diff --git a/openssl-1.1.0-issuer-hash.patch b/openssl-1.1.0-issuer-hash.patch index 4e1337e..f10e676 100644 --- a/openssl-1.1.0-issuer-hash.patch +++ b/openssl-1.1.0-issuer-hash.patch @@ -1,12 +1,12 @@ -Index: openssl-1.1.1d/crypto/x509/x509_cmp.c +Index: openssl-1.1.1j/crypto/x509/x509_cmp.c =================================================================== ---- openssl-1.1.1d.orig/crypto/x509/x509_cmp.c 2019-09-10 15:13:07.000000000 +0200 -+++ openssl-1.1.1d/crypto/x509/x509_cmp.c 2020-01-23 13:45:11.404634047 +0100 +--- openssl-1.1.1j.orig/crypto/x509/x509_cmp.c ++++ openssl-1.1.1j/crypto/x509/x509_cmp.c @@ -38,6 +38,7 @@ unsigned long X509_issuer_and_serial_has if (ctx == NULL) goto err; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) + if (f == NULL) goto err; diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch index 54710f6..1fdd9a4 100644 --- a/openssl-1.1.1-evp-kdf.patch +++ b/openssl-1.1.1-evp-kdf.patch @@ -1,8 +1,8 @@ -Index: openssl-1.1.1e/crypto/err/openssl.txt +Index: openssl-1.1.1j/crypto/err/openssl.txt =================================================================== ---- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 14:37:07.940876078 +0100 -+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 16:12:06.574822921 +0100 -@@ -753,6 +753,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn +--- openssl-1.1.1j.orig/crypto/err/openssl.txt ++++ openssl-1.1.1j/crypto/err/openssl.txt +@@ -754,6 +754,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate @@ -12,7 +12,7 @@ Index: openssl-1.1.1e/crypto/err/openssl.txt EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex EVP_F_EVP_MD_SIZE:162:EVP_MD_size EVP_F_EVP_OPENINIT:102:EVP_OpenInit -@@ -815,12 +818,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k +@@ -816,12 +819,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen @@ -44,7 +44,7 @@ Index: openssl-1.1.1e/crypto/err/openssl.txt KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init -@@ -832,6 +854,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc +@@ -833,6 +855,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init @@ -52,15 +52,15 @@ Index: openssl-1.1.1e/crypto/err/openssl.txt KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid -@@ -2284,6 +2307,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on +@@ -2290,6 +2313,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_PARAMETER_TOO_LARGE:187:parameter too large + EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error - EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ -@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed +@@ -2327,6 +2351,7 @@ KDF_R_MISSING_SEED:106:missing seed KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type KDF_R_VALUE_ERROR:108:value error KDF_R_VALUE_MISSING:102:value missing @@ -68,10 +68,10 @@ Index: openssl-1.1.1e/crypto/err/openssl.txt OBJ_R_OID_EXISTS:102:oid exists OBJ_R_UNKNOWN_NID:101:unknown nid OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error -Index: openssl-1.1.1e/crypto/evp/build.info +Index: openssl-1.1.1j/crypto/evp/build.info =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/build.info 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-20 14:37:08.204877468 +0100 +--- openssl-1.1.1j.orig/crypto/evp/build.info ++++ openssl-1.1.1j/crypto/evp/build.info @@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -82,10 +82,10 @@ Index: openssl-1.1.1e/crypto/evp/build.info e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c cmeth_lib.c -Index: openssl-1.1.1e/crypto/evp/evp_err.c +Index: openssl-1.1.1j/crypto/evp/evp_err.c =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/evp_err.c 2020-03-20 14:37:08.036876583 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-20 14:37:08.204877468 +0100 +--- openssl-1.1.1j.orig/crypto/evp/evp_err.c ++++ openssl-1.1.1j/crypto/evp/evp_err.c @@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), "EVP_EncryptFinal_ex"}, @@ -117,13 +117,13 @@ Index: openssl-1.1.1e/crypto/evp/evp_err.c "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), + "parameter too large"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), - "partially overlapping buffers"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, -Index: openssl-1.1.1e/crypto/evp/evp_local.h +Index: openssl-1.1.1j/crypto/evp/evp_local.h =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/evp_local.h 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-20 16:12:26.722928201 +0100 +--- openssl-1.1.1j.orig/crypto/evp/evp_local.h ++++ openssl-1.1.1j/crypto/evp/evp_local.h @@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ } /* EVP_CIPHER_CTX */ ; @@ -136,10 +136,10 @@ Index: openssl-1.1.1e/crypto/evp/evp_local.h int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, -Index: openssl-1.1.1e/crypto/evp/evp_pbe.c +Index: openssl-1.1.1j/crypto/evp/evp_pbe.c =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/evp_pbe.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-20 14:37:08.204877468 +0100 +--- openssl-1.1.1j.orig/crypto/evp/evp_pbe.c ++++ openssl-1.1.1j/crypto/evp/evp_pbe.c @@ -12,6 +12,7 @@ #include #include @@ -148,10 +148,10 @@ Index: openssl-1.1.1e/crypto/evp/evp_pbe.c #include "evp_local.h" /* Password based encryption (PBE) functions */ -Index: openssl-1.1.1e/crypto/evp/kdf_lib.c +Index: openssl-1.1.1j/crypto/evp/kdf_lib.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-20 16:12:06.574822921 +0100 +--- /dev/null ++++ openssl-1.1.1j/crypto/evp/kdf_lib.c @@ -0,0 +1,165 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -318,10 +318,10 @@ Index: openssl-1.1.1e/crypto/evp/kdf_lib.c + return ctx->kmeth->derive(ctx->impl, key, keylen); +} + -Index: openssl-1.1.1e/crypto/evp/p5_crpt2.c +Index: openssl-1.1.1j/crypto/evp/p5_crpt2.c =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/p5_crpt2.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-20 14:37:08.208877488 +0100 +--- openssl-1.1.1j.orig/crypto/evp/p5_crpt2.c ++++ openssl-1.1.1j/crypto/evp/p5_crpt2.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -470,10 +470,10 @@ Index: openssl-1.1.1e/crypto/evp/p5_crpt2.c } int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -Index: openssl-1.1.1e/crypto/evp/pbe_scrypt.c +Index: openssl-1.1.1j/crypto/evp/pbe_scrypt.c =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/pbe_scrypt.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-20 14:37:08.208877488 +0100 +--- openssl-1.1.1j.orig/crypto/evp/pbe_scrypt.c ++++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c @@ -7,135 +7,12 @@ * https://www.openssl.org/source/license.html */ @@ -744,10 +744,10 @@ Index: openssl-1.1.1e/crypto/evp/pbe_scrypt.c } + #endif -Index: openssl-1.1.1e/crypto/evp/pkey_kdf.c +Index: openssl-1.1.1j/crypto/evp/pkey_kdf.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-20 16:11:56.326769377 +0100 +--- /dev/null ++++ openssl-1.1.1j/crypto/evp/pkey_kdf.c @@ -0,0 +1,255 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1004,10 +1004,10 @@ Index: openssl-1.1.1e/crypto/evp/pkey_kdf.c + pkey_kdf_ctrl_str +}; + -Index: openssl-1.1.1e/include/crypto/evp.h +Index: openssl-1.1.1j/include/crypto/evp.h =================================================================== ---- openssl-1.1.1e.orig/include/crypto/evp.h 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-20 16:12:06.574822921 +0100 +--- openssl-1.1.1j.orig/include/crypto/evp.h ++++ openssl-1.1.1j/include/crypto/evp.h @@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m extern const EVP_PKEY_METHOD poly1305_pkey_meth; extern const EVP_PKEY_METHOD siphash_pkey_meth; @@ -1033,19 +1033,19 @@ Index: openssl-1.1.1e/include/crypto/evp.h struct evp_md_st { int type; int pkey_type; -Index: openssl-1.1.1e/crypto/kdf/build.info +Index: openssl-1.1.1j/crypto/kdf/build.info =================================================================== ---- openssl-1.1.1e.orig/crypto/kdf/build.info 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-20 16:12:06.574822921 +0100 +--- openssl-1.1.1j.orig/crypto/kdf/build.info ++++ openssl-1.1.1j/crypto/kdf/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - tls1_prf.c kdf_err.c hkdf.c scrypt.c + tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c -Index: openssl-1.1.1e/crypto/kdf/hkdf.c +Index: openssl-1.1.1j/crypto/kdf/hkdf.c =================================================================== ---- openssl-1.1.1e.orig/crypto/kdf/hkdf.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-20 14:37:08.208877488 +0100 +--- openssl-1.1.1j.orig/crypto/kdf/hkdf.c ++++ openssl-1.1.1j/crypto/kdf/hkdf.c @@ -8,32 +8,33 @@ */ @@ -1512,10 +1512,10 @@ Index: openssl-1.1.1e/crypto/kdf/hkdf.c err: OPENSSL_cleanse(prev, sizeof(prev)); -Index: openssl-1.1.1e/crypto/kdf/kdf_err.c +Index: openssl-1.1.1j/crypto/kdf/kdf_err.c =================================================================== ---- openssl-1.1.1e.orig/crypto/kdf/kdf_err.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-20 16:12:06.574822921 +0100 +--- openssl-1.1.1j.orig/crypto/kdf/kdf_err.c ++++ openssl-1.1.1j/crypto/kdf/kdf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT @@ -1571,10 +1571,10 @@ Index: openssl-1.1.1e/crypto/kdf/kdf_err.c {0, NULL} }; -Index: openssl-1.1.1e/crypto/kdf/kdf_local.h +Index: openssl-1.1.1j/crypto/kdf/kdf_local.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/crypto/kdf/kdf_local.h @@ -0,0 +1,22 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1598,10 +1598,10 @@ Index: openssl-1.1.1e/crypto/kdf/kdf_local.h + int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), + int cmd, const char *md_name); + -Index: openssl-1.1.1e/crypto/kdf/kdf_util.c +Index: openssl-1.1.1j/crypto/kdf/kdf_util.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/crypto/kdf/kdf_util.c @@ -0,0 +1,73 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1676,10 +1676,10 @@ Index: openssl-1.1.1e/crypto/kdf/kdf_util.c + return call_ctrl(ctrl, impl, cmd, md); +} + -Index: openssl-1.1.1e/crypto/kdf/pbkdf2.c +Index: openssl-1.1.1j/crypto/kdf/pbkdf2.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/crypto/kdf/pbkdf2.c @@ -0,0 +1,264 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1945,10 +1945,10 @@ Index: openssl-1.1.1e/crypto/kdf/pbkdf2.c + HMAC_CTX_free(hctx_tpl); + return ret; +} -Index: openssl-1.1.1e/crypto/kdf/scrypt.c +Index: openssl-1.1.1j/crypto/kdf/scrypt.c =================================================================== ---- openssl-1.1.1e.orig/crypto/kdf/scrypt.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-20 14:37:08.208877488 +0100 +--- openssl-1.1.1j.orig/crypto/kdf/scrypt.c ++++ openssl-1.1.1j/crypto/kdf/scrypt.c @@ -8,25 +8,34 @@ */ @@ -2537,10 +2537,10 @@ Index: openssl-1.1.1e/crypto/kdf/scrypt.c +} #endif -Index: openssl-1.1.1e/crypto/kdf/tls1_prf.c +Index: openssl-1.1.1j/crypto/kdf/tls1_prf.c =================================================================== ---- openssl-1.1.1e.orig/crypto/kdf/tls1_prf.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-20 14:37:08.208877488 +0100 +--- openssl-1.1.1j.orig/crypto/kdf/tls1_prf.c ++++ openssl-1.1.1j/crypto/kdf/tls1_prf.c @@ -8,11 +8,15 @@ */ @@ -2824,10 +2824,10 @@ Index: openssl-1.1.1e/crypto/kdf/tls1_prf.c OPENSSL_clear_free(tmp, olen); return 0; } -Index: openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod +Index: openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod @@ -0,0 +1,217 @@ +=pod + @@ -3046,10 +3046,10 @@ Index: openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod +L. + +=cut -Index: openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod +Index: openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod @@ -0,0 +1,180 @@ +=pod + @@ -3231,10 +3231,10 @@ Index: openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod +L. + +=cut -Index: openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod +Index: openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod @@ -0,0 +1,78 @@ +=pod + @@ -3314,10 +3314,10 @@ Index: openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod +L. + +=cut -Index: openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod +Index: openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod @@ -0,0 +1,149 @@ +=pod + @@ -3468,10 +3468,10 @@ Index: openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod +L. + +=cut -Index: openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod +Index: openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-20 14:37:08.208877488 +0100 +--- /dev/null ++++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod @@ -0,0 +1,142 @@ +=pod + @@ -3615,11 +3615,11 @@ Index: openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod +L. + +=cut -Index: openssl-1.1.1e/include/openssl/evperr.h +Index: openssl-1.1.1j/include/openssl/evperr.h =================================================================== ---- openssl-1.1.1e.orig/include/openssl/evperr.h 2020-03-20 14:37:08.084876835 +0100 -+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-20 14:37:08.208877488 +0100 -@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void); +--- openssl-1.1.1j.orig/include/openssl/evperr.h ++++ openssl-1.1.1j/include/openssl/evperr.h +@@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 167 @@ -3629,7 +3629,7 @@ Index: openssl-1.1.1e/include/openssl/evperr.h # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 -@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void); +@@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 @@ -3643,18 +3643,18 @@ Index: openssl-1.1.1e/include/openssl/evperr.h # define EVP_F_UPDATE 173 /* -@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void); +@@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_PARAMETER_TOO_LARGE 187 + # define EVP_R_OUTPUT_WOULD_OVERFLOW 184 # define EVP_R_PARTIALLY_OVERLAPPING 162 # define EVP_R_PBKDF2_ERROR 181 - # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 -Index: openssl-1.1.1e/include/openssl/kdferr.h +Index: openssl-1.1.1j/include/openssl/kdferr.h =================================================================== ---- openssl-1.1.1e.orig/include/openssl/kdferr.h 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-20 16:12:06.574822921 +0100 +--- openssl-1.1.1j.orig/include/openssl/kdferr.h ++++ openssl-1.1.1j/include/openssl/kdferr.h @@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void); /* * KDF function codes. @@ -3694,10 +3694,10 @@ Index: openssl-1.1.1e/include/openssl/kdferr.h +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 #endif -Index: openssl-1.1.1e/include/openssl/kdf.h +Index: openssl-1.1.1j/include/openssl/kdf.h =================================================================== ---- openssl-1.1.1e.orig/include/openssl/kdf.h 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-20 16:12:06.574822921 +0100 +--- openssl-1.1.1j.orig/include/openssl/kdf.h ++++ openssl-1.1.1j/include/openssl/kdf.h @@ -10,10 +10,50 @@ #ifndef HEADER_KDF_H # define HEADER_KDF_H @@ -3776,10 +3776,10 @@ Index: openssl-1.1.1e/include/openssl/kdf.h } # endif #endif -Index: openssl-1.1.1e/include/openssl/ossl_typ.h +Index: openssl-1.1.1j/include/openssl/ossl_typ.h =================================================================== ---- openssl-1.1.1e.orig/include/openssl/ossl_typ.h 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-20 14:37:08.212877511 +0100 +--- openssl-1.1.1j.orig/include/openssl/ossl_typ.h ++++ openssl-1.1.1j/include/openssl/ossl_typ.h @@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; @@ -3789,10 +3789,10 @@ Index: openssl-1.1.1e/include/openssl/ossl_typ.h typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; -Index: openssl-1.1.1e/test/build.info +Index: openssl-1.1.1j/test/build.info =================================================================== ---- openssl-1.1.1e.orig/test/build.info 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/build.info 2020-03-20 14:37:08.212877511 +0100 +--- openssl-1.1.1j.orig/test/build.info ++++ openssl-1.1.1j/test/build.info @@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test \ @@ -3814,10 +3814,10 @@ Index: openssl-1.1.1e/test/build.info SOURCE[x509_time_test]=x509_time_test.c INCLUDE[x509_time_test]=../include DEPEND[x509_time_test]=../libcrypto libtestutil.a -Index: openssl-1.1.1e/test/evp_kdf_test.c +Index: openssl-1.1.1j/test/evp_kdf_test.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-20 14:37:08.212877511 +0100 +--- /dev/null ++++ openssl-1.1.1j/test/evp_kdf_test.c @@ -0,0 +1,237 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. @@ -4056,10 +4056,10 @@ Index: openssl-1.1.1e/test/evp_kdf_test.c +#endif + return 1; +} -Index: openssl-1.1.1e/test/evp_test.c +Index: openssl-1.1.1j/test/evp_test.c =================================================================== ---- openssl-1.1.1e.orig/test/evp_test.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/evp_test.c 2020-03-20 14:37:08.212877511 +0100 +--- openssl-1.1.1j.orig/test/evp_test.c ++++ openssl-1.1.1j/test/evp_test.c @@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test encode_test_run, }; @@ -4271,10 +4271,10 @@ Index: openssl-1.1.1e/test/evp_test.c &keypair_test_method, &keygen_test_method, &mac_test_method, -Index: openssl-1.1.1e/test/pkey_meth_kdf_test.c +Index: openssl-1.1.1j/test/pkey_meth_kdf_test.c =================================================================== ---- openssl-1.1.1e.orig/test/pkey_meth_kdf_test.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-20 14:37:08.212877511 +0100 +--- openssl-1.1.1j.orig/test/pkey_meth_kdf_test.c ++++ openssl-1.1.1j/test/pkey_meth_kdf_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -4478,10 +4478,10 @@ Index: openssl-1.1.1e/test/pkey_meth_kdf_test.c } #endif -Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt +Index: openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt =================================================================== ---- openssl-1.1.1e.orig/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-20 16:12:06.574822921 +0100 +--- openssl-1.1.1j.orig/test/recipes/30-test_evp_data/evpkdf.txt ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. @@ -4880,10 +4880,10 @@ Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt +Ctrl.digest = digest:sha512 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14 + -Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt +Index: openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-20 14:37:08.212877511 +0100 +--- /dev/null ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt @@ -0,0 +1,305 @@ +# +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -5190,10 +5190,10 @@ Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt +Ctrl.p = p:1 +Result = INTERNAL_ERROR + -Index: openssl-1.1.1e/test/recipes/30-test_evp_kdf.t +Index: openssl-1.1.1j/test/recipes/30-test_evp_kdf.t =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-20 14:37:08.212877511 +0100 +--- /dev/null ++++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t @@ -0,0 +1,13 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -5208,10 +5208,10 @@ Index: openssl-1.1.1e/test/recipes/30-test_evp_kdf.t +use OpenSSL::Test::Simple; + +simple_test("test_evp_kdf", "evp_kdf_test"); -Index: openssl-1.1.1e/test/recipes/30-test_evp.t +Index: openssl-1.1.1j/test/recipes/30-test_evp.t =================================================================== ---- openssl-1.1.1e.orig/test/recipes/30-test_evp.t 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-20 14:37:08.212877511 +0100 +--- openssl-1.1.1j.orig/test/recipes/30-test_evp.t ++++ openssl-1.1.1j/test/recipes/30-test_evp.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/ setup("test_evp"); @@ -5221,11 +5221,11 @@ Index: openssl-1.1.1e/test/recipes/30-test_evp.t "evpcase.txt", "evpccmcavs.txt" ); plan tests => scalar(@files); -Index: openssl-1.1.1e/util/libcrypto.num +Index: openssl-1.1.1j/util/libcrypto.num =================================================================== ---- openssl-1.1.1e.orig/util/libcrypto.num 2020-03-20 14:37:08.088876857 +0100 -+++ openssl-1.1.1e/util/libcrypto.num 2020-03-20 16:11:58.798782289 +0100 -@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength +--- openssl-1.1.1j.orig/util/libcrypto.num ++++ openssl-1.1.1j/util/libcrypto.num +@@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: @@ -5237,10 +5237,10 @@ Index: openssl-1.1.1e/util/libcrypto.num +EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION: +EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION: +EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION: -Index: openssl-1.1.1e/util/private.num +Index: openssl-1.1.1j/util/private.num =================================================================== ---- openssl-1.1.1e.orig/util/private.num 2020-03-20 14:37:07.856875635 +0100 -+++ openssl-1.1.1e/util/private.num 2020-03-20 14:37:08.212877511 +0100 +--- openssl-1.1.1j.orig/util/private.num ++++ openssl-1.1.1j/util/private.num @@ -22,6 +22,7 @@ CRYPTO_EX_dup CRYPTO_EX_free datatype CRYPTO_EX_new datatype @@ -5249,10 +5249,10 @@ Index: openssl-1.1.1e/util/private.num EVP_PKEY_gen_cb datatype EVP_PKEY_METHOD datatype EVP_PKEY_ASN1_METHOD datatype -Index: openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c +Index: openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/e_chacha20_poly1305.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-20 16:12:44.271019899 +0100 +--- openssl-1.1.1j.orig/crypto/evp/e_chacha20_poly1305.c ++++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c @@ -14,8 +14,8 @@ # include @@ -5263,10 +5263,10 @@ Index: openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c # include "crypto/chacha.h" typedef struct { -Index: openssl-1.1.1e/crypto/evp/encode.c +Index: openssl-1.1.1j/crypto/evp/encode.c =================================================================== ---- openssl-1.1.1e.orig/crypto/evp/encode.c 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-20 16:15:09.491778701 +0100 +--- openssl-1.1.1j.orig/crypto/evp/encode.c ++++ openssl-1.1.1j/crypto/evp/encode.c @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index 42138c7..cabaffd 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,7 +1,7 @@ -Index: openssl-1.1.1h/apps/pkcs12.c +Index: openssl-1.1.1j/apps/pkcs12.c =================================================================== ---- openssl-1.1.1h.orig/apps/pkcs12.c 2020-09-22 22:42:56.986158135 +0200 -+++ openssl-1.1.1h/apps/pkcs12.c 2020-09-22 22:42:58.426167464 +0200 +--- openssl-1.1.1j.orig/apps/pkcs12.c ++++ openssl-1.1.1j/apps/pkcs12.c @@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv) int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; @@ -11,10 +11,10 @@ Index: openssl-1.1.1h/apps/pkcs12.c #else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; #endif -Index: openssl-1.1.1h/apps/speed.c +Index: openssl-1.1.1j/apps/speed.c =================================================================== ---- openssl-1.1.1h.orig/apps/speed.c 2020-09-22 22:42:56.990158161 +0200 -+++ openssl-1.1.1h/apps/speed.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/apps/speed.c ++++ openssl-1.1.1j/apps/speed.c @@ -1674,7 +1674,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { @@ -165,10 +165,10 @@ Index: openssl-1.1.1h/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -Index: openssl-1.1.1h/Configure +Index: openssl-1.1.1j/Configure =================================================================== ---- openssl-1.1.1h.orig/Configure 2020-09-22 22:42:56.990158161 +0200 -+++ openssl-1.1.1h/Configure 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/Configure ++++ openssl-1.1.1j/Configure @@ -325,7 +325,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", @@ -178,10 +178,10 @@ Index: openssl-1.1.1h/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -Index: openssl-1.1.1h/crypto/cmac/cm_pmeth.c +Index: openssl-1.1.1j/crypto/cmac/cm_pmeth.c =================================================================== ---- openssl-1.1.1h.orig/crypto/cmac/cm_pmeth.c 2020-09-22 22:42:56.990158161 +0200 -+++ openssl-1.1.1h/crypto/cmac/cm_pmeth.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/cmac/cm_pmeth.c ++++ openssl-1.1.1j/crypto/cmac/cm_pmeth.c @@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD cmac_pkey_meth = { @@ -191,10 +191,10 @@ Index: openssl-1.1.1h/crypto/cmac/cm_pmeth.c pkey_cmac_init, pkey_cmac_copy, pkey_cmac_cleanup, -Index: openssl-1.1.1h/crypto/dh/dh_err.c +Index: openssl-1.1.1j/crypto/dh/dh_err.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dh/dh_err.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dh/dh_err.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dh/dh_err.c ++++ openssl-1.1.1j/crypto/dh/dh_err.c @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -220,10 +220,10 @@ Index: openssl-1.1.1h/crypto/dh/dh_err.c {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -Index: openssl-1.1.1h/crypto/dh/dh_gen.c +Index: openssl-1.1.1j/crypto/dh/dh_gen.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dh/dh_gen.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dh/dh_gen.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dh/dh_gen.c ++++ openssl-1.1.1j/crypto/dh/dh_gen.c @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -267,10 +267,10 @@ Index: openssl-1.1.1h/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -Index: openssl-1.1.1h/crypto/dh/dh_key.c +Index: openssl-1.1.1j/crypto/dh/dh_key.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dh/dh_key.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dh/dh_key.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dh/dh_key.c ++++ openssl-1.1.1j/crypto/dh/dh_key.c @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_local.h" @@ -281,7 +281,7 @@ Index: openssl-1.1.1h/crypto/dh/dh_key.c static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -22,18 +25,32 @@ static int dh_finish(DH *dh); +@@ -22,6 +25,13 @@ static int dh_finish(DH *dh); int DH_generate_key(DH *dh) { @@ -295,6 +295,8 @@ Index: openssl-1.1.1h/crypto/dh/dh_key.c return dh->meth->generate_key(dh); } +@@ -31,6 +41,13 @@ int DH_generate_key(DH *dh) + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { +#ifdef OPENSSL_FIPS @@ -304,18 +306,19 @@ Index: openssl-1.1.1h/crypto/dh/dh_key.c + return 0; + } +#endif - return dh->meth->compute_key(key, pub_key, dh); - } + int ret = 0, i; + volatile size_t npad = 0, mask = 1; - int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { +@@ -59,7 +76,7 @@ int DH_compute_key_padded(unsigned char int rv, pad; + + /* rv is constant unless compute_key is external */ - rv = dh->meth->compute_key(key, pub_key, dh); + rv = DH_compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; -@@ -82,6 +99,14 @@ static int generate_key(DH *dh) +@@ -109,6 +126,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -330,7 +333,7 @@ Index: openssl-1.1.1h/crypto/dh/dh_key.c if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); return 0; -@@ -179,6 +204,13 @@ static int compute_key(unsigned char *ke +@@ -206,6 +231,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -344,7 +347,7 @@ Index: openssl-1.1.1h/crypto/dh/dh_key.c ctx = BN_CTX_new(); if (ctx == NULL) -@@ -228,6 +260,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -255,6 +287,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -354,10 +357,10 @@ Index: openssl-1.1.1h/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -Index: openssl-1.1.1h/crypto/dh/dh_pmeth.c +Index: openssl-1.1.1j/crypto/dh/dh_pmeth.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dh/dh_pmeth.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dh/dh_pmeth.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dh/dh_pmeth.c ++++ openssl-1.1.1j/crypto/dh/dh_pmeth.c @@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * const EVP_PKEY_METHOD dh_pkey_meth = { @@ -376,10 +379,10 @@ Index: openssl-1.1.1h/crypto/dh/dh_pmeth.c pkey_dh_init, pkey_dh_copy, pkey_dh_cleanup, -Index: openssl-1.1.1h/crypto/dsa/dsa_err.c +Index: openssl-1.1.1j/crypto/dsa/dsa_err.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dsa/dsa_err.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dsa/dsa_err.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dsa/dsa_err.c ++++ openssl-1.1.1j/crypto/dsa/dsa_err.c @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -411,10 +414,10 @@ Index: openssl-1.1.1h/crypto/dsa/dsa_err.c {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -Index: openssl-1.1.1h/crypto/dsa/dsa_gen.c +Index: openssl-1.1.1j/crypto/dsa/dsa_gen.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dsa/dsa_gen.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dsa/dsa_gen.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dsa/dsa_gen.c ++++ openssl-1.1.1j/crypto/dsa/dsa_gen.c @@ -22,12 +22,22 @@ #include #include @@ -576,10 +579,10 @@ Index: openssl-1.1.1h/crypto/dsa/dsa_gen.c +} + +#endif -Index: openssl-1.1.1h/crypto/dsa/dsa_key.c +Index: openssl-1.1.1j/crypto/dsa/dsa_key.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dsa/dsa_key.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dsa/dsa_key.c 2020-09-22 22:42:58.430167490 +0200 +--- openssl-1.1.1j.orig/crypto/dsa/dsa_key.c ++++ openssl-1.1.1j/crypto/dsa/dsa_key.c @@ -13,10 +13,49 @@ #include #include "dsa_local.h" @@ -659,10 +662,10 @@ Index: openssl-1.1.1h/crypto/dsa/dsa_key.c ok = 1; err: -Index: openssl-1.1.1h/crypto/dsa/dsa_ossl.c +Index: openssl-1.1.1j/crypto/dsa/dsa_ossl.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dsa/dsa_ossl.c 2020-09-22 22:42:56.994158186 +0200 -+++ openssl-1.1.1h/crypto/dsa/dsa_ossl.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/dsa/dsa_ossl.c ++++ openssl-1.1.1j/crypto/dsa/dsa_ossl.c @@ -14,6 +14,9 @@ #include #include "dsa_local.h" @@ -722,10 +725,10 @@ Index: openssl-1.1.1h/crypto/dsa/dsa_ossl.c dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -Index: openssl-1.1.1h/crypto/dsa/dsa_pmeth.c +Index: openssl-1.1.1j/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.1.1h.orig/crypto/dsa/dsa_pmeth.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/dsa/dsa_pmeth.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/dsa/dsa_pmeth.c ++++ openssl-1.1.1j/crypto/dsa/dsa_pmeth.c @@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -746,10 +749,10 @@ Index: openssl-1.1.1h/crypto/dsa/dsa_pmeth.c pkey_dsa_init, pkey_dsa_copy, pkey_dsa_cleanup, -Index: openssl-1.1.1h/crypto/ec/ecdh_ossl.c +Index: openssl-1.1.1j/crypto/ec/ecdh_ossl.c =================================================================== ---- openssl-1.1.1h.orig/crypto/ec/ecdh_ossl.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/ec/ecdh_ossl.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/ec/ecdh_ossl.c ++++ openssl-1.1.1j/crypto/ec/ecdh_ossl.c @@ -19,9 +19,20 @@ #include #include "ec_local.h" @@ -771,10 +774,10 @@ Index: openssl-1.1.1h/crypto/ec/ecdh_ossl.c if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -Index: openssl-1.1.1h/crypto/ec/ecdsa_ossl.c +Index: openssl-1.1.1j/crypto/ec/ecdsa_ossl.c =================================================================== ---- openssl-1.1.1h.orig/crypto/ec/ecdsa_ossl.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/ec/ecdsa_ossl.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/ec/ecdsa_ossl.c ++++ openssl-1.1.1j/crypto/ec/ecdsa_ossl.c @@ -14,6 +14,11 @@ #include "crypto/bn.h" #include "ec_local.h" @@ -815,10 +818,10 @@ Index: openssl-1.1.1h/crypto/ec/ecdsa_ossl.c /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -Index: openssl-1.1.1h/crypto/ec/ec_key.c +Index: openssl-1.1.1j/crypto/ec/ec_key.c =================================================================== ---- openssl-1.1.1h.orig/crypto/ec/ec_key.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/ec/ec_key.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/ec/ec_key.c ++++ openssl-1.1.1j/crypto/ec/ec_key.c @@ -179,14 +179,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -884,10 +887,10 @@ Index: openssl-1.1.1h/crypto/ec/ec_key.c ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -Index: openssl-1.1.1h/crypto/ec/ec_pmeth.c +Index: openssl-1.1.1j/crypto/ec/ec_pmeth.c =================================================================== ---- openssl-1.1.1h.orig/crypto/ec/ec_pmeth.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/ec/ec_pmeth.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/ec/ec_pmeth.c ++++ openssl-1.1.1j/crypto/ec/ec_pmeth.c @@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * const EVP_PKEY_METHOD ec_pkey_meth = { @@ -897,10 +900,10 @@ Index: openssl-1.1.1h/crypto/ec/ec_pmeth.c pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, -Index: openssl-1.1.1h/crypto/evp/c_allc.c +Index: openssl-1.1.1j/crypto/evp/c_allc.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/c_allc.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/c_allc.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/c_allc.c ++++ openssl-1.1.1j/crypto/evp/c_allc.c @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -982,10 +985,10 @@ Index: openssl-1.1.1h/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.1.1h/crypto/evp/c_alld.c +Index: openssl-1.1.1j/crypto/evp/c_alld.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/c_alld.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/c_alld.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/c_alld.c ++++ openssl-1.1.1j/crypto/evp/c_alld.c @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -1021,10 +1024,10 @@ Index: openssl-1.1.1h/crypto/evp/c_alld.c + } +#endif } -Index: openssl-1.1.1h/crypto/evp/digest.c +Index: openssl-1.1.1j/crypto/evp/digest.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/digest.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/digest.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/digest.c ++++ openssl-1.1.1j/crypto/evp/digest.c @@ -14,6 +14,9 @@ #include #include "crypto/evp.h" @@ -1085,10 +1088,10 @@ Index: openssl-1.1.1h/crypto/evp/digest.c OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -Index: openssl-1.1.1h/crypto/evp/e_aes.c +Index: openssl-1.1.1j/crypto/evp/e_aes.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/e_aes.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/e_aes.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/e_aes.c ++++ openssl-1.1.1j/crypto/evp/e_aes.c @@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. @@ -1211,10 +1214,10 @@ Index: openssl-1.1.1h/crypto/evp/e_aes.c | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -Index: openssl-1.1.1h/crypto/evp/e_des3.c +Index: openssl-1.1.1j/crypto/evp/e_des3.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/e_des3.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/e_des3.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/e_des3.c ++++ openssl-1.1.1j/crypto/evp/e_des3.c @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1241,10 +1244,10 @@ Index: openssl-1.1.1h/crypto/evp/e_des3.c static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -Index: openssl-1.1.1h/crypto/evp/e_null.c +Index: openssl-1.1.1j/crypto/evp/e_null.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/e_null.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/e_null.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/e_null.c ++++ openssl-1.1.1j/crypto/evp/e_null.c @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1255,11 +1258,11 @@ Index: openssl-1.1.1h/crypto/evp/e_null.c null_init_key, null_cipher, NULL, -Index: openssl-1.1.1h/crypto/evp/evp_enc.c +Index: openssl-1.1.1j/crypto/evp/evp_enc.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/evp_enc.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/evp_enc.c 2020-09-22 22:42:58.434167516 +0200 -@@ -17,10 +17,19 @@ +--- openssl-1.1.1j.orig/crypto/evp/evp_enc.c ++++ openssl-1.1.1j/crypto/evp/evp_enc.c +@@ -18,10 +18,19 @@ #include #include "crypto/evp.h" #include "evp_local.h" @@ -1280,7 +1283,7 @@ Index: openssl-1.1.1h/crypto/evp/evp_enc.c return 1; if (c->cipher != NULL) { if (c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX +@@ -40,6 +49,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -1293,7 +1296,7 @@ Index: openssl-1.1.1h/crypto/evp/evp_enc.c return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -68,6 +83,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1306,7 +1309,7 @@ Index: openssl-1.1.1h/crypto/evp/evp_enc.c #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -137,7 +158,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1315,7 +1318,7 @@ Index: openssl-1.1.1h/crypto/evp/evp_enc.c if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; -@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -196,6 +217,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1334,10 +1337,10 @@ Index: openssl-1.1.1h/crypto/evp/evp_enc.c if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -Index: openssl-1.1.1h/crypto/evp/evp_err.c +Index: openssl-1.1.1j/crypto/evp/evp_err.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/evp_err.c 2020-09-22 22:42:56.998158213 +0200 -+++ openssl-1.1.1h/crypto/evp/evp_err.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/evp_err.c ++++ openssl-1.1.1j/crypto/evp/evp_err.c @@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), "aes_t4_xts_init_key"}, @@ -1354,7 +1357,7 @@ Index: openssl-1.1.1h/crypto/evp/evp_err.c {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -249,6 +251,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -251,6 +253,7 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1362,7 +1365,7 @@ Index: openssl-1.1.1h/crypto/evp/evp_err.c {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -274,6 +277,8 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -276,6 +279,8 @@ static const ERR_STRING_DATA EVP_str_rea "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, @@ -1371,10 +1374,10 @@ Index: openssl-1.1.1h/crypto/evp/evp_err.c {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), "xts duplicated keys"}, {0, NULL} -Index: openssl-1.1.1h/crypto/evp/evp_lib.c +Index: openssl-1.1.1j/crypto/evp/evp_lib.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/evp_lib.c 2020-09-22 22:42:57.002158239 +0200 -+++ openssl-1.1.1h/crypto/evp/evp_lib.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/evp_lib.c ++++ openssl-1.1.1j/crypto/evp/evp_lib.c @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1385,10 +1388,10 @@ Index: openssl-1.1.1h/crypto/evp/evp_lib.c return ctx->cipher->do_cipher(ctx, out, in, inl); } -Index: openssl-1.1.1h/crypto/evp/m_sha1.c +Index: openssl-1.1.1j/crypto/evp/m_sha1.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/m_sha1.c 2020-09-22 22:42:57.002158239 +0200 -+++ openssl-1.1.1h/crypto/evp/m_sha1.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/m_sha1.c ++++ openssl-1.1.1j/crypto/evp/m_sha1.c @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1452,10 +1455,10 @@ Index: openssl-1.1.1h/crypto/evp/m_sha1.c init512, update512, final512, -Index: openssl-1.1.1h/crypto/evp/m_sha3.c +Index: openssl-1.1.1j/crypto/evp/m_sha3.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/m_sha3.c 2020-09-22 22:42:57.002158239 +0200 -+++ openssl-1.1.1h/crypto/evp/m_sha3.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/m_sha3.c ++++ openssl-1.1.1j/crypto/evp/m_sha3.c @@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ @@ -1510,10 +1513,10 @@ Index: openssl-1.1.1h/crypto/evp/m_sha3.c shake_init, \ sha3_update, \ sha3_final, \ -Index: openssl-1.1.1h/crypto/evp/pmeth_lib.c +Index: openssl-1.1.1j/crypto/evp/pmeth_lib.c =================================================================== ---- openssl-1.1.1h.orig/crypto/evp/pmeth_lib.c 2020-09-22 22:42:57.002158239 +0200 -+++ openssl-1.1.1h/crypto/evp/pmeth_lib.c 2020-09-22 22:42:58.434167516 +0200 +--- openssl-1.1.1j.orig/crypto/evp/pmeth_lib.c ++++ openssl-1.1.1j/crypto/evp/pmeth_lib.c @@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE pmeth = ENGINE_get_pkey_meth(e, id); else @@ -1530,10 +1533,10 @@ Index: openssl-1.1.1h/crypto/evp/pmeth_lib.c if (pmeth == NULL) { #ifndef OPENSSL_NO_ENGINE -Index: openssl-1.1.1h/crypto/fips/build.info +Index: openssl-1.1.1j/crypto/fips/build.info =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/build.info 2020-09-22 22:42:58.434167516 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/build.info @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1550,10 +1553,10 @@ Index: openssl-1.1.1h/crypto/fips/build.info +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -Index: openssl-1.1.1h/crypto/fips/fips_aes_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_aes_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_aes_selftest.c 2020-09-22 22:42:58.434167516 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_aes_selftest.c @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1927,10 +1930,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_aes_selftest.c +} + +#endif -Index: openssl-1.1.1h/crypto/fips/fips.c +Index: openssl-1.1.1j/crypto/fips/fips.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips.c 2020-09-22 22:42:58.434167516 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips.c @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2458,10 +2461,10 @@ Index: openssl-1.1.1h/crypto/fips/fips.c +} + +#endif -Index: openssl-1.1.1h/crypto/fips/fips_cmac_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_cmac_selftest.c 2020-09-22 22:42:58.434167516 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2619,10 +2622,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_cmac_selftest.c + return rv; +} +#endif -Index: openssl-1.1.1h/crypto/fips/fips_des_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_des_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_des_selftest.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_des_selftest.c @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2757,10 +2760,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_des_selftest.c + return ret; +} +#endif -Index: openssl-1.1.1h/crypto/fips/fips_dh_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_dh_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_dh_selftest.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_dh_selftest.c @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2942,10 +2945,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_dh_selftest.c + return ret; +} +#endif -Index: openssl-1.1.1h/crypto/fips/fips_drbg_ctr.c +Index: openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_ctr.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3353,10 +3356,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_ctr.c + + return 1; +} -Index: openssl-1.1.1h/crypto/fips/fips_drbg_hash.c +Index: openssl-1.1.1j/crypto/fips/fips_drbg_hash.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_hash.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hash.c @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3712,10 +3715,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_hash.c + + return 1; +} -Index: openssl-1.1.1h/crypto/fips/fips_drbg_hmac.c +Index: openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_hmac.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3979,10 +3982,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_hmac.c + + return 1; +} -Index: openssl-1.1.1h/crypto/fips/fips_drbg_lib.c +Index: openssl-1.1.1j/crypto/fips/fips_drbg_lib.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_lib.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_lib.c @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4512,10 +4515,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_lib.c +{ + /* Just backwards compatibility API call with no effect. */ +} -Index: openssl-1.1.1h/crypto/fips/fips_drbg_rand.c +Index: openssl-1.1.1j/crypto/fips/fips_drbg_rand.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_rand.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_rand.c @@ -0,0 +1,185 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4702,10 +4705,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_rand.c +{ + return &rand_drbg_meth; +} -Index: openssl-1.1.1h/crypto/fips/fips_drbg_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_selftest.c 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5535,10 +5538,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_selftest.c + FIPS_drbg_free(dctx); + return rv; +} -Index: openssl-1.1.1h/crypto/fips/fips_drbg_selftest.h +Index: openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_drbg_selftest.h 2020-09-22 22:42:58.438167541 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7331,10 +7334,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_drbg_selftest.h + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -Index: openssl-1.1.1h/crypto/fips/fips_dsa_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_dsa_selftest.c 2020-09-22 22:42:58.466167723 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7531,10 +7534,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_dsa_selftest.c + return ret; +} +#endif -Index: openssl-1.1.1h/crypto/fips/fips_ecdh_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_ecdh_selftest.c 2020-09-22 22:42:58.466167723 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7778,10 +7781,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_ecdh_selftest.c +} + +#endif -Index: openssl-1.1.1h/crypto/fips/fips_ecdsa_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_ecdsa_selftest.c 2020-09-22 22:42:58.466167723 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7949,10 +7952,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_ecdsa_selftest.c +} + +#endif -Index: openssl-1.1.1h/crypto/fips/fips_err.h +Index: openssl-1.1.1j/crypto/fips/fips_err.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_err.h 2020-09-22 22:42:58.466167723 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_err.h @@ -0,0 +1,197 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8151,10 +8154,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_err.h +#endif + return 1; +} -Index: openssl-1.1.1h/crypto/fips/fips_ers.c +Index: openssl-1.1.1j/crypto/fips/fips_ers.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_ers.c 2020-09-22 22:42:58.466167723 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_ers.c @@ -0,0 +1,7 @@ +#include + @@ -8163,10 +8166,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_ers.c +#else +static void *dummy = &dummy; +#endif -Index: openssl-1.1.1h/crypto/fips/fips_hmac_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_hmac_selftest.c 2020-09-22 22:42:58.466167723 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8302,10 +8305,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_hmac_selftest.c + return 1; +} +#endif -Index: openssl-1.1.1h/crypto/fips/fips_locl.h +Index: openssl-1.1.1j/crypto/fips/fips_locl.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_locl.h 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_locl.h @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8378,10 +8381,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_locl.h +} +# endif +#endif -Index: openssl-1.1.1h/crypto/fips/fips_post.c +Index: openssl-1.1.1j/crypto/fips/fips_post.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_post.c 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_post.c @@ -0,0 +1,224 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8607,10 +8610,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_post.c + return 1; +} +#endif -Index: openssl-1.1.1h/crypto/fips/fips_rand_lcl.h +Index: openssl-1.1.1j/crypto/fips/fips_rand_lcl.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_rand_lcl.h 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_rand_lcl.h @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8815,10 +8818,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.1.1h/crypto/fips/fips_rand_lib.c +Index: openssl-1.1.1j/crypto/fips/fips_rand_lib.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_rand_lib.c 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_rand_lib.c @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9054,10 +9057,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_rand_lib.c +# endif +} + -Index: openssl-1.1.1h/crypto/fips/fips_rsa_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_rsa_selftest.c 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9397,10 +9400,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_rsa_selftest.c +} + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.1.1h/crypto/fips/fips_sha_selftest.c +Index: openssl-1.1.1j/crypto/fips/fips_sha_selftest.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_sha_selftest.c 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_sha_selftest.c @@ -0,0 +1,223 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9625,10 +9628,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_sha_selftest.c +} + +#endif -Index: openssl-1.1.1h/crypto/fips/fips_standalone_hmac.c +Index: openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/crypto/fips/fips_standalone_hmac.c 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9757,10 +9760,10 @@ Index: openssl-1.1.1h/crypto/fips/fips_standalone_hmac.c +#endif + return 0; +} -Index: openssl-1.1.1h/crypto/hmac/hmac.c +Index: openssl-1.1.1j/crypto/hmac/hmac.c =================================================================== ---- openssl-1.1.1h.orig/crypto/hmac/hmac.c 2020-09-22 22:42:57.006158265 +0200 -+++ openssl-1.1.1h/crypto/hmac/hmac.c 2020-09-22 22:42:58.470167749 +0200 +--- openssl-1.1.1j.orig/crypto/hmac/hmac.c ++++ openssl-1.1.1j/crypto/hmac/hmac.c @@ -44,6 +44,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo return 0; @@ -9775,10 +9778,10 @@ Index: openssl-1.1.1h/crypto/hmac/hmac.c reset = 1; j = EVP_MD_block_size(md); -Index: openssl-1.1.1h/crypto/hmac/hm_pmeth.c +Index: openssl-1.1.1j/crypto/hmac/hm_pmeth.c =================================================================== ---- openssl-1.1.1h.orig/crypto/hmac/hm_pmeth.c 2020-09-22 22:42:57.006158265 +0200 -+++ openssl-1.1.1h/crypto/hmac/hm_pmeth.c 2020-09-22 22:42:58.470167749 +0200 +--- openssl-1.1.1j.orig/crypto/hmac/hm_pmeth.c ++++ openssl-1.1.1j/crypto/hmac/hm_pmeth.c @@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD hmac_pkey_meth = { @@ -9788,10 +9791,10 @@ Index: openssl-1.1.1h/crypto/hmac/hm_pmeth.c pkey_hmac_init, pkey_hmac_copy, pkey_hmac_cleanup, -Index: openssl-1.1.1h/include/crypto/fips_int.h +Index: openssl-1.1.1j/include/crypto/fips_int.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/include/crypto/fips_int.h 2020-09-22 22:42:58.470167749 +0200 +--- /dev/null ++++ openssl-1.1.1j/include/crypto/fips_int.h @@ -0,0 +1,98 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9891,10 +9894,10 @@ Index: openssl-1.1.1h/include/crypto/fips_int.h +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -Index: openssl-1.1.1h/crypto/o_fips.c +Index: openssl-1.1.1j/crypto/o_fips.c =================================================================== ---- openssl-1.1.1h.orig/crypto/o_fips.c 2020-09-22 22:42:57.006158265 +0200 -+++ openssl-1.1.1h/crypto/o_fips.c 2020-09-22 22:42:58.470167749 +0200 +--- openssl-1.1.1j.orig/crypto/o_fips.c ++++ openssl-1.1.1j/crypto/o_fips.c @@ -8,17 +8,28 @@ */ @@ -9924,10 +9927,10 @@ Index: openssl-1.1.1h/crypto/o_fips.c return 0; +#endif } -Index: openssl-1.1.1h/crypto/o_init.c +Index: openssl-1.1.1j/crypto/o_init.c =================================================================== ---- openssl-1.1.1h.orig/crypto/o_init.c 2020-09-22 22:42:57.006158265 +0200 -+++ openssl-1.1.1h/crypto/o_init.c 2020-09-22 22:42:58.470167749 +0200 +--- openssl-1.1.1j.orig/crypto/o_init.c ++++ openssl-1.1.1j/crypto/o_init.c @@ -7,8 +7,68 @@ * https://www.openssl.org/source/license.html */ @@ -9997,10 +10000,10 @@ Index: openssl-1.1.1h/crypto/o_init.c /* * Perform any essential OpenSSL initialization operations. Currently does -Index: openssl-1.1.1h/crypto/rand/rand_lib.c +Index: openssl-1.1.1j/crypto/rand/rand_lib.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rand/rand_lib.c 2020-09-22 22:42:57.006158265 +0200 -+++ openssl-1.1.1h/crypto/rand/rand_lib.c 2020-09-22 22:42:58.470167749 +0200 +--- openssl-1.1.1j.orig/crypto/rand/rand_lib.c ++++ openssl-1.1.1j/crypto/rand/rand_lib.c @@ -959,3 +959,15 @@ int RAND_status(void) return meth->status(); return 0; @@ -10017,10 +10020,10 @@ Index: openssl-1.1.1h/crypto/rand/rand_lib.c + return 1; +} +#endif -Index: openssl-1.1.1h/crypto/rsa/rsa_crpt.c +Index: openssl-1.1.1j/crypto/rsa/rsa_crpt.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_crpt.c 2020-09-22 22:42:57.006158265 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_crpt.c 2020-09-22 22:42:58.470167749 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_crpt.c ++++ openssl-1.1.1j/crypto/rsa/rsa_crpt.c @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10074,10 +10077,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_crpt.c return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -Index: openssl-1.1.1h/crypto/rsa/rsa_err.c +Index: openssl-1.1.1j/crypto/rsa/rsa_err.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_err.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_err.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_err.c ++++ openssl-1.1.1j/crypto/rsa/rsa_err.c @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -10146,10 +10149,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_err.c {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -Index: openssl-1.1.1h/crypto/rsa/rsa_gen.c +Index: openssl-1.1.1j/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_gen.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_gen.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_gen.c ++++ openssl-1.1.1j/crypto/rsa/rsa_gen.c @@ -18,6 +18,76 @@ #include "internal/cryptlib.h" #include @@ -10542,10 +10545,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_gen.c static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -Index: openssl-1.1.1h/crypto/rsa/rsa_lib.c +Index: openssl-1.1.1j/crypto/rsa/rsa_lib.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_lib.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_lib.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_lib.c ++++ openssl-1.1.1j/crypto/rsa/rsa_lib.c @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10588,10 +10591,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -Index: openssl-1.1.1h/crypto/rsa/rsa_ossl.c +Index: openssl-1.1.1j/crypto/rsa/rsa_ossl.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_ossl.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_ossl.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_ossl.c ++++ openssl-1.1.1j/crypto/rsa/rsa_ossl.c @@ -12,6 +12,10 @@ #include "rsa_local.h" #include "internal/constant_time.h" @@ -10708,10 +10711,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_ossl.c if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -Index: openssl-1.1.1h/crypto/rsa/rsa_pmeth.c +Index: openssl-1.1.1j/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_pmeth.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_pmeth.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_pmeth.c ++++ openssl-1.1.1j/crypto/rsa/rsa_pmeth.c @@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD rsa_pkey_meth = { @@ -10730,10 +10733,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_pmeth.c pkey_rsa_init, pkey_rsa_copy, pkey_rsa_cleanup, -Index: openssl-1.1.1h/crypto/rsa/rsa_sign.c +Index: openssl-1.1.1j/crypto/rsa/rsa_sign.c =================================================================== ---- openssl-1.1.1h.orig/crypto/rsa/rsa_sign.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/rsa/rsa_sign.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/rsa/rsa_sign.c ++++ openssl-1.1.1j/crypto/rsa/rsa_sign.c @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10760,10 +10763,10 @@ Index: openssl-1.1.1h/crypto/rsa/rsa_sign.c if (encrypt_len <= 0) goto err; -Index: openssl-1.1.1h/crypto/sha/sha256.c +Index: openssl-1.1.1j/crypto/sha/sha256.c =================================================================== ---- openssl-1.1.1h.orig/crypto/sha/sha256.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/sha/sha256.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/sha/sha256.c ++++ openssl-1.1.1j/crypto/sha/sha256.c @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10784,10 +10787,10 @@ Index: openssl-1.1.1h/crypto/sha/sha256.c memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -Index: openssl-1.1.1h/crypto/sha/sha512.c +Index: openssl-1.1.1j/crypto/sha/sha512.c =================================================================== ---- openssl-1.1.1h.orig/crypto/sha/sha512.c 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/sha/sha512.c 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/sha/sha512.c ++++ openssl-1.1.1j/crypto/sha/sha512.c @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10808,10 +10811,10 @@ Index: openssl-1.1.1h/crypto/sha/sha512.c c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -Index: openssl-1.1.1h/crypto/sha/sha_local.h +Index: openssl-1.1.1j/crypto/sha/sha_local.h =================================================================== ---- openssl-1.1.1h.orig/crypto/sha/sha_local.h 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/crypto/sha/sha_local.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/crypto/sha/sha_local.h ++++ openssl-1.1.1j/crypto/sha/sha_local.h @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -10822,10 +10825,10 @@ Index: openssl-1.1.1h/crypto/sha/sha_local.h memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -Index: openssl-1.1.1h/doc/man3/DSA_generate_parameters.pod +Index: openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod =================================================================== ---- openssl-1.1.1h.orig/doc/man3/DSA_generate_parameters.pod 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/doc/man3/DSA_generate_parameters.pod 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/doc/man3/DSA_generate_parameters.pod ++++ openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10839,10 +10842,10 @@ Index: openssl-1.1.1h/doc/man3/DSA_generate_parameters.pod DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -Index: openssl-1.1.1h/include/openssl/crypto.h +Index: openssl-1.1.1j/include/openssl/crypto.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/crypto.h 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/include/openssl/crypto.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/include/openssl/crypto.h ++++ openssl-1.1.1j/include/openssl/crypto.h @@ -331,6 +331,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10855,10 +10858,10 @@ Index: openssl-1.1.1h/include/openssl/crypto.h void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -Index: openssl-1.1.1h/include/openssl/dherr.h +Index: openssl-1.1.1j/include/openssl/dherr.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/dherr.h 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/include/openssl/dherr.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/include/openssl/dherr.h ++++ openssl-1.1.1j/include/openssl/dherr.h @@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 @@ -10884,10 +10887,10 @@ Index: openssl-1.1.1h/include/openssl/dherr.h # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -Index: openssl-1.1.1h/include/openssl/dh.h +Index: openssl-1.1.1j/include/openssl/dh.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/dh.h 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/include/openssl/dh.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/include/openssl/dh.h ++++ openssl-1.1.1j/include/openssl/dh.h @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10896,10 +10899,10 @@ Index: openssl-1.1.1h/include/openssl/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 -Index: openssl-1.1.1h/include/openssl/dsaerr.h +Index: openssl-1.1.1j/include/openssl/dsaerr.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/dsaerr.h 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/include/openssl/dsaerr.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/include/openssl/dsaerr.h ++++ openssl-1.1.1j/include/openssl/dsaerr.h @@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 @@ -10926,10 +10929,10 @@ Index: openssl-1.1.1h/include/openssl/dsaerr.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -Index: openssl-1.1.1h/include/openssl/dsa.h +Index: openssl-1.1.1j/include/openssl/dsa.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/dsa.h 2020-09-22 22:42:57.010158291 +0200 -+++ openssl-1.1.1h/include/openssl/dsa.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/include/openssl/dsa.h ++++ openssl-1.1.1j/include/openssl/dsa.h @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10938,11 +10941,11 @@ Index: openssl-1.1.1h/include/openssl/dsa.h # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -Index: openssl-1.1.1h/include/openssl/evperr.h +Index: openssl-1.1.1j/include/openssl/evperr.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/evperr.h 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/include/openssl/evperr.h 2020-09-22 22:42:58.474167775 +0200 -@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void); +--- openssl-1.1.1j.orig/include/openssl/evperr.h ++++ openssl-1.1.1j/include/openssl/evperr.h +@@ -22,14 +22,15 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 @@ -10961,7 +10964,7 @@ Index: openssl-1.1.1h/include/openssl/evperr.h # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 -@@ -142,6 +143,7 @@ int ERR_load_EVP_strings(void); +@@ -140,6 +141,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -10969,7 +10972,7 @@ Index: openssl-1.1.1h/include/openssl/evperr.h # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -185,6 +187,7 @@ int ERR_load_EVP_strings(void); +@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -10977,7 +10980,7 @@ Index: openssl-1.1.1h/include/openssl/evperr.h # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -@@ -200,6 +203,7 @@ int ERR_load_EVP_strings(void); +@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 @@ -10986,10 +10989,10 @@ Index: openssl-1.1.1h/include/openssl/evperr.h +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif -Index: openssl-1.1.1h/include/openssl/evp.h +Index: openssl-1.1.1j/include/openssl/evp.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/evp.h 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/include/openssl/evp.h 2020-09-22 22:42:58.474167775 +0200 +--- openssl-1.1.1j.orig/include/openssl/evp.h ++++ openssl-1.1.1j/include/openssl/evp.h @@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 @@ -11000,10 +11003,10 @@ Index: openssl-1.1.1h/include/openssl/evp.h const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -Index: openssl-1.1.1h/include/openssl/fips.h +Index: openssl-1.1.1j/include/openssl/fips.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/include/openssl/fips.h 2020-09-22 22:42:58.474167775 +0200 +--- /dev/null ++++ openssl-1.1.1j/include/openssl/fips.h @@ -0,0 +1,187 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11192,10 +11195,10 @@ Index: openssl-1.1.1h/include/openssl/fips.h +} +# endif +#endif -Index: openssl-1.1.1h/include/openssl/fips_rand.h +Index: openssl-1.1.1j/include/openssl/fips_rand.h =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.1.1h/include/openssl/fips_rand.h 2020-09-22 22:42:58.474167775 +0200 +--- /dev/null ++++ openssl-1.1.1j/include/openssl/fips_rand.h @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11342,10 +11345,10 @@ Index: openssl-1.1.1h/include/openssl/fips_rand.h +# endif +# endif +#endif -Index: openssl-1.1.1h/include/openssl/opensslconf.h.in +Index: openssl-1.1.1j/include/openssl/opensslconf.h.in =================================================================== ---- openssl-1.1.1h.orig/include/openssl/opensslconf.h.in 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/include/openssl/opensslconf.h.in 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/include/openssl/opensslconf.h.in ++++ openssl-1.1.1j/include/openssl/opensslconf.h.in @@ -155,6 +155,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11358,10 +11361,10 @@ Index: openssl-1.1.1h/include/openssl/opensslconf.h.in #ifdef __cplusplus } #endif -Index: openssl-1.1.1h/include/openssl/randerr.h +Index: openssl-1.1.1j/include/openssl/randerr.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/randerr.h 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/include/openssl/randerr.h 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/include/openssl/randerr.h ++++ openssl-1.1.1j/include/openssl/randerr.h @@ -38,6 +38,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 @@ -11370,10 +11373,10 @@ Index: openssl-1.1.1h/include/openssl/randerr.h # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -Index: openssl-1.1.1h/include/openssl/rand.h +Index: openssl-1.1.1j/include/openssl/rand.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/rand.h 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/include/openssl/rand.h 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/include/openssl/rand.h ++++ openssl-1.1.1j/include/openssl/rand.h @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11386,10 +11389,10 @@ Index: openssl-1.1.1h/include/openssl/rand.h #ifdef __cplusplus } -Index: openssl-1.1.1h/include/openssl/rsaerr.h +Index: openssl-1.1.1j/include/openssl/rsaerr.h =================================================================== ---- openssl-1.1.1h.orig/include/openssl/rsaerr.h 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/include/openssl/rsaerr.h 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/include/openssl/rsaerr.h ++++ openssl-1.1.1j/include/openssl/rsaerr.h @@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 @@ -11445,10 +11448,10 @@ Index: openssl-1.1.1h/include/openssl/rsaerr.h # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -Index: openssl-1.1.1h/ssl/s3_lib.c +Index: openssl-1.1.1j/ssl/s3_lib.c =================================================================== ---- openssl-1.1.1h.orig/ssl/s3_lib.c 2020-09-22 14:55:07.000000000 +0200 -+++ openssl-1.1.1h/ssl/s3_lib.c 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/ssl/s3_lib.c ++++ openssl-1.1.1j/ssl/s3_lib.c @@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, @@ -11548,10 +11551,10 @@ Index: openssl-1.1.1h/ssl/s3_lib.c SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, -Index: openssl-1.1.1h/ssl/ssl_ciph.c +Index: openssl-1.1.1j/ssl/ssl_ciph.c =================================================================== ---- openssl-1.1.1h.orig/ssl/ssl_ciph.c 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/ssl/ssl_ciph.c 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/ssl/ssl_ciph.c ++++ openssl-1.1.1j/ssl/ssl_ciph.c @@ -385,7 +385,7 @@ int ssl_load_ciphers(void) } } @@ -11590,10 +11593,10 @@ Index: openssl-1.1.1h/ssl/ssl_ciph.c if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -Index: openssl-1.1.1h/ssl/ssl_init.c +Index: openssl-1.1.1j/ssl/ssl_init.c =================================================================== ---- openssl-1.1.1h.orig/ssl/ssl_init.c 2020-09-22 22:42:57.014158316 +0200 -+++ openssl-1.1.1h/ssl/ssl_init.c 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/ssl/ssl_init.c ++++ openssl-1.1.1j/ssl/ssl_init.c @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11637,10 +11640,10 @@ Index: openssl-1.1.1h/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -Index: openssl-1.1.1h/ssl/ssl_lib.c +Index: openssl-1.1.1j/ssl/ssl_lib.c =================================================================== ---- openssl-1.1.1h.orig/ssl/ssl_lib.c 2020-09-22 22:42:57.018158342 +0200 -+++ openssl-1.1.1h/ssl/ssl_lib.c 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/ssl/ssl_lib.c ++++ openssl-1.1.1j/ssl/ssl_lib.c @@ -2973,6 +2973,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11678,11 +11681,11 @@ Index: openssl-1.1.1h/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -Index: openssl-1.1.1h/ssl/ssl_local.h +Index: openssl-1.1.1j/ssl/ssl_local.h =================================================================== ---- openssl-1.1.1h.orig/ssl/ssl_local.h 2020-09-22 22:42:57.018158342 +0200 -+++ openssl-1.1.1h/ssl/ssl_local.h 2020-09-22 22:42:58.478167800 +0200 -@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st { +--- openssl-1.1.1j.orig/ssl/ssl_local.h ++++ openssl-1.1.1j/ssl/ssl_local.h +@@ -1515,6 +1515,7 @@ typedef struct tls_group_info_st { # define TLS_CURVE_PRIME 0x0 # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 @@ -11690,10 +11693,10 @@ Index: openssl-1.1.1h/ssl/ssl_local.h typedef struct cert_pkey_st CERT_PKEY; -Index: openssl-1.1.1h/ssl/t1_lib.c +Index: openssl-1.1.1j/ssl/t1_lib.c =================================================================== ---- openssl-1.1.1h.orig/ssl/t1_lib.c 2020-09-22 22:42:57.018158342 +0200 -+++ openssl-1.1.1h/ssl/t1_lib.c 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/ssl/t1_lib.c ++++ openssl-1.1.1j/ssl/t1_lib.c @@ -159,11 +159,11 @@ static const TLS_GROUP_INFO nid_list[] = {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ @@ -11719,10 +11722,10 @@ Index: openssl-1.1.1h/ssl/t1_lib.c ctmp[0] = curve >> 8; ctmp[1] = curve & 0xff; return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -Index: openssl-1.1.1h/test/dsatest.c +Index: openssl-1.1.1j/test/dsatest.c =================================================================== ---- openssl-1.1.1h.orig/test/dsatest.c 2020-09-22 22:42:57.018158342 +0200 -+++ openssl-1.1.1h/test/dsatest.c 2020-09-22 22:42:58.478167800 +0200 +--- openssl-1.1.1j.orig/test/dsatest.c ++++ openssl-1.1.1j/test/dsatest.c @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11805,10 +11808,10 @@ Index: openssl-1.1.1h/test/dsatest.c goto end; if (!TEST_int_eq(h, 2)) goto end; -Index: openssl-1.1.1h/test/recipes/30-test_evp_data/evpciph.txt +Index: openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt =================================================================== ---- openssl-1.1.1h.orig/test/recipes/30-test_evp_data/evpciph.txt 2020-09-22 22:42:57.018158342 +0200 -+++ openssl-1.1.1h/test/recipes/30-test_evp_data/evpciph.txt 2020-09-22 22:42:58.482167826 +0200 +--- openssl-1.1.1j.orig/test/recipes/30-test_evp_data/evpciph.txt ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt @@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 @@ -11817,10 +11820,10 @@ Index: openssl-1.1.1h/test/recipes/30-test_evp_data/evpciph.txt Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 -Index: openssl-1.1.1h/util/libcrypto.num +Index: openssl-1.1.1j/util/libcrypto.num =================================================================== ---- openssl-1.1.1h.orig/util/libcrypto.num 2020-09-22 22:42:58.482167826 +0200 -+++ openssl-1.1.1h/util/libcrypto.num 2020-09-22 22:43:36.782415940 +0200 +--- openssl-1.1.1j.orig/util/libcrypto.num ++++ openssl-1.1.1j/util/libcrypto.num @@ -4591,3 +4591,38 @@ X509_ALGOR_copy X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: diff --git a/openssl-1.1.1i.tar.gz b/openssl-1.1.1i.tar.gz deleted file mode 100644 index dd60ad5..0000000 --- a/openssl-1.1.1i.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 -size 9808346 diff --git a/openssl-1.1.1i.tar.gz.asc b/openssl-1.1.1i.tar.gz.asc deleted file mode 100644 index 5a496a1..0000000 --- a/openssl-1.1.1i.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl/PfcIACgkQ2cTSbQ5g -RJHxYQf8DFul2uhHXbiCxshH7PiOh/TgjEMrdjUMTerYv6dssTcOF08UY7kjXdwV -7WJ61XcDo6m6vpzqZDuz/rbMqTmNP1z8ShQ80T4DQus+QHp9zMkNDWcUFTpv2vSc -PYTHtlBk49zDXJiRNBtWx0UjiVvcUtrDoTf/X0n/2ucqebniHxOSIFG9i/nhE5iP -a+0ccguS9eoq4cphWmSWRQrzweNWjfJUm6kcFBUYek5cVM6JVYMDJRjwwe14lWVP -vVMADBMc6eQFkBD/f/cI0QrFKfB6/ObTgRLqT2aNFgaSHHKvqtjLaB+haldz8oHm -F9orllkrd9bTCxit2kEGHBKg4EjKLw== -=K/1H ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1j.tar.gz b/openssl-1.1.1j.tar.gz new file mode 100644 index 0000000..1d78375 --- /dev/null +++ b/openssl-1.1.1j.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf +size 9823161 diff --git a/openssl-1.1.1j.tar.gz.asc b/openssl-1.1.1j.tar.gz.asc new file mode 100644 index 0000000..f1b9906 --- /dev/null +++ b/openssl-1.1.1j.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmAr45gACgkQ2cTSbQ5g +RJE55AgAuAYlKdgDPQHfh7gyLmFl+fnO91iF8oaN/W4vFaAO2i3a/rwQayOOGWjh +UR4lUayR8ZLg+9p+69OGxogRd9mPp9YnZYSyLt/TO6BQcU9++CUIVYLgntUDiMzg ++doHvzWx7d9O070KBGb6+AwdUR2xZ29w+hcnq7DJ1xcLlbSj4iXzM1KapCEVlI08 +gHw9UpIy3LASfx9CgiPK1FdKcelpRp4VvUDU4i2QgKzVtQrOLXv7InDBqIiLpwi5 +PP0fAFnxQR1l7PgIF0T+dEyrz5xt60+6JpRaU8WIGqfrN+U4CuxKBvHW2ce7MgWz +oOIJ/1B7o5spKou6eKqm3gMP53J4hw== +=vzFe +-----END PGP SIGNATURE----- diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 541f288..4a780c4 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Fri Feb 19 08:01:01 UTC 2021 - Pedro Monreal + +- Update to 1.1.1j + * Fixed the X509_issuer_and_serial_hash() function. It attempts + to create a unique hash value based on the issuer and serial + number data contained within an X509 certificate. However it + was failing to correctly handle any errors that may occur + while parsing the issuer field [bsc#1182331, CVE-2021-23841] + * Fixed the RSA_padding_check_SSLv23() function and the + RSA_SSLV23_PADDING padding mode to correctly check for + rollback attacks. + * Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and + EVP_DecryptUpdate functions. Previously they could overflow the + output length argument in some cases where the input length is + close to the maximum permissable length for an integer on the + platform. In such cases the return value from the function call + would be 1 (indicating success), but the output length value + would be negative. This could cause applications to behave + incorrectly or crash. [bsc#1182333, CVE-2021-23840] + * Fixed SRP_Calc_client_key so that it runs in constant time. + The previous implementation called BN_mod_exp without setting + BN_FLG_CONSTTIME. This could be exploited in a side channel + attack to recover the password. Since the attack is local host + only this is outside of the current OpenSSL threat model and + therefore no CVE is assigned. +- Rebase patches: + * openssl-1.1.1-fips.patch + * openssl-1.1.0-issuer-hash.patch + * openssl-1.1.1-evp-kdf.patch + ------------------------------------------------------------------- Sat Feb 6 14:44:12 UTC 2021 - Jason Sikes @@ -14,6 +45,11 @@ Thu Feb 4 18:23:17 UTC 2021 - Jason Sikes * bsc#1181796 * sourced from https://github.com/openssl/openssl/pull/12331/files +------------------------------------------------------------------- +Fri Jan 22 09:05:41 UTC 2021 - Pedro Monreal + +- Add version guards for the crypto-policies + ------------------------------------------------------------------- Wed Jan 20 15:59:01 UTC 2021 - Pedro Monreal diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 9b40f36..ae44b35 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1i +Version: 1.1.1j Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -92,6 +92,9 @@ Patch53: openssl-1_1-seclevel.patch Patch54: openssl-1_1-use-seclevel2-in-tests.patch Patch55: openssl-1_1-disable-test_srp-sslapi.patch BuildRequires: pkgconfig +%if 0%{?suse_version} && ! 0%{?sle_version} +Requires: crypto-policies +%endif Conflicts: ssl Provides: ssl Provides: openssl(cli) @@ -110,7 +113,6 @@ OpenSSL contains an implementation of the SSL and TLS protocols. Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security -Requires: crypto-policies Recommends: ca-certificates-mozilla # install libopenssl and libopenssl-hmac close together (bsc#1090765) Suggests: libopenssl1_1-hmac = %{version}-%{release}