diff --git a/CVE-2013-6449.patch b/CVE-2013-6449.patch deleted file mode 100644 index 05b5993..0000000 --- a/CVE-2013-6449.patch +++ /dev/null @@ -1,77 +0,0 @@ -Index: openssl-1.0.1e/ssl/s3_lib.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/s3_lib.c -+++ openssl-1.0.1e/ssl/s3_lib.c -@@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. - long ssl_get_algorithm2(SSL *s) - { - long alg2 = s->s3->tmp.new_cipher->algorithm2; -- if (TLS1_get_version(s) >= TLS1_2_VERSION && -+ if (s->method->version == TLS1_2_VERSION && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; -Index: openssl-1.0.1e/ssl/s3_both.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/s3_both.c -+++ openssl-1.0.1e/ssl/s3_both.c -@@ -161,6 +161,10 @@ int ssl3_send_finished(SSL *s, int a, in - - i=s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.finish_md); -+ -+ if (i == 0) -+ return 0; -+ - s->s3->tmp.finish_md_len = i; - memcpy(p, s->s3->tmp.finish_md, i); - p+=i; -Index: openssl-1.0.1e/ssl/s3_pkt.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/s3_pkt.c -+++ openssl-1.0.1e/ssl/s3_pkt.c -@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s) - slen=s->method->ssl3_enc->client_finished_label_len; - } - -- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, -+ i = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); -+ if (i == 0) -+ { -+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ s->s3->tmp.peer_finish_md_len = i; - - return(1); - } -Index: openssl-1.0.1e/ssl/t1_enc.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/t1_enc.c -+++ openssl-1.0.1e/ssl/t1_enc.c -@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s, - if (mask & ssl_get_algorithm2(s)) - { - int hashsize = EVP_MD_size(md); -- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) -+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; -+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) - { - /* internal error: 'buf' is too small for this cipersuite! */ - err = 1; - } - else - { -- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); -- EVP_DigestFinal_ex(&ctx,q,&i); -- if (i != (unsigned int)hashsize) /* can't really happen */ -+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || -+ !EVP_DigestFinal_ex(&ctx,q,&i) || -+ (i != (unsigned int)hashsize)) - err = 1; -- q+=i; -+ q+=hashsize; - } - } - } diff --git a/CVE-2013-6450.patch b/CVE-2013-6450.patch deleted file mode 100644 index fde93f1..0000000 --- a/CVE-2013-6450.patch +++ /dev/null @@ -1,60 +0,0 @@ -Index: openssl-1.0.1e/ssl/d1_both.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/d1_both.c -+++ openssl-1.0.1e/ssl/d1_both.c -@@ -214,6 +214,11 @@ dtls1_hm_fragment_new(unsigned long frag - static void - dtls1_hm_fragment_free(hm_fragment *frag) - { -+ if (frag->msg_header.is_ccs) -+ { -+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); -+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); -+ } - if (frag->fragment) OPENSSL_free(frag->fragment); - if (frag->reassembly) OPENSSL_free(frag->reassembly); - OPENSSL_free(frag); -Index: openssl-1.0.1e/ssl/ssl_locl.h -=================================================================== ---- openssl-1.0.1e.orig/ssl/ssl_locl.h -+++ openssl-1.0.1e/ssl/ssl_locl.h -@@ -625,6 +625,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; - extern SSL3_ENC_METHOD SSLv3_enc_data; - extern SSL3_ENC_METHOD DTLSv1_enc_data; - -+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) -+ - #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ - s_get_meth) \ - const SSL_METHOD *func_name(void) \ -Index: openssl-1.0.1e/ssl/t1_enc.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/t1_enc.c -+++ openssl-1.0.1e/ssl/t1_enc.c -@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int - s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; - else - s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; -- if (s->enc_write_ctx != NULL) -+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) - reuse_dd = 1; -- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) -+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) - goto err; -- else -- /* make sure it's intialized in case we exit later with an error */ -- EVP_CIPHER_CTX_init(s->enc_write_ctx); - dd= s->enc_write_ctx; -- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); -+ if (SSL_IS_DTLS(s)) -+ { -+ mac_ctx = EVP_MD_CTX_create(); -+ if (!mac_ctx) -+ goto err; -+ s->write_hash = mac_ctx; -+ } -+ else -+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); - #ifndef OPENSSL_NO_COMP - if (s->compress != NULL) - { diff --git a/README-FIPS.txt b/README-FIPS.txt index 96df17a..671139c 100644 --- a/README-FIPS.txt +++ b/README-FIPS.txt @@ -51,15 +51,15 @@ differences. The cryptographic module as defined for FIPS-140-2 is contained in the files - /usr/lib64/.libcrypto.so.1.0.0.hmac - /usr/lib64/.libssl.so.1.0.0.hmac - /usr/lib64/libcrypto.so.1.0.0 - /usr/lib64/libssl.so.1.0.0 + /lib64/.libcrypto.so.1.0.0.hmac + /lib64/.libssl.so.1.0.0.hmac + /lib64/libcrypto.so.1.0.0 + /lib64/libssl.so.1.0.0 for 64bit operation and - /usr/lib/.libcrypto.so.1.0.0.hmac - /usr/lib/.libssl.so.1.0.0.hmac - /usr/lib/libcrypto.so.1.0.0 - /usr/lib/libssl.so.1.0.0 + /lib/.libcrypto.so.1.0.0.hmac + /lib/.libssl.so.1.0.0.hmac + /lib/libcrypto.so.1.0.0 + /lib/libssl.so.1.0.0 for 32bit. The .hmac files contain a HMAC for the internal integrity checking. They @@ -197,26 +197,26 @@ openssl libopenssl1_0_0 - files: - /usr/lib64/libcrypto.so.1.0.0 - /usr/lib64/libssl.so.1.0.0 - /usr/lib64/engines - /usr/lib64/engines/libcapi.so - /usr/lib64/engines/libgmp.so - /usr/lib64/engines/libgost.so - /usr/lib64/engines/libpadlock.so + /lib64/libcrypto.so.1.0.0 + /lib64/libssl.so.1.0.0 + /lib64/engines + /lib64/engines/libcapi.so + /lib64/engines/libgmp.so + /lib64/engines/libgost.so + /lib64/engines/libpadlock.so libopenssl1_0_0-hmac - files: - /usr/lib64/.libcrypto.so.1.0.0.hmac - /usr/lib64/.libssl.so.1.0.0.hmac + /lib64/.libcrypto.so.1.0.0.hmac + /lib64/.libssl.so.1.0.0.hmac libopenssl1_0_0-32bit - - files as in package libopenssl1_0_0, but in /usr/lib/. + - files as in package libopenssl1_0_0, but in /lib/. The .so libraries are for the 32bit compatibility mode of the openssl library. libopenssl1_0_0-hmac-32bit -- files as in package libopenssl1_0_0-hmac, but in /usr/lib/. +- files as in package libopenssl1_0_0-hmac, but in /lib/. libopenssl-devel - header files and static libraries for compiling applications with the diff --git a/SSL_get_certificate-broken.patch b/SSL_get_certificate-broken.patch deleted file mode 100644 index f74a976..0000000 --- a/SSL_get_certificate-broken.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: openssl-1.0.1e/ssl/ssl_lib.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/ssl_lib.c -+++ openssl-1.0.1e/ssl/ssl_lib.c -@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s) - /* Fix this function so that it takes an optional type parameter */ - X509 *SSL_get_certificate(const SSL *s) - { -- if (s->server) -- return(ssl_get_server_send_cert(s)); -- else if (s->cert != NULL) -+ if (s->cert != NULL) - return(s->cert->key->x509); - else - return(NULL); diff --git a/openssl-1.0.1e-bnc822642.patch b/openssl-1.0.1e-bnc822642.patch deleted file mode 100644 index 6042d81..0000000 --- a/openssl-1.0.1e-bnc822642.patch +++ /dev/null @@ -1,26 +0,0 @@ -commit 9fe4603b8245425a4c46986ed000fca054231253 -Author: David Woodhouse -Date: Tue Feb 12 14:55:32 2013 +0000 - - Check DTLS_BAD_VER for version number. - - The version check for DTLS1_VERSION was redundant as - DTLS1_VERSION > TLS1_1_VERSION, however we do need to - check for DTLS1_BAD_VER for compatibility. - - PR:2984 - (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) - -diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c -index 02edf3f..443a31e 100644 ---- a/ssl/s3_cbc.c -+++ b/ssl/s3_cbc.c -@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, - unsigned padding_length, good, to_check, i; - const unsigned overhead = 1 /* padding length byte */ + mac_size; - /* Check if version requires explicit IV */ -- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) -+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) - { - /* These lengths are all public so we can test them in - * non-constant time. diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch index dbc56d8..a4b3adf 100644 --- a/openssl-1.0.1e-fips.patch +++ b/openssl-1.0.1e-fips.patch @@ -1,7 +1,191 @@ -Index: openssl-1.0.1e/apps/pkcs12.c +--- + Configure | 11 + Makefile.org | 6 + apps/pkcs12.c | 8 + apps/speed.c | 45 + crypto/aes/aes_misc.c | 6 + crypto/camellia/cmll_locl.h | 5 + crypto/cmac/cmac.c | 20 + crypto/crypto.h | 18 + crypto/des/des.h | 3 + crypto/des/set_key.c | 7 + crypto/dh/dh.h | 2 + crypto/dh/dh_gen.c | 19 + crypto/dh/dh_key.c | 23 + crypto/dh/dh_lib.c | 7 + crypto/dsa/dsa.h | 26 + crypto/dsa/dsa_err.c | 4 + crypto/dsa/dsa_gen.c | 262 ++-- + crypto/dsa/dsa_key.c | 50 + crypto/dsa/dsa_lib.c | 7 + crypto/dsa/dsa_locl.h | 1 + crypto/dsa/dsa_ossl.c | 38 + crypto/dsa/dsa_pmeth.c | 2 + crypto/dsa/dsatest.c | 53 + crypto/engine/eng_all.c | 14 + crypto/evp/Makefile | 4 + crypto/evp/c_allc.c | 61 + crypto/evp/c_alld.c | 33 + crypto/evp/digest.c | 80 - + crypto/evp/e_aes.c | 6 + crypto/evp/e_des3.c | 27 + crypto/evp/e_null.c | 5 + crypto/evp/evp.h | 18 + crypto/evp/evp_enc.c | 86 + + crypto/evp/evp_lib.c | 3 + crypto/evp/evp_locl.h | 6 + crypto/evp/m_dss.c | 4 + crypto/evp/m_dss1.c | 5 + crypto/evp/m_md2.c | 1 + crypto/evp/m_sha1.c | 18 + crypto/evp/p_sign.c | 17 + crypto/evp/p_verify.c | 17 + crypto/fips/Makefile | 340 +++++ + crypto/fips/cavs/fips_aesavs.c | 939 ++++++++++++++ + crypto/fips/cavs/fips_cmactest.c | 517 ++++++++ + crypto/fips/cavs/fips_desmovs.c | 702 +++++++++++ + crypto/fips/cavs/fips_dhvs.c | 292 ++++ + crypto/fips/cavs/fips_drbgvs.c | 416 ++++++ + crypto/fips/cavs/fips_dssvs.c | 537 ++++++++ + crypto/fips/cavs/fips_gcmtest.c | 571 +++++++++ + crypto/fips/cavs/fips_rngvs.c | 230 +++ + crypto/fips/cavs/fips_rsagtest.c | 390 ++++++ + crypto/fips/cavs/fips_rsastest.c | 370 +++++ + crypto/fips/cavs/fips_rsavtest.c | 377 +++++ + crypto/fips/cavs/fips_shatest.c | 388 ++++++ + crypto/fips/cavs/fips_utl.h | 343 +++++ + crypto/fips/fips.c | 489 +++++++ + crypto/fips/fips.h | 279 ++++ + crypto/fips/fips_aes_selftest.c | 359 +++++ + crypto/fips/fips_cmac_selftest.c | 161 ++ + crypto/fips/fips_des_selftest.c | 147 ++ + crypto/fips/fips_drbg_ctr.c | 436 ++++++ + crypto/fips/fips_drbg_hash.c | 378 +++++ + crypto/fips/fips_drbg_hmac.c | 281 ++++ + crypto/fips/fips_drbg_lib.c | 578 +++++++++ + crypto/fips/fips_drbg_rand.c | 172 ++ + crypto/fips/fips_drbg_selftest.c | 862 +++++++++++++ + crypto/fips/fips_drbg_selftest.h | 2335 +++++++++++++++++++++++++++++++++++++ + crypto/fips/fips_dsa_selftest.c | 193 +++ + crypto/fips/fips_enc.c | 191 +++ + crypto/fips/fips_hmac_selftest.c | 137 ++ + crypto/fips/fips_locl.h | 71 + + crypto/fips/fips_md.c | 145 ++ + crypto/fips/fips_post.c | 205 +++ + crypto/fips/fips_rand.c | 457 +++++++ + crypto/fips/fips_rand.h | 145 ++ + crypto/fips/fips_rand_lcl.h | 219 +++ + crypto/fips/fips_rand_lib.c | 191 +++ + crypto/fips/fips_rand_selftest.c | 183 ++ + crypto/fips/fips_randtest.c | 250 +++ + crypto/fips/fips_rsa_selftest.c | 444 +++++++ + crypto/fips/fips_rsa_x931g.c | 282 ++++ + crypto/fips/fips_sha_selftest.c | 140 ++ + crypto/fips/fips_standalone_hmac.c | 180 ++ + crypto/fips/fips_test_suite.c | 588 +++++++++ + crypto/hmac/hmac.c | 27 + crypto/md2/md2_dgst.c | 7 + crypto/md4/md4_dgst.c | 2 + crypto/md5/md5_dgst.c | 2 + crypto/mdc2/mdc2dgst.c | 2 + crypto/o_fips.c | 2 + crypto/o_init.c | 48 + crypto/opensslconf.h | 3 + crypto/opensslconf.h.in | 15 + crypto/pkcs12/p12_crt.c | 4 + crypto/rand/md_rand.c | 5 + crypto/rand/rand.h | 28 + crypto/ripemd/rmd_dgst.c | 2 + crypto/rsa/rsa.h | 28 + crypto/rsa/rsa_crpt.c | 10 + crypto/rsa/rsa_eay.c | 81 + + crypto/rsa/rsa_err.c | 2 + crypto/rsa/rsa_gen.c | 106 + + crypto/rsa/rsa_lib.c | 35 + crypto/rsa/rsa_pmeth.c | 29 + crypto/rsa/rsa_sign.c | 10 + crypto/sha/sha.h | 11 + crypto/sha/sha256.c | 10 + crypto/sha/sha512.c | 10 + crypto/sha/sha_locl.h | 5 + crypto/whrlpool/wp_dgst.c | 2 + ssl/d1_srvr.c | 2 + ssl/ssl_algs.c | 50 + 112 files changed, 18073 insertions(+), 403 deletions(-) + +Index: openssl-1.0.1f/Configure =================================================================== ---- openssl-1.0.1e.orig/apps/pkcs12.c -+++ openssl-1.0.1e/apps/pkcs12.c +--- openssl-1.0.1f.orig/Configure 2014-01-09 23:16:35.000000000 +0000 ++++ openssl-1.0.1f/Configure 2014-01-09 23:16:45.000000000 +0000 +@@ -990,11 +990,6 @@ if (defined($disabled{"md5"}) || defined + $disabled{"ssl2"} = "forced"; + } + +-if ($fips && $fipslibdir eq "") +- { +- $fipslibdir = $fipsdir . "/lib/"; +- } +- + # RSAX ENGINE sets default non-FIPS RSA method. + if ($fips) + { +@@ -1469,7 +1464,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b + if ($fips) + { + $openssl_other_defines.="#define OPENSSL_FIPS\n"; +- $cflags .= " -I\$(FIPSDIR)/include"; + } + + $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); +@@ -1656,9 +1650,12 @@ while () + + s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; + s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; +- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; + s/^BASEADDR=.*/BASEADDR=$baseaddr/; + ++ if ($fips) ++ { ++ s/^FIPS=.*/FIPS=yes/; ++ } + s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; + s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); +Index: openssl-1.0.1f/Makefile.org +=================================================================== +--- openssl-1.0.1f.orig/Makefile.org 2014-01-09 23:16:41.000000000 +0000 ++++ openssl-1.0.1f/Makefile.org 2014-01-09 23:16:45.000000000 +0000 +@@ -135,6 +135,9 @@ FIPSCANLIB= + + BASEADDR= + ++# Non-empty if FIPS enabled ++FIPS= ++ + DIRS= crypto ssl engines apps test tools + ENGDIRS= ccgost + SHLIBDIRS= crypto ssl +@@ -147,7 +150,7 @@ SDIRS= \ + bn ec rsa dsa ecdsa dh ecdh dso engine \ + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ +- cms pqueue ts jpake srp store cmac ++ cms pqueue ts jpake srp store cmac fips + # keep in mind that the above list is adjusted by ./Configure + # according to no-xxx arguments... + +@@ -236,6 +239,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS + FIPSLIBDIR='${FIPSLIBDIR}' \ + FIPSDIR='${FIPSDIR}' \ + FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ ++ FIPS="$${FIPS:-$(FIPS)}" \ + THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= + # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, + # which in turn eliminates ambiguities in variable treatment with -e. +Index: openssl-1.0.1f/apps/pkcs12.c +=================================================================== +--- openssl-1.0.1f.orig/apps/pkcs12.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/apps/pkcs12.c 2014-01-09 23:16:45.000000000 +0000 @@ -67,6 +67,9 @@ #include #include @@ -12,9 +196,9 @@ Index: openssl-1.0.1e/apps/pkcs12.c #define PROG pkcs12_main -@@ -130,6 +133,11 @@ int MAIN(int argc, char **argv) - - apps_startup(); +@@ -137,6 +140,11 @@ int MAIN(int argc, char **argv) + #endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) @@ -24,10 +208,10 @@ Index: openssl-1.0.1e/apps/pkcs12.c enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); -Index: openssl-1.0.1e/apps/speed.c +Index: openssl-1.0.1f/apps/speed.c =================================================================== ---- openssl-1.0.1e.orig/apps/speed.c -+++ openssl-1.0.1e/apps/speed.c +--- openssl-1.0.1f.orig/apps/speed.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/apps/speed.c 2014-01-09 23:16:45.000000000 +0000 @@ -195,7 +195,6 @@ #ifdef OPENSSL_DOING_MAKEDEPEND #undef AES_set_encrypt_key @@ -153,48 +337,10 @@ Index: openssl-1.0.1e/apps/speed.c HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 16,EVP_md5(), NULL); -Index: openssl-1.0.1e/Configure +Index: openssl-1.0.1f/crypto/aes/aes_misc.c =================================================================== ---- openssl-1.0.1e.orig/Configure -+++ openssl-1.0.1e/Configure -@@ -990,11 +990,6 @@ if (defined($disabled{"md5"}) || defined - $disabled{"ssl2"} = "forced"; - } - --if ($fips && $fipslibdir eq "") -- { -- $fipslibdir = $fipsdir . "/lib/"; -- } -- - # RSAX ENGINE sets default non-FIPS RSA method. - if ($fips) - { -@@ -1469,7 +1464,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b - if ($fips) - { - $openssl_other_defines.="#define OPENSSL_FIPS\n"; -- $cflags .= " -I\$(FIPSDIR)/include"; - } - - $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1656,9 +1650,12 @@ while () - - s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; - s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; -- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; - s/^BASEADDR=.*/BASEADDR=$baseaddr/; - -+ if ($fips) -+ { -+ s/^FIPS=.*/FIPS=yes/; -+ } - s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; - s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.1e/crypto/aes/aes_misc.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/aes/aes_misc.c -+++ openssl-1.0.1e/crypto/aes/aes_misc.c +--- openssl-1.0.1f.orig/crypto/aes/aes_misc.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/aes/aes_misc.c 2014-01-09 23:16:45.000000000 +0000 @@ -69,17 +69,11 @@ const char *AES_options(void) { int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -213,10 +359,31 @@ Index: openssl-1.0.1e/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.1e/crypto/cmac/cmac.c +Index: openssl-1.0.1f/crypto/camellia/cmll_locl.h =================================================================== ---- openssl-1.0.1e.orig/crypto/cmac/cmac.c -+++ openssl-1.0.1e/crypto/cmac/cmac.c +--- openssl-1.0.1f.orig/crypto/camellia/cmll_locl.h 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/camellia/cmll_locl.h 2014-01-09 23:16:45.000000000 +0000 +@@ -68,7 +68,8 @@ + #ifndef HEADER_CAMELLIA_LOCL_H + #define HEADER_CAMELLIA_LOCL_H + +-#pragma GCC visibility push(hidden) ++/* we comment it for FIPS compiliation */ ++//#pragma GCC visibility push(hidden) + + typedef unsigned int u32; + typedef unsigned char u8; +@@ -85,5 +86,5 @@ void Camellia_DecryptBlock(int keyBitLen + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); + int private_Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); +-#pragma GCC visibility pop ++//#pragma GCC visibility pop + #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ +Index: openssl-1.0.1f/crypto/cmac/cmac.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/cmac/cmac.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/cmac/cmac.c 2014-01-09 23:16:45.000000000 +0000 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -265,10 +432,10 @@ Index: openssl-1.0.1e/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.1e/crypto/crypto.h +Index: openssl-1.0.1f/crypto/crypto.h =================================================================== ---- openssl-1.0.1e.orig/crypto/crypto.h -+++ openssl-1.0.1e/crypto/crypto.h +--- openssl-1.0.1f.orig/crypto/crypto.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/crypto.h 2014-01-09 23:16:45.000000000 +0000 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -314,10 +481,10 @@ Index: openssl-1.0.1e/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.1e/crypto/des/des.h +Index: openssl-1.0.1f/crypto/des/des.h =================================================================== ---- openssl-1.0.1e.orig/crypto/des/des.h -+++ openssl-1.0.1e/crypto/des/des.h +--- openssl-1.0.1f.orig/crypto/des/des.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/des/des.h 2014-01-09 23:16:45.000000000 +0000 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); @@ -328,10 +495,10 @@ Index: openssl-1.0.1e/crypto/des/des.h void DES_string_to_key(const char *str,DES_cblock *key); void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, -Index: openssl-1.0.1e/crypto/des/set_key.c +Index: openssl-1.0.1f/crypto/des/set_key.c =================================================================== ---- openssl-1.0.1e.orig/crypto/des/set_key.c -+++ openssl-1.0.1e/crypto/des/set_key.c +--- openssl-1.0.1f.orig/crypto/des/set_key.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/des/set_key.c 2014-01-09 23:16:45.000000000 +0000 @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -346,10 +513,23 @@ Index: openssl-1.0.1e/crypto/des/set_key.c { static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; -Index: openssl-1.0.1e/crypto/dh/dh_gen.c +Index: openssl-1.0.1f/crypto/dh/dh.h =================================================================== ---- openssl-1.0.1e.orig/crypto/dh/dh_gen.c -+++ openssl-1.0.1e/crypto/dh/dh_gen.c +--- openssl-1.0.1f.orig/crypto/dh/dh.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dh/dh.h 2014-01-09 23:16:45.000000000 +0000 +@@ -77,6 +77,8 @@ + # define OPENSSL_DH_MAX_MODULUS_BITS 10000 + #endif + ++#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 ++ + #define DH_FLAG_CACHE_MONT_P 0x01 + #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH + * implementation now uses constant time +Index: openssl-1.0.1f/crypto/dh/dh_gen.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/dh/dh_gen.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dh/dh_gen.c 2014-01-09 23:16:45.000000000 +0000 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if(ret->meth->generate_params) @@ -383,23 +563,10 @@ Index: openssl-1.0.1e/crypto/dh/dh_gen.c ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -Index: openssl-1.0.1e/crypto/dh/dh.h +Index: openssl-1.0.1f/crypto/dh/dh_key.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dh/dh.h -+++ openssl-1.0.1e/crypto/dh/dh.h -@@ -77,6 +77,8 @@ - # define OPENSSL_DH_MAX_MODULUS_BITS 10000 - #endif - -+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -+ - #define DH_FLAG_CACHE_MONT_P 0x01 - #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time -Index: openssl-1.0.1e/crypto/dh/dh_key.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/dh/dh_key.c -+++ openssl-1.0.1e/crypto/dh/dh_key.c +--- openssl-1.0.1f.orig/crypto/dh/dh_key.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dh/dh_key.c 2014-01-09 23:16:45.000000000 +0000 @@ -61,6 +61,9 @@ #include #include @@ -458,10 +625,10 @@ Index: openssl-1.0.1e/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -Index: openssl-1.0.1e/crypto/dh/dh_lib.c +Index: openssl-1.0.1f/crypto/dh/dh_lib.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dh/dh_lib.c -+++ openssl-1.0.1e/crypto/dh/dh_lib.c +--- openssl-1.0.1f.orig/crypto/dh/dh_lib.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dh/dh_lib.c 2014-01-09 23:16:45.000000000 +0000 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v { if(!default_DH_method) @@ -477,10 +644,74 @@ Index: openssl-1.0.1e/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.1e/crypto/dsa/dsa_err.c +Index: openssl-1.0.1f/crypto/dsa/dsa.h =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_err.c -+++ openssl-1.0.1e/crypto/dsa/dsa_err.c +--- openssl-1.0.1f.orig/crypto/dsa/dsa.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa.h 2014-01-09 23:16:45.000000000 +0000 +@@ -88,6 +88,8 @@ + # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 + #endif + ++#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 ++ + #define DSA_FLAG_CACHE_MONT_P 0x01 + #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA + * implementation now uses constant time +@@ -264,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x, + DH *DSA_dup_DH(const DSA *r); + #endif + ++#ifdef OPENSSL_FIPS ++int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, ++ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, ++ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); ++int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, ++ const EVP_MD *evpmd, unsigned char *seed, int seed_len, ++ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb); ++int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, ++ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb); ++#endif ++ + #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +@@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void); + #define DSA_F_DO_DSA_PRINT 104 + #define DSA_F_DSAPARAMS_PRINT 100 + #define DSA_F_DSAPARAMS_PRINT_FP 101 ++#define DSA_F_DSA_BUILTIN_KEYGEN 124 ++#define DSA_F_DSA_BUILTIN_PARAMGEN 123 + #define DSA_F_DSA_DO_SIGN 112 + #define DSA_F_DSA_DO_VERIFY 113 +-#define DSA_F_DSA_GENERATE_KEY 124 +-#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 ++#define DSA_F_DSA_GENERATE_KEY 126 ++#define DSA_F_DSA_GENERATE_PARAMETERS_EX 127 ++#define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125 + #define DSA_F_DSA_NEW_METHOD 103 + #define DSA_F_DSA_PARAM_DECODE 119 + #define DSA_F_DSA_PRINT_FP 105 +@@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void); + #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 + #define DSA_R_DECODE_ERROR 104 + #define DSA_R_INVALID_DIGEST_TYPE 106 ++#define DSA_R_KEY_SIZE_INVALID 113 ++#define DSA_R_KEY_SIZE_TOO_SMALL 110 + #define DSA_R_MISSING_PARAMETERS 101 + #define DSA_R_MODULUS_TOO_LARGE 103 +-#define DSA_R_NEED_NEW_SETUP_VALUES 110 ++#define DSA_R_NEED_NEW_SETUP_VALUES 112 + #define DSA_R_NON_FIPS_DSA_METHOD 111 ++#define DSA_R_NON_FIPS_METHOD 111 + #define DSA_R_NO_PARAMETERS_SET 107 ++#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112 + #define DSA_R_PARAMETER_ENCODING_ERROR 105 + + #ifdef __cplusplus +Index: openssl-1.0.1f/crypto/dsa/dsa_err.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/dsa/dsa_err.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_err.c 2014-01-09 23:16:45.000000000 +0000 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -499,10 +730,10 @@ Index: openssl-1.0.1e/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, -Index: openssl-1.0.1e/crypto/dsa/dsa_gen.c +Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_gen.c -+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c +--- openssl-1.0.1f.orig/crypto/dsa/dsa_gen.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_gen.c 2014-01-09 23:16:45.000000000 +0000 @@ -85,6 +85,14 @@ #include #endif @@ -909,74 +1140,10 @@ Index: openssl-1.0.1e/crypto/dsa/dsa_gen.c } if (mont != NULL) BN_MONT_CTX_free(mont); return ok; -Index: openssl-1.0.1e/crypto/dsa/dsa.h +Index: openssl-1.0.1f/crypto/dsa/dsa_key.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa.h -+++ openssl-1.0.1e/crypto/dsa/dsa.h -@@ -88,6 +88,8 @@ - # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 - #endif - -+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -+ - #define DSA_FLAG_CACHE_MONT_P 0x01 - #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA - * implementation now uses constant time -@@ -264,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x, - DH *DSA_dup_DH(const DSA *r); - #endif - -+#ifdef OPENSSL_FIPS -+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, -+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, unsigned char *seed, int seed_len, -+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb); -+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, -+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb); -+#endif -+ - #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) -@@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void); - #define DSA_F_DO_DSA_PRINT 104 - #define DSA_F_DSAPARAMS_PRINT 100 - #define DSA_F_DSAPARAMS_PRINT_FP 101 -+#define DSA_F_DSA_BUILTIN_KEYGEN 124 -+#define DSA_F_DSA_BUILTIN_PARAMGEN 123 - #define DSA_F_DSA_DO_SIGN 112 - #define DSA_F_DSA_DO_VERIFY 113 --#define DSA_F_DSA_GENERATE_KEY 124 --#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 -+#define DSA_F_DSA_GENERATE_KEY 126 -+#define DSA_F_DSA_GENERATE_PARAMETERS_EX 127 -+#define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125 - #define DSA_F_DSA_NEW_METHOD 103 - #define DSA_F_DSA_PARAM_DECODE 119 - #define DSA_F_DSA_PRINT_FP 105 -@@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void); - #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - #define DSA_R_DECODE_ERROR 104 - #define DSA_R_INVALID_DIGEST_TYPE 106 -+#define DSA_R_KEY_SIZE_INVALID 113 -+#define DSA_R_KEY_SIZE_TOO_SMALL 110 - #define DSA_R_MISSING_PARAMETERS 101 - #define DSA_R_MODULUS_TOO_LARGE 103 --#define DSA_R_NEED_NEW_SETUP_VALUES 110 -+#define DSA_R_NEED_NEW_SETUP_VALUES 112 - #define DSA_R_NON_FIPS_DSA_METHOD 111 -+#define DSA_R_NON_FIPS_METHOD 111 - #define DSA_R_NO_PARAMETERS_SET 107 -+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112 - #define DSA_R_PARAMETER_ENCODING_ERROR 105 - - #ifdef __cplusplus -Index: openssl-1.0.1e/crypto/dsa/dsa_key.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_key.c -+++ openssl-1.0.1e/crypto/dsa/dsa_key.c +--- openssl-1.0.1f.orig/crypto/dsa/dsa_key.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_key.c 2014-01-09 23:16:45.000000000 +0000 @@ -66,6 +66,35 @@ #ifdef OPENSSL_FIPS @@ -1055,10 +1222,10 @@ Index: openssl-1.0.1e/crypto/dsa/dsa_key.c ok=1; err: -Index: openssl-1.0.1e/crypto/dsa/dsa_lib.c +Index: openssl-1.0.1f/crypto/dsa/dsa_lib.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_lib.c -+++ openssl-1.0.1e/crypto/dsa/dsa_lib.c +--- openssl-1.0.1f.orig/crypto/dsa/dsa_lib.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_lib.c 2014-01-09 23:16:45.000000000 +0000 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method { if(!default_DSA_method) @@ -1074,10 +1241,20 @@ Index: openssl-1.0.1e/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.1e/crypto/dsa/dsa_ossl.c +Index: openssl-1.0.1f/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_ossl.c -+++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c +--- openssl-1.0.1f.orig/crypto/dsa/dsa_locl.h 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_locl.h 2014-01-09 23:16:45.000000000 +0000 +@@ -56,5 +56,4 @@ + + int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, +- unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden"))); +Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2014-01-09 23:16:45.000000000 +0000 @@ -65,6 +65,9 @@ #include #include @@ -1151,10 +1328,10 @@ Index: openssl-1.0.1e/crypto/dsa/dsa_ossl.c dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -Index: openssl-1.0.1e/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.1f/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_pmeth.c -+++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.1f.orig/crypto/dsa/dsa_pmeth.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsa_pmeth.c 2014-01-09 23:16:45.000000000 +0000 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1164,10 +1341,10 @@ Index: openssl-1.0.1e/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.1e/crypto/dsa/dsatest.c +Index: openssl-1.0.1f/crypto/dsa/dsatest.c =================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsatest.c -+++ openssl-1.0.1e/crypto/dsa/dsatest.c +--- openssl-1.0.1f.orig/crypto/dsa/dsatest.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/dsa/dsatest.c 2014-01-09 23:16:45.000000000 +0000 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1252,10 +1429,10 @@ Index: openssl-1.0.1e/crypto/dsa/dsatest.c goto end; } if (h != 2) -Index: openssl-1.0.1e/crypto/engine/eng_all.c +Index: openssl-1.0.1f/crypto/engine/eng_all.c =================================================================== ---- openssl-1.0.1e.orig/crypto/engine/eng_all.c -+++ openssl-1.0.1e/crypto/engine/eng_all.c +--- openssl-1.0.1f.orig/crypto/engine/eng_all.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/engine/eng_all.c 2014-01-09 23:16:45.000000000 +0000 @@ -58,11 +58,25 @@ #include "cryptlib.h" @@ -1282,10 +1459,32 @@ Index: openssl-1.0.1e/crypto/engine/eng_all.c #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -Index: openssl-1.0.1e/crypto/evp/c_allc.c +Index: openssl-1.0.1f/crypto/evp/Makefile =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/c_allc.c -+++ openssl-1.0.1e/crypto/evp/c_allc.c +--- openssl-1.0.1f.orig/crypto/evp/Makefile 2014-01-06 14:36:01.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/Makefile 2014-01-09 23:16:45.000000000 +0000 +@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ + bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ + c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ + evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ +- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \ ++ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ + e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c + + LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ +@@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_ + bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ + c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ + evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ +- e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \ ++ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \ + e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o + + SRC= $(LIBSRC) +Index: openssl-1.0.1f/crypto/evp/c_allc.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/evp/c_allc.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/c_allc.c 2014-01-09 23:16:45.000000000 +0000 @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -1359,10 +1558,10 @@ Index: openssl-1.0.1e/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.1e/crypto/evp/c_alld.c +Index: openssl-1.0.1f/crypto/evp/c_alld.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/c_alld.c -+++ openssl-1.0.1e/crypto/evp/c_alld.c +--- openssl-1.0.1f.orig/crypto/evp/c_alld.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/c_alld.c 2014-01-09 23:16:45.000000000 +0000 @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -1408,10 +1607,10 @@ Index: openssl-1.0.1e/crypto/evp/c_alld.c + } +#endif } -Index: openssl-1.0.1e/crypto/evp/digest.c +Index: openssl-1.0.1f/crypto/evp/digest.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/digest.c -+++ openssl-1.0.1e/crypto/evp/digest.c +--- openssl-1.0.1f.orig/crypto/evp/digest.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/digest.c 2014-01-09 23:16:45.000000000 +0000 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1534,7 +1733,7 @@ Index: openssl-1.0.1e/crypto/evp/digest.c } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) -@@ -373,7 +414,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +@@ -376,7 +417,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) /* This call frees resources associated with the context */ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { @@ -1542,7 +1741,7 @@ Index: openssl-1.0.1e/crypto/evp/digest.c /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, * because sometimes only copies of the context are ever finalised. */ -@@ -386,7 +426,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +@@ -389,7 +429,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } @@ -1550,7 +1749,7 @@ Index: openssl-1.0.1e/crypto/evp/digest.c if (ctx->pctx) EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE -@@ -395,9 +434,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +@@ -398,9 +437,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); #endif @@ -1560,10 +1759,10 @@ Index: openssl-1.0.1e/crypto/evp/digest.c memset(ctx,'\0',sizeof *ctx); return 1; -Index: openssl-1.0.1e/crypto/evp/e_aes.c +Index: openssl-1.0.1f/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/e_aes.c -+++ openssl-1.0.1e/crypto/evp/e_aes.c +--- openssl-1.0.1f.orig/crypto/evp/e_aes.c 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/e_aes.c 2014-01-09 23:16:45.000000000 +0000 @@ -56,7 +56,6 @@ #include #include @@ -1581,7 +1780,7 @@ Index: openssl-1.0.1e/crypto/evp/e_aes.c && arg < 12) return 0; #endif -@@ -1138,7 +1137,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1144,7 +1143,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; #ifdef OPENSSL_FIPS /* Requirement of SP800-38E */ @@ -1590,15 +1789,15 @@ Index: openssl-1.0.1e/crypto/evp/e_aes.c (len > (1UL<<20)*16)) { EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); -@@ -1321,4 +1320,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm +@@ -1327,4 +1326,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif -#endif -Index: openssl-1.0.1e/crypto/evp/e_des3.c +Index: openssl-1.0.1f/crypto/evp/e_des3.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/e_des3.c -+++ openssl-1.0.1e/crypto/evp/e_des3.c +--- openssl-1.0.1f.orig/crypto/evp/e_des3.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/e_des3.c 2014-01-09 23:16:45.000000000 +0000 @@ -65,8 +65,6 @@ #include #include @@ -1657,10 +1856,10 @@ Index: openssl-1.0.1e/crypto/evp/e_des3.c } #endif -#endif -Index: openssl-1.0.1e/crypto/evp/e_null.c +Index: openssl-1.0.1f/crypto/evp/e_null.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/e_null.c -+++ openssl-1.0.1e/crypto/evp/e_null.c +--- openssl-1.0.1f.orig/crypto/evp/e_null.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/e_null.c 2014-01-09 23:16:45.000000000 +0000 @@ -61,8 +61,6 @@ #include #include @@ -1684,10 +1883,66 @@ Index: openssl-1.0.1e/crypto/evp/e_null.c return 1; } -#endif -Index: openssl-1.0.1e/crypto/evp/evp_enc.c +Index: openssl-1.0.1f/crypto/evp/evp.h =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/evp_enc.c -+++ openssl-1.0.1e/crypto/evp/evp_enc.c +--- openssl-1.0.1f.orig/crypto/evp/evp.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/evp.h 2014-01-09 23:16:45.000000000 +0000 +@@ -75,6 +75,10 @@ + #include + #endif + ++#ifdef OPENSSL_FIPS ++#include ++#endif ++ + /* + #define EVP_RC2_KEY_SIZE 16 + #define EVP_RC4_KEY_SIZE 16 +@@ -282,10 +286,6 @@ struct env_md_ctx_st + * cleaned */ + #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data + * in EVP_MD_CTX_cleanup */ +-/* FIPS and pad options are ignored in 1.0.0, definitions are here +- * so we don't accidentally reuse the values for other purposes. +- */ +- + #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ + +@@ -297,6 +297,10 @@ struct env_md_ctx_st + #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ + #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ + #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ ++#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ ++ ((ctx->flags>>16) &0xFFFF) /* seed length */ ++#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ ++#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ + + #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ + +@@ -348,15 +352,15 @@ struct evp_cipher_st + /* cipher handles random key generation */ + #define EVP_CIPH_RAND_KEY 0x200 + /* cipher has its own additional copying logic */ +-#define EVP_CIPH_CUSTOM_COPY 0x400 ++#define EVP_CIPH_CUSTOM_COPY 0x4000 + /* Allow use default ASN1 get/set iv */ + #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 + /* Buffer length in bits not bytes: CFB1 mode only */ + #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 + /* Note if suitable for use in FIPS mode */ +-#define EVP_CIPH_FLAG_FIPS 0x4000 ++#define EVP_CIPH_FLAG_FIPS 0x400 + /* Allow non FIPS cipher in FIPS mode */ +-#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 ++#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 + /* Cipher handles any and all padding logic as well + * as finalisation. + */ +Index: openssl-1.0.1f/crypto/evp/evp_enc.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/evp/evp_enc.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/evp_enc.c 2014-01-09 23:16:45.000000000 +0000 @@ -69,17 +69,58 @@ #endif #include "evp_locl.h" @@ -1836,66 +2091,10 @@ Index: openssl-1.0.1e/crypto/evp/evp_enc.c memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.1e/crypto/evp/evp.h +Index: openssl-1.0.1f/crypto/evp/evp_lib.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/evp.h -+++ openssl-1.0.1e/crypto/evp/evp.h -@@ -75,6 +75,10 @@ - #include - #endif - -+#ifdef OPENSSL_FIPS -+#include -+#endif -+ - /* - #define EVP_RC2_KEY_SIZE 16 - #define EVP_RC4_KEY_SIZE 16 -@@ -282,10 +286,6 @@ struct env_md_ctx_st - * cleaned */ - #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data - * in EVP_MD_CTX_cleanup */ --/* FIPS and pad options are ignored in 1.0.0, definitions are here -- * so we don't accidentally reuse the values for other purposes. -- */ -- - #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest - * in FIPS mode */ - -@@ -297,6 +297,10 @@ struct env_md_ctx_st - #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ - #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ - #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ -+#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ -+ ((ctx->flags>>16) &0xFFFF) /* seed length */ -+#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ -+#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ - - #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ - -@@ -348,15 +352,15 @@ struct evp_cipher_st - /* cipher handles random key generation */ - #define EVP_CIPH_RAND_KEY 0x200 - /* cipher has its own additional copying logic */ --#define EVP_CIPH_CUSTOM_COPY 0x400 -+#define EVP_CIPH_CUSTOM_COPY 0x4000 - /* Allow use default ASN1 get/set iv */ - #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 - /* Buffer length in bits not bytes: CFB1 mode only */ - #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 - /* Note if suitable for use in FIPS mode */ --#define EVP_CIPH_FLAG_FIPS 0x4000 -+#define EVP_CIPH_FLAG_FIPS 0x400 - /* Allow non FIPS cipher in FIPS mode */ --#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 -+#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 - /* Cipher handles any and all padding logic as well - * as finalisation. - */ -Index: openssl-1.0.1e/crypto/evp/evp_lib.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/evp/evp_lib.c -+++ openssl-1.0.1e/crypto/evp/evp_lib.c +--- openssl-1.0.1f.orig/crypto/evp/evp_lib.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/evp_lib.c 2014-01-09 23:16:45.000000000 +0000 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1906,32 +2105,34 @@ Index: openssl-1.0.1e/crypto/evp/evp_lib.c return ctx->cipher->do_cipher(ctx,out,in,inl); } -Index: openssl-1.0.1e/crypto/evp/Makefile +Index: openssl-1.0.1f/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/Makefile -+++ openssl-1.0.1e/crypto/evp/Makefile -@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ - bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ - c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ - evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ -- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \ -+ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ - e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c +--- openssl-1.0.1f.orig/crypto/evp/evp_locl.h 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/evp_locl.h 2014-01-09 23:16:45.000000000 +0000 +@@ -371,11 +371,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ + #define MD2_Init private_MD2_Init + #define MDC2_Init private_MDC2_Init + #define SHA_Init private_SHA_Init +-#define SHA1_Init private_SHA1_Init +-#define SHA224_Init private_SHA224_Init +-#define SHA256_Init private_SHA256_Init +-#define SHA384_Init private_SHA384_Init +-#define SHA512_Init private_SHA512_Init - LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ -@@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_ - bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ - c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ - evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ -- e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \ -+ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \ - e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o + #define BF_set_key private_BF_set_key + #define CAST_set_key private_CAST_set_key +@@ -383,7 +378,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ + #define SEED_set_key private_SEED_set_key + #define RC2_set_key private_RC2_set_key + #define RC4_set_key private_RC4_set_key +-#define DES_set_key_unchecked private_DES_set_key_unchecked + #define Camellia_set_key private_Camellia_set_key - SRC= $(LIBSRC) -Index: openssl-1.0.1e/crypto/evp/m_dss.c + #endif +Index: openssl-1.0.1f/crypto/evp/m_dss.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/m_dss.c -+++ openssl-1.0.1e/crypto/evp/m_dss.c +--- openssl-1.0.1f.orig/crypto/evp/m_dss.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/m_dss.c 2014-01-09 23:16:45.000000000 +0000 @@ -66,7 +66,6 @@ #endif @@ -1954,10 +2155,10 @@ Index: openssl-1.0.1e/crypto/evp/m_dss.c } #endif -#endif -Index: openssl-1.0.1e/crypto/evp/m_dss1.c +Index: openssl-1.0.1f/crypto/evp/m_dss1.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/m_dss1.c -+++ openssl-1.0.1e/crypto/evp/m_dss1.c +--- openssl-1.0.1f.orig/crypto/evp/m_dss1.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/m_dss1.c 2014-01-09 23:16:45.000000000 +0000 @@ -68,8 +68,6 @@ #include #endif @@ -1981,10 +2182,10 @@ Index: openssl-1.0.1e/crypto/evp/m_dss1.c } #endif -#endif -Index: openssl-1.0.1e/crypto/evp/m_md2.c +Index: openssl-1.0.1f/crypto/evp/m_md2.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/m_md2.c -+++ openssl-1.0.1e/crypto/evp/m_md2.c +--- openssl-1.0.1f.orig/crypto/evp/m_md2.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/m_md2.c 2014-01-09 23:16:46.000000000 +0000 @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -1993,10 +2194,10 @@ Index: openssl-1.0.1e/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -Index: openssl-1.0.1e/crypto/evp/m_sha1.c +Index: openssl-1.0.1f/crypto/evp/m_sha1.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/m_sha1.c -+++ openssl-1.0.1e/crypto/evp/m_sha1.c +--- openssl-1.0.1f.orig/crypto/evp/m_sha1.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/m_sha1.c 2014-01-09 23:16:46.000000000 +0000 @@ -59,8 +59,6 @@ #include #include "cryptlib.h" @@ -2061,10 +2262,10 @@ Index: openssl-1.0.1e/crypto/evp/m_sha1.c #endif /* ifndef OPENSSL_NO_SHA512 */ -#endif -Index: openssl-1.0.1e/crypto/evp/p_sign.c +Index: openssl-1.0.1f/crypto/evp/p_sign.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/p_sign.c -+++ openssl-1.0.1e/crypto/evp/p_sign.c +--- openssl-1.0.1f.orig/crypto/evp/p_sign.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/p_sign.c 2014-01-09 23:16:46.000000000 +0000 @@ -61,6 +61,7 @@ #include #include @@ -2096,10 +2297,10 @@ Index: openssl-1.0.1e/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.1e/crypto/evp/p_verify.c +Index: openssl-1.0.1f/crypto/evp/p_verify.c =================================================================== ---- openssl-1.0.1e.orig/crypto/evp/p_verify.c -+++ openssl-1.0.1e/crypto/evp/p_verify.c +--- openssl-1.0.1f.orig/crypto/evp/p_verify.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/evp/p_verify.c 2014-01-09 23:16:46.000000000 +0000 @@ -61,6 +61,7 @@ #include #include @@ -2131,10 +2332,355 @@ Index: openssl-1.0.1e/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c +Index: openssl-1.0.1f/crypto/fips/Makefile =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/Makefile 2014-01-09 23:16:46.000000000 +0000 +@@ -0,0 +1,340 @@ ++# ++# OpenSSL/crypto/fips/Makefile ++# ++ ++DIR= fips ++TOP= ../.. ++CC= cc ++INCLUDES= ++CFLAG=-g ++MAKEFILE= Makefile ++AR= ar r ++ ++CFLAGS= $(INCLUDES) $(CFLAG) ++ ++GENERAL=Makefile ++TEST=fips_test_suite.c fips_randtest.c ++APPS= ++ ++PROGRAM= fips_standalone_hmac ++EXE= $(PROGRAM)$(EXE_EXT) ++ ++LIB=$(TOP)/libcrypto.a ++LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \ ++ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ ++ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ ++ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ ++ fips_cmac_selftest.c fips_enc.c fips_md.c ++ ++LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ ++ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ ++ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ ++ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ ++ fips_cmac_selftest.o fips_enc.o fips_md.o ++ ++LIBCRYPTO=-L.. -lcrypto ++ ++SRC= $(LIBSRC) fips_standalone_hmac.c ++ ++EXHEADER= fips.h fips_rand.h ++HEADER= $(EXHEADER) ++ ++ALL= $(GENERAL) $(SRC) $(HEADER) ++ ++top: ++ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) ++ ++all: lib exe ++ ++lib: $(LIBOBJ) ++ $(AR) $(LIB) $(LIBOBJ) ++ $(RANLIB) $(LIB) || echo Never mind. ++ @touch lib ++ ++exe: $(EXE) ++ ++files: ++ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO ++ ++links: ++ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) ++ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) ++ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) ++ ++install: ++ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... ++ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ ++ do \ ++ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ ++ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ ++ done; ++ ++tags: ++ ctags $(SRC) ++ ++tests: ++ ++lint: ++ lint -DLINT $(INCLUDES) $(SRC)>fluff ++ ++depend: ++ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... ++ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) ++ ++dclean: ++ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new ++ mv -f Makefile.new $(MAKEFILE) ++ ++clean: ++ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff ++ ++$(EXE): $(PROGRAM).o ++ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \ ++ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM ++ ++# DO NOT DELETE THIS LINE -- make depend depends on it. ++ ++fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h ++fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ++fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ++fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ++fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h ++fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ++fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h ++fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_aes_selftest.o: ../../include/openssl/crypto.h ++fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_aes_selftest.o: ../../include/openssl/lhash.h ++fips_aes_selftest.o: ../../include/openssl/obj_mac.h ++fips_aes_selftest.o: ../../include/openssl/objects.h ++fips_aes_selftest.o: ../../include/openssl/opensslconf.h ++fips_aes_selftest.o: ../../include/openssl/opensslv.h ++fips_aes_selftest.o: ../../include/openssl/ossl_typ.h ++fips_aes_selftest.o: ../../include/openssl/safestack.h ++fips_aes_selftest.o: ../../include/openssl/stack.h ++fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c ++fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_des_selftest.o: ../../include/openssl/crypto.h ++fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_des_selftest.o: ../../include/openssl/lhash.h ++fips_des_selftest.o: ../../include/openssl/obj_mac.h ++fips_des_selftest.o: ../../include/openssl/objects.h ++fips_des_selftest.o: ../../include/openssl/opensslconf.h ++fips_des_selftest.o: ../../include/openssl/opensslv.h ++fips_des_selftest.o: ../../include/openssl/ossl_typ.h ++fips_des_selftest.o: ../../include/openssl/safestack.h ++fips_des_selftest.o: ../../include/openssl/stack.h ++fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c ++fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h ++fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h ++fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h ++fips_drbg_ctr.o: ../../include/openssl/objects.h ++fips_drbg_ctr.o: ../../include/openssl/opensslconf.h ++fips_drbg_ctr.o: ../../include/openssl/opensslv.h ++fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h ++fips_drbg_ctr.o: ../../include/openssl/safestack.h ++fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ++fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h ++fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h ++fips_drbg_hash.o: ../../include/openssl/fips.h ++fips_drbg_hash.o: ../../include/openssl/fips_rand.h ++fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h ++fips_drbg_hash.o: ../../include/openssl/objects.h ++fips_drbg_hash.o: ../../include/openssl/opensslconf.h ++fips_drbg_hash.o: ../../include/openssl/opensslv.h ++fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h ++fips_drbg_hash.o: ../../include/openssl/safestack.h ++fips_drbg_hash.o: ../../include/openssl/stack.h ++fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c ++fips_drbg_hash.o: fips_rand_lcl.h ++fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h ++fips_drbg_hmac.o: ../../include/openssl/fips.h ++fips_drbg_hmac.o: ../../include/openssl/fips_rand.h ++fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h ++fips_drbg_hmac.o: ../../include/openssl/objects.h ++fips_drbg_hmac.o: ../../include/openssl/opensslconf.h ++fips_drbg_hmac.o: ../../include/openssl/opensslv.h ++fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h ++fips_drbg_hmac.o: ../../include/openssl/safestack.h ++fips_drbg_hmac.o: ../../include/openssl/stack.h ++fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c ++fips_drbg_hmac.o: fips_rand_lcl.h ++fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h ++fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ++fips_drbg_lib.o: ../../include/openssl/objects.h ++fips_drbg_lib.o: ../../include/openssl/opensslconf.h ++fips_drbg_lib.o: ../../include/openssl/opensslv.h ++fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h ++fips_drbg_lib.o: ../../include/openssl/safestack.h ++fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ++fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h ++fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_drbg_rand.o: ../../include/openssl/fips_rand.h ++fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h ++fips_drbg_rand.o: ../../include/openssl/obj_mac.h ++fips_drbg_rand.o: ../../include/openssl/objects.h ++fips_drbg_rand.o: ../../include/openssl/opensslconf.h ++fips_drbg_rand.o: ../../include/openssl/opensslv.h ++fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h ++fips_drbg_rand.o: ../../include/openssl/safestack.h ++fips_drbg_rand.o: ../../include/openssl/stack.h ++fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c ++fips_drbg_rand.o: fips_rand_lcl.h ++fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_drbg_selftest.o: ../../include/openssl/bio.h ++fips_drbg_selftest.o: ../../include/openssl/crypto.h ++fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_drbg_selftest.o: ../../include/openssl/fips_rand.h ++fips_drbg_selftest.o: ../../include/openssl/hmac.h ++fips_drbg_selftest.o: ../../include/openssl/lhash.h ++fips_drbg_selftest.o: ../../include/openssl/obj_mac.h ++fips_drbg_selftest.o: ../../include/openssl/objects.h ++fips_drbg_selftest.o: ../../include/openssl/opensslconf.h ++fips_drbg_selftest.o: ../../include/openssl/opensslv.h ++fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h ++fips_drbg_selftest.o: ../../include/openssl/rand.h ++fips_drbg_selftest.o: ../../include/openssl/safestack.h ++fips_drbg_selftest.o: ../../include/openssl/stack.h ++fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c ++fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h ++fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ++fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h ++fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h ++fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h ++fips_dsa_selftest.o: ../../include/openssl/obj_mac.h ++fips_dsa_selftest.o: ../../include/openssl/objects.h ++fips_dsa_selftest.o: ../../include/openssl/opensslconf.h ++fips_dsa_selftest.o: ../../include/openssl/opensslv.h ++fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h ++fips_dsa_selftest.o: ../../include/openssl/safestack.h ++fips_dsa_selftest.o: ../../include/openssl/stack.h ++fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c ++fips_dsa_selftest.o: fips_locl.h ++fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_hmac_selftest.o: ../../include/openssl/crypto.h ++fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_hmac_selftest.o: ../../include/openssl/hmac.h ++fips_hmac_selftest.o: ../../include/openssl/lhash.h ++fips_hmac_selftest.o: ../../include/openssl/obj_mac.h ++fips_hmac_selftest.o: ../../include/openssl/objects.h ++fips_hmac_selftest.o: ../../include/openssl/opensslconf.h ++fips_hmac_selftest.o: ../../include/openssl/opensslv.h ++fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h ++fips_hmac_selftest.o: ../../include/openssl/safestack.h ++fips_hmac_selftest.o: ../../include/openssl/stack.h ++fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c ++fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ++fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h ++fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h ++fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h ++fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h ++fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ++fips_post.o: ../../include/openssl/opensslconf.h ++fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ++fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h ++fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ++fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c ++fips_rand.o: ../../e_os.h ../../include/openssl/aes.h ++fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ++fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h ++fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h ++fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h ++fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ++fips_rand.o: ../../include/openssl/opensslconf.h ++fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ++fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h ++fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ++fips_rand.o: fips_locl.h fips_rand.c ++fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h ++fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ++fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h ++fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h ++fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h ++fips_rand_lib.o: ../../include/openssl/obj_mac.h ++fips_rand_lib.o: ../../include/openssl/objects.h ++fips_rand_lib.o: ../../include/openssl/opensslconf.h ++fips_rand_lib.o: ../../include/openssl/opensslv.h ++fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h ++fips_rand_lib.o: ../../include/openssl/safestack.h ++fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ++fips_rand_lib.o: fips_rand_lib.c ++fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h ++fips_rand_selftest.o: ../../include/openssl/bio.h ++fips_rand_selftest.o: ../../include/openssl/crypto.h ++fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_rand_selftest.o: ../../include/openssl/fips_rand.h ++fips_rand_selftest.o: ../../include/openssl/hmac.h ++fips_rand_selftest.o: ../../include/openssl/lhash.h ++fips_rand_selftest.o: ../../include/openssl/obj_mac.h ++fips_rand_selftest.o: ../../include/openssl/objects.h ++fips_rand_selftest.o: ../../include/openssl/opensslconf.h ++fips_rand_selftest.o: ../../include/openssl/opensslv.h ++fips_rand_selftest.o: ../../include/openssl/ossl_typ.h ++fips_rand_selftest.o: ../../include/openssl/rand.h ++fips_rand_selftest.o: ../../include/openssl/safestack.h ++fips_rand_selftest.o: ../../include/openssl/stack.h ++fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h ++fips_rand_selftest.o: fips_rand_selftest.c ++fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ++fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_rsa_selftest.o: ../../include/openssl/lhash.h ++fips_rsa_selftest.o: ../../include/openssl/obj_mac.h ++fips_rsa_selftest.o: ../../include/openssl/objects.h ++fips_rsa_selftest.o: ../../include/openssl/opensslconf.h ++fips_rsa_selftest.o: ../../include/openssl/opensslv.h ++fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h ++fips_rsa_selftest.o: ../../include/openssl/rsa.h ++fips_rsa_selftest.o: ../../include/openssl/safestack.h ++fips_rsa_selftest.o: ../../include/openssl/stack.h ++fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c ++fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ++fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h ++fips_rsa_x931g.o: ../../include/openssl/opensslconf.h ++fips_rsa_x931g.o: ../../include/openssl/opensslv.h ++fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h ++fips_rsa_x931g.o: ../../include/openssl/safestack.h ++fips_rsa_x931g.o: ../../include/openssl/stack.h ++fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c ++fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ++fips_sha_selftest.o: ../../include/openssl/crypto.h ++fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ++fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h ++fips_sha_selftest.o: ../../include/openssl/lhash.h ++fips_sha_selftest.o: ../../include/openssl/obj_mac.h ++fips_sha_selftest.o: ../../include/openssl/objects.h ++fips_sha_selftest.o: ../../include/openssl/opensslconf.h ++fips_sha_selftest.o: ../../include/openssl/opensslv.h ++fips_sha_selftest.o: ../../include/openssl/ossl_typ.h ++fips_sha_selftest.o: ../../include/openssl/safestack.h ++fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ++fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_aesavs.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_aesavs.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3075,10 +3621,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_cmactest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_cmactest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,517 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3597,10 +4143,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_desmovs.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_desmovs.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -4304,10 +4850,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_dhvs.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_dhvs.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,292 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4601,10 +5147,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_drbgvs.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_drbgvs.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,416 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5022,10 +5568,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_dssvs.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_dssvs.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,537 @@ +#include + @@ -5564,10 +6110,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_gcmtest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_gcmtest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,571 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6140,10 +6686,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c +} + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_rngvs.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_rngvs.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -6375,10 +6921,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c + return 0; + } +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_rsagtest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_rsagtest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6770,10 +7316,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_rsastest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_rsastest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7145,10 +7691,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c + return ret; + } +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_rsavtest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_rsavtest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7527,10 +8073,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c + return ret; + } +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c +Index: openssl-1.0.1f/crypto/fips/cavs/fips_shatest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_shatest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7920,10 +8466,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/cavs/fips_utl.h +Index: openssl-1.0.1f/crypto/fips/cavs/fips_utl.h =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/cavs/fips_utl.h 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -8268,374 +8814,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_utl.h +#endif + } + -Index: openssl-1.0.1e/crypto/fips/fips_aes_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c -@@ -0,0 +1,359 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#ifdef OPENSSL_FIPS -+#include -+#endif -+#include -+ -+#ifdef OPENSSL_FIPS -+static const struct -+ { -+ const unsigned char key[16]; -+ const unsigned char plaintext[16]; -+ const unsigned char ciphertext[16]; -+ } tests[]= -+ { -+ { -+ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, -+ 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }, -+ { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, -+ 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF }, -+ { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30, -+ 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A }, -+ }, -+ }; -+ -+static int corrupt_aes; -+ -+void FIPS_corrupt_aes() -+ { -+ corrupt_aes = 1; -+ } -+ -+int FIPS_selftest_aes() -+ { -+ int n; -+ int ret = 0; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ -+ for(n=0 ; n < 1 ; ++n) -+ { -+ unsigned char key[16]; -+ -+ memcpy(key, tests[n].key, sizeof(key)); -+ if (corrupt_aes) -+ key[0]++; -+ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(), -+ key, NULL, -+ tests[n].plaintext, -+ tests[n].ciphertext, -+ 16) <= 0) -+ goto err; -+ } -+ ret = 1; -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ if (ret == 0) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED); -+ return ret; -+ } -+ -+/* AES-CCM test data from NIST public test vectors */ -+ -+static const unsigned char ccm_key[] = { -+ 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6, -+ 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8 -+}; -+static const unsigned char ccm_nonce[] = { -+ 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7 -+}; -+static const unsigned char ccm_adata[] = { -+ 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7, -+ 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5, -+ 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4 -+}; -+static const unsigned char ccm_pt[] = { -+ 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f, -+ 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10 -+}; -+static const unsigned char ccm_ct[] = { -+ 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2, -+ 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd -+}; -+static const unsigned char ccm_tag[] = { -+ 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44, -+ 0x14,0xdb,0x50,0x6d -+}; -+ -+int FIPS_selftest_aes_ccm(void) -+ { -+ int ret = 0; -+ unsigned char out[128], tag[16]; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ memset(out, 0, sizeof(out)); -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(),NULL, NULL, NULL, 1)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, -+ sizeof(ccm_nonce), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, -+ sizeof(ccm_tag), NULL)) -+ goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) -+ goto err; -+ if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) -+ goto err; -+ -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) -+ goto err; -+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) -+ || memcmp(out, ccm_ct, sizeof(ccm_ct))) -+ goto err; -+ -+ memset(out, 0, sizeof(out)); -+ -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, -+ sizeof(ccm_nonce), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) -+ goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) -+ goto err; -+ if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) -+ goto err; -+ -+ if (memcmp(out, ccm_pt, sizeof(ccm_pt))) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ -+ if (ret == 0) -+ { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ else -+ return ret; -+ -+ } -+ -+/* AES-GCM test data from NIST public test vectors */ -+ -+static const unsigned char gcm_key[] = { -+ 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66, -+ 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69, -+ 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f -+}; -+static const unsigned char gcm_iv[] = { -+ 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84 -+}; -+static const unsigned char gcm_pt[] = { -+ 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea, -+ 0xcc,0x2b,0xf2,0xa5 -+}; -+static const unsigned char gcm_aad[] = { -+ 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43, -+ 0x7f,0xec,0x78,0xde -+}; -+static const unsigned char gcm_ct[] = { -+ 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e, -+ 0xb9,0xf2,0x17,0x36 -+}; -+static const unsigned char gcm_tag[] = { -+ 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62, -+ 0x98,0xf7,0x7e,0x0c -+}; -+ -+int FIPS_selftest_aes_gcm(void) -+ { -+ int ret = 0; -+ unsigned char out[128], tag[16]; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ memset(out, 0, sizeof(out)); -+ memset(tag, 0, sizeof(tag)); -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, -+ sizeof(gcm_iv), NULL)) -+ goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) -+ goto err; -+ if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) -+ goto err; -+ -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) -+ goto err; -+ -+ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) -+ goto err; -+ -+ memset(out, 0, sizeof(out)); -+ -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, -+ sizeof(gcm_iv), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) -+ goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) -+ goto err; -+ if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) -+ goto err; -+ -+ if (memcmp(out, gcm_pt, 16)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ -+ if (ret == 0) -+ { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ else -+ return ret; -+ -+ } -+ -+ -+static const unsigned char XTS_128_key[] = { -+ 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38, -+ 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18, -+ 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f -+}; -+static const unsigned char XTS_128_i[] = { -+ 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01, -+ 0x3e,0x76,0x8a,0xd5 -+}; -+static const unsigned char XTS_128_pt[] = { -+ 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39, -+ 0x07,0x90,0x31,0x1c -+}; -+static const unsigned char XTS_128_ct[] = { -+ 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5, -+ 0xbe,0x47,0x1c,0x63 -+}; -+ -+static const unsigned char XTS_256_key[] = { -+ 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f, -+ 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7, -+ 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd, -+ 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3, -+ 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39, -+ 0x2c,0xf4,0x1b,0x08 -+}; -+static const unsigned char XTS_256_i[] = { -+ 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84, -+ 0xa9,0xf8,0x75,0x64 -+}; -+static const unsigned char XTS_256_pt[] = { -+ 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8, -+ 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3, -+ 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e -+}; -+static const unsigned char XTS_256_ct[] = { -+ 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34, -+ 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a, -+ 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb -+}; -+ -+int FIPS_selftest_aes_xts() -+ { -+ int ret = 1; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ -+ if (fips_cipher_test(&ctx, EVP_aes_128_xts(), -+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct, -+ sizeof(XTS_128_pt)) <= 0) -+ ret = 0; -+ -+ if (fips_cipher_test(&ctx, EVP_aes_256_xts(), -+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct, -+ sizeof(XTS_256_pt)) <= 0) -+ ret = 0; -+ -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ if (ret == 0) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED); -+ return ret; -+ } -+ -+#endif -Index: openssl-1.0.1e/crypto/fips/fips.c -=================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,489 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9126,10 +9308,658 @@ Index: openssl-1.0.1e/crypto/fips/fips.c + + +#endif -Index: openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips.h =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips.h 2014-01-09 23:16:46.000000000 +0000 +@@ -0,0 +1,279 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++#error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++struct dsa_st; ++struct rsa_st; ++struct evp_pkey_st; ++struct env_md_st; ++struct env_md_ctx_st; ++struct evp_cipher_st; ++struct evp_cipher_ctx_st; ++struct dh_method; ++struct CMAC_CTX_st; ++struct hmac_ctx_st; ++ ++int FIPS_module_mode_set(int onoff, const char *auth); ++int FIPS_module_mode(void); ++const void *FIPS_rand_check(void); ++int FIPS_selftest(void); ++int FIPS_selftest_failed(void); ++void FIPS_corrupt_sha1(void); ++int FIPS_selftest_sha1(void); ++int FIPS_selftest_sha2(void); ++void FIPS_corrupt_aes(void); ++int FIPS_selftest_aes_ccm(void); ++int FIPS_selftest_aes_gcm(void); ++int FIPS_selftest_aes_xts(void); ++int FIPS_selftest_aes(void); ++void FIPS_corrupt_des(void); ++int FIPS_selftest_des(void); ++void FIPS_corrupt_rsa(void); ++void FIPS_corrupt_rsa_keygen(void); ++int FIPS_selftest_rsa(void); ++void FIPS_corrupt_dsa(void); ++void FIPS_corrupt_dsa_keygen(void); ++int FIPS_selftest_dsa(void); ++void FIPS_corrupt_rng(void); ++void FIPS_rng_stick(void); ++void FIPS_x931_stick(int onoff); ++void FIPS_drbg_stick(int onoff); ++int FIPS_selftest_rng(void); ++int FIPS_selftest_x931(void); ++int FIPS_selftest_hmac(void); ++int FIPS_selftest_drbg(void); ++int FIPS_selftest_drbg_all(void); ++int FIPS_selftest_cmac(void); ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); ++ ++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ ++ alg " previous FIPS forbidden algorithm error ignored"); ++ ++int fips_pkey_signature_test(struct evp_pkey_st *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, unsigned int katlen, ++ const struct env_md_st *digest, unsigned int md_flags, ++ const char *fail_str); ++ ++int fips_cipher_test(struct evp_cipher_ctx_st *ctx, ++ const struct evp_cipher_st *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, ++ int len); ++ ++void fips_set_selftest_fail(void); ++ ++const struct env_md_st *FIPS_get_digestbynid(int nid); ++ ++const struct evp_cipher_st *FIPS_get_cipherbynid(int nid); ++ ++ ++/* BEGIN ERROR CODES */ ++/* The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_FIPS_strings(void); ++ ++/* Error codes for the FIPS functions. */ ++ ++/* Function codes. */ ++#define FIPS_F_DH_BUILTIN_GENPARAMS 100 ++#define FIPS_F_DH_INIT 148 ++#define FIPS_F_DRBG_RESEED 162 ++#define FIPS_F_DSA_BUILTIN_PARAMGEN 101 ++#define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 ++#define FIPS_F_DSA_DO_SIGN 102 ++#define FIPS_F_DSA_DO_VERIFY 103 ++#define FIPS_F_ECDH_COMPUTE_KEY 163 ++#define FIPS_F_ECDSA_DO_SIGN 164 ++#define FIPS_F_ECDSA_DO_VERIFY 165 ++#define FIPS_F_EC_KEY_GENERATE_KEY 166 ++#define FIPS_F_EVP_CIPHERINIT_EX 124 ++#define FIPS_F_EVP_DIGESTINIT_EX 125 ++#define FIPS_F_FIPS_CHECK_DSA 104 ++#define FIPS_F_FIPS_CHECK_DSA_PRNG 151 ++#define FIPS_F_FIPS_CHECK_EC 142 ++#define FIPS_F_FIPS_CHECK_EC_PRNG 152 ++#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 ++#define FIPS_F_FIPS_CHECK_RSA 106 ++#define FIPS_F_FIPS_CHECK_RSA_PRNG 150 ++#define FIPS_F_FIPS_CIPHER 160 ++#define FIPS_F_FIPS_CIPHERINIT 143 ++#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161 ++#define FIPS_F_FIPS_DIGESTFINAL 158 ++#define FIPS_F_FIPS_DIGESTINIT 128 ++#define FIPS_F_FIPS_DIGESTUPDATE 159 ++#define FIPS_F_FIPS_DRBG_BYTES 131 ++#define FIPS_F_FIPS_DRBG_CHECK 146 ++#define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 ++#define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 ++#define FIPS_F_FIPS_DRBG_GENERATE 134 ++#define FIPS_F_FIPS_DRBG_INIT 135 ++#define FIPS_F_FIPS_DRBG_INSTANTIATE 138 ++#define FIPS_F_FIPS_DRBG_NEW 139 ++#define FIPS_F_FIPS_DRBG_RESEED 140 ++#define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 ++#define FIPS_F_FIPS_DSA_CHECK /* unused */ 107 ++#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154 ++#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155 ++#define FIPS_F_FIPS_GET_ENTROPY 147 ++#define FIPS_F_FIPS_MODE_SET /* unused */ 108 ++#define FIPS_F_FIPS_MODULE_MODE_SET 108 ++#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 ++#define FIPS_F_FIPS_RAND_ADD 137 ++#define FIPS_F_FIPS_RAND_BYTES 122 ++#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167 ++#define FIPS_F_FIPS_RAND_SEED 168 ++#define FIPS_F_FIPS_RAND_SET_METHOD 126 ++#define FIPS_F_FIPS_RAND_STATUS 127 ++#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156 ++#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157 ++#define FIPS_F_FIPS_SELFTEST_AES 110 ++#define FIPS_F_FIPS_SELFTEST_AES_CCM 145 ++#define FIPS_F_FIPS_SELFTEST_AES_GCM 129 ++#define FIPS_F_FIPS_SELFTEST_AES_XTS 144 ++#define FIPS_F_FIPS_SELFTEST_CMAC 130 ++#define FIPS_F_FIPS_SELFTEST_DES 111 ++#define FIPS_F_FIPS_SELFTEST_DSA 112 ++#define FIPS_F_FIPS_SELFTEST_ECDSA 133 ++#define FIPS_F_FIPS_SELFTEST_HMAC 113 ++#define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114 ++#define FIPS_F_FIPS_SELFTEST_SHA1 115 ++#define FIPS_F_FIPS_SELFTEST_X931 114 ++#define FIPS_F_FIPS_SET_PRNG_KEY 153 ++#define FIPS_F_HASH_FINAL 123 ++#define FIPS_F_RSA_BUILTIN_KEYGEN 116 ++#define FIPS_F_RSA_EAY_INIT 149 ++#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117 ++#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118 ++#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119 ++#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120 ++#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121 ++#define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122 ++ ++/* Reason codes. */ ++#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 ++#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 ++#define FIPS_R_ALREADY_INSTANTIATED 134 ++#define FIPS_R_AUTHENTICATION_FAILURE 151 ++#define FIPS_R_CANNOT_READ_EXE /* unused */ 103 ++#define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104 ++#define FIPS_R_CONTRADICTING_EVIDENCE 114 ++#define FIPS_R_DRBG_NOT_INITIALISED 152 ++#define FIPS_R_DRBG_STUCK 103 ++#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 ++#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 ++#define FIPS_R_ENTROPY_SOURCE_STUCK 142 ++#define FIPS_R_ERROR_INITIALISING_DRBG 115 ++#define FIPS_R_ERROR_INSTANTIATING_DRBG 127 ++#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 ++#define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 ++#define FIPS_R_ERROR_RETRIEVING_NONCE 140 ++#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105 ++#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 ++#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111 ++#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 ++#define FIPS_R_FIPS_MODE_ALREADY_SET 102 ++#define FIPS_R_FIPS_SELFTEST_FAILED 106 ++#define FIPS_R_FUNCTION_ERROR 116 ++#define FIPS_R_GENERATE_ERROR 137 ++#define FIPS_R_GENERATE_ERROR_UNDETECTED 118 ++#define FIPS_R_INSTANTIATE_ERROR 119 ++#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120 ++#define FIPS_R_INTERNAL_ERROR 121 ++#define FIPS_R_INVALID_KEY_LENGTH 109 ++#define FIPS_R_INVALID_PARAMETERS 144 ++#define FIPS_R_IN_ERROR_STATE 123 ++#define FIPS_R_KEY_TOO_SHORT 108 ++#define FIPS_R_NONCE_ERROR_UNDETECTED 149 ++#define FIPS_R_NON_FIPS_METHOD 100 ++#define FIPS_R_NOPR_TEST1_FAILURE 145 ++#define FIPS_R_NOPR_TEST2_FAILURE 146 ++#define FIPS_R_NOT_INSTANTIATED 126 ++#define FIPS_R_PAIRWISE_TEST_FAILED 107 ++#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 ++#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 ++#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143 ++#define FIPS_R_PR_TEST1_FAILURE 147 ++#define FIPS_R_PR_TEST2_FAILURE 148 ++#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 ++#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 ++#define FIPS_R_RESEED_COUNTER_ERROR 132 ++#define FIPS_R_RESEED_ERROR 133 ++#define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115 ++#define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116 ++#define FIPS_R_SELFTEST_FAILED 101 ++#define FIPS_R_SELFTEST_FAILURE 135 ++#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136 ++#define FIPS_R_TEST_FAILURE 117 ++#define FIPS_R_UNINSTANTIATE_ERROR 141 ++#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 ++#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 ++#define FIPS_R_UNSUPPORTED_PLATFORM 113 ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +Index: openssl-1.0.1f/crypto/fips/fips_aes_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_aes_selftest.c 2014-01-09 23:16:46.000000000 +0000 +@@ -0,0 +1,359 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#ifdef OPENSSL_FIPS ++#include ++#endif ++#include ++ ++#ifdef OPENSSL_FIPS ++static const struct ++ { ++ const unsigned char key[16]; ++ const unsigned char plaintext[16]; ++ const unsigned char ciphertext[16]; ++ } tests[]= ++ { ++ { ++ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, ++ 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }, ++ { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, ++ 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF }, ++ { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30, ++ 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A }, ++ }, ++ }; ++ ++static int corrupt_aes; ++ ++void FIPS_corrupt_aes() ++ { ++ corrupt_aes = 1; ++ } ++ ++int FIPS_selftest_aes() ++ { ++ int n; ++ int ret = 0; ++ EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); ++ ++ for(n=0 ; n < 1 ; ++n) ++ { ++ unsigned char key[16]; ++ ++ memcpy(key, tests[n].key, sizeof(key)); ++ if (corrupt_aes) ++ key[0]++; ++ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(), ++ key, NULL, ++ tests[n].plaintext, ++ tests[n].ciphertext, ++ 16) <= 0) ++ goto err; ++ } ++ ret = 1; ++ err: ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ if (ret == 0) ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED); ++ return ret; ++ } ++ ++/* AES-CCM test data from NIST public test vectors */ ++ ++static const unsigned char ccm_key[] = { ++ 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6, ++ 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8 ++}; ++static const unsigned char ccm_nonce[] = { ++ 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7 ++}; ++static const unsigned char ccm_adata[] = { ++ 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7, ++ 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5, ++ 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4 ++}; ++static const unsigned char ccm_pt[] = { ++ 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f, ++ 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10 ++}; ++static const unsigned char ccm_ct[] = { ++ 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2, ++ 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd ++}; ++static const unsigned char ccm_tag[] = { ++ 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44, ++ 0x14,0xdb,0x50,0x6d ++}; ++ ++int FIPS_selftest_aes_ccm(void) ++ { ++ int ret = 0; ++ unsigned char out[128], tag[16]; ++ EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); ++ memset(out, 0, sizeof(out)); ++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(),NULL, NULL, NULL, 1)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, ++ sizeof(ccm_nonce), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, ++ sizeof(ccm_tag), NULL)) ++ goto err; ++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) ++ goto err; ++ if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) ++ goto err; ++ ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) ++ goto err; ++ if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) ++ || memcmp(out, ccm_ct, sizeof(ccm_ct))) ++ goto err; ++ ++ memset(out, 0, sizeof(out)); ++ ++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, ++ sizeof(ccm_nonce), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) ++ goto err; ++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) ++ goto err; ++ if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) ++ goto err; ++ ++ if (memcmp(out, ccm_pt, sizeof(ccm_pt))) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ ++ if (ret == 0) ++ { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ else ++ return ret; ++ ++ } ++ ++/* AES-GCM test data from NIST public test vectors */ ++ ++static const unsigned char gcm_key[] = { ++ 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66, ++ 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69, ++ 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f ++}; ++static const unsigned char gcm_iv[] = { ++ 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84 ++}; ++static const unsigned char gcm_pt[] = { ++ 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea, ++ 0xcc,0x2b,0xf2,0xa5 ++}; ++static const unsigned char gcm_aad[] = { ++ 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43, ++ 0x7f,0xec,0x78,0xde ++}; ++static const unsigned char gcm_ct[] = { ++ 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e, ++ 0xb9,0xf2,0x17,0x36 ++}; ++static const unsigned char gcm_tag[] = { ++ 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62, ++ 0x98,0xf7,0x7e,0x0c ++}; ++ ++int FIPS_selftest_aes_gcm(void) ++ { ++ int ret = 0; ++ unsigned char out[128], tag[16]; ++ EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); ++ memset(out, 0, sizeof(out)); ++ memset(tag, 0, sizeof(tag)); ++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ++ sizeof(gcm_iv), NULL)) ++ goto err; ++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) ++ goto err; ++ if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) ++ goto err; ++ ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) ++ goto err; ++ ++ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) ++ goto err; ++ ++ memset(out, 0, sizeof(out)); ++ ++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ++ sizeof(gcm_iv), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) ++ goto err; ++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) ++ goto err; ++ if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) ++ goto err; ++ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) ++ goto err; ++ ++ if (memcmp(out, gcm_pt, 16)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ ++ if (ret == 0) ++ { ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED); ++ return 0; ++ } ++ else ++ return ret; ++ ++ } ++ ++ ++static const unsigned char XTS_128_key[] = { ++ 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38, ++ 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18, ++ 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f ++}; ++static const unsigned char XTS_128_i[] = { ++ 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01, ++ 0x3e,0x76,0x8a,0xd5 ++}; ++static const unsigned char XTS_128_pt[] = { ++ 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39, ++ 0x07,0x90,0x31,0x1c ++}; ++static const unsigned char XTS_128_ct[] = { ++ 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5, ++ 0xbe,0x47,0x1c,0x63 ++}; ++ ++static const unsigned char XTS_256_key[] = { ++ 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f, ++ 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7, ++ 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd, ++ 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3, ++ 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39, ++ 0x2c,0xf4,0x1b,0x08 ++}; ++static const unsigned char XTS_256_i[] = { ++ 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84, ++ 0xa9,0xf8,0x75,0x64 ++}; ++static const unsigned char XTS_256_pt[] = { ++ 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8, ++ 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3, ++ 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e ++}; ++static const unsigned char XTS_256_ct[] = { ++ 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34, ++ 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a, ++ 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb ++}; ++ ++int FIPS_selftest_aes_xts() ++ { ++ int ret = 1; ++ EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); ++ ++ if (fips_cipher_test(&ctx, EVP_aes_128_xts(), ++ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct, ++ sizeof(XTS_128_pt)) <= 0) ++ ret = 0; ++ ++ if (fips_cipher_test(&ctx, EVP_aes_256_xts(), ++ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct, ++ sizeof(XTS_256_pt)) <= 0) ++ ret = 0; ++ ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ if (ret == 0) ++ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED); ++ return ret; ++ } ++ ++#endif +Index: openssl-1.0.1f/crypto/fips/fips_cmac_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_cmac_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,161 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9292,10 +10122,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c + return rv; + } +#endif -Index: openssl-1.0.1e/crypto/fips/fips_des_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips_des_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_des_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,147 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9444,10 +10274,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_des_selftest.c + return ret; + } +#endif -Index: openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c +Index: openssl-1.0.1f/crypto/fips/fips_drbg_ctr.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_ctr.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9885,10 +10715,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c + + return 1; + } -Index: openssl-1.0.1e/crypto/fips/fips_drbg_hash.c +Index: openssl-1.0.1f/crypto/fips/fips_drbg_hash.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_hash.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,378 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10268,10 +11098,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_hash.c + + return 1; + } -Index: openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c +Index: openssl-1.0.1f/crypto/fips/fips_drbg_hmac.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_hmac.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,281 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10554,10 +11384,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c + + return 1; + } -Index: openssl-1.0.1e/crypto/fips/fips_drbg_lib.c +Index: openssl-1.0.1f/crypto/fips/fips_drbg_lib.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_lib.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,578 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -11137,10 +11967,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; + } -Index: openssl-1.0.1e/crypto/fips/fips_drbg_rand.c +Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_rand.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,172 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11314,10 +12144,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_rand.c + return &rand_drbg_meth; + } + -Index: openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips_drbg_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,862 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12181,10 +13011,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c + return rv; + } + -Index: openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h +Index: openssl-1.0.1f/crypto/fips/fips_drbg_selftest.h =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_drbg_selftest.h 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,2335 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14521,10 +15351,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h + 0xc2,0xd6,0xfd,0xa5 + }; + -Index: openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips_dsa_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_dsa_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,193 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -14719,10 +15549,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c + return ret; + } +#endif -Index: openssl-1.0.1e/crypto/fips/fips_enc.c +Index: openssl-1.0.1f/crypto/fips/fips_enc.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_enc.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_enc.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,191 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -14915,294 +15745,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_enc.c + } + } + -Index: openssl-1.0.1e/crypto/fips/fips.h +Index: openssl-1.0.1f/crypto/fips/fips_hmac_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips.h -@@ -0,0 +1,279 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+#error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+struct dsa_st; -+struct rsa_st; -+struct evp_pkey_st; -+struct env_md_st; -+struct env_md_ctx_st; -+struct evp_cipher_st; -+struct evp_cipher_ctx_st; -+struct dh_method; -+struct CMAC_CTX_st; -+struct hmac_ctx_st; -+ -+int FIPS_module_mode_set(int onoff, const char *auth); -+int FIPS_module_mode(void); -+const void *FIPS_rand_check(void); -+int FIPS_selftest(void); -+int FIPS_selftest_failed(void); -+void FIPS_corrupt_sha1(void); -+int FIPS_selftest_sha1(void); -+int FIPS_selftest_sha2(void); -+void FIPS_corrupt_aes(void); -+int FIPS_selftest_aes_ccm(void); -+int FIPS_selftest_aes_gcm(void); -+int FIPS_selftest_aes_xts(void); -+int FIPS_selftest_aes(void); -+void FIPS_corrupt_des(void); -+int FIPS_selftest_des(void); -+void FIPS_corrupt_rsa(void); -+void FIPS_corrupt_rsa_keygen(void); -+int FIPS_selftest_rsa(void); -+void FIPS_corrupt_dsa(void); -+void FIPS_corrupt_dsa_keygen(void); -+int FIPS_selftest_dsa(void); -+void FIPS_corrupt_rng(void); -+void FIPS_rng_stick(void); -+void FIPS_x931_stick(int onoff); -+void FIPS_drbg_stick(int onoff); -+int FIPS_selftest_rng(void); -+int FIPS_selftest_x931(void); -+int FIPS_selftest_hmac(void); -+int FIPS_selftest_drbg(void); -+int FIPS_selftest_drbg_all(void); -+int FIPS_selftest_cmac(void); -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); -+ -+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ -+ alg " previous FIPS forbidden algorithm error ignored"); -+ -+int fips_pkey_signature_test(struct evp_pkey_st *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, unsigned int katlen, -+ const struct env_md_st *digest, unsigned int md_flags, -+ const char *fail_str); -+ -+int fips_cipher_test(struct evp_cipher_ctx_st *ctx, -+ const struct evp_cipher_st *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, -+ int len); -+ -+void fips_set_selftest_fail(void); -+ -+const struct env_md_st *FIPS_get_digestbynid(int nid); -+ -+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid); -+ -+ -+/* BEGIN ERROR CODES */ -+/* The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+void ERR_load_FIPS_strings(void); -+ -+/* Error codes for the FIPS functions. */ -+ -+/* Function codes. */ -+#define FIPS_F_DH_BUILTIN_GENPARAMS 100 -+#define FIPS_F_DH_INIT 148 -+#define FIPS_F_DRBG_RESEED 162 -+#define FIPS_F_DSA_BUILTIN_PARAMGEN 101 -+#define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 -+#define FIPS_F_DSA_DO_SIGN 102 -+#define FIPS_F_DSA_DO_VERIFY 103 -+#define FIPS_F_ECDH_COMPUTE_KEY 163 -+#define FIPS_F_ECDSA_DO_SIGN 164 -+#define FIPS_F_ECDSA_DO_VERIFY 165 -+#define FIPS_F_EC_KEY_GENERATE_KEY 166 -+#define FIPS_F_EVP_CIPHERINIT_EX 124 -+#define FIPS_F_EVP_DIGESTINIT_EX 125 -+#define FIPS_F_FIPS_CHECK_DSA 104 -+#define FIPS_F_FIPS_CHECK_DSA_PRNG 151 -+#define FIPS_F_FIPS_CHECK_EC 142 -+#define FIPS_F_FIPS_CHECK_EC_PRNG 152 -+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 -+#define FIPS_F_FIPS_CHECK_RSA 106 -+#define FIPS_F_FIPS_CHECK_RSA_PRNG 150 -+#define FIPS_F_FIPS_CIPHER 160 -+#define FIPS_F_FIPS_CIPHERINIT 143 -+#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161 -+#define FIPS_F_FIPS_DIGESTFINAL 158 -+#define FIPS_F_FIPS_DIGESTINIT 128 -+#define FIPS_F_FIPS_DIGESTUPDATE 159 -+#define FIPS_F_FIPS_DRBG_BYTES 131 -+#define FIPS_F_FIPS_DRBG_CHECK 146 -+#define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 -+#define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 -+#define FIPS_F_FIPS_DRBG_GENERATE 134 -+#define FIPS_F_FIPS_DRBG_INIT 135 -+#define FIPS_F_FIPS_DRBG_INSTANTIATE 138 -+#define FIPS_F_FIPS_DRBG_NEW 139 -+#define FIPS_F_FIPS_DRBG_RESEED 140 -+#define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 -+#define FIPS_F_FIPS_DSA_CHECK /* unused */ 107 -+#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154 -+#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155 -+#define FIPS_F_FIPS_GET_ENTROPY 147 -+#define FIPS_F_FIPS_MODE_SET /* unused */ 108 -+#define FIPS_F_FIPS_MODULE_MODE_SET 108 -+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 -+#define FIPS_F_FIPS_RAND_ADD 137 -+#define FIPS_F_FIPS_RAND_BYTES 122 -+#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167 -+#define FIPS_F_FIPS_RAND_SEED 168 -+#define FIPS_F_FIPS_RAND_SET_METHOD 126 -+#define FIPS_F_FIPS_RAND_STATUS 127 -+#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156 -+#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157 -+#define FIPS_F_FIPS_SELFTEST_AES 110 -+#define FIPS_F_FIPS_SELFTEST_AES_CCM 145 -+#define FIPS_F_FIPS_SELFTEST_AES_GCM 129 -+#define FIPS_F_FIPS_SELFTEST_AES_XTS 144 -+#define FIPS_F_FIPS_SELFTEST_CMAC 130 -+#define FIPS_F_FIPS_SELFTEST_DES 111 -+#define FIPS_F_FIPS_SELFTEST_DSA 112 -+#define FIPS_F_FIPS_SELFTEST_ECDSA 133 -+#define FIPS_F_FIPS_SELFTEST_HMAC 113 -+#define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114 -+#define FIPS_F_FIPS_SELFTEST_SHA1 115 -+#define FIPS_F_FIPS_SELFTEST_X931 114 -+#define FIPS_F_FIPS_SET_PRNG_KEY 153 -+#define FIPS_F_HASH_FINAL 123 -+#define FIPS_F_RSA_BUILTIN_KEYGEN 116 -+#define FIPS_F_RSA_EAY_INIT 149 -+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117 -+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118 -+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119 -+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120 -+#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121 -+#define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122 -+ -+/* Reason codes. */ -+#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 -+#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 -+#define FIPS_R_ALREADY_INSTANTIATED 134 -+#define FIPS_R_AUTHENTICATION_FAILURE 151 -+#define FIPS_R_CANNOT_READ_EXE /* unused */ 103 -+#define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104 -+#define FIPS_R_CONTRADICTING_EVIDENCE 114 -+#define FIPS_R_DRBG_NOT_INITIALISED 152 -+#define FIPS_R_DRBG_STUCK 103 -+#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 -+#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 -+#define FIPS_R_ENTROPY_SOURCE_STUCK 142 -+#define FIPS_R_ERROR_INITIALISING_DRBG 115 -+#define FIPS_R_ERROR_INSTANTIATING_DRBG 127 -+#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 -+#define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 -+#define FIPS_R_ERROR_RETRIEVING_NONCE 140 -+#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105 -+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 -+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111 -+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 -+#define FIPS_R_FIPS_MODE_ALREADY_SET 102 -+#define FIPS_R_FIPS_SELFTEST_FAILED 106 -+#define FIPS_R_FUNCTION_ERROR 116 -+#define FIPS_R_GENERATE_ERROR 137 -+#define FIPS_R_GENERATE_ERROR_UNDETECTED 118 -+#define FIPS_R_INSTANTIATE_ERROR 119 -+#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120 -+#define FIPS_R_INTERNAL_ERROR 121 -+#define FIPS_R_INVALID_KEY_LENGTH 109 -+#define FIPS_R_INVALID_PARAMETERS 144 -+#define FIPS_R_IN_ERROR_STATE 123 -+#define FIPS_R_KEY_TOO_SHORT 108 -+#define FIPS_R_NONCE_ERROR_UNDETECTED 149 -+#define FIPS_R_NON_FIPS_METHOD 100 -+#define FIPS_R_NOPR_TEST1_FAILURE 145 -+#define FIPS_R_NOPR_TEST2_FAILURE 146 -+#define FIPS_R_NOT_INSTANTIATED 126 -+#define FIPS_R_PAIRWISE_TEST_FAILED 107 -+#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 -+#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 -+#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143 -+#define FIPS_R_PR_TEST1_FAILURE 147 -+#define FIPS_R_PR_TEST2_FAILURE 148 -+#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 -+#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 -+#define FIPS_R_RESEED_COUNTER_ERROR 132 -+#define FIPS_R_RESEED_ERROR 133 -+#define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115 -+#define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116 -+#define FIPS_R_SELFTEST_FAILED 101 -+#define FIPS_R_SELFTEST_FAILURE 135 -+#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136 -+#define FIPS_R_TEST_FAILURE 117 -+#define FIPS_R_UNINSTANTIATE_ERROR 141 -+#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 -+#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 -+#define FIPS_R_UNSUPPORTED_PLATFORM 113 -+ -+#ifdef __cplusplus -+} -+#endif -+#endif -Index: openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c -=================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_hmac_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -15341,10 +15887,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c + return 1; + } +#endif -Index: openssl-1.0.1e/crypto/fips/fips_locl.h +Index: openssl-1.0.1f/crypto/fips/fips_locl.h =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_locl.h +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_locl.h 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15417,10 +15963,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_locl.h +} +#endif +#endif -Index: openssl-1.0.1e/crypto/fips/fips_md.c +Index: openssl-1.0.1f/crypto/fips/fips_md.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_md.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_md.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,145 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15567,10 +16113,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_md.c + return NULL; + } + } -Index: openssl-1.0.1e/crypto/fips/fips_post.c +Index: openssl-1.0.1f/crypto/fips/fips_post.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_post.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_post.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,205 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15777,10 +16323,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_post.c + return 1; + } +#endif -Index: openssl-1.0.1e/crypto/fips/fips_rand.c +Index: openssl-1.0.1f/crypto/fips/fips_rand.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rand.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rand.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,457 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -16239,10 +16785,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.1e/crypto/fips/fips_rand.h +Index: openssl-1.0.1f/crypto/fips/fips_rand.h =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rand.h +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rand.h 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16389,10 +16935,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rand.h +#endif +#endif +#endif -Index: openssl-1.0.1e/crypto/fips/fips_rand_lcl.h +Index: openssl-1.0.1f/crypto/fips/fips_rand_lcl.h =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rand_lcl.h 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,219 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -16613,10 +17159,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.1e/crypto/fips/fips_rand_lib.c +Index: openssl-1.0.1f/crypto/fips/fips_rand_lib.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rand_lib.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,191 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -16809,10 +17355,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rand_lib.c + } + return 0; + } -Index: openssl-1.0.1e/crypto/fips/fips_rand_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips_rand_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rand_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,183 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16997,10 +17543,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rand_selftest.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/fips_randtest.c +Index: openssl-1.0.1f/crypto/fips/fips_randtest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_randtest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_randtest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,250 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -17252,10 +17798,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_randtest.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -17701,10 +18247,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c + } + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c +Index: openssl-1.0.1f/crypto/fips/fips_rsa_x931g.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_rsa_x931g.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,282 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -17988,10 +18534,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c + return 0; + + } -Index: openssl-1.0.1e/crypto/fips/fips_sha_selftest.c +Index: openssl-1.0.1f/crypto/fips/fips_sha_selftest.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_sha_selftest.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,140 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18133,10 +18679,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_sha_selftest.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c +Index: openssl-1.0.1f/crypto/fips/fips_standalone_hmac.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_standalone_hmac.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18318,10 +18864,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c + } + + -Index: openssl-1.0.1e/crypto/fips/fips_test_suite.c +Index: openssl-1.0.1f/crypto/fips/fips_test_suite.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/fips_test_suite.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.1f/crypto/fips/fips_test_suite.c 2014-01-09 23:16:46.000000000 +0000 @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18911,355 +19457,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_test_suite.c + } + +#endif -Index: openssl-1.0.1e/crypto/fips/Makefile +Index: openssl-1.0.1f/crypto/hmac/hmac.c =================================================================== ---- /dev/null -+++ openssl-1.0.1e/crypto/fips/Makefile -@@ -0,0 +1,340 @@ -+# -+# OpenSSL/crypto/fips/Makefile -+# -+ -+DIR= fips -+TOP= ../.. -+CC= cc -+INCLUDES= -+CFLAG=-g -+MAKEFILE= Makefile -+AR= ar r -+ -+CFLAGS= $(INCLUDES) $(CFLAG) -+ -+GENERAL=Makefile -+TEST=fips_test_suite.c fips_randtest.c -+APPS= -+ -+PROGRAM= fips_standalone_hmac -+EXE= $(PROGRAM)$(EXE_EXT) -+ -+LIB=$(TOP)/libcrypto.a -+LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \ -+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ -+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ -+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ -+ fips_cmac_selftest.c fips_enc.c fips_md.c -+ -+LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ -+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ -+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ -+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ -+ fips_cmac_selftest.o fips_enc.o fips_md.o -+ -+LIBCRYPTO=-L.. -lcrypto -+ -+SRC= $(LIBSRC) fips_standalone_hmac.c -+ -+EXHEADER= fips.h fips_rand.h -+HEADER= $(EXHEADER) -+ -+ALL= $(GENERAL) $(SRC) $(HEADER) -+ -+top: -+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -+ -+all: lib exe -+ -+lib: $(LIBOBJ) -+ $(AR) $(LIB) $(LIBOBJ) -+ $(RANLIB) $(LIB) || echo Never mind. -+ @touch lib -+ -+exe: $(EXE) -+ -+files: -+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -+ -+links: -+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) -+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) -+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) -+ -+install: -+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ -+ do \ -+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ -+ done; -+ -+tags: -+ ctags $(SRC) -+ -+tests: -+ -+lint: -+ lint -DLINT $(INCLUDES) $(SRC)>fluff -+ -+depend: -+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... -+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) -+ -+dclean: -+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new -+ mv -f Makefile.new $(MAKEFILE) -+ -+clean: -+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff -+ -+$(EXE): $(PROGRAM).o -+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \ -+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM -+ -+# DO NOT DELETE THIS LINE -- make depend depends on it. -+ -+fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h -+fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -+fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -+fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -+fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -+fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h -+fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_aes_selftest.o: ../../include/openssl/crypto.h -+fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_aes_selftest.o: ../../include/openssl/lhash.h -+fips_aes_selftest.o: ../../include/openssl/obj_mac.h -+fips_aes_selftest.o: ../../include/openssl/objects.h -+fips_aes_selftest.o: ../../include/openssl/opensslconf.h -+fips_aes_selftest.o: ../../include/openssl/opensslv.h -+fips_aes_selftest.o: ../../include/openssl/ossl_typ.h -+fips_aes_selftest.o: ../../include/openssl/safestack.h -+fips_aes_selftest.o: ../../include/openssl/stack.h -+fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c -+fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_des_selftest.o: ../../include/openssl/crypto.h -+fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_des_selftest.o: ../../include/openssl/lhash.h -+fips_des_selftest.o: ../../include/openssl/obj_mac.h -+fips_des_selftest.o: ../../include/openssl/objects.h -+fips_des_selftest.o: ../../include/openssl/opensslconf.h -+fips_des_selftest.o: ../../include/openssl/opensslv.h -+fips_des_selftest.o: ../../include/openssl/ossl_typ.h -+fips_des_selftest.o: ../../include/openssl/safestack.h -+fips_des_selftest.o: ../../include/openssl/stack.h -+fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c -+fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -+fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -+fips_drbg_ctr.o: ../../include/openssl/objects.h -+fips_drbg_ctr.o: ../../include/openssl/opensslconf.h -+fips_drbg_ctr.o: ../../include/openssl/opensslv.h -+fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_ctr.o: ../../include/openssl/safestack.h -+fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h -+fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -+fips_drbg_hash.o: ../../include/openssl/fips.h -+fips_drbg_hash.o: ../../include/openssl/fips_rand.h -+fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -+fips_drbg_hash.o: ../../include/openssl/objects.h -+fips_drbg_hash.o: ../../include/openssl/opensslconf.h -+fips_drbg_hash.o: ../../include/openssl/opensslv.h -+fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_hash.o: ../../include/openssl/safestack.h -+fips_drbg_hash.o: ../../include/openssl/stack.h -+fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c -+fips_drbg_hash.o: fips_rand_lcl.h -+fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -+fips_drbg_hmac.o: ../../include/openssl/fips.h -+fips_drbg_hmac.o: ../../include/openssl/fips_rand.h -+fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -+fips_drbg_hmac.o: ../../include/openssl/objects.h -+fips_drbg_hmac.o: ../../include/openssl/opensslconf.h -+fips_drbg_hmac.o: ../../include/openssl/opensslv.h -+fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_hmac.o: ../../include/openssl/safestack.h -+fips_drbg_hmac.o: ../../include/openssl/stack.h -+fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c -+fips_drbg_hmac.o: fips_rand_lcl.h -+fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h -+fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -+fips_drbg_lib.o: ../../include/openssl/objects.h -+fips_drbg_lib.o: ../../include/openssl/opensslconf.h -+fips_drbg_lib.o: ../../include/openssl/opensslv.h -+fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_lib.o: ../../include/openssl/safestack.h -+fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h -+fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_drbg_rand.o: ../../include/openssl/fips_rand.h -+fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_drbg_rand.o: ../../include/openssl/obj_mac.h -+fips_drbg_rand.o: ../../include/openssl/objects.h -+fips_drbg_rand.o: ../../include/openssl/opensslconf.h -+fips_drbg_rand.o: ../../include/openssl/opensslv.h -+fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_rand.o: ../../include/openssl/safestack.h -+fips_drbg_rand.o: ../../include/openssl/stack.h -+fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c -+fips_drbg_rand.o: fips_rand_lcl.h -+fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_selftest.o: ../../include/openssl/bio.h -+fips_drbg_selftest.o: ../../include/openssl/crypto.h -+fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_drbg_selftest.o: ../../include/openssl/fips_rand.h -+fips_drbg_selftest.o: ../../include/openssl/hmac.h -+fips_drbg_selftest.o: ../../include/openssl/lhash.h -+fips_drbg_selftest.o: ../../include/openssl/obj_mac.h -+fips_drbg_selftest.o: ../../include/openssl/objects.h -+fips_drbg_selftest.o: ../../include/openssl/opensslconf.h -+fips_drbg_selftest.o: ../../include/openssl/opensslv.h -+fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h -+fips_drbg_selftest.o: ../../include/openssl/rand.h -+fips_drbg_selftest.o: ../../include/openssl/safestack.h -+fips_drbg_selftest.o: ../../include/openssl/stack.h -+fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c -+fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h -+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h -+fips_dsa_selftest.o: ../../include/openssl/objects.h -+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h -+fips_dsa_selftest.o: ../../include/openssl/opensslv.h -+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h -+fips_dsa_selftest.o: ../../include/openssl/safestack.h -+fips_dsa_selftest.o: ../../include/openssl/stack.h -+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c -+fips_dsa_selftest.o: fips_locl.h -+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_hmac_selftest.o: ../../include/openssl/crypto.h -+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_hmac_selftest.o: ../../include/openssl/hmac.h -+fips_hmac_selftest.o: ../../include/openssl/lhash.h -+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h -+fips_hmac_selftest.o: ../../include/openssl/objects.h -+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h -+fips_hmac_selftest.o: ../../include/openssl/opensslv.h -+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h -+fips_hmac_selftest.o: ../../include/openssl/safestack.h -+fips_hmac_selftest.o: ../../include/openssl/stack.h -+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c -+fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -+fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -+fips_post.o: ../../include/openssl/opensslconf.h -+fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -+fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -+fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c -+fips_rand.o: ../../e_os.h ../../include/openssl/aes.h -+fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -+fips_rand.o: ../../include/openssl/opensslconf.h -+fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -+fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_rand.o: fips_locl.h fips_rand.c -+fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h -+fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_rand_lib.o: ../../include/openssl/obj_mac.h -+fips_rand_lib.o: ../../include/openssl/objects.h -+fips_rand_lib.o: ../../include/openssl/opensslconf.h -+fips_rand_lib.o: ../../include/openssl/opensslv.h -+fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_rand_lib.o: ../../include/openssl/safestack.h -+fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_rand_lib.o: fips_rand_lib.c -+fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_rand_selftest.o: ../../include/openssl/bio.h -+fips_rand_selftest.o: ../../include/openssl/crypto.h -+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_rand_selftest.o: ../../include/openssl/fips_rand.h -+fips_rand_selftest.o: ../../include/openssl/hmac.h -+fips_rand_selftest.o: ../../include/openssl/lhash.h -+fips_rand_selftest.o: ../../include/openssl/obj_mac.h -+fips_rand_selftest.o: ../../include/openssl/objects.h -+fips_rand_selftest.o: ../../include/openssl/opensslconf.h -+fips_rand_selftest.o: ../../include/openssl/opensslv.h -+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h -+fips_rand_selftest.o: ../../include/openssl/rand.h -+fips_rand_selftest.o: ../../include/openssl/safestack.h -+fips_rand_selftest.o: ../../include/openssl/stack.h -+fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h -+fips_rand_selftest.o: fips_rand_selftest.c -+fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_rsa_selftest.o: ../../include/openssl/lhash.h -+fips_rsa_selftest.o: ../../include/openssl/obj_mac.h -+fips_rsa_selftest.o: ../../include/openssl/objects.h -+fips_rsa_selftest.o: ../../include/openssl/opensslconf.h -+fips_rsa_selftest.o: ../../include/openssl/opensslv.h -+fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h -+fips_rsa_selftest.o: ../../include/openssl/rsa.h -+fips_rsa_selftest.o: ../../include/openssl/safestack.h -+fips_rsa_selftest.o: ../../include/openssl/stack.h -+fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c -+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h -+fips_rsa_x931g.o: ../../include/openssl/opensslv.h -+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -+fips_rsa_x931g.o: ../../include/openssl/safestack.h -+fips_rsa_x931g.o: ../../include/openssl/stack.h -+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c -+fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_sha_selftest.o: ../../include/openssl/crypto.h -+fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_sha_selftest.o: ../../include/openssl/lhash.h -+fips_sha_selftest.o: ../../include/openssl/obj_mac.h -+fips_sha_selftest.o: ../../include/openssl/objects.h -+fips_sha_selftest.o: ../../include/openssl/opensslconf.h -+fips_sha_selftest.o: ../../include/openssl/opensslv.h -+fips_sha_selftest.o: ../../include/openssl/ossl_typ.h -+fips_sha_selftest.o: ../../include/openssl/safestack.h -+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.1e/crypto/hmac/hmac.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/hmac/hmac.c -+++ openssl-1.0.1e/crypto/hmac/hmac.c +--- openssl-1.0.1f.orig/crypto/hmac/hmac.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/hmac/hmac.c 2014-01-09 23:16:46.000000000 +0000 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -19322,23 +19523,10 @@ Index: openssl-1.0.1e/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.1e/crypto/mdc2/mdc2dgst.c +Index: openssl-1.0.1f/crypto/md2/md2_dgst.c =================================================================== ---- openssl-1.0.1e.orig/crypto/mdc2/mdc2dgst.c -+++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c -@@ -76,7 +76,7 @@ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - - static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); --fips_md_init(MDC2) -+nonfips_md_init(MDC2) - { - c->num=0; - c->pad_type=1; -Index: openssl-1.0.1e/crypto/md2/md2_dgst.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/md2/md2_dgst.c -+++ openssl-1.0.1e/crypto/md2/md2_dgst.c +--- openssl-1.0.1f.orig/crypto/md2/md2_dgst.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/md2/md2_dgst.c 2014-01-09 23:16:46.000000000 +0000 @@ -62,6 +62,11 @@ #include #include @@ -19360,10 +19548,10 @@ Index: openssl-1.0.1e/crypto/md2/md2_dgst.c { c->num=0; memset(c->state,0,sizeof c->state); -Index: openssl-1.0.1e/crypto/md4/md4_dgst.c +Index: openssl-1.0.1f/crypto/md4/md4_dgst.c =================================================================== ---- openssl-1.0.1e.orig/crypto/md4/md4_dgst.c -+++ openssl-1.0.1e/crypto/md4/md4_dgst.c +--- openssl-1.0.1f.orig/crypto/md4/md4_dgst.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/md4/md4_dgst.c 2014-01-09 23:16:46.000000000 +0000 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19373,10 +19561,10 @@ Index: openssl-1.0.1e/crypto/md4/md4_dgst.c { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -Index: openssl-1.0.1e/crypto/md5/md5_dgst.c +Index: openssl-1.0.1f/crypto/md5/md5_dgst.c =================================================================== ---- openssl-1.0.1e.orig/crypto/md5/md5_dgst.c -+++ openssl-1.0.1e/crypto/md5/md5_dgst.c +--- openssl-1.0.1f.orig/crypto/md5/md5_dgst.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/md5/md5_dgst.c 2014-01-09 23:16:46.000000000 +0000 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19386,10 +19574,23 @@ Index: openssl-1.0.1e/crypto/md5/md5_dgst.c { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -Index: openssl-1.0.1e/crypto/o_fips.c +Index: openssl-1.0.1f/crypto/mdc2/mdc2dgst.c =================================================================== ---- openssl-1.0.1e.orig/crypto/o_fips.c -+++ openssl-1.0.1e/crypto/o_fips.c +--- openssl-1.0.1f.orig/crypto/mdc2/mdc2dgst.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/mdc2/mdc2dgst.c 2014-01-09 23:16:46.000000000 +0000 +@@ -76,7 +76,7 @@ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + + static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); +-fips_md_init(MDC2) ++nonfips_md_init(MDC2) + { + c->num=0; + c->pad_type=1; +Index: openssl-1.0.1f/crypto/o_fips.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/o_fips.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/o_fips.c 2014-01-09 23:16:46.000000000 +0000 @@ -79,6 +79,8 @@ int FIPS_mode_set(int r) #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -19399,10 +19600,10 @@ Index: openssl-1.0.1e/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.1e/crypto/o_init.c +Index: openssl-1.0.1f/crypto/o_init.c =================================================================== ---- openssl-1.0.1e.orig/crypto/o_init.c -+++ openssl-1.0.1e/crypto/o_init.c +--- openssl-1.0.1f.orig/crypto/o_init.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/o_init.c 2014-01-09 23:16:46.000000000 +0000 @@ -55,28 +55,68 @@ #include #include @@ -19476,10 +19677,24 @@ Index: openssl-1.0.1e/crypto/o_init.c + { + OPENSSL_init_library(); + } -Index: openssl-1.0.1e/crypto/opensslconf.h.in +Index: openssl-1.0.1f/crypto/opensslconf.h =================================================================== ---- openssl-1.0.1e.orig/crypto/opensslconf.h.in -+++ openssl-1.0.1e/crypto/opensslconf.h.in +--- openssl-1.0.1f.orig/crypto/opensslconf.h 2014-01-06 14:36:07.000000000 +0000 ++++ openssl-1.0.1f/crypto/opensslconf.h 2014-01-09 23:16:46.000000000 +0000 +@@ -1,6 +1,9 @@ + /* opensslconf.h */ + /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ + ++/* FIPS */ ++#define OPENSSL_FIPS ++ + /* OpenSSL was configured with the following options: */ + #ifndef OPENSSL_DOING_MAKEDEPEND + +Index: openssl-1.0.1f/crypto/opensslconf.h.in +=================================================================== +--- openssl-1.0.1f.orig/crypto/opensslconf.h.in 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/opensslconf.h.in 2014-01-09 23:16:46.000000000 +0000 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -19501,10 +19716,10 @@ Index: openssl-1.0.1e/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.1e/crypto/pkcs12/p12_crt.c +Index: openssl-1.0.1f/crypto/pkcs12/p12_crt.c =================================================================== ---- openssl-1.0.1e.orig/crypto/pkcs12/p12_crt.c -+++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c +--- openssl-1.0.1f.orig/crypto/pkcs12/p12_crt.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/pkcs12/p12_crt.c 2014-01-09 23:16:46.000000000 +0000 @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -19516,26 +19731,11 @@ Index: openssl-1.0.1e/crypto/pkcs12/p12_crt.c static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); -@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char * - - /* Set defaults */ - if (!nid_cert) -+ { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) -+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -+ else -+#endif - nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; -+ } - if (!nid_key) - nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if (!iter) -Index: openssl-1.0.1e/crypto/rand/md_rand.c +Index: openssl-1.0.1f/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rand/md_rand.c -+++ openssl-1.0.1e/crypto/rand/md_rand.c -@@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch +--- openssl-1.0.1f.orig/crypto/rand/md_rand.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rand/md_rand.c 2014-01-09 23:16:46.000000000 +0000 +@@ -392,7 +392,10 @@ static int ssleay_rand_bytes(unsigned ch CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -19547,11 +19747,11 @@ Index: openssl-1.0.1e/crypto/rand/md_rand.c { RAND_poll(); initialized = 1; -Index: openssl-1.0.1e/crypto/rand/rand.h +Index: openssl-1.0.1f/crypto/rand/rand.h =================================================================== ---- openssl-1.0.1e.orig/crypto/rand/rand.h -+++ openssl-1.0.1e/crypto/rand/rand.h -@@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void); +--- openssl-1.0.1f.orig/crypto/rand/rand.h 2014-01-09 23:20:58.000000000 +0000 ++++ openssl-1.0.1f/crypto/rand/rand.h 2014-01-09 23:21:17.000000000 +0000 +@@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ @@ -19569,9 +19769,11 @@ Index: openssl-1.0.1e/crypto/rand/rand.h #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +-#define RAND_R_DUAL_EC_DRBG_DISABLED 104 -#define RAND_R_ERROR_INITIALISING_DRBG 102 -#define RAND_R_ERROR_INSTANTIATING_DRBG 103 -#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 ++#define RAND_R_DUAL_EC_DRBG_DISABLED 114 +#define RAND_R_ERROR_INITIALISING_DRBG 112 +#define RAND_R_ERROR_INSTANTIATING_DRBG 113 +#define RAND_R_NON_FIPS_METHOD 105 @@ -19589,10 +19791,10 @@ Index: openssl-1.0.1e/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.1e/crypto/ripemd/rmd_dgst.c +Index: openssl-1.0.1f/crypto/ripemd/rmd_dgst.c =================================================================== ---- openssl-1.0.1e.orig/crypto/ripemd/rmd_dgst.c -+++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.1f.orig/crypto/ripemd/rmd_dgst.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/ripemd/rmd_dgst.c 2014-01-09 23:16:46.000000000 +0000 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif @@ -19602,10 +19804,98 @@ Index: openssl-1.0.1e/crypto/ripemd/rmd_dgst.c { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -Index: openssl-1.0.1e/crypto/rsa/rsa_crpt.c +Index: openssl-1.0.1f/crypto/rsa/rsa.h =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_crpt.c -+++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa.h 2014-01-09 23:16:46.000000000 +0000 +@@ -164,6 +164,8 @@ struct rsa_st + # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 + #endif + ++#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 ++ + #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS + # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 + #endif +@@ -290,6 +292,11 @@ RSA * RSA_generate_key(int bits, unsigne + + /* New version */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); ++int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, ++ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, ++ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, ++ const BIGNUM *e, BN_GENCB *cb); ++int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); + + int RSA_check_key(const RSA *); + /* next 4 return -1 on error */ +@@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void); + #define RSA_F_RSA_PADDING_ADD_NONE 107 + #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 + #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 ++#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158 + #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 + #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 + #define RSA_F_RSA_PADDING_ADD_SSLV23 110 +@@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void); + #define RSA_F_RSA_PADDING_CHECK_X931 128 + #define RSA_F_RSA_PRINT 115 + #define RSA_F_RSA_PRINT_FP 116 +-#define RSA_F_RSA_PRIVATE_DECRYPT 150 +-#define RSA_F_RSA_PRIVATE_ENCRYPT 151 ++#define RSA_F_RSA_PRIVATE_DECRYPT 157 ++#define RSA_F_RSA_PRIVATE_ENCRYPT 148 + #define RSA_F_RSA_PRIV_DECODE 137 + #define RSA_F_RSA_PRIV_ENCODE 138 +-#define RSA_F_RSA_PUBLIC_DECRYPT 152 ++#define RSA_F_RSA_PUBLIC_DECRYPT 149 + #define RSA_F_RSA_PUBLIC_ENCRYPT 153 + #define RSA_F_RSA_PUB_DECODE 139 + #define RSA_F_RSA_SETUP_BLINDING 136 ++#define RSA_F_RSA_SET_DEFAULT_METHOD 150 ++#define RSA_F_RSA_SET_METHOD 151 + #define RSA_F_RSA_SIGN 117 + #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 + #define RSA_F_RSA_VERIFY 119 + #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 + #define RSA_F_RSA_VERIFY_PKCS1_PSS 126 +-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 ++#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152 + + /* Reason codes. */ + #define RSA_R_ALGORITHM_MISMATCH 100 +@@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void); + #define RSA_R_INVALID_MGF1_MD 156 + #define RSA_R_INVALID_PADDING 138 + #define RSA_R_INVALID_PADDING_MODE 141 +-#define RSA_R_INVALID_PSS_PARAMETERS 149 ++#define RSA_R_INVALID_PSS_PARAMETERS 157 + #define RSA_R_INVALID_PSS_SALTLEN 146 +-#define RSA_R_INVALID_SALT_LENGTH 150 ++#define RSA_R_INVALID_SALT_LENGTH 158 + #define RSA_R_INVALID_TRAILER 139 + #define RSA_R_INVALID_X931_DIGEST 142 + #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 + #define RSA_R_KEY_SIZE_TOO_SMALL 120 + #define RSA_R_LAST_OCTET_INVALID 134 + #define RSA_R_MODULUS_TOO_LARGE 105 +-#define RSA_R_NON_FIPS_RSA_METHOD 157 ++#define RSA_R_NON_FIPS_RSA_METHOD 149 ++#define RSA_R_NON_FIPS_METHOD 149 + #define RSA_R_NO_PUBLIC_EXPONENT 140 + #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 + #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 + #define RSA_R_OAEP_DECODING_ERROR 121 +-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 ++#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 + #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 + #define RSA_R_PADDING_CHECK_FAILED 114 + #define RSA_R_P_NOT_PRIME 128 +Index: openssl-1.0.1f/crypto/rsa/rsa_crpt.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/rsa/rsa_crpt.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_crpt.c 2014-01-09 23:16:46.000000000 +0000 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const RSA *rsa, int padding) { @@ -19632,10 +19922,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.1e/crypto/rsa/rsa_eay.c +Index: openssl-1.0.1f/crypto/rsa/rsa_eay.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_eay.c -+++ openssl-1.0.1e/crypto/rsa/rsa_eay.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa_eay.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_eay.c 2014-01-09 23:16:46.000000000 +0000 @@ -114,6 +114,10 @@ #include #include @@ -19766,10 +20056,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_eay.c rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -Index: openssl-1.0.1e/crypto/rsa/rsa_err.c +Index: openssl-1.0.1f/crypto/rsa/rsa_err.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_err.c -+++ openssl-1.0.1e/crypto/rsa/rsa_err.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa_err.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_err.c 2014-01-09 23:16:46.000000000 +0000 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -19779,10 +20069,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, -Index: openssl-1.0.1e/crypto/rsa/rsa_gen.c +Index: openssl-1.0.1f/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_gen.c -+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa_gen.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_gen.c 2014-01-09 23:16:46.000000000 +0000 @@ -69,6 +69,78 @@ #include #ifdef OPENSSL_FIPS @@ -19924,98 +20214,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_gen.c ok=1; err: if (ok == -1) -Index: openssl-1.0.1e/crypto/rsa/rsa.h +Index: openssl-1.0.1f/crypto/rsa/rsa_lib.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa.h -+++ openssl-1.0.1e/crypto/rsa/rsa.h -@@ -164,6 +164,8 @@ struct rsa_st - # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 - #endif - -+#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 -+ - #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS - # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 - #endif -@@ -290,6 +292,11 @@ RSA * RSA_generate_key(int bits, unsigne - - /* New version */ - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, -+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, -+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, -+ const BIGNUM *e, BN_GENCB *cb); -+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); - - int RSA_check_key(const RSA *); - /* next 4 return -1 on error */ -@@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void); - #define RSA_F_RSA_PADDING_ADD_NONE 107 - #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 - #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 --#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 -+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158 - #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 - #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 - #define RSA_F_RSA_PADDING_ADD_SSLV23 110 -@@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void); - #define RSA_F_RSA_PADDING_CHECK_X931 128 - #define RSA_F_RSA_PRINT 115 - #define RSA_F_RSA_PRINT_FP 116 --#define RSA_F_RSA_PRIVATE_DECRYPT 150 --#define RSA_F_RSA_PRIVATE_ENCRYPT 151 -+#define RSA_F_RSA_PRIVATE_DECRYPT 157 -+#define RSA_F_RSA_PRIVATE_ENCRYPT 148 - #define RSA_F_RSA_PRIV_DECODE 137 - #define RSA_F_RSA_PRIV_ENCODE 138 --#define RSA_F_RSA_PUBLIC_DECRYPT 152 -+#define RSA_F_RSA_PUBLIC_DECRYPT 149 - #define RSA_F_RSA_PUBLIC_ENCRYPT 153 - #define RSA_F_RSA_PUB_DECODE 139 - #define RSA_F_RSA_SETUP_BLINDING 136 -+#define RSA_F_RSA_SET_DEFAULT_METHOD 150 -+#define RSA_F_RSA_SET_METHOD 151 - #define RSA_F_RSA_SIGN 117 - #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 - #define RSA_F_RSA_VERIFY 119 - #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 - #define RSA_F_RSA_VERIFY_PKCS1_PSS 126 --#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 -+#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152 - - /* Reason codes. */ - #define RSA_R_ALGORITHM_MISMATCH 100 -@@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void); - #define RSA_R_INVALID_MGF1_MD 156 - #define RSA_R_INVALID_PADDING 138 - #define RSA_R_INVALID_PADDING_MODE 141 --#define RSA_R_INVALID_PSS_PARAMETERS 149 -+#define RSA_R_INVALID_PSS_PARAMETERS 157 - #define RSA_R_INVALID_PSS_SALTLEN 146 --#define RSA_R_INVALID_SALT_LENGTH 150 -+#define RSA_R_INVALID_SALT_LENGTH 158 - #define RSA_R_INVALID_TRAILER 139 - #define RSA_R_INVALID_X931_DIGEST 142 - #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 - #define RSA_R_KEY_SIZE_TOO_SMALL 120 - #define RSA_R_LAST_OCTET_INVALID 134 - #define RSA_R_MODULUS_TOO_LARGE 105 --#define RSA_R_NON_FIPS_RSA_METHOD 157 -+#define RSA_R_NON_FIPS_RSA_METHOD 149 -+#define RSA_R_NON_FIPS_METHOD 149 - #define RSA_R_NO_PUBLIC_EXPONENT 140 - #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - #define RSA_R_OAEP_DECODING_ERROR 121 --#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 -+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 - #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 - #define RSA_R_PADDING_CHECK_FAILED 114 - #define RSA_R_P_NOT_PRIME 128 -Index: openssl-1.0.1e/crypto/rsa/rsa_lib.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_lib.c -+++ openssl-1.0.1e/crypto/rsa/rsa_lib.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa_lib.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_lib.c 2014-01-09 23:16:46.000000000 +0000 @@ -84,6 +84,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -20091,10 +20293,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE -Index: openssl-1.0.1e/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.1f/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_pmeth.c -+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa_pmeth.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_pmeth.c 2014-01-09 23:16:46.000000000 +0000 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -20138,10 +20340,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.1e/crypto/rsa/rsa_sign.c +Index: openssl-1.0.1f/crypto/rsa/rsa_sign.c =================================================================== ---- openssl-1.0.1e.orig/crypto/rsa/rsa_sign.c -+++ openssl-1.0.1e/crypto/rsa/rsa_sign.c +--- openssl-1.0.1f.orig/crypto/rsa/rsa_sign.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/rsa/rsa_sign.c 2014-01-09 23:16:46.000000000 +0000 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -20173,10 +20375,10 @@ Index: openssl-1.0.1e/crypto/rsa/rsa_sign.c if (i <= 0) goto err; /* Oddball MDC2 case: signature can be OCTET STRING. -Index: openssl-1.0.1e/crypto/sha/sha.h +Index: openssl-1.0.1f/crypto/sha/sha.h =================================================================== ---- openssl-1.0.1e.orig/crypto/sha/sha.h -+++ openssl-1.0.1e/crypto/sha/sha.h +--- openssl-1.0.1f.orig/crypto/sha/sha.h 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/sha/sha.h 2014-01-09 23:16:46.000000000 +0000 @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -20209,30 +20411,10 @@ Index: openssl-1.0.1e/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.1e/crypto/sha/sha_locl.h +Index: openssl-1.0.1f/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.1e.orig/crypto/sha/sha_locl.h -+++ openssl-1.0.1e/crypto/sha/sha_locl.h -@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, - #define INIT_DATA_h4 0xc3d2e1f0UL - - #ifdef SHA_0 --fips_md_init(SHA) -+nonfips_md_init(SHA) - #else - fips_md_init_ctx(SHA1, SHA) - #endif - { -+#if defined(SHA_1) && defined(OPENSSL_FIPS) -+ FIPS_selftest_check(); -+#endif - memset (c,0,sizeof(*c)); - c->h0=INIT_DATA_h0; - c->h1=INIT_DATA_h1; -Index: openssl-1.0.1e/crypto/sha/sha256.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/sha/sha256.c -+++ openssl-1.0.1e/crypto/sha/sha256.c +--- openssl-1.0.1f.orig/crypto/sha/sha256.c 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/sha/sha256.c 2014-01-09 23:16:46.000000000 +0000 @@ -12,12 +12,19 @@ #include @@ -20263,10 +20445,10 @@ Index: openssl-1.0.1e/crypto/sha/sha256.c memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -Index: openssl-1.0.1e/crypto/sha/sha512.c +Index: openssl-1.0.1f/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.1e.orig/crypto/sha/sha512.c -+++ openssl-1.0.1e/crypto/sha/sha512.c +--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/sha/sha512.c 2014-01-09 23:16:46.000000000 +0000 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -20298,10 +20480,30 @@ Index: openssl-1.0.1e/crypto/sha/sha512.c c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.1e/crypto/whrlpool/wp_dgst.c +Index: openssl-1.0.1f/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.1e.orig/crypto/whrlpool/wp_dgst.c -+++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.1f.orig/crypto/sha/sha_locl.h 2014-01-09 23:16:44.000000000 +0000 ++++ openssl-1.0.1f/crypto/sha/sha_locl.h 2014-01-09 23:16:46.000000000 +0000 +@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, + #define INIT_DATA_h4 0xc3d2e1f0UL + + #ifdef SHA_0 +-fips_md_init(SHA) ++nonfips_md_init(SHA) + #else + fips_md_init_ctx(SHA1, SHA) + #endif + { ++#if defined(SHA_1) && defined(OPENSSL_FIPS) ++ FIPS_selftest_check(); ++#endif + memset (c,0,sizeof(*c)); + c->h0=INIT_DATA_h0; + c->h1=INIT_DATA_h1; +Index: openssl-1.0.1f/crypto/whrlpool/wp_dgst.c +=================================================================== +--- openssl-1.0.1f.orig/crypto/whrlpool/wp_dgst.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/crypto/whrlpool/wp_dgst.c 2014-01-09 23:16:46.000000000 +0000 @@ -55,7 +55,7 @@ #include #include @@ -20311,42 +20513,11 @@ Index: openssl-1.0.1e/crypto/whrlpool/wp_dgst.c { memset (c,0,sizeof(*c)); return(1); -Index: openssl-1.0.1e/Makefile.org +Index: openssl-1.0.1f/ssl/d1_srvr.c =================================================================== ---- openssl-1.0.1e.orig/Makefile.org -+++ openssl-1.0.1e/Makefile.org -@@ -135,6 +135,9 @@ FIPSCANLIB= - - BASEADDR= - -+# Non-empty if FIPS enabled -+FIPS= -+ - DIRS= crypto ssl engines apps test tools - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl -@@ -147,7 +150,7 @@ SDIRS= \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ -- cms pqueue ts jpake srp store cmac -+ cms pqueue ts jpake srp store cmac fips - # keep in mind that the above list is adjusted by ./Configure - # according to no-xxx arguments... - -@@ -236,6 +239,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSDIR='${FIPSDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ -+ FIPS="$${FIPS:-$(FIPS)}" \ - THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= - # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, - # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.1e/ssl/d1_srvr.c -=================================================================== ---- openssl-1.0.1e.orig/ssl/d1_srvr.c -+++ openssl-1.0.1e/ssl/d1_srvr.c -@@ -1372,6 +1372,8 @@ int dtls1_send_server_key_exchange(SSL * +--- openssl-1.0.1f.orig/ssl/d1_srvr.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/ssl/d1_srvr.c 2014-01-09 23:16:46.000000000 +0000 +@@ -1383,6 +1383,8 @@ int dtls1_send_server_key_exchange(SSL * j=0; for (num=2; num > 0; num--) { @@ -20355,10 +20526,10 @@ Index: openssl-1.0.1e/ssl/d1_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -Index: openssl-1.0.1e/ssl/ssl_algs.c +Index: openssl-1.0.1f/ssl/ssl_algs.c =================================================================== ---- openssl-1.0.1e.orig/ssl/ssl_algs.c -+++ openssl-1.0.1e/ssl/ssl_algs.c +--- openssl-1.0.1f.orig/ssl/ssl_algs.c 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/ssl/ssl_algs.c 2014-01-09 23:16:46.000000000 +0000 @@ -64,6 +64,12 @@ int SSL_library_init(void) { @@ -20423,72 +20594,3 @@ Index: openssl-1.0.1e/ssl/ssl_algs.c #ifndef OPENSSL_NO_COMP /* This will initialise the built-in compression algorithms. The value returned is a STACK_OF(SSL_COMP), but that can -Index: openssl-1.0.1e/crypto/dsa/dsa_locl.h -=================================================================== ---- openssl-1.0.1e.orig/crypto/dsa/dsa_locl.h -+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h -@@ -56,5 +56,4 @@ - - int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, -- unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.1e/crypto/evp/evp_locl.h -=================================================================== ---- openssl-1.0.1e.orig/crypto/evp/evp_locl.h -+++ openssl-1.0.1e/crypto/evp/evp_locl.h -@@ -371,11 +371,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ - #define MD2_Init private_MD2_Init - #define MDC2_Init private_MDC2_Init - #define SHA_Init private_SHA_Init --#define SHA1_Init private_SHA1_Init --#define SHA224_Init private_SHA224_Init --#define SHA256_Init private_SHA256_Init --#define SHA384_Init private_SHA384_Init --#define SHA512_Init private_SHA512_Init - - #define BF_set_key private_BF_set_key - #define CAST_set_key private_CAST_set_key -@@ -383,7 +378,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ - #define SEED_set_key private_SEED_set_key - #define RC2_set_key private_RC2_set_key - #define RC4_set_key private_RC4_set_key --#define DES_set_key_unchecked private_DES_set_key_unchecked - #define Camellia_set_key private_Camellia_set_key - - #endif -Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h -=================================================================== ---- openssl-1.0.1e.orig/crypto/camellia/cmll_locl.h -+++ openssl-1.0.1e/crypto/camellia/cmll_locl.h -@@ -68,7 +68,8 @@ - #ifndef HEADER_CAMELLIA_LOCL_H - #define HEADER_CAMELLIA_LOCL_H - --#pragma GCC visibility push(hidden) -+/* we comment it for FIPS compiliation */ -+//#pragma GCC visibility push(hidden) - - typedef unsigned int u32; - typedef unsigned char u8; -@@ -85,5 +86,5 @@ void Camellia_DecryptBlock(int keyBitLen - const KEY_TABLE_TYPE keyTable, u8 plaintext[]); - int private_Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key); --#pragma GCC visibility pop -+//#pragma GCC visibility pop - #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ -Index: openssl-1.0.1e/crypto/opensslconf.h -=================================================================== ---- openssl-1.0.1e.orig/crypto/opensslconf.h -+++ openssl-1.0.1e/crypto/opensslconf.h -@@ -1,6 +1,9 @@ - /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -+/* FIPS */ -+#define OPENSSL_FIPS -+ - /* OpenSSL was configured with the following options: */ - #ifndef OPENSSL_DOING_MAKEDEPEND - diff --git a/openssl-1.0.1e.tar.gz b/openssl-1.0.1e.tar.gz deleted file mode 100644 index b372136..0000000 --- a/openssl-1.0.1e.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 -size 4459777 diff --git a/openssl-1.0.1e.tar.gz.asc b/openssl-1.0.1e.tar.gz.asc deleted file mode 100644 index 80d404f..0000000 --- a/openssl-1.0.1e.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQEVAwUAURkNmqLSm3vylcdZAQIW+QgAvzzm4hlt+QUHVLkMW0eiiJeTk+ZNqAAe -ver8u+JwEGUiNA2Tq0/9n+/vmLlAC48lRiZpviVAq3olbmmEWi4FrsToEoNOp9Ho -tr++fq4kGcLSnqRu6gy4unJZVy9U1RZRGCxESTI5nvsneLQGs34lpBxRpQ/Q0Iqg -h3NZJkdbX5oL+pKgEtQV25HFoKnEWe1mqVkTZPaTE4mfSr3Uc0+NjOkKaxm5ud+9 -CZBSqesMPohUWo8Fm9BxkCZuZ6SwTUWHUzZvODANp8VyjderZdWhVlGc6E0zV6SU -TlmjCpOblE7CP26QC+SttDRx8nM+Qd5HTLq10ciX1UX1YD8n4XtRFg== -=IVUi ------END PGP SIGNATURE----- diff --git a/openssl-1.0.1f.tar.gz b/openssl-1.0.1f.tar.gz new file mode 100644 index 0000000..202c4ba --- /dev/null +++ b/openssl-1.0.1f.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a +size 4509212 diff --git a/openssl-1.0.1f.tar.gz.asc b/openssl-1.0.1f.tar.gz.asc new file mode 100644 index 0000000..ecf37ad --- /dev/null +++ b/openssl-1.0.1f.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQEVAwUAUsq/WqLSm3vylcdZAQI63Af8DQSLbopKVXumiTiK0dAtXU+FwGl3FSXE +KKJgpfMdPPTSn/kdcmh4LXv4rFae5gNn0GEpEMlcLPxJSSauo8CO9xfYzA2Y1POE +bL9qemk7B/g/i2WZi6gTVP0/38/qRBh/3WyR94iVplZm5P8e+7bXqoHDEBtNMew1 +YcalGMgd/1ajvGo9+Y6qHHSNVu2FfSLQ7vqeurTHgo9c2ZhvDEsw/rQjqn7oQ3c7 +mz2qTYbgJ1+cikue47E0T0mQFv/my9flG6Bu63vhyioNZUxR5QVluuqAoLUAuM7h +xdJ8fVXMmqbLdr3ZQsCkdHeDQgke/FRVgyvzAdt7ensZoFSshfXcJw== +=exdx +-----END PGP SIGNATURE----- diff --git a/openssl-fix-pod-syntax.diff b/openssl-fix-pod-syntax.diff index 1770744..d4faf2c 100644 --- a/openssl-fix-pod-syntax.diff +++ b/openssl-fix-pod-syntax.diff @@ -34,33 +34,35 @@ content-type: text/plain; charset="utf-8" Content-Length: 12835 --- - doc/apps/cms.pod | 12 ++++++------ - doc/apps/smime.pod | 12 ++++++------ - doc/crypto/OPENSSL_ia32cap.pod | 10 +++++++++- - doc/ssl/SSL_COMP_add_compression_method.pod | 4 ++-- - doc/ssl/SSL_CTX_add_session.pod | 4 ++-- - doc/ssl/SSL_CTX_load_verify_locations.pod | 4 ++-- - doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 ++-- - doc/ssl/SSL_CTX_set_session_id_context.pod | 4 ++-- - doc/ssl/SSL_CTX_set_ssl_version.pod | 4 ++-- - doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 2 +- - doc/ssl/SSL_accept.pod | 4 ++-- - doc/ssl/SSL_clear.pod | 4 ++-- - doc/ssl/SSL_connect.pod | 4 ++-- - doc/ssl/SSL_do_handshake.pod | 4 ++-- - doc/ssl/SSL_read.pod | 2 +- - doc/ssl/SSL_session_reused.pod | 4 ++-- - doc/ssl/SSL_set_fd.pod | 4 ++-- - doc/ssl/SSL_set_session.pod | 4 ++-- - doc/ssl/SSL_set_shutdown.pod | 2 +- - doc/ssl/SSL_shutdown.pod | 4 ++-- - doc/ssl/SSL_write.pod | 2 +- - 21 files changed, 53 insertions(+), 45 deletions(-) + doc/apps/cms.pod | 12 ++++++------ + doc/apps/smime.pod | 12 ++++++------ + doc/apps/ts.pod | 6 +++--- + doc/crypto/OPENSSL_ia32cap.pod | 4 ++++ + doc/crypto/rand.pod | 14 +++++++------- + doc/ssl/SSL_COMP_add_compression_method.pod | 4 ++-- + doc/ssl/SSL_CTX_add_session.pod | 4 ++-- + doc/ssl/SSL_CTX_load_verify_locations.pod | 4 ++-- + doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 ++-- + doc/ssl/SSL_CTX_set_session_id_context.pod | 4 ++-- + doc/ssl/SSL_CTX_set_ssl_version.pod | 4 ++-- + doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 2 +- + doc/ssl/SSL_accept.pod | 4 ++-- + doc/ssl/SSL_clear.pod | 4 ++-- + doc/ssl/SSL_connect.pod | 4 ++-- + doc/ssl/SSL_do_handshake.pod | 4 ++-- + doc/ssl/SSL_read.pod | 2 +- + doc/ssl/SSL_session_reused.pod | 4 ++-- + doc/ssl/SSL_set_fd.pod | 4 ++-- + doc/ssl/SSL_set_session.pod | 4 ++-- + doc/ssl/SSL_set_shutdown.pod | 2 +- + doc/ssl/SSL_shutdown.pod | 6 +++--- + doc/ssl/SSL_write.pod | 2 +- + 23 files changed, 59 insertions(+), 55 deletions(-) -Index: openssl-1.0.1e/doc/apps/cms.pod +Index: openssl-1.0.1f/doc/apps/cms.pod =================================================================== ---- openssl-1.0.1e.orig/doc/apps/cms.pod -+++ openssl-1.0.1e/doc/apps/cms.pod +--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/apps/cms.pod 2014-01-09 23:42:30.000000000 +0000 @@ -450,28 +450,28 @@ remains DER. =over 4 @@ -96,10 +98,10 @@ Index: openssl-1.0.1e/doc/apps/cms.pod the message was verified correctly but an error occurred writing out the signers certificates. -Index: openssl-1.0.1e/doc/apps/smime.pod +Index: openssl-1.0.1f/doc/apps/smime.pod =================================================================== ---- openssl-1.0.1e.orig/doc/apps/smime.pod -+++ openssl-1.0.1e/doc/apps/smime.pod +--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/apps/smime.pod 2014-01-09 23:42:31.000000000 +0000 @@ -308,28 +308,28 @@ remains DER. =over 4 @@ -135,10 +137,37 @@ Index: openssl-1.0.1e/doc/apps/smime.pod the message was verified correctly but an error occurred writing out the signers certificates. -Index: openssl-1.0.1e/doc/crypto/OPENSSL_ia32cap.pod +Index: openssl-1.0.1f/doc/apps/ts.pod =================================================================== ---- openssl-1.0.1e.orig/doc/crypto/OPENSSL_ia32cap.pod -+++ openssl-1.0.1e/doc/crypto/OPENSSL_ia32cap.pod +--- openssl-1.0.1f.orig/doc/apps/ts.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/apps/ts.pod 2014-01-09 23:45:03.000000000 +0000 +@@ -58,19 +58,19 @@ time. Here is a brief description of the + + =over 4 + +-=item 1. ++=item Z<>1. + + The TSA client computes a one-way hash value for a data file and sends + the hash to the TSA. + +-=item 2. ++=item Z<>2. + + The TSA attaches the current date and time to the received hash value, + signs them and sends the time stamp token back to the client. By + creating this token the TSA certifies the existence of the original + data file at the time of response generation. + +-=item 3. ++=item Z<>3. + + The TSA client receives the time stamp token and verifies the + signature on it. It also checks if the token contains the same hash +Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/crypto/OPENSSL_ia32cap.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod 2014-01-09 23:42:31.000000000 +0000 @@ -20,6 +20,8 @@ toolkit initialization, but can be manip crypto library behaviour. For the moment of this writing six bits are significant, namely: @@ -157,10 +186,65 @@ Index: openssl-1.0.1e/doc/crypto/OPENSSL_ia32cap.pod For example, clearing bit #26 at run-time disables high-performance SSE2 code present in the crypto library. You might have to do this if target OpenSSL application is executed on SSE2 capable CPU, but under -Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod +Index: openssl-1.0.1f/doc/crypto/rand.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod -+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod +--- openssl-1.0.1f.orig/doc/crypto/rand.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/crypto/rand.pod 2014-01-09 23:43:46.000000000 +0000 +@@ -74,16 +74,16 @@ First up I will state the things I belie + + =over 4 + +-=item 1 ++=item Z<>1 + + A good hashing algorithm to mix things up and to convert the RNG 'state' + to random numbers. + +-=item 2 ++=item Z<>2 + + An initial source of random 'state'. + +-=item 3 ++=item Z<>3 + + The state should be very large. If the RNG is being used to generate + 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). +@@ -93,13 +93,13 @@ carried away on this last point but it d + a bad idea to keep quite a lot of RNG state. It should be easier to + break a cipher than guess the RNG seed data. + +-=item 4 ++=item Z<>4 + + Any RNG seed data should influence all subsequent random numbers + generated. This implies that any random seed data entered will have + an influence on all subsequent random numbers generated. + +-=item 5 ++=item Z<>5 + + When using data to seed the RNG state, the data used should not be + extractable from the RNG state. I believe this should be a +@@ -108,12 +108,12 @@ data would be a private key or a passwor + not be disclosed by either subsequent random numbers or a + 'core' dump left by a program crash. + +-=item 6 ++=item Z<>6 + + Given the same initial 'state', 2 systems should deviate in their RNG state + (and hence the random numbers generated) over time if at all possible. + +-=item 7 ++=item Z<>7 + + Given the random number output stream, it should not be possible to determine + the RNG state or the next random number. +Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-09 23:42:31.000000000 +0000 @@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re =over 4 @@ -175,10 +259,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod The operation failed. Check the error queue to find out the reason. -Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-01-09 23:42:31.000000000 +0000 @@ -52,13 +52,13 @@ The following values are returned by all =over 4 @@ -195,10 +279,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod The operation succeeded. -Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-09 23:42:31.000000000 +0000 @@ -100,13 +100,13 @@ The following return values can occur: =over 4 @@ -215,10 +299,30 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod The operation succeeded. -Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-09 23:42:31.000000000 +0000 +@@ -66,13 +66,13 @@ values: + + =over 4 + +-=item 0 ++=item Z<>0 + + A failure while manipulating the STACK_OF(X509_NAME) object occurred or + the X509_NAME could not be extracted from B. Check the error stack + to find out the reason. + +-=item 1 ++=item Z<>1 + + The operation succeeded. + +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-09 23:42:31.000000000 +0000 @@ -64,13 +64,13 @@ return the following values: =over 4 @@ -235,10 +339,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod The operation succeeded. -Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-09 23:42:31.000000000 +0000 @@ -42,11 +42,11 @@ and SSL_set_ssl_method(): =over 4 @@ -253,20 +357,11 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod The operation succeeded. -Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_ - - Return values from the server callback are interpreted as follows: - -+=over 4 -+ - =item > 0 - - PSK identity was found and the server callback has provided the PSK -@@ -94,9 +96,11 @@ data to B and return the length of +--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-09 23:44:18.000000000 +0000 +@@ -96,7 +96,7 @@ data to B and return the length of connection will fail with decryption_error before it will be finished completely. @@ -275,14 +370,30 @@ Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. - -+=back -+ - =cut -Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod +Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod -+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-01-09 23:42:31.000000000 +0000 +@@ -44,13 +44,13 @@ The following return values can occur: + + =over 4 + +-=item 0 ++=item Z<>0 + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B to find out the reason. + +-=item 1 ++=item Z<>1 + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-01-09 23:42:31.000000000 +0000 @@ -56,12 +56,12 @@ The following return values can occur: =over 4 @@ -298,10 +409,50 @@ Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod The SSL_clear() operation was successful. -Index: openssl-1.0.1e/doc/ssl/SSL_read.pod +Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod -+++ openssl-1.0.1e/doc/ssl/SSL_read.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-01-09 23:42:31.000000000 +0000 +@@ -41,13 +41,13 @@ The following return values can occur: + + =over 4 + +-=item 0 ++=item Z<>0 + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B to find out the reason. + +-=item 1 ++=item Z<>1 + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-01-09 23:42:31.000000000 +0000 +@@ -45,13 +45,13 @@ The following return values can occur: + + =over 4 + +-=item 0 ++=item Z<>0 + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B to find out the reason. + +-=item 1 ++=item Z<>1 + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +Index: openssl-1.0.1f/doc/ssl/SSL_read.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-01-09 23:42:31.000000000 +0000 @@ -86,7 +86,7 @@ The following return values can occur: The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection. @@ -311,10 +462,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_read.pod The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case -Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod +Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod -+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-01-09 23:42:31.000000000 +0000 @@ -27,11 +27,11 @@ The following return values can occur: =over 4 @@ -329,10 +480,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod A session was reused. -Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod +Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-01-09 23:42:31.000000000 +0000 @@ -35,11 +35,11 @@ The following return values can occur: =over 4 @@ -347,10 +498,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod The operation succeeded. -Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod +Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-01-09 23:42:31.000000000 +0000 @@ -37,11 +37,11 @@ The following return values can occur: =over 4 @@ -365,10 +516,10 @@ Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod The operation succeeded. -Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod +Index: openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_set_shutdown.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod 2014-01-09 23:42:31.000000000 +0000 @@ -24,7 +24,7 @@ The shutdown state of an ssl connection =over 4 @@ -378,121 +529,14 @@ Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod No shutdown setting, yet. -Index: openssl-1.0.1e/doc/ssl/SSL_write.pod +Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod =================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod -+++ openssl-1.0.1e/doc/ssl/SSL_write.pod -@@ -79,7 +79,7 @@ The following return values can occur: - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item Z<>0 - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B to find out, -Index: openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod -=================================================================== ---- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod -+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod -@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl - an application specific error. This will never be returned unless explicitly - set by an application. - -+=back -+ - =head1 NOTES - - The above functions should be used instead of directly referencing the fields -Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod -=================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,11 +66,11 @@ values: - - =over 4 - --=item 1 -+=item Z<>1 - - The operation succeeded. - --=item 0 -+=item Z<>0 - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B. Check the error stack -Index: openssl-1.0.1e/doc/ssl/SSL_accept.pod -=================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod -+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod -@@ -44,12 +44,12 @@ The following return values can occur: - - =over 4 - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the -Index: openssl-1.0.1e/doc/ssl/SSL_connect.pod -=================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod -+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod -@@ -41,12 +41,12 @@ The following return values can occur: - - =over 4 - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the -Index: openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod -=================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod -+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod -@@ -45,12 +45,12 @@ The following return values can occur: - - =over 4 - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the -Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod -=================================================================== ---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod -+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod +--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-01-09 23:42:31.000000000 +0000 @@ -92,19 +92,19 @@ The following return values can occur: =over 4 --=item 1 -+=item Z<>1 - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - -=item 0 +=item Z<>0 @@ -501,8 +545,27 @@ Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod The output of L may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. +-=item 1 ++=item Z<>1 + + The shutdown was successfully completed. The "close notify" alert was sent + and the peer's "close notify" alert was received. + -=item -1 +=item Z<>-1 The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if +Index: openssl-1.0.1f/doc/ssl/SSL_write.pod +=================================================================== +--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 13:47:42.000000000 +0000 ++++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-01-09 23:42:31.000000000 +0000 +@@ -79,7 +79,7 @@ The following return values can occur: + The write operation was successful, the return value is the number of + bytes actually written to the TLS/SSL connection. + +-=item 0 ++=item Z<>0 + + The write operation was not successful. Probably the underlying connection + was closed. Call SSL_get_error() with the return value B to find out, diff --git a/openssl.changes b/openssl.changes index 9b5154b..7d8adb0 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Sat Jan 11 08:42:54 UTC 2014 - shchang@suse.com + +- Remove GCC option "-O3" for compiliation issue of ARM version + Modify: openssl.spec + +------------------------------------------------------------------- +Fri Jan 10 14:43:20 UTC 2014 - shchang@suse.com + +- Adjust the installation path( libopenssl/hmac into /lib or /lib64) + Modify files: README-FIPS.txt openssl.spec + +------------------------------------------------------------------- +Thu Jan 9 23:08:29 UTC 2014 - andreas.stieger@gmx.de + +- 1.0.1f: + * Fix for TLS record tampering bug CVE-2013-4353 +- already included: + * Fix for TLS version checking bug CVE-2013-6449 + * Fix for DTLS retransmission bug CVE-2013-6450 +- removed patches: + * CVE-2013-6449.patch, committed upstream + * CVE-2013-6450.patch, committed upstream + * SSL_get_certificate-broken.patch, committed upstream + * openssl-1.0.1e-bnc822642.patch, committed upstream +- modified patches: + * openssl-1.0.1e-fips.patch, adjust for upstream changes + * openssl-fix-pod-syntax.diff, adjust for upstream changes + +------------------------------------------------------------------- +Wed Jan 8 22:01:36 UTC 2014 - andreas.stieger@gmx.de + +- add a gpg keyring for source tarball + ------------------------------------------------------------------- Wed Jan 8 10:57:24 UTC 2014 - shchang@suse.com diff --git a/openssl.keyring b/openssl.keyring new file mode 100644 index 0000000..82ca40c --- /dev/null +++ b/openssl.keyring @@ -0,0 +1,100 @@ + + + + +Public Key Server -- Get ``0xa2d29b7bf295c759 '' + +

Public Key Server -- Get ``0xa2d29b7bf295c759 ''

+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.4
+Comment: Hostname: pgp.mit.edu
+
+mQENAzZz6nwAAAEIAMo0phUn+IyEMv4v4gN7ANsdksYAwsrN+3XutOrNlJIJ1HSKVxlgzU7N
+6XkYvFH+fSMaHE1+SRREyCO2MVBXWDrSAGCYETcKY+KM2gzSEB2pMxNdewZDFM5ayUHMCVjv
+ROanLr5KfjEcA6uibwLcq+tvKGTq16kba3COgYElM5LR1vHx7EZB3PHAonHfgggM/MmKZw30
+61PG+xfAvJZFyOojVLcGGqa510ctnoqLBhCceRQbQEaEO+1KIxJ+qf3BGyl5i1Ldz04252Wx
+ANVlEyVhqaVLFwY7jAcaeqWK+CxOyK0HjJnQZpygIJgWMaaS2UN1/2nzB0kMotKbe/KVx1kA
+BRG0MURyIFN0ZXBoZW4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5jby51az6I
+RgQQEQIABgUCRFyrXAAKCRCL2C5vMLlLXKlsAKCUWipHE16bE8yRsxiLikjx0fO84wCfTGSi
+DknIYZWFa5bKJ1KY4uIEqhSIRgQQEQIABgUCRsddmgAKCRAQN5GDEzHzW2w6AJ0SqqSEuEGj
+MH31xtwQQDEjVou2tACdHqASE+VZRLdzJHoZN7V0err0zP2JARUDBRNDwVDootKbe/KVx1kB
+AUljB/9ilmpYqqMFIMFrOB3hlIQMao6ZkHPqsrMeePUvAX9oa3p7uXloDm3aQggc9SFeNIoo
+pZPCQpR+5LcP5ybbYJb3NQOR1KuCRaBwt5e/49uBYpH14B74RddOZS/UThUXPSQ5fVY4Bs9I
+zNp4rMydpr3fEIXgW8CGzRussLKUj5f93o7S4pzvucTw8Z5lWhvtUmA6VqvZvK26FklkhVB0
+vPGSMHgE7y6eHPKjAZoGvgiuf7L65YOTceQcTPlW34vqel8YtJpBdIM8Ju7Zdx8hfD/HScVY
+r+RBzEOM6nPzKj3vFCUhFeq6ywj1yCAF3J3bkeU6voJnT9Ad15f88t5w45hMiQIcBBABAgAG
+BQJPtt+IAAoJECx8HnpWTIi8QAIQALBqDaLOJICo3x9bkULIq49Ly1zUbKKbnqXQmv11KCHT
+UsLK4Wj0ztEza8kT99Of6IaB0hLAn4qZQFx9LeiX4QruiXB9ti86LHrLypFR3XgTIvdULcBz
+/kQmAwB6eXW5Zqw/5SJ8F90B/XvtADpBnHnZNOmFOesnJSX7Urho2002Ep3beUR1zvtdJf5l
+F+enFPZ/cOnQvJNPaDbh+WoXfWVRz5aYR4TbNsT0Fetsvi6unO/GWHv04rlWiRCwbpEDem60
+54KiDYxXZR5Gh29ivap6KeX3Sdy8T4aeBnxb1asY66EUAge5GGF3mYJJ5+Jaqro47SYe3NzK
+kbYURUKeTLOCik16tYhI2TgKBDePi69nE8dORRkzm+1S2LVZKX4D/P/zbkB3Fc/Kp0f0nneK
+rfn5bwWF79r71Z6xHh6E8bv51b9eb3ODAObRSGWYv5NNqSSAN+7CXeplVjXXeB8S/e1RE5J4
+TScWVJ+rMSWzodktA72d4rTFkMmLscAht6HCGNG8hQQ6EB5Pgr5JbVu5vv56cwO9wczZttSD
+ZPxCu4Ww+cf9x40s0xrsYr9sDaXsRPiC+UjUe5h3pkJgXFWUNdBqCob5G92Z7RYcQ63IfAzb
+Ufu+xWpDDoyO6Gb/NZzQapMn8cq+1cIftjSbBG4dN+LkErroD58Fby26ODoHFKeztDNEciBT
+IE4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5kZW1vbi5jby51az6IRgQQEQIA
+BgUCQkCrkAAKCRAYWdAfZ3uh7BT0AJ9moE8PhFPA7kFkBO2mLRhBdTzpGACfW5yvlfyaJTnH
+DhXTA4CeHdl+F8CIRgQQEQIABgUCQkCrswAKCRCBwvfr4hO2kkX9AJwMfPm8dq5Bmpeoq26/
+8cqU/j+98gCfYC/nxPtcV2ubDUmMZPJFtL17E72IRgQQEQIABgUCQkCr4QAKCRBrcOzZXcP0
+c6kIAJ90icvg9nDJ+A+jRcY1zO3rH/n7UgCgtKTJsi75aUqGjA3gc+1CnCyNtwyIRgQQEQIA
+BgUCQojbUgAKCRCL2C5vMLlLXEUXAJ9HkA1nXtU2nw2jSHIY0wISde0x/QCgiUz2QjlojUI7
+niTTgV4lQNGmItCIRgQQEQIABgUCRsddqAAKCRAQN5GDEzHzW8Q1AKCknK1tOm4tnWbTX2ry
++HN7e28SXwCgpIDDVI1+oH3FFmeCbRDY0UO0anyIlQMFE0Grc8DurUz9SaVj2QEBSb8EAJnV
+6oeLEWO/d96dvLRHYHbR9F9efQZjLnTeDMLy4kIkPuMAJk1L7mvnrcIA+DcHl80rNMhQVJUP
+zYZ5Rq77VuBf20C14Az4rLgoOgcAU7pI61C0L7eygX/P8nZQu87JeFf1A/ussXDtqA/1KWSl
+tVRwFX3dCmSgYG1LjzEa2AVxiQEVAwUQNnPqfKLSm3vylcdZAQFBuQgApiGtXIxJPtCvF3zS
+ZYk1HOF1u9Qg05s4AdeGvQG6Gmx0MK4SRRUt4MYX8nvQ0VwZRQnvPIRfWixWnEBzpujC+sC9
+fqgStj7bG+Uy4YQ1JNph5y6I/75TT0/z0pRAC7Jlwet5+PWrYa9m9rKqyaZVCw5IUSrcjkTo
+/gjBLmrxVme+O8e6dF4Te0SIjFrvnNeA3B1TI0tDusxlHkKyJ3jEUf9Mu3Vx+fAukmiWUCTH
+52QXZPcLP2V5Ud9X0mS+N2mTVi3rPK8wVhTiu93cXEqhTHoIEPOlLW0J/1n8x8kngGgX/TiE
+G8Hd13SOh+YembJVaV7JlYAISdEgCj6JdPSsc4kCHAQQAQIABgUCQkCsCwAKCRCq4+bOZqFE
+aO5vEACsZZZeb8TZBeuT4YCopBenHLl+hS1mVqDf4Qy8L5wxXnRwCAugwKf0j8T0KZQodRKI
+iTWI2Oe3dDBUDE5CS1wyyku7QMsi22mUPOwLL3VddITEa8c3JJmU1ec86c5rEB4xIV8Rcgqw
+CCPeyam+nwyoVKRuijbFJyj0pymTbhpqmGi7oQw0IwVsFKMmgVXiSPdC6MpIOD8+wrc9Sfno
+CW+jgfcJLu/k/WEgw7qpj5cOwbFvBRzs7VO4RwU9jzXpZdouRRIZhrNwQYmBKRXC5Aa0o8gd
+aN0hWlS+KQ+S73m/XFabGtCyMPU5HX5g2EtvP61+ovqRYvHseBpKwjTTgWthw40IQxIkRU+Y
+PxiEXM9yMcBvs2F25zDw9g3SGLleFqizhUyLAyvY3T1IJgWCU3BFCXy0XJuguQM5znFNDZZ4
+TZnEAKddhf/v/3AOHg0RFzNgMsA8H7MaJey50vOiqn4mFiy+nXA+ILI8Pz+UaJKihs8KutFG
+YEuXiMPn+9vbKdAK/wYzUmilM1xei30E4/bFPt+nwOHF/4ghuKM4KyaImOCijAnkbOaPUBT+
+9qPua+AO15DfAEVoGLIDOMIx2CNqKaOsYadUq3wnFTs/erc/sz/3a1pFYATz3G1jh4kk163q
+zZpEfewFgAB1mynkXA4vBqKNarwApBTgZ4kR9XYXpIkCHAQQAQIABgUCT7bfiAAKCRAsfB56
+VkyIvBV9EACET5QEw0RdpgU5BVVRBnz4XCWXmPUX7/YSfZUQt2sDzKKHYB+yc0h6DnbMenw6
+9YnIg2l8v7hKguLAIxbg21T6y/rne5CtEAzysEIDncqEnxDSMGXlFdMHzRWBKjASqzfxkD8+
+K2no0VMNr/nK+iScfn64FLuH/D0+NEghrx/Vx1dU7ewYGcY5OybfOmBrrSGNwOKfKnRbxTbo
+avBnREnBeY/6xgadwZt0gwoHLEgLotQzLkchJiSfBZcK54nZ1y+NqKfLg+8etXbBDFhgS/OP
+dBmthi5Gt9gKj4u+t1Tjqvrcni203CdXv5HPL5zBc7ZQX+XzwODnAk2+OE28ql+DR3X5SYru
+o355/fUUZgGNpi043+uL6xjZPFARiDc25vqSuY/KQUjFknMgYSm5aw7a7ZM5WiyLO4AdnvX4
+UhRLcXyWqHbpGCQXJr6itJx26JKyQ7sSABrZ/Vj9MOmc3kjcoEW+wcJTKthOpZ3HfB8xreWJ
+IKj+593sqjlStz9kEDMwTmA66B/QVhRx9jPZrbTkQR1DQJ4dOUcBweJ1XF7oP4+Zk++qVZsV
+ez38JptDYqd8+rdQyw3xFfy4iur32oEA92nUdtcs2eIrgGhR96Fuah9wB090hZwPDsiYB1wR
++7HeDl/XSdiisIWZk8V75oJuSuzoYqFhWQeWQK/2fUNx7bQ6RHIgU3RlcGhlbiBIZW5zb24g
+PHN0ZXBoZW4uaGVuc29uQG9wZW5uZXR3b3Jrc2VjdXJpdHkuY29tPohGBBARAgAGBQJEXKtf
+AAoJEIvYLm8wuUtcd9UAnjmdDad6Qxwun/i0dbZbLjXE0KTzAJ9b49qIv1RTSled84xjp8LI
+GzaZaohGBBARAgAGBQJGx12oAAoJEBA3kYMTMfNblFkAmwTFV2BtA4bTJgwZzbqP57yt9hJS
+AJ9bVKWTmWRbKGltql/VwUXvTms3TYkBFQMFE0PBUKmi0pt78pXHWQEBa1YH/14MRmPhcl8r
+6nlqhJUuPFB1FOI9Epy1sP+FaIGRmBxq63nN7pLLor6wzTQ7LEMnC4OkXQIaylYYC8uOGW7L
+FCFBGnqLHwVUTxWc9Y0r/fdVYGwKn7f134RVSCFfIzr210ogX/e9CHsX+jhRSNG1IrG7t62l
+uyMz2GIrz5+tDgRJJT3MraEIprW0jiB8ZMHhI41u6a1DGUcmbVFS0oRkFHpCJjeFglcG0ZFo
+Lle6QqFgtOQ742JuB6d+ccHVRadQOGnyxv5jQf2PMGr+USEuJFEU7VUDi8ja/WYdTdJD+g8r
+qrkzYofsmngrU0ZfxfaDG3esnN7qqEXsf1wXE1KfCFSJAhwEEAECAAYFAk+234gACgkQLHwe
+elZMiLxCgQ/+IicQEYoNtf9VgmiGAFtoRKD+bZhQtTP4mrAplqZBXSo+Ro2EM+3Z0nUe52I1
+Ydsd8/ofYY2jhCzOkKpD5asH7+jondeVs7G4PdaiAIsrMwQAbU1S1rgnWB9KrLB+RWvIHsDT
+JNEuJQO/2+etNoYsEBp+xl7Tx0uwQdueHg1TrjCAOMImJjGAwOXDS4wD8DPnpaqJnIkwNMXa
+Kaxsz0Kybqh+eYkIibvj04R3K+Zoh2i1Fr/MFPP8F7UrGWOQZkjtg30m3nSTVgsLwTWTbcZ/
+bRNZu9h5lkeqktH8BDHPSjDh5VzeM1G9zP+5/gBXzH2R9NohzYHjnsM6JyXTMGKiErqhRfPw
+shiteXN9xTglw3P2GCdYzO9cp7y2YA3/BJtKweZV19qtRk5NxRdVnUP+DeYc4Fl7vICQ6wVO
+VMJ765SDkHaGx7fIKHNs9LlMNDC0PHvT+Ta1tCTv1qJl6uYao6rwlXAk+OO2dNndYkV8kIN2
+g7o5xRUx4n2wIOGQFHk3/PQGYaoeIahy1wl2cnq2kjQdhhbex6lUc4s9alMOz8HN9zn4e4cz
+rDK7MEQcEUcjMVk9ATnmf3UKblgQGsod1BvrXo3lpt+CSUdtYO+IrqWaC+cUpYmfoXjxBTZH
+gm838LRUnA/P+cb+taZBysUrxDthEtKNKZNCpZ541EIFvzE=
+=DUIo
+-----END PGP PUBLIC KEY BLOCK-----
+
+ diff --git a/openssl.spec b/openssl.spec index d45719b..7b8804b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,14 +29,16 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.1e +Version: 1.0.1f Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security -Url: http://www.openssl.org/ -Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz -Source42: http://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc +Url: https://www.openssl.org/ +Source: https://www.%{name}.org/source/%{name}-%{version}.tar.gz +Source42: https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc +# https://www.openssl.org/about/ +Source43: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring # to get mtime of file: Source1: openssl.changes Source2: baselibs.conf @@ -54,8 +56,6 @@ Patch7: compression_methods_switch.patch Patch8: 0005-libssl-Hide-library-private-symbols.patch Patch9: openssl-1.0.1c-default-paths.patch Patch10: openssl-pkgconfig.patch -Patch11: SSL_get_certificate-broken.patch -Patch12: openssl-1.0.1e-bnc822642.patch # From Fedora openssl. Patch13: openssl-1.0.1c-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch @@ -63,8 +63,6 @@ Patch14: 0001-libcrypto-Hide-library-private-symbols.patch Patch15: openssl-1.0.1e-fips.patch Patch16: openssl-1.0.1e-fips-ec.patch Patch17: openssl-1.0.1e-fips-ctor.patch -Patch18: CVE-2013-6449.patch -Patch19: CVE-2013-6450.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -164,15 +162,11 @@ this package's base documentation. %patch8 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 -%patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 -%patch18 -p1 -%patch19 -p1 cp -p %{S:10} . cp -p %{S:11} . @@ -230,7 +224,7 @@ no-ec2m \ --prefix=%{_prefix} \ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ -$RPM_OPT_FLAGS -O3 -std=gnu99 \ +$RPM_OPT_FLAGS -std=gnu99 \ -Wa,--noexecstack \ -fomit-frame-pointer \ -DTERMIO \ @@ -383,25 +377,23 @@ find demos -type f -perm /111 -exec chmod 644 {} \; %{expand:%%global __os_install_post {%__os_install_post $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ - $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version} > \ - $RPM_BUILD_ROOT/%{_libdir}/.libssl.so.%{num_version}.hmac + $RPM_BUILD_ROOT/%{_lib}/libssl.so.%{num_version} > \ + $RPM_BUILD_ROOT/%{_lib}/.libssl.so.%{num_version}.hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ - $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version} > \ - $RPM_BUILD_ROOT/%{_libdir}/.libcrypto.so.%{num_version}.hmac + $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{num_version} > \ + $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{num_version}.hmac }} #process openssllib mkdir $RPM_BUILD_ROOT/%{_lib} -#mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ -#mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ +mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ +mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/ cd $RPM_BUILD_ROOT%{_libdir}/ -ln -sf /%{_libdir}/libssl.so.%{num_version} ./libssl.so -#ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so.%{num_version} -ln -sf /%{_libdir}/libcrypto.so.%{num_version} ./libcrypto.so -#ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so.%{num_version} +ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so +ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so for engine in 4758cca atalla nuron sureware ubsec cswift chil aep; do rm %{buildroot}/%{_lib}/engines/lib$engine.so @@ -420,14 +412,14 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %files -n libopenssl1_0_0 %defattr(-, root, root) -/%{_libdir}/libssl.so.%{num_version} -/%{_libdir}/libcrypto.so.%{num_version} +/%{_lib}/libssl.so.%{num_version} +/%{_lib}/libcrypto.so.%{num_version} /%{_lib}/engines %files -n libopenssl1_0_0-hmac %defattr(-, root, root) -%{_libdir}/.libssl.so.%{num_version}.hmac -%{_libdir}/.libcrypto.so.%{num_version}.hmac +/%{_lib}/.libssl.so.%{num_version}.hmac +/%{_lib}/.libcrypto.so.%{num_version}.hmac %files -n libopenssl-devel %defattr(-, root, root)