Accepting request 229370 from Base:System

- update to 1.0.1g:
  * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299)
  * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945)
  * Workaround for the "TLS hang bug" (see FAQ and PR#2771)
- remove CVE-2014-0076.patch
- openssl.keyring: upstream changed to:
  pub  4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org>
  uid                            Dr Stephen Henson <shenson@drh-consultancy.co.uk>
  uid                            Dr Stephen Henson <shenson@opensslfoundation.com>

OBS-URL: https://build.opensuse.org/request/show/229370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=110
This commit is contained in:
Stephan Kulow 2014-04-09 16:17:23 +00:00 committed by Git OBS Bridge
parent 9a6d63222e
commit d5a92c035d
20 changed files with 910 additions and 979 deletions

View File

@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
crypto/x509v3/pcy_int.h | 3 +++
31 files changed, 85 insertions(+), 17 deletions(-)
Index: openssl-1.0.1e/apps/Makefile
Index: openssl-1.0.1g/apps/Makefile
===================================================================
--- openssl-1.0.1e.orig/apps/Makefile
+++ openssl-1.0.1e/apps/Makefile
--- openssl-1.0.1g.orig/apps/Makefile
+++ openssl-1.0.1g/apps/Makefile
@@ -20,7 +20,7 @@ EXE_EXT=
SHLIB_TARGET=
@ -50,10 +50,10 @@ Index: openssl-1.0.1e/apps/Makefile
GENERAL=Makefile makeapps.com install.com
Index: openssl-1.0.1e/crypto/asn1/asn1_locl.h
Index: openssl-1.0.1g/crypto/asn1/asn1_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1e/crypto/asn1/asn1_locl.h
--- openssl-1.0.1g.orig/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1g/crypto/asn1/asn1_locl.h
@@ -58,6 +58,8 @@
/* Internal ASN1 structures and functions: not for application use */
@ -69,10 +69,10 @@ Index: openssl-1.0.1e/crypto/asn1/asn1_locl.h
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/bn/bn_lcl.h
Index: openssl-1.0.1g/crypto/bn/bn_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/bn/bn_lcl.h
+++ openssl-1.0.1e/crypto/bn/bn_lcl.h
--- openssl-1.0.1g.orig/crypto/bn/bn_lcl.h
+++ openssl-1.0.1g/crypto/bn/bn_lcl.h
@@ -483,6 +483,8 @@ extern "C" {
#undef bn_div_words
#endif
@ -91,10 +91,10 @@ Index: openssl-1.0.1e/crypto/bn/bn_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h
Index: openssl-1.0.1g/crypto/camellia/cmll_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1e/crypto/camellia/cmll_locl.h
--- openssl-1.0.1g.orig/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1g/crypto/camellia/cmll_locl.h
@@ -68,6 +68,8 @@
#ifndef HEADER_CAMELLIA_LOCL_H
#define HEADER_CAMELLIA_LOCL_H
@ -110,10 +110,10 @@ Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h
CAMELLIA_KEY *key);
+#pragma GCC visibility pop
#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
Index: openssl-1.0.1e/crypto/cast/cast_lcl.h
Index: openssl-1.0.1g/crypto/cast/cast_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/cast/cast_lcl.h
+++ openssl-1.0.1e/crypto/cast/cast_lcl.h
--- openssl-1.0.1g.orig/crypto/cast/cast_lcl.h
+++ openssl-1.0.1g/crypto/cast/cast_lcl.h
@@ -217,6 +217,7 @@
}
#endif
@ -127,10 +127,10 @@ Index: openssl-1.0.1e/crypto/cast/cast_lcl.h
extern const CAST_LONG CAST_S_table6[256];
extern const CAST_LONG CAST_S_table7[256];
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/cms/cms_lcl.h
Index: openssl-1.0.1g/crypto/cms/cms_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/cms/cms_lcl.h
+++ openssl-1.0.1e/crypto/cms/cms_lcl.h
--- openssl-1.0.1g.orig/crypto/cms/cms_lcl.h
+++ openssl-1.0.1g/crypto/cms/cms_lcl.h
@@ -426,6 +426,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
#define CMS_RECIPINFO_ISSUER_SERIAL 0
#define CMS_RECIPINFO_KEYIDENTIFIER 1
@ -150,10 +150,10 @@ Index: openssl-1.0.1e/crypto/cms/cms_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.1e/crypto/des/des_locl.h
Index: openssl-1.0.1g/crypto/des/des_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/des/des_locl.h
+++ openssl-1.0.1e/crypto/des/des_locl.h
--- openssl-1.0.1g.orig/crypto/des/des_locl.h
+++ openssl-1.0.1g/crypto/des/des_locl.h
@@ -421,10 +421,12 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
@ -167,20 +167,20 @@ Index: openssl-1.0.1e/crypto/des/des_locl.h
#ifdef OPENSSL_SMALL_FOOTPRINT
#undef DES_UNROLL
Index: openssl-1.0.1e/crypto/dsa/dsa_locl.h
Index: openssl-1.0.1g/crypto/dsa/dsa_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h
--- openssl-1.0.1g.orig/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h
@@ -57,4 +57,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1e/crypto/ec/ec_lcl.h
Index: openssl-1.0.1g/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ec_lcl.h
+++ openssl-1.0.1e/crypto/ec/ec_lcl.h
--- openssl-1.0.1g.orig/crypto/ec/ec_lcl.h
+++ openssl-1.0.1g/crypto/ec/ec_lcl.h
@@ -88,6 +88,8 @@
/* Structure details are not part of the exported interface,
* so all this may change in future versions. */
@ -196,10 +196,10 @@ Index: openssl-1.0.1e/crypto/ec/ec_lcl.h
#endif
+
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/ecdh/ech_locl.h
Index: openssl-1.0.1g/crypto/ecdh/ech_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1e/crypto/ecdh/ech_locl.h
--- openssl-1.0.1g.orig/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1g/crypto/ecdh/ech_locl.h
@@ -58,6 +58,8 @@
#include <openssl/ecdh.h>
@ -216,10 +216,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_locl.h
-
+#pragma GCC visibility pop
#endif /* HEADER_ECH_LOCL_H */
Index: openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
Index: openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
@@ -61,6 +61,8 @@
#include <openssl/ecdsa.h>
@ -236,10 +236,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
+#pragma GCC visibility pop
+
#endif /* HEADER_ECS_LOCL_H */
Index: openssl-1.0.1e/crypto/engine/eng_int.h
Index: openssl-1.0.1g/crypto/engine/eng_int.h
===================================================================
--- openssl-1.0.1e.orig/crypto/engine/eng_int.h
+++ openssl-1.0.1e/crypto/engine/eng_int.h
--- openssl-1.0.1g.orig/crypto/engine/eng_int.h
+++ openssl-1.0.1g/crypto/engine/eng_int.h
@@ -68,6 +68,8 @@
/* Take public definitions from engine.h */
#include <openssl/engine.h>
@ -256,10 +256,10 @@ Index: openssl-1.0.1e/crypto/engine/eng_int.h
-
+#pragma GCC visibility pop
#endif /* HEADER_ENGINE_INT_H */
Index: openssl-1.0.1e/crypto/engine/eng_rsax.c
Index: openssl-1.0.1g/crypto/engine/eng_rsax.c
===================================================================
--- openssl-1.0.1e.orig/crypto/engine/eng_rsax.c
+++ openssl-1.0.1e/crypto/engine/eng_rsax.c
--- openssl-1.0.1g.orig/crypto/engine/eng_rsax.c
+++ openssl-1.0.1g/crypto/engine/eng_rsax.c
@@ -262,7 +262,7 @@ static int mod_exp_pre_compute_data_512(
void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
UINT64 *g, /* 512 bits, 8 qwords */
@ -269,10 +269,10 @@ Index: openssl-1.0.1e/crypto/engine/eng_rsax.c
typedef struct st_e_rsax_mod_ctx
{
Index: openssl-1.0.1e/crypto/evp/e_aes.c
Index: openssl-1.0.1g/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_aes.c
+++ openssl-1.0.1e/crypto/evp/e_aes.c
--- openssl-1.0.1g.orig/crypto/evp/e_aes.c
+++ openssl-1.0.1g/crypto/evp/e_aes.c
@@ -108,6 +108,8 @@ typedef struct
#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
@ -318,10 +318,10 @@ Index: openssl-1.0.1e/crypto/evp/e_aes.c
static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
Index: openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
Index: openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
--- openssl-1.0.1g.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -97,6 +97,8 @@ typedef struct
extern unsigned int OPENSSL_ia32cap_P[2];
#define AESNI_CAPABLE (1<<(57-32))
@ -340,10 +340,10 @@ Index: openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
Index: openssl-1.0.1e/crypto/evp/evp_locl.h
Index: openssl-1.0.1g/crypto/evp/evp_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/evp_locl.h
+++ openssl-1.0.1e/crypto/evp/evp_locl.h
--- openssl-1.0.1g.orig/crypto/evp/evp_locl.h
+++ openssl-1.0.1g/crypto/evp/evp_locl.h
@@ -263,6 +263,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
EVP_CIPHER_get_asn1_iv, \
NULL)
@ -362,10 +362,10 @@ Index: openssl-1.0.1e/crypto/evp/evp_locl.h
#ifdef OPENSSL_FIPS
#ifdef OPENSSL_DOING_MAKEDEPEND
Index: openssl-1.0.1e/crypto/md4/md4_locl.h
Index: openssl-1.0.1g/crypto/md4/md4_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/md4/md4_locl.h
+++ openssl-1.0.1e/crypto/md4/md4_locl.h
--- openssl-1.0.1g.orig/crypto/md4/md4_locl.h
+++ openssl-1.0.1g/crypto/md4/md4_locl.h
@@ -65,7 +65,7 @@
#define MD4_LONG_LOG2 2 /* default to 32 bits */
#endif
@ -375,10 +375,10 @@ Index: openssl-1.0.1e/crypto/md4/md4_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1e/crypto/md5/md5_locl.h
Index: openssl-1.0.1g/crypto/md5/md5_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/md5/md5_locl.h
+++ openssl-1.0.1e/crypto/md5/md5_locl.h
--- openssl-1.0.1g.orig/crypto/md5/md5_locl.h
+++ openssl-1.0.1g/crypto/md5/md5_locl.h
@@ -74,7 +74,7 @@
# endif
#endif
@ -388,11 +388,11 @@ Index: openssl-1.0.1e/crypto/md5/md5_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1e/crypto/modes/modes_lcl.h
Index: openssl-1.0.1g/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1e/crypto/modes/modes_lcl.h
@@ -86,6 +86,8 @@ typedef unsigned char u8;
--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
@@ -83,6 +83,8 @@ typedef unsigned char u8;
#define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
#endif
@ -401,16 +401,16 @@ Index: openssl-1.0.1e/crypto/modes/modes_lcl.h
/* GCM definitions */
typedef struct { u64 hi,lo; } u128;
@@ -128,4 +130,4 @@ struct ccm128_context {
@@ -125,4 +127,4 @@ struct ccm128_context {
block128_f block;
void *key;
};
-
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/o_str.h
Index: openssl-1.0.1g/crypto/o_str.h
===================================================================
--- openssl-1.0.1e.orig/crypto/o_str.h
+++ openssl-1.0.1e/crypto/o_str.h
--- openssl-1.0.1g.orig/crypto/o_str.h
+++ openssl-1.0.1g/crypto/o_str.h
@@ -61,8 +61,12 @@
#include <stddef.h> /* to get size_t */
@ -424,10 +424,10 @@ Index: openssl-1.0.1e/crypto/o_str.h
+#pragma GCC visibility pop
+
#endif
Index: openssl-1.0.1e/crypto/o_time.h
Index: openssl-1.0.1g/crypto/o_time.h
===================================================================
--- openssl-1.0.1e.orig/crypto/o_time.h
+++ openssl-1.0.1e/crypto/o_time.h
--- openssl-1.0.1g.orig/crypto/o_time.h
+++ openssl-1.0.1g/crypto/o_time.h
@@ -61,7 +61,11 @@
#include <time.h>
@ -440,10 +440,10 @@ Index: openssl-1.0.1e/crypto/o_time.h
+#pragma GCC visibility pop
+
#endif
Index: openssl-1.0.1e/crypto/ripemd/rmd_locl.h
Index: openssl-1.0.1g/crypto/ripemd/rmd_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1e/crypto/ripemd/rmd_locl.h
--- openssl-1.0.1g.orig/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1g/crypto/ripemd/rmd_locl.h
@@ -76,7 +76,7 @@
# endif
#endif
@ -453,20 +453,20 @@ Index: openssl-1.0.1e/crypto/ripemd/rmd_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1e/crypto/rsa/rsa_locl.h
Index: openssl-1.0.1g/crypto/rsa/rsa_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1e/crypto/rsa/rsa_locl.h
--- openssl-1.0.1g.orig/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1g/crypto/rsa/rsa_locl.h
@@ -1,4 +1,4 @@
extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen,
- RSA *rsa);
+ RSA *rsa) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1e/crypto/sha/sha256.c
Index: openssl-1.0.1g/crypto/sha/sha256.c
===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha256.c
+++ openssl-1.0.1e/crypto/sha/sha256.c
--- openssl-1.0.1g.orig/crypto/sha/sha256.c
+++ openssl-1.0.1g/crypto/sha/sha256.c
@@ -110,7 +110,7 @@ int SHA224_Final (unsigned char *md, SHA
#ifndef SHA256_ASM
static
@ -476,10 +476,10 @@ Index: openssl-1.0.1e/crypto/sha/sha256.c
#include "md32_common.h"
Index: openssl-1.0.1e/crypto/sha/sha512.c
Index: openssl-1.0.1g/crypto/sha/sha512.c
===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha512.c
+++ openssl-1.0.1e/crypto/sha/sha512.c
--- openssl-1.0.1g.orig/crypto/sha/sha512.c
+++ openssl-1.0.1g/crypto/sha/sha512.c
@@ -94,7 +94,7 @@ fips_md_init(SHA512)
#ifndef SHA512_ASM
static
@ -489,10 +489,10 @@ Index: openssl-1.0.1e/crypto/sha/sha512.c
int SHA512_Final (unsigned char *md, SHA512_CTX *c)
{
Index: openssl-1.0.1e/crypto/sha/sha_locl.h
Index: openssl-1.0.1g/crypto/sha/sha_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha_locl.h
+++ openssl-1.0.1e/crypto/sha/sha_locl.h
--- openssl-1.0.1g.orig/crypto/sha/sha_locl.h
+++ openssl-1.0.1g/crypto/sha/sha_locl.h
@@ -108,7 +108,7 @@ static void sha_block_data_order (SHA_CT
#ifndef SHA1_ASM
static
@ -502,10 +502,10 @@ Index: openssl-1.0.1e/crypto/sha/sha_locl.h
#else
# error "Either SHA_0 or SHA_1 must be defined."
Index: openssl-1.0.1e/crypto/store/str_locl.h
Index: openssl-1.0.1g/crypto/store/str_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/store/str_locl.h
+++ openssl-1.0.1e/crypto/store/str_locl.h
--- openssl-1.0.1g.orig/crypto/store/str_locl.h
+++ openssl-1.0.1g/crypto/store/str_locl.h
@@ -62,6 +62,8 @@
#include <openssl/crypto.h>
#include <openssl/store.h>
@ -522,10 +522,10 @@ Index: openssl-1.0.1e/crypto/store/str_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.1e/crypto/ui/ui_locl.h
Index: openssl-1.0.1g/crypto/ui/ui_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ui/ui_locl.h
+++ openssl-1.0.1e/crypto/ui/ui_locl.h
--- openssl-1.0.1g.orig/crypto/ui/ui_locl.h
+++ openssl-1.0.1g/crypto/ui/ui_locl.h
@@ -66,6 +66,8 @@
#undef _
#endif
@ -542,19 +542,19 @@ Index: openssl-1.0.1e/crypto/ui/ui_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.1e/crypto/whrlpool/wp_locl.h
Index: openssl-1.0.1g/crypto/whrlpool/wp_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1e/crypto/whrlpool/wp_locl.h
--- openssl-1.0.1g.orig/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1g/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,3 @@
#include <openssl/whrlpool.h>
-void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
+void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1e/crypto/x509v3/ext_dat.h
Index: openssl-1.0.1g/crypto/x509v3/ext_dat.h
===================================================================
--- openssl-1.0.1e.orig/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1e/crypto/x509v3/ext_dat.h
--- openssl-1.0.1g.orig/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1g/crypto/x509v3/ext_dat.h
@@ -57,6 +57,8 @@
*/
/* This file contains a table of "standard" extensions */
@ -572,10 +572,10 @@ Index: openssl-1.0.1e/crypto/x509v3/ext_dat.h
/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
Index: openssl-1.0.1e/crypto/x509v3/pcy_int.h
Index: openssl-1.0.1g/crypto/x509v3/pcy_int.h
===================================================================
--- openssl-1.0.1e.orig/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1e/crypto/x509v3/pcy_int.h
--- openssl-1.0.1g.orig/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1g/crypto/x509v3/pcy_int.h
@@ -56,6 +56,7 @@
*
*/
@ -590,10 +590,10 @@ Index: openssl-1.0.1e/crypto/x509v3/pcy_int.h
const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/modes/gcm128.c
Index: openssl-1.0.1g/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.1e.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1e/crypto/modes/gcm128.c
--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1g/crypto/modes/gcm128.c
@@ -651,9 +651,9 @@ static void gcm_gmult_1bit(u64 Xi[2],con
# define GCM_FUNCREF_4BIT
extern unsigned int OPENSSL_ia32cap_P[2];
@ -607,10 +607,10 @@ Index: openssl-1.0.1e/crypto/modes/gcm128.c
# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
# define GHASH_ASM_X86
Index: openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c
Index: openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c
--- openssl-1.0.1g.orig/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
@@ -78,7 +78,7 @@ typedef struct
#define NO_PAYLOAD_LENGTH ((size_t)-1)

View File

@ -13,10 +13,10 @@ API/ABI when GCC 4 or later is used.
ssl/ssl_locl.h | 8 ++++++++
2 files changed, 17 insertions(+)
diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
index c039c91..69972b1 100644
--- a/ssl/kssl_lcl.h
+++ b/ssl/kssl_lcl.h
Index: openssl-1.0.1g/ssl/kssl_lcl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/kssl_lcl.h
+++ openssl-1.0.1g/ssl/kssl_lcl.h
@@ -61,6 +61,10 @@
#include <openssl/kssl.h>
@ -28,7 +28,7 @@ index c039c91..69972b1 100644
#ifndef OPENSSL_NO_KRB5
#ifdef __cplusplus
@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl
}
#endif
#endif /* OPENSSL_NO_KRB5 */
@ -38,10 +38,10 @@ index c039c91..69972b1 100644
+#endif
+
#endif /* KSSL_LCL_H */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 56f9b4b..dde4e3e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
Index: openssl-1.0.1g/ssl/ssl_locl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl_locl.h
+++ openssl-1.0.1g/ssl/ssl_locl.h
@@ -165,6 +165,10 @@
#include <openssl/ssl.h>
#include <openssl/symhacks.h>
@ -53,7 +53,7 @@ index 56f9b4b..dde4e3e 100644
#ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
@@ -1357,4 +1361,8 @@ void tls_fips_digest_extra(
@@ -1174,4 +1178,8 @@ void tls_fips_digest_extra(
const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
const unsigned char *data, size_t data_len, size_t orig_len);
@ -62,6 +62,3 @@ index 56f9b4b..dde4e3e 100644
+#endif
+
#endif
--
1.8.3.1

View File

@ -1,150 +0,0 @@
Index: openssl-1.0.1f/crypto/bn/bn.h
===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn.h
+++ openssl-1.0.1f/crypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,12 +776,22 @@ int RAND_pseudo_bytes(unsigned char *buf
#define bn_fix_top(a) bn_check_top(a)
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
+
#endif
#define bn_correct_top(a) \
Index: openssl-1.0.1f/crypto/bn/bn_lib.c
===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn_lib.c
+++ openssl-1.0.1f/crypto/bn/bn_lib.c
@@ -824,3 +824,56 @@ int bn_cmp_part_words(const BN_ULONG *a,
}
return bn_cmp_words(a,b,cl);
}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
+
Index: openssl-1.0.1f/crypto/ec/ec2_mult.c
===================================================================
--- openssl-1.0.1f.orig/crypto/ec/ec2_mult.c
+++ openssl-1.0.1f/crypto/ec/ec2_mult.c
@@ -210,9 +210,12 @@ static int gf2m_Mxy(const EC_GROUP *grou
/* Computes scalar*point and stores the result in r.
* point can not equal r.
- * Uses algorithm 2P of
+ * Uses a modified algorithm 2P of
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
*/
static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +249,11 @@ static int ec_GF2m_montgomery_point_mult
x2 = &r->X;
z2 = &r->Y;
+ bn_wexpand(x1, group->field.top);
+ bn_wexpand(z1, group->field.top);
+ bn_wexpand(x2, group->field.top);
+ bn_wexpand(z2, group->field.top);
+
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
if (!BN_one(z1)) goto err; /* z1 = 1 */
if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +278,12 @@ static int ec_GF2m_montgomery_point_mult
word = scalar->d[i];
while (mask)
{
- if (word & mask)
- {
- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
- }
- else
- {
- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
- }
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
mask >>= 1;
}
mask = BN_TBIT;

View File

@ -1,8 +1,8 @@
Index: openssl-1.0.0/Configure
Index: openssl-1.0.1g/Configure
===================================================================
--- openssl-1.0.0.orig/Configure
+++ openssl-1.0.0/Configure
@@ -1673,7 +1673,8 @@ while (<IN>)
--- openssl-1.0.1g.orig/Configure
+++ openssl-1.0.1g/Configure
@@ -1804,7 +1804,8 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{

View File

@ -1,6 +1,8 @@
--- openssl-1.0.1c.orig/Configure
+++ openssl-1.0.1c/Configure
@@ -931,7 +931,7 @@ PROCESS_ARGS:
Index: openssl-1.0.1g/Configure
===================================================================
--- openssl-1.0.1g.orig/Configure
+++ openssl-1.0.1g/Configure
@@ -933,7 +933,7 @@ PROCESS_ARGS:
}
else
{
@ -9,7 +11,7 @@
$target=$_;
}
@@ -1204,7 +1204,7 @@ if ($target =~ /^mingw/ && `$cc --target
@@ -1206,7 +1206,7 @@ if ($target =~ /^mingw/ && `$cc --target
my $no_shared_warn=0;
my $no_user_cflags=0;
@ -18,8 +20,10 @@
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
--- openssl-1.0.1c.orig/config
+++ openssl-1.0.1c/config
Index: openssl-1.0.1g/config
===================================================================
--- openssl-1.0.1g.orig/config
+++ openssl-1.0.1g/config
@@ -573,7 +573,8 @@ case "$GUESSOS" in
options="$options -arch%20${MACHINE}"
OUT="iphoneos-cross" ;;

View File

@ -1,7 +1,8 @@
diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100
@@ -1166,12 +1166,19 @@ bad:
Index: openssl-1.0.1g/apps/s_client.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_client.c
+++ openssl-1.0.1g/apps/s_client.c
@@ -1174,12 +1174,19 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
@ -26,10 +27,11 @@ diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_clie
}
#ifndef OPENSSL_NO_TLSEXT
diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100
@@ -1565,13 +1565,21 @@ bad:
Index: openssl-1.0.1g/apps/s_server.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_server.c
+++ openssl-1.0.1g/apps/s_server.c
@@ -1572,13 +1572,21 @@ bad:
}
#endif
@ -56,7 +58,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_serv
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
@@ -1622,8 +1630,11 @@ bad:
@@ -1629,8 +1637,11 @@ bad:
else
SSL_CTX_sess_set_cache_size(ctx2,128);
@ -70,9 +72,10 @@ diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_serv
{
ERR_print_errors(bio_err);
}
diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
--- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100
Index: openssl-1.0.1g/apps/s_time.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_time.c
+++ openssl-1.0.1g/apps/s_time.c
@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();

View File

@ -1,6 +1,7 @@
diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
--- openssl-1.0.1c/apps/s_apps.h.ipv6-apps 2012-07-11 22:46:02.409221206 +0200
+++ openssl-1.0.1c/apps/s_apps.h 2012-07-11 22:46:02.451222165 +0200
Index: openssl-1.0.1g/apps/s_apps.h
===================================================================
--- openssl-1.0.1g.orig/apps/s_apps.h
+++ openssl-1.0.1g/apps/s_apps.h
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
@ -23,10 +24,11 @@ diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.ipv6-apps 2012-07-11 22:46:02.433221754 +0200
+++ openssl-1.0.1c/apps/s_client.c 2012-07-11 22:46:02.452222187 +0200
@@ -563,7 +563,7 @@ int MAIN(int argc, char **argv)
Index: openssl-1.0.1g/apps/s_client.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_client.c
+++ openssl-1.0.1g/apps/s_client.c
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
@ -35,7 +37,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -664,13 +664,12 @@ int MAIN(int argc, char **argv)
@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
@ -51,7 +53,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -1253,7 +1252,7 @@ bad:
@@ -1267,7 +1266,7 @@ bad:
re_start:
@ -60,10 +62,11 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.ipv6-apps 2012-07-11 22:46:02.434221777 +0200
+++ openssl-1.0.1c/apps/s_server.c 2012-07-11 22:46:02.453222210 +0200
@@ -929,7 +929,7 @@ int MAIN(int argc, char *argv[])
Index: openssl-1.0.1g/apps/s_server.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_server.c
+++ openssl-1.0.1g/apps/s_server.c
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
@ -72,7 +75,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -1000,8 +1000,7 @@ int MAIN(int argc, char *argv[])
@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
@ -82,7 +85,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1878,9 +1877,9 @@ bad:
@@ -1892,9 +1891,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
@ -94,9 +97,10 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
print_stats(bio_s_out,ctx);
ret=0;
end:
diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
--- openssl-1.0.1c/apps/s_socket.c.ipv6-apps 2011-12-02 15:39:40.000000000 +0100
+++ openssl-1.0.1c/apps/s_socket.c 2012-07-11 22:49:05.411400450 +0200
Index: openssl-1.0.1g/apps/s_socket.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_socket.c
+++ openssl-1.0.1g/apps/s_socket.c
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif

View File

@ -1,7 +1,7 @@
Index: openssl-1.0.1e/crypto/ecdh/ecdh.h
Index: openssl-1.0.1g/crypto/ecdh/ecdh.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ecdh.h
+++ openssl-1.0.1e/crypto/ecdh/ecdh.h
--- openssl-1.0.1g.orig/crypto/ecdh/ecdh.h
+++ openssl-1.0.1g/crypto/ecdh/ecdh.h
@@ -85,6 +85,8 @@
extern "C" {
#endif
@ -11,10 +11,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ecdh.h
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
Index: openssl-1.0.1e/crypto/ecdh/ecdhtest.c
Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c
--- openssl-1.0.1g.orig/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1g/crypto/ecdh/ecdhtest.c
@@ -323,11 +323,15 @@ int main(int argc, char *argv[])
if ((ctx=BN_CTX_new()) == NULL) goto err;
@ -31,10 +31,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ecdhtest.c
#ifndef OPENSSL_NO_EC2M
/* NIST BINARY CURVES TESTS */
if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
Index: openssl-1.0.1e/crypto/ecdh/ech_lib.c
Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c
--- openssl-1.0.1g.orig/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1g/crypto/ecdh/ech_lib.c
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
{
if(!default_ECDH_method)
@ -50,10 +50,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_lib.c
}
return default_ECDH_method;
}
Index: openssl-1.0.1e/crypto/ecdh/ech_ossl.c
Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c
--- openssl-1.0.1g.orig/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1g/crypto/ecdh/ech_ossl.c
@@ -79,6 +79,10 @@
#include <openssl/obj_mac.h>
#include <openssl/bn.h>
@ -108,10 +108,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_ossl.c
if ((tmp=EC_POINT_new(group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
Index: openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
--- openssl-1.0.1g.orig/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
@@ -138,11 +138,14 @@ int restore_rand(void)
}
@ -147,10 +147,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
if (!test_builtin(out)) goto err;
ret = 0;
Index: openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
{
if(!default_ECDSA_method)
@ -166,10 +166,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
}
return default_ECDSA_method;
}
Index: openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
@@ -60,6 +60,9 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
@ -219,10 +219,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
Index: openssl-1.0.1e/crypto/ec/ec_key.c
Index: openssl-1.0.1g/crypto/ec/ec_key.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ec_key.c
+++ openssl-1.0.1e/crypto/ec/ec_key.c
--- openssl-1.0.1g.orig/crypto/ec/ec_key.c
+++ openssl-1.0.1g/crypto/ec/ec_key.c
@@ -64,9 +64,6 @@
#include <string.h>
#include "ec_lcl.h"
@ -319,10 +319,10 @@ Index: openssl-1.0.1e/crypto/ec/ec_key.c
{
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
EC_R_COORDINATES_OUT_OF_RANGE);
Index: openssl-1.0.1e/crypto/ec/ecp_mont.c
Index: openssl-1.0.1g/crypto/ec/ecp_mont.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_mont.c
+++ openssl-1.0.1e/crypto/ec/ecp_mont.c
--- openssl-1.0.1g.orig/crypto/ec/ecp_mont.c
+++ openssl-1.0.1g/crypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
#include <openssl/err.h>
@ -350,10 +350,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_mont.c
}
Index: openssl-1.0.1e/crypto/ec/ecp_nist.c
Index: openssl-1.0.1g/crypto/ec/ecp_nist.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_nist.c
+++ openssl-1.0.1e/crypto/ec/ecp_nist.c
--- openssl-1.0.1g.orig/crypto/ec/ecp_nist.c
+++ openssl-1.0.1g/crypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
#include <openssl/obj_mac.h>
#include "ec_lcl.h"
@ -378,10 +378,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_nist.c
}
int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
Index: openssl-1.0.1e/crypto/ec/ecp_smpl.c
Index: openssl-1.0.1g/crypto/ec/ecp_smpl.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c
--- openssl-1.0.1g.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1g/crypto/ec/ecp_smpl.c
@@ -65,17 +65,10 @@
#include <openssl/err.h>
#include <openssl/symhacks.h>
@ -423,10 +423,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_smpl.c
if (ctx == NULL)
{
ctx = new_ctx = BN_CTX_new();
Index: openssl-1.0.1e/crypto/evp/m_ecdsa.c
Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c
--- openssl-1.0.1g.orig/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1g/crypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
#include <openssl/x509.h>
@ -449,10 +449,10 @@ Index: openssl-1.0.1e/crypto/evp/m_ecdsa.c
}
#endif
-#endif
Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
@@ -0,0 +1,496 @@
+/* fips/ecdh/fips_ecdhvs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -950,10 +950,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
@@ -0,0 +1,533 @@
+/* fips/ecdsa/fips_ecdsavs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1488,10 +1488,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
@@ -0,0 +1,252 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1745,10 +1745,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
@@ -0,0 +1,167 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1917,10 +1917,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/fips.h
Index: openssl-1.0.1g/crypto/fips/fips.h
===================================================================
--- openssl-1.0.1e.orig/crypto/fips/fips.h
+++ openssl-1.0.1e/crypto/fips/fips.h
--- openssl-1.0.1g.orig/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
void FIPS_corrupt_dsa(void);
void FIPS_corrupt_dsa_keygen(void);
@ -1930,10 +1930,10 @@ Index: openssl-1.0.1e/crypto/fips/fips.h
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
Index: openssl-1.0.1e/crypto/fips/fips_post.c
Index: openssl-1.0.1g/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.1e.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1e/crypto/fips/fips_post.c
--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_rsa())
@ -1947,10 +1947,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_post.c
return rv;
}
Index: openssl-1.0.1e/crypto/fips/Makefile
Index: openssl-1.0.1g/crypto/fips/Makefile
===================================================================
--- openssl-1.0.1e.orig/crypto/fips/Makefile
+++ openssl-1.0.1e/crypto/fips/Makefile
--- openssl-1.0.1g.orig/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
Index: openssl-1.0.1f/crypto/bn/bn_rand.c
Index: openssl-1.0.1g/crypto/bn/bn_rand.c
===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn_rand.c
+++ openssl-1.0.1f/crypto/bn/bn_rand.c
--- openssl-1.0.1g.orig/crypto/bn/bn_rand.c
+++ openssl-1.0.1g/crypto/bn/bn_rand.c
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
}
@ -18,10 +18,10 @@ Index: openssl-1.0.1f/crypto/bn/bn_rand.c
if (pseudorand)
{
Index: openssl-1.0.1f/crypto/dh/dh_gen.c
Index: openssl-1.0.1g/crypto/dh/dh_gen.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh_gen.c
+++ openssl-1.0.1f/crypto/dh/dh_gen.c
--- openssl-1.0.1g.orig/crypto/dh/dh_gen.c
+++ openssl-1.0.1g/crypto/dh/dh_gen.c
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
return 0;
}
@ -31,10 +31,10 @@ Index: openssl-1.0.1f/crypto/dh/dh_gen.c
{
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
goto err;
Index: openssl-1.0.1f/crypto/dh/dh.h
Index: openssl-1.0.1g/crypto/dh/dh.h
===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh.h
+++ openssl-1.0.1f/crypto/dh/dh.h
--- openssl-1.0.1g.orig/crypto/dh/dh.h
+++ openssl-1.0.1g/crypto/dh/dh.h
@@ -78,6 +78,7 @@
#endif
@ -43,10 +43,10 @@ Index: openssl-1.0.1f/crypto/dh/dh.h
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
Index: openssl-1.0.1f/crypto/dh/dh_check.c
Index: openssl-1.0.1g/crypto/dh/dh_check.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh_check.c
+++ openssl-1.0.1f/crypto/dh/dh_check.c
--- openssl-1.0.1g.orig/crypto/dh/dh_check.c
+++ openssl-1.0.1g/crypto/dh/dh_check.c
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
BN_sub_word(q,1);
if (BN_cmp(pub_key,q)>=0)
@ -81,10 +81,10 @@ Index: openssl-1.0.1f/crypto/dh/dh_check.c
ok = 1;
err:
if (q != NULL) BN_free(q);
Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c
Index: openssl-1.0.1g/crypto/dsa/dsa_gen.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa_gen.c
+++ openssl-1.0.1f/crypto/dsa/dsa_gen.c
--- openssl-1.0.1g.orig/crypto/dsa/dsa_gen.c
+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c
@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
}
@ -93,10 +93,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c
(bits != 2048 || qbits != 224) &&
(bits != 2048 || qbits != 256) &&
(bits != 3072 || qbits != 256))
Index: openssl-1.0.1f/crypto/dsa/dsa.h
Index: openssl-1.0.1g/crypto/dsa/dsa.h
===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa.h
+++ openssl-1.0.1f/crypto/dsa/dsa.h
--- openssl-1.0.1g.orig/crypto/dsa/dsa.h
+++ openssl-1.0.1g/crypto/dsa/dsa.h
@@ -89,6 +89,7 @@
#endif
@ -118,10 +118,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa.h
#define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
Index: openssl-1.0.1f/crypto/dsa/dsa_key.c
Index: openssl-1.0.1g/crypto/dsa/dsa_key.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa_key.c
+++ openssl-1.0.1f/crypto/dsa/dsa_key.c
--- openssl-1.0.1g.orig/crypto/dsa/dsa_key.c
+++ openssl-1.0.1g/crypto/dsa/dsa_key.c
@@ -122,7 +122,7 @@ static int dsa_builtin_keygen(DSA *dsa)
#ifdef OPENSSL_FIPS
@ -131,10 +131,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa_key.c
{
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
goto err;
Index: openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
@@ -0,0 +1,162 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@ -298,10 +298,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
+ return ret;
+ }
+#endif
Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
Index: openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_drbg_rand.c
+++ openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
--- openssl-1.0.1g.orig/crypto/fips/fips_drbg_rand.c
+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
int rv = 0;
unsigned char *adin = NULL;
@ -382,10 +382,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
}
static const RAND_METHOD rand_drbg_meth =
Index: openssl-1.0.1f/crypto/fips/fips.h
Index: openssl-1.0.1g/crypto/fips/fips.h
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips.h
+++ openssl-1.0.1f/crypto/fips/fips.h
--- openssl-1.0.1g.orig/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
@ -394,10 +394,10 @@ Index: openssl-1.0.1f/crypto/fips/fips.h
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
Index: openssl-1.0.1f/crypto/fips/fips_post.c
Index: openssl-1.0.1g/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1f/crypto/fips/fips_post.c
--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
@@ -99,6 +99,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_dsa())
@ -407,10 +407,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_post.c
if (!FIPS_selftest_ecdh())
rv = 0;
return rv;
Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_rsa_selftest.c
+++ openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
--- openssl-1.0.1g.orig/crypto/fips/fips_rsa_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
};
@ -480,10 +480,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
RSA_free(key);
return ret;
}
Index: openssl-1.0.1f/crypto/fips/Makefile
Index: openssl-1.0.1g/crypto/fips/Makefile
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/Makefile
+++ openssl-1.0.1f/crypto/fips/Makefile
--- openssl-1.0.1g.orig/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -502,11 +502,11 @@ Index: openssl-1.0.1f/crypto/fips/Makefile
LIBCRYPTO=-L.. -lcrypto
Index: openssl-1.0.1f/crypto/modes/gcm128.c
Index: openssl-1.0.1g/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.1f.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1f/crypto/modes/gcm128.c
@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1g/crypto/modes/gcm128.c
@@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
# endif
#endif
@ -517,7 +517,7 @@ Index: openssl-1.0.1f/crypto/modes/gcm128.c
#if 0
n = (unsigned int)mlen%16; /* alternative to ctx->mres */
#endif
@@ -1213,6 +1217,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
@@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
# endif
#endif
@ -528,10 +528,10 @@ Index: openssl-1.0.1f/crypto/modes/gcm128.c
mlen += len;
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
return -1;
Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
Index: openssl-1.0.1g/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1f/crypto/modes/modes_lcl.h
--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
@@ -114,6 +114,8 @@ struct gcm128_context {
unsigned int mres, ares;
block128_f block;
@ -541,10 +541,10 @@ Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
};
struct xts128_context {
Index: openssl-1.0.1f/crypto/rand/md_rand.c
Index: openssl-1.0.1g/crypto/rand/md_rand.c
===================================================================
--- openssl-1.0.1f.orig/crypto/rand/md_rand.c
+++ openssl-1.0.1f/crypto/rand/md_rand.c
--- openssl-1.0.1g.orig/crypto/rand/md_rand.c
+++ openssl-1.0.1g/crypto/rand/md_rand.c
@@ -143,12 +143,6 @@ static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
@ -565,9 +565,9 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
- int do_not_lock;
+ int locked;
/*
* (Based on the rand(3) manpage)
@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void *
if (!num)
return;
@@ -216,19 +210,8 @@ static void ssleay_rand_add(const void *
* hash function.
*/
@ -588,7 +588,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
st_idx=state_index;
/* use our own copies of the counters so that even
@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void *
@@ -260,7 +243,8 @@ static void ssleay_rand_add(const void *
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
@ -598,7 +598,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
EVP_MD_CTX_init(&m);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void *
@@ -311,7 +295,7 @@ static void ssleay_rand_add(const void *
}
EVP_MD_CTX_cleanup(&m);
@ -607,7 +607,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
/* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as
@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void *
@@ -322,7 +306,8 @@ static void ssleay_rand_add(const void *
}
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
@ -617,7 +617,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
assert(md_c[1] == md_count[1]);
@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch
@@ -347,6 +332,7 @@ static int ssleay_rand_bytes(unsigned ch
pid_t curr_pid = getpid();
#endif
int do_stir_pool = 0;
@ -625,7 +625,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
#ifdef PREDICT
if (rand_predictable)
@@ -384,13 +370,8 @@ static int ssleay_rand_bytes(unsigned ch
@@ -387,13 +373,8 @@ static int ssleay_rand_bytes(unsigned ch
/* NB: in FIPS mode we are already under a lock */
if (!FIPS_mode())
#endif
@ -640,7 +640,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
/* always poll for external entropy in FIPS mode, drbg provides the
* expansion
@@ -464,12 +445,11 @@ static int ssleay_rand_bytes(unsigned ch
@@ -467,12 +448,11 @@ static int ssleay_rand_bytes(unsigned ch
md_count[0] += 1;
@ -655,7 +655,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
while (num > 0)
{
@@ -524,13 +504,15 @@ static int ssleay_rand_bytes(unsigned ch
@@ -527,13 +507,15 @@ static int ssleay_rand_bytes(unsigned ch
#ifdef OPENSSL_FIPS
if (!FIPS_mode())
#endif
@ -673,7 +673,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
EVP_MD_CTX_cleanup(&m);
if (ok)
@@ -560,32 +542,10 @@ static int ssleay_rand_pseudo_bytes(unsi
@@ -563,32 +545,10 @@ static int ssleay_rand_pseudo_bytes(unsi
static int ssleay_rand_status(void)
{
@ -708,7 +708,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
if (!initialized)
{
@@ -595,13 +555,8 @@ static int ssleay_rand_status(void)
@@ -598,13 +558,8 @@ static int ssleay_rand_status(void)
ret = entropy >= ENTROPY_NEEDED;
@ -724,9 +724,10 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
return ret;
}
diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h
--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs 2013-12-18 12:17:09.764636958 +0100
+++ openssl-1.0.1e/crypto/rand/rand.h 2013-12-18 12:17:09.800637730 +0100
Index: openssl-1.0.1g/crypto/rand/rand.h
===================================================================
--- openssl-1.0.1g.orig/crypto/rand/rand.h
+++ openssl-1.0.1g/crypto/rand/rand.h
@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
int RAND_init_fips(void);
#endif
@ -736,9 +737,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-12-18 12:17:09.507631447 +0100
+++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-12-18 12:17:09.800637730 +0100
Index: openssl-1.0.1g/crypto/rand/rand_lcl.h
===================================================================
--- openssl-1.0.1g.orig/crypto/rand/rand_lcl.h
+++ openssl-1.0.1g/crypto/rand/rand_lcl.h
@@ -112,7 +112,7 @@
#ifndef HEADER_RAND_LCL_H
#define HEADER_RAND_LCL_H
@ -748,9 +750,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/r
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-12-18 18:16:45.625850730 +0100
Index: openssl-1.0.1g/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.0.1g.orig/crypto/rand/rand_lib.c
+++ openssl-1.0.1g/crypto/rand/rand_lib.c
@@ -181,6 +181,41 @@ int RAND_status(void)
return 0;
}
@ -810,9 +813,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/r
return 1;
}
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs 2013-12-18 12:17:09.764636958 +0100
+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-12-19 17:40:58.483154314 +0100
Index: openssl-1.0.1g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.1g.orig/crypto/rsa/rsa_gen.c
+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c
@@ -1,5 +1,6 @@
/* crypto/rsa/rsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@ -1080,9 +1084,10 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa
ok=1;
err:
if (ok == -1)
diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c
--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-18 12:17:09.801637751 +0100
Index: openssl-1.0.1g/ssl/t1_enc.c
===================================================================
--- openssl-1.0.1g.orig/ssl/t1_enc.c
+++ openssl-1.0.1g/ssl/t1_enc.c
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
err:
return ret;

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
size 4509212

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUAUsq/WqLSm3vylcdZAQI63Af8DQSLbopKVXumiTiK0dAtXU+FwGl3FSXE
KKJgpfMdPPTSn/kdcmh4LXv4rFae5gNn0GEpEMlcLPxJSSauo8CO9xfYzA2Y1POE
bL9qemk7B/g/i2WZi6gTVP0/38/qRBh/3WyR94iVplZm5P8e+7bXqoHDEBtNMew1
YcalGMgd/1ajvGo9+Y6qHHSNVu2FfSLQ7vqeurTHgo9c2ZhvDEsw/rQjqn7oQ3c7
mz2qTYbgJ1+cikue47E0T0mQFv/my9flG6Bu63vhyioNZUxR5QVluuqAoLUAuM7h
xdJ8fVXMmqbLdr3ZQsCkdHeDQgke/FRVgyvzAdt7ensZoFSshfXcJw==
=exdx
-----END PGP SIGNATURE-----

3
openssl-1.0.1g.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
size 4509047

17
openssl-1.0.1g.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCAAGBQJTQtiaAAoJENNXdQf6QOniuAkP/2hFMcb2NEG36by4oleDQQA1
xw/qiE5NryMU7+bwwhjvVdGsyeLnnPxN0K5fFVlsWHFIJCArZ/ERsR3xJfldSoZX
xz/PgU4JAWT7vkhIR0zW2SInzxdX2hUsonG3dRqVY5JVX3aAMkcIanczpxrv39Cb
ZeKwStINV5HOXH++Y7O4SWsFF3w2H4cmijyF2QQngrvyGkkS4C1Wy/PH54rAQrSH
phfsDlULL48/4NPul9LiRK6clgf+6DtOa9eY/NF+enjmEw2B73PRt1DmCaaaabWU
RwKHyVZUvXGhZYnPnfriz+V09FEq9SMEyyCBg2JeTljESPaPKxPP53ueI7OTo3B8
cyXcVMq3nckgq3XI1j/Z/BJVTO6Zp/thTlkGv35O/+AgdY/lWiMictFYLLfbHC1Z
9A9gbwuhO7pc1BrQF0vhIR+NlHAq4fVA81xHrClsIWebs8XjaH4zLRoeYBKqK0+m
4T2vf78yh+viiSOU2KpQdi4kWOUpCMVBa4CJclyAWdX+jjhnrudWcV5JwCz1KtNK
Pdaje0WrJ8gqAKpZC88q2vhVZF8FQt2YGhe16sGM5N9aSeg0/GMd1rAbJPUlpQ41
/b64wg+J3/ZQsRDfNvXwIgaGa1Ur8mUv/hmtAr1ecXK+rOcn6wcoouWwDYcOCQj/
opNSFe0Slj1X6unB62z2
=9S5s
-----END PGP SIGNATURE-----

View File

@ -59,10 +59,10 @@ Content-Length: 12835
doc/ssl/SSL_write.pod | 2 +-
23 files changed, 59 insertions(+), 55 deletions(-)
Index: openssl-1.0.1f/doc/apps/cms.pod
Index: openssl-1.0.1g/doc/apps/cms.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/cms.pod 2014-01-09 23:42:30.000000000 +0000
--- openssl-1.0.1g.orig/doc/apps/cms.pod
+++ openssl-1.0.1g/doc/apps/cms.pod
@@ -450,28 +450,28 @@ remains DER.
=over 4
@ -98,10 +98,10 @@ Index: openssl-1.0.1f/doc/apps/cms.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1f/doc/apps/smime.pod
Index: openssl-1.0.1g/doc/apps/smime.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/smime.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/apps/smime.pod
+++ openssl-1.0.1g/doc/apps/smime.pod
@@ -308,28 +308,28 @@ remains DER.
=over 4
@ -137,10 +137,10 @@ Index: openssl-1.0.1f/doc/apps/smime.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1f/doc/apps/ts.pod
Index: openssl-1.0.1g/doc/apps/ts.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/ts.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/ts.pod 2014-01-09 23:45:03.000000000 +0000
--- openssl-1.0.1g.orig/doc/apps/ts.pod
+++ openssl-1.0.1g/doc/apps/ts.pod
@@ -58,19 +58,19 @@ time. Here is a brief description of the
=over 4
@ -164,10 +164,10 @@ Index: openssl-1.0.1f/doc/apps/ts.pod
The TSA client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
===================================================================
--- openssl-1.0.1f.orig/doc/crypto/OPENSSL_ia32cap.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod
+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
crypto library behaviour. For the moment of this writing six bits are
significant, namely:
@ -186,10 +186,10 @@ Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
For example, clearing bit #26 at run-time disables high-performance
SSE2 code present in the crypto library. You might have to do this if
target OpenSSL application is executed on SSE2 capable CPU, but under
Index: openssl-1.0.1f/doc/crypto/rand.pod
Index: openssl-1.0.1g/doc/crypto/rand.pod
===================================================================
--- openssl-1.0.1f.orig/doc/crypto/rand.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/crypto/rand.pod 2014-01-09 23:43:46.000000000 +0000
--- openssl-1.0.1g.orig/doc/crypto/rand.pod
+++ openssl-1.0.1g/doc/crypto/rand.pod
@@ -74,16 +74,16 @@ First up I will state the things I belie
=over 4
@ -241,10 +241,10 @@ Index: openssl-1.0.1f/doc/crypto/rand.pod
Given the random number output stream, it should not be possible to determine
the RNG state or the next random number.
Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
=over 4
@ -259,10 +259,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
The operation failed. Check the error queue to find out the reason.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@ The following values are returned by all
=over 4
@ -279,10 +279,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
=over 4
@ -299,10 +299,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
=over 4
@ -319,10 +319,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@ return the following values:
=over 4
@ -339,10 +339,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
=over 4
@ -357,10 +357,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-09 23:44:18.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
connection will fail with decryption_error before it will be finished
completely.
@ -370,10 +370,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod
+++ openssl-1.0.1g/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@ The following return values can occur:
=over 4
@ -390,10 +390,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod
+++ openssl-1.0.1g/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@ The following return values can occur:
=over 4
@ -409,10 +409,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
The SSL_clear() operation was successful.
Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod
+++ openssl-1.0.1g/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@ The following return values can occur:
=over 4
@ -429,10 +429,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod
+++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@ The following return values can occur:
=over 4
@ -449,10 +449,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod
+++ openssl-1.0.1g/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@ The following return values can occur:
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
@ -462,10 +462,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod
+++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@ The following return values can occur:
=over 4
@ -480,10 +480,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
A session was reused.
Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod
+++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@ The following return values can occur:
=over 4
@ -498,10 +498,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod
+++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@ The following return values can occur:
=over 4
@ -516,23 +516,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod
Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_shutdown.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod 2014-01-09 23:42:31.000000000 +0000
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection
=over 4
-=item 0
+=item Z<>0
No shutdown setting, yet.
Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod
+++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
@@ -92,19 +92,19 @@ The following return values can occur:
=over 4
@ -556,10 +543,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod
+++ openssl-1.0.1g/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.

View File

@ -1,3 +1,5 @@
Index: crypto/bio/b_sock.c
===================================================================
--- crypto/bio/b_sock.c.orig
+++ crypto/bio/b_sock.c
@@ -735,7 +735,7 @@ int BIO_get_accept_socket(char *host, in
@ -18,6 +20,8 @@
if (cs != INVALID_SOCKET)
{
int ii;
Index: crypto/bio/bss_conn.c
===================================================================
--- crypto/bio/bss_conn.c.orig
+++ crypto/bio/bss_conn.c
@@ -209,7 +209,7 @@ static int conn_state(BIO *b, BIO_CONNEC
@ -29,9 +33,11 @@
if (ret == INVALID_SOCKET)
{
SYSerr(SYS_F_SOCKET,get_last_socket_error());
Index: crypto/bio/bss_dgram.c
===================================================================
--- crypto/bio/bss_dgram.c.orig
+++ crypto/bio/bss_dgram.c
@@ -999,7 +999,7 @@ static int dgram_sctp_read(BIO *b, char
@@ -1032,7 +1032,7 @@ static int dgram_sctp_read(BIO *b, char
msg.msg_control = cmsgbuf;
msg.msg_controllen = 512;
msg.msg_flags = 0;
@ -40,7 +46,7 @@
if (msg.msg_controllen > 0)
{
@@ -1560,7 +1560,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1593,7 +1593,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -49,7 +55,7 @@
if (n <= 0)
{
if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
@@ -1583,7 +1583,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1616,7 +1616,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -58,7 +64,7 @@
if (n <= 0)
{
if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
@@ -1644,7 +1644,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1677,7 +1677,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
fcntl(b->num, F_SETFL, O_NONBLOCK);
}
@ -67,7 +73,7 @@
if (is_dry)
{
@@ -1688,7 +1688,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
@@ -1721,7 +1721,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
sockflags = fcntl(b->num, F_GETFL, 0);
fcntl(b->num, F_SETFL, O_NONBLOCK);
@ -76,7 +82,7 @@
fcntl(b->num, F_SETFL, sockflags);
/* if notification, process and try again */
@@ -1709,7 +1709,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
@@ -1742,7 +1742,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -85,6 +91,8 @@
if (data->handle_notifications != NULL)
data->handle_notifications(b, data->notification_context, (void*) &snp);
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c.orig
+++ crypto/bio/bss_file.c
@@ -120,6 +120,10 @@ BIO *BIO_new_file(const char *filename,
@ -125,6 +133,8 @@
fp=fopen(ptr,p);
if (fp == NULL)
{
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c.orig
+++ crypto/rand/rand_unix.c
@@ -262,7 +262,7 @@ int RAND_poll(void)
@ -136,9 +146,11 @@
#ifdef O_NONBLOCK
|O_NONBLOCK
#endif
Index: crypto/rand/randfile.c
===================================================================
--- crypto/rand/randfile.c.orig
+++ crypto/rand/randfile.c
@@ -134,7 +134,7 @@ int RAND_load_file(const char *file, lon
@@ -136,7 +136,7 @@ int RAND_load_file(const char *file, lon
#ifdef OPENSSL_SYS_VMS
in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
#else
@ -147,7 +159,7 @@
#endif
if (in == NULL) goto err;
#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
@@ -207,7 +207,7 @@ int RAND_write_file(const char *file)
@@ -209,7 +209,7 @@ int RAND_write_file(const char *file)
#endif
/* chmod(..., 0600) is too late to protect the file,
* permissions should be restrictive from the start */
@ -156,7 +168,7 @@
if (fd != -1)
out = fdopen(fd, "wb");
}
@@ -238,7 +238,7 @@ int RAND_write_file(const char *file)
@@ -240,7 +240,7 @@ int RAND_write_file(const char *file)
out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
#else
if (out == NULL)

View File

@ -1,6 +1,8 @@
--- openssl-1.0.1e.orig/Makefile.org
+++ openssl-1.0.1e/Makefile.org
@@ -366,7 +366,7 @@ libcrypto.pc: Makefile
Index: openssl-1.0.1g/Makefile.org
===================================================================
--- openssl-1.0.1g.orig/Makefile.org
+++ openssl-1.0.1g/Makefile.org
@@ -367,7 +367,7 @@ libcrypto.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
@ -9,7 +11,7 @@
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -380,7 +380,7 @@ libssl.pc: Makefile
@@ -381,7 +381,7 @@ libssl.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
@ -18,7 +20,7 @@
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -394,7 +394,7 @@ openssl.pc: Makefile
@@ -395,7 +395,7 @@ openssl.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Tue Apr 8 08:12:38 UTC 2014 - dmueller@suse.com
- update to 1.0.1g:
* fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299)
* Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945)
* Workaround for the "TLS hang bug" (see FAQ and PR#2771)
- remove CVE-2014-0076.patch
- openssl.keyring: upstream changed to:
pub 4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org>
uid Dr Stephen Henson <shenson@drh-consultancy.co.uk>
uid Dr Stephen Henson <shenson@opensslfoundation.com>
-------------------------------------------------------------------
Tue Mar 25 08:11:11 UTC 2014 - shchang@suse.com

View File

@ -1,100 +1,149 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<style type="text/css">
/*<![CDATA[*/
.uid { color: green; text-decoration: underline; }
.warn { color: red; font-weight: bold; }
/*]]>*/
</style></head><body><h1>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</h1>
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: pgp.mit.edu
Version: GnuPG v2.0.22 (GNU/Linux)
mQENAzZz6nwAAAEIAMo0phUn+IyEMv4v4gN7ANsdksYAwsrN+3XutOrNlJIJ1HSKVxlgzU7N
6XkYvFH+fSMaHE1+SRREyCO2MVBXWDrSAGCYETcKY+KM2gzSEB2pMxNdewZDFM5ayUHMCVjv
ROanLr5KfjEcA6uibwLcq+tvKGTq16kba3COgYElM5LR1vHx7EZB3PHAonHfgggM/MmKZw30
61PG+xfAvJZFyOojVLcGGqa510ctnoqLBhCceRQbQEaEO+1KIxJ+qf3BGyl5i1Ldz04252Wx
ANVlEyVhqaVLFwY7jAcaeqWK+CxOyK0HjJnQZpygIJgWMaaS2UN1/2nzB0kMotKbe/KVx1kA
BRG0MURyIFN0ZXBoZW4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5jby51az6I
RgQQEQIABgUCRFyrXAAKCRCL2C5vMLlLXKlsAKCUWipHE16bE8yRsxiLikjx0fO84wCfTGSi
DknIYZWFa5bKJ1KY4uIEqhSIRgQQEQIABgUCRsddmgAKCRAQN5GDEzHzW2w6AJ0SqqSEuEGj
MH31xtwQQDEjVou2tACdHqASE+VZRLdzJHoZN7V0err0zP2JARUDBRNDwVDootKbe/KVx1kB
AUljB/9ilmpYqqMFIMFrOB3hlIQMao6ZkHPqsrMeePUvAX9oa3p7uXloDm3aQggc9SFeNIoo
pZPCQpR+5LcP5ybbYJb3NQOR1KuCRaBwt5e/49uBYpH14B74RddOZS/UThUXPSQ5fVY4Bs9I
zNp4rMydpr3fEIXgW8CGzRussLKUj5f93o7S4pzvucTw8Z5lWhvtUmA6VqvZvK26FklkhVB0
vPGSMHgE7y6eHPKjAZoGvgiuf7L65YOTceQcTPlW34vqel8YtJpBdIM8Ju7Zdx8hfD/HScVY
r+RBzEOM6nPzKj3vFCUhFeq6ywj1yCAF3J3bkeU6voJnT9Ad15f88t5w45hMiQIcBBABAgAG
BQJPtt+IAAoJECx8HnpWTIi8QAIQALBqDaLOJICo3x9bkULIq49Ly1zUbKKbnqXQmv11KCHT
UsLK4Wj0ztEza8kT99Of6IaB0hLAn4qZQFx9LeiX4QruiXB9ti86LHrLypFR3XgTIvdULcBz
/kQmAwB6eXW5Zqw/5SJ8F90B/XvtADpBnHnZNOmFOesnJSX7Urho2002Ep3beUR1zvtdJf5l
F+enFPZ/cOnQvJNPaDbh+WoXfWVRz5aYR4TbNsT0Fetsvi6unO/GWHv04rlWiRCwbpEDem60
54KiDYxXZR5Gh29ivap6KeX3Sdy8T4aeBnxb1asY66EUAge5GGF3mYJJ5+Jaqro47SYe3NzK
kbYURUKeTLOCik16tYhI2TgKBDePi69nE8dORRkzm+1S2LVZKX4D/P/zbkB3Fc/Kp0f0nneK
rfn5bwWF79r71Z6xHh6E8bv51b9eb3ODAObRSGWYv5NNqSSAN+7CXeplVjXXeB8S/e1RE5J4
TScWVJ+rMSWzodktA72d4rTFkMmLscAht6HCGNG8hQQ6EB5Pgr5JbVu5vv56cwO9wczZttSD
ZPxCu4Ww+cf9x40s0xrsYr9sDaXsRPiC+UjUe5h3pkJgXFWUNdBqCob5G92Z7RYcQ63IfAzb
Ufu+xWpDDoyO6Gb/NZzQapMn8cq+1cIftjSbBG4dN+LkErroD58Fby26ODoHFKeztDNEciBT
IE4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5kZW1vbi5jby51az6IRgQQEQIA
BgUCQkCrkAAKCRAYWdAfZ3uh7BT0AJ9moE8PhFPA7kFkBO2mLRhBdTzpGACfW5yvlfyaJTnH
DhXTA4CeHdl+F8CIRgQQEQIABgUCQkCrswAKCRCBwvfr4hO2kkX9AJwMfPm8dq5Bmpeoq26/
8cqU/j+98gCfYC/nxPtcV2ubDUmMZPJFtL17E72IRgQQEQIABgUCQkCr4QAKCRBrcOzZXcP0
c6kIAJ90icvg9nDJ+A+jRcY1zO3rH/n7UgCgtKTJsi75aUqGjA3gc+1CnCyNtwyIRgQQEQIA
BgUCQojbUgAKCRCL2C5vMLlLXEUXAJ9HkA1nXtU2nw2jSHIY0wISde0x/QCgiUz2QjlojUI7
niTTgV4lQNGmItCIRgQQEQIABgUCRsddqAAKCRAQN5GDEzHzW8Q1AKCknK1tOm4tnWbTX2ry
+HN7e28SXwCgpIDDVI1+oH3FFmeCbRDY0UO0anyIlQMFE0Grc8DurUz9SaVj2QEBSb8EAJnV
6oeLEWO/d96dvLRHYHbR9F9efQZjLnTeDMLy4kIkPuMAJk1L7mvnrcIA+DcHl80rNMhQVJUP
zYZ5Rq77VuBf20C14Az4rLgoOgcAU7pI61C0L7eygX/P8nZQu87JeFf1A/ussXDtqA/1KWSl
tVRwFX3dCmSgYG1LjzEa2AVxiQEVAwUQNnPqfKLSm3vylcdZAQFBuQgApiGtXIxJPtCvF3zS
ZYk1HOF1u9Qg05s4AdeGvQG6Gmx0MK4SRRUt4MYX8nvQ0VwZRQnvPIRfWixWnEBzpujC+sC9
fqgStj7bG+Uy4YQ1JNph5y6I/75TT0/z0pRAC7Jlwet5+PWrYa9m9rKqyaZVCw5IUSrcjkTo
/gjBLmrxVme+O8e6dF4Te0SIjFrvnNeA3B1TI0tDusxlHkKyJ3jEUf9Mu3Vx+fAukmiWUCTH
52QXZPcLP2V5Ud9X0mS+N2mTVi3rPK8wVhTiu93cXEqhTHoIEPOlLW0J/1n8x8kngGgX/TiE
G8Hd13SOh+YembJVaV7JlYAISdEgCj6JdPSsc4kCHAQQAQIABgUCQkCsCwAKCRCq4+bOZqFE
aO5vEACsZZZeb8TZBeuT4YCopBenHLl+hS1mVqDf4Qy8L5wxXnRwCAugwKf0j8T0KZQodRKI
iTWI2Oe3dDBUDE5CS1wyyku7QMsi22mUPOwLL3VddITEa8c3JJmU1ec86c5rEB4xIV8Rcgqw
CCPeyam+nwyoVKRuijbFJyj0pymTbhpqmGi7oQw0IwVsFKMmgVXiSPdC6MpIOD8+wrc9Sfno
CW+jgfcJLu/k/WEgw7qpj5cOwbFvBRzs7VO4RwU9jzXpZdouRRIZhrNwQYmBKRXC5Aa0o8gd
aN0hWlS+KQ+S73m/XFabGtCyMPU5HX5g2EtvP61+ovqRYvHseBpKwjTTgWthw40IQxIkRU+Y
PxiEXM9yMcBvs2F25zDw9g3SGLleFqizhUyLAyvY3T1IJgWCU3BFCXy0XJuguQM5znFNDZZ4
TZnEAKddhf/v/3AOHg0RFzNgMsA8H7MaJey50vOiqn4mFiy+nXA+ILI8Pz+UaJKihs8KutFG
YEuXiMPn+9vbKdAK/wYzUmilM1xei30E4/bFPt+nwOHF/4ghuKM4KyaImOCijAnkbOaPUBT+
9qPua+AO15DfAEVoGLIDOMIx2CNqKaOsYadUq3wnFTs/erc/sz/3a1pFYATz3G1jh4kk163q
zZpEfewFgAB1mynkXA4vBqKNarwApBTgZ4kR9XYXpIkCHAQQAQIABgUCT7bfiAAKCRAsfB56
VkyIvBV9EACET5QEw0RdpgU5BVVRBnz4XCWXmPUX7/YSfZUQt2sDzKKHYB+yc0h6DnbMenw6
9YnIg2l8v7hKguLAIxbg21T6y/rne5CtEAzysEIDncqEnxDSMGXlFdMHzRWBKjASqzfxkD8+
K2no0VMNr/nK+iScfn64FLuH/D0+NEghrx/Vx1dU7ewYGcY5OybfOmBrrSGNwOKfKnRbxTbo
avBnREnBeY/6xgadwZt0gwoHLEgLotQzLkchJiSfBZcK54nZ1y+NqKfLg+8etXbBDFhgS/OP
dBmthi5Gt9gKj4u+t1Tjqvrcni203CdXv5HPL5zBc7ZQX+XzwODnAk2+OE28ql+DR3X5SYru
o355/fUUZgGNpi043+uL6xjZPFARiDc25vqSuY/KQUjFknMgYSm5aw7a7ZM5WiyLO4AdnvX4
UhRLcXyWqHbpGCQXJr6itJx26JKyQ7sSABrZ/Vj9MOmc3kjcoEW+wcJTKthOpZ3HfB8xreWJ
IKj+593sqjlStz9kEDMwTmA66B/QVhRx9jPZrbTkQR1DQJ4dOUcBweJ1XF7oP4+Zk++qVZsV
ez38JptDYqd8+rdQyw3xFfy4iur32oEA92nUdtcs2eIrgGhR96Fuah9wB090hZwPDsiYB1wR
+7HeDl/XSdiisIWZk8V75oJuSuzoYqFhWQeWQK/2fUNx7bQ6RHIgU3RlcGhlbiBIZW5zb24g
PHN0ZXBoZW4uaGVuc29uQG9wZW5uZXR3b3Jrc2VjdXJpdHkuY29tPohGBBARAgAGBQJEXKtf
AAoJEIvYLm8wuUtcd9UAnjmdDad6Qxwun/i0dbZbLjXE0KTzAJ9b49qIv1RTSled84xjp8LI
GzaZaohGBBARAgAGBQJGx12oAAoJEBA3kYMTMfNblFkAmwTFV2BtA4bTJgwZzbqP57yt9hJS
AJ9bVKWTmWRbKGltql/VwUXvTms3TYkBFQMFE0PBUKmi0pt78pXHWQEBa1YH/14MRmPhcl8r
6nlqhJUuPFB1FOI9Epy1sP+FaIGRmBxq63nN7pLLor6wzTQ7LEMnC4OkXQIaylYYC8uOGW7L
FCFBGnqLHwVUTxWc9Y0r/fdVYGwKn7f134RVSCFfIzr210ogX/e9CHsX+jhRSNG1IrG7t62l
uyMz2GIrz5+tDgRJJT3MraEIprW0jiB8ZMHhI41u6a1DGUcmbVFS0oRkFHpCJjeFglcG0ZFo
Lle6QqFgtOQ742JuB6d+ccHVRadQOGnyxv5jQf2PMGr+USEuJFEU7VUDi8ja/WYdTdJD+g8r
qrkzYofsmngrU0ZfxfaDG3esnN7qqEXsf1wXE1KfCFSJAhwEEAECAAYFAk+234gACgkQLHwe
elZMiLxCgQ/+IicQEYoNtf9VgmiGAFtoRKD+bZhQtTP4mrAplqZBXSo+Ro2EM+3Z0nUe52I1
Ydsd8/ofYY2jhCzOkKpD5asH7+jondeVs7G4PdaiAIsrMwQAbU1S1rgnWB9KrLB+RWvIHsDT
JNEuJQO/2+etNoYsEBp+xl7Tx0uwQdueHg1TrjCAOMImJjGAwOXDS4wD8DPnpaqJnIkwNMXa
Kaxsz0Kybqh+eYkIibvj04R3K+Zoh2i1Fr/MFPP8F7UrGWOQZkjtg30m3nSTVgsLwTWTbcZ/
bRNZu9h5lkeqktH8BDHPSjDh5VzeM1G9zP+5/gBXzH2R9NohzYHjnsM6JyXTMGKiErqhRfPw
shiteXN9xTglw3P2GCdYzO9cp7y2YA3/BJtKweZV19qtRk5NxRdVnUP+DeYc4Fl7vICQ6wVO
VMJ765SDkHaGx7fIKHNs9LlMNDC0PHvT+Ta1tCTv1qJl6uYao6rwlXAk+OO2dNndYkV8kIN2
g7o5xRUx4n2wIOGQFHk3/PQGYaoeIahy1wl2cnq2kjQdhhbex6lUc4s9alMOz8HN9zn4e4cz
rDK7MEQcEUcjMVk9ATnmf3UKblgQGsod1BvrXo3lpt+CSUdtYO+IrqWaC+cUpYmfoXjxBTZH
gm838LRUnA/P+cb+taZBysUrxDthEtKNKZNCpZ541EIFvzE=
=DUIo
mQILBEI8bW8BEAC4MIXcibrtBmTq6mYlLRHhgZnX9b4c5ej4ObLsFVH30Q/PDArT
jINEiqFCTJegBiuFpzbw207+WkpljmQYC5gTWln3u99lMEpHpxJJn+IWZF4avUAS
aoDE+kD3vjOAxDmWyNlx22gxjG6XmMi/InpMSJjlcCl2c/G01bD1corNaasx7D3T
nHljAwkLFSJirrc5Ojb2oMgRvQ5cTygshGGYdGbYCSo66a9ewDW5oxst61rYqJUh
MYhWs06i7KIHHavkBzUy/Rtmw8AQgTfwYtHj3uC29/u1+AHNM81WfNbjjZUtEAPv
BfL68DHo/8Y+sehBJSL6jiBBdJrt5lzX9TmoNSHgmr+eyGzioU0rhjqhWK3aTxCx
cMp3fCmdXnrrhBvxntsXAPVU/JRfOnWy5tCipzX02pDMxTPZSrtGM3qtO1kUtJkW
gltsJuqZOcEThKpcYu2ozSPDEI+1LMyAzb6H7Hvts6+B4eP8f86cVkfpJ+A4wE9+
5FCpXDXWEhH4Y/Le6bJX/PdMqsX4qG3o+vLF2SVL0dzX/udO9GscZPqcpbEjd2fV
SU1uqTfLIchzchgJNHnAySMcz8EP+08iUTw+sI+n5k7gZ3is+baMjQYztVn9oB+/
o8AO/RAnkJklb/GpzcfoHBPp17OuQI8ZuvxRfbRJISEMqnatHLAFvP9T7QAGKbQn
RHIgU3RlcGhlbiBOIEhlbnNvbiA8c3RldmVAb3BlbnNzbC5vcmc+iQEcBBABAgAG
BQJCPG3TAAoJEKLSm3vylcdZAcIIAJEpkP59JmnU8b/tzojGe3YHBR0L9YA54GZz
7MdSEQgIYaZKb+8uwvZG6nxir/HrJOhtvZKHqbna7qvx6LltJ7K+cqLSHz72Iiv9
KvR1THLpqJaYaQfS8j0VSPNofLm1T/azKf0AVDfrBDnO1vo5dNhG514U6i96GMHX
YniRBzOkJqDNtNzh7cyyp+0Lc8vOzODjenYWUtqL2Lfqv9aOk2NV2V6LL/qUTmdt
r/KQwgSCf1yAgqgc0i5l3NJGDI0+706TIhyA3pSc/cqN2zO1oDkzRpsnyoxXrjOC
/nO6aLH2DI6TrxLfWoGQphWsjM6QLl7/90MxXCffbjJuA7ETt06JARwEEAEIAAYF
AlML0wwACgkQotKbe/KVx1nbBwf/Z1RgCusMaGQpkPUOKe3gUiuuX7kJNRxKzJZs
sXQAIalXrxnoGMmJ0vTMOqRbCYsmm8aIWO7Cj/ZNp2JJ6Z8kZSvkvXrUpbq9E9fL
OeYUBLsfQr+yR2wCl26ycZoAizZ53Rsp/4pbNEF2qivBEAgxHUQrHYaASmhq6AQd
IKgppgl+d1Oa/4tpAbv1Zr1Tgq+1s7V+//64lAPyptG7N/sgQv86jk7VAcPWwSdJ
qfsCm3nbd4WgTtS6AbZ0K5hxD9UmDMwLUeCsBzBb0NxUOA2uYrdChu5MKt+ITZMz
IyAvufNoT+nrU5WX0dlrmBKP43geOnq2lvPzip3bnOEwXbUNfYkCNQQTAQIAHwUC
QjxtbwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQ01d1B/pA6eL8Gg/9HDb2
ccQ8vkPPvihtrWP91yItAnHN2BqziYkH/u63L9xaW90B7KFUjo6xJSF1TqXtb4NX
vGa79IJ94yit1dHTyeBqi1vsy2JlYuPxQXvwoQpyNiq05OsrAJFy9MTeWcP/OXpO
R7HwE2F9vqtmJLdwhBmuFiKT4LzhcKutMDTovWm506ow738wKQNJaRToJpd9R+Rn
UWEIz8oc4y6h1Q8aFtxjIyVMWxD9Ry+SmSLg3ZPpQNxN7UnRfYu/2YaRAWOh56tQ
vy8O+1UmJuenC2mAN1m4EUN/jibKZgFDPLrQ7H5LdR3vzKx5yB/wCAtOYJBRQIrv
o2hKOqhY3lk5AEJ1r+zq8jH9sXhy0MapZKEs9mbJq0iS7jaUlIohxXcl/bqSe2bl
JBfETc800Vxbg96A6dwWN7kn9zuF3UWNbxCeoVDDioILozekndpn2Mvz/tslTrC5
rU7ai+/D+S3caxYxvCY8eJ741uwy7Po5/Obn1met+qhDb107jxP9p3vYHu2Y8KFd
Js9idqUyBeg10uxIIITpux1Dq/caCHBZLJ4vMWGmlBh3L1diMNRyilXiTaX58A6J
OzRjpO5s3dKwaK8j9jI7fnreqR3/nP/IJPrldEIiy3TBIxSF9u8iTDuuOF40h8ai
QAsVYQ6JlHglvrk4pZneHvMwlZaJIB/abOUjKPOJAjYEEwECACACGwMCHgECF4AF
AlMLv7YFCwkIBwMEFQoJCAUWAgMBAAAKCRDTV3UH+kDp4n4HD/9hNPUuNVLnA/m7
ZlR/WNCCDICYNUBUj7g9o0gcVsg+5zp8Dp6wwrn5n1ZG3h/oL6zGdxgp4nQ7rPBc
xZT7vr2mVqiNppQqD88be52jmRcCI3W06SWRAVayxHXFryslFzXMfoosmAYUtPPR
hckCNwHLlbkNYXLfAU+e0pTJrAAcmCSDTU2f9KPu43JToJ2PMaIj2gRr+5pALali
KMBIsW+E9pKDiN4v3l16bHP5esqC/CC7JivUjvv+q2kU/I9+Ep4yritrw0UxMk8l
hlSnOOsdIeSD2OoVZWP9nFN8jvrPIBAGBEY6Y8uj+WNWCEM3cJhbdilqOBuOmgZJ
cbpTnEzKGtPWqDNivPcrTpJ3sxRxxnUyicaFK0jOH+L/mj/gY0Zt5RD6C/zw9oPL
PqYAAjEudGK+v15wRJDp5noitRJwjUs+08ttlTAW7uR+5KU/uRdykprcHvfGr11l
J3cSOyUMH6FOgH7pvJ35c7lmzL0b34ZEgRLL2xbKSsFyUlzubUM6LE4FEGxLOYFn
JkX8ZfReGAxvg1B5RtxdcdLjR0OFXff1ERvUmsw+phk0iayyukAzJ6albckotLr8
V4JtJJpM4s1aldaxTmf7rNoBCvUKB5bJ/xDrUow3omt4oyQN6pAKWHrydeXF0LZZ
xsfLebHPMjxTIldbb/K9ikMx4Vh4kIkCNwQTAQgAIQUCUwvRVQIbAwULCQgHAwUV
CgkICwUWAgMBAAIeAQIXgAAKCRDTV3UH+kDp4uObD/4qOhFldhiNSezwC+EiSEwH
MFMSEneSjllAu9ZHikf7KNYLcgq/8vk3TiobsgzTls9vEdXJYsr7BvKJ3fLUwZoo
MVwycfyTC4zP0Buu2o4rMlYPvFZ9y5tfftmVQUwGVtTEUo/WQ0NREFyU/C0Q9Og0
PRRkmuztpRJlhQFImhdPH6KCEU00xrAOsOflz1xJ3XpbWwccrm0R3gwJcA6KGVGa
9g+1nnkR2VveTqU0j6BBrPlYvdWbgYStabrdCYHTaX1lh7JfEv4fGMtaMAaqklGP
abVeCSFzm37EOWCz+n7Fs7BHq8IIj6E1jmj1pkJGAdbTF1c/7iLTU7E8EU/D6ii9
Hu46dKyzIz+6MOlkEw+zPJNSs4Kg5xNMQF1iWjq9E3pwvPPpFWehAkUDUnfmK9Ek
q1hAq8JuE0RRedxh+xWkJS9b8p5r84S8XpixMeTrTAPmSgY3jROUvTKi6Pa9wNJh
UOM5coGL6EsBhXwQfFd/+CxyWUnCakfkp11SI4Er7oVxsHm1mvGK2oTHWZnJuxp4
u3uCTz5f44DRZufIbSiFrzk9dKTbuQGup34gC/SvvPBbHxwz81tYq8ppxYelHQfW
JJUYKF3TJfPCTiOhLJvF0yf1N2zv7qkiL8v/IgCU8aMFwDmWEXLe92xxlDgT+6cs
DoyG656zUyzOC7VsoXGhsLQxRHIgU3RlcGhlbiBIZW5zb24gPHNoZW5zb25AZHJo
LWNvbnN1bHRhbmN5LmNvLnVrPokBHAQQAQgABgUCUwvTDAAKCRCi0pt78pXHWTny
CAC4niLxJJz4dlbNAlxu0sY4jeYAKVVsYO4Mp443Z/AqdF3O2kCyoLCjbEiRN1mN
EedpVdd7s/GFAcd1/yXG9MnUjNjKT4sEaGk8/ZiJqQVzkpMwHY6tF9kI9XMwrGrI
3pcBcBlHknrmledaQarB1e4SeCPADWMdR4dWK0zW/xDcDeHcPe0jr4Cks6lFB3P3
8b33tI5O4vow+aqAis9klgYebvBNdIHeuAbP9eir5iYeO3zt/36BYdq+qITkiGFK
v/qqlPqEjXcsZlNGM2gFYclWGrWVE4XECOxqRwvEGYAfJaHIyiWfkf1Bz6t8vdro
PSwQ+whX/OydLxUBLTNRAeU0iQI3BBMBCAAhBQJTC8zlAhsDBQsJCAcDBRUKCQgL
BRYCAwEAAh4BAheAAAoJENNXdQf6QOniuKUQAJHU9ikZxaZrInUMKHWSEdQrwgWI
Dpcf51eun9nBvEYSpduDJ0DbtzxnkS4+Kb/KYBf7QYCuc98Aszit1iR4i+qiRvK/
/ZDXn9UyHaWFbjNUTiYIjor13DB4wjshiVFV3vE84BJx43jNatMfnRwSuVpOWgVW
qGRxJ5IAIBeWjOzTQfwumzrrWNCT+c/RL3/yEAc/C+iSZdEAjwFdSQ7yj0ACQg+S
Z2Eqo4BMFMbBjp6N1urcO4cy+2KMdvHztj+F2siqhBwsPtqnQEkLOywvuotzpMeI
DhkI++VFX6hE/XRkvktiiq5i5byrQC3jFfuWvJ0LvoMxShBv3U/UbCJqBoqyFwMf
JVlvMqN21qxsEV1+44cvLcd1VqD8ErR3Pa2h++WGOsuKoIm6rhfWYcM2ewxk0bp6
QtYrohT8/Ydw2G3TYYcR+8+mIAxRU39+kRsMnr5mt1oNzBqJ3vkXQddaQy9PJR06
HERhwaaII0Ecrb2B1QdFxhvdYRqU15RaEH7dyWycFhiEEoUX4Vf28pNksH0xblVU
I9ZJwHV+Z1VgGXQk8dpdc6QQf9wvvFae9nKtKxkmmaolFiQMgZQodXxhNvDj+AjQ
sc6CZCnSfRly0DKaaHOYioUcqd7LVKnTpzmXlYOQFIASN0+R74ue8M4uFte353Yh
oWLK2Q2O+HxYtc8MiQI3BBMBCAAhBQJTC9FYAhsDBQsJCAcDBRUKCQgLBRYCAwEA
Ah4BAheAAAoJENNXdQf6QOnitssP/R9q0rQr3takz0pPAcWfn5g8fDFcEe5SBW7d
AkWCpJ9mQilDsI8L3TeCUhk3bM3mOxsxkJo6ZTaPGwS/0bR8pAZZ4DwP8CPZr8hf
X5IcqB0IXVzPuIBYibSyanw1KA7EDJ8qJBZw4+FEXGpYAmlqRvq3PEs4a5cBjtAd
o4KBePY0nI+kwC8bwuApORtuLz8vbXovGydLZJndRkLxRhLIrftWg3kpn7KNafxK
irgXciwoZKUajhfVtL/W+bKj0rS6eGoIqw52WkS9sTn0vBnrw20l4UsBHGDixCEw
TNLU/m45kB4folUvnuoq8WVx18StPrTPLmD3hzNKbWiCAmiIlbbE0/vtmP+9iGns
/ZsdhFE0dr6XBei58KIlaeTRlx0c3OB5Xq9zqMtK+BUE9vmZIzDw3UXLiV0X9ldx
9ntn5I/F+uXLEclJd0bX7WvZrKo+upHsu9UfIIvm4qNSyCr3iuVsNTQ7qZjSSlpv
nOClduFILACuCTvQ7ZTXPN7JJrdEmpm9SFtVGf8GAqYxf2W+PdD6LZ6gPGHBaSCS
S1/1MMe+khibmyUo5ceanKe+2sKraChhE75/56Zwq6EBNXRBN8v4XZIL9BbkzTpv
dYN8R55Qrdu9jeoWmGdKLFjPaoYhTPU8gnnP38buvBM/i56gowuebb72oC8wKIOM
FLpsBMJvtDFEciBTdGVwaGVuIEhlbnNvbiA8c2hlbnNvbkBvcGVuc3NsZm91bmRh
dGlvbi5jb20+iQEcBBABCAAGBQJTC9OoAAoJEKLSm3vylcdZ2AwH/jPyNrn2uZrq
1M+UG/6C/znQQDE4dRriveHtGqVlu/adJRDga74hBAWYsym520KUu/x1bGz84Lfe
aZHPKTbr3FuIA9s873BeMepGTVYuMJ66AAelcFC97AXvYIopSwg5Ru0dbb7AXFB+
6Cwhdp7BNZRWsYeOrIhmiYD779LpNyef43bSuYU1cIdAKl9gnhWVLm9ykX+zcgim
FBnOXfAXEyJknghqyfVUoIkzDIBptv1culEWWM+5SHZm1MtSGLJsyFGn6M3mnOEk
ceMJNbLkcs4Mw7d9dDL7nqbxr4IX4uSxLO5GQ+UnN03jEYJGFH0oHrwfDdgg509F
vcU6aJm7srGJAjcEEwEIACEFAlMLzRACGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
F4AACgkQ01d1B/pA6eIHwA//TSYOfBe6UVlBuZnBB4RXorMASy3US/RWJgjpIKsy
Vn+jU8362srXlMtPglmLxfkI9qdyCOjXpDP+a0432m6PZNVY2tmsKEvGnaBZieAX
SXH6X0Led26qN78YN4DCAskmlRwip2/WTAe7s8eZtfUtuu/fWEYxyC7ZgqdCIJLf
QzQtxDybM/6i8tJrSKfx4G7x+bl/DT2KUHoTnAvxElVhtl1a62kIv+AYdqYv0d+h
Aho+6uIpvzd7Niy1ZFJFg+JAUrnqy9PRb4T8FUhvyvWNx9gYuHGuovQ5e2FQNdit
eEy6EQwP4EyUXhi1HWqCZypogMdCxytHB0VnQBzxxsZSiWCQMcAxvAFvYl+TD90J
KWRlnU0SMKc+nGTEENHxPPbI7BJil7d6LFDj7gGfNSkyZuqB2uBraB8d2tSy6s8i
6y/akKg9UYGVETC4IZl+eL6OXnqQcFIPSf29t8GF8J7kZMzcDNEVCkDjUu0dx+mI
/UWaNpYotAXHUCVHmkQ1KjXvnEMtmChGRJullDGm/L9gjzei8ZKB75Stdynp18T9
M7YPVMQRT4+FUvjq+374kI8QjSm0BZEZsz/2thkaqlG+i2Sfr1TyiRXFvLNil2aj
nJ7Oh04xVJDmz4Ln4j3z/M1iiNVsA7PQ6Zz842nm2YD/x7ugZa9C9SmGRtl4KXnx
rDuJAjcEEwEIACEFAlML03kCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
01d1B/pA6eLXtw/9FeV38cRwnPkdTCiqVtwzKh9VaYn6AFX/1X0LoLV+3Mh6Lkzw
8ZRHJfb21sPjA+NVAA4yo20Dm9tI0R6jy7ikxIgmHUZZH5sH3tUfBYILtqRfTHyX
qhjFSjPPcOqU7NA3zmsAmGTc9Eu73F+4hPP/kXoF4OmiEJjiDZm+38wQ/q2sZoxy
aPussddWpmUbIPYJwfCz0Dy3GvsVhLN3deWGjtyMTLrfYYqweKnJpWF1p1ke4ZxC
YI7DSbDVdqYCkh1BTHWNqpYjMab3p4bRdLgwCDkOvIt1fSf8b/lFCkD0ZHcvL+TQ
f5h9YsuaTIMJu9M0il73eLlc9z5PlZpMD4R1mbdEMMMs82d7vEbLT9cHYlJ1lZlU
cNlaRvuIR4cCHdYqJXZ+9fCc0nElXLmrPSWEgauYlEb4XOCCgnHnP3VEMAVycSkY
rBgucYycfMQ2CXJoz4FPVST/irGCe1vpf3Vqq0SVoiAZdz3yNQ9M8iXhaA+hdrbp
pgoRgGIPBf2BjUA+Xgz8rB184tA3p9VOcvQ0LrK/N3y5FU1tk9OEemsHTKgEFFQ7
b7OSIIUChvfl7ugXcOosNtZmD1pdyAuaiqDkeTBO+teD0LjUaUwWxl7uwLjOODjj
WN5ixjNRjv7us6htnPvv/GhhWb66Fc15XQ1gJdhiMrp426dJ32YP6OG6WWy5AgsE
Qjxx+AEQANWX4zqswKPWnq5nRhPuLm68QJxUbFiYYL6+ir4+LOV9uwKhuMtZIfZQ
3do7S3b74QMhubOrdAnNbsvd9glqHrULQzmfSM97bJn6TJNzWOunGbu35OX6aO9J
mIYCcwZq/6JYqawTYhkL5Pu4jrLSPa9BOJR5wNZ78geqeKhp6VFGAS77lt21PrFr
uVVCoIXE2iYM2V9Rn8/lW/+ah3Z6Y+ZXgjQ+0npMTdQYwKh+ZdPpq7zkyXGn4LH0
y0oALEZZaUaZUDn8wCVhcZsQYRXzH+W6KSplb+zq7VEUT5Yf3c1XC8sBzcF5UWfW
+urodROCoWgEpz/DygM98d+Sfpj2Ui4qDrnfe3dJ6etF955/755XZ+LqLij8gu5C
GB/dWVeRUBY34fUviqUuXAmnA50Sbl66h+6R+kuyQhMQYSLfd4o3u4l06qBNf5eG
D1hj1RdBmfFN2tiD/XkwLSSl0t813J5fSm8TPwHu5rt1KvxXU8EFiTGhIZcALB1t
8tROywo253tEOaD1S2VmkJSGTa4xA5dZwe61MzcBA5SN6+lRC7PRK04ov2DMIky7
vcJ9b3qVXKDNmKyPigGrOnc8MDX1LIQ6F2JC5A0+tiWSghO5BTMptcWzNxVdcp5Z
ClD8iFdsc0nMtqECT+WTh4MIFMMK/hHw7QkaYglQ+kLb6EwMW4ozAAYpiQIfBBgB
AgAJBQJCPHH4AhsMAAoJENNXdQf6QOnisnIP/11tnqTaiD6giEijgMFDoXOgd3eC
ecNw0KkMkY25VK9QGMaGOKHPJUxF8UOoJfzL3rAGs1ezvYfxQb4uYkTPZcsWndZJ
g0QzKRRu2GSa4p8lJAHThaVMTJ+AbyWwgQIcnskyY3eMEaB7tUEReJKiKf/f2RhS
VMKbHukqw1Tq5SabRT/o+gIFvVUlH/2m3konlvhxQlevAMPsI8hebTFCnPS5CZbu
SVxUFlC/HLxNXmSN+TxFCu9WmCIXt1biKWmVYC524dsGu3F5ojTuVGn3ND88bQCc
+GsZnU7wZ1HodEZMgYhdttR53BsVv/VkkwnmuFykq5g9nFEez7GfSm4a3Wg12zG3
LVWCv997jNmfVIskzTvz6GwkvKS7VjSmOT7hIjI/PZcZ60KNTkXxVyqs8E6Y0h9S
W4+TRmjSbGgH1j0PpufxVqndxZSH388Nprq7CJZ/tEZkWwv+UvEGeMmSqk4adECc
J3AoXiAOsYkGin0oTWIAja5X7DKjeNQJfwfwtMjQ46aJnvGEpypWKu7Y4UnkFWGd
H3j4ZdyzVgCRUnIuIHCzOKR8jrHw7Udxb6Ck6Y9MLJ/pcOzrUCnaALKhMREaNZmY
G/cu/anS1ekMIWkC/QyX6xbXi7IedakaL56y7nJRBRmPuETKACSAWkGJ5ojm6BxT
TInCFx1evwVXM3s6
=eP1B
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</body></html>

View File

@ -29,7 +29,7 @@ Provides: ssl
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
Version: 1.0.1f
Version: 1.0.1g
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -64,7 +64,6 @@ Patch15: openssl-1.0.1e-fips.patch
Patch16: openssl-1.0.1e-fips-ec.patch
Patch17: openssl-1.0.1e-fips-ctor.patch
Patch18: openssl-1.0.1e-new-fips-reqs.patch
Patch19: CVE-2014-0076.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -170,7 +169,6 @@ this package's base documentation.
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
cp -p %{S:10} .
cp -p %{S:11} .
@ -228,7 +226,7 @@ no-ec2m \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS -std=gnu99 \
$RPM_OPT_FLAGS -O3 -std=gnu99 \
-Wa,--noexecstack \
-fomit-frame-pointer \
-DTERMIO \