From 4240ecaa1b74f981176641a70d44666287367896 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 4 Dec 2015 14:13:59 +0100 Subject: [PATCH] minor upstream release 1.0.2e fixing moderate severity security issues - enable fast assembler implementation for NIST P-256 and P-521 elliptic curves (#1164210) - filter out unwanted link options from the .pc files (#1257836) --- .gitignore | 1 + openssl-1.0.2d-amd-sigill.patch | 17 - ...2c-fips.patch => openssl-1.0.2e-fips.patch | 627 +++++++++--------- ...ild.patch => openssl-1.0.2e-rpmbuild.patch | 23 +- ...pad.patch => openssl-1.0.2e-wrap-pad.patch | 72 +- openssl.spec | 26 +- sources | 2 +- 7 files changed, 377 insertions(+), 391 deletions(-) delete mode 100644 openssl-1.0.2d-amd-sigill.patch rename openssl-1.0.2c-fips.patch => openssl-1.0.2e-fips.patch (95%) rename openssl-1.0.2c-rpmbuild.patch => openssl-1.0.2e-rpmbuild.patch (92%) rename openssl-1.0.2a-wrap-pad.patch => openssl-1.0.2e-wrap-pad.patch (88%) diff --git a/.gitignore b/.gitignore index 999c732..d33c783 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.2a-hobbled.tar.xz /openssl-1.0.2c-hobbled.tar.xz /openssl-1.0.2d-hobbled.tar.xz +/openssl-1.0.2e-hobbled.tar.xz diff --git a/openssl-1.0.2d-amd-sigill.patch b/openssl-1.0.2d-amd-sigill.patch deleted file mode 100644 index 91f17d9..0000000 --- a/openssl-1.0.2d-amd-sigill.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl.sigill openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl ---- openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl.sigill 2015-07-09 16:51:25.000000000 +0200 -+++ openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl 2015-11-16 17:43:52.554826505 +0100 -@@ -139,11 +139,8 @@ $code.=<<___ if ($avx>1); - je ${func}_avx2 - ___ - $code.=<<___; -- and \$`1<<30`,%eax # mask "Intel CPU" bit -- and \$`1<<28|1<<9`,%r10d # mask AVX+SSSE3 bits -- or %eax,%r10d -- cmp \$`1<<28|1<<9|1<<30`,%r10d -- je ${func}_avx -+ and \$`1<<28`,%r10d # check for AVX -+ jnz ${func}_avx - ud2 - ___ - } diff --git a/openssl-1.0.2c-fips.patch b/openssl-1.0.2e-fips.patch similarity index 95% rename from openssl-1.0.2c-fips.patch rename to openssl-1.0.2e-fips.patch index b23368d..ae4e13d 100644 --- a/openssl-1.0.2c-fips.patch +++ b/openssl-1.0.2e-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.2c/apps/speed.c.fips openssl-1.0.2c/apps/speed.c ---- openssl-1.0.2c/apps/speed.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/apps/speed.c 2015-06-15 17:29:59.999283776 +0200 +diff -up openssl-1.0.2e/apps/speed.c.fips openssl-1.0.2e/apps/speed.c +--- openssl-1.0.2e/apps/speed.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/apps/speed.c 2015-12-04 13:55:51.956562389 +0100 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -133,10 +133,10 @@ diff -up openssl-1.0.2c/apps/speed.c.fips openssl-1.0.2c/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -diff -up openssl-1.0.2c/Configure.fips openssl-1.0.2c/Configure ---- openssl-1.0.2c/Configure.fips 2015-06-15 17:29:59.982283387 +0200 -+++ openssl-1.0.2c/Configure 2015-06-15 17:29:59.999283776 +0200 -@@ -1057,11 +1057,6 @@ if (defined($disabled{"md5"}) || defined +diff -up openssl-1.0.2e/Configure.fips openssl-1.0.2e/Configure +--- openssl-1.0.2e/Configure.fips 2015-12-04 13:55:51.939561992 +0100 ++++ openssl-1.0.2e/Configure 2015-12-04 13:55:51.956562389 +0100 +@@ -1058,11 +1058,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -148,7 +148,7 @@ diff -up openssl-1.0.2c/Configure.fips openssl-1.0.2c/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1550,7 +1545,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1551,7 +1546,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -156,7 +156,7 @@ diff -up openssl-1.0.2c/Configure.fips openssl-1.0.2c/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1751,9 +1745,12 @@ while () +@@ -1754,9 +1748,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -170,9 +170,9 @@ diff -up openssl-1.0.2c/Configure.fips openssl-1.0.2c/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.2c/crypto/aes/aes_misc.c.fips openssl-1.0.2c/crypto/aes/aes_misc.c ---- openssl-1.0.2c/crypto/aes/aes_misc.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/aes/aes_misc.c 2015-06-15 17:29:59.999283776 +0200 +diff -up openssl-1.0.2e/crypto/aes/aes_misc.c.fips openssl-1.0.2e/crypto/aes/aes_misc.c +--- openssl-1.0.2e/crypto/aes/aes_misc.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/aes/aes_misc.c 2015-12-04 13:55:51.956562389 +0100 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -191,9 +191,9 @@ diff -up openssl-1.0.2c/crypto/aes/aes_misc.c.fips openssl-1.0.2c/crypto/aes/aes -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -diff -up openssl-1.0.2c/crypto/cmac/cmac.c.fips openssl-1.0.2c/crypto/cmac/cmac.c ---- openssl-1.0.2c/crypto/cmac/cmac.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/cmac/cmac.c 2015-06-15 17:29:59.999283776 +0200 +diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac.c +--- openssl-1.0.2e/crypto/cmac/cmac.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/cmac/cmac.c 2015-12-04 13:55:51.957562412 +0100 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -242,9 +242,9 @@ diff -up openssl-1.0.2c/crypto/cmac/cmac.c.fips openssl-1.0.2c/crypto/cmac/cmac. if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -diff -up openssl-1.0.2c/crypto/crypto.h.fips openssl-1.0.2c/crypto/crypto.h ---- openssl-1.0.2c/crypto/crypto.h.fips 2015-06-15 17:29:59.886281188 +0200 -+++ openssl-1.0.2c/crypto/crypto.h 2015-06-15 17:29:59.999283776 +0200 +diff -up openssl-1.0.2e/crypto/crypto.h.fips openssl-1.0.2e/crypto/crypto.h +--- openssl-1.0.2e/crypto/crypto.h.fips 2015-12-04 13:55:51.843559753 +0100 ++++ openssl-1.0.2e/crypto/crypto.h 2015-12-04 13:55:51.957562412 +0100 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -290,9 +290,9 @@ diff -up openssl-1.0.2c/crypto/crypto.h.fips openssl-1.0.2c/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.2c/crypto/des/des.h.fips openssl-1.0.2c/crypto/des/des.h ---- openssl-1.0.2c/crypto/des/des.h.fips 2015-06-15 17:29:59.915281852 +0200 -+++ openssl-1.0.2c/crypto/des/des.h 2015-06-15 17:30:00.000283799 +0200 +diff -up openssl-1.0.2e/crypto/des/des.h.fips openssl-1.0.2e/crypto/des/des.h +--- openssl-1.0.2e/crypto/des/des.h.fips 2015-12-04 13:55:51.871560406 +0100 ++++ openssl-1.0.2e/crypto/des/des.h 2015-12-04 13:55:51.957562412 +0100 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -304,9 +304,9 @@ diff -up openssl-1.0.2c/crypto/des/des.h.fips openssl-1.0.2c/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -diff -up openssl-1.0.2c/crypto/des/set_key.c.fips openssl-1.0.2c/crypto/des/set_key.c ---- openssl-1.0.2c/crypto/des/set_key.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/des/set_key.c 2015-06-15 17:30:00.000283799 +0200 +diff -up openssl-1.0.2e/crypto/des/set_key.c.fips openssl-1.0.2e/crypto/des/set_key.c +--- openssl-1.0.2e/crypto/des/set_key.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/des/set_key.c 2015-12-04 13:55:51.957562412 +0100 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -323,9 +323,9 @@ diff -up openssl-1.0.2c/crypto/des/set_key.c.fips openssl-1.0.2c/crypto/des/set_ { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -diff -up openssl-1.0.2c/crypto/dh/dh_gen.c.fips openssl-1.0.2c/crypto/dh/dh_gen.c ---- openssl-1.0.2c/crypto/dh/dh_gen.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dh/dh_gen.c 2015-06-15 17:30:00.000283799 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh_gen.c.fips openssl-1.0.2e/crypto/dh/dh_gen.c +--- openssl-1.0.2e/crypto/dh/dh_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dh/dh_gen.c 2015-12-04 13:55:51.957562412 +0100 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -356,9 +356,9 @@ diff -up openssl-1.0.2c/crypto/dh/dh_gen.c.fips openssl-1.0.2c/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.0.2c/crypto/dh/dh.h.fips openssl-1.0.2c/crypto/dh/dh.h ---- openssl-1.0.2c/crypto/dh/dh.h.fips 2015-06-15 17:29:59.860280593 +0200 -+++ openssl-1.0.2c/crypto/dh/dh.h 2015-06-15 17:30:00.000283799 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh.h.fips openssl-1.0.2e/crypto/dh/dh.h +--- openssl-1.0.2e/crypto/dh/dh.h.fips 2015-12-04 13:55:51.816559124 +0100 ++++ openssl-1.0.2e/crypto/dh/dh.h 2015-12-04 13:55:51.957562412 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -368,9 +368,9 @@ diff -up openssl-1.0.2c/crypto/dh/dh.h.fips openssl-1.0.2c/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -diff -up openssl-1.0.2c/crypto/dh/dh_key.c.fips openssl-1.0.2c/crypto/dh/dh_key.c ---- openssl-1.0.2c/crypto/dh/dh_key.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dh/dh_key.c 2015-06-15 17:30:00.000283799 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh_key.c.fips openssl-1.0.2e/crypto/dh/dh_key.c +--- openssl-1.0.2e/crypto/dh/dh_key.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dh/dh_key.c 2015-12-04 13:55:51.958562435 +0100 @@ -61,6 +61,9 @@ #include #include @@ -438,9 +438,9 @@ diff -up openssl-1.0.2c/crypto/dh/dh_key.c.fips openssl-1.0.2c/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.0.2c/crypto/dh/dh_lib.c.fips openssl-1.0.2c/crypto/dh/dh_lib.c ---- openssl-1.0.2c/crypto/dh/dh_lib.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dh/dh_lib.c 2015-06-15 17:30:00.000283799 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh_lib.c.fips openssl-1.0.2e/crypto/dh/dh_lib.c +--- openssl-1.0.2e/crypto/dh/dh_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dh/dh_lib.c 2015-12-04 13:55:51.958562435 +0100 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -456,9 +456,9 @@ diff -up openssl-1.0.2c/crypto/dh/dh_lib.c.fips openssl-1.0.2c/crypto/dh/dh_lib. } return default_DH_method; } -diff -up openssl-1.0.2c/crypto/dsa/dsa_err.c.fips openssl-1.0.2c/crypto/dsa/dsa_err.c ---- openssl-1.0.2c/crypto/dsa/dsa_err.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_err.c 2015-06-15 17:30:00.001283822 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_err.c.fips openssl-1.0.2e/crypto/dsa/dsa_err.c +--- openssl-1.0.2e/crypto/dsa/dsa_err.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_err.c 2015-12-04 13:55:51.958562435 +0100 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -477,9 +477,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_err.c.fips openssl-1.0.2c/crypto/dsa/dsa_ {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_gen.c ---- openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_gen.c 2015-06-15 17:30:00.001283822 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips openssl-1.0.2e/crypto/dsa/dsa_gen.c +--- openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_gen.c 2015-12-04 13:57:39.122061481 +0100 @@ -91,6 +91,16 @@ # include # endif @@ -497,7 +497,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, -@@ -106,13 +116,6 @@ int DSA_generate_parameters_ex(DSA *ret, +@@ -106,97 +116,165 @@ int DSA_generate_parameters_ex(DSA *ret, if (ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); @@ -509,10 +509,8 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ - } -# endif else { - const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; -@@ -126,80 +129,156 @@ int DSA_generate_parameters_ex(DSA *ret, - } + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, NULL, counter_ret, @@ -640,10 +638,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ - if (evpmd == NULL) - /* use SHA1 as default */ -- evpmd = EVP_sha1(); + if (evpmd == NULL) { + if (qbits <= 160) -+ evpmd = EVP_sha1(); + evpmd = EVP_sha1(); + else if (qbits <= 224) + evpmd = EVP_sha224(); + else @@ -668,13 +665,14 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ - if (seed_in != NULL) - memcpy(seed, seed_in, seed_len); - -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- - BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); - g = BN_CTX_get(ctx); W = BN_CTX_get(ctx); @@ -693,7 +691,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ + n = (bits + qbits - 1) / qbits - 1; + /* step 4 b = bits - 1 - n * qbits */ + b = bits - 1 - n * qbits; -+ ++ for (;;) { for (;;) { /* find q */ int seed_is_random; @@ -703,7 +701,12 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ if (!BN_GENCB_call(cb, 0, m++)) goto err; -@@ -213,29 +292,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ +- if (!seed_len || !seed_in) { ++ if (!seed_len) { + if (RAND_pseudo_bytes(seed, qsize) < 0) + goto err; + seed_is_random = 1; +@@ -206,29 +284,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ * be bad */ } memcpy(buf, seed, qsize); @@ -736,7 +739,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); if (r > 0) -@@ -243,8 +311,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -236,8 +303,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (r != 0) goto err; @@ -745,7 +748,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ } if (!BN_GENCB_call(cb, 2, 0)) -@@ -252,19 +318,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -245,19 +310,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 3, 0)) goto err; @@ -768,7 +771,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ for (k = 0; k <= n; k++) { /* * obtain "SEED + offset + k" by incrementing: -@@ -278,36 +341,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -271,36 +333,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) goto err; @@ -814,7 +817,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); if (r > 0) goto end; /* found it */ -@@ -315,12 +379,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -308,12 +371,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ goto err; } @@ -830,7 +833,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ break; } } -@@ -328,7 +392,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -321,7 +384,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 2, 1)) goto err; @@ -865,7 +868,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ /* Set r0=(p-1)/q */ if (!BN_sub(test, p, BN_value_one())) goto err; -@@ -357,46 +447,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -350,46 +439,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ ok = 1; err: if (ok) { @@ -912,7 +915,7 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ /* * This is a parameter generation algorithm for the DSA2 algorithm as * described in FIPS 186-3. -@@ -422,14 +480,6 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -415,14 +472,6 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX mctx; unsigned int h = 2; @@ -927,9 +930,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_gen.c.fips openssl-1.0.2c/crypto/dsa/dsa_ EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -diff -up openssl-1.0.2c/crypto/dsa/dsa.h.fips openssl-1.0.2c/crypto/dsa/dsa.h ---- openssl-1.0.2c/crypto/dsa/dsa.h.fips 2015-06-15 17:29:59.784278853 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa.h 2015-06-15 17:30:00.001283822 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa.h.fips openssl-1.0.2e/crypto/dsa/dsa.h +--- openssl-1.0.2e/crypto/dsa/dsa.h.fips 2015-12-04 13:55:51.740557351 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa.h 2015-12-04 13:55:51.958562435 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -997,9 +1000,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa.h.fips openssl-1.0.2c/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -diff -up openssl-1.0.2c/crypto/dsa/dsa_key.c.fips openssl-1.0.2c/crypto/dsa/dsa_key.c ---- openssl-1.0.2c/crypto/dsa/dsa_key.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_key.c 2015-06-15 17:30:00.001283822 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_key.c.fips openssl-1.0.2e/crypto/dsa/dsa_key.c +--- openssl-1.0.2e/crypto/dsa/dsa_key.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_key.c 2015-12-04 13:55:51.958562435 +0100 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1075,9 +1078,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_key.c.fips openssl-1.0.2c/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.0.2c/crypto/dsa/dsa_lib.c.fips openssl-1.0.2c/crypto/dsa/dsa_lib.c ---- openssl-1.0.2c/crypto/dsa/dsa_lib.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_lib.c 2015-06-15 17:30:00.001283822 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips openssl-1.0.2e/crypto/dsa/dsa_lib.c +--- openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_lib.c 2015-12-04 13:55:51.959562458 +0100 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1093,9 +1096,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_lib.c.fips openssl-1.0.2c/crypto/dsa/dsa_ } return default_DSA_method; } -diff -up openssl-1.0.2c/crypto/dsa/dsa_locl.h.fips openssl-1.0.2c/crypto/dsa/dsa_locl.h ---- openssl-1.0.2c/crypto/dsa/dsa_locl.h.fips 2015-06-15 17:29:59.786278898 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_locl.h 2015-06-15 17:30:00.002283845 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips openssl-1.0.2e/crypto/dsa/dsa_locl.h +--- openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips 2015-12-04 13:55:51.742557398 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_locl.h 2015-12-04 13:55:51.959562458 +0100 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1105,9 +1108,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_locl.h.fips openssl-1.0.2c/crypto/dsa/dsa int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -diff -up openssl-1.0.2c/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2c/crypto/dsa/dsa_ossl.c ---- openssl-1.0.2c/crypto/dsa/dsa_ossl.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_ossl.c 2015-06-15 17:30:00.002283845 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2e/crypto/dsa/dsa_ossl.c +--- openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_ossl.c 2015-12-04 13:55:51.959562458 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1176,9 +1179,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2c/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.0.2c/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2c/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.2c/crypto/dsa/dsa_pmeth.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_pmeth.c 2015-06-15 17:30:00.002283845 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2e/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_pmeth.c 2015-12-04 13:55:51.959562458 +0100 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1188,9 +1191,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2c/crypto/dsa/ds if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -diff -up openssl-1.0.2c/crypto/dsa/dsatest.c.fips openssl-1.0.2c/crypto/dsa/dsatest.c ---- openssl-1.0.2c/crypto/dsa/dsatest.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsatest.c 2015-06-15 17:30:00.002283845 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsatest.c.fips openssl-1.0.2e/crypto/dsa/dsatest.c +--- openssl-1.0.2e/crypto/dsa/dsatest.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsatest.c 2015-12-04 13:55:51.959562458 +0100 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1274,9 +1277,9 @@ diff -up openssl-1.0.2c/crypto/dsa/dsatest.c.fips openssl-1.0.2c/crypto/dsa/dsat goto end; } if (h != 2) { -diff -up openssl-1.0.2c/crypto/engine/eng_all.c.fips openssl-1.0.2c/crypto/engine/eng_all.c ---- openssl-1.0.2c/crypto/engine/eng_all.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/engine/eng_all.c 2015-06-15 17:30:00.002283845 +0200 +diff -up openssl-1.0.2e/crypto/engine/eng_all.c.fips openssl-1.0.2e/crypto/engine/eng_all.c +--- openssl-1.0.2e/crypto/engine/eng_all.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/engine/eng_all.c 2015-12-04 13:55:51.959562458 +0100 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1303,9 +1306,9 @@ diff -up openssl-1.0.2c/crypto/engine/eng_all.c.fips openssl-1.0.2c/crypto/engin #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -diff -up openssl-1.0.2c/crypto/evp/c_allc.c.fips openssl-1.0.2c/crypto/evp/c_allc.c ---- openssl-1.0.2c/crypto/evp/c_allc.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/c_allc.c 2015-06-15 17:30:00.002283845 +0200 +diff -up openssl-1.0.2e/crypto/evp/c_allc.c.fips openssl-1.0.2e/crypto/evp/c_allc.c +--- openssl-1.0.2e/crypto/evp/c_allc.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:55:51.959562458 +0100 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1382,9 +1385,9 @@ diff -up openssl-1.0.2c/crypto/evp/c_allc.c.fips openssl-1.0.2c/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.2c/crypto/evp/c_alld.c.fips openssl-1.0.2c/crypto/evp/c_alld.c ---- openssl-1.0.2c/crypto/evp/c_alld.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/c_alld.c 2015-06-15 17:30:00.003283868 +0200 +diff -up openssl-1.0.2e/crypto/evp/c_alld.c.fips openssl-1.0.2e/crypto/evp/c_alld.c +--- openssl-1.0.2e/crypto/evp/c_alld.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/c_alld.c 2015-12-04 13:55:51.960562482 +0100 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1490,9 +1493,9 @@ diff -up openssl-1.0.2c/crypto/evp/c_alld.c.fips openssl-1.0.2c/crypto/evp/c_all + } #endif } -diff -up openssl-1.0.2c/crypto/evp/digest.c.fips openssl-1.0.2c/crypto/evp/digest.c ---- openssl-1.0.2c/crypto/evp/digest.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/digest.c 2015-06-15 17:30:00.003283868 +0200 +diff -up openssl-1.0.2e/crypto/evp/digest.c.fips openssl-1.0.2e/crypto/evp/digest.c +--- openssl-1.0.2e/crypto/evp/digest.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/digest.c 2015-12-04 13:55:51.960562482 +0100 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1651,9 +1654,9 @@ diff -up openssl-1.0.2c/crypto/evp/digest.c.fips openssl-1.0.2c/crypto/evp/diges memset(ctx, '\0', sizeof *ctx); return 1; -diff -up openssl-1.0.2c/crypto/evp/e_aes.c.fips openssl-1.0.2c/crypto/evp/e_aes.c ---- openssl-1.0.2c/crypto/evp/e_aes.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/e_aes.c 2015-06-15 17:30:00.003283868 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_aes.c.fips openssl-1.0.2e/crypto/evp/e_aes.c +--- openssl-1.0.2e/crypto/evp/e_aes.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:55:51.960562482 +0100 @@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1691,9 +1694,9 @@ diff -up openssl-1.0.2c/crypto/evp/e_aes.c.fips openssl-1.0.2c/crypto/evp/e_aes. if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -diff -up openssl-1.0.2c/crypto/evp/e_des3.c.fips openssl-1.0.2c/crypto/evp/e_des3.c ---- openssl-1.0.2c/crypto/evp/e_des3.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/e_des3.c 2015-06-15 17:30:00.003283868 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_des3.c.fips openssl-1.0.2e/crypto/evp/e_des3.c +--- openssl-1.0.2e/crypto/evp/e_des3.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:55:51.960562482 +0100 @@ -65,10 +65,6 @@ # include # include @@ -1705,9 +1708,9 @@ diff -up openssl-1.0.2c/crypto/evp/e_des3.c.fips openssl-1.0.2c/crypto/evp/e_des typedef struct { union { double align; -diff -up openssl-1.0.2c/crypto/evp/e_null.c.fips openssl-1.0.2c/crypto/evp/e_null.c ---- openssl-1.0.2c/crypto/evp/e_null.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/e_null.c 2015-06-15 17:30:00.003283868 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_null.c.fips openssl-1.0.2e/crypto/evp/e_null.c +--- openssl-1.0.2e/crypto/evp/e_null.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/e_null.c 2015-12-04 13:55:51.960562482 +0100 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1717,9 +1720,9 @@ diff -up openssl-1.0.2c/crypto/evp/e_null.c.fips openssl-1.0.2c/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.0.2c/crypto/evp/evp_enc.c.fips openssl-1.0.2c/crypto/evp/evp_enc.c ---- openssl-1.0.2c/crypto/evp/evp_enc.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/evp_enc.c 2015-06-15 17:30:00.004283891 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp_enc.c.fips openssl-1.0.2e/crypto/evp/evp_enc.c +--- openssl-1.0.2e/crypto/evp/evp_enc.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/evp_enc.c 2015-12-04 13:55:51.961562505 +0100 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1887,9 +1890,9 @@ diff -up openssl-1.0.2c/crypto/evp/evp_enc.c.fips openssl-1.0.2c/crypto/evp/evp_ memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -diff -up openssl-1.0.2c/crypto/evp/evp.h.fips openssl-1.0.2c/crypto/evp/evp.h ---- openssl-1.0.2c/crypto/evp/evp.h.fips 2015-06-15 17:29:59.898281463 +0200 -+++ openssl-1.0.2c/crypto/evp/evp.h 2015-06-15 17:30:00.004283891 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp.h.fips openssl-1.0.2e/crypto/evp/evp.h +--- openssl-1.0.2e/crypto/evp/evp.h.fips 2015-12-04 13:55:51.855560033 +0100 ++++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:55:51.961562505 +0100 @@ -122,6 +122,10 @@ extern "C" { #endif @@ -1943,9 +1946,9 @@ diff -up openssl-1.0.2c/crypto/evp/evp.h.fips openssl-1.0.2c/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -diff -up openssl-1.0.2c/crypto/evp/evp_lib.c.fips openssl-1.0.2c/crypto/evp/evp_lib.c ---- openssl-1.0.2c/crypto/evp/evp_lib.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/evp_lib.c 2015-06-15 17:30:00.004283891 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp_lib.c.fips openssl-1.0.2e/crypto/evp/evp_lib.c +--- openssl-1.0.2e/crypto/evp/evp_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/evp_lib.c 2015-12-04 13:55:51.961562505 +0100 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -1957,7 +1960,7 @@ diff -up openssl-1.0.2c/crypto/evp/evp_lib.c.fips openssl-1.0.2c/crypto/evp/evp_ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { -@@ -200,6 +196,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ +@@ -224,6 +220,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -1967,7 +1970,7 @@ diff -up openssl-1.0.2c/crypto/evp/evp_lib.c.fips openssl-1.0.2c/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -@@ -210,22 +209,12 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher( +@@ -234,22 +233,12 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher( unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { @@ -1990,7 +1993,7 @@ diff -up openssl-1.0.2c/crypto/evp/evp_lib.c.fips openssl-1.0.2c/crypto/evp/evp_ } void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -@@ -292,40 +281,8 @@ int EVP_MD_size(const EVP_MD *md) +@@ -316,40 +305,8 @@ int EVP_MD_size(const EVP_MD *md) return md->md_size; } @@ -2031,9 +2034,9 @@ diff -up openssl-1.0.2c/crypto/evp/evp_lib.c.fips openssl-1.0.2c/crypto/evp/evp_ return md->flags; } -diff -up openssl-1.0.2c/crypto/evp/evp_locl.h.fips openssl-1.0.2c/crypto/evp/evp_locl.h ---- openssl-1.0.2c/crypto/evp/evp_locl.h.fips 2015-06-15 17:29:59.895281394 +0200 -+++ openssl-1.0.2c/crypto/evp/evp_locl.h 2015-06-15 17:30:00.004283891 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp_locl.h.fips openssl-1.0.2e/crypto/evp/evp_locl.h +--- openssl-1.0.2e/crypto/evp/evp_locl.h.fips 2015-12-04 13:55:51.851559940 +0100 ++++ openssl-1.0.2e/crypto/evp/evp_locl.h 2015-12-04 13:55:51.961562505 +0100 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2067,9 +2070,9 @@ diff -up openssl-1.0.2c/crypto/evp/evp_locl.h.fips openssl-1.0.2c/crypto/evp/evp # define Camellia_set_key private_Camellia_set_key #endif -diff -up openssl-1.0.2c/crypto/evp/m_dss.c.fips openssl-1.0.2c/crypto/evp/m_dss.c ---- openssl-1.0.2c/crypto/evp/m_dss.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/m_dss.c 2015-06-15 17:30:00.004283891 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_dss.c.fips openssl-1.0.2e/crypto/evp/m_dss.c +--- openssl-1.0.2e/crypto/evp/m_dss.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_dss.c 2015-12-04 13:55:51.961562505 +0100 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2079,9 +2082,9 @@ diff -up openssl-1.0.2c/crypto/evp/m_dss.c.fips openssl-1.0.2c/crypto/evp/m_dss. init, update, final, -diff -up openssl-1.0.2c/crypto/evp/m_dss1.c.fips openssl-1.0.2c/crypto/evp/m_dss1.c ---- openssl-1.0.2c/crypto/evp/m_dss1.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/m_dss1.c 2015-06-15 17:30:00.004283891 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_dss1.c.fips openssl-1.0.2e/crypto/evp/m_dss1.c +--- openssl-1.0.2e/crypto/evp/m_dss1.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_dss1.c 2015-12-04 13:55:51.961562505 +0100 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2091,9 +2094,9 @@ diff -up openssl-1.0.2c/crypto/evp/m_dss1.c.fips openssl-1.0.2c/crypto/evp/m_dss init, update, final, -diff -up openssl-1.0.2c/crypto/evp/m_md2.c.fips openssl-1.0.2c/crypto/evp/m_md2.c ---- openssl-1.0.2c/crypto/evp/m_md2.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/m_md2.c 2015-06-15 17:30:00.005283913 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_md2.c.fips openssl-1.0.2e/crypto/evp/m_md2.c +--- openssl-1.0.2e/crypto/evp/m_md2.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_md2.c 2015-12-04 13:55:51.962562529 +0100 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2102,9 +2105,9 @@ diff -up openssl-1.0.2c/crypto/evp/m_md2.c.fips openssl-1.0.2c/crypto/evp/m_md2. static int init(EVP_MD_CTX *ctx) { -diff -up openssl-1.0.2c/crypto/evp/m_sha1.c.fips openssl-1.0.2c/crypto/evp/m_sha1.c ---- openssl-1.0.2c/crypto/evp/m_sha1.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/m_sha1.c 2015-06-15 17:30:00.005283913 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_sha1.c.fips openssl-1.0.2e/crypto/evp/m_sha1.c +--- openssl-1.0.2e/crypto/evp/m_sha1.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_sha1.c 2015-12-04 13:55:51.962562529 +0100 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2155,9 +2158,9 @@ diff -up openssl-1.0.2c/crypto/evp/m_sha1.c.fips openssl-1.0.2c/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.0.2c/crypto/evp/p_sign.c.fips openssl-1.0.2c/crypto/evp/p_sign.c ---- openssl-1.0.2c/crypto/evp/p_sign.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/p_sign.c 2015-06-15 17:30:00.005283913 +0200 +diff -up openssl-1.0.2e/crypto/evp/p_sign.c.fips openssl-1.0.2e/crypto/evp/p_sign.c +--- openssl-1.0.2e/crypto/evp/p_sign.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/p_sign.c 2015-12-04 13:55:51.962562529 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2189,9 +2192,9 @@ diff -up openssl-1.0.2c/crypto/evp/p_sign.c.fips openssl-1.0.2c/crypto/evp/p_sig if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.2c/crypto/evp/p_verify.c.fips openssl-1.0.2c/crypto/evp/p_verify.c ---- openssl-1.0.2c/crypto/evp/p_verify.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/p_verify.c 2015-06-15 17:30:00.005283913 +0200 +diff -up openssl-1.0.2e/crypto/evp/p_verify.c.fips openssl-1.0.2e/crypto/evp/p_verify.c +--- openssl-1.0.2e/crypto/evp/p_verify.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/p_verify.c 2015-12-04 13:55:51.962562529 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2223,9 +2226,9 @@ diff -up openssl-1.0.2c/crypto/evp/p_verify.c.fips openssl-1.0.2c/crypto/evp/p_v i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.2c/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_aes_selftest.c.fips 2015-06-15 17:30:00.005283913 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_aes_selftest.c 2015-06-15 17:30:00.005283913 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips 2015-12-04 13:55:51.962562529 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_aes_selftest.c 2015-12-04 13:55:51.962562529 +0100 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2592,9 +2595,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2c/cryp +} + +#endif -diff -up openssl-1.0.2c/crypto/fips/fips.c.fips openssl-1.0.2c/crypto/fips/fips.c ---- openssl-1.0.2c/crypto/fips/fips.c.fips 2015-06-15 17:30:00.006283936 +0200 -+++ openssl-1.0.2c/crypto/fips/fips.c 2015-06-15 17:30:00.006283936 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips.c.fips openssl-1.0.2e/crypto/fips/fips.c +--- openssl-1.0.2e/crypto/fips/fips.c.fips 2015-12-04 13:55:51.962562529 +0100 ++++ openssl-1.0.2e/crypto/fips/fips.c 2015-12-04 13:55:51.962562529 +0100 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3079,9 +3082,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips.c.fips openssl-1.0.2c/crypto/fips/fips. +# endif + +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c.fips 2015-06-15 17:30:00.006283936 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c 2015-06-15 17:30:00.006283936 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3239,9 +3242,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2c/cry + return rv; +} +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_des_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_des_selftest.c.fips 2015-06-15 17:30:00.006283936 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_des_selftest.c 2015-06-15 17:30:00.006283936 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_des_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_des_selftest.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3381,9 +3384,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2c/cryp + return ret; +} +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c ---- openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c.fips 2015-06-15 17:30:00.006283936 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c 2015-06-15 17:30:00.006283936 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3800,9 +3803,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2c/crypto/f + + return 1; +} -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2c/crypto/fips/fips_drbg_hash.c ---- openssl-1.0.2c/crypto/fips/fips_drbg_hash.c.fips 2015-06-15 17:30:00.006283936 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_hash.c 2015-06-15 17:30:00.006283936 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_hash.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_hash.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4162,9 +4165,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2c/crypto/ + + return 1; +} -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c ---- openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c.fips 2015-06-15 17:30:00.006283936 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c 2015-06-15 17:30:00.006283936 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4436,9 +4439,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2c/crypto/ + + return 1; +} -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2c/crypto/fips/fips_drbg_lib.c ---- openssl-1.0.2c/crypto/fips/fips_drbg_lib.c.fips 2015-06-15 17:30:00.007283959 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_lib.c 2015-06-15 17:30:00.007283959 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_lib.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips 2015-12-04 13:55:51.964562575 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_lib.c 2015-12-04 13:55:51.964562575 +0100 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4993,9 +4996,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2c/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2c/crypto/fips/fips_drbg_rand.c ---- openssl-1.0.2c/crypto/fips/fips_drbg_rand.c.fips 2015-06-15 17:30:00.007283959 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_rand.c 2015-06-15 17:30:00.007283959 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_rand.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips 2015-12-04 13:55:51.964562575 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_rand.c 2015-12-04 13:55:51.964562575 +0100 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5163,9 +5166,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2c/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c.fips 2015-06-15 17:30:00.007283959 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c 2015-06-15 17:30:00.007283959 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips 2015-12-04 13:55:51.964562575 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c 2015-12-04 13:55:51.964562575 +0100 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5994,9 +5997,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2c/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h ---- openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h.fips 2015-06-15 17:30:00.008283982 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h 2015-06-15 17:30:00.008283982 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h +--- openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips 2015-12-04 13:55:51.965562598 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h 2015-12-04 13:55:51.965562598 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7789,9 +7792,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2c/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c.fips 2015-06-15 17:30:00.008283982 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c 2015-06-15 17:30:00.008283982 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips 2015-12-04 13:55:51.965562598 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c 2015-12-04 13:55:51.965562598 +0100 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7985,9 +7988,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2c/cryp + return ret; +} +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_enc.c.fips openssl-1.0.2c/crypto/fips/fips_enc.c ---- openssl-1.0.2c/crypto/fips/fips_enc.c.fips 2015-06-15 17:30:00.009284005 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_enc.c 2015-06-15 17:30:00.009284005 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_enc.c.fips openssl-1.0.2e/crypto/fips/fips_enc.c +--- openssl-1.0.2e/crypto/fips/fips_enc.c.fips 2015-12-04 13:55:51.965562598 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_enc.c 2015-12-04 13:55:51.965562598 +0100 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8178,9 +8181,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_enc.c.fips openssl-1.0.2c/crypto/fips/f + + } +} -diff -up openssl-1.0.2c/crypto/fips/fips.h.fips openssl-1.0.2c/crypto/fips/fips.h ---- openssl-1.0.2c/crypto/fips/fips.h.fips 2015-06-15 17:30:00.009284005 +0200 -+++ openssl-1.0.2c/crypto/fips/fips.h 2015-06-15 17:30:00.009284005 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips.h.fips openssl-1.0.2e/crypto/fips/fips.h +--- openssl-1.0.2e/crypto/fips/fips.h.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips.h 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8460,9 +8463,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips.h.fips openssl-1.0.2c/crypto/fips/fips. +} +# endif +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c.fips 2015-06-15 17:30:00.009284005 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c 2015-06-15 17:30:00.009284005 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8598,9 +8601,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2c/cry + return 1; +} +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_locl.h.fips openssl-1.0.2c/crypto/fips/fips_locl.h ---- openssl-1.0.2c/crypto/fips/fips_locl.h.fips 2015-06-15 17:30:00.009284005 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_locl.h 2015-06-15 17:30:00.009284005 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_locl.h.fips openssl-1.0.2e/crypto/fips/fips_locl.h +--- openssl-1.0.2e/crypto/fips/fips_locl.h.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_locl.h 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8673,9 +8676,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_locl.h.fips openssl-1.0.2c/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_md.c.fips openssl-1.0.2c/crypto/fips/fips_md.c ---- openssl-1.0.2c/crypto/fips/fips_md.c.fips 2015-06-15 17:30:00.009284005 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_md.c 2015-06-15 17:30:00.009284005 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_md.c.fips openssl-1.0.2e/crypto/fips/fips_md.c +--- openssl-1.0.2e/crypto/fips/fips_md.c.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_md.c 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8821,9 +8824,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_md.c.fips openssl-1.0.2c/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.0.2c/crypto/fips/fips_post.c.fips openssl-1.0.2c/crypto/fips/fips_post.c ---- openssl-1.0.2c/crypto/fips/fips_post.c.fips 2015-06-15 17:30:00.009284005 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_post.c 2015-06-15 17:30:00.009284005 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_post.c.fips openssl-1.0.2e/crypto/fips/fips_post.c +--- openssl-1.0.2e/crypto/fips/fips_post.c.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_post.c 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9026,9 +9029,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_post.c.fips openssl-1.0.2c/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_rand.c.fips openssl-1.0.2c/crypto/fips/fips_rand.c ---- openssl-1.0.2c/crypto/fips/fips_rand.c.fips 2015-06-15 17:30:00.010284028 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rand.c 2015-06-15 17:30:00.010284028 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand.c.fips openssl-1.0.2e/crypto/fips/fips_rand.c +--- openssl-1.0.2e/crypto/fips/fips_rand.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9458,9 +9461,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rand.c.fips openssl-1.0.2c/crypto/fips/ +} + +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_rand.h.fips openssl-1.0.2c/crypto/fips/fips_rand.h ---- openssl-1.0.2c/crypto/fips/fips_rand.h.fips 2015-06-15 17:30:00.010284028 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rand.h 2015-06-15 17:30:00.010284028 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand.h.fips openssl-1.0.2e/crypto/fips/fips_rand.h +--- openssl-1.0.2e/crypto/fips/fips_rand.h.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand.h 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9625,9 +9628,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rand.h.fips openssl-1.0.2c/crypto/fips/ +# endif +# endif +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2c/crypto/fips/fips_rand_lcl.h ---- openssl-1.0.2c/crypto/fips/fips_rand_lcl.h.fips 2015-06-15 17:30:00.010284028 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rand_lcl.h 2015-06-15 17:30:00.010284028 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2e/crypto/fips/fips_rand_lcl.h +--- openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand_lcl.h 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9842,9 +9845,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2c/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.0.2c/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2c/crypto/fips/fips_rand_lib.c ---- openssl-1.0.2c/crypto/fips/fips_rand_lib.c.fips 2015-06-15 17:30:00.010284028 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rand_lib.c 2015-06-15 17:30:00.010284028 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2e/crypto/fips/fips_rand_lib.c +--- openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand_lib.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10027,9 +10030,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2c/crypto/f + } + return 0; +} -diff -up openssl-1.0.2c/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_rand_selftest.c.fips 2015-06-15 17:30:00.010284028 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rand_selftest.c 2015-06-15 17:30:00.010284028 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand_selftest.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10207,9 +10210,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2c/cry +} + +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_randtest.c.fips openssl-1.0.2c/crypto/fips/fips_randtest.c ---- openssl-1.0.2c/crypto/fips/fips_randtest.c.fips 2015-06-15 17:30:00.010284028 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_randtest.c 2015-06-15 17:30:00.010284028 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_randtest.c.fips openssl-1.0.2e/crypto/fips/fips_randtest.c +--- openssl-1.0.2e/crypto/fips/fips_randtest.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_randtest.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10458,9 +10461,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_randtest.c.fips openssl-1.0.2c/crypto/f +} + +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c.fips 2015-06-15 17:30:00.011284051 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c 2015-06-15 17:30:00.011284051 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10906,9 +10909,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2c/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c.fips 2015-06-15 17:30:00.011284051 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c 2015-06-15 17:30:00.011284051 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11183,9 +11186,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2c/crypto/ + return 0; + +} -diff -up openssl-1.0.2c/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2c/crypto/fips/fips_sha_selftest.c ---- openssl-1.0.2c/crypto/fips/fips_sha_selftest.c.fips 2015-06-15 17:30:00.011284051 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_sha_selftest.c 2015-06-15 17:30:00.011284051 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_sha_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_sha_selftest.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11332,9 +11335,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2c/cryp +} + +#endif -diff -up openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c ---- openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c.fips 2015-06-15 17:30:00.011284051 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c 2015-06-15 17:30:00.011284051 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c +--- openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11604,9 +11607,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2c/c +#endif + return 0; +} -diff -up openssl-1.0.2c/crypto/fips/fips_test_suite.c.fips openssl-1.0.2c/crypto/fips/fips_test_suite.c ---- openssl-1.0.2c/crypto/fips/fips_test_suite.c.fips 2015-06-15 17:30:00.012284074 +0200 -+++ openssl-1.0.2c/crypto/fips/fips_test_suite.c 2015-06-15 17:30:00.012284074 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips openssl-1.0.2e/crypto/fips/fips_test_suite.c +--- openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_test_suite.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12247,9 +12250,9 @@ diff -up openssl-1.0.2c/crypto/fips/fips_test_suite.c.fips openssl-1.0.2c/crypto +} + +#endif -diff -up openssl-1.0.2c/crypto/fips/Makefile.fips openssl-1.0.2c/crypto/fips/Makefile ---- openssl-1.0.2c/crypto/fips/Makefile.fips 2015-06-15 17:30:00.012284074 +0200 -+++ openssl-1.0.2c/crypto/fips/Makefile 2015-06-15 17:30:00.012284074 +0200 +diff -up openssl-1.0.2e/crypto/fips/Makefile.fips openssl-1.0.2e/crypto/fips/Makefile +--- openssl-1.0.2e/crypto/fips/Makefile.fips 2015-12-04 13:55:51.969562692 +0100 ++++ openssl-1.0.2e/crypto/fips/Makefile 2015-12-04 13:55:51.969562692 +0100 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12592,9 +12595,9 @@ diff -up openssl-1.0.2c/crypto/fips/Makefile.fips openssl-1.0.2c/crypto/fips/Mak +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -diff -up openssl-1.0.2c/crypto/hmac/hmac.c.fips openssl-1.0.2c/crypto/hmac/hmac.c ---- openssl-1.0.2c/crypto/hmac/hmac.c.fips 2015-06-12 16:51:27.000000000 +0200 -+++ openssl-1.0.2c/crypto/hmac/hmac.c 2015-06-15 17:33:11.707682908 +0200 +diff -up openssl-1.0.2e/crypto/hmac/hmac.c.fips openssl-1.0.2e/crypto/hmac/hmac.c +--- openssl-1.0.2e/crypto/hmac/hmac.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/hmac/hmac.c 2015-12-04 13:55:51.969562692 +0100 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12657,9 +12660,9 @@ diff -up openssl-1.0.2c/crypto/hmac/hmac.c.fips openssl-1.0.2c/crypto/hmac/hmac. EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -diff -up openssl-1.0.2c/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2c/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.2c/crypto/mdc2/mdc2dgst.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/mdc2/mdc2dgst.c 2015-06-15 17:30:00.012284074 +0200 +diff -up openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2e/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/mdc2/mdc2dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12669,9 +12672,9 @@ diff -up openssl-1.0.2c/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2c/crypto/mdc2/m { c->num = 0; c->pad_type = 1; -diff -up openssl-1.0.2c/crypto/md2/md2_dgst.c.fips openssl-1.0.2c/crypto/md2/md2_dgst.c ---- openssl-1.0.2c/crypto/md2/md2_dgst.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/md2/md2_dgst.c 2015-06-15 17:30:00.012284074 +0200 +diff -up openssl-1.0.2e/crypto/md2/md2_dgst.c.fips openssl-1.0.2e/crypto/md2/md2_dgst.c +--- openssl-1.0.2e/crypto/md2/md2_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/md2/md2_dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -62,6 +62,11 @@ #include #include @@ -12693,9 +12696,9 @@ diff -up openssl-1.0.2c/crypto/md2/md2_dgst.c.fips openssl-1.0.2c/crypto/md2/md2 { c->num = 0; memset(c->state, 0, sizeof c->state); -diff -up openssl-1.0.2c/crypto/md4/md4_dgst.c.fips openssl-1.0.2c/crypto/md4/md4_dgst.c ---- openssl-1.0.2c/crypto/md4/md4_dgst.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/md4/md4_dgst.c 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/md4/md4_dgst.c.fips openssl-1.0.2e/crypto/md4/md4_dgst.c +--- openssl-1.0.2e/crypto/md4/md4_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/md4/md4_dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12705,9 +12708,9 @@ diff -up openssl-1.0.2c/crypto/md4/md4_dgst.c.fips openssl-1.0.2c/crypto/md4/md4 { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -diff -up openssl-1.0.2c/crypto/md5/md5_dgst.c.fips openssl-1.0.2c/crypto/md5/md5_dgst.c ---- openssl-1.0.2c/crypto/md5/md5_dgst.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/md5/md5_dgst.c 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/md5/md5_dgst.c.fips openssl-1.0.2e/crypto/md5/md5_dgst.c +--- openssl-1.0.2e/crypto/md5/md5_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/md5/md5_dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12717,9 +12720,9 @@ diff -up openssl-1.0.2c/crypto/md5/md5_dgst.c.fips openssl-1.0.2c/crypto/md5/md5 { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -diff -up openssl-1.0.2c/crypto/o_fips.c.fips openssl-1.0.2c/crypto/o_fips.c ---- openssl-1.0.2c/crypto/o_fips.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/o_fips.c 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/o_fips.c.fips openssl-1.0.2e/crypto/o_fips.c +--- openssl-1.0.2e/crypto/o_fips.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/o_fips.c 2015-12-04 13:55:51.970562715 +0100 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12729,9 +12732,9 @@ diff -up openssl-1.0.2c/crypto/o_fips.c.fips openssl-1.0.2c/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -diff -up openssl-1.0.2c/crypto/o_init.c.fips openssl-1.0.2c/crypto/o_init.c ---- openssl-1.0.2c/crypto/o_init.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/o_init.c 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/o_init.c.fips openssl-1.0.2e/crypto/o_init.c +--- openssl-1.0.2e/crypto/o_init.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/o_init.c 2015-12-04 13:55:51.970562715 +0100 @@ -56,8 +56,37 @@ #include #include @@ -12801,9 +12804,9 @@ diff -up openssl-1.0.2c/crypto/o_init.c.fips openssl-1.0.2c/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.0.2c/crypto/opensslconf.h.in.fips openssl-1.0.2c/crypto/opensslconf.h.in ---- openssl-1.0.2c/crypto/opensslconf.h.in.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/opensslconf.h.in 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/opensslconf.h.in.fips openssl-1.0.2e/crypto/opensslconf.h.in +--- openssl-1.0.2e/crypto/opensslconf.h.in.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/opensslconf.h.in 2015-12-04 13:55:51.970562715 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12825,9 +12828,9 @@ diff -up openssl-1.0.2c/crypto/opensslconf.h.in.fips openssl-1.0.2c/crypto/opens /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.2c/crypto/rand/md_rand.c.fips openssl-1.0.2c/crypto/rand/md_rand.c ---- openssl-1.0.2c/crypto/rand/md_rand.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rand/md_rand.c 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/rand/md_rand.c.fips openssl-1.0.2e/crypto/rand/md_rand.c +--- openssl-1.0.2e/crypto/rand/md_rand.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rand/md_rand.c 2015-12-04 13:55:51.970562715 +0100 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12840,9 +12843,9 @@ diff -up openssl-1.0.2c/crypto/rand/md_rand.c.fips openssl-1.0.2c/crypto/rand/md RAND_poll(); initialized = 1; } -diff -up openssl-1.0.2c/crypto/rand/rand.h.fips openssl-1.0.2c/crypto/rand/rand.h ---- openssl-1.0.2c/crypto/rand/rand.h.fips 2015-06-15 17:29:59.773278601 +0200 -+++ openssl-1.0.2c/crypto/rand/rand.h 2015-06-15 17:30:00.013284097 +0200 +diff -up openssl-1.0.2e/crypto/rand/rand.h.fips openssl-1.0.2e/crypto/rand/rand.h +--- openssl-1.0.2e/crypto/rand/rand.h.fips 2015-12-04 13:55:51.729557095 +0100 ++++ openssl-1.0.2e/crypto/rand/rand.h 2015-12-04 13:55:51.970562715 +0100 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12883,9 +12886,9 @@ diff -up openssl-1.0.2c/crypto/rand/rand.h.fips openssl-1.0.2c/crypto/rand/rand. #ifdef __cplusplus } -diff -up openssl-1.0.2c/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2c/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.2c/crypto/ripemd/rmd_dgst.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/ripemd/rmd_dgst.c 2015-06-15 17:30:00.014284119 +0200 +diff -up openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2e/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/ripemd/rmd_dgst.c 2015-12-04 13:55:51.970562715 +0100 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12895,9 +12898,9 @@ diff -up openssl-1.0.2c/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2c/crypto/ripe { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -diff -up openssl-1.0.2c/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2c/crypto/rsa/rsa_crpt.c ---- openssl-1.0.2c/crypto/rsa/rsa_crpt.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_crpt.c 2015-06-15 17:30:00.014284119 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2e/crypto/rsa/rsa_crpt.c +--- openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_crpt.c 2015-12-04 13:55:51.970562715 +0100 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -12924,9 +12927,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2c/crypto/rsa/rsa return -1; } #endif -diff -up openssl-1.0.2c/crypto/rsa/rsa_eay.c.fips openssl-1.0.2c/crypto/rsa/rsa_eay.c ---- openssl-1.0.2c/crypto/rsa/rsa_eay.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_eay.c 2015-06-15 17:30:00.014284119 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips openssl-1.0.2e/crypto/rsa/rsa_eay.c +--- openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_eay.c 2015-12-04 13:55:51.971562738 +0100 @@ -114,6 +114,10 @@ #include #include @@ -13049,9 +13052,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_eay.c.fips openssl-1.0.2c/crypto/rsa/rsa_ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -diff -up openssl-1.0.2c/crypto/rsa/rsa_err.c.fips openssl-1.0.2c/crypto/rsa/rsa_err.c ---- openssl-1.0.2c/crypto/rsa/rsa_err.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_err.c 2015-06-15 17:30:00.014284119 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_err.c.fips openssl-1.0.2e/crypto/rsa/rsa_err.c +--- openssl-1.0.2e/crypto/rsa/rsa_err.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_err.c 2015-12-04 13:55:51.971562738 +0100 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13061,13 +13064,15 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_err.c.fips openssl-1.0.2c/crypto/rsa/rsa_ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -diff -up openssl-1.0.2c/crypto/rsa/rsa_gen.c.fips openssl-1.0.2c/crypto/rsa/rsa_gen.c ---- openssl-1.0.2c/crypto/rsa/rsa_gen.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_gen.c 2015-06-15 17:30:00.014284119 +0200 -@@ -69,6 +69,80 @@ +diff -up openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips openssl-1.0.2e/crypto/rsa/rsa_gen.c +--- openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_gen.c 2015-12-04 13:55:51.971562738 +0100 +@@ -69,8 +69,80 @@ #include #ifdef OPENSSL_FIPS # include +-extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, +- BN_GENCB *cb); +# include +# include + @@ -13145,7 +13150,7 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_gen.c.fips openssl-1.0.2c/crypto/rsa/rsa_ #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -@@ -84,7 +158,7 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -86,7 +158,7 @@ static int rsa_builtin_keygen(RSA *rsa, int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { #ifdef OPENSSL_FIPS @@ -13154,18 +13159,18 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_gen.c.fips openssl-1.0.2c/crypto/rsa/rsa_ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); return 0; -@@ -92,10 +166,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi +@@ -94,10 +166,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi #endif if (rsa->meth->rsa_keygen) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); -#ifdef OPENSSL_FIPS - if (FIPS_mode()) -- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); +- return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); -#endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } -@@ -108,6 +178,20 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -110,6 +178,20 @@ static int rsa_builtin_keygen(RSA *rsa, int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; @@ -13186,7 +13191,7 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_gen.c.fips openssl-1.0.2c/crypto/rsa/rsa_ ctx = BN_CTX_new(); if (ctx == NULL) goto err; -@@ -233,6 +317,16 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -235,6 +317,16 @@ static int rsa_builtin_keygen(RSA *rsa, if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) goto err; @@ -13203,9 +13208,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_gen.c.fips openssl-1.0.2c/crypto/rsa/rsa_ ok = 1; err: if (ok == -1) { -diff -up openssl-1.0.2c/crypto/rsa/rsa.h.fips openssl-1.0.2c/crypto/rsa/rsa.h ---- openssl-1.0.2c/crypto/rsa/rsa.h.fips 2015-06-15 17:29:59.903281578 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa.h 2015-06-15 17:30:00.014284119 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa.h.fips openssl-1.0.2e/crypto/rsa/rsa.h +--- openssl-1.0.2e/crypto/rsa/rsa.h.fips 2015-12-04 13:55:51.859560126 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa.h 2015-12-04 13:55:51.971562738 +0100 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13302,9 +13307,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa.h.fips openssl-1.0.2c/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.0.2c/crypto/rsa/rsa_lib.c.fips openssl-1.0.2c/crypto/rsa/rsa_lib.c ---- openssl-1.0.2c/crypto/rsa/rsa_lib.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_lib.c 2015-06-15 17:30:00.015284142 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips openssl-1.0.2e/crypto/rsa/rsa_lib.c +--- openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_lib.c 2015-12-04 13:55:51.971562738 +0100 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13377,9 +13382,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_lib.c.fips openssl-1.0.2c/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -diff -up openssl-1.0.2c/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2c/crypto/rsa/rsa_pmeth.c ---- openssl-1.0.2c/crypto/rsa/rsa_pmeth.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_pmeth.c 2015-06-15 17:30:00.015284142 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2e/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_pmeth.c 2015-12-04 13:55:51.972562762 +0100 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13419,9 +13424,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2c/crypto/rsa/rs if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -diff -up openssl-1.0.2c/crypto/rsa/rsa_sign.c.fips openssl-1.0.2c/crypto/rsa/rsa_sign.c ---- openssl-1.0.2c/crypto/rsa/rsa_sign.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_sign.c 2015-06-15 17:30:00.015284142 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips openssl-1.0.2e/crypto/rsa/rsa_sign.c +--- openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_sign.c 2015-12-04 13:55:51.972562762 +0100 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13460,9 +13465,9 @@ diff -up openssl-1.0.2c/crypto/rsa/rsa_sign.c.fips openssl-1.0.2c/crypto/rsa/rsa if (i <= 0) goto err; -diff -up openssl-1.0.2c/crypto/sha/sha.h.fips openssl-1.0.2c/crypto/sha/sha.h ---- openssl-1.0.2c/crypto/sha/sha.h.fips 2015-06-15 17:29:59.697276860 +0200 -+++ openssl-1.0.2c/crypto/sha/sha.h 2015-06-15 17:30:00.015284142 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha.h.fips openssl-1.0.2e/crypto/sha/sha.h +--- openssl-1.0.2e/crypto/sha/sha.h.fips 2015-12-04 13:55:51.651555276 +0100 ++++ openssl-1.0.2e/crypto/sha/sha.h 2015-12-04 13:55:51.972562762 +0100 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13505,9 +13510,9 @@ diff -up openssl-1.0.2c/crypto/sha/sha.h.fips openssl-1.0.2c/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -diff -up openssl-1.0.2c/crypto/sha/sha_locl.h.fips openssl-1.0.2c/crypto/sha/sha_locl.h ---- openssl-1.0.2c/crypto/sha/sha_locl.h.fips 2015-06-15 17:29:59.699276906 +0200 -+++ openssl-1.0.2c/crypto/sha/sha_locl.h 2015-06-15 17:30:00.015284142 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha_locl.h.fips openssl-1.0.2e/crypto/sha/sha_locl.h +--- openssl-1.0.2e/crypto/sha/sha_locl.h.fips 2015-12-04 13:55:51.653555322 +0100 ++++ openssl-1.0.2e/crypto/sha/sha_locl.h 2015-12-04 13:55:51.972562762 +0100 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13524,9 +13529,9 @@ diff -up openssl-1.0.2c/crypto/sha/sha_locl.h.fips openssl-1.0.2c/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.0.2c/crypto/sha/sha256.c.fips openssl-1.0.2c/crypto/sha/sha256.c ---- openssl-1.0.2c/crypto/sha/sha256.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/sha/sha256.c 2015-06-15 17:30:00.015284142 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha256.c.fips openssl-1.0.2e/crypto/sha/sha256.c +--- openssl-1.0.2e/crypto/sha/sha256.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/sha/sha256.c 2015-12-04 13:55:51.972562762 +0100 @@ -12,12 +12,19 @@ # include @@ -13557,9 +13562,9 @@ diff -up openssl-1.0.2c/crypto/sha/sha256.c.fips openssl-1.0.2c/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.0.2c/crypto/sha/sha512.c.fips openssl-1.0.2c/crypto/sha/sha512.c ---- openssl-1.0.2c/crypto/sha/sha512.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/sha/sha512.c 2015-06-15 17:30:00.016284165 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha512.c.fips openssl-1.0.2e/crypto/sha/sha512.c +--- openssl-1.0.2e/crypto/sha/sha512.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/sha/sha512.c 2015-12-04 13:55:51.972562762 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13591,9 +13596,9 @@ diff -up openssl-1.0.2c/crypto/sha/sha512.c.fips openssl-1.0.2c/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.0.2c/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2c/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.2c/crypto/whrlpool/wp_dgst.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/whrlpool/wp_dgst.c 2015-06-15 17:30:00.016284165 +0200 +diff -up openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2e/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/whrlpool/wp_dgst.c 2015-12-04 13:55:51.973562785 +0100 @@ -55,7 +55,7 @@ #include #include @@ -13603,9 +13608,9 @@ diff -up openssl-1.0.2c/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2c/crypto/whr { memset(c, 0, sizeof(*c)); return (1); -diff -up openssl-1.0.2c/Makefile.org.fips openssl-1.0.2c/Makefile.org ---- openssl-1.0.2c/Makefile.org.fips 2015-06-15 17:29:59.986283478 +0200 -+++ openssl-1.0.2c/Makefile.org 2015-06-15 17:30:00.016284165 +0200 +diff -up openssl-1.0.2e/Makefile.org.fips openssl-1.0.2e/Makefile.org +--- openssl-1.0.2e/Makefile.org.fips 2015-12-04 13:55:51.943562085 +0100 ++++ openssl-1.0.2e/Makefile.org 2015-12-04 13:55:51.973562785 +0100 @@ -137,6 +137,9 @@ FIPSCANLIB= BASEADDR= @@ -13625,7 +13630,7 @@ diff -up openssl-1.0.2c/Makefile.org.fips openssl-1.0.2c/Makefile.org # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... -@@ -238,6 +241,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS +@@ -240,6 +243,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSDIR='${FIPSDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ @@ -13633,9 +13638,9 @@ diff -up openssl-1.0.2c/Makefile.org.fips openssl-1.0.2c/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.2c/ssl/ssl_algs.c.fips openssl-1.0.2c/ssl/ssl_algs.c ---- openssl-1.0.2c/ssl/ssl_algs.c.fips 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/ssl/ssl_algs.c 2015-06-15 17:30:00.016284165 +0200 +diff -up openssl-1.0.2e/ssl/ssl_algs.c.fips openssl-1.0.2e/ssl/ssl_algs.c +--- openssl-1.0.2e/ssl/ssl_algs.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/ssl/ssl_algs.c 2015-12-04 13:55:51.973562785 +0100 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2c-rpmbuild.patch b/openssl-1.0.2e-rpmbuild.patch similarity index 92% rename from openssl-1.0.2c-rpmbuild.patch rename to openssl-1.0.2e-rpmbuild.patch index 9a6594a..db1460c 100644 --- a/openssl-1.0.2c-rpmbuild.patch +++ b/openssl-1.0.2e-rpmbuild.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure ---- openssl-1.0.2c/Configure.rpmbuild 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/Configure 2015-06-15 17:22:52.598496680 +0200 +diff -up openssl-1.0.2e/Configure.rpmbuild openssl-1.0.2e/Configure +--- openssl-1.0.2e/Configure.rpmbuild 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/Configure 2015-12-04 13:20:22.996835604 +0100 @@ -365,8 +365,8 @@ my %table=( #### # *-generic* is endian-neutral target, but ./config is free to @@ -12,7 +12,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure ####################################################################### # Note that -march is not among compiler options in below linux-armv4 -@@ -395,30 +395,30 @@ my %table=( +@@ -395,31 +395,31 @@ my %table=( # # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 # @@ -48,6 +48,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", @@ -55,7 +56,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see # /proc/cpuinfo. The idea is to preserve most significant bits of -@@ -436,12 +436,12 @@ my %table=( +@@ -437,12 +437,12 @@ my %table=( #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. @@ -71,7 +72,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -1764,7 +1764,7 @@ while () +@@ -1767,7 +1767,7 @@ while () elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; @@ -80,9 +81,9 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure } elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) { -diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org ---- openssl-1.0.2c/Makefile.org.rpmbuild 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/Makefile.org 2015-06-15 17:19:14.874510995 +0200 +diff -up openssl-1.0.2e/Makefile.org.rpmbuild openssl-1.0.2e/Makefile.org +--- openssl-1.0.2e/Makefile.org.rpmbuild 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/Makefile.org 2015-12-04 13:18:44.913538616 +0100 @@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= SHLIB_MAJOR= SHLIB_MINOR= @@ -91,7 +92,7 @@ diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org PLATFORM=dist OPTIONS= CONFIGURE_ARGS= -@@ -338,10 +339,9 @@ clean-shared: +@@ -341,10 +342,9 @@ clean-shared: link-shared: @ set -e; for i in $(SHLIBDIRS); do \ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ @@ -103,7 +104,7 @@ diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org done build-shared: do_$(SHLIB_TARGET) link-shared -@@ -352,7 +352,7 @@ do_$(SHLIB_TARGET): +@@ -355,7 +355,7 @@ do_$(SHLIB_TARGET): libs="$(LIBKRB5) $$libs"; \ fi; \ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ diff --git a/openssl-1.0.2a-wrap-pad.patch b/openssl-1.0.2e-wrap-pad.patch similarity index 88% rename from openssl-1.0.2a-wrap-pad.patch rename to openssl-1.0.2e-wrap-pad.patch index ff1a133..fad043c 100644 --- a/openssl-1.0.2a-wrap-pad.patch +++ b/openssl-1.0.2e-wrap-pad.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.2a/crypto/evp/c_allc.c.wrap openssl-1.0.2a/crypto/evp/c_allc.c ---- openssl-1.0.2a/crypto/evp/c_allc.c.wrap 2015-04-22 15:41:32.147488107 +0200 -+++ openssl-1.0.2a/crypto/evp/c_allc.c 2015-04-22 15:47:25.486946239 +0200 +diff -up openssl-1.0.2e/crypto/evp/c_allc.c.wrap openssl-1.0.2e/crypto/evp/c_allc.c +--- openssl-1.0.2e/crypto/evp/c_allc.c.wrap 2015-12-04 13:33:42.118550036 +0100 ++++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:33:42.190551722 +0100 @@ -179,6 +179,7 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_128_xts()); EVP_add_cipher(EVP_aes_128_ccm()); @@ -57,9 +57,9 @@ diff -up openssl-1.0.2a/crypto/evp/c_allc.c.wrap openssl-1.0.2a/crypto/evp/c_all EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); # endif -diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes.c ---- openssl-1.0.2a/crypto/evp/e_aes.c.wrap 2015-04-22 15:41:32.148488131 +0200 -+++ openssl-1.0.2a/crypto/evp/e_aes.c 2015-04-22 15:52:21.809039506 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_aes.c.wrap openssl-1.0.2e/crypto/evp/e_aes.c +--- openssl-1.0.2e/crypto/evp/e_aes.c.wrap 2015-12-04 13:33:42.119550059 +0100 ++++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:33:42.190551722 +0100 @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. @@ -67,7 +67,7 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions -@@ -1952,7 +1952,7 @@ static int aes_wrap_init_key(EVP_CIPHER_ +@@ -1953,7 +1953,7 @@ static int aes_wrap_init_key(EVP_CIPHER_ wctx->iv = NULL; } if (iv) { @@ -76,7 +76,7 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes. wctx->iv = ctx->iv; } return 1; -@@ -1963,30 +1963,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT +@@ -1964,30 +1964,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT { EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; size_t rv; @@ -142,7 +142,7 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -@@ -2031,3 +2058,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) +@@ -2032,3 +2059,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) { return &aes_256_wrap; } @@ -188,10 +188,10 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes. +{ + return &aes_256_wrap_pad; +} -diff -up openssl-1.0.2a/crypto/evp/e_des3.c.wrap openssl-1.0.2a/crypto/evp/e_des3.c ---- openssl-1.0.2a/crypto/evp/e_des3.c.wrap 2015-04-22 15:41:40.301683300 +0200 -+++ openssl-1.0.2a/crypto/evp/e_des3.c 2015-04-22 15:53:39.529899964 +0200 -@@ -473,7 +473,7 @@ static const EVP_CIPHER des3_wrap = { +diff -up openssl-1.0.2e/crypto/evp/e_des3.c.wrap openssl-1.0.2e/crypto/evp/e_des3.c +--- openssl-1.0.2e/crypto/evp/e_des3.c.wrap 2015-12-04 13:33:42.119550059 +0100 ++++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:33:42.191551745 +0100 +@@ -474,7 +474,7 @@ static const EVP_CIPHER des3_wrap = { NID_id_smime_alg_CMS3DESwrap, 8, 24, 0, EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER @@ -200,10 +200,10 @@ diff -up openssl-1.0.2a/crypto/evp/e_des3.c.wrap openssl-1.0.2a/crypto/evp/e_des des_ede3_init_key, des_ede3_wrap_cipher, NULL, sizeof(DES_EDE_KEY), -diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h ---- openssl-1.0.2a/crypto/evp/evp.h.wrap 2015-04-22 19:30:57.000000000 +0200 -+++ openssl-1.0.2a/crypto/evp/evp.h 2015-04-22 19:51:06.352832516 +0200 -@@ -832,6 +832,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void); +diff -up openssl-1.0.2e/crypto/evp/evp.h.wrap openssl-1.0.2e/crypto/evp/evp.h +--- openssl-1.0.2e/crypto/evp/evp.h.wrap 2015-12-04 13:33:42.120550083 +0100 ++++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:33:42.191551745 +0100 +@@ -834,6 +834,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void); const EVP_CIPHER *EVP_aes_128_gcm(void); const EVP_CIPHER *EVP_aes_128_xts(void); const EVP_CIPHER *EVP_aes_128_wrap(void); @@ -211,7 +211,7 @@ diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); const EVP_CIPHER *EVP_aes_192_cfb1(void); -@@ -843,6 +844,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void); +@@ -845,6 +846,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void); const EVP_CIPHER *EVP_aes_192_ccm(void); const EVP_CIPHER *EVP_aes_192_gcm(void); const EVP_CIPHER *EVP_aes_192_wrap(void); @@ -219,7 +219,7 @@ diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); -@@ -855,6 +857,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void); +@@ -857,6 +859,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void); const EVP_CIPHER *EVP_aes_256_gcm(void); const EVP_CIPHER *EVP_aes_256_xts(void); const EVP_CIPHER *EVP_aes_256_wrap(void); @@ -227,9 +227,9 @@ diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -diff -up openssl-1.0.2a/crypto/evp/evptests.txt.wrap openssl-1.0.2a/crypto/evp/evptests.txt ---- openssl-1.0.2a/crypto/evp/evptests.txt.wrap 2015-04-22 15:41:47.194848307 +0200 -+++ openssl-1.0.2a/crypto/evp/evptests.txt 2015-04-22 16:01:08.174540977 +0200 +diff -up openssl-1.0.2e/crypto/evp/evptests.txt.wrap openssl-1.0.2e/crypto/evp/evptests.txt +--- openssl-1.0.2e/crypto/evp/evptests.txt.wrap 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/evptests.txt 2015-12-04 13:33:42.191551745 +0100 @@ -399,3 +399,7 @@ id-aes256-wrap:000102030405060708090A0B0 id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 @@ -238,9 +238,9 @@ diff -up openssl-1.0.2a/crypto/evp/evptests.txt.wrap openssl-1.0.2a/crypto/evp/e +id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a +id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f + -diff -up openssl-1.0.2a/crypto/modes/modes.h.wrap openssl-1.0.2a/crypto/modes/modes.h ---- openssl-1.0.2a/crypto/modes/modes.h.wrap 2015-04-22 15:41:49.228896997 +0200 -+++ openssl-1.0.2a/crypto/modes/modes.h 2015-04-22 16:03:40.724152855 +0200 +diff -up openssl-1.0.2e/crypto/modes/modes.h.wrap openssl-1.0.2e/crypto/modes/modes.h +--- openssl-1.0.2e/crypto/modes/modes.h.wrap 2015-12-04 13:33:41.770541886 +0100 ++++ openssl-1.0.2e/crypto/modes/modes.h 2015-12-04 13:33:42.191551745 +0100 @@ -157,6 +157,12 @@ size_t CRYPTO_128_unwrap(void *key, cons unsigned char *out, const unsigned char *in, size_t inlen, @@ -254,9 +254,9 @@ diff -up openssl-1.0.2a/crypto/modes/modes.h.wrap openssl-1.0.2a/crypto/modes/mo #ifdef __cplusplus } -diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/wrap128.c ---- openssl-1.0.2a/crypto/modes/wrap128.c.wrap 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/modes/wrap128.c 2015-04-22 16:06:16.798848197 +0200 +diff -up openssl-1.0.2e/crypto/modes/wrap128.c.wrap openssl-1.0.2e/crypto/modes/wrap128.c +--- openssl-1.0.2e/crypto/modes/wrap128.c.wrap 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/modes/wrap128.c 2015-12-04 13:37:51.486366984 +0100 @@ -2,6 +2,7 @@ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -312,7 +312,7 @@ diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, size_t inlen, -@@ -72,11 +98,11 @@ size_t CRYPTO_128_wrap(void *key, const +@@ -72,7 +98,7 @@ size_t CRYPTO_128_wrap(void *key, const { unsigned char *A, B[16], *R; size_t i, j, t; @@ -321,11 +321,6 @@ diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/ return 0; A = B; t = 1; -- memcpy(out + 8, in, inlen); -+ memmove(out + 8, in, inlen); - if (!iv) - iv = default_iv; - @@ -100,7 +126,23 @@ size_t CRYPTO_128_wrap(void *key, const return inlen + 8; } @@ -351,15 +346,6 @@ diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/ unsigned char *out, const unsigned char *in, size_t inlen, block128_f block) -@@ -113,7 +155,7 @@ size_t CRYPTO_128_unwrap(void *key, cons - A = B; - t = 6 * (inlen >> 3); - memcpy(A, in, 8); -- memcpy(out, in + 8, inlen); -+ memmove(out, in + 8, inlen); - for (j = 0; j < 6; j++) { - R = out + inlen - 8; - for (i = 0; i < inlen; i += 8, t--, R -= 8) { @@ -128,11 +170,190 @@ size_t CRYPTO_128_unwrap(void *key, cons memcpy(R, B + 8, 8); } diff --git a/openssl.spec b/openssl.spec index 6472339..fa18769 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,8 +22,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.0.2d -Release: 3%{?dist} +Version: 1.0.2e +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -40,7 +40,7 @@ Source11: README.FIPS Source12: ec_curve.c Source13: ectest.c # Build changes -Patch1: openssl-1.0.2c-rpmbuild.patch +Patch1: openssl-1.0.2e-rpmbuild.patch Patch2: openssl-1.0.2a-defaults.patch Patch4: openssl-1.0.2a-enginesdir.patch Patch5: openssl-1.0.2a-no-rpath.patch @@ -56,7 +56,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch34: openssl-1.0.2a-x509.patch Patch35: openssl-1.0.2a-version-add-engines.patch Patch39: openssl-1.0.2a-ipv6-apps.patch -Patch40: openssl-1.0.2c-fips.patch +Patch40: openssl-1.0.2e-fips.patch Patch45: openssl-1.0.2a-env-zlib.patch Patch47: openssl-1.0.2a-readme-warning.patch Patch49: openssl-1.0.1i-algo-doc.patch @@ -83,10 +83,9 @@ Patch92: openssl-1.0.2a-system-cipherlist.patch Patch93: openssl-1.0.2a-disable-sslv2v3.patch Patch94: openssl-1.0.2d-secp256k1.patch # Backported fixes including security fixes -Patch80: openssl-1.0.2a-wrap-pad.patch +Patch80: openssl-1.0.2e-wrap-pad.patch Patch81: openssl-1.0.2a-padlock64.patch Patch82: openssl-1.0.2c-trusted-first-doc.patch -Patch83: openssl-1.0.2d-amd-sigill.patch License: OpenSSL Group: System Environment/Libraries @@ -208,7 +207,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch80 -p1 -b .wrap %patch81 -p1 -b .padlock64 %patch82 -p1 -b .trusted-first -%patch83 -p1 -b .sigill sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -270,7 +268,8 @@ sslarch="linux-ppc64le" --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ - enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \ + enable-cms enable-md2 enable-ec_nistp_64_gcc_128 \ + no-mdc2 no-rc5 no-ec2m no-gost no-srp \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} @@ -288,6 +287,11 @@ make rehash # Overwrite FIPS README cp -f %{SOURCE11} . +# Clean up the .pc files +for i in libcrypto.pc libssl.pc openssl.pc ; do + sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i +done + %check # Verify that what was compiled actually works. @@ -479,6 +483,12 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Fri Dec 4 2015 Tomáš Mráz 1.0.2e-1 +- minor upstream release 1.0.2e fixing moderate severity security issues +- enable fast assembler implementation for NIST P-256 and P-521 + elliptic curves (#1164210) +- filter out unwanted link options from the .pc files (#1257836) + * Mon Nov 16 2015 Tomáš Mráz 1.0.2d-3 - fix sigill on some AMD CPUs (#1278194) diff --git a/sources b/sources index 172dba7..0d81161 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e777c33ca529b963d5457a21cb11d6c3 openssl-1.0.2d-hobbled.tar.xz +882f4ac893554b8fe2817085de6f92d9 openssl-1.0.2e-hobbled.tar.xz