md5_dgst.c ---- openssl-1.0.0-beta5/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md5/md5_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c +--- openssl-1.0.0/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100 ++++ openssl-1.0.0/crypto/md5/md5_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "md5_locl.h" @@ -10563,9 +10502,9 @@ diff -up openssl-1.0.0-beta5/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta5/cryp { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -diff -up openssl-1.0.0-beta5/crypto/md5/md5.h.fips openssl-1.0.0-beta5/crypto/md5/md5.h ---- openssl-1.0.0-beta5/crypto/md5/md5.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/md5/md5.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h +--- openssl-1.0.0/crypto/md5/md5.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/md5/md5.h 2010-03-30 10:34:41.000000000 +0200 @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; @@ -10576,9 +10515,9 @@ diff -up openssl-1.0.0-beta5/crypto/md5/md5.h.fips openssl-1.0.0-beta5/crypto/md int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/mem.c.fips openssl-1.0.0-beta5/crypto/mem.c ---- openssl-1.0.0-beta5/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/mem.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c +--- openssl-1.0.0/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100 ++++ openssl-1.0.0/crypto/mem.c 2010-03-30 10:34:41.000000000 +0200 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) /* may be changed as long as 'allow_customize_debug' is set */ @@ -10588,9 +10527,9 @@ diff -up openssl-1.0.0-beta5/crypto/mem.c.fips openssl-1.0.0-beta5/crypto/mem.c /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; -diff -up openssl-1.0.0-beta5/crypto/o_init.c.fips openssl-1.0.0-beta5/crypto/o_init.c ---- openssl-1.0.0-beta5/crypto/o_init.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/o_init.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c +--- openssl-1.0.0/crypto/o_init.c.fips 2010-03-30 10:34:41.000000000 +0200 ++++ openssl-1.0.0/crypto/o_init.c 2010-03-30 10:34:41.000000000 +0200 @@ -0,0 +1,80 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10672,9 +10611,9 @@ diff -up openssl-1.0.0-beta5/crypto/o_init.c.fips openssl-1.0.0-beta5/crypto/o_i + } + + -diff -up openssl-1.0.0-beta5/crypto/opensslconf.h.in.fips openssl-1.0.0-beta5/crypto/opensslconf.h.in ---- openssl-1.0.0-beta5/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/opensslconf.h.in 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in +--- openssl-1.0.0/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 ++++ openssl-1.0.0/crypto/opensslconf.h.in 2010-03-30 10:34:41.000000000 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -10696,9 +10635,9 @@ diff -up openssl-1.0.0-beta5/crypto/opensslconf.h.in.fips openssl-1.0.0-beta5/cr /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c ---- openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c +--- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 ++++ openssl-1.0.0/crypto/pkcs12/p12_crt.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -10725,9 +10664,9 @@ diff -up openssl-1.0.0-beta5/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta5/cr if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -diff -up openssl-1.0.0-beta5/crypto/rand/md_rand.c.fips openssl-1.0.0-beta5/crypto/rand/md_rand.c ---- openssl-1.0.0-beta5/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/md_rand.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c +--- openssl-1.0.0/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/md_rand.c 2010-03-30 10:34:41.000000000 +0200 @@ -126,6 +126,10 @@ #include @@ -10754,9 +10693,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/md_rand.c.fips openssl-1.0.0-beta5/cryp #ifdef PREDICT if (rand_predictable) { -diff -up openssl-1.0.0-beta5/crypto/rand/rand_err.c.fips openssl-1.0.0-beta5/crypto/rand/rand_err.c ---- openssl-1.0.0-beta5/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/rand_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c +--- openssl-1.0.0/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/rand_err.c 2010-03-30 10:34:41.000000000 +0200 @@ -70,6 +70,13 @@ static ERR_STRING_DATA RAND_str_functs[]= @@ -10789,9 +10728,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/rand_err.c.fips openssl-1.0.0-beta5/cry {0,NULL} }; -diff -up openssl-1.0.0-beta5/crypto/rand/rand.h.fips openssl-1.0.0-beta5/crypto/rand/rand.h ---- openssl-1.0.0-beta5/crypto/rand/rand.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/rand.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h +--- openssl-1.0.0/crypto/rand/rand.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rand/rand.h 2010-03-30 10:34:41.000000000 +0200 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -10821,9 +10760,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/rand.h.fips openssl-1.0.0-beta5/crypto/ #ifdef __cplusplus } -diff -up openssl-1.0.0-beta5/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta5/crypto/rand/rand_lib.c ---- openssl-1.0.0-beta5/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rand/rand_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c +--- openssl-1.0.0/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100 ++++ openssl-1.0.0/crypto/rand/rand_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -60,6 +60,12 @@ #include #include "cryptlib.h" @@ -10857,9 +10796,9 @@ diff -up openssl-1.0.0-beta5/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta5/cry return default_RAND_meth; } -diff -up openssl-1.0.0-beta5/crypto/rc2/rc2.h.fips openssl-1.0.0-beta5/crypto/rc2/rc2.h ---- openssl-1.0.0-beta5/crypto/rc2/rc2.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc2/rc2.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h +--- openssl-1.0.0/crypto/rc2/rc2.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rc2/rc2.h 2010-03-30 10:34:41.000000000 +0200 @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; @@ -10871,9 +10810,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc2/rc2.h.fips openssl-1.0.0-beta5/crypto/rc void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); -diff -up openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c ---- openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c +--- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200 ++++ openssl-1.0.0/crypto/rc2/rc2_skey.c 2010-03-30 10:34:41.000000000 +0200 @@ -57,6 +57,11 @@ */ @@ -10907,9 +10846,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta5/cryp int i,j; unsigned char *k; RC2_INT *ki; -diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl ---- openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl 2010-03-30 10:34:41.000000000 +0200 @@ -202,4 +202,6 @@ RC4_options: .string "rc4(8x,char)" ___ @@ -10917,9 +10856,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne ""); + print $code; -diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl ---- openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl 2010-03-30 10:34:41.000000000 +0200 @@ -499,6 +499,8 @@ ___ $code =~ s/#([bwd])/$1/gm; @@ -10929,9 +10868,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet print $code; close STDOUT; -diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl ---- openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl +--- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl 2010-03-30 10:34:41.000000000 +0200 @@ -166,8 +166,12 @@ $idx="edx"; &external_label("OPENSSL_ia32cap_P"); @@ -10955,9 +10894,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta5/ # const char *RC4_options(void); &function_begin_B("RC4_options"); -diff -up openssl-1.0.0-beta5/crypto/rc4/Makefile.fips openssl-1.0.0-beta5/crypto/rc4/Makefile ---- openssl-1.0.0-beta5/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/Makefile 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile +--- openssl-1.0.0/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/Makefile 2010-03-30 10:34:41.000000000 +0200 @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= @@ -10969,9 +10908,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/Makefile.fips openssl-1.0.0-beta5/crypto SRC= $(LIBSRC) -diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c ---- openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c +--- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips 2010-03-30 10:34:41.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/rc4_fblk.c 2010-03-30 10:34:41.000000000 +0200 @@ -0,0 +1,75 @@ +/* crypto/rc4/rc4_fblk.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11048,9 +10987,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0-beta5/cryp + } +#endif + -diff -up openssl-1.0.0-beta5/crypto/rc4/rc4.h.fips openssl-1.0.0-beta5/crypto/rc4/rc4.h ---- openssl-1.0.0-beta5/crypto/rc4/rc4.h.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/rc4.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h +--- openssl-1.0.0/crypto/rc4/rc4.h.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/crypto/rc4/rc4.h 2010-03-30 10:34:41.000000000 +0200 @@ -78,6 +78,9 @@ typedef struct rc4_key_st @@ -11061,9 +11000,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/rc4.h.fips openssl-1.0.0-beta5/crypto/rc void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); -diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c ---- openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c +--- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0/crypto/rc4/rc4_skey.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rc4_locl.h" @@ -11101,9 +11040,9 @@ diff -up openssl-1.0.0-beta5/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta5/cryp unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; -diff -up openssl-1.0.0-beta5/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta5/crypto/ripemd/ripemd.h ---- openssl-1.0.0-beta5/crypto/ripemd/ripemd.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/ripemd/ripemd.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h +--- openssl-1.0.0/crypto/ripemd/ripemd.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/ripemd/ripemd.h 2010-03-30 10:34:41.000000000 +0200 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; @@ -11114,9 +11053,9 @@ diff -up openssl-1.0.0-beta5/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta5/cry int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100 ++++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -59,6 +59,11 @@ #include #include "rmd_locl.h" @@ -11138,9 +11077,9 @@ diff -up openssl-1.0.0-beta5/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta5/c { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c +--- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_eay.c 2010-03-30 10:34:41.000000000 +0200 @@ -114,6 +114,10 @@ #include #include @@ -11401,9 +11340,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta5/crypt rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_err.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_err.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c +--- openssl-1.0.0/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100 ++++ openssl-1.0.0/crypto/rsa/rsa_err.c 2010-03-30 10:34:41.000000000 +0200 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, @@ -11430,9 +11369,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta5/crypt {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c +--- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_gen.c 2010-03-30 10:34:41.000000000 +0200 @@ -67,6 +67,82 @@ #include "cryptlib.h" #include @@ -11558,9 +11497,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta5/crypt ok=1; err: if (ok == -1) -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa.h.fips openssl-1.0.0-beta5/crypto/rsa/rsa.h ---- openssl-1.0.0-beta5/crypto/rsa/rsa.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h +--- openssl-1.0.0/crypto/rsa/rsa.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa.h 2010-03-30 10:34:41.000000000 +0200 @@ -74,6 +74,21 @@ #error RSA is disabled. #endif @@ -11630,9 +11569,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa.h.fips openssl-1.0.0-beta5/crypto/rs #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c +--- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100 ++++ openssl-1.0.0/crypto/rsa/rsa_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -80,6 +80,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11708,9 +11647,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta5/crypt return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c ---- openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 -+++ openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c +--- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200 ++++ openssl-1.0.0/crypto/rsa/rsa_sign.c 2010-03-30 10:34:41.000000000 +0200 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -11742,9 +11681,9 @@ diff -up openssl-1.0.0-beta5/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta5/cryp if (i <= 0) goto err; -diff -up openssl-1.0.0-beta5/crypto/seed/seed.c.fips openssl-1.0.0-beta5/crypto/seed/seed.c ---- openssl-1.0.0-beta5/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/seed/seed.c 2010-02-16 23:43:46.000000000 +0100 +diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c +--- openssl-1.0.0/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100 ++++ openssl-1.0.0/crypto/seed/seed.c 2010-03-30 10:34:41.000000000 +0200 @@ -34,6 +34,9 @@ #include @@ -11774,9 +11713,9 @@ diff -up openssl-1.0.0-beta5/crypto/seed/seed.c.fips openssl-1.0.0-beta5/crypto/ { seed_word x1, x2, x3, x4; seed_word t0, t1; -diff -up openssl-1.0.0-beta5/crypto/seed/seed.h.fips openssl-1.0.0-beta5/crypto/seed/seed.h ---- openssl-1.0.0-beta5/crypto/seed/seed.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/seed/seed.h 2010-02-16 23:35:57.000000000 +0100 +diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h +--- openssl-1.0.0/crypto/seed/seed.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/seed/seed.h 2010-03-30 10:34:41.000000000 +0200 @@ -117,6 +117,9 @@ typedef struct seed_key_st { } SEED_KEY_SCHEDULE; @@ -11787,9 +11726,9 @@ diff -up openssl-1.0.0-beta5/crypto/seed/seed.h.fips openssl-1.0.0-beta5/crypto/ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks); void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks); -diff -up openssl-1.0.0-beta5/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta5/crypto/sha/sha_dgst.c ---- openssl-1.0.0-beta5/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha_dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c +--- openssl-1.0.0/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -57,6 +57,12 @@ */ @@ -11803,9 +11742,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta5/cryp #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 -diff -up openssl-1.0.0-beta5/crypto/sha/sha.h.fips openssl-1.0.0-beta5/crypto/sha/sha.h ---- openssl-1.0.0-beta5/crypto/sha/sha.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h +--- openssl-1.0.0/crypto/sha/sha.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/sha/sha.h 2010-03-30 10:34:41.000000000 +0200 @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; @@ -11816,9 +11755,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha.h.fips openssl-1.0.0-beta5/crypto/sh int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); -diff -up openssl-1.0.0-beta5/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta5/crypto/sha/sha_locl.h ---- openssl-1.0.0-beta5/crypto/sha/sha_locl.h.fips 2010-02-16 22:58:30.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha_locl.h 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h +--- openssl-1.0.0/crypto/sha/sha_locl.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/sha/sha_locl.h 2010-03-30 10:34:41.000000000 +0200 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL @@ -11835,9 +11774,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta5/cryp memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -diff -up openssl-1.0.0-beta5/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta5/crypto/sha/sha1dgst.c ---- openssl-1.0.0-beta5/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha1dgst.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c +--- openssl-1.0.0/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha1dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -63,6 +63,10 @@ #define SHA_1 @@ -11849,9 +11788,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta5/cryp const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; -diff -up openssl-1.0.0-beta5/crypto/sha/sha256.c.fips openssl-1.0.0-beta5/crypto/sha/sha256.c ---- openssl-1.0.0-beta5/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha256.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c +--- openssl-1.0.0/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha256.c 2010-03-30 10:34:41.000000000 +0200 @@ -12,12 +12,19 @@ #include @@ -11882,9 +11821,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha256.c.fips openssl-1.0.0-beta5/crypto memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -diff -up openssl-1.0.0-beta5/crypto/sha/sha512.c.fips openssl-1.0.0-beta5/crypto/sha/sha512.c ---- openssl-1.0.0-beta5/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/sha/sha512.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c +--- openssl-1.0.0/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100 ++++ openssl-1.0.0/crypto/sha/sha512.c 2010-03-30 10:34:41.000000000 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -11916,9 +11855,9 @@ diff -up openssl-1.0.0-beta5/crypto/sha/sha512.c.fips openssl-1.0.0-beta5/crypto #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ unsigned int *h = (unsigned int *)c->h; -diff -up openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h ---- openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h.fips 2010-02-16 23:41:05.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h 2010-02-16 23:40:39.000000000 +0100 +diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h +--- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips 2010-03-30 10:33:45.000000000 +0200 ++++ openssl-1.0.0/crypto/whrlpool/whrlpool.h 2010-03-30 10:34:41.000000000 +0200 @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; @@ -11929,9 +11868,9 @@ diff -up openssl-1.0.0-beta5/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0-beta5 int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); -diff -up openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 -+++ openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c 2010-02-16 23:42:49.000000000 +0100 +diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100 ++++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c 2010-03-30 10:34:41.000000000 +0200 @@ -53,8 +53,12 @@ #include "wp_locl.h" @@ -11946,9 +11885,9 @@ diff -up openssl-1.0.0-beta5/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0-beta5/ { memset (c,0,sizeof(*c)); return(1); -diff -up openssl-1.0.0-beta5/Makefile.org.fips openssl-1.0.0-beta5/Makefile.org ---- openssl-1.0.0-beta5/Makefile.org.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/Makefile.org 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org +--- openssl-1.0.0/Makefile.org.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/Makefile.org 2010-03-30 10:34:41.000000000 +0200 @@ -110,6 +110,9 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= @@ -11976,9 +11915,9 @@ diff -up openssl-1.0.0-beta5/Makefile.org.fips openssl-1.0.0-beta5/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.0-beta5/ssl/ssl_ciph.c.fips openssl-1.0.0-beta5/ssl/ssl_ciph.c ---- openssl-1.0.0-beta5/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 -+++ openssl-1.0.0-beta5/ssl/ssl_ciph.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c +--- openssl-1.0.0/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200 ++++ openssl-1.0.0/ssl/ssl_ciph.c 2010-03-30 10:34:41.000000000 +0200 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && @@ -12001,9 +11940,9 @@ diff -up openssl-1.0.0-beta5/ssl/ssl_ciph.c.fips openssl-1.0.0-beta5/ssl/ssl_cip { sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG -diff -up openssl-1.0.0-beta5/ssl/ssl_lib.c.fips openssl-1.0.0-beta5/ssl/ssl_lib.c ---- openssl-1.0.0-beta5/ssl/ssl_lib.c.fips 2010-01-07 20:05:03.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/ssl_lib.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c +--- openssl-1.0.0/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100 ++++ openssl-1.0.0/ssl/ssl_lib.c 2010-03-30 10:34:41.000000000 +0200 @@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m return(NULL); } @@ -12019,10 +11958,10 @@ diff -up openssl-1.0.0-beta5/ssl/ssl_lib.c.fips openssl-1.0.0-beta5/ssl/ssl_lib. if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); -diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest.c ---- openssl-1.0.0-beta5/ssl/ssltest.c.fips 2010-02-16 22:58:31.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/ssltest.c 2010-02-16 22:58:31.000000000 +0100 -@@ -266,6 +266,9 @@ static void sv_usage(void) +diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c +--- openssl-1.0.0/ssl/ssltest.c.fips 2010-03-30 10:33:46.000000000 +0200 ++++ openssl-1.0.0/ssl/ssltest.c 2010-03-30 10:34:41.000000000 +0200 +@@ -268,6 +268,9 @@ static void sv_usage(void) { fprintf(stderr,"usage: ssltest [args ...]\n"); fprintf(stderr,"\n"); @@ -12032,7 +11971,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. fprintf(stderr," -server_auth - check server certificate\n"); fprintf(stderr," -client_auth - do client authentication\n"); fprintf(stderr," -proxy - allow proxy certificates\n"); -@@ -485,6 +488,9 @@ int main(int argc, char *argv[]) +@@ -487,6 +490,9 @@ int main(int argc, char *argv[]) #endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; @@ -12042,7 +11981,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. verbose = 0; debug = 0; -@@ -516,7 +522,16 @@ int main(int argc, char *argv[]) +@@ -518,7 +524,16 @@ int main(int argc, char *argv[]) while (argc >= 1) { @@ -12060,7 +11999,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. server_auth=1; else if (strcmp(*argv,"-client_auth") == 0) client_auth=1; -@@ -712,6 +727,20 @@ bad: +@@ -714,6 +729,20 @@ bad: EXIT(1); } @@ -12081,7 +12020,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. if (print_time) { if (!bio_pair) -@@ -2154,12 +2183,12 @@ static int MS_CALLBACK app_verify_callba +@@ -2156,12 +2185,12 @@ static int MS_CALLBACK app_verify_callba } #ifndef OPENSSL_NO_X509_VERIFY @@ -12096,10 +12035,10 @@ diff -up openssl-1.0.0-beta5/ssl/ssltest.c.fips openssl-1.0.0-beta5/ssl/ssltest. if(s->version == TLS1_VERSION) FIPS_allow_md5(0); # endif -diff -up openssl-1.0.0-beta5/ssl/s23_clnt.c.fips openssl-1.0.0-beta5/ssl/s23_clnt.c ---- openssl-1.0.0-beta5/ssl/s23_clnt.c.fips 2009-11-18 15:45:32.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s23_clnt.c 2010-02-16 22:58:31.000000000 +0100 -@@ -337,6 +337,14 @@ static int ssl23_client_hello(SSL *s) +diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c +--- openssl-1.0.0/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0/ssl/s23_clnt.c 2010-03-30 10:34:41.000000000 +0200 +@@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_VERSION_MAJOR; version_minor = TLS1_VERSION_MINOR; } @@ -12114,7 +12053,7 @@ diff -up openssl-1.0.0-beta5/ssl/s23_clnt.c.fips openssl-1.0.0-beta5/ssl/s23_cln else if (version == SSL3_VERSION) { version_major = SSL3_VERSION_MAJOR; -@@ -620,6 +628,14 @@ static int ssl23_get_server_hello(SSL *s +@@ -617,6 +625,14 @@ static int ssl23_get_server_hello(SSL *s if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -12129,9 +12068,9 @@ diff -up openssl-1.0.0-beta5/ssl/s23_clnt.c.fips openssl-1.0.0-beta5/ssl/s23_cln s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } -diff -up openssl-1.0.0-beta5/ssl/s23_srvr.c.fips openssl-1.0.0-beta5/ssl/s23_srvr.c ---- openssl-1.0.0-beta5/ssl/s23_srvr.c.fips 2010-01-13 20:08:29.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s23_srvr.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c +--- openssl-1.0.0/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100 ++++ openssl-1.0.0/ssl/s23_srvr.c 2010-03-30 10:34:41.000000000 +0200 @@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s) } } @@ -12148,9 +12087,9 @@ diff -up openssl-1.0.0-beta5/ssl/s23_srvr.c.fips openssl-1.0.0-beta5/ssl/s23_srv if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { /* we have SSLv3/TLSv1 in an SSLv2 header -diff -up openssl-1.0.0-beta5/ssl/s3_clnt.c.fips openssl-1.0.0-beta5/ssl/s3_clnt.c ---- openssl-1.0.0-beta5/ssl/s3_clnt.c.fips 2010-01-05 17:46:39.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s3_clnt.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c +--- openssl-1.0.0/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100 ++++ openssl-1.0.0/ssl/s3_clnt.c 2010-03-30 10:34:41.000000000 +0200 @@ -156,6 +156,10 @@ #include #include @@ -12162,7 +12101,7 @@ diff -up openssl-1.0.0-beta5/ssl/s3_clnt.c.fips openssl-1.0.0-beta5/ssl/s3_clnt. #ifndef OPENSSL_NO_DH #include #endif -@@ -1548,6 +1552,8 @@ int ssl3_get_key_exchange(SSL *s) +@@ -1546,6 +1550,8 @@ int ssl3_get_key_exchange(SSL *s) q=md_buf; for (num=2; num > 0; num--) { @@ -12171,9 +12110,9 @@ diff -up openssl-1.0.0-beta5/ssl/s3_clnt.c.fips openssl-1.0.0-beta5/ssl/s3_clnt. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta5/ssl/s3_enc.c.fips openssl-1.0.0-beta5/ssl/s3_enc.c ---- openssl-1.0.0-beta5/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 -+++ openssl-1.0.0-beta5/ssl/s3_enc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c +--- openssl-1.0.0/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200 ++++ openssl-1.0.0/ssl/s3_enc.c 2010-03-30 10:34:41.000000000 +0200 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL * #endif k=0; @@ -12199,10 +12138,10 @@ diff -up openssl-1.0.0-beta5/ssl/s3_enc.c.fips openssl-1.0.0-beta5/ssl/s3_enc.c EVP_MD_CTX_copy_ex(&ctx,d); n=EVP_MD_CTX_size(&ctx); if (n < 0) -diff -up openssl-1.0.0-beta5/ssl/s3_srvr.c.fips openssl-1.0.0-beta5/ssl/s3_srvr.c ---- openssl-1.0.0-beta5/ssl/s3_srvr.c.fips 2010-01-01 15:39:51.000000000 +0100 -+++ openssl-1.0.0-beta5/ssl/s3_srvr.c 2010-02-16 22:58:31.000000000 +0100 -@@ -1732,6 +1732,8 @@ int ssl3_send_server_key_exchange(SSL *s +diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c +--- openssl-1.0.0/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100 ++++ openssl-1.0.0/ssl/s3_srvr.c 2010-03-30 10:34:41.000000000 +0200 +@@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s j=0; for (num=2; num > 0; num--) { @@ -12211,9 +12150,9 @@ diff -up openssl-1.0.0-beta5/ssl/s3_srvr.c.fips openssl-1.0.0-beta5/ssl/s3_srvr. EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -diff -up openssl-1.0.0-beta5/ssl/t1_enc.c.fips openssl-1.0.0-beta5/ssl/t1_enc.c ---- openssl-1.0.0-beta5/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 -+++ openssl-1.0.0-beta5/ssl/t1_enc.c 2010-02-16 22:58:31.000000000 +0100 +diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c +--- openssl-1.0.0/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200 ++++ openssl-1.0.0/ssl/t1_enc.c 2010-03-30 10:34:41.000000000 +0200 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md HMAC_CTX_init(&ctx); diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch new file mode 100644 index 0000000..adaea6a --- /dev/null +++ b/openssl-1.0.0-version.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h +--- openssl-1.0.0/crypto/opensslv.h.version 2010-03-30 10:59:26.000000000 +0200 ++++ openssl-1.0.0/crypto/opensslv.h 2010-03-30 11:00:52.000000000 +0200 +@@ -25,7 +25,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x1000000fL ++/* we have to keep the version number to not break the abi */ ++#define OPENSSL_VERSION_NUMBER 0x10000003L + #ifdef OPENSSL_FIPS + #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0-fips 29 Mar 2010" + #else diff --git a/openssl.spec b/openssl.spec index b2a780f..e946180 100644 --- a/openssl.spec +++ b/openssl.spec @@ -11,8 +11,6 @@ # 1.0.0 soversion = 10 %define soversion 10 -%define beta beta5 - # Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -23,10 +21,10 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.0 -Release: 0.22.%{beta}%{?dist} +Release: 1%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. -Source: openssl-%{version}-%{beta}-usa.tar.bz2 +Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert @@ -51,7 +49,7 @@ Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch Patch38: openssl-1.0.0-beta5-cipher-change.patch Patch39: openssl-1.0.0-beta5-ipv6-apps.patch -Patch40: openssl-1.0.0-beta5-fips.patch +Patch40: openssl-1.0.0-fips.patch Patch41: openssl-1.0.0-beta3-fipscheck.patch Patch43: openssl-1.0.0-beta3-fipsmode.patch Patch44: openssl-1.0.0-beta3-fipsrng.patch @@ -59,10 +57,9 @@ Patch45: openssl-0.9.8j-env-nozlib.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch50: openssl-1.0.0-beta4-dtls1-abi.patch -Patch51: openssl-1.0.0-beta5-version.patch +Patch51: openssl-1.0.0-version.patch Patch52: openssl-1.0.0-beta4-aesni.patch # Backported fixes including security fixes -Patch53: openssl-1.0.0-beta5-cleanse.patch License: OpenSSL Group: System Environment/Libraries @@ -112,7 +109,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version}-%{beta} +%setup -q -n %{name}-%{version} %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat @@ -141,7 +138,6 @@ from other formats to the formats used by the OpenSSL toolkit. %patch50 -p1 -b .dtls1-abi %patch51 -p1 -b .version %patch52 -p1 -b .aesni -%patch53 -p1 -b .cleanse # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -387,6 +383,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun -p /sbin/ldconfig %changelog +* Tue Mar 30 2010 Tomas Mraz 1.0.0-1 +- update to final 1.0.0 upstream release + * Tue Feb 16 2010 Tomas Mraz 1.0.0-0.22.beta5 - make TLS work in the FIPS mode diff --git a/sources b/sources index acb119b..dadae2c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -531160d84017cb52e3c23b52cca0d5cf openssl-1.0.0-beta5-usa.tar.bz2 +f1d0d73327d74b302f503763bddf1cf8 openssl-1.0.0-usa.tar.bz2