new upstream release fixing multiple security issues

2014-10-16 13:50:08 +02:00 · 2014-10-16 13:50:08 +02:00 · 613f664141
parent 1f162bf2ee
commit 613f664141
6 changed files with 511 additions and 548 deletions
--- a/openssl-1.0.1i-copy-algo.patch
+++ b/openssl-1.0.1i-copy-algo.patch
@ -1,33 +0,0 @@
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 6a33b9d..76a5f9e 100644
--- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -3177,15 +3177,26 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
- 
- SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
- 	{
-+	CERT *ocert = ssl->cert;
- 	if (ssl->ctx == ctx)
- 		return ssl->ctx;
- #ifndef OPENSSL_NO_TLSEXT
- 	if (ctx == NULL)
- 		ctx = ssl->initial_ctx;
- #endif
-	if (ssl->cert != NULL)
-		ssl_cert_free(ssl->cert);
- 	ssl->cert = ssl_cert_dup(ctx->cert);
-+	if (ocert)
-+		{
-+		int i;
-+		/* Copy negotiated digests from original */
-+		for (i = 0; i < SSL_PKEY_NUM; i++)
-+			{
-+			CERT_PKEY *cpk = ocert->pkeys + i;
-+			CERT_PKEY *rpk = ssl->cert->pkeys + i;
-+			rpk->digest = cpk->digest;
-+			}
-+		ssl_cert_free(ocert);
-+		}
- 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
- 	if (ssl->ctx != NULL)
- 		SSL_CTX_free(ssl->ctx); /* decrement reference count */
--- a/openssl-1.0.1j-ephemeral-key-size.patch
+++ b/openssl-1.0.1j-ephemeral-key-size.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h
--- openssl-1.0.1e/apps/s_apps.h.ephemeral	2014-02-12 14:49:14.333513753 +0100
-+++ openssl-1.0.1e/apps/s_apps.h	2014-02-12 14:49:14.417515629 +0100
+diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
+--- openssl-1.0.1j/apps/s_apps.h.ephemeral	2014-10-16 13:32:30.772817591 +0200
+++ openssl-1.0.1j/apps/s_apps.h	2014-10-16 13:32:30.865819691 +0200
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
@ -9,9 +9,9 @@ diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h
 int init_client(int *sock, char *server, char *port, int type);
 int should_retry(int i);
 int extract_host_port(char *str,char **host_ptr,char **port_ptr);
-diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c
--- openssl-1.0.1e/apps/s_cb.c.ephemeral	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/s_cb.c	2014-02-12 14:56:25.584142499 +0100
+diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
+--- openssl-1.0.1j/apps/s_cb.c.ephemeral	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/apps/s_cb.c	2014-10-16 13:32:30.865819691 +0200
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
 		}
 	}
@ -51,10 +51,10 @@ diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c
 
 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
 	{
-diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c
--- openssl-1.0.1e/apps/s_client.c.ephemeral	2014-02-12 14:49:14.407515406 +0100
-+++ openssl-1.0.1e/apps/s_client.c	2014-02-12 14:49:14.418515652 +0100
-@@ -2032,6 +2032,8 @@ static void print_stuff(BIO *bio, SSL *s
+diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
+--- openssl-1.0.1j/apps/s_client.c.ephemeral	2014-10-16 13:32:30.860819578 +0200
+++ openssl-1.0.1j/apps/s_client.c	2014-10-16 13:32:30.865819691 +0200
+@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s
 			BIO_write(bio,"\n",1);
 			}
 
@ -63,19 +63,18 @@ diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c
 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
 			BIO_number_read(SSL_get_rbio(s)),
 			BIO_number_written(SSL_get_wbio(s)));
-diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h
--- openssl-1.0.1e/ssl/ssl.h.ephemeral	2014-02-12 14:49:14.391515049 +0100
-+++ openssl-1.0.1e/ssl/ssl.h	2014-02-12 14:49:14.418515652 +0100
-@@ -1563,6 +1563,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
+--- openssl-1.0.1j/ssl/ssl.h.ephemeral	2014-10-16 13:32:30.851819375 +0200
+++ openssl-1.0.1j/ssl/ssl.h	2014-10-16 13:33:23.233001903 +0200
+@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
 
 +#define SSL_CTRL_GET_SERVER_TMP_KEY		109
-+
+ #define SSL_CTRL_CHECK_PROTO_VERSION		119
+ 
 #define DTLSv1_get_timeout(ssl, arg) \
- 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
- #define DTLSv1_handle_timeout(ssl) \
-@@ -1604,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTX_clear_extra_chain_certs(ctx) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
 
@ -85,13 +84,13 @@ diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c
--- openssl-1.0.1e/ssl/s3_lib.c.ephemeral	2014-02-12 14:49:14.412515518 +0100
-+++ openssl-1.0.1e/ssl/s3_lib.c	2014-02-12 14:49:14.418515652 +0100
-@@ -3350,6 +3350,44 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
- #endif
+diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c
+--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral	2014-10-16 13:32:30.866819713 +0200
+++ openssl-1.0.1j/ssl/s3_lib.c	2014-10-16 13:34:08.918033262 +0200
+@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
 
 #endif /* !OPENSSL_NO_TLSEXT */
+ 
 +	case SSL_CTRL_GET_SERVER_TMP_KEY:
 +		if (s->server || !s->session || !s->session->sess_cert)
 +			return 0;
@ -130,6 +129,7 @@ diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c
 +			EVP_PKEY_free(ptmp);
 +			return 0;
 +			}
- 	default:
- 		break;
- 		}
+
+ 	case SSL_CTRL_CHECK_PROTO_VERSION:
+ 		/* For library-internal use; checks that the current protocol
+ 		 * is the highest enabled version (according to s->ctx->method,
--- a/openssl-1.0.1j-evp-wrap.patch
+++ b/openssl-1.0.1j-evp-wrap.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap openssl-1.0.1i/crypto/aes/aes_wrap.c
--- openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap	2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/aes/aes_wrap.c	2014-09-08 15:07:27.331994490 +0200
+diff -up openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap openssl-1.0.1j/crypto/aes/aes_wrap.c
+--- openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap	2014-10-15 13:15:29.000000000 +0200
+++ openssl-1.0.1j/crypto/aes/aes_wrap.c	2014-10-16 13:30:10.679654927 +0200
@@ -53,207 +53,18 @@
 
 #include "cryptlib.h"
@ -212,9 +212,9 @@ diff -up openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap openssl-1.0.1i/crypto/aes/aes
 -	
 -	
 -#endif
-diff -up openssl-1.0.1i/crypto/evp/c_allc.c.wrap openssl-1.0.1i/crypto/evp/c_allc.c
--- openssl-1.0.1i/crypto/evp/c_allc.c.wrap	2014-09-08 15:07:27.254992717 +0200
-+++ openssl-1.0.1i/crypto/evp/c_allc.c	2014-09-08 15:07:27.331994490 +0200
+diff -up openssl-1.0.1j/crypto/evp/c_allc.c.wrap openssl-1.0.1j/crypto/evp/c_allc.c
+--- openssl-1.0.1j/crypto/evp/c_allc.c.wrap	2014-10-16 13:30:10.583652760 +0200
+++ openssl-1.0.1j/crypto/evp/c_allc.c	2014-10-16 13:30:10.679654927 +0200
@@ -98,6 +98,7 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher(EVP_des_ecb());
 	EVP_add_cipher(EVP_des_ede());
@ -285,9 +285,9 @@ diff -up openssl-1.0.1i/crypto/evp/c_allc.c.wrap openssl-1.0.1i/crypto/evp/c_all
 	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
 	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
 #endif
-diff -up openssl-1.0.1i/crypto/evp/e_aes.c.wrap openssl-1.0.1i/crypto/evp/e_aes.c
--- openssl-1.0.1i/crypto/evp/e_aes.c.wrap	2014-09-08 15:07:27.255992740 +0200
-+++ openssl-1.0.1i/crypto/evp/e_aes.c	2014-09-08 15:07:27.331994490 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_aes.c.wrap openssl-1.0.1j/crypto/evp/e_aes.c
+--- openssl-1.0.1j/crypto/evp/e_aes.c.wrap	2014-10-16 13:30:10.584652782 +0200
+++ openssl-1.0.1j/crypto/evp/e_aes.c	2014-10-16 13:30:10.679654927 +0200
@@ -1,5 +1,5 @@
 /* ====================================================================
 - * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
@ -476,9 +476,9 @@ diff -up openssl-1.0.1i/crypto/evp/e_aes.c.wrap openssl-1.0.1i/crypto/evp/e_aes.
 +	}
 +
 #endif
-diff -up openssl-1.0.1i/crypto/evp/e_des3.c.wrap openssl-1.0.1i/crypto/evp/e_des3.c
--- openssl-1.0.1i/crypto/evp/e_des3.c.wrap	2014-09-08 15:07:27.255992740 +0200
-+++ openssl-1.0.1i/crypto/evp/e_des3.c	2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_des3.c.wrap openssl-1.0.1j/crypto/evp/e_des3.c
+--- openssl-1.0.1j/crypto/evp/e_des3.c.wrap	2014-10-16 13:30:10.584652782 +0200
+++ openssl-1.0.1j/crypto/evp/e_des3.c	2014-10-16 13:30:10.679654927 +0200
@@ -310,4 +310,112 @@ const EVP_CIPHER *EVP_des_ede3(void)
 {
 	return &des_ede3_ecb;
@ -592,10 +592,10 @@ diff -up openssl-1.0.1i/crypto/evp/e_des3.c.wrap openssl-1.0.1i/crypto/evp/e_des
 +
 +# endif
 #endif
-diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_enc.c
--- openssl-1.0.1i/crypto/evp/evp_enc.c.wrap	2014-09-08 15:07:27.255992740 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_enc.c	2014-09-08 15:07:27.332994513 +0200
-@@ -233,7 +233,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.wrap openssl-1.0.1j/crypto/evp/evp_enc.c
+--- openssl-1.0.1j/crypto/evp/evp_enc.c.wrap	2014-10-16 13:30:10.584652782 +0200
+++ openssl-1.0.1j/crypto/evp/evp_enc.c	2014-10-16 13:30:10.680654949 +0200
+@@ -234,7 +234,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
 			ctx->cipher_data = NULL;
 			}
 		ctx->key_len = cipher->key_len;
@ -605,7 +605,7 @@ diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_
 		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
 			{
 			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
-@@ -256,6 +257,13 @@ skip_to_init:
+@@ -257,6 +258,13 @@ skip_to_init:
 	    || ctx->cipher->block_size == 8
 	    || ctx->cipher->block_size == 16);
 
@ -619,9 +619,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_
 	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
 		switch(EVP_CIPHER_CTX_mode(ctx)) {
 
-diff -up openssl-1.0.1i/crypto/evp/evp_err.c.wrap openssl-1.0.1i/crypto/evp/evp_err.c
--- openssl-1.0.1i/crypto/evp/evp_err.c.wrap	2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_err.c	2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_err.c.wrap openssl-1.0.1j/crypto/evp/evp_err.c
+--- openssl-1.0.1j/crypto/evp/evp_err.c.wrap	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/evp/evp_err.c	2014-10-16 13:30:10.680654949 +0200
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
@ -638,9 +638,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_err.c.wrap openssl-1.0.1i/crypto/evp/evp_
 {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
 {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
 {0,NULL}
-diff -up openssl-1.0.1i/crypto/evp/evp.h.wrap openssl-1.0.1i/crypto/evp/evp.h
--- openssl-1.0.1i/crypto/evp/evp.h.wrap	2014-09-08 15:07:27.256992763 +0200
-+++ openssl-1.0.1i/crypto/evp/evp.h	2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp.h.wrap openssl-1.0.1j/crypto/evp/evp.h
+--- openssl-1.0.1j/crypto/evp/evp.h.wrap	2014-10-16 13:30:10.585652805 +0200
+++ openssl-1.0.1j/crypto/evp/evp.h	2014-10-16 13:30:10.680654949 +0200
@@ -336,6 +336,7 @@ struct evp_cipher_st
 #define		EVP_CIPH_GCM_MODE		0x6
 #define		EVP_CIPH_CCM_MODE		0x7
@ -706,9 +706,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp.h.wrap openssl-1.0.1i/crypto/evp/evp.h
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
 
-diff -up openssl-1.0.1i/crypto/evp/evp_lib.c.wrap openssl-1.0.1i/crypto/evp/evp_lib.c
--- openssl-1.0.1i/crypto/evp/evp_lib.c.wrap	2014-09-08 15:07:27.256992763 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_lib.c	2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.wrap openssl-1.0.1j/crypto/evp/evp_lib.c
+--- openssl-1.0.1j/crypto/evp/evp_lib.c.wrap	2014-10-16 13:30:10.585652805 +0200
+++ openssl-1.0.1j/crypto/evp/evp_lib.c	2014-10-16 13:30:10.680654949 +0200
@@ -68,7 +68,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_
 	if (c->cipher->set_asn1_parameters != NULL)
 		ret=c->cipher->set_asn1_parameters(c,type);
@ -738,9 +738,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_lib.c.wrap openssl-1.0.1i/crypto/evp/evp_
 	else
 		ret=-1;
 	return(ret);
-diff -up openssl-1.0.1i/crypto/evp/evp_test.c.wrap openssl-1.0.1i/crypto/evp/evp_test.c
--- openssl-1.0.1i/crypto/evp/evp_test.c.wrap	2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_test.c	2014-09-08 15:07:27.333994536 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_test.c.wrap openssl-1.0.1j/crypto/evp/evp_test.c
+--- openssl-1.0.1j/crypto/evp/evp_test.c.wrap	2014-10-15 14:51:06.000000000 +0200
+++ openssl-1.0.1j/crypto/evp/evp_test.c	2014-10-16 13:30:10.680654949 +0200
@@ -141,7 +141,7 @@ static void test1(const EVP_CIPHER *c,co
     {
     EVP_CIPHER_CTX ctx;
@ -806,9 +806,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_test.c.wrap openssl-1.0.1i/crypto/evp/evp
     /* Load up the software EVP_CIPHER and EVP_MD definitions */
     OpenSSL_add_all_ciphers();
     OpenSSL_add_all_digests();
-diff -up openssl-1.0.1i/crypto/evp/evptests.txt.wrap openssl-1.0.1i/crypto/evp/evptests.txt
--- openssl-1.0.1i/crypto/evp/evptests.txt.wrap	2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/evp/evptests.txt	2014-09-08 15:07:27.333994536 +0200
+diff -up openssl-1.0.1j/crypto/evp/evptests.txt.wrap openssl-1.0.1j/crypto/evp/evptests.txt
+--- openssl-1.0.1j/crypto/evp/evptests.txt.wrap	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/evp/evptests.txt	2014-10-16 13:30:10.681654972 +0200
@@ -332,3 +332,15 @@ SEED-ECB:0000000000000000000000000000000
 SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
 SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
@ -825,9 +825,9 @@ diff -up openssl-1.0.1i/crypto/evp/evptests.txt.wrap openssl-1.0.1i/crypto/evp/e
 +id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
 +id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f
 +
-diff -up openssl-1.0.1i/crypto/modes/Makefile.wrap openssl-1.0.1i/crypto/modes/Makefile
--- openssl-1.0.1i/crypto/modes/Makefile.wrap	2014-09-08 15:07:27.233992233 +0200
-+++ openssl-1.0.1i/crypto/modes/Makefile	2014-09-08 15:07:27.333994536 +0200
+diff -up openssl-1.0.1j/crypto/modes/Makefile.wrap openssl-1.0.1j/crypto/modes/Makefile
+--- openssl-1.0.1j/crypto/modes/Makefile.wrap	2014-10-16 13:30:10.560652240 +0200
+++ openssl-1.0.1j/crypto/modes/Makefile	2014-10-16 13:30:10.681654972 +0200
@@ -22,9 +22,9 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
@ -840,10 +840,10 @@ diff -up openssl-1.0.1i/crypto/modes/Makefile.wrap openssl-1.0.1i/crypto/modes/M
 
 SRC= $(LIBSRC)
 
-diff -up openssl-1.0.1i/crypto/modes/modes.h.wrap openssl-1.0.1i/crypto/modes/modes.h
--- openssl-1.0.1i/crypto/modes/modes.h.wrap	2014-09-08 15:07:26.865983757 +0200
-+++ openssl-1.0.1i/crypto/modes/modes.h	2014-09-08 15:07:27.333994536 +0200
-@@ -133,3 +133,17 @@ typedef struct xts128_context XTS128_CON
+diff -up openssl-1.0.1j/crypto/modes/modes.h.wrap openssl-1.0.1j/crypto/modes/modes.h
+--- openssl-1.0.1j/crypto/modes/modes.h.wrap	2014-10-16 13:30:10.681654972 +0200
+++ openssl-1.0.1j/crypto/modes/modes.h	2014-10-16 13:31:01.232796186 +0200
+@@ -136,6 +136,20 @@ typedef struct xts128_context XTS128_CON
 
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
 	const unsigned char *inp, unsigned char *out, size_t len, int enc);
@ -861,9 +861,12 @@ diff -up openssl-1.0.1i/crypto/modes/modes.h.wrap openssl-1.0.1i/crypto/modes/mo
 +size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
 +		unsigned char *out,
 +		const unsigned char *in, size_t inlen, block128_f block);
-diff -up openssl-1.0.1i/crypto/modes/wrap128.c.wrap openssl-1.0.1i/crypto/modes/wrap128.c
--- openssl-1.0.1i/crypto/modes/wrap128.c.wrap	2014-09-08 15:07:27.333994536 +0200
-+++ openssl-1.0.1i/crypto/modes/wrap128.c	2014-09-08 15:07:27.333994536 +0200
+ #ifdef  __cplusplus
+ }
+ #endif
+diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/wrap128.c
+--- openssl-1.0.1j/crypto/modes/wrap128.c.wrap	2014-10-16 13:30:10.681654972 +0200
+++ openssl-1.0.1j/crypto/modes/wrap128.c	2014-10-16 13:30:10.681654972 +0200
@@ -0,0 +1,372 @@
 +/* crypto/modes/wrap128.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
--- a/openssl-1.0.1j-fips-ec.patch
+++ b/openssl-1.0.1j-fips-ec.patch
@ -1,6 +1,6 @@
-diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h
--- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec	2013-11-08 17:59:42.755019363 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ecdh.h	2013-11-08 17:59:43.147028002 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1j/crypto/ecdh/ecdh.h
+--- openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec	2014-10-16 13:25:20.248098308 +0200
+++ openssl-1.0.1j/crypto/ecdh/ecdh.h	2014-10-16 13:25:20.730109190 +0200
@@ -85,6 +85,8 @@
 extern "C" {
 #endif
@ -10,9 +10,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ec
 const ECDH_METHOD *ECDH_OpenSSL(void);
 
 void	  ECDH_set_default_method(const ECDH_METHOD *);
-diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c
--- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c	2013-11-08 17:59:54.712282862 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1j/crypto/ecdh/ecdhtest.c
+--- openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c	2014-10-16 13:25:20.730109190 +0200
@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
@ -24,9 +24,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecd
 	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
 	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
 	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
-diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c
--- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c	2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_lib.c
+--- openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ecdh/ech_lib.c	2014-10-16 13:25:20.730109190 +0200
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
 	{
 	if(!default_ECDH_method) 
@ -42,9 +42,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh
 		}
 	return default_ECDH_method;
 	}
-diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c
--- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c	2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_ossl.c
+--- openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c	2014-10-16 13:25:20.730109190 +0200
@@ -79,6 +79,10 @@
 #include <openssl/obj_mac.h>
 #include <openssl/bn.h>
@ -99,9 +99,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd
 	if ((tmp=EC_POINT_new(group)) == NULL)
 		{
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
--- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c	2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecdsatest.c
+--- openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c	2014-10-16 13:25:20.731109212 +0200
@@ -138,11 +138,14 @@ int restore_rand(void)
 	}
 
@ -137,9 +137,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e
 	if (!test_builtin(out)) goto err;
 	
 	ret = 0;
-diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
--- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c	2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_lib.c
+--- openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c	2014-10-16 13:25:20.731109212 +0200
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
 {
 	if(!default_ECDSA_method) 
@ -155,9 +155,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd
 		}
 	return default_ECDSA_method;
 }
-diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
--- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c	2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c
+--- openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c	2014-10-16 13:25:20.731109212 +0200
@@ -60,6 +60,9 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
@ -207,9 +207,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec
 	/* check input values */
 	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
-diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c
--- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ec_key.c	2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec openssl-1.0.1j/crypto/ec/ec_key.c
+--- openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ec/ec_key.c	2014-10-16 13:25:20.731109212 +0200
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
@ -306,10 +306,10 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k
 		{
 		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
 			EC_R_COORDINATES_OUT_OF_RANGE);
-diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c
--- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_mont.c	2013-11-08 17:59:43.149028046 +0100
-@@ -63,18 +63,11 @@
+diff -up openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_mont.c
+--- openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec	2014-10-16 13:25:20.731109212 +0200
+++ openssl-1.0.1j/crypto/ec/ecp_mont.c	2014-10-16 13:27:34.156121340 +0200
+@@ -63,10 +63,6 @@
 
 #include <openssl/err.h>
 
@ -320,26 +320,22 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 #include "ec_lcl.h"
 
 
- const EC_METHOD *EC_GFp_mont_method(void)
- 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_mont_method();
-#else
- 	static const EC_METHOD ret = {
- 		EC_FLAGS_DEFAULT_OCT,
- 		NID_X9_62_prime_field,
-@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void
+@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void
+ 		ec_GFp_mont_field_decode,
 		ec_GFp_mont_field_set_to_one };
 
- 	return &ret;
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return fips_ec_gfp_mont_method();
 -#endif
+-
+ 	return &ret;
 	}
 
- 
-diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c
--- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_nist.c	2013-11-08 17:59:43.149028046 +0100
-@@ -67,15 +67,8 @@
+diff -up openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_nist.c
+--- openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec	2014-10-16 13:25:20.732109235 +0200
+++ openssl-1.0.1j/crypto/ec/ecp_nist.c	2014-10-16 13:27:53.163550441 +0200
+@@ -67,10 +67,6 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
@ -349,24 +345,23 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 -
 const EC_METHOD *EC_GFp_nist_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_nist_method();
-#else
 	static const EC_METHOD ret = {
- 		EC_FLAGS_DEFAULT_OCT,
- 		NID_X9_62_prime_field,
-@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
+@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_nist_method(void
+ 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
- 	return &ret;
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return fips_ec_gfp_nist_method();
 -#endif
+-
+ 	return &ret;
 	}
 
- int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c
--- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c	2013-11-08 17:59:43.149028046 +0100
-@@ -65,17 +65,10 @@
+diff -up openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_smpl.c
+--- openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ec/ecp_smpl.c	2014-10-16 13:28:39.386593946 +0200
+@@ -65,10 +65,6 @@
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
@ -377,22 +372,19 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
- 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_simple_method();
-#else
- 	static const EC_METHOD ret = {
- 		EC_FLAGS_DEFAULT_OCT,
- 		NID_X9_62_prime_field,
-@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
+@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
+ 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
- 	return &ret;
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return fips_ec_gfp_simple_method();
 -#endif
+-
+ 	return &ret;
 	}
 
- 
-@@ -186,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
+@@ -187,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
 		return 0;
 		}
 
@ -405,9 +397,9 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec
 	if (ctx == NULL)
 		{
 		ctx = new_ctx = BN_CTX_new();
-diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c
--- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c	2013-11-08 17:59:43.149028046 +0100
+diff -up openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1j/crypto/evp/m_ecdsa.c
+--- openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/evp/m_ecdsa.c	2014-10-16 13:25:20.732109235 +0200
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 
@ -430,9 +422,9 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m
 	}
 #endif
 -#endif
-diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2013-11-08 17:59:43.149028046 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c	2013-11-08 17:59:43.149028046 +0100
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2014-10-16 13:25:20.732109235 +0200
+++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c	2014-10-16 13:25:20.732109235 +0200
@@ -0,0 +1,496 @@
 +/* fips/ecdh/fips_ecdhvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -930,9 +922,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr
 +	}
 +
 +#endif
-diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c	2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2014-10-16 13:25:20.733109257 +0200
+++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c	2014-10-16 13:25:20.733109257 +0200
@@ -0,0 +1,533 @@
 +/* fips/ecdsa/fips_ecdsavs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1467,9 +1459,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c
 +	}
 +
 +#endif
-diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c	2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec	2014-10-16 13:25:20.733109257 +0200
+++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c	2014-10-16 13:25:20.733109257 +0200
@@ -0,0 +1,252 @@
 +/* fips/ecdh/fips_ecdh_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1723,9 +1715,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/
 +	}
 +
 +#endif
-diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c	2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2014-10-16 13:25:20.733109257 +0200
+++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c	2014-10-16 13:25:20.733109257 +0200
@@ -0,0 +1,167 @@
 +/* fips/ecdsa/fips_ecdsa_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1894,9 +1886,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e
 +	}
 +
 +#endif
-diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h
--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec	2013-11-08 17:59:43.116027318 +0100
-+++ openssl-1.0.1e/crypto/fips/fips.h	2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips.h.fips-ec openssl-1.0.1j/crypto/fips/fips.h
+--- openssl-1.0.1j/crypto/fips/fips.h.fips-ec	2014-10-16 13:25:20.701108535 +0200
+++ openssl-1.0.1j/crypto/fips/fips.h	2014-10-16 13:25:20.733109257 +0200
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
 void FIPS_corrupt_dsa_keygen(void);
@ -1906,9 +1898,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi
 void FIPS_corrupt_rng(void);
 void FIPS_rng_stick(void);
 void FIPS_x931_stick(int onoff);
-diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c
--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec	2013-11-08 17:59:43.117027340 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec openssl-1.0.1j/crypto/fips/fips_post.c
+--- openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec	2014-10-16 13:25:20.702108557 +0200
+++ openssl-1.0.1j/crypto/fips/fips_post.c	2014-10-16 13:25:20.733109257 +0200
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
 		rv = 0;
 	if (!FIPS_selftest_rsa())
@ -1922,9 +1914,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi
 	return rv;
 	}
 
-diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile
--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec	2013-11-08 17:59:43.119027384 +0100
-+++ openssl-1.0.1e/crypto/fips/Makefile	2013-11-08 17:59:43.151028090 +0100
+diff -up openssl-1.0.1j/crypto/fips/Makefile.fips-ec openssl-1.0.1j/crypto/fips/Makefile
+--- openssl-1.0.1j/crypto/fips/Makefile.fips-ec	2014-10-16 13:25:20.704108603 +0200
+++ openssl-1.0.1j/crypto/fips/Makefile	2014-10-16 13:25:20.734109280 +0200
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -1941,7 +1933,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
 
 LIBCRYPTO=-L.. -lcrypto
 
-@@ -118,6 +118,21 @@ fips_aes_selftest.o: ../../include/opens
+@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens
 fips_aes_selftest.o: ../../include/openssl/safestack.h
 fips_aes_selftest.o: ../../include/openssl/stack.h
 fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
@ -1963,7 +1955,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
 fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_des_selftest.o: ../../include/openssl/crypto.h
 fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-@@ -231,6 +246,46 @@ fips_dsa_selftest.o: ../../include/opens
+@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens
 fips_dsa_selftest.o: ../../include/openssl/stack.h
 fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
 fips_dsa_selftest.o: fips_locl.h
@ -2010,7 +2002,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
 fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_hmac_selftest.o: ../../include/openssl/crypto.h
 fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-@@ -245,6 +300,15 @@ fips_hmac_selftest.o: ../../include/open
+@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open
 fips_hmac_selftest.o: ../../include/openssl/safestack.h
 fips_hmac_selftest.o: ../../include/openssl/stack.h
 fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
@ -2026,9 +2018,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
 fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map
--- openssl-1.0.1e/version.map.fips-ec	2013-11-08 17:59:43.131027649 +0100
-+++ openssl-1.0.1e/version.map	2013-11-08 17:59:43.151028090 +0100
+diff -up openssl-1.0.1j/version.map.fips-ec openssl-1.0.1j/version.map
+--- openssl-1.0.1j/version.map.fips-ec	2014-10-16 13:25:20.716108873 +0200
+++ openssl-1.0.1j/version.map	2014-10-16 13:25:20.734109280 +0200
@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
 	    _original*;
 	    _current*;
--- a/openssl-1.0.1j-fips.patch
+++ b/openssl-1.0.1j-fips.patch
--- a/openssl.spec
+++ b/openssl.spec
@ -22,8 +22,8 @@

 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.0.1i
-Release: 5%{?dist}
+Version: 1.0.1j
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -58,7 +58,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
 Patch34: openssl-0.9.6-x509.patch
 Patch35: openssl-0.9.8j-version-add-engines.patch
 Patch39: openssl-1.0.1h-ipv6-apps.patch
-Patch40: openssl-1.0.1g-fips.patch
+Patch40: openssl-1.0.1j-fips.patch
 Patch45: openssl-1.0.1e-env-zlib.patch
 Patch47: openssl-1.0.0-beta5-readme-warning.patch
 Patch49: openssl-1.0.1i-algo-doc.patch
@ -72,7 +72,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch
 Patch66: openssl-1.0.1-pkgconfig-krb5.patch
 Patch68: openssl-1.0.1e-secure-getenv.patch
 Patch69: openssl-1.0.1c-dh-1024.patch
-Patch70: openssl-1.0.1e-fips-ec.patch
+Patch70: openssl-1.0.1j-fips-ec.patch
 Patch71: openssl-1.0.1i-manfix.patch
 Patch72: openssl-1.0.1e-fips-ctor.patch
 Patch73: openssl-1.0.1e-ecc-suiteb.patch
@ -84,12 +84,11 @@ Patch90: openssl-1.0.1e-enc-fail.patch
 Patch92: openssl-1.0.1h-system-cipherlist.patch
 Patch93: openssl-1.0.1h-disable-sslv2v3.patch
 # Backported fixes including security fixes
-Patch80: openssl-1.0.1i-evp-wrap.patch
+Patch80: openssl-1.0.1j-evp-wrap.patch
 Patch81: openssl-1.0.1-beta2-padlock64.patch
 Patch84: openssl-1.0.1i-trusted-first.patch
 Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
-Patch89: openssl-1.0.1e-ephemeral-key-size.patch
-Patch94: openssl-1.0.1i-copy-algo.patch
+Patch89: openssl-1.0.1j-ephemeral-key-size.patch

 License: OpenSSL
 Group: System Environment/Libraries
@ -212,7 +211,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch84 -p1 -b .trusted-first
 %patch85 -p1 -b .armcap
 %patch89 -p1 -b .ephemeral
-%patch94 -p1 -b .copy-algo

 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h

@ -480,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig

 %changelog
+* Thu Oct 16 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-1
+- new upstream release fixing multiple security issues
+
 * Fri Oct 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-5
 - copy negotiated digests when switching certs by SNI (#1150032)