From c676ac32d544254b1d40d8579de8d1fb33c18305 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 16 Feb 2017 16:59:27 +0100 Subject: [PATCH] update to upstream version 1.1.0e add documentation of the PROFILE=SYSTEM special cipher string (#1420232) --- .gitignore | 1 + openssl-1.1.0-backports.patch | 147 ------- openssl-1.1.0-build.patch | 96 ----- openssl-1.1.0-ec-curves.patch | 82 +++- openssl-1.1.0-fips.patch | 556 +++++++++++++------------- openssl-1.1.0-system-cipherlist.patch | 83 ++-- openssl.spec | 11 +- sources | 2 +- 8 files changed, 413 insertions(+), 565 deletions(-) delete mode 100644 openssl-1.1.0-backports.patch diff --git a/.gitignore b/.gitignore index 5a227f8..9cbbd5b 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.0b-hobbled.tar.xz /openssl-1.1.0c-hobbled.tar.xz /openssl-1.1.0d-hobbled.tar.xz +/openssl-1.1.0e-hobbled.tar.xz diff --git a/openssl-1.1.0-backports.patch b/openssl-1.1.0-backports.patch deleted file mode 100644 index 1db6e65..0000000 --- a/openssl-1.1.0-backports.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" -Date: Thu, 26 Jan 2017 17:11:14 +0000 -Subject: [PATCH] Use correct signature algorithm list when sending or - checking. - -Reviewed-by: Rich Salz -(Merged from https://github.com/openssl/openssl/pull/2297) ---- - ssl/ssl_locl.h | 2 +- - ssl/statem/statem_srvr.c | 2 +- - ssl/t1_lib.c | 12 ++++++------ - 3 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 4079b31..9a997cf 100644 ---- a/ssl/ssl_locl.h -+++ b/ssl/ssl_locl.h -@@ -2062,7 +2062,7 @@ __owur size_t tls12_copy_sigalgs(SSL *s, unsigned char *out, - const unsigned char *psig, size_t psiglen); - __owur int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); - __owur int tls1_process_sigalgs(SSL *s); --__owur size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); -+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs); - __owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, - const unsigned char *sig, EVP_PKEY *pkey); - void ssl_set_client_disabled(SSL *s); -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index d36d194..ad89e93 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -2002,7 +2002,7 @@ int tls_construct_certificate_request(SSL *s) - if (SSL_USE_SIGALGS(s)) { - const unsigned char *psigs; - unsigned char *etmp = p; -- nl = tls12_get_psigalgs(s, &psigs); -+ nl = tls12_get_psigalgs(s, 1, &psigs); - /* Skip over length for now */ - p += 2; - nl = tls12_copy_sigalgs(s, p, psigs, nl); -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 1205f99..b75e568 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -711,7 +711,7 @@ static const unsigned char suiteb_sigalgs[] = { - tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) - }; - #endif --size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) -+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) - { - /* - * If Suite B mode use Suite B sigalgs only, ignore any other -@@ -733,7 +733,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) - } - #endif - /* If server use client authentication sigalgs if not NULL */ -- if (s->server && s->cert->client_sigalgs) { -+ if (s->server == sent && s->cert->client_sigalgs) { - *psigs = s->cert->client_sigalgs; - return s->cert->client_sigalgslen; - } else if (s->cert->conf_sigalgs) { -@@ -797,7 +797,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, - #endif - - /* Check signature matches a type we sent */ -- sent_sigslen = tls12_get_psigalgs(s, &sent_sigs); -+ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); - for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) { - if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1]) - break; -@@ -1189,7 +1189,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, - size_t salglen; - const unsigned char *salg; - unsigned char *etmp; -- salglen = tls12_get_psigalgs(s, &salg); -+ salglen = tls12_get_psigalgs(s, 1, &salg); - - /*- - * check for enough space. -@@ -3396,7 +3396,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) - * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. To keep - * down calls to security callback only check if we have to. - */ -- sigalgslen = tls12_get_psigalgs(s, &sigalgs); -+ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); - for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) { - switch (sigalgs[1]) { - #ifndef OPENSSL_NO_RSA -@@ -3491,7 +3491,7 @@ static int tls1_set_shared_sigalgs(SSL *s) - conf = c->conf_sigalgs; - conflen = c->conf_sigalgslen; - } else -- conflen = tls12_get_psigalgs(s, &conf); -+ conflen = tls12_get_psigalgs(s, 0, &conf); - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { - pref = conf; - preflen = conflen; --- -2.9.3 - -From b431b094330da3e54805c49fb262192e34bc3864 Mon Sep 17 00:00:00 2001 -From: Richard Levitte -Date: Sat, 28 Jan 2017 17:43:17 +0100 -Subject: [PATCH] X509_CRL_digest() - ensure precomputed sha1 hash before - returning it - -X509_CRL_digest() didn't check if the precomputed sha1 hash was actually -present. This also makes sure there's an appropriate flag to check. - -Reviewed-by: Kurt Roeckx -(Merged from https://github.com/openssl/openssl/pull/2314) -(cherry picked from commit 6195848b2eea627c47f74b63eb2ba3dc3d5b6436) ---- - crypto/x509/x_all.c | 2 +- - crypto/x509/x_crl.c | 2 ++ - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c -index 59f96a5..124dd2d 100644 ---- a/crypto/x509/x_all.c -+++ b/crypto/x509/x_all.c -@@ -377,7 +377,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, - int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) - { -- if (type == EVP_sha1()) { -+ if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { - /* Asking for SHA1; always computed in CRL d2i. */ - if (len != NULL) - *len = sizeof(data->sha1_hash); -diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c -index da9c6b6..dbed850 100644 ---- a/crypto/x509/x_crl.c -+++ b/crypto/x509/x_crl.c -@@ -226,6 +226,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - if (crl->meth->crl_init(crl) == 0) - return 0; - } -+ -+ crl->flags |= EXFLAG_SET; - break; - - case ASN1_OP_FREE_POST: --- -2.9.3 - diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch index dc976f2..41446ed 100644 --- a/openssl-1.1.0-build.patch +++ b/openssl-1.1.0-build.patch @@ -29,99 +29,3 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], -diff -up openssl-1.1.0c/crypto/ec/ec_lib.c.build openssl-1.1.0c/crypto/ec/ec_lib.c ---- openssl-1.1.0c/crypto/ec/ec_lib.c.build 2016-11-10 15:03:44.000000000 +0100 -+++ openssl-1.1.0c/crypto/ec/ec_lib.c 2016-11-11 13:26:36.097400901 +0100 -@@ -74,9 +74,6 @@ void EC_pre_comp_free(EC_GROUP *group) - break; - #endif - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -- case PCT_nistp224: -- EC_nistp224_pre_comp_free(group->pre_comp.nistp224); -- break; - case PCT_nistp256: - EC_nistp256_pre_comp_free(group->pre_comp.nistp256); - break; -@@ -152,9 +149,6 @@ int EC_GROUP_copy(EC_GROUP *dest, const - break; - #endif - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -- case PCT_nistp224: -- dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224); -- break; - case PCT_nistp256: - dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256); - break; -diff -up openssl-1.1.0c/test/ecdhtest_cavs.h.build openssl-1.1.0c/test/ecdhtest_cavs.h ---- openssl-1.1.0c/test/ecdhtest_cavs.h.build 2016-11-11 13:26:36.079400491 +0100 -+++ openssl-1.1.0c/test/ecdhtest_cavs.h 2016-11-11 13:26:36.097400901 +0100 -@@ -29,6 +29,7 @@ typedef struct { - - static const ecdh_cavs_kat_t ecdh_cavs_kats[] = { - /* curves over prime fields go here */ -+#if 0 - { NID_X9_62_prime192v1, - "42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0", - "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523", -@@ -379,6 +380,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k - "a6b29632db94da2125dc1cf80e03702687b2acc1122022fa2174765a", - "61723edd73e10daed73775278f1958ba56f1fc9d085ebc2b64c84fe5", - "71954e2261e8510be1a060733671d2e9d0a2d012eb4e09556d697d2a" }, -+#endif - { NID_X9_62_prime256v1, - "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287", - "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac", -diff -up openssl-1.1.0c/test/ecdhtest.c.build openssl-1.1.0c/test/ecdhtest.c ---- openssl-1.1.0c/test/ecdhtest.c.build 2016-11-10 15:03:47.000000000 +0100 -+++ openssl-1.1.0c/test/ecdhtest.c 2016-11-11 13:26:36.097400901 +0100 -@@ -252,6 +252,7 @@ typedef struct { - - static const ecdh_kat_t ecdh_kats[] = { - /* Keys and shared secrets from RFC 5114 */ -+#if 0 - { NID_X9_62_prime192v1, - "323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426", - "631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62", -@@ -260,6 +261,7 @@ static const ecdh_kat_t ecdh_kats[] = { - "B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F", - "AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18", - "52272F50F46F4EDC9151569092F46DF2D96ECC3B6DC1714A4EA949FA" }, -+#endif - { NID_X9_62_prime256v1, - "814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF", - "2CE1788EC197E096DB95A200CC0AB26A19CE6BCCAD562B8EEE1B593761CF7F41", -@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = { - "01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04" - "D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3" - "DDEA" }, -+#if 0 - /* Keys and shared secrets from RFC 7027 */ - { NID_brainpoolP256r1, - "81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D", -@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = { - "ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429", - "A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76" - "D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" } -+#endif - }; - - /* Given private value and NID, create EC_KEY structure */ -diff -up openssl-1.1.0c/test/ecdsatest.c.build openssl-1.1.0c/test/ecdsatest.c ---- openssl-1.1.0c/test/ecdsatest.c.build 2016-11-10 15:03:47.000000000 +0100 -+++ openssl-1.1.0c/test/ecdsatest.c 2016-11-11 13:26:36.097400901 +0100 -@@ -216,6 +216,7 @@ int x9_62_tests(BIO *out) - if (!change_rand()) - goto x962_err; - -+#if 0 - if (!x9_62_test_internal(out, NID_X9_62_prime192v1, - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) -@@ -226,6 +227,7 @@ int x9_62_tests(BIO *out) - "3238135532097973577080787768312505059318910517550078427819" - "78505179448783")) - goto x962_err; -+#endif - # ifndef OPENSSL_NO_EC2M - if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, - "87194383164871543355722284926904419997237591535066528048", diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch index 2b6059e..32cfb08 100644 --- a/openssl-1.1.0-ec-curves.patch +++ b/openssl-1.1.0-ec-curves.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.0d/apps/speed.c.curves openssl-1.1.0d/apps/speed.c ---- openssl-1.1.0d/apps/speed.c.curves 2017-01-26 14:10:21.000000000 +0100 -+++ openssl-1.1.0d/apps/speed.c 2017-01-26 15:53:33.913324153 +0100 +diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c +--- openssl-1.1.0e/apps/speed.c.curves 2017-02-16 12:58:20.000000000 +0100 ++++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:46:22.271504354 +0100 @@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = { #define R_EC_X25519 16 #ifndef OPENSSL_NO_EC @@ -44,9 +44,9 @@ diff -up openssl-1.1.0d/apps/speed.c.curves openssl-1.1.0d/apps/speed.c {"ecdhx25519", R_EC_X25519}, {NULL} }; -diff -up openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves openssl-1.1.0d/crypto/ec/ecp_smpl.c ---- openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/ec/ecp_smpl.c 2017-01-26 15:53:33.913324153 +0100 +diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp_smpl.c +--- openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/ec/ecp_smpl.c 2017-02-16 15:46:22.264504188 +0100 @@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO return 0; } @@ -59,3 +59,73 @@ diff -up openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves openssl-1.1.0d/crypto/ec/ecp if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) +diff -up openssl-1.1.0e/test/ecdhtest_cavs.h.curves openssl-1.1.0e/test/ecdhtest_cavs.h +--- openssl-1.1.0e/test/ecdhtest_cavs.h.curves 2017-02-16 15:46:22.237503550 +0100 ++++ openssl-1.1.0e/test/ecdhtest_cavs.h 2017-02-16 16:08:16.091687111 +0100 +@@ -29,6 +29,7 @@ typedef struct { + + static const ecdh_cavs_kat_t ecdh_cavs_kats[] = { + /* curves over prime fields go here */ ++#if 0 + { NID_X9_62_prime192v1, + "42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0", + "dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523", +@@ -204,6 +205,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k + "fcd345a976c720caaa97de6697226825615e1287a9eff67e", + "58ea42edbeeafca9ff44cfd7f29abd2cbde7626d79e422c9", + "72e88f3ea67d46d46dbf83926e7e2a6b85b54536741e6d2c" }, ++#endif + { NID_secp224r1, + "af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280", + "882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7", +diff -up openssl-1.1.0e/test/ecdhtest.c.curves openssl-1.1.0e/test/ecdhtest.c +--- openssl-1.1.0e/test/ecdhtest.c.curves 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/test/ecdhtest.c 2017-02-16 16:07:30.412629758 +0100 +@@ -252,10 +252,12 @@ typedef struct { + + static const ecdh_kat_t ecdh_kats[] = { + /* Keys and shared secrets from RFC 5114 */ ++#if 0 + { NID_X9_62_prime192v1, + "323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426", + "631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62", + "AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE" }, ++#endif + { NID_secp224r1, + "B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F", + "AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18", +@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = { + "01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04" + "D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3" + "DDEA" }, ++#if 0 + /* Keys and shared secrets from RFC 7027 */ + { NID_brainpoolP256r1, + "81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D", +@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = { + "ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429", + "A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76" + "D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" } ++#endif + }; + + /* Given private value and NID, create EC_KEY structure */ +diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c +--- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100 +@@ -216,6 +216,7 @@ int x9_62_tests(BIO *out) + if (!change_rand()) + goto x962_err; + ++#if 0 + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) +@@ -226,6 +227,7 @@ int x9_62_tests(BIO *out) + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; ++#endif + # ifndef OPENSSL_NO_EC2M + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index e5fb17b..ebdcc55 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.0d/apps/speed.c.fips openssl-1.1.0d/apps/speed.c ---- openssl-1.1.0d/apps/speed.c.fips 2017-01-26 16:02:29.004335278 +0100 -+++ openssl-1.1.0d/apps/speed.c 2017-01-26 16:02:29.013335037 +0100 +diff -up openssl-1.1.0e/apps/speed.c.fips openssl-1.1.0e/apps/speed.c +--- openssl-1.1.0e/apps/speed.c.fips 2017-02-16 15:42:44.967362611 +0100 ++++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:42:44.975362800 +0100 @@ -1442,7 +1442,9 @@ int speed_main(int argc, char **argv) } # endif @@ -113,9 +113,9 @@ diff -up openssl-1.1.0d/apps/speed.c.fips openssl-1.1.0d/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.0d/Configure.fips openssl-1.1.0d/Configure ---- openssl-1.1.0d/Configure.fips 2017-01-26 16:02:29.010335117 +0100 -+++ openssl-1.1.0d/Configure 2017-01-26 16:02:29.014335010 +0100 +diff -up openssl-1.1.0e/Configure.fips openssl-1.1.0e/Configure +--- openssl-1.1.0e/Configure.fips 2017-02-16 15:42:44.972362729 +0100 ++++ openssl-1.1.0e/Configure 2017-02-16 15:42:44.975362800 +0100 @@ -312,7 +312,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", @@ -125,9 +125,9 @@ diff -up openssl-1.1.0d/Configure.fips openssl-1.1.0d/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; -diff -up openssl-1.1.0d/crypto/bn/bn_rand.c.fips openssl-1.1.0d/crypto/bn/bn_rand.c ---- openssl-1.1.0d/crypto/bn/bn_rand.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/bn/bn_rand.c 2017-01-26 16:02:29.014335010 +0100 +diff -up openssl-1.1.0e/crypto/bn/bn_rand.c.fips openssl-1.1.0e/crypto/bn/bn_rand.c +--- openssl-1.1.0e/crypto/bn/bn_rand.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/bn/bn_rand.c 2017-02-16 15:42:44.975362800 +0100 @@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM goto err; } @@ -143,9 +143,9 @@ diff -up openssl-1.1.0d/crypto/bn/bn_rand.c.fips openssl-1.1.0d/crypto/bn/bn_ran if (RAND_bytes(buf, bytes) <= 0) goto err; -diff -up openssl-1.1.0d/crypto/dh/dh_err.c.fips openssl-1.1.0d/crypto/dh/dh_err.c ---- openssl-1.1.0d/crypto/dh/dh_err.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dh/dh_err.c 2017-01-26 16:02:29.014335010 +0100 +diff -up openssl-1.1.0e/crypto/dh/dh_err.c.fips openssl-1.1.0e/crypto/dh/dh_err.c +--- openssl-1.1.0e/crypto/dh/dh_err.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dh/dh_err.c 2017-02-16 15:42:44.975362800 +0100 @@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, @@ -168,9 +168,9 @@ diff -up openssl-1.1.0d/crypto/dh/dh_err.c.fips openssl-1.1.0d/crypto/dh/dh_err. {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, -diff -up openssl-1.1.0d/crypto/dh/dh_gen.c.fips openssl-1.1.0d/crypto/dh/dh_gen.c ---- openssl-1.1.0d/crypto/dh/dh_gen.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dh/dh_gen.c 2017-01-26 16:02:29.014335010 +0100 +diff -up openssl-1.1.0e/crypto/dh/dh_gen.c.fips openssl-1.1.0e/crypto/dh/dh_gen.c +--- openssl-1.1.0e/crypto/dh/dh_gen.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dh/dh_gen.c 2017-02-16 15:42:44.975362800 +0100 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -214,9 +214,9 @@ diff -up openssl-1.1.0d/crypto/dh/dh_gen.c.fips openssl-1.1.0d/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0d/crypto/dh/dh_key.c.fips openssl-1.1.0d/crypto/dh/dh_key.c ---- openssl-1.1.0d/crypto/dh/dh_key.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dh/dh_key.c 2017-01-26 16:02:29.014335010 +0100 +diff -up openssl-1.1.0e/crypto/dh/dh_key.c.fips openssl-1.1.0e/crypto/dh/dh_key.c +--- openssl-1.1.0e/crypto/dh/dh_key.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dh/dh_key.c 2017-02-16 15:42:44.976362824 +0100 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -300,9 +300,9 @@ diff -up openssl-1.1.0d/crypto/dh/dh_key.c.fips openssl-1.1.0d/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0d/crypto/dsa/dsa_err.c.fips openssl-1.1.0d/crypto/dsa/dsa_err.c ---- openssl-1.1.0d/crypto/dsa/dsa_err.c.fips 2017-01-26 16:02:29.028334636 +0100 -+++ openssl-1.1.0d/crypto/dsa/dsa_err.c 2017-01-26 16:05:40.306217789 +0100 +diff -up openssl-1.1.0e/crypto/dsa/dsa_err.c.fips openssl-1.1.0e/crypto/dsa/dsa_err.c +--- openssl-1.1.0e/crypto/dsa/dsa_err.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dsa/dsa_err.c 2017-02-16 15:42:44.976362824 +0100 @@ -21,10 +21,13 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -330,9 +330,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_err.c.fips openssl-1.1.0d/crypto/dsa/dsa_ {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, {ERR_REASON(DSA_R_SEED_LEN_SMALL), -diff -up openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips openssl-1.1.0d/crypto/dsa/dsa_gen.c ---- openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dsa/dsa_gen.c 2017-01-26 16:02:29.029334609 +0100 +diff -up openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips openssl-1.1.0e/crypto/dsa/dsa_gen.c +--- openssl-1.1.0e/crypto/dsa/dsa_gen.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dsa/dsa_gen.c 2017-02-16 15:42:44.976362824 +0100 @@ -22,12 +22,22 @@ #include #include @@ -494,9 +494,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips openssl-1.1.0d/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.0d/crypto/dsa/dsa_key.c.fips openssl-1.1.0d/crypto/dsa/dsa_key.c ---- openssl-1.1.0d/crypto/dsa/dsa_key.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dsa/dsa_key.c 2017-01-26 16:02:29.029334609 +0100 +diff -up openssl-1.1.0e/crypto/dsa/dsa_key.c.fips openssl-1.1.0e/crypto/dsa/dsa_key.c +--- openssl-1.1.0e/crypto/dsa/dsa_key.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dsa/dsa_key.c 2017-02-16 15:42:44.976362824 +0100 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -576,9 +576,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_key.c.fips openssl-1.1.0d/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0d/crypto/dsa/dsa_ossl.c ---- openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dsa/dsa_ossl.c 2017-01-26 16:02:29.029334609 +0100 +diff -up openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0e/crypto/dsa/dsa_ossl.c +--- openssl-1.1.0e/crypto/dsa/dsa_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dsa/dsa_ossl.c 2017-02-16 15:42:44.976362824 +0100 @@ -15,6 +15,9 @@ #include #include "dsa_locl.h" @@ -638,9 +638,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0d/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0d/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/dsa/dsa_pmeth.c 2017-01-26 16:02:29.029334609 +0100 +diff -up openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0e/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.0e/crypto/dsa/dsa_pmeth.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/dsa/dsa_pmeth.c 2017-02-16 15:42:44.976362824 +0100 @@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -652,9 +652,9 @@ diff -up openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0d/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdh_ossl.c ---- openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/ec/ecdh_ossl.c 2017-01-26 16:02:29.029334609 +0100 +diff -up openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdh_ossl.c +--- openssl-1.1.0e/crypto/ec/ecdh_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/ec/ecdh_ossl.c 2017-02-16 15:42:44.976362824 +0100 @@ -33,9 +33,20 @@ #include #include "ec_lcl.h" @@ -676,9 +676,9 @@ diff -up openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/ec/ecdsa_ossl.c 2017-01-26 16:02:29.030334582 +0100 +diff -up openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0e/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.0e/crypto/ec/ecdsa_ossl.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/ec/ecdsa_ossl.c 2017-02-16 15:42:44.976362824 +0100 @@ -15,6 +15,10 @@ #include #include "ec_lcl.h" @@ -718,9 +718,9 @@ diff -up openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0d/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.0d/crypto/ec/ec_key.c.fips openssl-1.1.0d/crypto/ec/ec_key.c ---- openssl-1.1.0d/crypto/ec/ec_key.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/ec/ec_key.c 2017-01-26 16:02:29.030334582 +0100 +diff -up openssl-1.1.0e/crypto/ec/ec_key.c.fips openssl-1.1.0e/crypto/ec/ec_key.c +--- openssl-1.1.0e/crypto/ec/ec_key.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/ec/ec_key.c 2017-02-16 15:42:44.977362848 +0100 @@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } @@ -785,9 +785,9 @@ diff -up openssl-1.1.0d/crypto/ec/ec_key.c.fips openssl-1.1.0d/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.0d/crypto/err/err_all.c.fips openssl-1.1.0d/crypto/err/err_all.c ---- openssl-1.1.0d/crypto/err/err_all.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/err/err_all.c 2017-01-26 16:02:29.030334582 +0100 +diff -up openssl-1.1.0e/crypto/err/err_all.c.fips openssl-1.1.0e/crypto/err/err_all.c +--- openssl-1.1.0e/crypto/err/err_all.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/err/err_all.c 2017-02-16 15:42:44.977362848 +0100 @@ -43,9 +43,6 @@ int err_load_crypto_strings_int(void) { @@ -798,9 +798,9 @@ diff -up openssl-1.1.0d/crypto/err/err_all.c.fips openssl-1.1.0d/crypto/err/err_ #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || -diff -up openssl-1.1.0d/crypto/evp/c_allc.c.fips openssl-1.1.0d/crypto/evp/c_allc.c ---- openssl-1.1.0d/crypto/evp/c_allc.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/c_allc.c 2017-01-26 16:02:29.030334582 +0100 +diff -up openssl-1.1.0e/crypto/evp/c_allc.c.fips openssl-1.1.0e/crypto/evp/c_allc.c +--- openssl-1.1.0e/crypto/evp/c_allc.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/c_allc.c 2017-02-16 15:42:44.977362848 +0100 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -882,9 +882,9 @@ diff -up openssl-1.1.0d/crypto/evp/c_allc.c.fips openssl-1.1.0d/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0d/crypto/evp/c_alld.c.fips openssl-1.1.0d/crypto/evp/c_alld.c ---- openssl-1.1.0d/crypto/evp/c_alld.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/c_alld.c 2017-01-26 16:02:29.030334582 +0100 +diff -up openssl-1.1.0e/crypto/evp/c_alld.c.fips openssl-1.1.0e/crypto/evp/c_alld.c +--- openssl-1.1.0e/crypto/evp/c_alld.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/c_alld.c 2017-02-16 15:42:44.977362848 +0100 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -911,9 +911,9 @@ diff -up openssl-1.1.0d/crypto/evp/c_alld.c.fips openssl-1.1.0d/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0d/crypto/evp/digest.c.fips openssl-1.1.0d/crypto/evp/digest.c ---- openssl-1.1.0d/crypto/evp/digest.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/digest.c 2017-01-26 16:02:29.030334582 +0100 +diff -up openssl-1.1.0e/crypto/evp/digest.c.fips openssl-1.1.0e/crypto/evp/digest.c +--- openssl-1.1.0e/crypto/evp/digest.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/digest.c 2017-02-16 15:42:44.977362848 +0100 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -973,9 +973,9 @@ diff -up openssl-1.1.0d/crypto/evp/digest.c.fips openssl-1.1.0d/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.c ---- openssl-1.1.0d/crypto/evp/e_aes.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/e_aes.c 2017-01-26 16:02:29.031334556 +0100 +diff -up openssl-1.1.0e/crypto/evp/e_aes.c.fips openssl-1.1.0e/crypto/evp/e_aes.c +--- openssl-1.1.0e/crypto/evp/e_aes.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/e_aes.c 2017-02-16 15:42:44.978362871 +0100 @@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -989,7 +989,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { -@@ -1307,6 +1307,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -1309,6 +1309,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; @@ -1001,7 +1001,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) -@@ -1767,11 +1772,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX +@@ -1769,11 +1774,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX | EVP_CIPH_CUSTOM_COPY) BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, @@ -1019,7 +1019,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -1906,6 +1914,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1908,6 +1916,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; @@ -1034,7 +1034,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, -@@ -1923,8 +1939,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1925,8 +1941,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) @@ -1047,7 +1047,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -2187,11 +2205,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX +@@ -2189,11 +2207,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX #define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, @@ -1062,7 +1062,7 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. typedef struct { union { -@@ -2284,7 +2302,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT +@@ -2286,7 +2304,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT return rv ? (int)rv : -1; } @@ -1071,9 +1071,9 @@ diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.0d/crypto/evp/e_des3.c.fips openssl-1.1.0d/crypto/evp/e_des3.c ---- openssl-1.1.0d/crypto/evp/e_des3.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/e_des3.c 2017-01-26 16:02:29.031334556 +0100 +diff -up openssl-1.1.0e/crypto/evp/e_des3.c.fips openssl-1.1.0e/crypto/evp/e_des3.c +--- openssl-1.1.0e/crypto/evp/e_des3.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/e_des3.c 2017-02-16 15:42:44.978362871 +0100 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1100,9 +1100,9 @@ diff -up openssl-1.1.0d/crypto/evp/e_des3.c.fips openssl-1.1.0d/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.0d/crypto/evp/e_null.c.fips openssl-1.1.0d/crypto/evp/e_null.c ---- openssl-1.1.0d/crypto/evp/e_null.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/e_null.c 2017-01-26 16:02:29.031334556 +0100 +diff -up openssl-1.1.0e/crypto/evp/e_null.c.fips openssl-1.1.0e/crypto/evp/e_null.c +--- openssl-1.1.0e/crypto/evp/e_null.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/e_null.c 2017-02-16 15:42:44.978362871 +0100 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1113,9 +1113,9 @@ diff -up openssl-1.1.0d/crypto/evp/e_null.c.fips openssl-1.1.0d/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_enc.c ---- openssl-1.1.0d/crypto/evp/evp_enc.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/evp_enc.c 2017-01-26 16:02:29.032334529 +0100 +diff -up openssl-1.1.0e/crypto/evp/evp_enc.c.fips openssl-1.1.0e/crypto/evp/evp_enc.c +--- openssl-1.1.0e/crypto/evp/evp_enc.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/evp_enc.c 2017-02-16 15:45:17.526972401 +0100 @@ -16,10 +16,19 @@ #include #include "internal/evp_int.h" @@ -1163,7 +1163,7 @@ diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -133,7 +154,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -134,7 +155,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1171,8 +1171,8 @@ diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_ + ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW; if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); -@@ -191,6 +212,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + ctx->cipher = NULL; +@@ -193,6 +214,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1191,9 +1191,9 @@ diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.0d/crypto/evp/evp_err.c.fips openssl-1.1.0d/crypto/evp/evp_err.c ---- openssl-1.1.0d/crypto/evp/evp_err.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/evp_err.c 2017-01-26 16:07:34.336167390 +0100 +diff -up openssl-1.1.0e/crypto/evp/evp_err.c.fips openssl-1.1.0e/crypto/evp/evp_err.c +--- openssl-1.1.0e/crypto/evp/evp_err.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/evp_err.c 2017-02-16 15:42:44.978362871 +0100 @@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[] {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, @@ -1218,9 +1218,9 @@ diff -up openssl-1.1.0d/crypto/evp/evp_err.c.fips openssl-1.1.0d/crypto/evp/evp_ {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.0d/crypto/evp/evp_lib.c.fips openssl-1.1.0d/crypto/evp/evp_lib.c ---- openssl-1.1.0d/crypto/evp/evp_lib.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/evp_lib.c 2017-01-26 16:02:29.032334529 +0100 +diff -up openssl-1.1.0e/crypto/evp/evp_lib.c.fips openssl-1.1.0e/crypto/evp/evp_lib.c +--- openssl-1.1.0e/crypto/evp/evp_lib.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/evp_lib.c 2017-02-16 15:42:44.978362871 +0100 @@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1231,9 +1231,9 @@ diff -up openssl-1.1.0d/crypto/evp/evp_lib.c.fips openssl-1.1.0d/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.0d/crypto/evp/m_sha1.c.fips openssl-1.1.0d/crypto/evp/m_sha1.c ---- openssl-1.1.0d/crypto/evp/m_sha1.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/evp/m_sha1.c 2017-01-26 16:02:29.032334529 +0100 +diff -up openssl-1.1.0e/crypto/evp/m_sha1.c.fips openssl-1.1.0e/crypto/evp/m_sha1.c +--- openssl-1.1.0e/crypto/evp/m_sha1.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/evp/m_sha1.c 2017-02-16 15:42:44.978362871 +0100 @@ -94,7 +94,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1279,9 +1279,9 @@ diff -up openssl-1.1.0d/crypto/evp/m_sha1.c.fips openssl-1.1.0d/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.0d/crypto/fips/build.info.fips openssl-1.1.0d/crypto/fips/build.info ---- openssl-1.1.0d/crypto/fips/build.info.fips 2017-01-26 16:02:29.032334529 +0100 -+++ openssl-1.1.0d/crypto/fips/build.info 2017-01-26 16:02:29.032334529 +0100 +diff -up openssl-1.1.0e/crypto/fips/build.info.fips openssl-1.1.0e/crypto/fips/build.info +--- openssl-1.1.0e/crypto/fips/build.info.fips 2017-02-16 15:42:44.979362895 +0100 ++++ openssl-1.1.0e/crypto/fips/build.info 2017-02-16 15:42:44.979362895 +0100 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1298,9 +1298,9 @@ diff -up openssl-1.1.0d/crypto/fips/build.info.fips openssl-1.1.0d/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_aes_selftest.c 2017-01-26 16:02:29.033334502 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_aes_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_aes_selftest.c 2017-02-16 15:42:44.979362895 +0100 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1674,9 +1674,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0d/cryp +} + +#endif -diff -up openssl-1.1.0d/crypto/fips/fips.c.fips openssl-1.1.0d/crypto/fips/fips.c ---- openssl-1.1.0d/crypto/fips/fips.c.fips 2017-01-26 16:02:29.033334502 +0100 -+++ openssl-1.1.0d/crypto/fips/fips.c 2017-01-26 16:02:29.033334502 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips.c.fips openssl-1.1.0e/crypto/fips/fips.c +--- openssl-1.1.0e/crypto/fips/fips.c.fips 2017-02-16 15:42:44.979362895 +0100 ++++ openssl-1.1.0e/crypto/fips/fips.c 2017-02-16 15:42:44.979362895 +0100 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2204,9 +2204,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips.c.fips openssl-1.1.0d/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c 2017-01-26 16:02:29.033334502 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_cmac_selftest.c 2017-02-16 15:42:44.979362895 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2364,9 +2364,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0d/cry + return rv; +} +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_des_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_des_selftest.c 2017-01-26 16:02:29.033334502 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_des_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_des_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_des_selftest.c 2017-02-16 15:42:44.979362895 +0100 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2501,9 +2501,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0d/cryp + return ret; +} +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips 2017-01-26 16:02:29.035334448 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_dh_selftest.c 2017-01-26 16:02:29.035334448 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_dh_selftest.c.fips 2017-02-16 15:42:44.979362895 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_dh_selftest.c 2017-02-16 15:42:44.979362895 +0100 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2685,9 +2685,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0d/crypt + return ret; +} +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips 2017-01-26 16:02:29.035334448 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c 2017-01-26 16:02:29.035334448 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c.fips 2017-02-16 15:42:44.980362918 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_ctr.c 2017-02-16 15:42:44.980362918 +0100 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3104,9 +3104,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0d/crypto/f + + return 1; +} -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips 2017-01-26 16:02:29.036334422 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_hash.c 2017-01-26 16:02:29.035334448 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.0e/crypto/fips/fips_drbg_hash.c.fips 2017-02-16 15:42:44.980362918 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_hash.c 2017-02-16 15:42:44.980362918 +0100 @@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3469,9 +3469,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0d/crypto/ + + return 1; +} -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips 2017-01-26 16:02:29.036334422 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c 2017-01-26 16:02:29.036334422 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c.fips 2017-02-16 15:42:44.980362918 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_hmac.c 2017-02-16 15:42:44.980362918 +0100 @@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3745,9 +3745,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0d/crypto/ + + return 1; +} -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips 2017-01-26 16:02:29.036334422 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_lib.c 2017-01-26 16:02:29.036334422 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.0e/crypto/fips/fips_drbg_lib.c.fips 2017-02-16 15:42:44.980362918 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_lib.c 2017-02-16 15:42:44.980362918 +0100 @@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4304,9 +4304,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0d/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips 2017-01-26 16:02:29.036334422 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_rand.c 2017-01-26 16:02:29.036334422 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.0e/crypto/fips/fips_drbg_rand.c.fips 2017-02-16 15:42:44.980362918 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_rand.c 2017-02-16 15:42:44.980362918 +0100 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4491,9 +4491,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0d/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips 2017-01-26 16:02:29.037334395 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c 2017-01-26 16:02:29.037334395 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c.fips 2017-02-16 15:42:44.981362942 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_selftest.c 2017-02-16 15:42:44.981362942 +0100 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5323,9 +5323,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0d/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips 2017-01-26 16:02:29.037334395 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h 2017-01-26 16:02:29.037334395 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h.fips 2017-02-16 15:42:44.982362966 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_drbg_selftest.h 2017-02-16 15:42:44.982362966 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7118,9 +7118,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0d/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c 2017-01-26 16:02:29.038334368 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_dsa_selftest.c 2017-02-16 15:42:44.982362966 +0100 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7317,9 +7317,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0d/cryp + return ret; +} +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c 2017-01-26 16:02:29.038334368 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_ecdh_selftest.c 2017-02-16 15:42:44.982362966 +0100 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7563,9 +7563,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0d/cry +} + +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c 2017-01-26 16:02:29.038334368 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c.fips 2017-02-16 15:42:44.982362966 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_ecdsa_selftest.c 2017-02-16 15:42:44.982362966 +0100 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7733,9 +7733,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0d/cr +} + +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_enc.c.fips openssl-1.1.0d/crypto/fips/fips_enc.c ---- openssl-1.1.0d/crypto/fips/fips_enc.c.fips 2017-01-26 16:02:29.038334368 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_enc.c 2017-01-26 16:02:29.038334368 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_enc.c.fips openssl-1.1.0e/crypto/fips/fips_enc.c +--- openssl-1.1.0e/crypto/fips/fips_enc.c.fips 2017-02-16 15:42:44.982362966 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_enc.c 2017-02-16 15:42:44.982362966 +0100 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7926,9 +7926,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_enc.c.fips openssl-1.1.0d/crypto/fips/f + + } +} -diff -up openssl-1.1.0d/crypto/fips/fips_err.h.fips openssl-1.1.0d/crypto/fips/fips_err.h ---- openssl-1.1.0d/crypto/fips/fips_err.h.fips 2017-01-26 16:02:29.038334368 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_err.h 2017-01-26 16:02:29.038334368 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_err.h.fips openssl-1.1.0e/crypto/fips/fips_err.h +--- openssl-1.1.0e/crypto/fips/fips_err.h.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_err.h 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8126,9 +8126,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_err.h.fips openssl-1.1.0d/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.0d/crypto/fips/fips_ers.c.fips openssl-1.1.0d/crypto/fips/fips_ers.c ---- openssl-1.1.0d/crypto/fips/fips_ers.c.fips 2017-01-26 16:02:29.039334342 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_ers.c 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_ers.c.fips openssl-1.1.0e/crypto/fips/fips_ers.c +--- openssl-1.1.0e/crypto/fips/fips_ers.c.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_ers.c 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,7 @@ +#include + @@ -8137,9 +8137,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_ers.c.fips openssl-1.1.0d/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips 2017-01-26 16:02:29.039334342 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_hmac_selftest.c 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8275,9 +8275,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0d/cry + return 1; +} +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_locl.h.fips openssl-1.1.0d/crypto/fips/fips_locl.h ---- openssl-1.1.0d/crypto/fips/fips_locl.h.fips 2017-01-26 16:02:29.039334342 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_locl.h 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_locl.h.fips openssl-1.1.0e/crypto/fips/fips_locl.h +--- openssl-1.1.0e/crypto/fips/fips_locl.h.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_locl.h 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8350,9 +8350,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_locl.h.fips openssl-1.1.0d/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_md.c.fips openssl-1.1.0d/crypto/fips/fips_md.c ---- openssl-1.1.0d/crypto/fips/fips_md.c.fips 2017-01-26 16:02:29.039334342 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_md.c 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_md.c.fips openssl-1.1.0e/crypto/fips/fips_md.c +--- openssl-1.1.0e/crypto/fips/fips_md.c.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_md.c 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8498,9 +8498,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_md.c.fips openssl-1.1.0d/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.1.0d/crypto/fips/fips_post.c.fips openssl-1.1.0d/crypto/fips/fips_post.c ---- openssl-1.1.0d/crypto/fips/fips_post.c.fips 2017-01-26 16:02:29.039334342 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_post.c 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_post.c.fips openssl-1.1.0e/crypto/fips/fips_post.c +--- openssl-1.1.0e/crypto/fips/fips_post.c.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_post.c 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8724,9 +8724,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_post.c.fips openssl-1.1.0d/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0d/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips 2017-01-26 16:02:29.039334342 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_rand_lcl.h 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0e/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.0e/crypto/fips/fips_rand_lcl.h.fips 2017-02-16 15:42:44.983362989 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_rand_lcl.h 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8937,9 +8937,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0d/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0d/crypto/fips/fips_rand_lib.c ---- openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips 2017-01-26 16:02:29.040334315 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_rand_lib.c 2017-01-26 16:02:29.039334342 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0e/crypto/fips/fips_rand_lib.c +--- openssl-1.1.0e/crypto/fips/fips_rand_lib.c.fips 2017-02-16 15:42:44.984363013 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_rand_lib.c 2017-02-16 15:42:44.983362989 +0100 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9175,9 +9175,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0d/crypto/f +# endif +} + -diff -up openssl-1.1.0d/crypto/fips/fips_randtest.c.fips openssl-1.1.0d/crypto/fips/fips_randtest.c ---- openssl-1.1.0d/crypto/fips/fips_randtest.c.fips 2017-01-26 16:02:29.040334315 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_randtest.c 2017-01-26 16:02:29.040334315 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_randtest.c.fips openssl-1.1.0e/crypto/fips/fips_randtest.c +--- openssl-1.1.0e/crypto/fips/fips_randtest.c.fips 2017-02-16 15:42:44.984363013 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_randtest.c 2017-02-16 15:42:44.984363013 +0100 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -9426,9 +9426,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_randtest.c.fips openssl-1.1.0d/crypto/f +} + +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips 2017-01-26 16:02:29.040334315 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c 2017-01-26 16:02:29.040334315 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c.fips 2017-02-16 15:42:44.984363013 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_rsa_selftest.c 2017-02-16 15:42:44.984363013 +0100 @@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10008,9 +10008,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0d/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips 2017-01-26 16:02:29.040334315 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_sha_selftest.c 2017-01-26 16:02:29.040334315 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0e/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.0e/crypto/fips/fips_sha_selftest.c.fips 2017-02-16 15:42:44.984363013 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_sha_selftest.c 2017-02-16 15:42:44.984363013 +0100 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10150,9 +10150,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0d/cryp +} + +#endif -diff -up openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips 2017-01-26 16:02:29.040334315 +0100 -+++ openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c 2017-01-26 16:02:29.040334315 +0100 +diff -up openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c.fips 2017-02-16 15:42:44.984363013 +0100 ++++ openssl-1.1.0e/crypto/fips/fips_standalone_hmac.c 2017-02-16 15:42:44.984363013 +0100 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10281,9 +10281,9 @@ diff -up openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0d/c +#endif + return 0; +} -diff -up openssl-1.1.0d/crypto/hmac/hmac.c.fips openssl-1.1.0d/crypto/hmac/hmac.c ---- openssl-1.1.0d/crypto/hmac/hmac.c.fips 2017-01-26 14:10:22.000000000 +0100 -+++ openssl-1.1.0d/crypto/hmac/hmac.c 2017-01-26 16:02:29.041334288 +0100 +diff -up openssl-1.1.0e/crypto/hmac/hmac.c.fips openssl-1.1.0e/crypto/hmac/hmac.c +--- openssl-1.1.0e/crypto/hmac/hmac.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/hmac/hmac.c 2017-02-16 15:42:44.984363013 +0100 @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } @@ -10298,9 +10298,9 @@ diff -up openssl-1.1.0d/crypto/hmac/hmac.c.fips openssl-1.1.0d/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.1.0d/crypto/include/internal/fips_int.h.fips openssl-1.1.0d/crypto/include/internal/fips_int.h ---- openssl-1.1.0d/crypto/include/internal/fips_int.h.fips 2017-01-26 16:02:29.041334288 +0100 -+++ openssl-1.1.0d/crypto/include/internal/fips_int.h 2017-01-26 16:02:29.041334288 +0100 +diff -up openssl-1.1.0e/crypto/include/internal/fips_int.h.fips openssl-1.1.0e/crypto/include/internal/fips_int.h +--- openssl-1.1.0e/crypto/include/internal/fips_int.h.fips 2017-02-16 15:42:44.985363037 +0100 ++++ openssl-1.1.0e/crypto/include/internal/fips_int.h 2017-02-16 15:42:44.985363037 +0100 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10403,9 +10403,9 @@ diff -up openssl-1.1.0d/crypto/include/internal/fips_int.h.fips openssl-1.1.0d/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.0d/crypto/o_fips.c.fips openssl-1.1.0d/crypto/o_fips.c ---- openssl-1.1.0d/crypto/o_fips.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/o_fips.c 2017-01-26 16:02:29.041334288 +0100 +diff -up openssl-1.1.0e/crypto/o_fips.c.fips openssl-1.1.0e/crypto/o_fips.c +--- openssl-1.1.0e/crypto/o_fips.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/o_fips.c 2017-02-16 15:42:44.985363037 +0100 @@ -9,7 +9,10 @@ #include "internal/cryptlib.h" @@ -10434,9 +10434,9 @@ diff -up openssl-1.1.0d/crypto/o_fips.c.fips openssl-1.1.0d/crypto/o_fips.c #else if (r == 0) return 1; -diff -up openssl-1.1.0d/crypto/o_init.c.fips openssl-1.1.0d/crypto/o_init.c ---- openssl-1.1.0d/crypto/o_init.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/o_init.c 2017-01-26 16:02:29.041334288 +0100 +diff -up openssl-1.1.0e/crypto/o_init.c.fips openssl-1.1.0e/crypto/o_init.c +--- openssl-1.1.0e/crypto/o_init.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/o_init.c 2017-02-16 15:42:44.985363037 +0100 @@ -7,11 +7,50 @@ * https://www.openssl.org/source/license.html */ @@ -10523,9 +10523,9 @@ diff -up openssl-1.1.0d/crypto/o_init.c.fips openssl-1.1.0d/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.1.0d/crypto/rand/md_rand.c.fips openssl-1.1.0d/crypto/rand/md_rand.c ---- openssl-1.1.0d/crypto/rand/md_rand.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rand/md_rand.c 2017-01-26 16:02:29.041334288 +0100 +diff -up openssl-1.1.0e/crypto/rand/md_rand.c.fips openssl-1.1.0e/crypto/rand/md_rand.c +--- openssl-1.1.0e/crypto/rand/md_rand.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/rand/md_rand.c 2017-02-16 15:42:44.985363037 +0100 @@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; @@ -10535,9 +10535,9 @@ diff -up openssl-1.1.0d/crypto/rand/md_rand.c.fips openssl-1.1.0d/crypto/rand/md RAND_poll(); initialized = 1; } -diff -up openssl-1.1.0d/crypto/rand/rand_err.c.fips openssl-1.1.0d/crypto/rand/rand_err.c ---- openssl-1.1.0d/crypto/rand/rand_err.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rand/rand_err.c 2017-01-26 16:02:29.041334288 +0100 +diff -up openssl-1.1.0e/crypto/rand/rand_err.c.fips openssl-1.1.0e/crypto/rand/rand_err.c +--- openssl-1.1.0e/crypto/rand/rand_err.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/rand/rand_err.c 2017-02-16 15:42:44.985363037 +0100 @@ -20,10 +20,13 @@ static ERR_STRING_DATA RAND_str_functs[] = { @@ -10552,9 +10552,9 @@ diff -up openssl-1.1.0d/crypto/rand/rand_err.c.fips openssl-1.1.0d/crypto/rand/r {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; -diff -up openssl-1.1.0d/crypto/rand/rand_lcl.h.fips openssl-1.1.0d/crypto/rand/rand_lcl.h ---- openssl-1.1.0d/crypto/rand/rand_lcl.h.fips 2017-01-26 16:02:28.830339932 +0100 -+++ openssl-1.1.0d/crypto/rand/rand_lcl.h 2017-01-26 16:02:29.045334181 +0100 +diff -up openssl-1.1.0e/crypto/rand/rand_lcl.h.fips openssl-1.1.0e/crypto/rand/rand_lcl.h +--- openssl-1.1.0e/crypto/rand/rand_lcl.h.fips 2017-02-16 15:42:44.817359061 +0100 ++++ openssl-1.1.0e/crypto/rand/rand_lcl.h 2017-02-16 15:42:44.985363037 +0100 @@ -10,7 +10,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -10564,9 +10564,9 @@ diff -up openssl-1.1.0d/crypto/rand/rand_lcl.h.fips openssl-1.1.0d/crypto/rand/r # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # define USE_SHA1_RAND -diff -up openssl-1.1.0d/crypto/rand/rand_lib.c.fips openssl-1.1.0d/crypto/rand/rand_lib.c ---- openssl-1.1.0d/crypto/rand/rand_lib.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rand/rand_lib.c 2017-01-26 16:02:29.047334128 +0100 +diff -up openssl-1.1.0e/crypto/rand/rand_lib.c.fips openssl-1.1.0e/crypto/rand/rand_lib.c +--- openssl-1.1.0e/crypto/rand/rand_lib.c.fips 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/rand/rand_lib.c 2017-02-16 15:42:44.985363037 +0100 @@ -18,6 +18,8 @@ #ifdef OPENSSL_FIPS # include @@ -10704,9 +10704,9 @@ diff -up openssl-1.1.0d/crypto/rand/rand_lib.c.fips openssl-1.1.0d/crypto/rand/r +} + +#endif -diff -up openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0d/crypto/rsa/rsa_crpt.c ---- openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_crpt.c 2017-01-26 16:02:29.048334101 +0100 +diff -up openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0e/crypto/rsa/rsa_crpt.c +--- openssl-1.1.0e/crypto/rsa/rsa_crpt.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/rsa/rsa_crpt.c 2017-02-16 15:42:44.986363060 +0100 @@ -28,24 +28,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10760,9 +10760,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0d/crypto/rsa/rsa return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.1.0d/crypto/rsa/rsa_err.c.fips openssl-1.1.0d/crypto/rsa/rsa_err.c ---- openssl-1.1.0d/crypto/rsa/rsa_err.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_err.c 2017-01-26 16:02:29.049334074 +0100 +diff -up openssl-1.1.0e/crypto/rsa/rsa_err.c.fips openssl-1.1.0e/crypto/rsa/rsa_err.c +--- openssl-1.1.0e/crypto/rsa/rsa_err.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/rsa/rsa_err.c 2017-02-16 15:42:44.986363060 +0100 @@ -21,6 +21,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, @@ -10808,9 +10808,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_err.c.fips openssl-1.1.0d/crypto/rsa/rsa_ {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips openssl-1.1.0d/crypto/rsa/rsa_gen.c ---- openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips 2017-01-26 16:02:29.007335198 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:02:29.051334021 +0100 +diff -up openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips openssl-1.1.0e/crypto/rsa/rsa_gen.c +--- openssl-1.1.0e/crypto/rsa/rsa_gen.c.fips 2017-02-16 15:42:44.969362658 +0100 ++++ openssl-1.1.0e/crypto/rsa/rsa_gen.c 2017-02-16 15:42:44.986363060 +0100 @@ -18,6 +18,75 @@ #include "internal/cryptlib.h" #include @@ -11189,9 +11189,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips openssl-1.1.0d/crypto/rsa/rsa_ ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips openssl-1.1.0d/crypto/rsa/rsa_lib.c ---- openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_lib.c 2017-01-26 16:02:29.052333994 +0100 +diff -up openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips openssl-1.1.0e/crypto/rsa/rsa_lib.c +--- openssl-1.1.0e/crypto/rsa/rsa_lib.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/rsa/rsa_lib.c 2017-02-16 15:42:44.986363060 +0100 @@ -26,6 +26,12 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11247,9 +11247,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips openssl-1.1.0d/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0d/crypto/rsa/rsa_ossl.c ---- openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_ossl.c 2017-01-26 16:02:29.053333967 +0100 +diff -up openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0e/crypto/rsa/rsa_ossl.c +--- openssl-1.1.0e/crypto/rsa/rsa_ossl.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/rsa/rsa_ossl.c 2017-02-16 15:42:44.986363060 +0100 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -11353,9 +11353,9 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0d/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips openssl-1.1.0d/crypto/rsa/rsa_sign.c ---- openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/rsa/rsa_sign.c 2017-01-26 16:02:29.054333940 +0100 +diff -up openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips openssl-1.1.0e/crypto/rsa/rsa_sign.c +--- openssl-1.1.0e/crypto/rsa/rsa_sign.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/rsa/rsa_sign.c 2017-02-16 15:42:44.986363060 +0100 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -11382,9 +11382,22 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips openssl-1.1.0d/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.0d/crypto/sha/sha256.c.fips openssl-1.1.0d/crypto/sha/sha256.c ---- openssl-1.1.0d/crypto/sha/sha256.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/sha/sha256.c 2017-01-26 16:02:29.055333914 +0100 +diff -up openssl-1.1.0e/crypto/sha/sha_locl.h.fips openssl-1.1.0e/crypto/sha/sha_locl.h +--- openssl-1.1.0e/crypto/sha/sha_locl.h.fips 2017-02-16 15:42:44.738357192 +0100 ++++ openssl-1.1.0e/crypto/sha/sha_locl.h 2017-02-16 15:42:44.987363084 +0100 +@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c + + int HASH_INIT(SHA_CTX *c) + { ++#if defined(OPENSSL_FIPS) ++ FIPS_selftest_check(); ++#endif + memset(c, 0, sizeof(*c)); + c->h0 = INIT_DATA_h0; + c->h1 = INIT_DATA_h1; +diff -up openssl-1.1.0e/crypto/sha/sha256.c.fips openssl-1.1.0e/crypto/sha/sha256.c +--- openssl-1.1.0e/crypto/sha/sha256.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/sha/sha256.c 2017-02-16 15:42:44.986363060 +0100 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -11405,9 +11418,9 @@ diff -up openssl-1.1.0d/crypto/sha/sha256.c.fips openssl-1.1.0d/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.0d/crypto/sha/sha512.c.fips openssl-1.1.0d/crypto/sha/sha512.c ---- openssl-1.1.0d/crypto/sha/sha512.c.fips 2017-01-26 14:10:23.000000000 +0100 -+++ openssl-1.1.0d/crypto/sha/sha512.c 2017-01-26 16:02:29.055333914 +0100 +diff -up openssl-1.1.0e/crypto/sha/sha512.c.fips openssl-1.1.0e/crypto/sha/sha512.c +--- openssl-1.1.0e/crypto/sha/sha512.c.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/crypto/sha/sha512.c 2017-02-16 15:42:44.987363084 +0100 @@ -62,6 +62,9 @@ int SHA384_Init(SHA512_CTX *c) @@ -11428,22 +11441,9 @@ diff -up openssl-1.1.0d/crypto/sha/sha512.c.fips openssl-1.1.0d/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.0d/crypto/sha/sha_locl.h.fips openssl-1.1.0d/crypto/sha/sha_locl.h ---- openssl-1.1.0d/crypto/sha/sha_locl.h.fips 2017-01-26 16:02:28.826340039 +0100 -+++ openssl-1.1.0d/crypto/sha/sha_locl.h 2017-01-26 16:02:29.054333940 +0100 -@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c - - int HASH_INIT(SHA_CTX *c) - { -+#if defined(OPENSSL_FIPS) -+ FIPS_selftest_check(); -+#endif - memset(c, 0, sizeof(*c)); - c->h0 = INIT_DATA_h0; - c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips 2017-01-26 14:10:24.000000000 +0100 -+++ openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod 2017-01-26 16:02:29.056333887 +0100 +diff -up openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod +--- openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod.fips 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/doc/crypto/DSA_generate_parameters.pod 2017-02-16 15:42:44.987363084 +0100 @@ -29,8 +29,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -11457,9 +11457,9 @@ diff -up openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.0d/include/openssl/crypto.h.fips openssl-1.1.0d/include/openssl/crypto.h ---- openssl-1.1.0d/include/openssl/crypto.h.fips 2017-01-26 14:10:24.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/crypto.h 2017-01-26 16:02:29.057333860 +0100 +diff -up openssl-1.1.0e/include/openssl/crypto.h.fips openssl-1.1.0e/include/openssl/crypto.h +--- openssl-1.1.0e/include/openssl/crypto.h.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/crypto.h 2017-02-16 15:42:44.987363084 +0100 @@ -332,6 +332,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -11472,9 +11472,9 @@ diff -up openssl-1.1.0d/include/openssl/crypto.h.fips openssl-1.1.0d/include/ope void OPENSSL_init(void); struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -diff -up openssl-1.1.0d/include/openssl/dh.h.fips openssl-1.1.0d/include/openssl/dh.h ---- openssl-1.1.0d/include/openssl/dh.h.fips 2017-01-26 14:10:24.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/dh.h 2017-01-26 16:02:29.058333833 +0100 +diff -up openssl-1.1.0e/include/openssl/dh.h.fips openssl-1.1.0e/include/openssl/dh.h +--- openssl-1.1.0e/include/openssl/dh.h.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/dh.h 2017-02-16 15:42:44.987363084 +0100 @@ -30,6 +30,7 @@ extern "C" { # endif @@ -11506,9 +11506,9 @@ diff -up openssl-1.1.0d/include/openssl/dh.h.fips openssl-1.1.0d/include/openssl # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.0d/include/openssl/dsa.h.fips openssl-1.1.0d/include/openssl/dsa.h ---- openssl-1.1.0d/include/openssl/dsa.h.fips 2017-01-26 14:10:24.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/dsa.h 2017-01-26 16:08:36.807496229 +0100 +diff -up openssl-1.1.0e/include/openssl/dsa.h.fips openssl-1.1.0e/include/openssl/dsa.h +--- openssl-1.1.0e/include/openssl/dsa.h.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/dsa.h 2017-02-16 15:42:44.987363084 +0100 @@ -36,6 +36,7 @@ extern "C" { # endif @@ -11554,9 +11554,9 @@ diff -up openssl-1.1.0d/include/openssl/dsa.h.fips openssl-1.1.0d/include/openss # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.0d/include/openssl/evp.h.fips openssl-1.1.0d/include/openssl/evp.h ---- openssl-1.1.0d/include/openssl/evp.h.fips 2017-01-26 14:10:24.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/evp.h 2017-01-26 16:09:01.024848394 +0100 +diff -up openssl-1.1.0e/include/openssl/evp.h.fips openssl-1.1.0e/include/openssl/evp.h +--- openssl-1.1.0e/include/openssl/evp.h.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/evp.h 2017-02-16 15:42:44.988363108 +0100 @@ -1458,6 +1458,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 @@ -11581,9 +11581,9 @@ diff -up openssl-1.1.0d/include/openssl/evp.h.fips openssl-1.1.0d/include/openss # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.0d/include/openssl/fips.h.fips openssl-1.1.0d/include/openssl/fips.h ---- openssl-1.1.0d/include/openssl/fips.h.fips 2017-01-26 16:02:29.060333780 +0100 -+++ openssl-1.1.0d/include/openssl/fips.h 2017-01-26 16:02:29.059333807 +0100 +diff -up openssl-1.1.0e/include/openssl/fips.h.fips openssl-1.1.0e/include/openssl/fips.h +--- openssl-1.1.0e/include/openssl/fips.h.fips 2017-02-16 15:42:44.988363108 +0100 ++++ openssl-1.1.0e/include/openssl/fips.h 2017-02-16 15:42:44.988363108 +0100 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11771,9 +11771,9 @@ diff -up openssl-1.1.0d/include/openssl/fips.h.fips openssl-1.1.0d/include/opens +} +# endif +#endif -diff -up openssl-1.1.0d/include/openssl/fips_rand.h.fips openssl-1.1.0d/include/openssl/fips_rand.h ---- openssl-1.1.0d/include/openssl/fips_rand.h.fips 2017-01-26 16:02:29.060333780 +0100 -+++ openssl-1.1.0d/include/openssl/fips_rand.h 2017-01-26 16:02:29.060333780 +0100 +diff -up openssl-1.1.0e/include/openssl/fips_rand.h.fips openssl-1.1.0e/include/openssl/fips_rand.h +--- openssl-1.1.0e/include/openssl/fips_rand.h.fips 2017-02-16 15:42:44.988363108 +0100 ++++ openssl-1.1.0e/include/openssl/fips_rand.h 2017-02-16 15:42:44.988363108 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11920,9 +11920,9 @@ diff -up openssl-1.1.0d/include/openssl/fips_rand.h.fips openssl-1.1.0d/include/ +# endif +# endif +#endif -diff -up openssl-1.1.0d/include/openssl/opensslconf.h.in.fips openssl-1.1.0d/include/openssl/opensslconf.h.in ---- openssl-1.1.0d/include/openssl/opensslconf.h.in.fips 2017-01-26 14:10:25.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/opensslconf.h.in 2017-01-26 16:02:29.060333780 +0100 +diff -up openssl-1.1.0e/include/openssl/opensslconf.h.in.fips openssl-1.1.0e/include/openssl/opensslconf.h.in +--- openssl-1.1.0e/include/openssl/opensslconf.h.in.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/opensslconf.h.in 2017-02-16 15:42:44.988363108 +0100 @@ -136,6 +136,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11935,9 +11935,9 @@ diff -up openssl-1.1.0d/include/openssl/opensslconf.h.in.fips openssl-1.1.0d/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.0d/include/openssl/rand.h.fips openssl-1.1.0d/include/openssl/rand.h ---- openssl-1.1.0d/include/openssl/rand.h.fips 2017-01-26 14:10:25.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/rand.h 2017-01-26 16:02:29.061333753 +0100 +diff -up openssl-1.1.0e/include/openssl/rand.h.fips openssl-1.1.0e/include/openssl/rand.h +--- openssl-1.1.0e/include/openssl/rand.h.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/rand.h 2017-02-16 15:42:44.988363108 +0100 @@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) #endif @@ -11962,9 +11962,9 @@ diff -up openssl-1.1.0d/include/openssl/rand.h.fips openssl-1.1.0d/include/opens # define RAND_R_PRNG_NOT_SEEDED 100 # ifdef __cplusplus -diff -up openssl-1.1.0d/include/openssl/rsa.h.fips openssl-1.1.0d/include/openssl/rsa.h ---- openssl-1.1.0d/include/openssl/rsa.h.fips 2017-01-26 14:10:25.000000000 +0100 -+++ openssl-1.1.0d/include/openssl/rsa.h 2017-01-26 16:02:29.061333753 +0100 +diff -up openssl-1.1.0e/include/openssl/rsa.h.fips openssl-1.1.0e/include/openssl/rsa.h +--- openssl-1.1.0e/include/openssl/rsa.h.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/rsa.h 2017-02-16 15:42:44.988363108 +0100 @@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); /* Function codes. */ # define RSA_F_CHECK_PADDING_MD 140 @@ -12009,9 +12009,9 @@ diff -up openssl-1.1.0d/include/openssl/rsa.h.fips openssl-1.1.0d/include/openss # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.1.0d/ssl/ssl_ciph.c.fips openssl-1.1.0d/ssl/ssl_ciph.c ---- openssl-1.1.0d/ssl/ssl_ciph.c.fips 2017-01-26 16:02:29.011335091 +0100 -+++ openssl-1.1.0d/ssl/ssl_ciph.c 2017-01-26 16:02:29.062333726 +0100 +diff -up openssl-1.1.0e/ssl/ssl_ciph.c.fips openssl-1.1.0e/ssl/ssl_ciph.c +--- openssl-1.1.0e/ssl/ssl_ciph.c.fips 2017-02-16 15:42:44.973362753 +0100 ++++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 15:42:44.989363131 +0100 @@ -404,7 +404,8 @@ void ssl_load_ciphers(void) } } @@ -12031,9 +12031,9 @@ diff -up openssl-1.1.0d/ssl/ssl_ciph.c.fips openssl-1.1.0d/ssl/ssl_ciph.c continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || -diff -up openssl-1.1.0d/ssl/ssl_init.c.fips openssl-1.1.0d/ssl/ssl_init.c ---- openssl-1.1.0d/ssl/ssl_init.c.fips 2017-01-26 14:10:25.000000000 +0100 -+++ openssl-1.1.0d/ssl/ssl_init.c 2017-01-26 16:02:29.062333726 +0100 +diff -up openssl-1.1.0e/ssl/ssl_init.c.fips openssl-1.1.0e/ssl/ssl_init.c +--- openssl-1.1.0e/ssl/ssl_init.c.fips 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/ssl/ssl_init.c 2017-02-16 15:42:44.989363131 +0100 @@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -12077,10 +12077,10 @@ diff -up openssl-1.1.0d/ssl/ssl_init.c.fips openssl-1.1.0d/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.0d/ssl/ssl_lib.c.fips openssl-1.1.0d/ssl/ssl_lib.c ---- openssl-1.1.0d/ssl/ssl_lib.c.fips 2017-01-26 16:02:29.012335064 +0100 -+++ openssl-1.1.0d/ssl/ssl_lib.c 2017-01-26 16:02:29.063333699 +0100 -@@ -2405,13 +2405,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.0e/ssl/ssl_lib.c.fips openssl-1.1.0e/ssl/ssl_lib.c +--- openssl-1.1.0e/ssl/ssl_lib.c.fips 2017-02-16 15:42:44.973362753 +0100 ++++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 15:42:44.989363131 +0100 +@@ -2413,13 +2413,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -12105,9 +12105,9 @@ diff -up openssl-1.1.0d/ssl/ssl_lib.c.fips openssl-1.1.0d/ssl/ssl_lib.c } if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.0d/test/dsatest.c.fips openssl-1.1.0d/test/dsatest.c ---- openssl-1.1.0d/test/dsatest.c.fips 2017-01-26 14:10:25.000000000 +0100 -+++ openssl-1.1.0d/test/dsatest.c 2017-01-26 16:02:29.063333699 +0100 +diff -up openssl-1.1.0e/test/dsatest.c.fips openssl-1.1.0e/test/dsatest.c +--- openssl-1.1.0e/test/dsatest.c.fips 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/test/dsatest.c 2017-02-16 15:42:44.989363131 +0100 @@ -32,41 +32,42 @@ int main(int argc, char *argv[]) static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -12196,9 +12196,9 @@ diff -up openssl-1.1.0d/test/dsatest.c.fips openssl-1.1.0d/test/dsatest.c goto end; } if (h != 2) { -diff -up openssl-1.1.0d/util/mkdef.pl.fips openssl-1.1.0d/util/mkdef.pl ---- openssl-1.1.0d/util/mkdef.pl.fips 2017-01-26 14:10:26.000000000 +0100 -+++ openssl-1.1.0d/util/mkdef.pl 2017-01-26 16:02:29.064333673 +0100 +diff -up openssl-1.1.0e/util/mkdef.pl.fips openssl-1.1.0e/util/mkdef.pl +--- openssl-1.1.0e/util/mkdef.pl.fips 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/util/mkdef.pl 2017-02-16 15:42:44.989363131 +0100 @@ -307,6 +307,8 @@ $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; $crypto.=" include/openssl/ct.h"; diff --git a/openssl-1.1.0-system-cipherlist.patch b/openssl-1.1.0-system-cipherlist.patch index 859fd37..9f63162 100644 --- a/openssl-1.1.0-system-cipherlist.patch +++ b/openssl-1.1.0-system-cipherlist.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0b/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist 2016-09-26 15:57:34.000000000 +0200 -+++ openssl-1.1.0b/Configurations/unix-Makefile.tmpl 2016-09-26 16:41:17.796148764 +0200 -@@ -157,6 +157,10 @@ MANDIR=$(INSTALLTOP)/share/man +diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0e/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist 2017-02-16 16:15:38.658931413 +0100 ++++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl 2017-02-16 16:15:38.675931806 +0100 +@@ -161,6 +161,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -12,7 +12,7 @@ diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist open # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -167,7 +171,7 @@ HTMLSUFFIX=html +@@ -171,7 +175,7 @@ HTMLSUFFIX=html CROSS_COMPILE= {- $config{cross_compile_prefix} -} CC= $(CROSS_COMPILE){- $target{cc} -} @@ -21,9 +21,9 @@ diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.system-cipherlist open CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} LDFLAGS= {- $target{lflags} -} PLIB_LDFLAGS= {- $target{plib_lflags} -} -diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure ---- openssl-1.1.0b/Configure.system-cipherlist 2016-09-26 15:57:34.000000000 +0200 -+++ openssl-1.1.0b/Configure 2016-09-26 16:41:45.002787753 +0200 +diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure +--- openssl-1.1.0e/Configure.system-cipherlist 2017-02-16 12:58:20.000000000 +0100 ++++ openssl-1.1.0e/Configure 2017-02-16 16:15:38.679931899 +0100 @@ -18,7 +18,7 @@ use if $^O ne "VMS", 'File::Glob' => qw/ # see INSTALL for instructions. @@ -43,7 +43,7 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure # --cross-compile-prefix Add specified prefix to binutils components. # # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for -@@ -292,6 +295,7 @@ $config{openssldir}=""; +@@ -293,6 +296,7 @@ $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; $config{cross_compile_prefix}=""; @@ -51,7 +51,7 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure $config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; my $nofipscanistercheck=0; $config{baseaddr}="0xFB00000"; -@@ -716,6 +720,10 @@ foreach (@argvcopy) +@@ -718,6 +722,10 @@ while (@argvcopy) { $config{baseaddr}="$1"; } @@ -62,7 +62,7 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure elsif (/^--cross-compile-prefix=(.*)$/) { $config{cross_compile_prefix}=$1; -@@ -841,6 +849,8 @@ if ($target =~ m/^CygWin32(-.*)$/) { +@@ -851,6 +859,8 @@ if ($target =~ m/^CygWin32(-.*)$/) { $target = "Cygwin".$1; } @@ -71,9 +71,28 @@ diff -up openssl-1.1.0b/Configure.system-cipherlist openssl-1.1.0b/Configure foreach (sort (keys %disabled)) { $config{options} .= " no-$_"; -diff -up openssl-1.1.0b/include/openssl/ssl.h.system-cipherlist openssl-1.1.0b/include/openssl/ssl.h ---- openssl-1.1.0b/include/openssl/ssl.h.system-cipherlist 2016-09-26 11:46:07.000000000 +0200 -+++ openssl-1.1.0b/include/openssl/ssl.h 2016-09-26 16:58:03.752760070 +0200 +diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/doc/apps/ciphers.pod +--- openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/doc/apps/ciphers.pod 2017-02-16 16:37:14.043219953 +0100 +@@ -181,6 +181,15 @@ As of OpenSSL 1.0.0, the B cipher s + + The cipher suites not enabled by B, currently B. + ++=item B ++ ++The list of enabled cipher suites will be loaded from the system crypto policy ++configuration file B. ++See also L. ++This is the default behavior unless an application explicitly sets a cipher ++list. If used in a cipher list configuration value this string must be at the ++beginning of the cipher list, otherwise it will not be recognized. ++ + =item B + + "high" encryption cipher suites. This currently means those with key lengths +diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/include/openssl/ssl.h +--- openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/ssl.h 2017-02-16 16:15:38.676931830 +0100 @@ -201,6 +201,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -86,9 +105,9 @@ diff -up openssl-1.1.0b/include/openssl/ssl.h.system-cipherlist openssl-1.1.0b/i /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ciph.c ---- openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist 2016-09-26 11:46:07.000000000 +0200 -+++ openssl-1.1.0b/ssl/ssl_ciph.c 2016-09-26 16:51:33.056591689 +0200 +diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ciph.c +--- openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 16:15:38.691932177 +0100 @@ -1289,6 +1289,50 @@ static int check_suiteb_cipher_list(cons } #endif @@ -140,7 +159,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) **cipher_list, STACK_OF(SSL_CIPHER) **cipher_list_by_id, -@@ -1296,19 +1340,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1296,19 +1341,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; @@ -173,7 +192,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ #endif /* -@@ -1331,7 +1385,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1331,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -182,7 +201,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1401,8 +1455,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1401,8 +1456,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -192,7 +211,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ } /* -@@ -1447,9 +1500,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1447,9 +1501,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -203,7 +222,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1475,8 +1527,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1475,8 +1528,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -213,7 +232,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ } /* -@@ -1484,8 +1535,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1484,8 +1536,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -223,7 +242,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ } /* -@@ -1496,21 +1546,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1496,21 +1547,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { @@ -249,7 +268,7 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ } sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; -@@ -1520,6 +1570,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1520,6 +1571,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); sk_SSL_CIPHER_sort(*cipher_list_by_id); @@ -262,9 +281,9 @@ diff -up openssl-1.1.0b/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0b/ssl/ssl_ return (cipherstack); } -diff -up openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0b/ssl/ssl_lib.c ---- openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist 2016-09-26 15:57:34.000000000 +0200 -+++ openssl-1.1.0b/ssl/ssl_lib.c 2016-09-26 16:55:23.668003396 +0200 +diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_lib.c +--- openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist 2017-02-16 16:15:38.673931760 +0100 ++++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 16:15:38.692932200 +0100 @@ -509,7 +509,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), @@ -274,7 +293,7 @@ diff -up openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0b/ssl/ssl_l if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); -@@ -2395,7 +2395,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -2403,7 +2403,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m #endif if (!ssl_create_cipher_list(ret->method, &ret->cipher_list, &ret->cipher_list_by_id, @@ -283,9 +302,9 @@ diff -up openssl-1.1.0b/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0b/ssl/ssl_l || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -up openssl-1.1.0b/test/cipherlist_test.c.system-cipherlist openssl-1.1.0b/test/cipherlist_test.c ---- openssl-1.1.0b/test/cipherlist_test.c.system-cipherlist 2016-09-26 11:46:08.000000000 +0200 -+++ openssl-1.1.0b/test/cipherlist_test.c 2016-09-26 17:18:29.380513853 +0200 +diff -up openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist openssl-1.1.0e/test/cipherlist_test.c +--- openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/test/cipherlist_test.c 2017-02-16 16:15:38.677931853 +0100 @@ -190,7 +190,9 @@ int main(int argc, char **argv) { int result = 0; diff --git a/openssl.spec b/openssl.spec index 4876a57..4f2d57d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,8 +21,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.0d -Release: 3%{?dist} +Version: 1.1.0e +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -61,7 +61,6 @@ Patch42: openssl-1.1.0-fips.patch Patch43: openssl-1.1.0-afalg-eventfd2.patch Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch # Backported fixes including security fixes -Patch60: openssl-1.1.0-backports.patch License: OpenSSL Group: System Environment/Libraries @@ -162,8 +161,6 @@ cp %{SOURCE13} test/ %patch43 -p1 -b .eventfd2 %patch44 -p1 -b .preserve-nl -%patch60 -p1 -b .backports - %build # Figure out which flags we want to use. # default @@ -430,6 +427,10 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Thu Feb 16 2017 Tomáš Mráz 1.1.0e-1 +- update to upstream version 1.1.0e +- add documentation of the PROFILE=SYSTEM special cipher string (#1420232) + * Sat Feb 11 2017 Fedora Release Engineering - 1:1.1.0d-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index e0f4a59..bbc4696 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.0d-hobbled.tar.xz) = 375cecff07762593606d5e3ea145cf3dfad8ab5ce2fa2b696ffa2fbff9b45b929259f481c44d1db475183030e70eb443ae8c73ee9257fb766597032b27654349 +SHA512 (openssl-1.1.0e-hobbled.tar.xz) = 7db753907c211427ed494d92915c255d05faf9b47f22febfffbfe2be602777b6b82d7c71793003c2ebbbf7f67708c80a72aacde2582501ae63761b1090523974