From 7f772876ffd7273a295a9285171004bdda0b46243d96f4cb8108e85398255571 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Sun, 12 Jul 2015 20:51:54 +0000 Subject: [PATCH] Accepting request 315685 from Base:System - update to 1.0.2d * fixes CVE-2015-1793 (bsc#936746) Alternate chains certificate forgery During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. - drop openssl-fix_invalid_manpage_name.patch (upstream) (forwarded request 315682 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/315685 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=128 --- ...ntf-implementation-use-glibc-instead.patch | 57 +- ...bcrypto-Hide-library-private-symbols.patch | 318 +++++----- bsc936563_hack.patch | 13 + compression_methods_switch.patch | 18 +- merge_from_0.9.8k.patch | 23 +- ...e-add-test-suse-default-cipher-suite.patch | 10 +- openssl-1.0.2a-default-paths.patch | 46 +- openssl-1.0.2a-fips.patch | 560 +++++++++--------- openssl-1.0.2a.tar.gz | 3 - openssl-1.0.2a.tar.gz.asc | 11 - openssl-1.0.2d.tar.gz | 3 + openssl-1.0.2d.tar.gz.asc | 11 + openssl-fix_invalid_manpage_name.patch | 13 - openssl.changes | 63 ++ openssl.spec | 10 +- 15 files changed, 608 insertions(+), 551 deletions(-) create mode 100644 bsc936563_hack.patch delete mode 100644 openssl-1.0.2a.tar.gz delete mode 100644 openssl-1.0.2a.tar.gz.asc create mode 100644 openssl-1.0.2d.tar.gz create mode 100644 openssl-1.0.2d.tar.gz.asc delete mode 100644 openssl-fix_invalid_manpage_name.patch diff --git a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch index 252ace0..c3732db 100644 --- a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch +++ b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch @@ -4,10 +4,10 @@ Date: Sun, 4 May 2014 23:36:54 -0400 Subject: [PATCH] Axe builtin printf implementation, use glibc instead -Index: openssl-1.0.2a/crypto/bio/b_print.c +Index: openssl-1.0.2b/crypto/bio/b_print.c =================================================================== ---- openssl-1.0.2a.orig/crypto/bio/b_print.c 2015-05-24 13:30:38.744606756 +0200 -+++ openssl-1.0.2a/crypto/bio/b_print.c 2015-05-24 13:41:38.708200825 +0200 +--- openssl-1.0.2b.orig/crypto/bio/b_print.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/bio/b_print.c 2015-06-11 17:50:00.893823977 +0200 @@ -56,17 +56,10 @@ * [including the GNU Public Licence.] */ @@ -28,7 +28,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c #include #include #include -@@ -79,671 +72,6 @@ +@@ -79,668 +72,6 @@ #include /* To get BN_LLONG properly defined */ #include @@ -657,32 +657,29 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c - /* If we haven't at least one buffer, someone has doe a big booboo */ - assert(*sbuffer != NULL || buffer != NULL); - -- if (buffer) { -- while (*currlen >= *maxlen) { -- if (*buffer == NULL) { -- if (*maxlen == 0) -- *maxlen = 1024; -- *buffer = OPENSSL_malloc(*maxlen); -- if(!*buffer) { -- /* Panic! Can't really do anything sensible. Just return */ -- return; -- } -- if (*currlen > 0) { -- assert(*sbuffer != NULL); -- memcpy(*buffer, *sbuffer, *currlen); -- } -- *sbuffer = NULL; -- } else { -- *maxlen += 1024; -- *buffer = OPENSSL_realloc(*buffer, *maxlen); -- if(!*buffer) { -- /* Panic! Can't really do anything sensible. Just return */ -- return; -- } +- /* |currlen| must always be <= |*maxlen| */ +- assert(*currlen <= *maxlen); +- +- if (buffer && *currlen == *maxlen) { +- *maxlen += 1024; +- if (*buffer == NULL) { +- *buffer = OPENSSL_malloc(*maxlen); +- if (!*buffer) { +- /* Panic! Can't really do anything sensible. Just return */ +- return; +- } +- if (*currlen > 0) { +- assert(*sbuffer != NULL); +- memcpy(*buffer, *sbuffer, *currlen); +- } +- *sbuffer = NULL; +- } else { +- *buffer = OPENSSL_realloc(*buffer, *maxlen); +- if (!*buffer) { +- /* Panic! Can't really do anything sensible. Just return */ +- return; - } - } -- /* What to do if *buffer is NULL? */ -- assert(*sbuffer != NULL || *buffer != NULL); - } - - if (*currlen < *maxlen) { @@ -700,7 +697,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c int BIO_printf(BIO *bio, const char *format, ...) { va_list args; -@@ -757,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for +@@ -754,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for return (ret); } @@ -756,7 +753,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c return (ret); } -@@ -794,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co +@@ -791,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co int ret; va_start(args, format); diff --git a/0001-libcrypto-Hide-library-private-symbols.patch b/0001-libcrypto-Hide-library-private-symbols.patch index 64b5c74..023ce2f 100644 --- a/0001-libcrypto-Hide-library-private-symbols.patch +++ b/0001-libcrypto-Hide-library-private-symbols.patch @@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols crypto/x509v3/pcy_int.h | 3 +++ 31 files changed, 85 insertions(+), 17 deletions(-) -Index: openssl-1.0.2a/apps/Makefile +Index: openssl-1.0.2b/apps/Makefile =================================================================== ---- openssl-1.0.2a.orig/apps/Makefile 2015-05-29 13:57:01.496491593 +0200 -+++ openssl-1.0.2a/apps/Makefile 2015-05-29 13:58:53.830777136 +0200 +--- openssl-1.0.2b.orig/apps/Makefile 2015-06-11 15:55:38.000000000 +0200 ++++ openssl-1.0.2b/apps/Makefile 2015-06-11 17:50:03.669860202 +0200 @@ -20,7 +20,7 @@ EXE_EXT= SHLIB_TARGET= @@ -50,10 +50,10 @@ Index: openssl-1.0.2a/apps/Makefile GENERAL=Makefile makeapps.com install.com -Index: openssl-1.0.2a/crypto/asn1/asn1_locl.h +Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/asn1/asn1_locl.h 2015-05-29 13:57:01.496491593 +0200 -+++ openssl-1.0.2a/crypto/asn1/asn1_locl.h 2015-05-29 13:59:35.960258988 +0200 +--- openssl-1.0.2b.orig/crypto/asn1/asn1_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/asn1/asn1_locl.h 2015-06-11 17:50:03.670860215 +0200 @@ -62,6 +62,8 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); @@ -69,10 +69,10 @@ Index: openssl-1.0.2a/crypto/asn1/asn1_locl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/bn/bn_lcl.h +Index: openssl-1.0.2b/crypto/bn/bn_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/bn/bn_lcl.h 2015-05-29 13:57:01.497491605 +0200 -+++ openssl-1.0.2a/crypto/bn/bn_lcl.h 2015-05-29 14:00:30.503883360 +0200 +--- openssl-1.0.2b.orig/crypto/bn/bn_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/bn/bn_lcl.h 2015-06-11 17:50:03.670860215 +0200 @@ -505,6 +505,8 @@ unsigned __int64 _umul128(unsigned __int # undef bn_div_words # endif @@ -91,10 +91,10 @@ Index: openssl-1.0.2a/crypto/bn/bn_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.2a/crypto/cast/cast_lcl.h +Index: openssl-1.0.2b/crypto/cast/cast_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/cast/cast_lcl.h 2015-05-29 13:57:01.497491605 +0200 -+++ openssl-1.0.2a/crypto/cast/cast_lcl.h 2015-05-29 13:58:53.831777147 +0200 +--- openssl-1.0.2b.orig/crypto/cast/cast_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/cast/cast_lcl.h 2015-06-11 17:50:03.670860215 +0200 @@ -217,6 +217,7 @@ } #endif @@ -108,10 +108,10 @@ Index: openssl-1.0.2a/crypto/cast/cast_lcl.h extern const CAST_LONG CAST_S_table6[256]; extern const CAST_LONG CAST_S_table7[256]; +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/cms/cms_lcl.h +Index: openssl-1.0.2b/crypto/cms/cms_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/cms/cms_lcl.h 2015-05-29 13:57:01.498491617 +0200 -+++ openssl-1.0.2a/crypto/cms/cms_lcl.h 2015-05-29 14:02:50.582486082 +0200 +--- openssl-1.0.2b.orig/crypto/cms/cms_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/cms/cms_lcl.h 2015-06-11 17:50:03.670860215 +0200 @@ -410,6 +410,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA # define CMS_OIK_KEYIDENTIFIER 1 # define CMS_OIK_PUBKEY 2 @@ -130,10 +130,10 @@ Index: openssl-1.0.2a/crypto/cms/cms_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.2a/crypto/des/des_locl.h +Index: openssl-1.0.2b/crypto/des/des_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/des/des_locl.h 2015-05-29 13:58:53.832777158 +0200 -+++ openssl-1.0.2a/crypto/des/des_locl.h 2015-05-29 14:03:58.545263671 +0200 +--- openssl-1.0.2b.orig/crypto/des/des_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/des/des_locl.h 2015-06-11 17:50:03.670860215 +0200 @@ -432,10 +432,12 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } @@ -147,10 +147,10 @@ Index: openssl-1.0.2a/crypto/des/des_locl.h # ifdef OPENSSL_SMALL_FOOTPRINT # undef DES_UNROLL -Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h +Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_locl.h 2015-05-29 13:58:53.832777158 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_locl.h 2015-05-29 14:05:14.177128917 +0200 +--- openssl-1.0.2b.orig/crypto/dsa/dsa_locl.h 2015-06-11 17:41:59.488534507 +0200 ++++ openssl-1.0.2b/crypto/dsa/dsa_locl.h 2015-06-11 17:50:03.670860215 +0200 @@ -58,7 +58,7 @@ int dsa_builtin_paramgen(DSA *ret, size_ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, @@ -160,10 +160,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, const EVP_MD *evpmd, const unsigned char *seed_in, -Index: openssl-1.0.2a/crypto/ec/ec_lcl.h +Index: openssl-1.0.2b/crypto/ec/ec_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_lcl.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_lcl.h 2015-05-29 13:58:53.833777170 +0200 +--- openssl-1.0.2b.orig/crypto/ec/ec_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ec/ec_lcl.h 2015-06-11 17:50:03.671860227 +0200 @@ -89,6 +89,8 @@ * change in future versions. */ @@ -173,16 +173,16 @@ Index: openssl-1.0.2a/crypto/ec/ec_lcl.h struct ec_method_st { /* Various method flags */ int flags; -@@ -574,3 +576,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c +@@ -566,3 +568,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c const BIGNUM *b, BN_CTX *ctx); EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid); #endif + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/ecdh/ech_locl.h +Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdh/ech_locl.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/ecdh/ech_locl.h 2015-05-29 14:06:06.800730916 +0200 +--- openssl-1.0.2b.orig/crypto/ecdh/ech_locl.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/ecdh/ech_locl.h 2015-06-11 17:50:03.671860227 +0200 @@ -58,6 +58,8 @@ # include @@ -198,10 +198,10 @@ Index: openssl-1.0.2a/crypto/ecdh/ech_locl.h +#pragma GCC visibility pop #endif /* HEADER_ECH_LOCL_H */ -Index: openssl-1.0.2a/crypto/ecdsa/ecs_locl.h +Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ecdsa/ecs_locl.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/ecdsa/ecs_locl.h 2015-05-29 14:06:33.641037950 +0200 +--- openssl-1.0.2b.orig/crypto/ecdsa/ecs_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ecdsa/ecs_locl.h 2015-06-11 17:50:03.671860227 +0200 @@ -61,6 +61,8 @@ # include @@ -217,10 +217,10 @@ Index: openssl-1.0.2a/crypto/ecdsa/ecs_locl.h +#pragma GCC visibility pop #endif /* HEADER_ECS_LOCL_H */ -Index: openssl-1.0.2a/crypto/engine/eng_int.h +Index: openssl-1.0.2b/crypto/engine/eng_int.h =================================================================== ---- openssl-1.0.2a.orig/crypto/engine/eng_int.h 2015-05-29 13:57:01.499491629 +0200 -+++ openssl-1.0.2a/crypto/engine/eng_int.h 2015-05-29 14:07:02.552368670 +0200 +--- openssl-1.0.2b.orig/crypto/engine/eng_int.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/engine/eng_int.h 2015-06-11 17:50:03.671860227 +0200 @@ -69,6 +69,8 @@ /* Take public definitions from engine.h */ # include @@ -236,11 +236,11 @@ Index: openssl-1.0.2a/crypto/engine/eng_int.h +#pragma GCC visibility pop #endif /* HEADER_ENGINE_INT_H */ -Index: openssl-1.0.2a/crypto/evp/e_aes.c +Index: openssl-1.0.2b/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_aes.c 2015-05-29 13:57:01.501491652 +0200 -+++ openssl-1.0.2a/crypto/evp/e_aes.c 2015-05-29 14:08:41.561501841 +0200 -@@ -115,6 +115,8 @@ typedef struct { +--- openssl-1.0.2b.orig/crypto/evp/e_aes.c 2015-06-11 17:41:59.490534533 +0200 ++++ openssl-1.0.2b/crypto/evp/e_aes.c 2015-06-11 17:50:03.671860227 +0200 +@@ -116,6 +116,8 @@ typedef struct { # define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) @@ -249,7 +249,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c # ifdef VPAES_ASM int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); -@@ -145,6 +147,7 @@ void bsaes_xts_decrypt(const unsigned ch +@@ -146,6 +148,7 @@ void bsaes_xts_decrypt(const unsigned ch size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); # endif @@ -257,7 +257,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c # ifdef AES_CTR_ASM void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, -@@ -193,6 +196,8 @@ extern unsigned int OPENSSL_ia32cap_P[]; +@@ -194,6 +197,8 @@ extern unsigned int OPENSSL_ia32cap_P[]; */ # define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) @@ -266,7 +266,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, -@@ -262,6 +267,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128 +@@ -263,6 +268,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128 # undef AES_GCM_ASM2 /* minor size optimization */ # endif @@ -275,12 +275,12 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { -Index: openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c +Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-05-29 13:57:01.501491652 +0200 -+++ openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-05-29 14:09:13.009860938 +0200 +--- openssl-1.0.2b.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 17:50:03.672860241 +0200 @@ -97,6 +97,8 @@ typedef struct { - extern unsigned int OPENSSL_ia32cap_P[3]; + extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) +#pragma GCC visibility push(hidden) @@ -297,10 +297,10 @@ Index: openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c # define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, -Index: openssl-1.0.2a/crypto/evp/evp_locl.h +Index: openssl-1.0.2b/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_locl.h 2015-05-29 13:57:01.502491662 +0200 -+++ openssl-1.0.2a/crypto/evp/evp_locl.h 2015-05-29 14:09:56.939363434 +0200 +--- openssl-1.0.2b.orig/crypto/evp/evp_locl.h 2015-06-11 17:41:59.492534560 +0200 ++++ openssl-1.0.2b/crypto/evp/evp_locl.h 2015-06-11 17:50:03.672860241 +0200 @@ -261,6 +261,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void EVP_CIPH_FLAG_DEFAULT_ASN1, \ cipher##_init_key, NULL, NULL, NULL, NULL) @@ -319,10 +319,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_locl.h #ifdef OPENSSL_FIPS # ifdef OPENSSL_DOING_MAKEDEPEND -Index: openssl-1.0.2a/crypto/md4/md4_locl.h +Index: openssl-1.0.2b/crypto/md4/md4_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/md4/md4_locl.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/md4/md4_locl.h 2015-05-29 14:10:54.331025396 +0200 +--- openssl-1.0.2b.orig/crypto/md4/md4_locl.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/md4/md4_locl.h 2015-06-11 17:50:03.672860241 +0200 @@ -65,7 +65,7 @@ # define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif @@ -332,10 +332,10 @@ Index: openssl-1.0.2a/crypto/md4/md4_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2a/crypto/md5/md5_locl.h +Index: openssl-1.0.2b/crypto/md5/md5_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/md5/md5_locl.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/md5/md5_locl.h 2015-05-29 14:11:40.218580180 +0200 +--- openssl-1.0.2b.orig/crypto/md5/md5_locl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/md5/md5_locl.h 2015-06-11 17:50:03.672860241 +0200 @@ -76,7 +76,7 @@ # endif #endif @@ -345,10 +345,10 @@ Index: openssl-1.0.2a/crypto/md5/md5_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2a/crypto/modes/modes_lcl.h +Index: openssl-1.0.2b/crypto/modes/modes_lcl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/modes/modes_lcl.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/modes/modes_lcl.h 2015-05-29 14:12:47.352391628 +0200 +--- openssl-1.0.2b.orig/crypto/modes/modes_lcl.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/modes/modes_lcl.h 2015-06-11 17:50:03.672860241 +0200 @@ -89,6 +89,9 @@ _asm mov eax, val _asm bswap eax} # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) @@ -365,10 +365,10 @@ Index: openssl-1.0.2a/crypto/modes/modes_lcl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/o_str.h +Index: openssl-1.0.2b/crypto/o_str.h =================================================================== ---- openssl-1.0.2a.orig/crypto/o_str.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/o_str.h 2015-05-29 14:13:21.018798729 +0200 +--- openssl-1.0.2b.orig/crypto/o_str.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/o_str.h 2015-06-11 17:50:03.672860241 +0200 @@ -61,9 +61,11 @@ # define HEADER_O_STR_H @@ -381,10 +381,10 @@ Index: openssl-1.0.2a/crypto/o_str.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/o_time.h +Index: openssl-1.0.2b/crypto/o_time.h =================================================================== ---- openssl-1.0.2a.orig/crypto/o_time.h 2015-05-29 13:58:53.836777204 +0200 -+++ openssl-1.0.2a/crypto/o_time.h 2015-05-29 14:14:00.740278452 +0200 +--- openssl-1.0.2b.orig/crypto/o_time.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/o_time.h 2015-06-11 17:50:03.672860241 +0200 @@ -61,10 +61,12 @@ # define HEADER_O_TIME_H @@ -398,10 +398,10 @@ Index: openssl-1.0.2a/crypto/o_time.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/ripemd/rmd_locl.h +Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ripemd/rmd_locl.h 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/ripemd/rmd_locl.h 2015-05-29 14:14:42.587783890 +0200 +--- openssl-1.0.2b.orig/crypto/ripemd/rmd_locl.h 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/ripemd/rmd_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -76,7 +76,7 @@ # endif #endif @@ -411,20 +411,20 @@ Index: openssl-1.0.2a/crypto/ripemd/rmd_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2a/crypto/rsa/rsa_locl.h +Index: openssl-1.0.2b/crypto/rsa/rsa_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_locl.h 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_locl.h 2015-05-29 14:15:18.372216267 +0200 +--- openssl-1.0.2b.orig/crypto/rsa/rsa_locl.h 2015-06-11 15:00:12.000000000 +0200 ++++ openssl-1.0.2b/crypto/rsa/rsa_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -1,4 +1,4 @@ extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf, - size_t siglen, RSA *rsa); + size_t siglen, RSA *rsa) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.2a/crypto/sha/sha256.c +Index: openssl-1.0.2b/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha256.c 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/sha/sha256.c 2015-05-29 14:16:36.509166160 +0200 +--- openssl-1.0.2b.orig/crypto/sha/sha256.c 2015-06-11 17:41:59.509534778 +0200 ++++ openssl-1.0.2b/crypto/sha/sha256.c 2015-06-11 17:50:03.673860254 +0200 @@ -135,7 +135,7 @@ int SHA224_Final(unsigned char *md, SHA2 # ifndef SHA256_ASM static @@ -434,10 +434,10 @@ Index: openssl-1.0.2a/crypto/sha/sha256.c # include "md32_common.h" -Index: openssl-1.0.2a/crypto/sha/sha512.c +Index: openssl-1.0.2b/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha512.c 2015-05-29 13:58:53.837777216 +0200 -+++ openssl-1.0.2a/crypto/sha/sha512.c 2015-05-29 14:17:13.260611799 +0200 +--- openssl-1.0.2b.orig/crypto/sha/sha512.c 2015-06-11 17:41:59.509534778 +0200 ++++ openssl-1.0.2b/crypto/sha/sha512.c 2015-06-11 17:50:03.673860254 +0200 @@ -109,7 +109,7 @@ fips_md_init(SHA512) # ifndef SHA512_ASM static @@ -447,10 +447,10 @@ Index: openssl-1.0.2a/crypto/sha/sha512.c int SHA512_Final(unsigned char *md, SHA512_CTX *c) { -Index: openssl-1.0.2a/crypto/sha/sha_locl.h +Index: openssl-1.0.2b/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha_locl.h 2015-05-29 13:58:53.838777227 +0200 -+++ openssl-1.0.2a/crypto/sha/sha_locl.h 2015-05-29 14:17:59.773173925 +0200 +--- openssl-1.0.2b.orig/crypto/sha/sha_locl.h 2015-06-11 17:41:59.509534778 +0200 ++++ openssl-1.0.2b/crypto/sha/sha_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -108,7 +108,7 @@ static void sha_block_data_order(SHA_CTX # ifndef SHA1_ASM static @@ -460,10 +460,10 @@ Index: openssl-1.0.2a/crypto/sha/sha_locl.h #else # error "Either SHA_0 or SHA_1 must be defined." -Index: openssl-1.0.2a/crypto/store/str_locl.h +Index: openssl-1.0.2b/crypto/store/str_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/store/str_locl.h 2015-05-29 13:57:01.505491696 +0200 -+++ openssl-1.0.2a/crypto/store/str_locl.h 2015-05-29 13:58:53.838777227 +0200 +--- openssl-1.0.2b.orig/crypto/store/str_locl.h 2015-03-19 15:02:02.000000000 +0100 ++++ openssl-1.0.2b/crypto/store/str_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -63,6 +63,8 @@ # include # include @@ -480,10 +480,10 @@ Index: openssl-1.0.2a/crypto/store/str_locl.h - +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/ui/ui_locl.h +Index: openssl-1.0.2b/crypto/ui/ui_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/ui/ui_locl.h 2015-05-29 13:58:53.838777227 +0200 -+++ openssl-1.0.2a/crypto/ui/ui_locl.h 2015-05-29 14:18:44.460717716 +0200 +--- openssl-1.0.2b.orig/crypto/ui/ui_locl.h 2015-03-19 15:02:02.000000000 +0100 ++++ openssl-1.0.2b/crypto/ui/ui_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -67,6 +67,8 @@ # undef _ # endif @@ -499,19 +499,19 @@ Index: openssl-1.0.2a/crypto/ui/ui_locl.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2a/crypto/whrlpool/wp_locl.h +Index: openssl-1.0.2b/crypto/whrlpool/wp_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/whrlpool/wp_locl.h 2015-05-29 13:58:53.838777227 +0200 -+++ openssl-1.0.2a/crypto/whrlpool/wp_locl.h 2015-05-29 14:19:16.174102106 +0200 +--- openssl-1.0.2b.orig/crypto/whrlpool/wp_locl.h 2015-06-11 15:00:12.000000000 +0200 ++++ openssl-1.0.2b/crypto/whrlpool/wp_locl.h 2015-06-11 17:50:03.673860254 +0200 @@ -1,3 +1,3 @@ #include -void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t); +void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.2a/crypto/x509v3/ext_dat.h +Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h =================================================================== ---- openssl-1.0.2a.orig/crypto/x509v3/ext_dat.h 2015-05-29 13:57:01.505491696 +0200 -+++ openssl-1.0.2a/crypto/x509v3/ext_dat.h 2015-05-29 13:58:53.839777239 +0200 +--- openssl-1.0.2b.orig/crypto/x509v3/ext_dat.h 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/x509v3/ext_dat.h 2015-06-11 17:50:03.674860267 +0200 @@ -58,6 +58,8 @@ */ /* This file contains a table of "standard" extensions */ @@ -529,10 +529,10 @@ Index: openssl-1.0.2a/crypto/x509v3/ext_dat.h /* Number of standard extensions */ #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) -Index: openssl-1.0.2a/crypto/x509v3/pcy_int.h +Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h =================================================================== ---- openssl-1.0.2a.orig/crypto/x509v3/pcy_int.h 2015-05-29 13:57:01.506491709 +0200 -+++ openssl-1.0.2a/crypto/x509v3/pcy_int.h 2015-05-29 14:19:55.941583947 +0200 +--- openssl-1.0.2b.orig/crypto/x509v3/pcy_int.h 2015-06-11 15:00:12.000000000 +0200 ++++ openssl-1.0.2b/crypto/x509v3/pcy_int.h 2015-06-11 17:50:03.674860267 +0200 @@ -57,6 +57,8 @@ * */ @@ -548,10 +548,10 @@ Index: openssl-1.0.2a/crypto/x509v3/pcy_int.h const X509_POLICY_CACHE *policy_cache_set(X509 *x); + +#pragma GCC visibility pop -Index: openssl-1.0.2a/crypto/modes/gcm128.c +Index: openssl-1.0.2b/crypto/modes/gcm128.c =================================================================== ---- openssl-1.0.2a.orig/crypto/modes/gcm128.c 2015-05-29 13:58:53.840777250 +0200 -+++ openssl-1.0.2a/crypto/modes/gcm128.c 2015-05-29 14:21:51.614984305 +0200 +--- openssl-1.0.2b.orig/crypto/modes/gcm128.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/modes/gcm128.c 2015-06-11 17:50:03.674860267 +0200 @@ -602,9 +602,9 @@ static void gcm_ghash_4bit(u64 Xi[2], co } # endif @@ -566,7 +566,7 @@ Index: openssl-1.0.2a/crypto/modes/gcm128.c # define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) @@ -696,10 +696,10 @@ static void gcm_gmult_1bit(u64 Xi[2], co # define GCM_FUNCREF_4BIT - extern unsigned int OPENSSL_ia32cap_P[2]; + extern unsigned int OPENSSL_ia32cap_P[]; -void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); @@ -578,11 +578,11 @@ Index: openssl-1.0.2a/crypto/modes/gcm128.c # if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define gcm_init_avx gcm_init_clmul -Index: openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c +Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_rc4_hmac_md5.c 2015-05-29 13:58:53.840777250 +0200 -+++ openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c 2015-05-29 14:22:20.495333738 +0200 -@@ -77,7 +77,7 @@ typedef struct { +--- openssl-1.0.2b.orig/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 17:50:03.674860267 +0200 +@@ -78,7 +78,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, @@ -591,10 +591,10 @@ Index: openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c # define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) -Index: openssl-1.0.2a/crypto/cmac/cm_ameth.c +Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/cmac/cm_ameth.c 2015-05-29 13:58:53.840777250 +0200 -+++ openssl-1.0.2a/crypto/cmac/cm_ameth.c 2015-05-29 14:23:02.278839089 +0200 +--- openssl-1.0.2b.orig/crypto/cmac/cm_ameth.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/cmac/cm_ameth.c 2015-06-11 17:50:03.674860267 +0200 @@ -73,7 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey if (cmctx) CMAC_CTX_free(cmctx); @@ -604,10 +604,10 @@ Index: openssl-1.0.2a/crypto/cmac/cm_ameth.c const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, -Index: openssl-1.0.2a/crypto/evp/pmeth_lib.c +Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/pmeth_lib.c 2015-05-29 13:57:01.507491720 +0200 -+++ openssl-1.0.2a/crypto/evp/pmeth_lib.c 2015-05-29 13:58:53.841777261 +0200 +--- openssl-1.0.2b.orig/crypto/evp/pmeth_lib.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/evp/pmeth_lib.c 2015-06-11 17:50:03.675860280 +0200 @@ -71,7 +71,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -617,10 +617,10 @@ Index: openssl-1.0.2a/crypto/evp/pmeth_lib.c extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -Index: openssl-1.0.2a/crypto/cmac/cm_pmeth.c +Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/cmac/cm_pmeth.c 2015-05-29 13:58:53.841777261 +0200 -+++ openssl-1.0.2a/crypto/cmac/cm_pmeth.c 2015-05-29 14:23:33.695219495 +0200 +--- openssl-1.0.2b.orig/crypto/cmac/cm_pmeth.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/cmac/cm_pmeth.c 2015-06-11 17:50:03.675860280 +0200 @@ -182,6 +182,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C return -2; } @@ -629,10 +629,10 @@ Index: openssl-1.0.2a/crypto/cmac/cm_pmeth.c const EVP_PKEY_METHOD cmac_pkey_meth = { EVP_PKEY_CMAC, EVP_PKEY_FLAG_SIGCTX_CUSTOM, -Index: openssl-1.0.2a/crypto/rand/md_rand.c +Index: openssl-1.0.2b/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rand/md_rand.c 2015-05-29 13:58:53.841777261 +0200 -+++ openssl-1.0.2a/crypto/rand/md_rand.c 2015-05-29 14:24:04.870595846 +0200 +--- openssl-1.0.2b.orig/crypto/rand/md_rand.c 2015-06-11 17:41:59.506534739 +0200 ++++ openssl-1.0.2b/crypto/rand/md_rand.c 2015-06-11 17:50:03.675860280 +0200 @@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_status(void); @@ -642,10 +642,10 @@ Index: openssl-1.0.2a/crypto/rand/md_rand.c ssleay_rand_seed, ssleay_rand_nopseudo_bytes, ssleay_rand_cleanup, -Index: openssl-1.0.2a/crypto/dh/dh_ameth.c +Index: openssl-1.0.2b/crypto/dh/dh_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_ameth.c 2015-05-29 13:58:53.842777273 +0200 -+++ openssl-1.0.2a/crypto/dh/dh_ameth.c 2015-05-29 14:24:30.526905527 +0200 +--- openssl-1.0.2b.orig/crypto/dh/dh_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/dh/dh_ameth.c 2015-06-11 17:50:03.675860280 +0200 @@ -584,6 +584,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, } @@ -654,10 +654,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_ameth.c const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, EVP_PKEY_DH, -Index: openssl-1.0.2a/crypto/dh/dh_pmeth.c +Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_pmeth.c 2015-05-29 13:58:53.842777273 +0200 -+++ openssl-1.0.2a/crypto/dh/dh_pmeth.c 2015-05-29 14:25:02.208288551 +0200 +--- openssl-1.0.2b.orig/crypto/dh/dh_pmeth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/dh/dh_pmeth.c 2015-06-11 17:50:03.675860280 +0200 @@ -482,6 +482,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * return 1; } @@ -666,10 +666,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_pmeth.c const EVP_PKEY_METHOD dh_pkey_meth = { EVP_PKEY_DH, 0, -Index: openssl-1.0.2a/crypto/dsa/dsa_ameth.c +Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_ameth.c 2015-05-29 13:58:53.842777273 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_ameth.c 2015-05-29 14:25:24.527557694 +0200 +--- openssl-1.0.2b.orig/crypto/dsa/dsa_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/dsa/dsa_ameth.c 2015-06-11 17:50:03.676860293 +0200 @@ -620,6 +620,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, /* NB these are sorted in pkey_id order, lowest first */ @@ -678,10 +678,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_ameth.c const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { { -Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_pmeth.c 2015-05-29 13:58:53.843777284 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_pmeth.c 2015-05-29 14:25:50.943876979 +0200 +--- openssl-1.0.2b.orig/crypto/dsa/dsa_pmeth.c 2015-06-11 17:41:59.488534507 +0200 ++++ openssl-1.0.2b/crypto/dsa/dsa_pmeth.c 2015-06-11 17:50:03.676860293 +0200 @@ -278,6 +278,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX return DSA_generate_key(pkey->pkey.dsa); } @@ -690,10 +690,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, EVP_PKEY_FLAG_AUTOARGLEN, -Index: openssl-1.0.2a/crypto/ec/ec_ameth.c +Index: openssl-1.0.2b/crypto/ec/ec_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_ameth.c 2015-05-29 13:58:53.843777284 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_ameth.c 2015-05-29 14:26:15.256170382 +0200 +--- openssl-1.0.2b.orig/crypto/ec/ec_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ec/ec_ameth.c 2015-06-11 17:50:03.676860293 +0200 @@ -608,6 +608,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, } @@ -702,10 +702,10 @@ Index: openssl-1.0.2a/crypto/ec/ec_ameth.c const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, -Index: openssl-1.0.2a/crypto/ec/ec_pmeth.c +Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ec/ec_pmeth.c 2015-05-29 13:58:53.843777284 +0200 -+++ openssl-1.0.2a/crypto/ec/ec_pmeth.c 2015-05-29 14:26:42.183495689 +0200 +--- openssl-1.0.2b.orig/crypto/ec/ec_pmeth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/ec/ec_pmeth.c 2015-06-11 17:50:03.676860293 +0200 @@ -491,6 +491,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * return EC_KEY_generate_key(pkey->pkey.ec); } @@ -714,10 +714,10 @@ Index: openssl-1.0.2a/crypto/ec/ec_pmeth.c const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, 0, -Index: openssl-1.0.2a/crypto/hmac/hm_ameth.c +Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/hmac/hm_ameth.c 2015-05-29 13:58:53.844777296 +0200 -+++ openssl-1.0.2a/crypto/hmac/hm_ameth.c 2015-05-29 14:27:00.087711757 +0200 +--- openssl-1.0.2b.orig/crypto/hmac/hm_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/hmac/hm_ameth.c 2015-06-11 17:50:03.676860293 +0200 @@ -135,6 +135,7 @@ static int old_hmac_encode(const EVP_PKE #endif @@ -726,10 +726,10 @@ Index: openssl-1.0.2a/crypto/hmac/hm_ameth.c const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, -Index: openssl-1.0.2a/crypto/hmac/hm_pmeth.c +Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/hmac/hm_pmeth.c 2015-05-29 13:58:53.844777296 +0200 -+++ openssl-1.0.2a/crypto/hmac/hm_pmeth.c 2015-05-29 14:27:18.207930409 +0200 +--- openssl-1.0.2b.orig/crypto/hmac/hm_pmeth.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/hmac/hm_pmeth.c 2015-06-11 17:50:03.676860293 +0200 @@ -228,6 +228,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C return -2; } @@ -738,10 +738,10 @@ Index: openssl-1.0.2a/crypto/hmac/hm_pmeth.c const EVP_PKEY_METHOD hmac_pkey_meth = { EVP_PKEY_HMAC, 0, -Index: openssl-1.0.2a/crypto/rsa/rsa_ameth.c +Index: openssl-1.0.2b/crypto/rsa/rsa_ameth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_ameth.c 2015-05-29 13:58:53.844777296 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_ameth.c 2015-05-29 14:27:55.153376094 +0200 +--- openssl-1.0.2b.orig/crypto/rsa/rsa_ameth.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/rsa/rsa_ameth.c 2015-06-11 17:50:03.677860306 +0200 @@ -921,6 +921,7 @@ static int rsa_cms_encrypt(CMS_Recipient return rv; } @@ -750,11 +750,11 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_ameth.c const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { EVP_PKEY_RSA, -Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_pmeth.c 2015-05-29 13:58:53.845777307 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_pmeth.c 2015-05-29 14:28:12.111582149 +0200 -@@ -717,6 +717,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX +--- openssl-1.0.2b.orig/crypto/rsa/rsa_pmeth.c 2015-06-11 17:41:59.508534765 +0200 ++++ openssl-1.0.2b/crypto/rsa/rsa_pmeth.c 2015-06-11 17:50:03.677860306 +0200 +@@ -723,6 +723,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX return ret; } @@ -762,10 +762,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c const EVP_PKEY_METHOD rsa_pkey_meth = { EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN, -Index: openssl-1.0.2a/crypto/objects/obj_xref.c +Index: openssl-1.0.2b/crypto/objects/obj_xref.c =================================================================== ---- openssl-1.0.2a.orig/crypto/objects/obj_xref.c 2015-05-29 13:57:01.511491765 +0200 -+++ openssl-1.0.2a/crypto/objects/obj_xref.c 2015-05-29 13:58:53.845777307 +0200 +--- openssl-1.0.2b.orig/crypto/objects/obj_xref.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/objects/obj_xref.c 2015-06-11 17:50:03.677860306 +0200 @@ -61,7 +61,7 @@ #include "obj_xref.h" @@ -775,10 +775,10 @@ Index: openssl-1.0.2a/crypto/objects/obj_xref.c static int sig_cmp(const nid_triple *a, const nid_triple *b) { -Index: openssl-1.0.2a/crypto/pem/pem_lib.c +Index: openssl-1.0.2b/crypto/pem/pem_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/pem/pem_lib.c 2015-05-29 13:57:01.512491776 +0200 -+++ openssl-1.0.2a/crypto/pem/pem_lib.c 2015-05-29 13:58:53.845777307 +0200 +--- openssl-1.0.2b.orig/crypto/pem/pem_lib.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/pem/pem_lib.c 2015-06-11 17:50:03.677860306 +0200 @@ -80,7 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL static int load_iv(char **fromp, unsigned char *to, int num); @@ -788,10 +788,10 @@ Index: openssl-1.0.2a/crypto/pem/pem_lib.c int PEM_def_callback(char *buf, int num, int w, void *key) { -Index: openssl-1.0.2a/crypto/asn1/tasn_prn.c +Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c =================================================================== ---- openssl-1.0.2a.orig/crypto/asn1/tasn_prn.c 2015-05-29 13:58:53.845777307 +0200 -+++ openssl-1.0.2a/crypto/asn1/tasn_prn.c 2015-05-29 14:28:41.568929701 +0200 +--- openssl-1.0.2b.orig/crypto/asn1/tasn_prn.c 2015-06-11 15:01:06.000000000 +0200 ++++ openssl-1.0.2b/crypto/asn1/tasn_prn.c 2015-06-11 17:50:03.677860306 +0200 @@ -73,7 +73,7 @@ /* ASN1_PCTX routines */ @@ -801,10 +801,10 @@ Index: openssl-1.0.2a/crypto/asn1/tasn_prn.c ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ 0, /* nm_flags */ 0, /* cert_flags */ -Index: openssl-1.0.2a/crypto/bn/bn_exp.c +Index: openssl-1.0.2b/crypto/bn/bn_exp.c =================================================================== ---- openssl-1.0.2a.orig/crypto/bn/bn_exp.c 2015-05-29 13:58:53.846777318 +0200 -+++ openssl-1.0.2a/crypto/bn/bn_exp.c 2015-05-29 14:29:50.256737750 +0200 +--- openssl-1.0.2b.orig/crypto/bn/bn_exp.c 2015-06-11 15:50:11.000000000 +0200 ++++ openssl-1.0.2b/crypto/bn/bn_exp.c 2015-06-11 17:50:03.678860319 +0200 @@ -947,10 +947,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr */ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, @@ -819,10 +819,10 @@ Index: openssl-1.0.2a/crypto/bn/bn_exp.c void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); -Index: openssl-1.0.2a/crypto/bn/bn_gf2m.c +Index: openssl-1.0.2b/crypto/bn/bn_gf2m.c =================================================================== ---- openssl-1.0.2a.orig/crypto/bn/bn_gf2m.c 2015-05-29 13:58:53.846777318 +0200 -+++ openssl-1.0.2a/crypto/bn/bn_gf2m.c 2015-05-29 14:31:03.496598921 +0200 +--- openssl-1.0.2b.orig/crypto/bn/bn_gf2m.c 2015-06-11 15:52:57.000000000 +0200 ++++ openssl-1.0.2b/crypto/bn/bn_gf2m.c 2015-06-11 17:50:03.678860319 +0200 @@ -321,7 +321,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, } # else diff --git a/bsc936563_hack.patch b/bsc936563_hack.patch new file mode 100644 index 0000000..ce27bf0 --- /dev/null +++ b/bsc936563_hack.patch @@ -0,0 +1,13 @@ +Index: openssl-1.0.2c/crypto/ec/Makefile +=================================================================== +--- openssl-1.0.2c.orig/crypto/ec/Makefile ++++ openssl-1.0.2c/crypto/ec/Makefile +@@ -10,7 +10,7 @@ CFLAG=-g + MAKEFILE= Makefile + AR= ar r + +-CFLAGS= $(INCLUDES) $(CFLAG) ++CFLAGS= $(INCLUDES) $(CFLAG) -O0 + ASFLAGS= $(INCLUDES) $(ASFLAG) + AFLAGS= $(ASFLAGS) + diff --git a/compression_methods_switch.patch b/compression_methods_switch.patch index 916adce..5ffd9b0 100644 --- a/compression_methods_switch.patch +++ b/compression_methods_switch.patch @@ -1,10 +1,10 @@ -Index: openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod +Index: openssl-1.0.2b/doc/ssl/SSL_COMP_add_compression_method.pod =================================================================== ---- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-03 22:10:19.262805732 +0200 -+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-03 22:10:28.958939879 +0200 -@@ -41,6 +41,24 @@ of compression methods supported on a pe - The OpenSSL library has the compression methods B and (when - especially enabled during compilation) B available. +--- openssl-1.0.2b.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-06-11 20:11:49.353667505 +0200 ++++ openssl-1.0.2b/doc/ssl/SSL_COMP_add_compression_method.pod 2015-06-11 20:11:51.183689314 +0200 +@@ -47,6 +47,24 @@ of compression methods supported on a pe + If enabled during compilation, the OpenSSL library will have the + COMP_zlib() compression method available. +And, there is an environment variable to switch the compression +methods off and on. In default the compression is off to mitigate @@ -27,10 +27,10 @@ Index: openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod =head1 WARNINGS Once the identities of the compression methods for the TLS protocol have -Index: openssl-1.0.2a/ssl/ssl_ciph.c +Index: openssl-1.0.2b/ssl/ssl_ciph.c =================================================================== ---- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-04-03 22:10:28.959939893 +0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-03 22:12:33.425662139 +0200 +--- openssl-1.0.2b.orig/ssl/ssl_ciph.c 2015-06-11 20:11:49.353667505 +0200 ++++ openssl-1.0.2b/ssl/ssl_ciph.c 2015-06-11 20:11:51.183689314 +0200 @@ -478,10 +478,16 @@ static void load_builtin_compressions(vo if (ssl_comp_methods == NULL) { diff --git a/merge_from_0.9.8k.patch b/merge_from_0.9.8k.patch index b2cb2b1..d188315 100644 --- a/merge_from_0.9.8k.patch +++ b/merge_from_0.9.8k.patch @@ -1,8 +1,13 @@ +--- + Configure | 4 ++-- + config | 23 +++++++++++++++-------- + 2 files changed, 17 insertions(+), 10 deletions(-) + Index: openssl-1.0.2a/Configure =================================================================== ---- openssl-1.0.2a.orig/Configure 2015-05-30 21:58:49.358278076 +0200 -+++ openssl-1.0.2a/Configure 2015-05-30 21:58:52.830317683 +0200 -@@ -996,7 +996,7 @@ PROCESS_ARGS: +--- openssl-1.0.2a.orig/Configure ++++ openssl-1.0.2a/Configure +@@ -978,7 +978,7 @@ PROCESS_ARGS: } else { @@ -11,7 +16,7 @@ Index: openssl-1.0.2a/Configure $target=$_; } -@@ -1276,7 +1276,7 @@ if ($target =~ /linux.*\-mips/ && !$no_a +@@ -1258,7 +1258,7 @@ if ($target =~ /linux.*\-mips/ && !$no_a my $no_shared_warn=0; my $no_user_cflags=0; @@ -22,8 +27,8 @@ Index: openssl-1.0.2a/Configure # Kerberos settings. The flavor must be provided from outside, either through Index: openssl-1.0.2a/config =================================================================== ---- openssl-1.0.2a.orig/config 2015-05-30 21:58:49.358278076 +0200 -+++ openssl-1.0.2a/config 2015-05-30 21:58:52.830317683 +0200 +--- openssl-1.0.2a.orig/config ++++ openssl-1.0.2a/config @@ -573,7 +573,8 @@ case "$GUESSOS" in options="$options -arch%20${MACHINE}" OUT="iphoneos-cross" ;; @@ -34,17 +39,19 @@ Index: openssl-1.0.2a/config case ${ISA:-generic} in *[678]) OUT="linux-alpha+bwx-$CC" ;; *) OUT="linux-alpha-$CC" ;; -@@ -598,7 +599,9 @@ case "$GUESSOS" in +@@ -598,8 +599,10 @@ case "$GUESSOS" in if [ "$KERNEL_BITS" = "64" ]; then OUT="linux-ppc64" else - OUT="linux-ppc" +- (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" +# OUT="linux-ppc" + # we have the target and force it here + OUT="linux-ppc64" - (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32" ++ (echo "__LP64" | gcc -E -x c - 2>/dev/null | grep "^__LP64" 2>&1 > /dev/null) || options="$options -m32" fi ;; + ppc64le-*-linux2) OUT="linux-ppc64le" ;; @@ -632,10 +635,10 @@ case "$GUESSOS" in sparc-*-linux2) KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo` diff --git a/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch b/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch index dfdd05b..af00b70 100644 --- a/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch +++ b/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch @@ -1,9 +1,9 @@ -Index: openssl-1.0.2a/test/testssl +Index: openssl-1.0.2b/test/testssl =================================================================== ---- openssl-1.0.2a.orig/test/testssl 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/test/testssl 2015-05-24 14:06:02.038506053 +0200 -@@ -138,6 +138,25 @@ for protocol in TLSv1.2 SSLv3; do - done +--- openssl-1.0.2b.orig/test/testssl 2015-06-11 20:11:36.398513121 +0200 ++++ openssl-1.0.2b/test/testssl 2015-06-11 20:15:40.833426946 +0200 +@@ -192,6 +192,25 @@ for protocol in TLSv1.2 SSLv3; do + fi done +echo "Testing default ciphersuites" diff --git a/openssl-1.0.2a-default-paths.patch b/openssl-1.0.2a-default-paths.patch index a6f665d..7623ca9 100644 --- a/openssl-1.0.2a-default-paths.patch +++ b/openssl-1.0.2a-default-paths.patch @@ -1,25 +1,9 @@ -diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_client.c ---- openssl-1.0.2a/apps/s_client.c.default-paths 2015-04-20 14:48:31.462166971 +0200 -+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 14:52:55.125316170 +0200 -@@ -1336,19 +1336,16 @@ int MAIN(int argc, char **argv) - - SSL_CTX_set_verify(ctx, verify, verify_callback); - -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) { -- /* -- * BIO_printf(bio_err,"error setting default verify locations\n"); -- */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx)) { -+ ERR_print_errors(bio_err); -+ } -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { -+ ERR_print_errors(bio_err); -+ } +Index: openssl-1.0.2b/apps/s_client.c +=================================================================== +--- openssl-1.0.2b.orig/apps/s_client.c 2015-06-11 17:28:32.039203737 +0200 ++++ openssl-1.0.2b/apps/s_client.c 2015-06-11 17:39:40.138741521 +0200 +@@ -1346,10 +1346,6 @@ int MAIN(int argc, char **argv) + ERR_print_errors(bio_err); } - ssl_ctx_add_crls(ctx, crls, crl_download); @@ -29,10 +13,11 @@ diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_clie #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { tlsextcbp.biodebug = bio_err; -diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_server.c ---- openssl-1.0.2a/apps/s_server.c.default-paths 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 14:48:31.462166971 +0200 -@@ -1768,12 +1768,16 @@ int MAIN(int argc, char *argv[]) +Index: openssl-1.0.2b/apps/s_server.c +=================================================================== +--- openssl-1.0.2b.orig/apps/s_server.c 2015-06-11 17:28:04.879854931 +0200 ++++ openssl-1.0.2b/apps/s_server.c 2015-06-11 17:28:32.040203749 +0200 +@@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[]) } #endif @@ -54,7 +39,7 @@ diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_serv if (vpm) SSL_CTX_set1_param(ctx, vpm); -@@ -1830,8 +1834,10 @@ int MAIN(int argc, char *argv[]) +@@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[]) else SSL_CTX_sess_set_cache_size(ctx2, 128); @@ -67,9 +52,10 @@ diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_serv ERR_print_errors(bio_err); } if (vpm) -diff -up openssl-1.0.2a/apps/s_time.c.default-paths openssl-1.0.2a/apps/s_time.c ---- openssl-1.0.2a/apps/s_time.c.default-paths 2015-04-20 14:48:31.462166971 +0200 -+++ openssl-1.0.2a/apps/s_time.c 2015-04-20 14:55:14.232542738 +0200 +Index: openssl-1.0.2b/apps/s_time.c +=================================================================== +--- openssl-1.0.2b.orig/apps/s_time.c 2015-06-11 17:28:04.879854931 +0200 ++++ openssl-1.0.2b/apps/s_time.c 2015-06-11 17:28:32.040203749 +0200 @@ -381,13 +381,14 @@ int MAIN(int argc, char **argv) SSL_load_error_strings(); diff --git a/openssl-1.0.2a-fips.patch b/openssl-1.0.2a-fips.patch index e42921a..c4169bc 100644 --- a/openssl-1.0.2a-fips.patch +++ b/openssl-1.0.2a-fips.patch @@ -1,7 +1,7 @@ -Index: openssl-1.0.2a/apps/speed.c +Index: openssl-1.0.2c/apps/speed.c =================================================================== ---- openssl-1.0.2a.orig/apps/speed.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/speed.c 2015-05-24 12:53:19.134111196 +0200 +--- openssl-1.0.2c.orig/apps/speed.c 2015-06-12 23:20:59.468588414 +0200 ++++ openssl-1.0.2c/apps/speed.c 2015-06-12 23:21:28.252934111 +0200 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -134,11 +134,11 @@ Index: openssl-1.0.2a/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -Index: openssl-1.0.2a/Configure +Index: openssl-1.0.2c/Configure =================================================================== ---- openssl-1.0.2a.orig/Configure 2015-05-24 12:53:19.089110545 +0200 -+++ openssl-1.0.2a/Configure 2015-05-24 12:53:19.134111196 +0200 -@@ -1053,11 +1053,6 @@ if (defined($disabled{"md5"}) || defined +--- openssl-1.0.2c.orig/Configure 2015-06-12 23:20:49.250465706 +0200 ++++ openssl-1.0.2c/Configure 2015-06-12 23:21:28.253934123 +0200 +@@ -1070,11 +1070,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -150,7 +150,7 @@ Index: openssl-1.0.2a/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1545,7 +1540,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1563,7 +1558,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -158,7 +158,7 @@ Index: openssl-1.0.2a/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1737,9 +1731,12 @@ while () +@@ -1764,9 +1758,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -172,10 +172,10 @@ Index: openssl-1.0.2a/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.2a/crypto/aes/aes_misc.c +Index: openssl-1.0.2c/crypto/aes/aes_misc.c =================================================================== ---- openssl-1.0.2a.orig/crypto/aes/aes_misc.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/aes/aes_misc.c 2015-05-24 12:53:19.134111196 +0200 +--- openssl-1.0.2c.orig/crypto/aes/aes_misc.c 2015-06-12 23:20:59.469588427 +0200 ++++ openssl-1.0.2c/crypto/aes/aes_misc.c 2015-06-12 23:21:28.253934123 +0200 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -194,10 +194,10 @@ Index: openssl-1.0.2a/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.2a/crypto/cmac/cmac.c +Index: openssl-1.0.2c/crypto/cmac/cmac.c =================================================================== ---- openssl-1.0.2a.orig/crypto/cmac/cmac.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/cmac/cmac.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/cmac/cmac.c 2015-06-12 23:20:59.469588427 +0200 ++++ openssl-1.0.2c/crypto/cmac/cmac.c 2015-06-12 23:21:28.253934123 +0200 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -211,7 +211,7 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c EVP_CIPHER_CTX_cleanup(&ctx->cctx); OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); -@@ -158,12 +152,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void +@@ -160,12 +154,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); return 0; } @@ -224,7 +224,7 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c } #endif /* All zeros means restart */ -@@ -209,10 +197,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -211,10 +199,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi { const unsigned char *data = in; size_t bl; @@ -235,7 +235,7 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; if (dlen == 0) -@@ -252,10 +236,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -254,10 +238,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb; @@ -246,10 +246,10 @@ Index: openssl-1.0.2a/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.2a/crypto/crypto.h +Index: openssl-1.0.2c/crypto/crypto.h =================================================================== ---- openssl-1.0.2a.orig/crypto/crypto.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/crypto.h 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/crypto.h 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/crypto.h 2015-06-12 23:21:28.254934135 +0200 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -295,10 +295,10 @@ Index: openssl-1.0.2a/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.2a/crypto/des/des.h +Index: openssl-1.0.2c/crypto/des/des.h =================================================================== ---- openssl-1.0.2a.orig/crypto/des/des.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/des/des.h 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/des/des.h 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/des/des.h 2015-06-12 23:21:28.254934135 +0200 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -310,10 +310,10 @@ Index: openssl-1.0.2a/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -Index: openssl-1.0.2a/crypto/des/set_key.c +Index: openssl-1.0.2c/crypto/des/set_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/des/set_key.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/des/set_key.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/des/set_key.c 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/des/set_key.c 2015-06-12 23:21:28.254934135 +0200 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -330,10 +330,10 @@ Index: openssl-1.0.2a/crypto/des/set_key.c { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -Index: openssl-1.0.2a/crypto/dh/dh_gen.c +Index: openssl-1.0.2c/crypto/dh/dh_gen.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_gen.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_gen.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh_gen.c 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/dh/dh_gen.c 2015-06-12 23:21:28.254934135 +0200 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -364,10 +364,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -Index: openssl-1.0.2a/crypto/dh/dh.h +Index: openssl-1.0.2c/crypto/dh/dh.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh.h 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh.h 2015-06-12 23:20:59.470588438 +0200 ++++ openssl-1.0.2c/crypto/dh/dh.h 2015-06-12 23:21:28.254934135 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -377,10 +377,10 @@ Index: openssl-1.0.2a/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -Index: openssl-1.0.2a/crypto/dh/dh_key.c +Index: openssl-1.0.2c/crypto/dh/dh_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_key.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_key.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh_key.c 2015-06-12 23:20:59.471588450 +0200 ++++ openssl-1.0.2c/crypto/dh/dh_key.c 2015-06-12 23:21:28.254934135 +0200 @@ -61,6 +61,9 @@ #include #include @@ -448,10 +448,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2a/crypto/dh/dh_lib.c +Index: openssl-1.0.2c/crypto/dh/dh_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dh/dh_lib.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_lib.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dh/dh_lib.c 2015-06-12 23:20:59.471588450 +0200 ++++ openssl-1.0.2c/crypto/dh/dh_lib.c 2015-06-12 23:21:28.255934147 +0200 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -467,10 +467,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.2a/crypto/dsa/dsa_err.c +Index: openssl-1.0.2c/crypto/dsa/dsa_err.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_err.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_err.c 2015-05-24 12:53:19.135111211 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_err.c 2015-06-12 23:20:59.471588450 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_err.c 2015-06-12 23:21:28.255934147 +0200 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -489,10 +489,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c +Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_gen.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_gen.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_gen.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_gen.c 2015-06-12 23:21:28.255934147 +0200 @@ -91,6 +91,16 @@ # include # endif @@ -716,7 +716,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c if (!BN_GENCB_call(cb, 0, m++)) goto err; -@@ -212,29 +291,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -213,29 +292,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ * be bad */ } memcpy(buf, seed, qsize); @@ -749,7 +749,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); if (r > 0) -@@ -242,8 +310,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -243,8 +311,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (r != 0) goto err; @@ -758,7 +758,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c } if (!BN_GENCB_call(cb, 2, 0)) -@@ -251,19 +317,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -252,19 +318,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 3, 0)) goto err; @@ -781,7 +781,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c for (k = 0; k <= n; k++) { /* * obtain "SEED + offset + k" by incrementing: -@@ -277,36 +340,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -278,36 +341,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) goto err; @@ -827,7 +827,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); if (r > 0) goto end; /* found it */ -@@ -314,12 +378,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -315,12 +379,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ goto err; } @@ -843,7 +843,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c break; } } -@@ -327,7 +391,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -328,7 +392,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 2, 1)) goto err; @@ -878,7 +878,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c /* Set r0=(p-1)/q */ if (!BN_sub(test, p, BN_value_one())) goto err; -@@ -356,46 +446,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -357,46 +447,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ ok = 1; err: if (ok) { @@ -925,7 +925,7 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c /* * This is a parameter generation algorithm for the DSA2 algorithm as * described in FIPS 186-3. -@@ -421,14 +479,6 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -422,14 +480,6 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX mctx; unsigned int h = 2; @@ -940,10 +940,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_gen.c EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -Index: openssl-1.0.2a/crypto/dsa/dsa.h +Index: openssl-1.0.2c/crypto/dsa/dsa.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa.h 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa.h 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa.h 2015-06-12 23:21:28.255934147 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -1011,10 +1011,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -Index: openssl-1.0.2a/crypto/dsa/dsa_key.c +Index: openssl-1.0.2c/crypto/dsa/dsa_key.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_key.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_key.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_key.c 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_key.c 2015-06-12 23:21:28.256934159 +0200 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1090,10 +1090,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_key.c ok = 1; err: -Index: openssl-1.0.2a/crypto/dsa/dsa_lib.c +Index: openssl-1.0.2c/crypto/dsa/dsa_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_lib.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_lib.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_lib.c 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_lib.c 2015-06-12 23:21:28.256934159 +0200 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1109,10 +1109,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h +Index: openssl-1.0.2c/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_locl.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_locl.h 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_locl.h 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_locl.h 2015-06-12 23:21:28.256934159 +0200 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1122,10 +1122,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -Index: openssl-1.0.2a/crypto/dsa/dsa_ossl.c +Index: openssl-1.0.2c/crypto/dsa/dsa_ossl.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_ossl.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_ossl.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_ossl.c 2015-06-12 23:20:59.472588462 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_ossl.c 2015-06-12 23:21:28.256934159 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1194,10 +1194,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_ossl.c dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.2c/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsa_pmeth.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsa_pmeth.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsa_pmeth.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsa_pmeth.c 2015-06-12 23:21:28.256934159 +0200 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1207,10 +1207,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.2a/crypto/dsa/dsatest.c +Index: openssl-1.0.2c/crypto/dsa/dsatest.c =================================================================== ---- openssl-1.0.2a.orig/crypto/dsa/dsatest.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/dsa/dsatest.c 2015-05-24 12:53:19.136111225 +0200 +--- openssl-1.0.2c.orig/crypto/dsa/dsatest.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/dsa/dsatest.c 2015-06-12 23:21:28.256934159 +0200 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1294,10 +1294,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsatest.c goto end; } if (h != 2) { -Index: openssl-1.0.2a/crypto/engine/eng_all.c +Index: openssl-1.0.2c/crypto/engine/eng_all.c =================================================================== ---- openssl-1.0.2a.orig/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/engine/eng_all.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/engine/eng_all.c 2015-06-12 23:21:28.256934159 +0200 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1324,10 +1324,10 @@ Index: openssl-1.0.2a/crypto/engine/eng_all.c #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -Index: openssl-1.0.2a/crypto/evp/c_allc.c +Index: openssl-1.0.2c/crypto/evp/c_allc.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/c_allc.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/c_allc.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/c_allc.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/evp/c_allc.c 2015-06-12 23:21:28.257934171 +0200 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1404,10 +1404,10 @@ Index: openssl-1.0.2a/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.2a/crypto/evp/c_alld.c +Index: openssl-1.0.2c/crypto/evp/c_alld.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/c_alld.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/c_alld.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/c_alld.c 2015-06-12 23:20:59.473588474 +0200 ++++ openssl-1.0.2c/crypto/evp/c_alld.c 2015-06-12 23:21:28.257934171 +0200 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1513,10 +1513,10 @@ Index: openssl-1.0.2a/crypto/evp/c_alld.c + } #endif } -Index: openssl-1.0.2a/crypto/evp/digest.c +Index: openssl-1.0.2c/crypto/evp/digest.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/digest.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/digest.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/digest.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/digest.c 2015-06-12 23:21:28.257934171 +0200 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1675,11 +1675,11 @@ Index: openssl-1.0.2a/crypto/evp/digest.c memset(ctx, '\0', sizeof *ctx); return 1; -Index: openssl-1.0.2a/crypto/evp/e_aes.c +Index: openssl-1.0.2c/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_aes.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/e_aes.c 2015-05-24 12:53:19.137111240 +0200 -@@ -59,9 +59,6 @@ +--- openssl-1.0.2c.orig/crypto/evp/e_aes.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/e_aes.c 2015-06-12 23:21:28.257934171 +0200 +@@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1689,7 +1689,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c typedef struct { union { double align; -@@ -1158,6 +1155,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -1159,6 +1156,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * case EVP_CTRL_GCM_SET_IVLEN: if (arg <= 0) return 0; @@ -1701,7 +1701,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != c->iv) -@@ -1726,6 +1728,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1727,6 +1729,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; @@ -1716,10 +1716,10 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -Index: openssl-1.0.2a/crypto/evp/e_des3.c +Index: openssl-1.0.2c/crypto/evp/e_des3.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_des3.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/e_des3.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/e_des3.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/e_des3.c 2015-06-12 23:21:28.258934183 +0200 @@ -65,10 +65,6 @@ # include # include @@ -1731,10 +1731,10 @@ Index: openssl-1.0.2a/crypto/evp/e_des3.c typedef struct { union { double align; -Index: openssl-1.0.2a/crypto/evp/e_null.c +Index: openssl-1.0.2c/crypto/evp/e_null.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/e_null.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/e_null.c 2015-05-24 12:53:19.137111240 +0200 +--- openssl-1.0.2c.orig/crypto/evp/e_null.c 2015-06-12 23:20:59.474588486 +0200 ++++ openssl-1.0.2c/crypto/evp/e_null.c 2015-06-12 23:21:28.258934183 +0200 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1744,10 +1744,10 @@ Index: openssl-1.0.2a/crypto/evp/e_null.c null_init_key, null_cipher, NULL, -Index: openssl-1.0.2a/crypto/evp/evp_enc.c +Index: openssl-1.0.2c/crypto/evp/evp_enc.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_enc.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp_enc.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/evp_enc.c 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/crypto/evp/evp_enc.c 2015-06-12 23:21:28.258934183 +0200 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1915,11 +1915,11 @@ Index: openssl-1.0.2a/crypto/evp/evp_enc.c memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.2a/crypto/evp/evp.h +Index: openssl-1.0.2c/crypto/evp/evp.h =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp.h 2015-05-24 12:53:19.138111254 +0200 -@@ -123,6 +123,10 @@ +--- openssl-1.0.2c.orig/crypto/evp/evp.h 2015-06-12 23:20:59.475588498 +0200 ++++ openssl-1.0.2c/crypto/evp/evp.h 2015-06-12 23:21:28.258934183 +0200 +@@ -122,6 +122,10 @@ extern "C" { #endif @@ -1930,7 +1930,7 @@ Index: openssl-1.0.2a/crypto/evp/evp.h /* * Type needs to be a bit field Sub-type needs to be for variations on the * method, as in, can it do arbitrary encryption.... -@@ -286,11 +290,6 @@ struct env_md_ctx_st { +@@ -285,11 +289,6 @@ struct env_md_ctx_st { * cleaned */ # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ @@ -1942,7 +1942,7 @@ Index: openssl-1.0.2a/crypto/evp/evp.h # define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS * digest in FIPS mode */ -@@ -303,6 +302,10 @@ struct env_md_ctx_st { +@@ -302,6 +301,10 @@ struct env_md_ctx_st { # define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ # define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ @@ -1953,7 +1953,7 @@ Index: openssl-1.0.2a/crypto/evp/evp.h # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ -@@ -364,15 +367,15 @@ struct evp_cipher_st { +@@ -363,15 +366,15 @@ struct evp_cipher_st { /* cipher handles random key generation */ # define EVP_CIPH_RAND_KEY 0x200 /* cipher has its own additional copying logic */ @@ -1972,10 +1972,10 @@ Index: openssl-1.0.2a/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -Index: openssl-1.0.2a/crypto/evp/evp_lib.c +Index: openssl-1.0.2c/crypto/evp/evp_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_lib.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp_lib.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/evp_lib.c 2015-06-12 23:20:59.475588498 +0200 ++++ openssl-1.0.2c/crypto/evp/evp_lib.c 2015-06-12 23:21:28.258934183 +0200 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -2061,10 +2061,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_lib.c return md->flags; } -Index: openssl-1.0.2a/crypto/evp/evp_locl.h +Index: openssl-1.0.2c/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/evp_locl.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/evp_locl.h 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/evp_locl.h 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/evp_locl.h 2015-06-12 23:21:28.259934195 +0200 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2098,10 +2098,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_locl.h # define Camellia_set_key private_Camellia_set_key #endif -Index: openssl-1.0.2a/crypto/evp/m_dss.c +Index: openssl-1.0.2c/crypto/evp/m_dss.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_dss.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_dss.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_dss.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_dss.c 2015-06-12 23:21:28.259934195 +0200 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2111,10 +2111,10 @@ Index: openssl-1.0.2a/crypto/evp/m_dss.c init, update, final, -Index: openssl-1.0.2a/crypto/evp/m_dss1.c +Index: openssl-1.0.2c/crypto/evp/m_dss1.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_dss1.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_dss1.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_dss1.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_dss1.c 2015-06-12 23:21:28.259934195 +0200 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2124,10 +2124,10 @@ Index: openssl-1.0.2a/crypto/evp/m_dss1.c init, update, final, -Index: openssl-1.0.2a/crypto/evp/m_md2.c +Index: openssl-1.0.2c/crypto/evp/m_md2.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_md2.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_md2.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_md2.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_md2.c 2015-06-12 23:21:28.259934195 +0200 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2136,10 +2136,10 @@ Index: openssl-1.0.2a/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { -Index: openssl-1.0.2a/crypto/evp/m_sha1.c +Index: openssl-1.0.2c/crypto/evp/m_sha1.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/m_sha1.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_sha1.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/m_sha1.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/m_sha1.c 2015-06-12 23:21:28.259934195 +0200 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2190,10 +2190,10 @@ Index: openssl-1.0.2a/crypto/evp/m_sha1.c init512, update512, final512, -Index: openssl-1.0.2a/crypto/evp/p_sign.c +Index: openssl-1.0.2c/crypto/evp/p_sign.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/p_sign.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/p_sign.c 2015-05-24 12:53:19.138111254 +0200 +--- openssl-1.0.2c.orig/crypto/evp/p_sign.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/p_sign.c 2015-06-12 23:21:28.259934195 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2225,10 +2225,10 @@ Index: openssl-1.0.2a/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.2a/crypto/evp/p_verify.c +Index: openssl-1.0.2c/crypto/evp/p_verify.c =================================================================== ---- openssl-1.0.2a.orig/crypto/evp/p_verify.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/p_verify.c 2015-05-24 12:53:19.139111269 +0200 +--- openssl-1.0.2c.orig/crypto/evp/p_verify.c 2015-06-12 23:20:59.476588510 +0200 ++++ openssl-1.0.2c/crypto/evp/p_verify.c 2015-06-12 23:21:28.259934195 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2260,10 +2260,10 @@ Index: openssl-1.0.2a/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.2a/crypto/fips/fips_aes_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_aes_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_aes_selftest.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_aes_selftest.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2630,10 +2630,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_aes_selftest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips.c +Index: openssl-1.0.2c/crypto/fips/fips.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3118,10 +3118,10 @@ Index: openssl-1.0.2a/crypto/fips/fips.c +# endif + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_cmac_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_cmac_selftest.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3279,10 +3279,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_cmac_selftest.c + return rv; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_des_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_des_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_des_selftest.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_des_selftest.c 2015-06-12 23:21:28.260934207 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3422,10 +3422,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_des_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_drbg_ctr.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_ctr.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3842,10 +3842,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_ctr.c + + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_hash.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_hash.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_hash.c 2015-05-24 12:53:19.139111269 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_hash.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4205,10 +4205,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_hash.c + + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_hmac.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_hmac.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4480,10 +4480,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_hmac.c + + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_lib.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_lib.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_lib.c 2015-06-12 23:21:28.261934219 +0200 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5038,10 +5038,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_rand.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_rand.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_rand.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_rand.c 2015-06-12 23:21:28.262934231 +0200 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5209,10 +5209,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_rand.c +{ + return &rand_drbg_meth; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_selftest.c 2015-05-24 12:53:19.140111283 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c 2015-06-12 23:21:28.262934231 +0200 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6041,10 +6041,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.c + FIPS_drbg_free(dctx); + return rv; +} -Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.h +Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_drbg_selftest.h 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h 2015-06-12 23:21:28.263934243 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7837,10 +7837,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_drbg_selftest.h + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -Index: openssl-1.0.2a/crypto/fips/fips_dsa_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_dsa_selftest.c 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c 2015-06-12 23:21:28.263934243 +0200 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8034,10 +8034,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_dsa_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_enc.c +Index: openssl-1.0.2c/crypto/fips/fips_enc.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_enc.c 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_enc.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8228,10 +8228,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_enc.c + + } +} -Index: openssl-1.0.2a/crypto/fips/fips.h +Index: openssl-1.0.2c/crypto/fips/fips.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips.h 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8511,10 +8511,10 @@ Index: openssl-1.0.2a/crypto/fips/fips.h +} +# endif +#endif -Index: openssl-1.0.2a/crypto/fips/fips_hmac_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_hmac_selftest.c 2015-05-24 12:53:19.141111297 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8650,10 +8650,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_hmac_selftest.c + return 1; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_locl.h +Index: openssl-1.0.2c/crypto/fips/fips_locl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_locl.h 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_locl.h 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8726,10 +8726,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_locl.h +} +# endif +#endif -Index: openssl-1.0.2a/crypto/fips/fips_md.c +Index: openssl-1.0.2c/crypto/fips/fips_md.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_md.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_md.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8875,10 +8875,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_md.c + return NULL; + } +} -Index: openssl-1.0.2a/crypto/fips/fips_post.c +Index: openssl-1.0.2c/crypto/fips/fips_post.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_post.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_post.c 2015-06-12 23:21:28.264934255 +0200 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9081,10 +9081,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_post.c + return 1; +} +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rand.c +Index: openssl-1.0.2c/crypto/fips/fips_rand.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand.c 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9514,10 +9514,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rand.h +Index: openssl-1.0.2c/crypto/fips/fips_rand.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand.h 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand.h 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9682,10 +9682,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand.h +# endif +# endif +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rand_lcl.h +Index: openssl-1.0.2c/crypto/fips/fips_rand_lcl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand_lcl.h 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand_lcl.h 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9900,10 +9900,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.2a/crypto/fips/fips_rand_lib.c +Index: openssl-1.0.2c/crypto/fips/fips_rand_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand_lib.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand_lib.c 2015-06-12 23:21:28.265934267 +0200 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10086,10 +10086,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand_lib.c + } + return 0; +} -Index: openssl-1.0.2a/crypto/fips/fips_rand_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_rand_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rand_selftest.c 2015-05-24 12:53:19.142111312 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rand_selftest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10267,10 +10267,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rand_selftest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_randtest.c +Index: openssl-1.0.2c/crypto/fips/fips_randtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_randtest.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_randtest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10519,10 +10519,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_randtest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10968,10 +10968,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c +} + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.2a/crypto/fips/fips_rsa_x931g.c +Index: openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_rsa_x931g.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11246,10 +11246,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_rsa_x931g.c + return 0; + +} -Index: openssl-1.0.2a/crypto/fips/fips_sha_selftest.c +Index: openssl-1.0.2c/crypto/fips/fips_sha_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_sha_selftest.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_sha_selftest.c 2015-06-12 23:21:28.266934279 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11396,10 +11396,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_sha_selftest.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/fips_standalone_hmac.c +Index: openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_standalone_hmac.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c 2015-06-12 23:21:28.267934291 +0200 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11669,10 +11669,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_standalone_hmac.c +#endif + return 0; +} -Index: openssl-1.0.2a/crypto/fips/fips_test_suite.c +Index: openssl-1.0.2c/crypto/fips/fips_test_suite.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/fips_test_suite.c 2015-05-24 12:53:19.143111326 +0200 ++++ openssl-1.0.2c/crypto/fips/fips_test_suite.c 2015-06-12 23:21:28.267934291 +0200 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12313,10 +12313,10 @@ Index: openssl-1.0.2a/crypto/fips/fips_test_suite.c +} + +#endif -Index: openssl-1.0.2a/crypto/fips/Makefile +Index: openssl-1.0.2c/crypto/fips/Makefile =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2a/crypto/fips/Makefile 2015-05-24 12:53:19.144111341 +0200 ++++ openssl-1.0.2c/crypto/fips/Makefile 2015-06-12 23:21:28.267934291 +0200 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12659,10 +12659,10 @@ Index: openssl-1.0.2a/crypto/fips/Makefile +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.2a/crypto/hmac/hmac.c +Index: openssl-1.0.2c/crypto/hmac/hmac.c =================================================================== ---- openssl-1.0.2a.orig/crypto/hmac/hmac.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/hmac/hmac.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/hmac/hmac.c 2015-06-12 16:51:27.000000000 +0200 ++++ openssl-1.0.2c/crypto/hmac/hmac.c 2015-06-12 23:22:24.640611438 +0200 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12675,9 +12675,9 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c - return FIPS_hmac_init_ex(ctx, key, len, md, NULL); } #endif - -@@ -105,6 +99,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo - md = ctx->md; + /* If we are changing MD then we must have a key */ +@@ -111,6 +105,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo + } if (key != NULL) { +#ifdef OPENSSL_FIPS @@ -12690,7 +12690,7 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -@@ -157,10 +158,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void +@@ -164,10 +165,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { @@ -12698,10 +12698,10 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c - if (FIPS_mode() && !ctx->i_ctx.engine) - return FIPS_hmac_update(ctx, data, len); -#endif - return EVP_DigestUpdate(&ctx->md_ctx, data, len); - } + if (!ctx->md) + return 0; -@@ -168,10 +165,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c +@@ -178,10 +175,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c { unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; @@ -12710,9 +12710,9 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c - return FIPS_hmac_final(ctx, md, len); -#endif - if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) + if (!ctx->md) goto err; -@@ -211,12 +204,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C +@@ -225,12 +218,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C void HMAC_CTX_cleanup(HMAC_CTX *ctx) { @@ -12725,10 +12725,10 @@ Index: openssl-1.0.2a/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.2a/crypto/mdc2/mdc2dgst.c +Index: openssl-1.0.2c/crypto/mdc2/mdc2dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/mdc2/mdc2dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/mdc2/mdc2dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/mdc2/mdc2dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/mdc2/mdc2dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12738,10 +12738,10 @@ Index: openssl-1.0.2a/crypto/mdc2/mdc2dgst.c { c->num = 0; c->pad_type = 1; -Index: openssl-1.0.2a/crypto/md2/md2_dgst.c +Index: openssl-1.0.2c/crypto/md2/md2_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/md2/md2_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/md2/md2_dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/md2/md2_dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/md2/md2_dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -62,6 +62,11 @@ #include #include @@ -12763,10 +12763,10 @@ Index: openssl-1.0.2a/crypto/md2/md2_dgst.c { c->num = 0; memset(c->state, 0, sizeof c->state); -Index: openssl-1.0.2a/crypto/md4/md4_dgst.c +Index: openssl-1.0.2c/crypto/md4/md4_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/md4/md4_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/md4/md4_dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/md4/md4_dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/md4/md4_dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12776,10 +12776,10 @@ Index: openssl-1.0.2a/crypto/md4/md4_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2a/crypto/md5/md5_dgst.c +Index: openssl-1.0.2c/crypto/md5/md5_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/md5/md5_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/md5/md5_dgst.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/md5/md5_dgst.c 2015-06-12 23:20:59.483588594 +0200 ++++ openssl-1.0.2c/crypto/md5/md5_dgst.c 2015-06-12 23:21:28.268934303 +0200 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12789,10 +12789,10 @@ Index: openssl-1.0.2a/crypto/md5/md5_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2a/crypto/o_fips.c +Index: openssl-1.0.2c/crypto/o_fips.c =================================================================== ---- openssl-1.0.2a.orig/crypto/o_fips.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/o_fips.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/o_fips.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/o_fips.c 2015-06-12 23:21:28.268934303 +0200 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12802,10 +12802,10 @@ Index: openssl-1.0.2a/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.2a/crypto/o_init.c +Index: openssl-1.0.2c/crypto/o_init.c =================================================================== ---- openssl-1.0.2a.orig/crypto/o_init.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/o_init.c 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/o_init.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/o_init.c 2015-06-12 23:21:28.268934303 +0200 @@ -56,8 +56,37 @@ #include #include @@ -12875,10 +12875,10 @@ Index: openssl-1.0.2a/crypto/o_init.c +{ + OPENSSL_init_library(); +} -Index: openssl-1.0.2a/crypto/opensslconf.h.in +Index: openssl-1.0.2c/crypto/opensslconf.h.in =================================================================== ---- openssl-1.0.2a.orig/crypto/opensslconf.h.in 2015-01-20 13:33:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/opensslconf.h.in 2015-05-24 12:53:19.144111341 +0200 +--- openssl-1.0.2c.orig/crypto/opensslconf.h.in 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/opensslconf.h.in 2015-06-12 23:21:28.268934303 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12900,10 +12900,10 @@ Index: openssl-1.0.2a/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.2a/crypto/rand/md_rand.c +Index: openssl-1.0.2c/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rand/md_rand.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rand/md_rand.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rand/md_rand.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/rand/md_rand.c 2015-06-12 23:21:28.269934315 +0200 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12916,10 +12916,10 @@ Index: openssl-1.0.2a/crypto/rand/md_rand.c RAND_poll(); initialized = 1; } -Index: openssl-1.0.2a/crypto/rand/rand.h +Index: openssl-1.0.2c/crypto/rand/rand.h =================================================================== ---- openssl-1.0.2a.orig/crypto/rand/rand.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rand/rand.h 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rand/rand.h 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/rand/rand.h 2015-06-12 23:21:28.269934315 +0200 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12960,10 +12960,10 @@ Index: openssl-1.0.2a/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.2a/crypto/ripemd/rmd_dgst.c +Index: openssl-1.0.2c/crypto/ripemd/rmd_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/ripemd/rmd_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ripemd/rmd_dgst.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/ripemd/rmd_dgst.c 2015-06-12 23:20:59.484588606 +0200 ++++ openssl-1.0.2c/crypto/ripemd/rmd_dgst.c 2015-06-12 23:21:28.269934315 +0200 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12973,10 +12973,10 @@ Index: openssl-1.0.2a/crypto/ripemd/rmd_dgst.c { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -Index: openssl-1.0.2a/crypto/rsa/rsa_crpt.c +Index: openssl-1.0.2c/crypto/rsa/rsa_crpt.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_crpt.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_crpt.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_crpt.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_crpt.c 2015-06-12 23:21:28.269934315 +0200 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -13003,10 +13003,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.2a/crypto/rsa/rsa_eay.c +Index: openssl-1.0.2c/crypto/rsa/rsa_eay.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_eay.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_eay.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_eay.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_eay.c 2015-06-12 23:21:28.269934315 +0200 @@ -114,6 +114,10 @@ #include #include @@ -13129,10 +13129,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_eay.c rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -Index: openssl-1.0.2a/crypto/rsa/rsa_err.c +Index: openssl-1.0.2c/crypto/rsa/rsa_err.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_err.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_err.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_err.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_err.c 2015-06-12 23:21:28.270934327 +0200 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13142,10 +13142,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -Index: openssl-1.0.2a/crypto/rsa/rsa_gen.c +Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_gen.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_gen.c 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_gen.c 2015-06-12 23:20:59.485588618 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_gen.c 2015-06-12 23:21:28.270934327 +0200 @@ -69,6 +69,80 @@ #include #ifdef OPENSSL_FIPS @@ -13285,10 +13285,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_gen.c ok = 1; err: if (ok == -1) { -Index: openssl-1.0.2a/crypto/rsa/rsa.h +Index: openssl-1.0.2c/crypto/rsa/rsa.h =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa.h 2015-05-24 12:53:19.145111355 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa.h 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa.h 2015-06-12 23:21:28.270934327 +0200 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13385,10 +13385,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -Index: openssl-1.0.2a/crypto/rsa/rsa_lib.c +Index: openssl-1.0.2c/crypto/rsa/rsa_lib.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_lib.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_lib.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_lib.c 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_lib.c 2015-06-12 23:21:28.270934327 +0200 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13461,10 +13461,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.2c/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_pmeth.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_pmeth.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_pmeth.c 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_pmeth.c 2015-06-12 23:21:28.271934339 +0200 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13486,7 +13486,7 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c if (EVP_MD_type(rctx->md) == NID_mdc2) { unsigned int sltmp; -@@ -353,17 +339,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX +@@ -359,17 +345,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX } #endif if (rctx->md) { @@ -13504,10 +13504,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.2a/crypto/rsa/rsa_sign.c +Index: openssl-1.0.2c/crypto/rsa/rsa_sign.c =================================================================== ---- openssl-1.0.2a.orig/crypto/rsa/rsa_sign.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/rsa/rsa_sign.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/rsa/rsa_sign.c 2015-06-12 23:20:59.486588631 +0200 ++++ openssl-1.0.2c/crypto/rsa/rsa_sign.c 2015-06-12 23:21:28.271934339 +0200 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13546,10 +13546,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_sign.c if (i <= 0) goto err; -Index: openssl-1.0.2a/crypto/sha/sha.h +Index: openssl-1.0.2c/crypto/sha/sha.h =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha.h 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha.h 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha.h 2015-06-12 23:21:28.271934339 +0200 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13592,10 +13592,10 @@ Index: openssl-1.0.2a/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.2a/crypto/sha/sha_locl.h +Index: openssl-1.0.2c/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha_locl.h 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha_locl.h 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha_locl.h 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha_locl.h 2015-06-12 23:21:28.271934339 +0200 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13612,10 +13612,10 @@ Index: openssl-1.0.2a/crypto/sha/sha_locl.h memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -Index: openssl-1.0.2a/crypto/sha/sha256.c +Index: openssl-1.0.2c/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha256.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha256.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha256.c 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha256.c 2015-06-12 23:21:28.272934351 +0200 @@ -12,12 +12,19 @@ # include @@ -13646,10 +13646,10 @@ Index: openssl-1.0.2a/crypto/sha/sha256.c memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -Index: openssl-1.0.2a/crypto/sha/sha512.c +Index: openssl-1.0.2c/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.2a.orig/crypto/sha/sha512.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/sha/sha512.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/sha/sha512.c 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/sha/sha512.c 2015-06-12 23:21:28.272934351 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13681,10 +13681,10 @@ Index: openssl-1.0.2a/crypto/sha/sha512.c c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.2a/crypto/whrlpool/wp_dgst.c +Index: openssl-1.0.2c/crypto/whrlpool/wp_dgst.c =================================================================== ---- openssl-1.0.2a.orig/crypto/whrlpool/wp_dgst.c 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/whrlpool/wp_dgst.c 2015-05-24 12:53:19.146111370 +0200 +--- openssl-1.0.2c.orig/crypto/whrlpool/wp_dgst.c 2015-06-12 23:20:59.487588643 +0200 ++++ openssl-1.0.2c/crypto/whrlpool/wp_dgst.c 2015-06-12 23:21:28.272934351 +0200 @@ -55,7 +55,7 @@ #include #include @@ -13694,10 +13694,10 @@ Index: openssl-1.0.2a/crypto/whrlpool/wp_dgst.c { memset(c, 0, sizeof(*c)); return (1); -Index: openssl-1.0.2a/Makefile.org +Index: openssl-1.0.2c/Makefile.org =================================================================== ---- openssl-1.0.2a.orig/Makefile.org 2015-05-24 12:53:19.122111022 +0200 -+++ openssl-1.0.2a/Makefile.org 2015-05-24 12:53:19.147111384 +0200 +--- openssl-1.0.2c.orig/Makefile.org 2015-06-12 23:20:59.488588654 +0200 ++++ openssl-1.0.2c/Makefile.org 2015-06-12 23:21:28.272934351 +0200 @@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -13725,10 +13725,10 @@ Index: openssl-1.0.2a/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.2a/ssl/ssl_algs.c +Index: openssl-1.0.2c/ssl/ssl_algs.c =================================================================== ---- openssl-1.0.2a.orig/ssl/ssl_algs.c 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/ssl/ssl_algs.c 2015-05-24 12:53:19.147111384 +0200 +--- openssl-1.0.2c.orig/ssl/ssl_algs.c 2015-06-12 23:20:59.488588654 +0200 ++++ openssl-1.0.2c/ssl/ssl_algs.c 2015-06-12 23:21:28.273934363 +0200 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2a.tar.gz b/openssl-1.0.2a.tar.gz deleted file mode 100644 index 4d3b4e0..0000000 --- a/openssl-1.0.2a.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a -size 5262089 diff --git a/openssl-1.0.2a.tar.gz.asc b/openssl-1.0.2a.tar.gz.asc deleted file mode 100644 index 21bf08e..0000000 --- a/openssl-1.0.2a.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJVCs+pAAoJENnE0m0OYESRFCAH+gLn6G4l1HY1R6agC3WYf8Xj -iTUFCJnwHN1jSgF9edLxASDS5DJ9kstEu1xyswdJT4jumFusxgnrDkqorN0K50Xe -PlflZyRdr8Fkg9M3pYkRZ7hxvZszmdx53hnuYTZ5m4C/8EUd12icAHhho8M0ks+E -rT1VfVKfX7iD9MIgLJ+9ZVGWUdUH/1RsQPPEWPWed5TCQUmilvm6Ygz2LsTKYQSQ -TOvhCMCnWl6gVrc3o0AlrgHRL01dq6kMwNSnvC09Iby/C3N+b7VbOG3sZU/xTO/M -YhqFJOjGYk5W1SFJ4PNpM504sPo2N6uJ8pCgSa3chcqfvzSjFgKzAqI9CHv8BD4= -=mSK1 ------END PGP SIGNATURE----- diff --git a/openssl-1.0.2d.tar.gz b/openssl-1.0.2d.tar.gz new file mode 100644 index 0000000..c3859a1 --- /dev/null +++ b/openssl-1.0.2d.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 +size 5295447 diff --git a/openssl-1.0.2d.tar.gz.asc b/openssl-1.0.2d.tar.gz.asc new file mode 100644 index 0000000..72fe5b8 --- /dev/null +++ b/openssl-1.0.2d.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+ +0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr +qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ +uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku +6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq +54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y= +=U3sw +-----END PGP SIGNATURE----- diff --git a/openssl-fix_invalid_manpage_name.patch b/openssl-fix_invalid_manpage_name.patch deleted file mode 100644 index 9841c79..0000000 --- a/openssl-fix_invalid_manpage_name.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: openssl-1.0.2a/doc/ssl/SSL_CTX_use_serverinfo.pod -=================================================================== ---- openssl-1.0.2a.orig/doc/ssl/SSL_CTX_use_serverinfo.pod 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/doc/ssl/SSL_CTX_use_serverinfo.pod 2015-05-29 11:33:45.390463069 +0200 -@@ -2,7 +2,7 @@ - - =head1 NAME - --SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file -+SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - load serverinfo - - =head1 SYNOPSIS - diff --git a/openssl.changes b/openssl.changes index 6fb4bdf..9e58e34 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,66 @@ +------------------------------------------------------------------- +Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com + +- update to 1.0.2d + * fixes CVE-2015-1793 (bsc#936746) + + Alternate chains certificate forgery + + During certificate verfification, OpenSSL will attempt to find an + alternative certificate chain if the first attempt to build such a chain + fails. An error in the implementation of this logic can mean that an + attacker could cause certain checks on untrusted certificates to be + bypassed, such as the CA flag, enabling them to use a valid leaf + certificate to act as a CA and "issue" an invalid certificate. +- drop openssl-fix_invalid_manpage_name.patch (upstream) + +------------------------------------------------------------------- +Thu Jul 2 14:46:36 UTC 2015 - dvaleev@suse.com + +- Workaround debugit crash on ppc64le with gcc5 + bsc936563_hack.patch (bsc#936563) + +------------------------------------------------------------------- +Wed Jul 1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com + +- update merge_from_0.9.8k.patch replacing __LP64__ by __LP64 + this is a change versus previous request 309611 + required to avoid build error for ppc64 + +------------------------------------------------------------------- +Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org + +- Build with no-ssl3, for details on why this is needed read + rfc7568. Contrary to the "no-ssl2" option, this does not + require us to patch dependant packages as the relevant + functions are still available (SSLv3_(client|server)_method) + but will fail to negotiate. if removing SSL3 methods is desired + at a later time, option "no-ssl3-method" needs to be used. + +------------------------------------------------------------------- +Fri Jun 12 21:22:45 UTC 2015 - vcizek@suse.com + +- update to 1.0.2c + * Fix HMAC ABI incompatibility +- refreshed openssl-1.0.2a-fips.patch + +------------------------------------------------------------------- +Thu Jun 11 15:50:44 UTC 2015 - vcizek@suse.com + +- update to 1.0.2b + * Malformed ECParameters causes infinite loop (CVE-2015-1788) + * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + * CMS verify infinite loop with unknown hash function (CVE-2015-1792) + * Race condition handling NewSessionTicket (CVE-2015-1791) +- refreshed patches: + * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch + * 0001-libcrypto-Hide-library-private-symbols.patch + * openssl-1.0.2a-default-paths.patch + * openssl-1.0.2a-fips.patch + * compression_methods_switch.patch + * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch + ------------------------------------------------------------------- Sun May 24 12:13:14 UTC 2015 - vcizek@suse.com diff --git a/openssl.spec b/openssl.spec index 9e7f638..91270a0 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2a +Version: 1.0.2d Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -73,7 +73,7 @@ Patch34: openssl-fips-hidden.patch Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch -Patch39: openssl-fix_invalid_manpage_name.patch +Patch40: bsc936563_hack.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -184,12 +184,15 @@ this package's base documentation. %patch35 -p1 %patch37 -p1 %patch38 -p1 -%patch39 -p1 %if 0%{?suse_version} >= 1120 %patch3 %endif %patch8 -p1 %patch14 -p1 +#workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66728 +%ifarch ppc64le +%patch40 -p1 +%endif cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure" @@ -241,6 +244,7 @@ config_flags="threads shared no-rc5 no-idea \ fips \ %if 0%{suse_version} > 1310 no-ssl2 \ +no-ssl3 \ enable-rfc3779 \ %endif %ifarch x86_64 aarch64 ppc64le