From 1ff978b22e53e729cb86c4b8783b2d13cf3734b6 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 2 Jun 2017 15:32:15 +0200 Subject: [PATCH] update to upstream version 1.1.0f SRP and GOST is now allowed, note that GOST support requires adding GOST engine which is not part of openssl anymore --- .gitignore | 1 + hobble-openssl | 13 +- openssl-1.1.0-build.patch | 72 ++++- openssl-1.1.0-cc-reqs.patch | 20 +- openssl-1.1.0-ec-curves.patch | 51 ---- openssl-1.1.0-fips.patch | 542 +++++++++++++++++----------------- openssl.spec | 10 +- sources | 2 +- 8 files changed, 350 insertions(+), 361 deletions(-) diff --git a/.gitignore b/.gitignore index 9cbbd5b..a4eb459 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.0c-hobbled.tar.xz /openssl-1.1.0d-hobbled.tar.xz /openssl-1.1.0e-hobbled.tar.xz +/openssl-1.1.0f-hobbled.tar.xz diff --git a/hobble-openssl b/hobble-openssl index e830942..9a23ca6 100755 --- a/hobble-openssl +++ b/hobble-openssl @@ -8,19 +8,11 @@ set -e # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore # RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore # EC: ????????? ??/??/2020 -# SRP: ????????? ??/??/20?? +# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore # Remove assembler portions of IDEA, MDC2, and RC5. # (find crypto/rc5/asm -type f | xargs -r rm -fv) -# SRP. -for a in srp; do - for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do - echo Destroying $c - > $c - done -done - for c in `find crypto/bn -name "*gf2m.c"`; do echo Destroying $c > $c @@ -37,10 +29,9 @@ for c in `find test -name "ectest.c"`; do done for h in `find crypto ssl apps test -name "*.h"` ; do - echo Removing SRP and EC2M references from $h + echo Removing EC2M references from $h cat $h | \ awk 'BEGIN {ech=1;} \ - /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \ {if(ech>0) {;print $0};} \ diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch index 41446ed..8d00f64 100644 --- a/openssl-1.1.0-build.patch +++ b/openssl-1.1.0-build.patch @@ -1,19 +1,28 @@ -diff -up openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build openssl-1.1.0c/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build 2016-11-10 15:03:43.000000000 +0100 -+++ openssl-1.1.0c/Configurations/unix-Makefile.tmpl 2016-11-11 13:26:36.094400833 +0100 -@@ -630,7 +630,7 @@ install_man_docs: - @\ - OUTSUFFIX='.$${SEC}$(MANSUFFIX)'; \ - OUTTOP="$(DESTDIR)$(MANDIR)"; \ -- GENERATE='pod2man --name=$$NAME --section=$$SEC --center=OpenSSL --release=$(VERSION)'; \ -+ GENERATE='TZ=UTC pod2man --name=$$NAME --section=$$SEC --center=OpenSSL --release=$(VERSION)'; \ - $(PROCESS_PODS) +diff -up openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build openssl-1.1.0f/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build 2017-06-02 13:51:39.621289504 +0200 ++++ openssl-1.1.0f/Configurations/unix-Makefile.tmpl 2017-06-02 13:54:45.298654812 +0200 +@@ -553,7 +553,7 @@ uninstall_runtime: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) uninstall_man_docs: -diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configurations/10-main.conf ---- openssl-1.1.0c/Configurations/10-main.conf.build 2016-11-10 15:03:43.000000000 +0100 -+++ openssl-1.1.0c/Configurations/10-main.conf 2016-11-11 13:29:26.502289226 +0100 -@@ -656,6 +656,7 @@ sub vms_info { +@@ -565,7 +565,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html + + uninstall_html_docs: +diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configurations/10-main.conf +--- openssl-1.1.0f/Configurations/10-main.conf.build 2017-05-25 14:46:17.000000000 +0200 ++++ openssl-1.1.0f/Configurations/10-main.conf 2017-06-02 13:51:39.622289528 +0200 +@@ -662,6 +662,7 @@ sub vms_info { cflags => add("-m64 -DL_ENDIAN"), perlasm_scheme => "linux64le", shared_ldflag => add("-m64"), @@ -21,7 +30,7 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu }, "linux-armv4" => { -@@ -696,6 +697,7 @@ sub vms_info { +@@ -702,6 +703,7 @@ sub vms_info { "linux-aarch64" => { inherit_from => [ "linux-generic64", asm("aarch64_asm") ], perlasm_scheme => "linux64", @@ -29,3 +38,36 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], +diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt +--- openssl-1.1.0f/test/evptests.txt.build 2017-05-25 14:46:21.000000000 +0200 ++++ openssl-1.1.0f/test/evptests.txt 2017-06-02 15:05:49.422161136 +0200 +@@ -3690,14 +3690,6 @@ PublicKey=Bob-25519-PUBLIC + MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08= + -----END PUBLIC KEY----- + +-Derive=Alice-25519 +-PeerKey=Bob-25519-PUBLIC +-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +- +-Derive=Bob-25519 +-PeerKey=Alice-25519-PUBLIC +-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +- + # Illegal sign/verify operations with X25519 key + + Sign=Alice-25519 +@@ -3710,6 +3702,14 @@ Result = KEYOP_INIT_ERROR + Function = EVP_PKEY_verify_init + Reason = operation not supported for this keytype + ++Derive=Alice-25519 ++PeerKey=Bob-25519-PUBLIC ++SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 ++ ++Derive=Bob-25519 ++PeerKey=Alice-25519-PUBLIC ++SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 ++ + ## ECDH Tests: test with randomly generated keys for all the listed curves + + diff --git a/openssl-1.1.0-cc-reqs.patch b/openssl-1.1.0-cc-reqs.patch index 3a046c1..135dc15 100644 --- a/openssl-1.1.0-cc-reqs.patch +++ b/openssl-1.1.0-cc-reqs.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/rsa_gen.c ---- openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100 -@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa, +diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/rsa_gen.c +--- openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:13:45.352475862 +0200 +@@ -85,6 +85,12 @@ static int rsa_builtin_keygen(RSA *rsa, if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) goto err; @@ -14,14 +14,14 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/r if (BN_copy(rsa->e, e_value) == NULL) goto err; -@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -107,7 +113,9 @@ static int rsa_builtin_keygen(RSA *rsa, do { if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) goto err; -- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); +- } while (BN_cmp(rsa->p, rsa->q) == 0); + if (!BN_sub(r2, rsa->q, rsa->p)) + goto err; -+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3)); - if (degenerate == 3) { - ok = 0; /* we set our own err */ - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); ++ } while (BN_ucmp(r2, r3) <= 0); + if (!BN_sub(r2, rsa->q, BN_value_one())) + goto err; + if (!BN_gcd(r1, r2, rsa->e, ctx)) diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch index 32cfb08..d6bd022 100644 --- a/openssl-1.1.0-ec-curves.patch +++ b/openssl-1.1.0-ec-curves.patch @@ -59,57 +59,6 @@ diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) -diff -up openssl-1.1.0e/test/ecdhtest_cavs.h.curves openssl-1.1.0e/test/ecdhtest_cavs.h ---- openssl-1.1.0e/test/ecdhtest_cavs.h.curves 2017-02-16 15:46:22.237503550 +0100 -+++ openssl-1.1.0e/test/ecdhtest_cavs.h 2017-02-16 16:08:16.091687111 +0100 -@@ -29,6 +29,7 @@ typedef struct { - - static const ecdh_cavs_kat_t ecdh_cavs_kats[] = { - /* curves over prime fields go here */ -+#if 0 - { NID_X9_62_prime192v1, - "42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0", - "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523", -@@ -204,6 +205,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k - "fcd345a976c720caaa97de6697226825615e1287a9eff67e", - "58ea42edbeeafca9ff44cfd7f29abd2cbde7626d79e422c9", - "72e88f3ea67d46d46dbf83926e7e2a6b85b54536741e6d2c" }, -+#endif - { NID_secp224r1, - "af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280", - "882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7", -diff -up openssl-1.1.0e/test/ecdhtest.c.curves openssl-1.1.0e/test/ecdhtest.c ---- openssl-1.1.0e/test/ecdhtest.c.curves 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/test/ecdhtest.c 2017-02-16 16:07:30.412629758 +0100 -@@ -252,10 +252,12 @@ typedef struct { - - static const ecdh_kat_t ecdh_kats[] = { - /* Keys and shared secrets from RFC 5114 */ -+#if 0 - { NID_X9_62_prime192v1, - "323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426", - "631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62", - "AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE" }, -+#endif - { NID_secp224r1, - "B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F", - "AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18", -@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = { - "01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04" - "D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3" - "DDEA" }, -+#if 0 - /* Keys and shared secrets from RFC 7027 */ - { NID_brainpoolP256r1, - "81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D", -@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = { - "ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429", - "A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76" - "D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" } -+#endif - }; - - /* Given private value and NID, create EC_KEY structure */ diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c --- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100 +++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100 diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index ebdcc55..3362a20 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c ---- openssl-1.1.0e/apps/speed.c.fips 2017-02-16 15:42:44.967362611 +0100 -+++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:42:44.975362800 +0100 -@@ -1442,7 +1442,9 @@ int speed_main(int argc, char **argv) +diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c +--- openssl-1.1.0f/apps/speed.c.fips 2017-06-02 14:14:25.449420942 +0200 ++++ openssl-1.1.0f/apps/speed.c 2017-06-02 14:14:25.457421131 +0200 +@@ -1448,7 +1448,9 @@ int speed_main(int argc, char **argv) } # endif if (strcmp(*argv, "rsa") == 0) { @@ -12,7 +12,7 @@ diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = rsa_doit[R_RSA_15360] = 1; -@@ -1455,7 +1457,9 @@ int speed_main(int argc, char **argv) +@@ -1461,7 +1463,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -23,7 +23,7 @@ diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1544,15 +1548,21 @@ int speed_main(int argc, char **argv) +@@ -1550,15 +1554,21 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -48,7 +48,7 @@ diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c #endif #ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) -@@ -1601,30 +1611,46 @@ int speed_main(int argc, char **argv) +@@ -1607,30 +1617,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -105,7 +105,7 @@ diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -1885,6 +1911,7 @@ int speed_main(int argc, char **argv) +@@ -1891,6 +1917,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -113,10 +113,10 @@ diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.0e/Configure.fips openssl-1.1.0e/Configure ---- openssl-1.1.0e/Configure.fips 2017-02-16 15:42:44.972362729 +0100 -+++ openssl-1.1.0e/Configure 2017-02-16 15:42:44.975362800 +0100 -@@ -312,7 +312,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.0f/Configure.fips openssl-1.1.0f/Configure +--- openssl-1.1.0f/Configure.fips 2017-06-02 14:14:25.455421083 +0200 ++++ openssl-1.1.0f/Configure 2017-06-02 14:14:25.458421154 +0200 +@@ -314,7 +314,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", @@ -125,9 +125,9 @@ diff -up openssl-1.1.0e/Configure.fips openssl-1.1.0e/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; -diff -up openssl-1.1.0e/crypto/bn/bn_rand.c.fips openssl-1.1.0e/crypto/bn/bn_rand.c ---- openssl-1.1.0e/crypto/bn/bn_rand.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/bn/bn_rand.c 2017-02-16 15:42:44.975362800 +0100 +diff -up openssl-1.1.0f/crypto/bn/bn_rand.c.fips openssl-1.1.0f/crypto/bn/bn_rand.c +--- openssl-1.1.0f/crypto/bn/bn_rand.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/bn/bn_rand.c 2017-06-02 14:14:25.458421154 +0200 @@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM goto err; } @@ -143,9 +143,9 @@ diff -up openssl-1.1.0e/crypto/bn/bn_rand.c.fips openssl-1.1.0e/crypto/bn/bn_ran if (RAND_bytes(buf, bytes) <= 0) goto err; -diff -up openssl-1.1.0e/crypto/dh/dh_err.c.fips openssl-1.1.0e/crypto/dh/dh_err.c ---- openssl-1.1.0e/crypto/dh/dh_err.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dh/dh_err.c 2017-02-16 15:42:44.975362800 +0100 +diff -up openssl-1.1.0f/crypto/dh/dh_err.c.fips openssl-1.1.0f/crypto/dh/dh_err.c +--- openssl-1.1.0f/crypto/dh/dh_err.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dh/dh_err.c 2017-06-02 14:14:25.458421154 +0200 @@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, @@ -168,9 +168,9 @@ diff -up openssl-1.1.0e/crypto/dh/dh_err.c.fips openssl-1.1.0e/crypto/dh/dh_err. {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, -diff -up openssl-1.1.0e/crypto/dh/dh_gen.c.fips openssl-1.1.0e/crypto/dh/dh_gen.c ---- openssl-1.1.0e/crypto/dh/dh_gen.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dh/dh_gen.c 2017-02-16 15:42:44.975362800 +0100 +diff -up openssl-1.1.0f/crypto/dh/dh_gen.c.fips openssl-1.1.0f/crypto/dh/dh_gen.c +--- openssl-1.1.0f/crypto/dh/dh_gen.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dh/dh_gen.c 2017-06-02 14:14:25.458421154 +0200 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -214,9 +214,9 @@ diff -up openssl-1.1.0e/crypto/dh/dh_gen.c.fips openssl-1.1.0e/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0e/crypto/dh/dh_key.c.fips openssl-1.1.0e/crypto/dh/dh_key.c ---- openssl-1.1.0e/crypto/dh/dh_key.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dh/dh_key.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.c +--- openssl-1.1.0f/crypto/dh/dh_key.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dh/dh_key.c 2017-06-02 14:14:25.458421154 +0200 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -300,9 +300,9 @@ diff -up openssl-1.1.0e/crypto/dh/dh_key.c.fips openssl-1.1.0e/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0e/crypto/dsa/dsa_err.c.fips openssl-1.1.0e/crypto/dsa/dsa_err.c ---- openssl-1.1.0e/crypto/dsa/dsa_err.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dsa/dsa_err.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/dsa/dsa_err.c.fips openssl-1.1.0f/crypto/dsa/dsa_err.c +--- openssl-1.1.0f/crypto/dsa/dsa_err.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dsa/dsa_err.c 2017-06-02 14:14:25.458421154 +0200 @@ -21,10 +21,13 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -330,9 +330,9 @@ diff -up openssl-1.1.0e/crypto/dsa/dsa_err.c.fips openssl-1.1.0e/crypto/dsa/dsa_ {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, {ERR_REASON(DSA_R_SEED_LEN_SMALL), -diff -up openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips openssl-1.1.0e/crypto/dsa/dsa_gen.c ---- openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dsa/dsa_gen.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_gen.c +--- openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dsa/dsa_gen.c 2017-06-02 14:14:25.459421178 +0200 @@ -22,12 +22,22 @@ #include #include @@ -494,9 +494,9 @@ diff -up openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips openssl-1.1.0e/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.0e/crypto/dsa/dsa_key.c.fips openssl-1.1.0e/crypto/dsa/dsa_key.c ---- openssl-1.1.0e/crypto/dsa/dsa_key.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dsa/dsa_key.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/dsa/dsa_key.c.fips openssl-1.1.0f/crypto/dsa/dsa_key.c +--- openssl-1.1.0f/crypto/dsa/dsa_key.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dsa/dsa_key.c 2017-06-02 14:14:25.459421178 +0200 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -576,9 +576,9 @@ diff -up openssl-1.1.0e/crypto/dsa/dsa_key.c.fips openssl-1.1.0e/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0e/crypto/dsa/dsa_ossl.c ---- openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dsa/dsa_ossl.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa_ossl.c +--- openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dsa/dsa_ossl.c 2017-06-02 14:14:25.459421178 +0200 @@ -15,6 +15,9 @@ #include #include "dsa_locl.h" @@ -638,9 +638,9 @@ diff -up openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0e/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0e/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/dsa/dsa_pmeth.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0f/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/dsa/dsa_pmeth.c 2017-06-02 14:14:25.459421178 +0200 @@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -652,9 +652,9 @@ diff -up openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0e/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdh_ossl.c ---- openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/ec/ecdh_ossl.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdh_ossl.c +--- openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/ec/ecdh_ossl.c 2017-06-02 14:14:25.459421178 +0200 @@ -33,9 +33,20 @@ #include #include "ec_lcl.h" @@ -676,9 +676,9 @@ diff -up openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/ec/ecdsa_ossl.c 2017-02-16 15:42:44.976362824 +0100 +diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/ec/ecdsa_ossl.c 2017-06-02 14:14:25.459421178 +0200 @@ -15,6 +15,10 @@ #include #include "ec_lcl.h" @@ -718,9 +718,9 @@ diff -up openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0e/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.0e/crypto/ec/ec_key.c.fips openssl-1.1.0e/crypto/ec/ec_key.c ---- openssl-1.1.0e/crypto/ec/ec_key.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/ec/ec_key.c 2017-02-16 15:42:44.977362848 +0100 +diff -up openssl-1.1.0f/crypto/ec/ec_key.c.fips openssl-1.1.0f/crypto/ec/ec_key.c +--- openssl-1.1.0f/crypto/ec/ec_key.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/ec/ec_key.c 2017-06-02 14:14:25.459421178 +0200 @@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } @@ -785,9 +785,9 @@ diff -up openssl-1.1.0e/crypto/ec/ec_key.c.fips openssl-1.1.0e/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.0e/crypto/err/err_all.c.fips openssl-1.1.0e/crypto/err/err_all.c ---- openssl-1.1.0e/crypto/err/err_all.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/err/err_all.c 2017-02-16 15:42:44.977362848 +0100 +diff -up openssl-1.1.0f/crypto/err/err_all.c.fips openssl-1.1.0f/crypto/err/err_all.c +--- openssl-1.1.0f/crypto/err/err_all.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/err/err_all.c 2017-06-02 14:14:25.460421201 +0200 @@ -43,9 +43,6 @@ int err_load_crypto_strings_int(void) { @@ -798,9 +798,9 @@ diff -up openssl-1.1.0e/crypto/err/err_all.c.fips openssl-1.1.0e/crypto/err/err_ #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || -diff -up openssl-1.1.0e/crypto/evp/c_allc.c.fips openssl-1.1.0e/crypto/evp/c_allc.c ---- openssl-1.1.0e/crypto/evp/c_allc.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/c_allc.c 2017-02-16 15:42:44.977362848 +0100 +diff -up openssl-1.1.0f/crypto/evp/c_allc.c.fips openssl-1.1.0f/crypto/evp/c_allc.c +--- openssl-1.1.0f/crypto/evp/c_allc.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/c_allc.c 2017-06-02 14:14:25.460421201 +0200 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -882,9 +882,9 @@ diff -up openssl-1.1.0e/crypto/evp/c_allc.c.fips openssl-1.1.0e/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0e/crypto/evp/c_alld.c.fips openssl-1.1.0e/crypto/evp/c_alld.c ---- openssl-1.1.0e/crypto/evp/c_alld.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/c_alld.c 2017-02-16 15:42:44.977362848 +0100 +diff -up openssl-1.1.0f/crypto/evp/c_alld.c.fips openssl-1.1.0f/crypto/evp/c_alld.c +--- openssl-1.1.0f/crypto/evp/c_alld.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/c_alld.c 2017-06-02 14:14:25.460421201 +0200 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -911,9 +911,9 @@ diff -up openssl-1.1.0e/crypto/evp/c_alld.c.fips openssl-1.1.0e/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0e/crypto/evp/digest.c.fips openssl-1.1.0e/crypto/evp/digest.c ---- openssl-1.1.0e/crypto/evp/digest.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/digest.c 2017-02-16 15:42:44.977362848 +0100 +diff -up openssl-1.1.0f/crypto/evp/digest.c.fips openssl-1.1.0f/crypto/evp/digest.c +--- openssl-1.1.0f/crypto/evp/digest.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/digest.c 2017-06-02 14:14:25.460421201 +0200 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -973,9 +973,9 @@ diff -up openssl-1.1.0e/crypto/evp/digest.c.fips openssl-1.1.0e/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.0e/crypto/evp/e_aes.c.fips openssl-1.1.0e/crypto/evp/e_aes.c ---- openssl-1.1.0e/crypto/evp/e_aes.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/e_aes.c 2017-02-16 15:42:44.978362871 +0100 +diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes.c +--- openssl-1.1.0f/crypto/evp/e_aes.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/e_aes.c 2017-06-02 14:14:25.460421201 +0200 @@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -1071,9 +1071,9 @@ diff -up openssl-1.1.0e/crypto/evp/e_aes.c.fips openssl-1.1.0e/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.0e/crypto/evp/e_des3.c.fips openssl-1.1.0e/crypto/evp/e_des3.c ---- openssl-1.1.0e/crypto/evp/e_des3.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/e_des3.c 2017-02-16 15:42:44.978362871 +0100 +diff -up openssl-1.1.0f/crypto/evp/e_des3.c.fips openssl-1.1.0f/crypto/evp/e_des3.c +--- openssl-1.1.0f/crypto/evp/e_des3.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/e_des3.c 2017-06-02 14:14:25.461421225 +0200 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1100,9 +1100,9 @@ diff -up openssl-1.1.0e/crypto/evp/e_des3.c.fips openssl-1.1.0e/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.0e/crypto/evp/e_null.c.fips openssl-1.1.0e/crypto/evp/e_null.c ---- openssl-1.1.0e/crypto/evp/e_null.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/e_null.c 2017-02-16 15:42:44.978362871 +0100 +diff -up openssl-1.1.0f/crypto/evp/e_null.c.fips openssl-1.1.0f/crypto/evp/e_null.c +--- openssl-1.1.0f/crypto/evp/e_null.c.fips 2017-05-25 14:46:18.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/e_null.c 2017-06-02 14:14:25.461421225 +0200 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1113,9 +1113,9 @@ diff -up openssl-1.1.0e/crypto/evp/e_null.c.fips openssl-1.1.0e/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.0e/crypto/evp/evp_enc.c.fips openssl-1.1.0e/crypto/evp/evp_enc.c ---- openssl-1.1.0e/crypto/evp/evp_enc.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/evp_enc.c 2017-02-16 15:45:17.526972401 +0100 +diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_enc.c +--- openssl-1.1.0f/crypto/evp/evp_enc.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/evp_enc.c 2017-06-02 14:14:25.461421225 +0200 @@ -16,10 +16,19 @@ #include #include "internal/evp_int.h" @@ -1191,9 +1191,9 @@ diff -up openssl-1.1.0e/crypto/evp/evp_enc.c.fips openssl-1.1.0e/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.0e/crypto/evp/evp_err.c.fips openssl-1.1.0e/crypto/evp/evp_err.c ---- openssl-1.1.0e/crypto/evp/evp_err.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/evp_err.c 2017-02-16 15:42:44.978362871 +0100 +diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_err.c +--- openssl-1.1.0f/crypto/evp/evp_err.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/evp_err.c 2017-06-02 14:14:25.461421225 +0200 @@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[] {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, @@ -1218,9 +1218,9 @@ diff -up openssl-1.1.0e/crypto/evp/evp_err.c.fips openssl-1.1.0e/crypto/evp/evp_ {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.0e/crypto/evp/evp_lib.c.fips openssl-1.1.0e/crypto/evp/evp_lib.c ---- openssl-1.1.0e/crypto/evp/evp_lib.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/evp_lib.c 2017-02-16 15:42:44.978362871 +0100 +diff -up openssl-1.1.0f/crypto/evp/evp_lib.c.fips openssl-1.1.0f/crypto/evp/evp_lib.c +--- openssl-1.1.0f/crypto/evp/evp_lib.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/evp_lib.c 2017-06-02 14:14:25.461421225 +0200 @@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1231,9 +1231,9 @@ diff -up openssl-1.1.0e/crypto/evp/evp_lib.c.fips openssl-1.1.0e/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.0e/crypto/evp/m_sha1.c.fips openssl-1.1.0e/crypto/evp/m_sha1.c ---- openssl-1.1.0e/crypto/evp/m_sha1.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/evp/m_sha1.c 2017-02-16 15:42:44.978362871 +0100 +diff -up openssl-1.1.0f/crypto/evp/m_sha1.c.fips openssl-1.1.0f/crypto/evp/m_sha1.c +--- openssl-1.1.0f/crypto/evp/m_sha1.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/evp/m_sha1.c 2017-06-02 14:14:25.461421225 +0200 @@ -94,7 +94,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1279,9 +1279,9 @@ diff -up openssl-1.1.0e/crypto/evp/m_sha1.c.fips openssl-1.1.0e/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.0e/crypto/fips/build.info.fips openssl-1.1.0e/crypto/fips/build.info ---- openssl-1.1.0e/crypto/fips/build.info.fips 2017-02-16 15:42:44.979362895 +0100 -+++ openssl-1.1.0e/crypto/fips/build.info 2017-02-16 15:42:44.979362895 +0100 +diff -up openssl-1.1.0f/crypto/fips/build.info.fips openssl-1.1.0f/crypto/fips/build.info +--- openssl-1.1.0f/crypto/fips/build.info.fips 2017-06-02 14:14:25.461421225 +0200 ++++ openssl-1.1.0f/crypto/fips/build.info 2017-06-02 14:14:25.461421225 +0200 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1298,9 +1298,9 @@ diff -up openssl-1.1.0e/crypto/fips/build.info.fips openssl-1.1.0e/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_aes_selftest.c 2017-02-16 15:42:44.979362895 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_aes_selftest.c 2017-06-02 14:14:25.462421248 +0200 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1674,9 +1674,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0e/cryp +} + +#endif -diff -up openssl-1.1.0e/crypto/fips/fips.c.fips openssl-1.1.0e/crypto/fips/fips.c ---- openssl-1.1.0e/crypto/fips/fips.c.fips 2017-02-16 15:42:44.979362895 +0100 -+++ openssl-1.1.0e/crypto/fips/fips.c 2017-02-16 15:42:44.979362895 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips.c.fips openssl-1.1.0f/crypto/fips/fips.c +--- openssl-1.1.0f/crypto/fips/fips.c.fips 2017-06-02 14:14:25.462421248 +0200 ++++ openssl-1.1.0f/crypto/fips/fips.c 2017-06-02 14:14:25.462421248 +0200 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2204,9 +2204,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips.c.fips openssl-1.1.0e/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c 2017-02-16 15:42:44.979362895 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c 2017-06-02 14:14:25.462421248 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2364,9 +2364,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0e/cry + return rv; +} +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_des_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_des_selftest.c 2017-02-16 15:42:44.979362895 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_des_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_des_selftest.c 2017-06-02 14:14:25.462421248 +0200 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2501,9 +2501,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0e/cryp + return ret; +} +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_dh_selftest.c 2017-02-16 15:42:44.979362895 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_dh_selftest.c 2017-06-02 14:14:25.462421248 +0200 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2685,9 +2685,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0e/crypt + return ret; +} +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips 2017-02-16 15:42:44.980362918 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c 2017-02-16 15:42:44.980362918 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips 2017-06-02 14:14:25.463421272 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c 2017-06-02 14:14:25.463421272 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3104,9 +3104,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0e/crypto/f + + return 1; +} -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips 2017-02-16 15:42:44.980362918 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_hash.c 2017-02-16 15:42:44.980362918 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips 2017-06-02 14:14:25.463421272 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_hash.c 2017-06-02 14:14:25.463421272 +0200 @@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3469,9 +3469,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0e/crypto/ + + return 1; +} -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips 2017-02-16 15:42:44.980362918 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c 2017-02-16 15:42:44.980362918 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips 2017-06-02 14:14:25.463421272 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c 2017-06-02 14:14:25.463421272 +0200 @@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3745,9 +3745,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0e/crypto/ + + return 1; +} -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips 2017-02-16 15:42:44.980362918 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_lib.c 2017-02-16 15:42:44.980362918 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips 2017-06-02 14:14:25.463421272 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_lib.c 2017-06-02 14:14:25.463421272 +0200 @@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4304,9 +4304,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0e/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips 2017-02-16 15:42:44.980362918 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_rand.c 2017-02-16 15:42:44.980362918 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips 2017-06-02 14:14:25.463421272 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_rand.c 2017-06-02 14:14:25.463421272 +0200 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4491,9 +4491,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0e/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips 2017-02-16 15:42:44.981362942 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c 2017-02-16 15:42:44.981362942 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips 2017-06-02 14:14:25.464421296 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c 2017-06-02 14:14:25.464421296 +0200 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5323,9 +5323,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0e/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips 2017-02-16 15:42:44.982362966 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h 2017-02-16 15:42:44.982362966 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips 2017-06-02 14:14:25.465421319 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h 2017-06-02 14:14:25.465421319 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7118,9 +7118,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0e/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c 2017-02-16 15:42:44.982362966 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c 2017-06-02 14:14:25.465421319 +0200 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7317,9 +7317,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0e/cryp + return ret; +} +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c 2017-02-16 15:42:44.982362966 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c 2017-06-02 14:14:25.465421319 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7563,9 +7563,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0e/cry +} + +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c 2017-02-16 15:42:44.982362966 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c 2017-06-02 14:14:25.465421319 +0200 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7733,9 +7733,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0e/cr +} + +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_enc.c.fips openssl-1.1.0e/crypto/fips/fips_enc.c ---- openssl-1.1.0e/crypto/fips/fips_enc.c.fips 2017-02-16 15:42:44.982362966 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_enc.c 2017-02-16 15:42:44.982362966 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_enc.c.fips openssl-1.1.0f/crypto/fips/fips_enc.c +--- openssl-1.1.0f/crypto/fips/fips_enc.c.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_enc.c 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7926,9 +7926,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_enc.c.fips openssl-1.1.0e/crypto/fips/f + + } +} -diff -up openssl-1.1.0e/crypto/fips/fips_err.h.fips openssl-1.1.0e/crypto/fips/fips_err.h ---- openssl-1.1.0e/crypto/fips/fips_err.h.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_err.h 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_err.h.fips openssl-1.1.0f/crypto/fips/fips_err.h +--- openssl-1.1.0f/crypto/fips/fips_err.h.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_err.h 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8126,9 +8126,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_err.h.fips openssl-1.1.0e/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.0e/crypto/fips/fips_ers.c.fips openssl-1.1.0e/crypto/fips/fips_ers.c ---- openssl-1.1.0e/crypto/fips/fips_ers.c.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_ers.c 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_ers.c.fips openssl-1.1.0f/crypto/fips/fips_ers.c +--- openssl-1.1.0f/crypto/fips/fips_ers.c.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_ers.c 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,7 @@ +#include + @@ -8137,9 +8137,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_ers.c.fips openssl-1.1.0e/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8275,9 +8275,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0e/cry + return 1; +} +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_locl.h.fips openssl-1.1.0e/crypto/fips/fips_locl.h ---- openssl-1.1.0e/crypto/fips/fips_locl.h.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_locl.h 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_locl.h.fips openssl-1.1.0f/crypto/fips/fips_locl.h +--- openssl-1.1.0f/crypto/fips/fips_locl.h.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_locl.h 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8350,9 +8350,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_locl.h.fips openssl-1.1.0e/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_md.c.fips openssl-1.1.0e/crypto/fips/fips_md.c ---- openssl-1.1.0e/crypto/fips/fips_md.c.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_md.c 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_md.c.fips openssl-1.1.0f/crypto/fips/fips_md.c +--- openssl-1.1.0f/crypto/fips/fips_md.c.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_md.c 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8498,9 +8498,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_md.c.fips openssl-1.1.0e/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.1.0e/crypto/fips/fips_post.c.fips openssl-1.1.0e/crypto/fips/fips_post.c ---- openssl-1.1.0e/crypto/fips/fips_post.c.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_post.c 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_post.c.fips openssl-1.1.0f/crypto/fips/fips_post.c +--- openssl-1.1.0f/crypto/fips/fips_post.c.fips 2017-06-02 14:14:25.466421343 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_post.c 2017-06-02 14:14:25.466421343 +0200 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8724,9 +8724,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_post.c.fips openssl-1.1.0e/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0e/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips 2017-02-16 15:42:44.983362989 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_rand_lcl.h 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0f/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips 2017-06-02 14:14:25.467421366 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_rand_lcl.h 2017-06-02 14:14:25.467421366 +0200 @@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8937,9 +8937,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0e/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0e/crypto/fips/fips_rand_lib.c ---- openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips 2017-02-16 15:42:44.984363013 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_rand_lib.c 2017-02-16 15:42:44.983362989 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0f/crypto/fips/fips_rand_lib.c +--- openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips 2017-06-02 14:14:25.467421366 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_rand_lib.c 2017-06-02 14:14:25.467421366 +0200 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9175,9 +9175,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0e/crypto/f +# endif +} + -diff -up openssl-1.1.0e/crypto/fips/fips_randtest.c.fips openssl-1.1.0e/crypto/fips/fips_randtest.c ---- openssl-1.1.0e/crypto/fips/fips_randtest.c.fips 2017-02-16 15:42:44.984363013 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_randtest.c 2017-02-16 15:42:44.984363013 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_randtest.c.fips openssl-1.1.0f/crypto/fips/fips_randtest.c +--- openssl-1.1.0f/crypto/fips/fips_randtest.c.fips 2017-06-02 14:14:25.467421366 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_randtest.c 2017-06-02 14:14:25.467421366 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -9426,9 +9426,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_randtest.c.fips openssl-1.1.0e/crypto/f +} + +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips 2017-02-16 15:42:44.984363013 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c 2017-02-16 15:42:44.984363013 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips 2017-06-02 14:14:25.467421366 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c 2017-06-02 14:14:25.467421366 +0200 @@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10008,9 +10008,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0e/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips 2017-02-16 15:42:44.984363013 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_sha_selftest.c 2017-02-16 15:42:44.984363013 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips 2017-06-02 14:14:25.467421366 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_sha_selftest.c 2017-06-02 14:14:25.467421366 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10150,9 +10150,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0e/cryp +} + +#endif -diff -up openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips 2017-02-16 15:42:44.984363013 +0100 -+++ openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c 2017-02-16 15:42:44.984363013 +0100 +diff -up openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips 2017-06-02 14:14:25.468421390 +0200 ++++ openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c 2017-06-02 14:14:25.468421390 +0200 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10281,9 +10281,9 @@ diff -up openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0e/c +#endif + return 0; +} -diff -up openssl-1.1.0e/crypto/hmac/hmac.c.fips openssl-1.1.0e/crypto/hmac/hmac.c ---- openssl-1.1.0e/crypto/hmac/hmac.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/hmac/hmac.c 2017-02-16 15:42:44.984363013 +0100 +diff -up openssl-1.1.0f/crypto/hmac/hmac.c.fips openssl-1.1.0f/crypto/hmac/hmac.c +--- openssl-1.1.0f/crypto/hmac/hmac.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/hmac/hmac.c 2017-06-02 14:14:25.468421390 +0200 @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } @@ -10298,9 +10298,9 @@ diff -up openssl-1.1.0e/crypto/hmac/hmac.c.fips openssl-1.1.0e/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.1.0e/crypto/include/internal/fips_int.h.fips openssl-1.1.0e/crypto/include/internal/fips_int.h ---- openssl-1.1.0e/crypto/include/internal/fips_int.h.fips 2017-02-16 15:42:44.985363037 +0100 -+++ openssl-1.1.0e/crypto/include/internal/fips_int.h 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/include/internal/fips_int.h.fips openssl-1.1.0f/crypto/include/internal/fips_int.h +--- openssl-1.1.0f/crypto/include/internal/fips_int.h.fips 2017-06-02 14:14:25.468421390 +0200 ++++ openssl-1.1.0f/crypto/include/internal/fips_int.h 2017-06-02 14:14:25.468421390 +0200 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10403,9 +10403,9 @@ diff -up openssl-1.1.0e/crypto/include/internal/fips_int.h.fips openssl-1.1.0e/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.0e/crypto/o_fips.c.fips openssl-1.1.0e/crypto/o_fips.c ---- openssl-1.1.0e/crypto/o_fips.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/o_fips.c 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/o_fips.c.fips openssl-1.1.0f/crypto/o_fips.c +--- openssl-1.1.0f/crypto/o_fips.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/o_fips.c 2017-06-02 14:14:25.468421390 +0200 @@ -9,7 +9,10 @@ #include "internal/cryptlib.h" @@ -10434,9 +10434,9 @@ diff -up openssl-1.1.0e/crypto/o_fips.c.fips openssl-1.1.0e/crypto/o_fips.c #else if (r == 0) return 1; -diff -up openssl-1.1.0e/crypto/o_init.c.fips openssl-1.1.0e/crypto/o_init.c ---- openssl-1.1.0e/crypto/o_init.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/o_init.c 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/o_init.c.fips openssl-1.1.0f/crypto/o_init.c +--- openssl-1.1.0f/crypto/o_init.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/o_init.c 2017-06-02 14:14:25.468421390 +0200 @@ -7,11 +7,50 @@ * https://www.openssl.org/source/license.html */ @@ -10523,9 +10523,9 @@ diff -up openssl-1.1.0e/crypto/o_init.c.fips openssl-1.1.0e/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.1.0e/crypto/rand/md_rand.c.fips openssl-1.1.0e/crypto/rand/md_rand.c ---- openssl-1.1.0e/crypto/rand/md_rand.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/rand/md_rand.c 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/rand/md_rand.c.fips openssl-1.1.0f/crypto/rand/md_rand.c +--- openssl-1.1.0f/crypto/rand/md_rand.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rand/md_rand.c 2017-06-02 14:14:25.468421390 +0200 @@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; @@ -10535,9 +10535,9 @@ diff -up openssl-1.1.0e/crypto/rand/md_rand.c.fips openssl-1.1.0e/crypto/rand/md RAND_poll(); initialized = 1; } -diff -up openssl-1.1.0e/crypto/rand/rand_err.c.fips openssl-1.1.0e/crypto/rand/rand_err.c ---- openssl-1.1.0e/crypto/rand/rand_err.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/rand/rand_err.c 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/rand/rand_err.c.fips openssl-1.1.0f/crypto/rand/rand_err.c +--- openssl-1.1.0f/crypto/rand/rand_err.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rand/rand_err.c 2017-06-02 14:14:25.468421390 +0200 @@ -20,10 +20,13 @@ static ERR_STRING_DATA RAND_str_functs[] = { @@ -10552,9 +10552,9 @@ diff -up openssl-1.1.0e/crypto/rand/rand_err.c.fips openssl-1.1.0e/crypto/rand/r {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; -diff -up openssl-1.1.0e/crypto/rand/rand_lcl.h.fips openssl-1.1.0e/crypto/rand/rand_lcl.h ---- openssl-1.1.0e/crypto/rand/rand_lcl.h.fips 2017-02-16 15:42:44.817359061 +0100 -+++ openssl-1.1.0e/crypto/rand/rand_lcl.h 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/rand/rand_lcl.h.fips openssl-1.1.0f/crypto/rand/rand_lcl.h +--- openssl-1.1.0f/crypto/rand/rand_lcl.h.fips 2017-06-02 14:14:25.303417501 +0200 ++++ openssl-1.1.0f/crypto/rand/rand_lcl.h 2017-06-02 14:14:25.468421390 +0200 @@ -10,7 +10,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -10564,9 +10564,9 @@ diff -up openssl-1.1.0e/crypto/rand/rand_lcl.h.fips openssl-1.1.0e/crypto/rand/r # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # define USE_SHA1_RAND -diff -up openssl-1.1.0e/crypto/rand/rand_lib.c.fips openssl-1.1.0e/crypto/rand/rand_lib.c ---- openssl-1.1.0e/crypto/rand/rand_lib.c.fips 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/rand/rand_lib.c 2017-02-16 15:42:44.985363037 +0100 +diff -up openssl-1.1.0f/crypto/rand/rand_lib.c.fips openssl-1.1.0f/crypto/rand/rand_lib.c +--- openssl-1.1.0f/crypto/rand/rand_lib.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rand/rand_lib.c 2017-06-02 14:14:25.469421413 +0200 @@ -18,6 +18,8 @@ #ifdef OPENSSL_FIPS # include @@ -10576,7 +10576,7 @@ diff -up openssl-1.1.0e/crypto/rand/rand_lib.c.fips openssl-1.1.0e/crypto/rand/r #endif #ifndef OPENSSL_NO_ENGINE -@@ -124,3 +126,127 @@ int RAND_status(void) +@@ -162,3 +164,127 @@ int RAND_status(void) return meth->status(); return 0; } @@ -10704,9 +10704,9 @@ diff -up openssl-1.1.0e/crypto/rand/rand_lib.c.fips openssl-1.1.0e/crypto/rand/r +} + +#endif -diff -up openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0e/crypto/rsa/rsa_crpt.c ---- openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/rsa/rsa_crpt.c 2017-02-16 15:42:44.986363060 +0100 +diff -up openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0f/crypto/rsa/rsa_crpt.c +--- openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_crpt.c 2017-06-02 14:14:25.469421413 +0200 @@ -28,24 +28,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10760,9 +10760,9 @@ diff -up openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0e/crypto/rsa/rsa return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.1.0e/crypto/rsa/rsa_err.c.fips openssl-1.1.0e/crypto/rsa/rsa_err.c ---- openssl-1.1.0e/crypto/rsa/rsa_err.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/rsa/rsa_err.c 2017-02-16 15:42:44.986363060 +0100 +diff -up openssl-1.1.0f/crypto/rsa/rsa_err.c.fips openssl-1.1.0f/crypto/rsa/rsa_err.c +--- openssl-1.1.0f/crypto/rsa/rsa_err.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_err.c 2017-06-02 14:14:25.469421413 +0200 @@ -21,6 +21,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, @@ -10808,9 +10808,9 @@ diff -up openssl-1.1.0e/crypto/rsa/rsa_err.c.fips openssl-1.1.0e/crypto/rsa/rsa_ {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -diff -up openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips openssl-1.1.0e/crypto/rsa/rsa_gen.c ---- openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips 2017-02-16 15:42:44.969362658 +0100 -+++ openssl-1.1.0e/crypto/rsa/rsa_gen.c 2017-02-16 15:42:44.986363060 +0100 +diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips openssl-1.1.0f/crypto/rsa/rsa_gen.c +--- openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips 2017-06-02 14:14:25.451420989 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:18:19.933947715 +0200 @@ -18,6 +18,75 @@ #include "internal/cryptlib.h" #include @@ -11186,12 +11186,12 @@ diff -up openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips openssl-1.1.0e/crypto/rsa/rsa_ + } +#endif + - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -diff -up openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips openssl-1.1.0e/crypto/rsa/rsa_lib.c ---- openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/rsa/rsa_lib.c 2017-02-16 15:42:44.986363060 +0100 + /* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. +diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_lib.c +--- openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_lib.c 2017-06-02 14:14:25.469421413 +0200 @@ -26,6 +26,12 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11247,9 +11247,9 @@ diff -up openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips openssl-1.1.0e/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0e/crypto/rsa/rsa_ossl.c ---- openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/rsa/rsa_ossl.c 2017-02-16 15:42:44.986363060 +0100 +diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa_ossl.c +--- openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_ossl.c 2017-06-02 14:14:25.470421437 +0200 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -11353,9 +11353,9 @@ diff -up openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0e/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips openssl-1.1.0e/crypto/rsa/rsa_sign.c ---- openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/rsa/rsa_sign.c 2017-02-16 15:42:44.986363060 +0100 +diff -up openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips openssl-1.1.0f/crypto/rsa/rsa_sign.c +--- openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/rsa/rsa_sign.c 2017-06-02 14:14:25.470421437 +0200 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -11382,9 +11382,9 @@ diff -up openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips openssl-1.1.0e/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.0e/crypto/sha/sha_locl.h.fips openssl-1.1.0e/crypto/sha/sha_locl.h ---- openssl-1.1.0e/crypto/sha/sha_locl.h.fips 2017-02-16 15:42:44.738357192 +0100 -+++ openssl-1.1.0e/crypto/sha/sha_locl.h 2017-02-16 15:42:44.987363084 +0100 +diff -up openssl-1.1.0f/crypto/sha/sha_locl.h.fips openssl-1.1.0f/crypto/sha/sha_locl.h +--- openssl-1.1.0f/crypto/sha/sha_locl.h.fips 2017-06-02 14:14:25.232415827 +0200 ++++ openssl-1.1.0f/crypto/sha/sha_locl.h 2017-06-02 14:14:25.470421437 +0200 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -11395,9 +11395,9 @@ diff -up openssl-1.1.0e/crypto/sha/sha_locl.h.fips openssl-1.1.0e/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.0e/crypto/sha/sha256.c.fips openssl-1.1.0e/crypto/sha/sha256.c ---- openssl-1.1.0e/crypto/sha/sha256.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/sha/sha256.c 2017-02-16 15:42:44.986363060 +0100 +diff -up openssl-1.1.0f/crypto/sha/sha256.c.fips openssl-1.1.0f/crypto/sha/sha256.c +--- openssl-1.1.0f/crypto/sha/sha256.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/sha/sha256.c 2017-06-02 14:14:25.470421437 +0200 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -11418,9 +11418,9 @@ diff -up openssl-1.1.0e/crypto/sha/sha256.c.fips openssl-1.1.0e/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.0e/crypto/sha/sha512.c.fips openssl-1.1.0e/crypto/sha/sha512.c ---- openssl-1.1.0e/crypto/sha/sha512.c.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/crypto/sha/sha512.c 2017-02-16 15:42:44.987363084 +0100 +diff -up openssl-1.1.0f/crypto/sha/sha512.c.fips openssl-1.1.0f/crypto/sha/sha512.c +--- openssl-1.1.0f/crypto/sha/sha512.c.fips 2017-05-25 14:46:19.000000000 +0200 ++++ openssl-1.1.0f/crypto/sha/sha512.c 2017-06-02 14:14:25.470421437 +0200 @@ -62,6 +62,9 @@ int SHA384_Init(SHA512_CTX *c) @@ -11441,9 +11441,9 @@ diff -up openssl-1.1.0e/crypto/sha/sha512.c.fips openssl-1.1.0e/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod 2017-02-16 15:42:44.987363084 +0100 +diff -up openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod +--- openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod 2017-06-02 14:14:25.470421437 +0200 @@ -29,8 +29,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -11457,9 +11457,9 @@ diff -up openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.0e/include/openssl/crypto.h.fips openssl-1.1.0e/include/openssl/crypto.h ---- openssl-1.1.0e/include/openssl/crypto.h.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/crypto.h 2017-02-16 15:42:44.987363084 +0100 +diff -up openssl-1.1.0f/include/openssl/crypto.h.fips openssl-1.1.0f/include/openssl/crypto.h +--- openssl-1.1.0f/include/openssl/crypto.h.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/crypto.h 2017-06-02 14:14:25.470421437 +0200 @@ -332,6 +332,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -11472,9 +11472,9 @@ diff -up openssl-1.1.0e/include/openssl/crypto.h.fips openssl-1.1.0e/include/ope void OPENSSL_init(void); struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -diff -up openssl-1.1.0e/include/openssl/dh.h.fips openssl-1.1.0e/include/openssl/dh.h ---- openssl-1.1.0e/include/openssl/dh.h.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/dh.h 2017-02-16 15:42:44.987363084 +0100 +diff -up openssl-1.1.0f/include/openssl/dh.h.fips openssl-1.1.0f/include/openssl/dh.h +--- openssl-1.1.0f/include/openssl/dh.h.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/dh.h 2017-06-02 14:14:25.471421461 +0200 @@ -30,6 +30,7 @@ extern "C" { # endif @@ -11483,7 +11483,7 @@ diff -up openssl-1.1.0e/include/openssl/dh.h.fips openssl-1.1.0e/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -@@ -308,6 +309,9 @@ int ERR_load_DH_strings(void); +@@ -325,6 +326,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 # define DH_F_DH_CMS_SET_SHARED_INFO 116 @@ -11493,7 +11493,7 @@ diff -up openssl-1.1.0e/include/openssl/dh.h.fips openssl-1.1.0e/include/openssl # define DH_F_DH_METH_DUP 117 # define DH_F_DH_METH_NEW 118 # define DH_F_DH_METH_SET1_NAME 119 -@@ -329,10 +333,12 @@ int ERR_load_DH_strings(void); +@@ -346,10 +350,12 @@ int ERR_load_DH_strings(void); # define DH_R_DECODE_ERROR 104 # define DH_R_INVALID_PUBKEY 102 # define DH_R_KDF_PARAMETER_ERROR 112 @@ -11506,9 +11506,9 @@ diff -up openssl-1.1.0e/include/openssl/dh.h.fips openssl-1.1.0e/include/openssl # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.0e/include/openssl/dsa.h.fips openssl-1.1.0e/include/openssl/dsa.h ---- openssl-1.1.0e/include/openssl/dsa.h.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/dsa.h 2017-02-16 15:42:44.987363084 +0100 +diff -up openssl-1.1.0f/include/openssl/dsa.h.fips openssl-1.1.0f/include/openssl/dsa.h +--- openssl-1.1.0f/include/openssl/dsa.h.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/dsa.h 2017-06-02 14:14:25.471421461 +0200 @@ -36,6 +36,7 @@ extern "C" { # endif @@ -11554,9 +11554,9 @@ diff -up openssl-1.1.0e/include/openssl/dsa.h.fips openssl-1.1.0e/include/openss # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.0e/include/openssl/evp.h.fips openssl-1.1.0e/include/openssl/evp.h ---- openssl-1.1.0e/include/openssl/evp.h.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/evp.h 2017-02-16 15:42:44.988363108 +0100 +diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openssl/evp.h +--- openssl-1.1.0f/include/openssl/evp.h.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/evp.h 2017-06-02 14:14:25.471421461 +0200 @@ -1458,6 +1458,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 @@ -11581,9 +11581,9 @@ diff -up openssl-1.1.0e/include/openssl/evp.h.fips openssl-1.1.0e/include/openss # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.0e/include/openssl/fips.h.fips openssl-1.1.0e/include/openssl/fips.h ---- openssl-1.1.0e/include/openssl/fips.h.fips 2017-02-16 15:42:44.988363108 +0100 -+++ openssl-1.1.0e/include/openssl/fips.h 2017-02-16 15:42:44.988363108 +0100 +diff -up openssl-1.1.0f/include/openssl/fips.h.fips openssl-1.1.0f/include/openssl/fips.h +--- openssl-1.1.0f/include/openssl/fips.h.fips 2017-06-02 14:14:25.471421461 +0200 ++++ openssl-1.1.0f/include/openssl/fips.h 2017-06-02 14:14:25.471421461 +0200 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11771,9 +11771,9 @@ diff -up openssl-1.1.0e/include/openssl/fips.h.fips openssl-1.1.0e/include/opens +} +# endif +#endif -diff -up openssl-1.1.0e/include/openssl/fips_rand.h.fips openssl-1.1.0e/include/openssl/fips_rand.h ---- openssl-1.1.0e/include/openssl/fips_rand.h.fips 2017-02-16 15:42:44.988363108 +0100 -+++ openssl-1.1.0e/include/openssl/fips_rand.h 2017-02-16 15:42:44.988363108 +0100 +diff -up openssl-1.1.0f/include/openssl/fips_rand.h.fips openssl-1.1.0f/include/openssl/fips_rand.h +--- openssl-1.1.0f/include/openssl/fips_rand.h.fips 2017-06-02 14:14:25.471421461 +0200 ++++ openssl-1.1.0f/include/openssl/fips_rand.h 2017-06-02 14:14:25.471421461 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11920,9 +11920,9 @@ diff -up openssl-1.1.0e/include/openssl/fips_rand.h.fips openssl-1.1.0e/include/ +# endif +# endif +#endif -diff -up openssl-1.1.0e/include/openssl/opensslconf.h.in.fips openssl-1.1.0e/include/openssl/opensslconf.h.in ---- openssl-1.1.0e/include/openssl/opensslconf.h.in.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/opensslconf.h.in 2017-02-16 15:42:44.988363108 +0100 +diff -up openssl-1.1.0f/include/openssl/opensslconf.h.in.fips openssl-1.1.0f/include/openssl/opensslconf.h.in +--- openssl-1.1.0f/include/openssl/opensslconf.h.in.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/opensslconf.h.in 2017-06-02 14:14:25.472421484 +0200 @@ -136,6 +136,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11935,9 +11935,9 @@ diff -up openssl-1.1.0e/include/openssl/opensslconf.h.in.fips openssl-1.1.0e/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.0e/include/openssl/rand.h.fips openssl-1.1.0e/include/openssl/rand.h ---- openssl-1.1.0e/include/openssl/rand.h.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/rand.h 2017-02-16 15:42:44.988363108 +0100 +diff -up openssl-1.1.0f/include/openssl/rand.h.fips openssl-1.1.0f/include/openssl/rand.h +--- openssl-1.1.0f/include/openssl/rand.h.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/rand.h 2017-06-02 14:14:25.472421484 +0200 @@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) #endif @@ -11962,9 +11962,9 @@ diff -up openssl-1.1.0e/include/openssl/rand.h.fips openssl-1.1.0e/include/opens # define RAND_R_PRNG_NOT_SEEDED 100 # ifdef __cplusplus -diff -up openssl-1.1.0e/include/openssl/rsa.h.fips openssl-1.1.0e/include/openssl/rsa.h ---- openssl-1.1.0e/include/openssl/rsa.h.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/rsa.h 2017-02-16 15:42:44.988363108 +0100 +diff -up openssl-1.1.0f/include/openssl/rsa.h.fips openssl-1.1.0f/include/openssl/rsa.h +--- openssl-1.1.0f/include/openssl/rsa.h.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/include/openssl/rsa.h 2017-06-02 14:14:25.472421484 +0200 @@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); /* Function codes. */ # define RSA_F_CHECK_PADDING_MD 140 @@ -12009,9 +12009,9 @@ diff -up openssl-1.1.0e/include/openssl/rsa.h.fips openssl-1.1.0e/include/openss # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.1.0e/ssl/ssl_ciph.c.fips openssl-1.1.0e/ssl/ssl_ciph.c ---- openssl-1.1.0e/ssl/ssl_ciph.c.fips 2017-02-16 15:42:44.973362753 +0100 -+++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 15:42:44.989363131 +0100 +diff -up openssl-1.1.0f/ssl/ssl_ciph.c.fips openssl-1.1.0f/ssl/ssl_ciph.c +--- openssl-1.1.0f/ssl/ssl_ciph.c.fips 2017-06-02 14:14:25.456421107 +0200 ++++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-06-02 14:14:25.472421484 +0200 @@ -404,7 +404,8 @@ void ssl_load_ciphers(void) } } @@ -12031,9 +12031,9 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.fips openssl-1.1.0e/ssl/ssl_ciph.c continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || -diff -up openssl-1.1.0e/ssl/ssl_init.c.fips openssl-1.1.0e/ssl/ssl_init.c ---- openssl-1.1.0e/ssl/ssl_init.c.fips 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/ssl/ssl_init.c 2017-02-16 15:42:44.989363131 +0100 +diff -up openssl-1.1.0f/ssl/ssl_init.c.fips openssl-1.1.0f/ssl/ssl_init.c +--- openssl-1.1.0f/ssl/ssl_init.c.fips 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/ssl/ssl_init.c 2017-06-02 14:14:25.472421484 +0200 @@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -12077,9 +12077,9 @@ diff -up openssl-1.1.0e/ssl/ssl_init.c.fips openssl-1.1.0e/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.0e/ssl/ssl_lib.c.fips openssl-1.1.0e/ssl/ssl_lib.c ---- openssl-1.1.0e/ssl/ssl_lib.c.fips 2017-02-16 15:42:44.973362753 +0100 -+++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 15:42:44.989363131 +0100 +diff -up openssl-1.1.0f/ssl/ssl_lib.c.fips openssl-1.1.0f/ssl/ssl_lib.c +--- openssl-1.1.0f/ssl/ssl_lib.c.fips 2017-06-02 14:14:25.456421107 +0200 ++++ openssl-1.1.0f/ssl/ssl_lib.c 2017-06-02 14:14:25.473421508 +0200 @@ -2413,13 +2413,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -12105,9 +12105,9 @@ diff -up openssl-1.1.0e/ssl/ssl_lib.c.fips openssl-1.1.0e/ssl/ssl_lib.c } if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.0e/test/dsatest.c.fips openssl-1.1.0e/test/dsatest.c ---- openssl-1.1.0e/test/dsatest.c.fips 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/test/dsatest.c 2017-02-16 15:42:44.989363131 +0100 +diff -up openssl-1.1.0f/test/dsatest.c.fips openssl-1.1.0f/test/dsatest.c +--- openssl-1.1.0f/test/dsatest.c.fips 2017-05-25 14:46:21.000000000 +0200 ++++ openssl-1.1.0f/test/dsatest.c 2017-06-02 14:14:25.473421508 +0200 @@ -32,41 +32,42 @@ int main(int argc, char *argv[]) static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -12196,10 +12196,10 @@ diff -up openssl-1.1.0e/test/dsatest.c.fips openssl-1.1.0e/test/dsatest.c goto end; } if (h != 2) { -diff -up openssl-1.1.0e/util/mkdef.pl.fips openssl-1.1.0e/util/mkdef.pl ---- openssl-1.1.0e/util/mkdef.pl.fips 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/util/mkdef.pl 2017-02-16 15:42:44.989363131 +0100 -@@ -307,6 +307,8 @@ $crypto.=" include/openssl/modes.h"; +diff -up openssl-1.1.0f/util/mkdef.pl.fips openssl-1.1.0f/util/mkdef.pl +--- openssl-1.1.0f/util/mkdef.pl.fips 2017-05-25 14:46:21.000000000 +0200 ++++ openssl-1.1.0f/util/mkdef.pl 2017-06-02 14:14:25.473421508 +0200 +@@ -298,6 +298,8 @@ $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; $crypto.=" include/openssl/ct.h"; $crypto.=" include/openssl/kdf.h"; diff --git a/openssl.spec b/openssl.spec index 4f2d57d..bd6fc44 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.0e +Version: 1.1.0f Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source @@ -70,6 +70,7 @@ BuildRequires: lksctp-tools-devel BuildRequires: /usr/bin/rename BuildRequires: /usr/bin/pod2man BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) +BuildRequires: perl(Module::Load::Conditional) Requires: coreutils, make Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -236,7 +237,7 @@ RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY" --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ - no-mdc2 no-ec2m no-gost no-srp \ + no-mdc2 no-ec2m \ shared ${sslarch} $RPM_OPT_FLAGS util/mkdef.pl crypto update @@ -427,6 +428,11 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Fri Jun 2 2017 Tomáš Mráz 1.1.0f-1 +- update to upstream version 1.1.0f +- SRP and GOST is now allowed, note that GOST support requires + adding GOST engine which is not part of openssl anymore + * Thu Feb 16 2017 Tomáš Mráz 1.1.0e-1 - update to upstream version 1.1.0e - add documentation of the PROFILE=SYSTEM special cipher string (#1420232) diff --git a/sources b/sources index bbc4696..7406ba3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.0e-hobbled.tar.xz) = 7db753907c211427ed494d92915c255d05faf9b47f22febfffbfe2be602777b6b82d7c71793003c2ebbbf7f67708c80a72aacde2582501ae63761b1090523974 +SHA512 (openssl-1.1.0f-hobbled.tar.xz) = 4357ec7e2bebbf26e6f218bd4dbb7b1b836af16007a7e5f70e552409036de4dc080365cf0647c30e246c4f2ab3b521cf4b4941e2c4168821aaad049adc4421bb