diff --git a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch index 252ace0..c3732db 100644 --- a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch +++ b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch @@ -4,10 +4,10 @@ Date: Sun, 4 May 2014 23:36:54 -0400 Subject: [PATCH] Axe builtin printf implementation, use glibc instead -Index: openssl-1.0.2a/crypto/bio/b_print.c +Index: openssl-1.0.2b/crypto/bio/b_print.c =================================================================== ---- openssl-1.0.2a.orig/crypto/bio/b_print.c 2015-05-24 13:30:38.744606756 +0200 -+++ openssl-1.0.2a/crypto/bio/b_print.c 2015-05-24 13:41:38.708200825 +0200 +--- openssl-1.0.2b.orig/crypto/bio/b_print.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/bio/b_print.c 2015-06-11 17:50:00.893823977 +0200 @@ -56,17 +56,10 @@ * [including the GNU Public Licence.] */ @@ -28,7 +28,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c #include #include #include -@@ -79,671 +72,6 @@ +@@ -79,668 +72,6 @@ #include /* To get BN_LLONG properly defined */ #include @@ -657,32 +657,29 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c - /* If we haven't at least one buffer, someone has doe a big booboo */ - assert(*sbuffer != NULL || buffer != NULL); - -- if (buffer) { -- while (*currlen >= *maxlen) { -- if (*buffer == NULL) { -- if (*maxlen == 0) -- *maxlen = 1024; -- *buffer = OPENSSL_malloc(*maxlen); -- if(!*buffer) { -- /* Panic! Can't really do anything sensible. Just return */ -- return; -- } -- if (*currlen > 0) { -- assert(*sbuffer != NULL); -- memcpy(*buffer, *sbuffer, *currlen); -- } -- *sbuffer = NULL; -- } else { -- *maxlen += 1024; -- *buffer = OPENSSL_realloc(*buffer, *maxlen); -- if(!*buffer) { -- /* Panic! Can't really do anything sensible. Just return */ -- return; -- } +- /* |currlen| must always be <= |*maxlen| */ +- assert(*currlen <= *maxlen); +- +- if (buffer && *currlen == *maxlen) { +- *maxlen += 1024; +- if (*buffer == NULL) { +- *buffer = OPENSSL_malloc(*maxlen); +- if (!*buffer) { +- /* Panic! Can't really do anything sensible. Just return */ +- return; +- } +- if (*currlen > 0) { +- assert(*sbuffer != NULL); +- memcpy(*buffer, *sbuffer, *currlen); +- } +- *sbuffer = NULL; +- } else { +- *buffer = OPENSSL_realloc(*buffer, *maxlen); +- if (!*buffer) { +- /* Panic! Can't really do anything sensible. Just return */ +- return; - } - } -- /* What to do if *buffer is NULL? */ -- assert(*sbuffer != NULL || *buffer != NULL); - } - - if (*currlen < *maxlen) { @@ -700,7 +697,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c int BIO_printf(BIO *bio, const char *format, ...) { va_list args; -@@ -757,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for +@@ -754,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for return (ret); } @@ -756,7 +753,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c return (ret); } -@@ -794,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co +@@ -791,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co int ret; va_start(args, format); diff --git a/0001-libcrypto-Hide-library-private-symbols.patch b/0001-libcrypto-Hide-library-private-symbols.patch index 64b5c74..023ce2f 100644 --- a/0001-libcrypto-Hide-library-private-symbols.patch +++ b/0001-libcrypto-Hide-library-private-symbols.patch @@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols crypto/x509v3/pcy_int.h | 3 +++ 31 files changed, 85 insertions(+), 17 deletions(-) -Index: openssl-1.0.2a/apps/Makefile +Index: openssl-1.0.2b/apps/Makefile =================================================================== ---- openssl-1.0.2a.orig/apps/Makefile 2015-05-29 13:57:01.496491593 +0200 -+++ openssl-1.0.2a/apps/Makefile 2015-05-29 13:58:53.830777136 +0200 +--- openssl-1.0.2b.orig/apps/Makefile 2015-06-11 15:55:38.000000000 +0200 ++++ openssl-1.0.2b/apps/Makefile 2015-06-11 17:50:03.669860202 +0200 @@ -20,7 +20,7 @@ EXE_EXT= SHLIB_TARGET= @@ -50,10 +50,10 @@ Index: openssl-1.0.2a/apps/Makefile GENERAL=Makefile makeapps.com install.com -Index: openssl-1.0.2a/crypto/asn1/asn1_locl.h +Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/asn1/asn1_locl.h 2015-05-29 13:57:01.496491593 +0200 -+++ openssl-1.0.2a/crypto/asn1/asn1_locl.h 2015-05-29 13:59:35.960258988 +0200 +--- openssl-1.0.2b.orig/crypto/asn1/asn1_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/asn1/asn1_locl.h 2015-06-11 17:50:03.670860215 +0200 @@ -62,6 +62,8 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); @@ -69,10 +69,10 @@ Index: openssl-1.0.2a/crypto/asn1/asn1_locl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/bn/bn_lcl.h +Index: openssl-1.0.2b/crypto/bn/bn_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/bn/bn_lcl.h 2015-05-29 13:57:01.497491605 +0200 -+++ openssl-1.0.2a/crypto/bn/bn_lcl.h 2015-05-29 14:00:30.503883360 +0200 +--- openssl-1.0.2b.orig/crypto/bn/bn_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/bn/bn_lcl.h 2015-06-11 17:50:03.670860215 +0200 @@ -505,6 +505,8 @@ unsigned __int64 _umul128(unsigned __int # undef bn_div_words # endif @@ -91,10 +91,10 @@ Index: openssl-1.0.2a/crypto/bn/bn_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.2a/crypto/cast/cast_lcl.h +Index: openssl-1.0.2b/crypto/cast/cast_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/cast/cast_lcl.h 2015-05-29 13:57:01.497491605 +0200 -+++ openssl-1.0.2a/crypto/cast/cast_lcl.h 2015-05-29 13:58:53.831777147 +0200 +--- openssl-1.0.2b.orig/crypto/cast/cast_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/cast/cast_lcl.h 2015-06-11 17:50:03.670860215 +0200 @@ -217,6 +217,7 @@ } #endif @@ -108,10 +108,10 @@ Index: openssl-1.0.2a/crypto/cast/cast_lcl.h extern const CAST_LONG CAST_S_table6[256]; extern const CAST_LONG CAST_S_table7[256]; +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/cms/cms_lcl.h +Index: openssl-1.0.2b/crypto/cms/cms_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/cms/cms_lcl.h 2015-05-29 13:57:01.498491617 +0200 -+++ openssl-1.0.2a/crypto/cms/cms_lcl.h 2015-05-29 14:02:50.582486082 +0200 +--- openssl-1.0.2b.orig/crypto/cms/cms_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/cms/cms_lcl.h 2015-06-11 17:50:03.670860215 +0200 @@ -410,6 +410,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA # define CMS_OIK_KEYIDENTIFIER 1 # define CMS_OIK_PUBKEY 2 @@ -130,10 +130,10 @@ Index: openssl-1.0.2a/crypto/cms/cms_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.2a/crypto/des/des_locl.h +Index: openssl-1.0.2b/crypto/des/des_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/des/des_locl.h 2015-05-29 13:58:53.832777158 +0200 -+++ openssl-1.0.2a/crypto/des/des_locl.h 2015-05-29 14:03:58.545263671 +0200 +--- openssl-1.0.2b.orig/crypto/des/des_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/des/des_locl.h 2015-06-11 17:50:03.670860215 +0200 @@ -432,10 +432,12 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } @@ -147,10 +147,10 @@ Index: openssl-1.0.2a/crypto/des/des_locl.h # ifdef OPENSSL_SMALL_FOOTPRINT # undef DES_UNROLL -Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h +Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_locl.h 2015-05-29 13:58:53.832777158 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_locl.h 2015-05-29 14:05:14.177128917 +0200 +--- openssl-1.0.2b.orig/crypto/dsa/dsa_locl.h 2015-06-11 17:41:59.488534507 +0200 ++++ openssl-1.0.2b/crypto/dsa/dsa_locl.h 2015-06-11 17:50:03.670860215 +0200 @@ -58,7 +58,7 @@ int dsa_builtin_paramgen(DSA *ret, size_ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, @@ -160,10 +160,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, const EVP_MD *evpmd, const unsigned char *seed_in, -Index: openssl-1.0.2a/crypto/ec/ec_lcl.h +Index: openssl-1.0.2b/crypto/ec/ec_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_lcl.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_lcl.h 2015-05-29 13:58:53.833777170 +0200 +--- openssl-1.0.2b.orig/crypto/ec/ec_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ec/ec_lcl.h 2015-06-11 17:50:03.671860227 +0200 @@ -89,6 +89,8 @@ * change in future versions. */ @@ -173,16 +173,16 @@ Index: openssl-1.0.2a/crypto/ec/ec_lcl.h struct ec_method_st { /* Various method flags */ int flags; -@@ -574,3 +576,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c +@@ -566,3 +568,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c const BIGNUM *b, BN_CTX *ctx); EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid); #endif + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/ecdh/ech_locl.h +Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdh/ech_locl.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/ecdh/ech_locl.h 2015-05-29 14:06:06.800730916 +0200 +--- openssl-1.0.2b.orig/crypto/ecdh/ech_locl.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/ecdh/ech_locl.h 2015-06-11 17:50:03.671860227 +0200 @@ -58,6 +58,8 @@ # include @@ -198,10 +198,10 @@ Index: openssl-1.0.2a/crypto/ecdh/ech_locl.h +#pragma GCC visibility pop #endif /* HEADER_ECH_LOCL_H */ -Index: openssl-1.0.2a/crypto/ecdsa/ecs_locl.h +Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdsa/ecs_locl.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/ecdsa/ecs_locl.h 2015-05-29 14:06:33.641037950 +0200 +--- openssl-1.0.2b.orig/crypto/ecdsa/ecs_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ecdsa/ecs_locl.h 2015-06-11 17:50:03.671860227 +0200 @@ -61,6 +61,8 @@ # include @@ -217,10 +217,10 @@ Index: openssl-1.0.2a/crypto/ecdsa/ecs_locl.h +#pragma GCC visibility pop #endif /* HEADER_ECS_LOCL_H */ -Index: openssl-1.0.2a/crypto/engine/eng_int.h +Index: openssl-1.0.2b/crypto/engine/eng_int.h =================================================================== ---- openssl-1.0.2a.orig/crypto/engine/eng_int.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/engine/eng_int.h 2015-05-29 14:07:02.552368670 +0200 +--- openssl-1.0.2b.orig/crypto/engine/eng_int.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/engine/eng_int.h 2015-06-11 17:50:03.671860227 +0200 @@ -69,6 +69,8 @@ /* Take public definitions from engine.h */ # include @@ -236,11 +236,11 @@ Index: openssl-1.0.2a/crypto/engine/eng_int.h +#pragma GCC visibility pop #endif /* HEADER_ENGINE_INT_H */ -Index: openssl-1.0.2a/crypto/evp/e_aes.c +Index: openssl-1.0.2b/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_aes.c 2015-05-29 13:57:01.501491652 +0200 -+++ openssl-1.0.2a/crypto/evp/e_aes.c 2015-05-29 14:08:41.561501841 +0200 -@@ -115,6 +115,8 @@ typedef struct { +--- openssl-1.0.2b.orig/crypto/evp/e_aes.c 2015-06-11 17:41:59.490534533 +0200 ++++ openssl-1.0.2b/crypto/evp/e_aes.c 2015-06-11 17:50:03.671860227 +0200 +@@ -116,6 +116,8 @@ typedef struct { # define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) @@ -249,7 +249,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c # ifdef VPAES_ASM int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); -@@ -145,6 +147,7 @@ void bsaes_xts_decrypt(const unsigned ch +@@ -146,6 +148,7 @@ void bsaes_xts_decrypt(const unsigned ch size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); # endif @@ -257,7 +257,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c # ifdef AES_CTR_ASM void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, -@@ -193,6 +196,8 @@ extern unsigned int OPENSSL_ia32cap_P[]; +@@ -194,6 +197,8 @@ extern unsigned int OPENSSL_ia32cap_P[]; */ # define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) @@ -266,7 +266,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, -@@ -262,6 +267,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128 +@@ -263,6 +268,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128 # undef AES_GCM_ASM2 /* minor size optimization */ # endif @@ -275,12 +275,12 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { -Index: openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c +Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-05-29 13:57:01.501491652 +0200 -+++ openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-05-29 14:09:13.009860938 +0200 +--- openssl-1.0.2b.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 17:50:03.672860241 +0200 @@ -97,6 +97,8 @@ typedef struct { - extern unsigned int OPENSSL_ia32cap_P[3]; + extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) +#pragma GCC visibility push(hidden) @@ -297,10 +297,10 @@ Index: openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c # define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, -Index: openssl-1.0.2a/crypto/evp/evp_locl.h +Index: openssl-1.0.2b/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_locl.h 2015-05-29 13:57:01.502491662 +0200 -+++ openssl-1.0.2a/crypto/evp/evp_locl.h 2015-05-29 14:09:56.939363434 +0200 +--- openssl-1.0.2b.orig/crypto/evp/evp_locl.h 2015-06-11 17:41:59.492534560 +0200 ++++ openssl-1.0.2b/crypto/evp/evp_locl.h 2015-06-11 17:50:03.672860241 +0200 @@ -261,6 +261,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void EVP_CIPH_FLAG_DEFAULT_ASN1, \ cipher##_init_key, NULL, NULL, NULL, NULL) @@ -319,10 +319,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_locl.h #ifdef OPENSSL_FIPS # ifdef OPENSSL_DOING_MAKEDEPEND -Index: openssl-1.0.2a/crypto/md4/md4_locl.h +Index: openssl-1.0.2b/crypto/md4/md4_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/md4/md4_locl.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/md4/md4_locl.h 2015-05-29 14:10:54.331025396 +0200 +--- openssl-1.0.2b.orig/crypto/md4/md4_locl.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/md4/md4_locl.h 2015-06-11 17:50:03.672860241 +0200 @@ -65,7 +65,7 @@ # define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif @@ -332,10 +332,10 @@ Index: openssl-1.0.2a/crypto/md4/md4_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2a/crypto/md5/md5_locl.h +Index: openssl-1.0.2b/crypto/md5/md5_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/md5/md5_locl.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/md5/md5_locl.h 2015-05-29 14:11:40.218580180 +0200 +--- openssl-1.0.2b.orig/crypto/md5/md5_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/md5/md5_locl.h 2015-06-11 17:50:03.672860241 +0200 @@ -76,7 +76,7 @@ # endif #endif @@ -345,10 +345,10 @@ Index: openssl-1.0.2a/crypto/md5/md5_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2a/crypto/modes/modes_lcl.h +Index: openssl-1.0.2b/crypto/modes/modes_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/modes/modes_lcl.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/modes/modes_lcl.h 2015-05-29 14:12:47.352391628 +0200 +--- openssl-1.0.2b.orig/crypto/modes/modes_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/modes/modes_lcl.h 2015-06-11 17:50:03.672860241 +0200 @@ -89,6 +89,9 @@ _asm mov eax, val _asm bswap eax} # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) @@ -365,10 +365,10 @@ Index: openssl-1.0.2a/crypto/modes/modes_lcl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/o_str.h +Index: openssl-1.0.2b/crypto/o_str.h =================================================================== ---- openssl-1.0.2a.orig/crypto/o_str.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/o_str.h 2015-05-29 14:13:21.018798729 +0200 +--- openssl-1.0.2b.orig/crypto/o_str.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/o_str.h 2015-06-11 17:50:03.672860241 +0200 @@ -61,9 +61,11 @@ # define HEADER_O_STR_H @@ -381,10 +381,10 @@ Index: openssl-1.0.2a/crypto/o_str.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/o_time.h +Index: openssl-1.0.2b/crypto/o_time.h =================================================================== ---- openssl-1.0.2a.orig/crypto/o_time.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/o_time.h 2015-05-29 14:14:00.740278452 +0200 +--- openssl-1.0.2b.orig/crypto/o_time.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/o_time.h 2015-06-11 17:50:03.672860241 +0200 @@ -61,10 +61,12 @@ # define HEADER_O_TIME_H @@ -398,10 +398,10 @@ Index: openssl-1.0.2a/crypto/o_time.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/ripemd/rmd_locl.h +Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ripemd/rmd_locl.h 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/ripemd/rmd_locl.h 2015-05-29 14:14:42.587783890 +0200 +--- openssl-1.0.2b.orig/crypto/ripemd/rmd_locl.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/ripemd/rmd_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -76,7 +76,7 @@ # endif #endif @@ -411,20 +411,20 @@ Index: openssl-1.0.2a/crypto/ripemd/rmd_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2a/crypto/rsa/rsa_locl.h +Index: openssl-1.0.2b/crypto/rsa/rsa_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_locl.h 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_locl.h 2015-05-29 14:15:18.372216267 +0200 +--- openssl-1.0.2b.orig/crypto/rsa/rsa_locl.h 2015-06-11 15:00:12.000000000 +0200 ++++ openssl-1.0.2b/crypto/rsa/rsa_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -1,4 +1,4 @@ extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf, - size_t siglen, RSA *rsa); + size_t siglen, RSA *rsa) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.2a/crypto/sha/sha256.c +Index: openssl-1.0.2b/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha256.c 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/sha/sha256.c 2015-05-29 14:16:36.509166160 +0200 +--- openssl-1.0.2b.orig/crypto/sha/sha256.c 2015-06-11 17:41:59.509534778 +0200 ++++ openssl-1.0.2b/crypto/sha/sha256.c 2015-06-11 17:50:03.673860254 +0200 @@ -135,7 +135,7 @@ int SHA224_Final(unsigned char *md, SHA2 # ifndef SHA256_ASM static @@ -434,10 +434,10 @@ Index: openssl-1.0.2a/crypto/sha/sha256.c # include "md32_common.h" -Index: openssl-1.0.2a/crypto/sha/sha512.c +Index: openssl-1.0.2b/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha512.c 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/sha/sha512.c 2015-05-29 14:17:13.260611799 +0200 +--- openssl-1.0.2b.orig/crypto/sha/sha512.c 2015-06-11 17:41:59.509534778 +0200 ++++ openssl-1.0.2b/crypto/sha/sha512.c 2015-06-11 17:50:03.673860254 +0200 @@ -109,7 +109,7 @@ fips_md_init(SHA512) # ifndef SHA512_ASM static @@ -447,10 +447,10 @@ Index: openssl-1.0.2a/crypto/sha/sha512.c int SHA512_Final(unsigned char *md, SHA512_CTX *c) { -Index: openssl-1.0.2a/crypto/sha/sha_locl.h +Index: openssl-1.0.2b/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha_locl.h 2015-05-29 13:58:53.838777227 +0200 -+++ openssl-1.0.2a/crypto/sha/sha_locl.h 2015-05-29 14:17:59.773173925 +0200 +--- openssl-1.0.2b.orig/crypto/sha/sha_locl.h 2015-06-11 17:41:59.509534778 +0200 ++++ openssl-1.0.2b/crypto/sha/sha_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -108,7 +108,7 @@ static void sha_block_data_order(SHA_CTX # ifndef SHA1_ASM static @@ -460,10 +460,10 @@ Index: openssl-1.0.2a/crypto/sha/sha_locl.h #else # error "Either SHA_0 or SHA_1 must be defined." -Index: openssl-1.0.2a/crypto/store/str_locl.h +Index: openssl-1.0.2b/crypto/store/str_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/store/str_locl.h 2015-05-29 13:57:01.505491696 +0200 -+++ openssl-1.0.2a/crypto/store/str_locl.h 2015-05-29 13:58:53.838777227 +0200 +--- openssl-1.0.2b.orig/crypto/store/str_locl.h 2015-03-19 15:02:02.000000000 +0100 ++++ openssl-1.0.2b/crypto/store/str_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -63,6 +63,8 @@ # include # include @@ -480,10 +480,10 @@ Index: openssl-1.0.2a/crypto/store/str_locl.h - +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/ui/ui_locl.h +Index: openssl-1.0.2b/crypto/ui/ui_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ui/ui_locl.h 2015-05-29 13:58:53.838777227 +0200 -+++ openssl-1.0.2a/crypto/ui/ui_locl.h 2015-05-29 14:18:44.460717716 +0200 +--- openssl-1.0.2b.orig/crypto/ui/ui_locl.h 2015-03-19 15:02:02.000000000 +0100 ++++ openssl-1.0.2b/crypto/ui/ui_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -67,6 +67,8 @@ # undef _ # endif @@ -499,19 +499,19 @@ Index: openssl-1.0.2a/crypto/ui/ui_locl.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/whrlpool/wp_locl.h +Index: openssl-1.0.2b/crypto/whrlpool/wp_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/whrlpool/wp_locl.h 2015-05-29 13:58:53.838777227 +0200 -+++ openssl-1.0.2a/crypto/whrlpool/wp_locl.h 2015-05-29 14:19:16.174102106 +0200 +--- openssl-1.0.2b.orig/crypto/whrlpool/wp_locl.h 2015-06-11 15:00:12.000000000 +0200 ++++ openssl-1.0.2b/crypto/whrlpool/wp_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -1,3 +1,3 @@ #include -void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t); +void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.2a/crypto/x509v3/ext_dat.h +Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h =================================================================== ---- openssl-1.0.2a.orig/crypto/x509v3/ext_dat.h 2015-05-29 13:57:01.505491696 +0200 -+++ openssl-1.0.2a/crypto/x509v3/ext_dat.h 2015-05-29 13:58:53.839777239 +0200 +--- openssl-1.0.2b.orig/crypto/x509v3/ext_dat.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/x509v3/ext_dat.h 2015-06-11 17:50:03.674860267 +0200 @@ -58,6 +58,8 @@ */ /* This file contains a table of "standard" extensions */ @@ -529,10 +529,10 @@ Index: openssl-1.0.2a/crypto/x509v3/ext_dat.h /* Number of standard extensions */ #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) -Index: openssl-1.0.2a/crypto/x509v3/pcy_int.h +Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h =================================================================== ---- openssl-1.0.2a.orig/crypto/x509v3/pcy_int.h 2015-05-29 13:57:01.506491709 +0200 -+++ openssl-1.0.2a/crypto/x509v3/pcy_int.h 2015-05-29 14:19:55.941583947 +0200 +--- openssl-1.0.2b.orig/crypto/x509v3/pcy_int.h 2015-06-11 15:00:12.000000000 +0200 ++++ openssl-1.0.2b/crypto/x509v3/pcy_int.h 2015-06-11 17:50:03.674860267 +0200 @@ -57,6 +57,8 @@ * */ @@ -548,10 +548,10 @@ Index: openssl-1.0.2a/crypto/x509v3/pcy_int.h const X509_POLICY_CACHE *policy_cache_set(X509 *x); + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/modes/gcm128.c +Index: openssl-1.0.2b/crypto/modes/gcm128.c =================================================================== ---- openssl-1.0.2a.orig/crypto/modes/gcm128.c 2015-05-29 13:58:53.840777250 +0200 -+++ openssl-1.0.2a/crypto/modes/gcm128.c 2015-05-29 14:21:51.614984305 +0200 +--- openssl-1.0.2b.orig/crypto/modes/gcm128.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/modes/gcm128.c 2015-06-11 17:50:03.674860267 +0200 @@ -602,9 +602,9 @@ static void gcm_ghash_4bit(u64 Xi[2], co } # endif @@ -566,7 +566,7 @@ Index: openssl-1.0.2a/crypto/modes/gcm128.c # define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) @@ -696,10 +696,10 @@ static void gcm_gmult_1bit(u64 Xi[2], co # define GCM_FUNCREF_4BIT - extern unsigned int OPENSSL_ia32cap_P[2]; + extern unsigned int OPENSSL_ia32cap_P[]; -void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); @@ -578,11 +578,11 @@ Index: openssl-1.0.2a/crypto/modes/gcm128.c # if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define gcm_init_avx gcm_init_clmul -Index: openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c +Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_rc4_hmac_md5.c 2015-05-29 13:58:53.840777250 +0200 -+++ openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c 2015-05-29 14:22:20.495333738 +0200 -@@ -77,7 +77,7 @@ typedef struct { +--- openssl-1.0.2b.orig/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 17:50:03.674860267 +0200 +@@ -78,7 +78,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, @@ -591,10 +591,10 @@ Index: openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c # define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) -Index: openssl-1.0.2a/crypto/cmac/cm_ameth.c +Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/cmac/cm_ameth.c 2015-05-29 13:58:53.840777250 +0200 -+++ openssl-1.0.2a/crypto/cmac/cm_ameth.c 2015-05-29 14:23:02.278839089 +0200 +--- openssl-1.0.2b.orig/crypto/cmac/cm_ameth.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/cmac/cm_ameth.c 2015-06-11 17:50:03.674860267 +0200 @@ -73,7 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey if (cmctx) CMAC_CTX_free(cmctx); @@ -604,10 +604,10 @@ Index: openssl-1.0.2a/crypto/cmac/cm_ameth.c const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, -Index: openssl-1.0.2a/crypto/evp/pmeth_lib.c +Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/pmeth_lib.c 2015-05-29 13:57:01.507491720 +0200 -+++ openssl-1.0.2a/crypto/evp/pmeth_lib.c 2015-05-29 13:58:53.841777261 +0200 +--- openssl-1.0.2b.orig/crypto/evp/pmeth_lib.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/evp/pmeth_lib.c 2015-06-11 17:50:03.675860280 +0200 @@ -71,7 +71,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -617,10 +617,10 @@ Index: openssl-1.0.2a/crypto/evp/pmeth_lib.c extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -Index: openssl-1.0.2a/crypto/cmac/cm_pmeth.c +Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/cmac/cm_pmeth.c 2015-05-29 13:58:53.841777261 +0200 -+++ openssl-1.0.2a/crypto/cmac/cm_pmeth.c 2015-05-29 14:23:33.695219495 +0200 +--- openssl-1.0.2b.orig/crypto/cmac/cm_pmeth.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/cmac/cm_pmeth.c 2015-06-11 17:50:03.675860280 +0200 @@ -182,6 +182,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C return -2; } @@ -629,10 +629,10 @@ Index: openssl-1.0.2a/crypto/cmac/cm_pmeth.c const EVP_PKEY_METHOD cmac_pkey_meth = { EVP_PKEY_CMAC, EVP_PKEY_FLAG_SIGCTX_CUSTOM, -Index: openssl-1.0.2a/crypto/rand/md_rand.c +Index: openssl-1.0.2b/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rand/md_rand.c 2015-05-29 13:58:53.841777261 +0200 -+++ openssl-1.0.2a/crypto/rand/md_rand.c 2015-05-29 14:24:04.870595846 +0200 +--- openssl-1.0.2b.orig/crypto/rand/md_rand.c 2015-06-11 17:41:59.506534739 +0200 ++++ openssl-1.0.2b/crypto/rand/md_rand.c 2015-06-11 17:50:03.675860280 +0200 @@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_status(void); @@ -642,10 +642,10 @@ Index: openssl-1.0.2a/crypto/rand/md_rand.c ssleay_rand_seed, ssleay_rand_nopseudo_bytes, ssleay_rand_cleanup, -Index: openssl-1.0.2a/crypto/dh/dh_ameth.c +Index: openssl-1.0.2b/crypto/dh/dh_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_ameth.c 2015-05-29 13:58:53.842777273 +0200 -+++ openssl-1.0.2a/crypto/dh/dh_ameth.c 2015-05-29 14:24:30.526905527 +0200 +--- openssl-1.0.2b.orig/crypto/dh/dh_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/dh/dh_ameth.c 2015-06-11 17:50:03.675860280 +0200 @@ -584,6 +584,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, } @@ -654,10 +654,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_ameth.c const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, EVP_PKEY_DH, -Index: openssl-1.0.2a/crypto/dh/dh_pmeth.c +Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_pmeth.c 2015-05-29 13:58:53.842777273 +0200 -+++ openssl-1.0.2a/crypto/dh/dh_pmeth.c 2015-05-29 14:25:02.208288551 +0200 +--- openssl-1.0.2b.orig/crypto/dh/dh_pmeth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/dh/dh_pmeth.c 2015-06-11 17:50:03.675860280 +0200 @@ -482,6 +482,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * return 1; } @@ -666,10 +666,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_pmeth.c const EVP_PKEY_METHOD dh_pkey_meth = { EVP_PKEY_DH, 0, -Index: openssl-1.0.2a/crypto/dsa/dsa_ameth.c +Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_ameth.c 2015-05-29 13:58:53.842777273 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_ameth.c 2015-05-29 14:25:24.527557694 +0200 +--- openssl-1.0.2b.orig/crypto/dsa/dsa_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/dsa/dsa_ameth.c 2015-06-11 17:50:03.676860293 +0200 @@ -620,6 +620,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, /* NB these are sorted in pkey_id order, lowest first */ @@ -678,10 +678,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_ameth.c const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { { -Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_pmeth.c 2015-05-29 13:58:53.843777284 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_pmeth.c 2015-05-29 14:25:50.943876979 +0200 +--- openssl-1.0.2b.orig/crypto/dsa/dsa_pmeth.c 2015-06-11 17:41:59.488534507 +0200 ++++ openssl-1.0.2b/crypto/dsa/dsa_pmeth.c 2015-06-11 17:50:03.676860293 +0200 @@ -278,6 +278,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX return DSA_generate_key(pkey->pkey.dsa); } @@ -690,10 +690,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, EVP_PKEY_FLAG_AUTOARGLEN, -Index: openssl-1.0.2a/crypto/ec/ec_ameth.c +Index: openssl-1.0.2b/crypto/ec/ec_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_ameth.c 2015-05-29 13:58:53.843777284 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_ameth.c 2015-05-29 14:26:15.256170382 +0200 +--- openssl-1.0.2b.orig/crypto/ec/ec_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ec/ec_ameth.c 2015-06-11 17:50:03.676860293 +0200 @@ -608,6 +608,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, } @@ -702,10 +702,10 @@ Index: openssl-1.0.2a/crypto/ec/ec_ameth.c const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, -Index: openssl-1.0.2a/crypto/ec/ec_pmeth.c +Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_pmeth.c 2015-05-29 13:58:53.843777284 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_pmeth.c 2015-05-29 14:26:42.183495689 +0200 +--- openssl-1.0.2b.orig/crypto/ec/ec_pmeth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ec/ec_pmeth.c 2015-06-11 17:50:03.676860293 +0200 @@ -491,6 +491,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * return EC_KEY_generate_key(pkey->pkey.ec); } @@ -714,10 +714,10 @@ Index: openssl-1.0.2a/crypto/ec/ec_pmeth.c const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, 0, -Index: openssl-1.0.2a/crypto/hmac/hm_ameth.c +Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/hmac/hm_ameth.c 2015-05-29 13:58:53.844777296 +0200 -+++ openssl-1.0.2a/crypto/hmac/hm_ameth.c 2015-05-29 14:27:00.087711757 +0200 +--- openssl-1.0.2b.orig/crypto/hmac/hm_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/hmac/hm_ameth.c 2015-06-11 17:50:03.676860293 +0200 @@ -135,6 +135,7 @@ static int old_hmac_encode(const EVP_PKE #endif @@ -726,10 +726,10 @@ Index: openssl-1.0.2a/crypto/hmac/hm_ameth.c const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, -Index: openssl-1.0.2a/crypto/hmac/hm_pmeth.c +Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/hmac/hm_pmeth.c 2015-05-29 13:58:53.844777296 +0200 -+++ openssl-1.0.2a/crypto/hmac/hm_pmeth.c 2015-05-29 14:27:18.207930409 +0200 +--- openssl-1.0.2b.orig/crypto/hmac/hm_pmeth.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/hmac/hm_pmeth.c 2015-06-11 17:50:03.676860293 +0200 @@ -228,6 +228,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C return -2; } @@ -738,10 +738,10 @@ Index: openssl-1.0.2a/crypto/hmac/hm_pmeth.c const EVP_PKEY_METHOD hmac_pkey_meth = { EVP_PKEY_HMAC, 0, -Index: openssl-1.0.2a/crypto/rsa/rsa_ameth.c +Index: openssl-1.0.2b/crypto/rsa/rsa_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_ameth.c 2015-05-29 13:58:53.844777296 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_ameth.c 2015-05-29 14:27:55.153376094 +0200 +--- openssl-1.0.2b.orig/crypto/rsa/rsa_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/rsa/rsa_ameth.c 2015-06-11 17:50:03.677860306 +0200 @@ -921,6 +921,7 @@ static int rsa_cms_encrypt(CMS_Recipient return rv; } @@ -750,11 +750,11 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_ameth.c const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { EVP_PKEY_RSA, -Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_pmeth.c 2015-05-29 13:58:53.845777307 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_pmeth.c 2015-05-29 14:28:12.111582149 +0200 -@@ -717,6 +717,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX +--- openssl-1.0.2b.orig/crypto/rsa/rsa_pmeth.c 2015-06-11 17:41:59.508534765 +0200 ++++ openssl-1.0.2b/crypto/rsa/rsa_pmeth.c 2015-06-11 17:50:03.677860306 +0200 +@@ -723,6 +723,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX return ret; } @@ -762,10 +762,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c const EVP_PKEY_METHOD rsa_pkey_meth = { EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN, -Index: openssl-1.0.2a/crypto/objects/obj_xref.c +Index: openssl-1.0.2b/crypto/objects/obj_xref.c =================================================================== ---- openssl-1.0.2a.orig/crypto/objects/obj_xref.c 2015-05-29 13:57:01.511491765 +0200 -+++ openssl-1.0.2a/crypto/objects/obj_xref.c 2015-05-29 13:58:53.845777307 +0200 +--- openssl-1.0.2b.orig/crypto/objects/obj_xref.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/objects/obj_xref.c 2015-06-11 17:50:03.677860306 +0200 @@ -61,7 +61,7 @@ #include "obj_xref.h" @@ -775,10 +775,10 @@ Index: openssl-1.0.2a/crypto/objects/obj_xref.c static int sig_cmp(const nid_triple *a, const nid_triple *b) { -Index: openssl-1.0.2a/crypto/pem/pem_lib.c +Index: openssl-1.0.2b/crypto/pem/pem_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/pem/pem_lib.c 2015-05-29 13:57:01.512491776 +0200 -+++ openssl-1.0.2a/crypto/pem/pem_lib.c 2015-05-29 13:58:53.845777307 +0200 +--- openssl-1.0.2b.orig/crypto/pem/pem_lib.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/pem/pem_lib.c 2015-06-11 17:50:03.677860306 +0200 @@ -80,7 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL static int load_iv(char **fromp, unsigned char *to, int num); @@ -788,10 +788,10 @@ Index: openssl-1.0.2a/crypto/pem/pem_lib.c int PEM_def_callback(char *buf, int num, int w, void *key) { -Index: openssl-1.0.2a/crypto/asn1/tasn_prn.c +Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c =================================================================== ---- openssl-1.0.2a.orig/crypto/asn1/tasn_prn.c 2015-05-29 13:58:53.845777307 +0200 -+++ openssl-1.0.2a/crypto/asn1/tasn_prn.c 2015-05-29 14:28:41.568929701 +0200 +--- openssl-1.0.2b.orig/crypto/asn1/tasn_prn.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/asn1/tasn_prn.c 2015-06-11 17:50:03.677860306 +0200 @@ -73,7 +73,7 @@ /* ASN1_PCTX routines */ @@ -801,10 +801,10 @@ Index: openssl-1.0.2a/crypto/asn1/tasn_prn.c ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ 0, /* nm_flags */ 0, /* cert_flags */ -Index: openssl-1.0.2a/crypto/bn/bn_exp.c +Index: openssl-1.0.2b/crypto/bn/bn_exp.c =================================================================== ---- openssl-1.0.2a.orig/crypto/bn/bn_exp.c 2015-05-29 13:58:53.846777318 +0200 -+++ openssl-1.0.2a/crypto/bn/bn_exp.c 2015-05-29 14:29:50.256737750 +0200 +--- openssl-1.0.2b.orig/crypto/bn/bn_exp.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/bn/bn_exp.c 2015-06-11 17:50:03.678860319 +0200 @@ -947,10 +947,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr */ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, @@ -819,10 +819,10 @@ Index: openssl-1.0.2a/crypto/bn/bn_exp.c void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); -Index: openssl-1.0.2a/crypto/bn/bn_gf2m.c +Index: openssl-1.0.2b/crypto/bn/bn_gf2m.c =================================================================== ---- openssl-1.0.2a.orig/crypto/bn/bn_gf2m.c 2015-05-29 13:58:53.846777318 +0200 -+++ openssl-1.0.2a/crypto/bn/bn_gf2m.c 2015-05-29 14:31:03.496598921 +0200 +--- openssl-1.0.2b.orig/crypto/bn/bn_gf2m.c 2015-06-11 15:52:57.000000000 +0200 ++++ openssl-1.0.2b/crypto/bn/bn_gf2m.c 2015-06-11 17:50:03.678860319 +0200 @@ -321,7 +321,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, } # else diff --git a/bsc936563_hack.patch b/bsc936563_hack.patch new file mode 100644 index 0000000..ce27bf0 --- /dev/null +++ b/bsc936563_hack.patch @@ -0,0 +1,13 @@ +Index: openssl-1.0.2c/crypto/ec/Makefile +=================================================================== +--- openssl-1.0.2c.orig/crypto/ec/Makefile ++++ openssl-1.0.2c/crypto/ec/Makefile +@@ -10,7 +10,7 @@ CFLAG=-g + MAKEFILE= Makefile + AR= ar r + +-CFLAGS= $(INCLUDES) $(CFLAG) ++CFLAGS= $(INCLUDES) $(CFLAG) -O0 + ASFLAGS= $(INCLUDES) $(ASFLAG) + AFLAGS= $(ASFLAGS) + diff --git a/compression_methods_switch.patch b/compression_methods_switch.patch index 916adce..5ffd9b0 100644 --- a/compression_methods_switch.patch +++ b/compression_methods_switch.patch @@ -1,10 +1,10 @@ -Index: openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod +Index: openssl-1.0.2b/doc/ssl/SSL_COMP_add_compression_method.pod =================================================================== ---- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-03 22:10:19.262805732 +0200 -+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-03 22:10:28.958939879 +0200 -@@ -41,6 +41,24 @@ of compression methods supported on a pe - The OpenSSL library has the compression methods B and (when - especially enabled during compilation) B available. +--- openssl-1.0.2b.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-06-11 20:11:49.353667505 +0200 ++++ openssl-1.0.2b/doc/ssl/SSL_COMP_add_compression_method.pod 2015-06-11 20:11:51.183689314 +0200 +@@ -47,6 +47,24 @@ of compression methods supported on a pe + If enabled during compilation, the OpenSSL library will have the + COMP_zlib() compression method available. +And, there is an environment variable to switch the compression +methods off and on. In default the compression is off to mitigate @@ -27,10 +27,10 @@ Index: openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod =head1 WARNINGS Once the identities of the compression methods for the TLS protocol have -Index: openssl-1.0.2a/ssl/ssl_ciph.c +Index: openssl-1.0.2b/ssl/ssl_ciph.c =================================================================== ---- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-04-03 22:10:28.959939893 +0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-03 22:12:33.425662139 +0200 +--- openssl-1.0.2b.orig/ssl/ssl_ciph.c 2015-06-11 20:11:49.353667505 +0200 ++++ openssl-1.0.2b/ssl/ssl_ciph.c 2015-06-11 20:11:51.183689314 +0200 @@ -478,10 +478,16 @@ static void load_builtin_compressions(vo if (ssl_comp_methods == NULL) { diff --git a/merge_from_0.9.8k.patch b/merge_from_0.9.8k.patch index b2cb2b1..d188315 100644 --- a/merge_from_0.9.8k.patch +++ b/merge_from_0.9.8k.patch @@ -1,8 +1,13 @@ +--- + Configure | 4 ++-- + config | 23 +++++++++++++++-------- + 2 files changed, 17 insertions(+), 10 deletions(-) + Index: openssl-1.0.2a/Configure =================================================================== ---- openssl-1.0.2a.orig/Configure 2015-05-30 21:58:49.358278076 +0200 -+++ openssl-1.0.2a/Configure 2015-05-30 21:58:52.830317683 +0200 -@@ -996,7 +996,7 @@ PROCESS_ARGS: +--- openssl-1.0.2a.orig/Configure ++++ openssl-1.0.2a/Configure +@@ -978,7 +978,7 @@ PROCESS_ARGS: } else { @@ -11,7 +16,7 @@ Index: openssl-1.0.2a/Configure $target=$_; } -@@ -1276,7 +1276,7 @@ if ($target =~ /linux.*\-mips/ && !$no_a +@@ -1258,7 +1258,7 @@ if ($target =~ /linux.*\-mips/ && !$no_a my $no_shared_warn=0; my $no_user_cflags=0; @@ -22,8 +27,8 @@ Index: openssl-1.0.2a/Configure # Kerberos settings. The flavor must be provided from outside, either through Index: openssl-1.0.2a/config =================================================================== ---- openssl-1.0.2a.orig/config 2015-05-30 21:58:49.358278076 +0200 -+++ openssl-1.0.2a/config 2015-05-30 21:58:52.830317683 +0200 +--- openssl-1.0.2a.orig/config ++++ openssl-1.0.2a/config @@ -573,7 +573,8 @@ case "$GUESSOS" in options="$options -arch%20${MACHINE}" OUT="iphoneos-cross" ;; @@ -34,17 +39,19 @@ Index: openssl-1.0.2a/config case ${ISA:-generic} in *[678]) OUT="linux-alpha+bwx-$CC" ;; *) OUT="linux-alpha-$CC" ;; -@@ -598,7 +599,9 @@ case "$GUESSOS" in +@@ -598,8 +599,10 @@ case "$GUESSOS" in if [ "$KERNEL_BITS" = "64" ]; then OUT="linux-ppc64" else - OUT="linux-ppc" +- (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" +# OUT="linux-ppc" + # we have the target and force it here + OUT="linux-ppc64" - (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" ++ (echo "__LP64" | gcc -E -x c - 2>/dev/null | grep "^__LP64" 2>&1 > /dev/null) || options="$options -m32" fi ;; + ppc64le-*-linux2) OUT="linux-ppc64le" ;; @@ -632,10 +635,10 @@ case "$GUESSOS" in sparc-*-linux2) KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo` diff --git a/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch b/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch index dfdd05b..af00b70 100644 --- a/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch +++ b/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch @@ -1,9 +1,9 @@ -Index: openssl-1.0.2a/test/testssl +Index: openssl-1.0.2b/test/testssl =================================================================== ---- openssl-1.0.2a.orig/test/testssl 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/test/testssl 2015-05-24 14:06:02.038506053 +0200 -@@ -138,6 +138,25 @@ for protocol in TLSv1.2 SSLv3; do - done +--- openssl-1.0.2b.orig/test/testssl 2015-06-11 20:11:36.398513121 +0200 ++++ openssl-1.0.2b/test/testssl 2015-06-11 20:15:40.833426946 +0200 +@@ -192,6 +192,25 @@ for protocol in TLSv1.2 SSLv3; do + fi done +echo "Testing default ciphersuites" diff --git a/openssl-1.0.2a-default-paths.patch b/openssl-1.0.2a-default-paths.patch index a6f665d..7623ca9 100644 --- a/openssl-1.0.2a-default-paths.patch +++ b/openssl-1.0.2a-default-paths.patch @@ -1,25 +1,9 @@ -diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_client.c ---- openssl-1.0.2a/apps/s_client.c.default-paths 2015-04-20 14:48:31.462166971 +0200 -+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 14:52:55.125316170 +0200 -@@ -1336,19 +1336,16 @@ int MAIN(int argc, char **argv) - - SSL_CTX_set_verify(ctx, verify, verify_callback); - -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) { -- /* -- * BIO_printf(bio_err,"error setting default verify locations\n"); -- */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx)) { -+ ERR_print_errors(bio_err); -+ } -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { -+ ERR_print_errors(bio_err); -+ } +Index: openssl-1.0.2b/apps/s_client.c +=================================================================== +--- openssl-1.0.2b.orig/apps/s_client.c 2015-06-11 17:28:32.039203737 +0200 ++++ openssl-1.0.2b/apps/s_client.c 2015-06-11 17:39:40.138741521 +0200 +@@ -1346,10 +1346,6 @@ int MAIN(int argc, char **argv) + ERR_print_errors(bio_err); } - ssl_ctx_add_crls(ctx, crls, crl_download); @@ -29,10 +13,11 @@ diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_clie #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { tlsextcbp.biodebug = bio_err; -diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_server.c ---- openssl-1.0.2a/apps/s_server.c.default-paths 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 14:48:31.462166971 +0200 -@@ -1768,12 +1768,16 @@ int MAIN(int argc, char *argv[]) +Index: openssl-1.0.2b/apps/s_server.c +=================================================================== +--- openssl-1.0.2b.orig/apps/s_server.c 2015-06-11 17:28:04.879854931 +0200 ++++ openssl-1.0.2b/apps/s_server.c 2015-06-11 17:28:32.040203749 +0200 +@@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[]) } #endif @@ -54,7 +39,7 @@ diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_serv if (vpm) SSL_CTX_set1_param(ctx, vpm); -@@ -1830,8 +1834,10 @@ int MAIN(int argc, char *argv[]) +@@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[]) else SSL_CTX_sess_set_cache_size(ctx2, 128); @@ -67,9 +52,10 @@ diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_serv ERR_print_errors(bio_err); } if (vpm) -diff -up openssl-1.0.2a/apps/s_time.c.default-paths openssl-1.0.2a/apps/s_time.c ---- openssl-1.0.2a/apps/s_time.c.default-paths 2015-04-20 14:48:31.462166971 +0200 -+++ openssl-1.0.2a/apps/s_time.c 2015-04-20 14:55:14.232542738 +0200 +Index: openssl-1.0.2b/apps/s_time.c +=================================================================== +--- openssl-1.0.2b.orig/apps/s_time.c 2015-06-11 17:28:04.879854931 +0200 ++++ openssl-1.0.2b/apps/s_time.c 2015-06-11 17:28:32.040203749 +0200 @@ -381,13 +381,14 @@ int MAIN(int argc, char **argv) SSL_load_error_strings(); diff --git a/openssl-1.0.2a-fips.patch b/openssl-1.0.2a-fips.patch index e42921a..c4169bc 100644 --- a/openssl-1.0.2a-fips.patch +++ b/openssl-1.0.2a-fips.patch @@ -1,7 +1,7 @@ -Index: openssl-1.0.2a/apps/speed.c +Index: openssl-1.0.2c/apps/speed.c =================================================================== ---- openssl-1.0.2a.orig/apps/speed.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/speed.c 2015-05-24 12:53:19.134111196 +0200 +--- openssl-1.0.2c.orig/apps/speed.c 2015-06-12 23:20:59.468588414 +0200 ++++ openssl-1.0.2c/apps/speed.c 2015-06-12 23:21:28.252934111 +0200 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -134,11 +134,11 @@ Index: openssl-1.0.2a/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -Index: openssl-1.0.2a/Configure +Index: openssl-1.0.2c/Configure =================================================================== ---- openssl-1.0.2a.orig/Configure 2015-05-24 12:53:19.089110545 +0200 -+++ openssl-1.0.2a/Configure 2015-05-24 12:53:19.134111196 +0200 -@@ -1053,11 +1053,6 @@ if (defined($disabled{"md5"}) || defined +--- openssl-1.0.2c.orig/Configure 2015-06-12 23:20:49.250465706 +0200 ++++ openssl-1.0.2c/Configure 2015-06-12 23:21:28.253934123 +0200 +@@ -1070,11 +1070,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -150,7 +150,7 @@ Index: openssl-1.0.2a/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1545,7 +1540,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1563,7 +1558,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -158,7 +158,7 @@ Index: openssl-1.0.2a/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1737,9 +1731,12 @@ while () +@@ -1764,9 +1758,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -172,10 +172,10 @@ Index: openssl-1.0.2a/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.2a/crypto/aes/aes_misc.c +Index: openssl-1.0.2c/crypto/aes/aes_misc.c =================================================================== ---- openssl-1.0.2a.orig/crypto/aes/aes_misc.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/aes/aes_misc.c 2015-05-24 12:53:19.134111196 +0200 +--- openssl-1.0.2c.orig/crypto/aes/aes_misc.c 2015-06-12 23:20:59.469588427 +0200 ++++ openssl-1.0.2c/crypto/aes/aes_misc.c 2015-06-12 23:21:28.253934123 +0200 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -194,10 +194,10 @@ Index: openssl-1.0.2a/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.2a/crypto/cmac/cmac.c +Index: openssl-1.0.2c/crypto/cmac/cmac.c =================================================================== ---- openssl-1.0.2a.orig/crypto/cmac/cmac.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/cmac/cmac.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/cmac/cmac.c 2015-06-12 23:20:59.469588427 +0200 ++++ openssl-1.0.2c/crypto/cmac/cmac.c 2015-06-12 23:21:28.253934123 +0200 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -211,7 +211,7 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c EVP_CIPHER_CTX_cleanup(&ctx->cctx); OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); -@@ -158,12 +152,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void +@@ -160,12 +154,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); return 0; } @@ -224,7 +224,7 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c } #endif /* All zeros means restart */ -@@ -209,10 +197,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -211,10 +199,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi { const unsigned char *data = in; size_t bl; @@ -235,7 +235,7 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; if (dlen == 0) -@@ -252,10 +236,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -254,10 +238,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb; @@ -246,10 +246,10 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.2a/crypto/crypto.h +Index: openssl-1.0.2c/crypto/crypto.h =================================================================== ---- openssl-1.0.2a.orig/crypto/crypto.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/crypto.h 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/crypto.h 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/crypto.h 2015-06-12 23:21:28.254934135 +0200 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -295,10 +295,10 @@ Index: openssl-1.0.2a/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.2a/crypto/des/des.h +Index: openssl-1.0.2c/crypto/des/des.h =================================================================== ---- openssl-1.0.2a.orig/crypto/des/des.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/des/des.h 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/des/des.h 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/des/des.h 2015-06-12 23:21:28.254934135 +0200 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -310,10 +310,10 @@ Index: openssl-1.0.2a/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -Index: openssl-1.0.2a/crypto/des/set_key.c +Index: openssl-1.0.2c/crypto/des/set_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/des/set_key.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/des/set_key.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/des/set_key.c 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/des/set_key.c 2015-06-12 23:21:28.254934135 +0200 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -330,10 +330,10 @@ Index: openssl-1.0.2a/crypto/des/set_key.c { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -Index: openssl-1.0.2a/crypto/dh/dh_gen.c +Index: openssl-1.0.2c/crypto/dh/dh_gen.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_gen.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_gen.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh_gen.c 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/dh/dh_gen.c 2015-06-12 23:21:28.254934135 +0200 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -364,10 +364,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -Index: openssl-1.0.2a/crypto/dh/dh.h +Index: openssl-1.0.2c/crypto/dh/dh.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh.h 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh.h 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/dh/dh.h 2015-06-12 23:21:28.254934135 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -377,10 +377,10 @@ Index: openssl-1.0.2a/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -Index: openssl-1.0.2a/crypto/dh/dh_key.c +Index: openssl-1.0.2c/crypto/dh/dh_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_key.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_key.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh_key.c 2015-06-12 23:20:59.471588450 +0200 ++++ openssl-1.0.2c/crypto/dh/dh_key.c 2015-06-12 23:21:28.254934135 +0200 @@ -61,6 +61,9 @@ #include #include @@ -448,10 +448,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2a/crypto/dh/dh_lib.c +Index: openssl-1.0.2c/crypto/dh/dh_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_lib.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_lib.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh_lib.c 2015-06-12 23:20:59.471588450 +0200 ++++ openssl-1.0.2c/crypto/dh/dh_lib.c 2015-06-12 23:21:28.255934147 +0200 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -467,10 +467,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.2a/crypto/dsa/dsa_err.c +Index: openssl-1.0.2c/crypto/dsa/dsa_err.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_err.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_err.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_err.c 2015-06-12 23:20:59.471588450 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_err.c 2015-06-12 23:21:28.255934147 +0200 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -489,10 +489,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c +Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_gen.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_gen.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_gen.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_gen.c 2015-06-12 23:21:28.255934147 +0200 @@ -91,6 +91,16 @@ # include # endif @@ -716,7 +716,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c if (!BN_GENCB_call(cb, 0, m++)) goto err; -@@ -212,29 +291,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -213,29 +292,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ * be bad */ } memcpy(buf, seed, qsize); @@ -749,7 +749,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); if (r > 0) -@@ -242,8 +310,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -243,8 +311,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (r != 0) goto err; @@ -758,7 +758,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c } if (!BN_GENCB_call(cb, 2, 0)) -@@ -251,19 +317,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -252,19 +318,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 3, 0)) goto err; @@ -781,7 +781,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c for (k = 0; k <= n; k++) { /* * obtain "SEED + offset + k" by incrementing: -@@ -277,36 +340,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -278,36 +341,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) goto err; @@ -827,7 +827,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); if (r > 0) goto end; /* found it */ -@@ -314,12 +378,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -315,12 +379,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ goto err; } @@ -843,7 +843,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c break; } } -@@ -327,7 +391,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -328,7 +392,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 2, 1)) goto err; @@ -878,7 +878,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c /* Set r0=(p-1)/q */ if (!BN_sub(test, p, BN_value_one())) goto err; -@@ -356,46 +446,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -357,46 +447,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ ok = 1; err: if (ok) { @@ -925,7 +925,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c /* * This is a parameter generation algorithm for the DSA2 algorithm as * described in FIPS 186-3. -@@ -421,14 +479,6 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -422,14 +480,6 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX mctx; unsigned int h = 2; @@ -940,10 +940,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -Index: openssl-1.0.2a/crypto/dsa/dsa.h +Index: openssl-1.0.2c/crypto/dsa/dsa.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa.h 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa.h 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa.h 2015-06-12 23:21:28.255934147 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -1011,10 +1011,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -Index: openssl-1.0.2a/crypto/dsa/dsa_key.c +Index: openssl-1.0.2c/crypto/dsa/dsa_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_key.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_key.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_key.c 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_key.c 2015-06-12 23:21:28.256934159 +0200 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1090,10 +1090,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_key.c ok = 1; err: -Index: openssl-1.0.2a/crypto/dsa/dsa_lib.c +Index: openssl-1.0.2c/crypto/dsa/dsa_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_lib.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_lib.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_lib.c 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_lib.c 2015-06-12 23:21:28.256934159 +0200 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1109,10 +1109,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h +Index: openssl-1.0.2c/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_locl.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_locl.h 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_locl.h 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_locl.h 2015-06-12 23:21:28.256934159 +0200 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1122,10 +1122,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -Index: openssl-1.0.2a/crypto/dsa/dsa_ossl.c +Index: openssl-1.0.2c/crypto/dsa/dsa_ossl.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_ossl.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_ossl.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_ossl.c 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_ossl.c 2015-06-12 23:21:28.256934159 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1194,10 +1194,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_ossl.c dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.2c/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_pmeth.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_pmeth.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_pmeth.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_pmeth.c 2015-06-12 23:21:28.256934159 +0200 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1207,10 +1207,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.2a/crypto/dsa/dsatest.c +Index: openssl-1.0.2c/crypto/dsa/dsatest.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsatest.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsatest.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsatest.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsatest.c 2015-06-12 23:21:28.256934159 +0200 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1294,10 +1294,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsatest.c goto end; } if (h != 2) { -Index: openssl-1.0.2a/crypto/engine/eng_all.c +Index: openssl-1.0.2c/crypto/engine/eng_all.c =================================================================== ---- openssl-1.0.2a.orig/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/engine/eng_all.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/engine/eng_all.c 2015-06-12 23:21:28.256934159 +0200 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1324,10 +1324,10 @@ Index: openssl-1.0.2a/crypto/engine/eng_all.c #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -Index: openssl-1.0.2a/crypto/evp/c_allc.c +Index: openssl-1.0.2c/crypto/evp/c_allc.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/c_allc.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/c_allc.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/c_allc.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/evp/c_allc.c 2015-06-12 23:21:28.257934171 +0200 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1404,10 +1404,10 @@ Index: openssl-1.0.2a/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.2a/crypto/evp/c_alld.c +Index: openssl-1.0.2c/crypto/evp/c_alld.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/c_alld.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/c_alld.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/c_alld.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/evp/c_alld.c 2015-06-12 23:21:28.257934171 +0200 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1513,10 +1513,10 @@ Index: openssl-1.0.2a/crypto/evp/c_alld.c + } #endif } -Index: openssl-1.0.2a/crypto/evp/digest.c +Index: openssl-1.0.2c/crypto/evp/digest.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/digest.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/digest.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/digest.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/digest.c 2015-06-12 23:21:28.257934171 +0200 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1675,11 +1675,11 @@ Index: openssl-1.0.2a/crypto/evp/digest.c memset(ctx, '\0', sizeof *ctx); return 1; -Index: openssl-1.0.2a/crypto/evp/e_aes.c +Index: openssl-1.0.2c/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_aes.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/e_aes.c 2015-05-24 12:53:19.137111240 +0200 -@@ -59,9 +59,6 @@ +--- openssl-1.0.2c.orig/crypto/evp/e_aes.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/e_aes.c 2015-06-12 23:21:28.257934171 +0200 +@@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1689,7 +1689,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c typedef struct { union { double align; -@@ -1158,6 +1155,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -1159,6 +1156,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * case EVP_CTRL_GCM_SET_IVLEN: if (arg <= 0) return 0; @@ -1701,7 +1701,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != c->iv) -@@ -1726,6 +1728,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1727,6 +1729,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; @@ -1716,10 +1716,10 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -Index: openssl-1.0.2a/crypto/evp/e_des3.c +Index: openssl-1.0.2c/crypto/evp/e_des3.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_des3.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/e_des3.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/e_des3.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/e_des3.c 2015-06-12 23:21:28.258934183 +0200 @@ -65,10 +65,6 @@ # include # include @@ -1731,10 +1731,10 @@ Index: openssl-1.0.2a/crypto/evp/e_des3.c typedef struct { union { double align; -Index: openssl-1.0.2a/crypto/evp/e_null.c +Index: openssl-1.0.2c/crypto/evp/e_null.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_null.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/e_null.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/e_null.c 2015-06-12 23:20:59.474588486 +0200 ++++ openssl-1.0.2c/crypto/evp/e_null.c 2015-06-12 23:21:28.258934183 +0200 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1744,10 +1744,10 @@ Index: openssl-1.0.2a/crypto/evp/e_null.c null_init_key, null_cipher, NULL, -Index: openssl-1.0.2a/crypto/evp/evp_enc.c +Index: openssl-1.0.2c/crypto/evp/evp_enc.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_enc.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp_enc.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/evp_enc.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/evp_enc.c 2015-06-12 23:21:28.258934183 +0200 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1915,11 +1915,11 @@ Index: openssl-1.0.2a/crypto/evp/evp_enc.c memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.2a/crypto/evp/evp.h +Index: openssl-1.0.2c/crypto/evp/evp.h =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp.h 2015-05-24 12:53:19.138111254 +0200 -@@ -123,6 +123,10 @@ +--- openssl-1.0.2c.orig/crypto/evp/evp.h 2015-06-12 23:20:59.475588498 +0200 ++++ openssl-1.0.2c/crypto/evp/evp.h 2015-06-12 23:21:28.258934183 +0200 +@@ -122,6 +122,10 @@ extern "C" { #endif @@ -1930,7 +1930,7 @@ Index: openssl-1.0.2a/crypto/evp/evp.h /* * Type needs to be a bit field Sub-type needs to be for variations on the * method, as in, can it do arbitrary encryption.... -@@ -286,11 +290,6 @@ struct env_md_ctx_st { +@@ -285,11 +289,6 @@ struct env_md_ctx_st { * cleaned */ # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ @@ -1942,7 +1942,7 @@ Index: openssl-1.0.2a/crypto/evp/evp.h # define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS * digest in FIPS mode */ -@@ -303,6 +302,10 @@ struct env_md_ctx_st { +@@ -302,6 +301,10 @@ struct env_md_ctx_st { # define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ # define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ @@ -1953,7 +1953,7 @@ Index: openssl-1.0.2a/crypto/evp/evp.h # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ -@@ -364,15 +367,15 @@ struct evp_cipher_st { +@@ -363,15 +366,15 @@ struct evp_cipher_st { /* cipher handles random key generation */ # define EVP_CIPH_RAND_KEY 0x200 /* cipher has its own additional copying logic */ @@ -1972,10 +1972,10 @@ Index: openssl-1.0.2a/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -Index: openssl-1.0.2a/crypto/evp/evp_lib.c +Index: openssl-1.0.2c/crypto/evp/evp_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_lib.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp_lib.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/evp_lib.c 2015-06-12 23:20:59.475588498 +0200 ++++ openssl-1.0.2c/crypto/evp/evp_lib.c 2015-06-12 23:21:28.258934183 +0200 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -2061,10 +2061,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_lib.c return md->flags; } -Index: openssl-1.0.2a/crypto/evp/evp_locl.h +Index: openssl-1.0.2c/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_locl.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp_locl.h 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/evp_locl.h 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/evp_locl.h 2015-06-12 23:21:28.259934195 +0200 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2098,10 +2098,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_locl.h # define Camellia_set_key private_Camellia_set_key #endif -Index: openssl-1.0.2a/crypto/evp/m_dss.c +Index: openssl-1.0.2c/crypto/evp/m_dss.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_dss.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_dss.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_dss.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_dss.c 2015-06-12 23:21:28.259934195 +0200 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2111,10 +2111,10 @@ Index: openssl-1.0.2a/crypto/evp/m_dss.c init, update, final, -Index: openssl-1.0.2a/crypto/evp/m_dss1.c +Index: openssl-1.0.2c/crypto/evp/m_dss1.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_dss1.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_dss1.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_dss1.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_dss1.c 2015-06-12 23:21:28.259934195 +0200 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2124,10 +2124,10 @@ Index: openssl-1.0.2a/crypto/evp/m_dss1.c init, update, final, -Index: openssl-1.0.2a/crypto/evp/m_md2.c +Index: openssl-1.0.2c/crypto/evp/m_md2.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_md2.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_md2.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_md2.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_md2.c 2015-06-12 23:21:28.259934195 +0200 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2136,10 +2136,10 @@ Index: openssl-1.0.2a/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { -Index: openssl-1.0.2a/crypto/evp/m_sha1.c +Index: openssl-1.0.2c/crypto/evp/m_sha1.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_sha1.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_sha1.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_sha1.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_sha1.c 2015-06-12 23:21:28.259934195 +0200 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2190,10 +2190,10 @@ Index: openssl-1.0.2a/crypto/evp/m_sha1.c init512, update512, final512, -Index: openssl-1.0.2a/crypto/evp/p_sign.c +Index: openssl-1.0.2c/crypto/evp/p_sign.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/p_sign.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/p_sign.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/p_sign.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/p_sign.c 2015-06-12 23:21:28.259934195 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2225,10 +2225,10 @@ Index: openssl-1.0.2a/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.2a/crypto/evp/p_verify.c +Index: openssl-1.0.2c/crypto/evp/p_verify.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/p_verify.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/p_verify.c 2015-05-24 12:53:19.139111269 +0200 +--- openssl-1.0.2c.orig/crypto/evp/p_verify.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/p_verify.c 2015-06-12 23:21:28.259934195 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2260,10 +2260,10 @@ Index: openssl-1.0.2a/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.2a/crypto/fips/fips_aes_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_aes_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_aes_selftest.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_aes_selftest.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2630,10 +2630,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_aes_selftest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips.c +Index: openssl-1.0.2c/crypto/fips/fips.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3118,10 +3118,10 @@ Index: openssl-1.0.2a/crypto/fips/fips.c +# endif + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_cmac_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_cmac_selftest.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3279,10 +3279,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_cmac_selftest.c + return rv; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_des_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_des_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_des_selftest.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_des_selftest.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3422,10 +3422,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_des_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_drbg_ctr.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_ctr.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3842,10 +3842,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_ctr.c + + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_hash.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_hash.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_hash.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_hash.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4205,10 +4205,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_hash.c + + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_hmac.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_hmac.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4480,10 +4480,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_hmac.c + + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_lib.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_lib.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_lib.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5038,10 +5038,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_rand.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_rand.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_rand.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_rand.c 2015-06-12 23:21:28.262934231 +0200 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5209,10 +5209,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_rand.c +{ + return &rand_drbg_meth; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_selftest.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c 2015-06-12 23:21:28.262934231 +0200 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6041,10 +6041,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.c + FIPS_drbg_free(dctx); + return rv; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.h +Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_selftest.h 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h 2015-06-12 23:21:28.263934243 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7837,10 +7837,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.h + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -Index: openssl-1.0.2a/crypto/fips/fips_dsa_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_dsa_selftest.c 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c 2015-06-12 23:21:28.263934243 +0200 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8034,10 +8034,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_dsa_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_enc.c +Index: openssl-1.0.2c/crypto/fips/fips_enc.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_enc.c 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_enc.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8228,10 +8228,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_enc.c + + } +} -Index: openssl-1.0.2a/crypto/fips/fips.h +Index: openssl-1.0.2c/crypto/fips/fips.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips.h 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8511,10 +8511,10 @@ Index: openssl-1.0.2a/crypto/fips/fips.h +} +# endif +#endif -Index: openssl-1.0.2a/crypto/fips/fips_hmac_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_hmac_selftest.c 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8650,10 +8650,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_hmac_selftest.c + return 1; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_locl.h +Index: openssl-1.0.2c/crypto/fips/fips_locl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_locl.h 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_locl.h 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8726,10 +8726,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_locl.h +} +# endif +#endif -Index: openssl-1.0.2a/crypto/fips/fips_md.c +Index: openssl-1.0.2c/crypto/fips/fips_md.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_md.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_md.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8875,10 +8875,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_md.c + return NULL; + } +} -Index: openssl-1.0.2a/crypto/fips/fips_post.c +Index: openssl-1.0.2c/crypto/fips/fips_post.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_post.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_post.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9081,10 +9081,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_post.c + return 1; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rand.c +Index: openssl-1.0.2c/crypto/fips/fips_rand.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand.c 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9514,10 +9514,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rand.h +Index: openssl-1.0.2c/crypto/fips/fips_rand.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand.h 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand.h 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9682,10 +9682,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand.h +# endif +# endif +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rand_lcl.h +Index: openssl-1.0.2c/crypto/fips/fips_rand_lcl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand_lcl.h 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand_lcl.h 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9900,10 +9900,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.2a/crypto/fips/fips_rand_lib.c +Index: openssl-1.0.2c/crypto/fips/fips_rand_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand_lib.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand_lib.c 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10086,10 +10086,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand_lib.c + } + return 0; +} -Index: openssl-1.0.2a/crypto/fips/fips_rand_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_rand_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand_selftest.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand_selftest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10267,10 +10267,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand_selftest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_randtest.c +Index: openssl-1.0.2c/crypto/fips/fips_randtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_randtest.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_randtest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10519,10 +10519,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_randtest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10968,10 +10968,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c +} + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.2a/crypto/fips/fips_rsa_x931g.c +Index: openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rsa_x931g.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11246,10 +11246,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rsa_x931g.c + return 0; + +} -Index: openssl-1.0.2a/crypto/fips/fips_sha_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_sha_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_sha_selftest.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_sha_selftest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11396,10 +11396,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_sha_selftest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_standalone_hmac.c +Index: openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_standalone_hmac.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c 2015-06-12 23:21:28.267934291 +0200 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11669,10 +11669,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_standalone_hmac.c +#endif + return 0; +} -Index: openssl-1.0.2a/crypto/fips/fips_test_suite.c +Index: openssl-1.0.2c/crypto/fips/fips_test_suite.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_test_suite.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_test_suite.c 2015-06-12 23:21:28.267934291 +0200 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12313,10 +12313,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_test_suite.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/Makefile +Index: openssl-1.0.2c/crypto/fips/Makefile =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/Makefile 2015-05-24 12:53:19.144111341 +0200 ++++ openssl-1.0.2c/crypto/fips/Makefile 2015-06-12 23:21:28.267934291 +0200 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12659,10 +12659,10 @@ Index: openssl-1.0.2a/crypto/fips/Makefile +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.2a/crypto/hmac/hmac.c +Index: openssl-1.0.2c/crypto/hmac/hmac.c =================================================================== ---- openssl-1.0.2a.orig/crypto/hmac/hmac.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/hmac/hmac.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/hmac/hmac.c 2015-06-12 16:51:27.000000000 +0200 ++++ openssl-1.0.2c/crypto/hmac/hmac.c 2015-06-12 23:22:24.640611438 +0200 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12675,9 +12675,9 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c - return FIPS_hmac_init_ex(ctx, key, len, md, NULL); } #endif - -@@ -105,6 +99,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo - md = ctx->md; + /* If we are changing MD then we must have a key */ +@@ -111,6 +105,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo + } if (key != NULL) { +#ifdef OPENSSL_FIPS @@ -12690,7 +12690,7 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -@@ -157,10 +158,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void +@@ -164,10 +165,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { @@ -12698,10 +12698,10 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c - if (FIPS_mode() && !ctx->i_ctx.engine) - return FIPS_hmac_update(ctx, data, len); -#endif - return EVP_DigestUpdate(&ctx->md_ctx, data, len); - } + if (!ctx->md) + return 0; -@@ -168,10 +165,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c +@@ -178,10 +175,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c { unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; @@ -12710,9 +12710,9 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c - return FIPS_hmac_final(ctx, md, len); -#endif - if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) + if (!ctx->md) goto err; -@@ -211,12 +204,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C +@@ -225,12 +218,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C void HMAC_CTX_cleanup(HMAC_CTX *ctx) { @@ -12725,10 +12725,10 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.2a/crypto/mdc2/mdc2dgst.c +Index: openssl-1.0.2c/crypto/mdc2/mdc2dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/mdc2/mdc2dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/mdc2/mdc2dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/mdc2/mdc2dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/mdc2/mdc2dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12738,10 +12738,10 @@ Index: openssl-1.0.2a/crypto/mdc2/mdc2dgst.c { c->num = 0; c->pad_type = 1; -Index: openssl-1.0.2a/crypto/md2/md2_dgst.c +Index: openssl-1.0.2c/crypto/md2/md2_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/md2/md2_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/md2/md2_dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/md2/md2_dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/md2/md2_dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -62,6 +62,11 @@ #include #include @@ -12763,10 +12763,10 @@ Index: openssl-1.0.2a/crypto/md2/md2_dgst.c { c->num = 0; memset(c->state, 0, sizeof c->state); -Index: openssl-1.0.2a/crypto/md4/md4_dgst.c +Index: openssl-1.0.2c/crypto/md4/md4_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/md4/md4_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/md4/md4_dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/md4/md4_dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/md4/md4_dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12776,10 +12776,10 @@ Index: openssl-1.0.2a/crypto/md4/md4_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2a/crypto/md5/md5_dgst.c +Index: openssl-1.0.2c/crypto/md5/md5_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/md5/md5_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/md5/md5_dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/md5/md5_dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/md5/md5_dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12789,10 +12789,10 @@ Index: openssl-1.0.2a/crypto/md5/md5_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2a/crypto/o_fips.c +Index: openssl-1.0.2c/crypto/o_fips.c =================================================================== ---- openssl-1.0.2a.orig/crypto/o_fips.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/o_fips.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/o_fips.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/o_fips.c 2015-06-12 23:21:28.268934303 +0200 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12802,10 +12802,10 @@ Index: openssl-1.0.2a/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.2a/crypto/o_init.c +Index: openssl-1.0.2c/crypto/o_init.c =================================================================== ---- openssl-1.0.2a.orig/crypto/o_init.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/o_init.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/o_init.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/o_init.c 2015-06-12 23:21:28.268934303 +0200 @@ -56,8 +56,37 @@ #include #include @@ -12875,10 +12875,10 @@ Index: openssl-1.0.2a/crypto/o_init.c +{ + OPENSSL_init_library(); +} -Index: openssl-1.0.2a/crypto/opensslconf.h.in +Index: openssl-1.0.2c/crypto/opensslconf.h.in =================================================================== ---- openssl-1.0.2a.orig/crypto/opensslconf.h.in 2015-01-20 13:33:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/opensslconf.h.in 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/opensslconf.h.in 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/opensslconf.h.in 2015-06-12 23:21:28.268934303 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12900,10 +12900,10 @@ Index: openssl-1.0.2a/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.2a/crypto/rand/md_rand.c +Index: openssl-1.0.2c/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rand/md_rand.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rand/md_rand.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rand/md_rand.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/rand/md_rand.c 2015-06-12 23:21:28.269934315 +0200 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12916,10 +12916,10 @@ Index: openssl-1.0.2a/crypto/rand/md_rand.c RAND_poll(); initialized = 1; } -Index: openssl-1.0.2a/crypto/rand/rand.h +Index: openssl-1.0.2c/crypto/rand/rand.h =================================================================== ---- openssl-1.0.2a.orig/crypto/rand/rand.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rand/rand.h 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rand/rand.h 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/rand/rand.h 2015-06-12 23:21:28.269934315 +0200 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12960,10 +12960,10 @@ Index: openssl-1.0.2a/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.2a/crypto/ripemd/rmd_dgst.c +Index: openssl-1.0.2c/crypto/ripemd/rmd_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ripemd/rmd_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ripemd/rmd_dgst.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/ripemd/rmd_dgst.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/ripemd/rmd_dgst.c 2015-06-12 23:21:28.269934315 +0200 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12973,10 +12973,10 @@ Index: openssl-1.0.2a/crypto/ripemd/rmd_dgst.c { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -Index: openssl-1.0.2a/crypto/rsa/rsa_crpt.c +Index: openssl-1.0.2c/crypto/rsa/rsa_crpt.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_crpt.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_crpt.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_crpt.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_crpt.c 2015-06-12 23:21:28.269934315 +0200 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -13003,10 +13003,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.2a/crypto/rsa/rsa_eay.c +Index: openssl-1.0.2c/crypto/rsa/rsa_eay.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_eay.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_eay.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_eay.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_eay.c 2015-06-12 23:21:28.269934315 +0200 @@ -114,6 +114,10 @@ #include #include @@ -13129,10 +13129,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_eay.c rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -Index: openssl-1.0.2a/crypto/rsa/rsa_err.c +Index: openssl-1.0.2c/crypto/rsa/rsa_err.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_err.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_err.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_err.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_err.c 2015-06-12 23:21:28.270934327 +0200 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13142,10 +13142,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -Index: openssl-1.0.2a/crypto/rsa/rsa_gen.c +Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_gen.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_gen.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_gen.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_gen.c 2015-06-12 23:21:28.270934327 +0200 @@ -69,6 +69,80 @@ #include #ifdef OPENSSL_FIPS @@ -13285,10 +13285,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_gen.c ok = 1; err: if (ok == -1) { -Index: openssl-1.0.2a/crypto/rsa/rsa.h +Index: openssl-1.0.2c/crypto/rsa/rsa.h =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa.h 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa.h 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa.h 2015-06-12 23:21:28.270934327 +0200 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13385,10 +13385,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -Index: openssl-1.0.2a/crypto/rsa/rsa_lib.c +Index: openssl-1.0.2c/crypto/rsa/rsa_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_lib.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_lib.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_lib.c 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_lib.c 2015-06-12 23:21:28.270934327 +0200 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13461,10 +13461,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.2c/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_pmeth.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_pmeth.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_pmeth.c 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_pmeth.c 2015-06-12 23:21:28.271934339 +0200 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13486,7 +13486,7 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c if (EVP_MD_type(rctx->md) == NID_mdc2) { unsigned int sltmp; -@@ -353,17 +339,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX +@@ -359,17 +345,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX } #endif if (rctx->md) { @@ -13504,10 +13504,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.2a/crypto/rsa/rsa_sign.c +Index: openssl-1.0.2c/crypto/rsa/rsa_sign.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_sign.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_sign.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_sign.c 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_sign.c 2015-06-12 23:21:28.271934339 +0200 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13546,10 +13546,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_sign.c if (i <= 0) goto err; -Index: openssl-1.0.2a/crypto/sha/sha.h +Index: openssl-1.0.2c/crypto/sha/sha.h =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha.h 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha.h 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha.h 2015-06-12 23:21:28.271934339 +0200 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13592,10 +13592,10 @@ Index: openssl-1.0.2a/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.2a/crypto/sha/sha_locl.h +Index: openssl-1.0.2c/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha_locl.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha_locl.h 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha_locl.h 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha_locl.h 2015-06-12 23:21:28.271934339 +0200 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13612,10 +13612,10 @@ Index: openssl-1.0.2a/crypto/sha/sha_locl.h memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -Index: openssl-1.0.2a/crypto/sha/sha256.c +Index: openssl-1.0.2c/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha256.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha256.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha256.c 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha256.c 2015-06-12 23:21:28.272934351 +0200 @@ -12,12 +12,19 @@ # include @@ -13646,10 +13646,10 @@ Index: openssl-1.0.2a/crypto/sha/sha256.c memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -Index: openssl-1.0.2a/crypto/sha/sha512.c +Index: openssl-1.0.2c/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha512.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha512.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha512.c 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha512.c 2015-06-12 23:21:28.272934351 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13681,10 +13681,10 @@ Index: openssl-1.0.2a/crypto/sha/sha512.c c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.2a/crypto/whrlpool/wp_dgst.c +Index: openssl-1.0.2c/crypto/whrlpool/wp_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/whrlpool/wp_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/whrlpool/wp_dgst.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/whrlpool/wp_dgst.c 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/whrlpool/wp_dgst.c 2015-06-12 23:21:28.272934351 +0200 @@ -55,7 +55,7 @@ #include #include @@ -13694,10 +13694,10 @@ Index: openssl-1.0.2a/crypto/whrlpool/wp_dgst.c { memset(c, 0, sizeof(*c)); return (1); -Index: openssl-1.0.2a/Makefile.org +Index: openssl-1.0.2c/Makefile.org =================================================================== ---- openssl-1.0.2a.orig/Makefile.org 2015-05-24 12:53:19.122111022 +0200 -+++ openssl-1.0.2a/Makefile.org 2015-05-24 12:53:19.147111384 +0200 +--- openssl-1.0.2c.orig/Makefile.org 2015-06-12 23:20:59.488588654 +0200 ++++ openssl-1.0.2c/Makefile.org 2015-06-12 23:21:28.272934351 +0200 @@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -13725,10 +13725,10 @@ Index: openssl-1.0.2a/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.2a/ssl/ssl_algs.c +Index: openssl-1.0.2c/ssl/ssl_algs.c =================================================================== ---- openssl-1.0.2a.orig/ssl/ssl_algs.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/ssl/ssl_algs.c 2015-05-24 12:53:19.147111384 +0200 +--- openssl-1.0.2c.orig/ssl/ssl_algs.c 2015-06-12 23:20:59.488588654 +0200 ++++ openssl-1.0.2c/ssl/ssl_algs.c 2015-06-12 23:21:28.273934363 +0200 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2a.tar.gz b/openssl-1.0.2a.tar.gz deleted file mode 100644 index 4d3b4e0..0000000 --- a/openssl-1.0.2a.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a -size 5262089 diff --git a/openssl-1.0.2a.tar.gz.asc b/openssl-1.0.2a.tar.gz.asc deleted file mode 100644 index 21bf08e..0000000 --- a/openssl-1.0.2a.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJVCs+pAAoJENnE0m0OYESRFCAH+gLn6G4l1HY1R6agC3WYf8Xj -iTUFCJnwHN1jSgF9edLxASDS5DJ9kstEu1xyswdJT4jumFusxgnrDkqorN0K50Xe -PlflZyRdr8Fkg9M3pYkRZ7hxvZszmdx53hnuYTZ5m4C/8EUd12icAHhho8M0ks+E -rT1VfVKfX7iD9MIgLJ+9ZVGWUdUH/1RsQPPEWPWed5TCQUmilvm6Ygz2LsTKYQSQ -TOvhCMCnWl6gVrc3o0AlrgHRL01dq6kMwNSnvC09Iby/C3N+b7VbOG3sZU/xTO/M -YhqFJOjGYk5W1SFJ4PNpM504sPo2N6uJ8pCgSa3chcqfvzSjFgKzAqI9CHv8BD4= -=mSK1 ------END PGP SIGNATURE----- diff --git a/openssl-1.0.2d.tar.gz b/openssl-1.0.2d.tar.gz new file mode 100644 index 0000000..c3859a1 --- /dev/null +++ b/openssl-1.0.2d.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 +size 5295447 diff --git a/openssl-1.0.2d.tar.gz.asc b/openssl-1.0.2d.tar.gz.asc new file mode 100644 index 0000000..72fe5b8 --- /dev/null +++ b/openssl-1.0.2d.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+ +0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr +qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ +uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku +6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq +54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y= +=U3sw +-----END PGP SIGNATURE----- diff --git a/openssl-fix_invalid_manpage_name.patch b/openssl-fix_invalid_manpage_name.patch deleted file mode 100644 index 9841c79..0000000 --- a/openssl-fix_invalid_manpage_name.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: openssl-1.0.2a/doc/ssl/SSL_CTX_use_serverinfo.pod -=================================================================== ---- openssl-1.0.2a.orig/doc/ssl/SSL_CTX_use_serverinfo.pod 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/doc/ssl/SSL_CTX_use_serverinfo.pod 2015-05-29 11:33:45.390463069 +0200 -@@ -2,7 +2,7 @@ - - =head1 NAME - --SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file -+SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - load serverinfo - - =head1 SYNOPSIS - diff --git a/openssl.changes b/openssl.changes index 6fb4bdf..9e58e34 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,66 @@ +------------------------------------------------------------------- +Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com + +- update to 1.0.2d + * fixes CVE-2015-1793 (bsc#936746) + + Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. +- drop openssl-fix_invalid_manpage_name.patch (upstream) + +------------------------------------------------------------------- +Thu Jul 2 14:46:36 UTC 2015 - dvaleev@suse.com + +- Workaround debugit crash on ppc64le with gcc5 + bsc936563_hack.patch (bsc#936563) + +------------------------------------------------------------------- +Wed Jul 1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com + +- update merge_from_0.9.8k.patch replacing __LP64__ by __LP64 + this is a change versus previous request 309611 + required to avoid build error for ppc64 + +------------------------------------------------------------------- +Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org + +- Build with no-ssl3, for details on why this is needed read + rfc7568. Contrary to the "no-ssl2" option, this does not + require us to patch dependant packages as the relevant + functions are still available (SSLv3_(client|server)_method) + but will fail to negotiate. if removing SSL3 methods is desired + at a later time, option "no-ssl3-method" needs to be used. + +------------------------------------------------------------------- +Fri Jun 12 21:22:45 UTC 2015 - vcizek@suse.com + +- update to 1.0.2c + * Fix HMAC ABI incompatibility +- refreshed openssl-1.0.2a-fips.patch + +------------------------------------------------------------------- +Thu Jun 11 15:50:44 UTC 2015 - vcizek@suse.com + +- update to 1.0.2b + * Malformed ECParameters causes infinite loop (CVE-2015-1788) + * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + * CMS verify infinite loop with unknown hash function (CVE-2015-1792) + * Race condition handling NewSessionTicket (CVE-2015-1791) +- refreshed patches: + * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch + * 0001-libcrypto-Hide-library-private-symbols.patch + * openssl-1.0.2a-default-paths.patch + * openssl-1.0.2a-fips.patch + * compression_methods_switch.patch + * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch + ------------------------------------------------------------------- Sun May 24 12:13:14 UTC 2015 - vcizek@suse.com diff --git a/openssl.spec b/openssl.spec index 9e7f638..91270a0 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2a +Version: 1.0.2d Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -73,7 +73,7 @@ Patch34: openssl-fips-hidden.patch Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch -Patch39: openssl-fix_invalid_manpage_name.patch +Patch40: bsc936563_hack.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -184,12 +184,15 @@ this package's base documentation. %patch35 -p1 %patch37 -p1 %patch38 -p1 -%patch39 -p1 %if 0%{?suse_version} >= 1120 %patch3 %endif %patch8 -p1 %patch14 -p1 +#workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66728 +%ifarch ppc64le +%patch40 -p1 +%endif cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure" @@ -241,6 +244,7 @@ config_flags="threads shared no-rc5 no-idea \ fips \ %if 0%{suse_version} > 1310 no-ssl2 \ +no-ssl3 \ enable-rfc3779 \ %endif %ifarch x86_64 aarch64 ppc64le