pool/openssl
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 229370 from Base:System

Browse Source 
- update to 1.0.1g:
  * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299)
  * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945)
  * Workaround for the "TLS hang bug" (see FAQ and PR#2771)
- remove CVE-2014-0076.patch
- openssl.keyring: upstream changed to:
  pub  4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org>
  uid                            Dr Stephen Henson <shenson@drh-consultancy.co.uk>
  uid                            Dr Stephen Henson <shenson@opensslfoundation.com>

OBS-URL: https://build.opensuse.org/request/show/229370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=110
This commit is contained in:
Stephan Kulow 2014-04-09 16:17:23 +00:00 committed by Git OBS Bridge
parent 9a6d63222e
commit d5a92c035d
20 changed files with 910 additions and 979 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
0001-libcrypto-Hide-library-private-symbols.patch
View File

@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
crypto/x509v3/pcy_int.h | 3 +++
31 files changed, 85 insertions(+), 17 deletions(-)
Index: openssl-1.0.1e/apps/Makefile
Index: openssl-1.0.1g/apps/Makefile
===================================================================
--- openssl-1.0.1e.orig/apps/Makefile
+++ openssl-1.0.1e/apps/Makefile
--- openssl-1.0.1g.orig/apps/Makefile
+++ openssl-1.0.1g/apps/Makefile
@@ -20,7 +20,7 @@ EXE_EXT=
SHLIB_TARGET=
@ -50,10 +50,10 @@ Index: openssl-1.0.1e/apps/Makefile
GENERAL=Makefile makeapps.com install.com
Index: openssl-1.0.1e/crypto/asn1/asn1_locl.h
Index: openssl-1.0.1g/crypto/asn1/asn1_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1e/crypto/asn1/asn1_locl.h
--- openssl-1.0.1g.orig/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1g/crypto/asn1/asn1_locl.h
@@ -58,6 +58,8 @@
/* Internal ASN1 structures and functions: not for application use */
@ -69,10 +69,10 @@ Index: openssl-1.0.1e/crypto/asn1/asn1_locl.h
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/bn/bn_lcl.h
Index: openssl-1.0.1g/crypto/bn/bn_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/bn/bn_lcl.h
+++ openssl-1.0.1e/crypto/bn/bn_lcl.h
--- openssl-1.0.1g.orig/crypto/bn/bn_lcl.h
+++ openssl-1.0.1g/crypto/bn/bn_lcl.h
@@ -483,6 +483,8 @@ extern "C" {
#undef bn_div_words
#endif
@ -91,10 +91,10 @@ Index: openssl-1.0.1e/crypto/bn/bn_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h
Index: openssl-1.0.1g/crypto/camellia/cmll_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1e/crypto/camellia/cmll_locl.h
--- openssl-1.0.1g.orig/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1g/crypto/camellia/cmll_locl.h
@@ -68,6 +68,8 @@
#ifndef HEADER_CAMELLIA_LOCL_H
#define HEADER_CAMELLIA_LOCL_H
@ -110,10 +110,10 @@ Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h
CAMELLIA_KEY *key);
+#pragma GCC visibility pop
#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
Index: openssl-1.0.1e/crypto/cast/cast_lcl.h
Index: openssl-1.0.1g/crypto/cast/cast_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/cast/cast_lcl.h
+++ openssl-1.0.1e/crypto/cast/cast_lcl.h
--- openssl-1.0.1g.orig/crypto/cast/cast_lcl.h
+++ openssl-1.0.1g/crypto/cast/cast_lcl.h
@@ -217,6 +217,7 @@
}
#endif
@ -127,10 +127,10 @@ Index: openssl-1.0.1e/crypto/cast/cast_lcl.h
extern const CAST_LONG CAST_S_table6[256];
extern const CAST_LONG CAST_S_table7[256];
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/cms/cms_lcl.h
Index: openssl-1.0.1g/crypto/cms/cms_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/cms/cms_lcl.h
+++ openssl-1.0.1e/crypto/cms/cms_lcl.h
--- openssl-1.0.1g.orig/crypto/cms/cms_lcl.h
+++ openssl-1.0.1g/crypto/cms/cms_lcl.h
@@ -426,6 +426,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
#define CMS_RECIPINFO_ISSUER_SERIAL 0
#define CMS_RECIPINFO_KEYIDENTIFIER 1
@ -150,10 +150,10 @@ Index: openssl-1.0.1e/crypto/cms/cms_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.1e/crypto/des/des_locl.h
Index: openssl-1.0.1g/crypto/des/des_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/des/des_locl.h
+++ openssl-1.0.1e/crypto/des/des_locl.h
--- openssl-1.0.1g.orig/crypto/des/des_locl.h
+++ openssl-1.0.1g/crypto/des/des_locl.h
@@ -421,10 +421,12 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
@ -167,20 +167,20 @@ Index: openssl-1.0.1e/crypto/des/des_locl.h
#ifdef OPENSSL_SMALL_FOOTPRINT
#undef DES_UNROLL
Index: openssl-1.0.1e/crypto/dsa/dsa_locl.h
Index: openssl-1.0.1g/crypto/dsa/dsa_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h
--- openssl-1.0.1g.orig/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h
@@ -57,4 +57,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1e/crypto/ec/ec_lcl.h
Index: openssl-1.0.1g/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ec_lcl.h
+++ openssl-1.0.1e/crypto/ec/ec_lcl.h
--- openssl-1.0.1g.orig/crypto/ec/ec_lcl.h
+++ openssl-1.0.1g/crypto/ec/ec_lcl.h
@@ -88,6 +88,8 @@
/* Structure details are not part of the exported interface,
* so all this may change in future versions. */
@ -196,10 +196,10 @@ Index: openssl-1.0.1e/crypto/ec/ec_lcl.h
#endif
+
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/ecdh/ech_locl.h
Index: openssl-1.0.1g/crypto/ecdh/ech_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1e/crypto/ecdh/ech_locl.h
--- openssl-1.0.1g.orig/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1g/crypto/ecdh/ech_locl.h
@@ -58,6 +58,8 @@
#include <openssl/ecdh.h>
@ -216,10 +216,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_locl.h
-
+#pragma GCC visibility pop
#endif /* HEADER_ECH_LOCL_H */
Index: openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
Index: openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
@@ -61,6 +61,8 @@
#include <openssl/ecdsa.h>
@ -236,10 +236,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
+#pragma GCC visibility pop
+
#endif /* HEADER_ECS_LOCL_H */
Index: openssl-1.0.1e/crypto/engine/eng_int.h
Index: openssl-1.0.1g/crypto/engine/eng_int.h
===================================================================
--- openssl-1.0.1e.orig/crypto/engine/eng_int.h
+++ openssl-1.0.1e/crypto/engine/eng_int.h
--- openssl-1.0.1g.orig/crypto/engine/eng_int.h
+++ openssl-1.0.1g/crypto/engine/eng_int.h
@@ -68,6 +68,8 @@
/* Take public definitions from engine.h */
#include <openssl/engine.h>
@ -256,10 +256,10 @@ Index: openssl-1.0.1e/crypto/engine/eng_int.h
-
+#pragma GCC visibility pop
#endif /* HEADER_ENGINE_INT_H */
Index: openssl-1.0.1e/crypto/engine/eng_rsax.c
Index: openssl-1.0.1g/crypto/engine/eng_rsax.c
===================================================================
--- openssl-1.0.1e.orig/crypto/engine/eng_rsax.c
+++ openssl-1.0.1e/crypto/engine/eng_rsax.c
--- openssl-1.0.1g.orig/crypto/engine/eng_rsax.c
+++ openssl-1.0.1g/crypto/engine/eng_rsax.c
@@ -262,7 +262,7 @@ static int mod_exp_pre_compute_data_512(
void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
UINT64 *g, /* 512 bits, 8 qwords */
@ -269,10 +269,10 @@ Index: openssl-1.0.1e/crypto/engine/eng_rsax.c
typedef struct st_e_rsax_mod_ctx
{
Index: openssl-1.0.1e/crypto/evp/e_aes.c
Index: openssl-1.0.1g/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_aes.c
+++ openssl-1.0.1e/crypto/evp/e_aes.c
--- openssl-1.0.1g.orig/crypto/evp/e_aes.c
+++ openssl-1.0.1g/crypto/evp/e_aes.c
@@ -108,6 +108,8 @@ typedef struct
#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
@ -318,10 +318,10 @@ Index: openssl-1.0.1e/crypto/evp/e_aes.c
static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
Index: openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
Index: openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
--- openssl-1.0.1g.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -97,6 +97,8 @@ typedef struct
extern unsigned int OPENSSL_ia32cap_P[2];
#define AESNI_CAPABLE (1<<(57-32))
@ -340,10 +340,10 @@ Index: openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
Index: openssl-1.0.1e/crypto/evp/evp_locl.h
Index: openssl-1.0.1g/crypto/evp/evp_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/evp_locl.h
+++ openssl-1.0.1e/crypto/evp/evp_locl.h
--- openssl-1.0.1g.orig/crypto/evp/evp_locl.h
+++ openssl-1.0.1g/crypto/evp/evp_locl.h
@@ -263,6 +263,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
EVP_CIPHER_get_asn1_iv, \
NULL)
@ -362,10 +362,10 @@ Index: openssl-1.0.1e/crypto/evp/evp_locl.h
#ifdef OPENSSL_FIPS
#ifdef OPENSSL_DOING_MAKEDEPEND
Index: openssl-1.0.1e/crypto/md4/md4_locl.h
Index: openssl-1.0.1g/crypto/md4/md4_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/md4/md4_locl.h
+++ openssl-1.0.1e/crypto/md4/md4_locl.h
--- openssl-1.0.1g.orig/crypto/md4/md4_locl.h
+++ openssl-1.0.1g/crypto/md4/md4_locl.h
@@ -65,7 +65,7 @@
#define MD4_LONG_LOG2 2 /* default to 32 bits */
#endif
@ -375,10 +375,10 @@ Index: openssl-1.0.1e/crypto/md4/md4_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1e/crypto/md5/md5_locl.h
Index: openssl-1.0.1g/crypto/md5/md5_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/md5/md5_locl.h
+++ openssl-1.0.1e/crypto/md5/md5_locl.h
--- openssl-1.0.1g.orig/crypto/md5/md5_locl.h
+++ openssl-1.0.1g/crypto/md5/md5_locl.h
@@ -74,7 +74,7 @@
# endif
#endif
@ -388,11 +388,11 @@ Index: openssl-1.0.1e/crypto/md5/md5_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1e/crypto/modes/modes_lcl.h
Index: openssl-1.0.1g/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1e/crypto/modes/modes_lcl.h
@@ -86,6 +86,8 @@ typedef unsigned char u8;
--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
@@ -83,6 +83,8 @@ typedef unsigned char u8;
#define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
#endif
@ -401,16 +401,16 @@ Index: openssl-1.0.1e/crypto/modes/modes_lcl.h
/* GCM definitions */
typedef struct { u64 hi,lo; } u128;
@@ -128,4 +130,4 @@ struct ccm128_context {
@@ -125,4 +127,4 @@ struct ccm128_context {
block128_f block;
void *key;
};
-
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/o_str.h
Index: openssl-1.0.1g/crypto/o_str.h
===================================================================
--- openssl-1.0.1e.orig/crypto/o_str.h
+++ openssl-1.0.1e/crypto/o_str.h
--- openssl-1.0.1g.orig/crypto/o_str.h
+++ openssl-1.0.1g/crypto/o_str.h
@@ -61,8 +61,12 @@
#include <stddef.h> /* to get size_t */
@ -424,10 +424,10 @@ Index: openssl-1.0.1e/crypto/o_str.h
+#pragma GCC visibility pop
+
#endif
Index: openssl-1.0.1e/crypto/o_time.h
Index: openssl-1.0.1g/crypto/o_time.h
===================================================================
--- openssl-1.0.1e.orig/crypto/o_time.h
+++ openssl-1.0.1e/crypto/o_time.h
--- openssl-1.0.1g.orig/crypto/o_time.h
+++ openssl-1.0.1g/crypto/o_time.h
@@ -61,7 +61,11 @@
#include <time.h>
@ -440,10 +440,10 @@ Index: openssl-1.0.1e/crypto/o_time.h
+#pragma GCC visibility pop
+
#endif
Index: openssl-1.0.1e/crypto/ripemd/rmd_locl.h
Index: openssl-1.0.1g/crypto/ripemd/rmd_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1e/crypto/ripemd/rmd_locl.h
--- openssl-1.0.1g.orig/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1g/crypto/ripemd/rmd_locl.h
@@ -76,7 +76,7 @@
# endif
#endif
@ -453,20 +453,20 @@ Index: openssl-1.0.1e/crypto/ripemd/rmd_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1e/crypto/rsa/rsa_locl.h
Index: openssl-1.0.1g/crypto/rsa/rsa_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1e/crypto/rsa/rsa_locl.h
--- openssl-1.0.1g.orig/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1g/crypto/rsa/rsa_locl.h
@@ -1,4 +1,4 @@
extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen,
- RSA *rsa);
+ RSA *rsa) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1e/crypto/sha/sha256.c
Index: openssl-1.0.1g/crypto/sha/sha256.c
===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha256.c
+++ openssl-1.0.1e/crypto/sha/sha256.c
--- openssl-1.0.1g.orig/crypto/sha/sha256.c
+++ openssl-1.0.1g/crypto/sha/sha256.c
@@ -110,7 +110,7 @@ int SHA224_Final (unsigned char *md, SHA
#ifndef SHA256_ASM
static
@ -476,10 +476,10 @@ Index: openssl-1.0.1e/crypto/sha/sha256.c
#include "md32_common.h"
Index: openssl-1.0.1e/crypto/sha/sha512.c
Index: openssl-1.0.1g/crypto/sha/sha512.c
===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha512.c
+++ openssl-1.0.1e/crypto/sha/sha512.c
--- openssl-1.0.1g.orig/crypto/sha/sha512.c
+++ openssl-1.0.1g/crypto/sha/sha512.c
@@ -94,7 +94,7 @@ fips_md_init(SHA512)
#ifndef SHA512_ASM
static
@ -489,10 +489,10 @@ Index: openssl-1.0.1e/crypto/sha/sha512.c
int SHA512_Final (unsigned char *md, SHA512_CTX *c)
{
Index: openssl-1.0.1e/crypto/sha/sha_locl.h
Index: openssl-1.0.1g/crypto/sha/sha_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha_locl.h
+++ openssl-1.0.1e/crypto/sha/sha_locl.h
--- openssl-1.0.1g.orig/crypto/sha/sha_locl.h
+++ openssl-1.0.1g/crypto/sha/sha_locl.h
@@ -108,7 +108,7 @@ static void sha_block_data_order (SHA_CT
#ifndef SHA1_ASM
static
@ -502,10 +502,10 @@ Index: openssl-1.0.1e/crypto/sha/sha_locl.h
#else
# error "Either SHA_0 or SHA_1 must be defined."
Index: openssl-1.0.1e/crypto/store/str_locl.h
Index: openssl-1.0.1g/crypto/store/str_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/store/str_locl.h
+++ openssl-1.0.1e/crypto/store/str_locl.h
--- openssl-1.0.1g.orig/crypto/store/str_locl.h
+++ openssl-1.0.1g/crypto/store/str_locl.h
@@ -62,6 +62,8 @@
#include <openssl/crypto.h>
#include <openssl/store.h>
@ -522,10 +522,10 @@ Index: openssl-1.0.1e/crypto/store/str_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.1e/crypto/ui/ui_locl.h
Index: openssl-1.0.1g/crypto/ui/ui_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ui/ui_locl.h
+++ openssl-1.0.1e/crypto/ui/ui_locl.h
--- openssl-1.0.1g.orig/crypto/ui/ui_locl.h
+++ openssl-1.0.1g/crypto/ui/ui_locl.h
@@ -66,6 +66,8 @@
#undef _
#endif
@ -542,19 +542,19 @@ Index: openssl-1.0.1e/crypto/ui/ui_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.1e/crypto/whrlpool/wp_locl.h
Index: openssl-1.0.1g/crypto/whrlpool/wp_locl.h
===================================================================
--- openssl-1.0.1e.orig/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1e/crypto/whrlpool/wp_locl.h
--- openssl-1.0.1g.orig/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1g/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,3 @@
#include <openssl/whrlpool.h>
-void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
+void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1e/crypto/x509v3/ext_dat.h
Index: openssl-1.0.1g/crypto/x509v3/ext_dat.h
===================================================================
--- openssl-1.0.1e.orig/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1e/crypto/x509v3/ext_dat.h
--- openssl-1.0.1g.orig/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1g/crypto/x509v3/ext_dat.h
@@ -57,6 +57,8 @@
*/
/* This file contains a table of "standard" extensions */
@ -572,10 +572,10 @@ Index: openssl-1.0.1e/crypto/x509v3/ext_dat.h
/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
Index: openssl-1.0.1e/crypto/x509v3/pcy_int.h
Index: openssl-1.0.1g/crypto/x509v3/pcy_int.h
===================================================================
--- openssl-1.0.1e.orig/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1e/crypto/x509v3/pcy_int.h
--- openssl-1.0.1g.orig/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1g/crypto/x509v3/pcy_int.h
@@ -56,6 +56,7 @@
*
*/
@ -590,10 +590,10 @@ Index: openssl-1.0.1e/crypto/x509v3/pcy_int.h
const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+
+#pragma GCC visibility pop
Index: openssl-1.0.1e/crypto/modes/gcm128.c
Index: openssl-1.0.1g/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.1e.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1e/crypto/modes/gcm128.c
--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1g/crypto/modes/gcm128.c
@@ -651,9 +651,9 @@ static void gcm_gmult_1bit(u64 Xi[2],con
# define GCM_FUNCREF_4BIT
extern unsigned int OPENSSL_ia32cap_P[2];
@ -607,10 +607,10 @@ Index: openssl-1.0.1e/crypto/modes/gcm128.c
# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
# define GHASH_ASM_X86
Index: openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c
Index: openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c
--- openssl-1.0.1g.orig/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
@@ -78,7 +78,7 @@ typedef struct
#define NO_PAYLOAD_LENGTH ((size_t)-1)

23
0005-libssl-Hide-library-private-symbols.patch
View File

@ -13,10 +13,10 @@ API/ABI when GCC 4 or later is used.
ssl/ssl_locl.h | 8 ++++++++
2 files changed, 17 insertions(+)
diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
index c039c91..69972b1 100644
--- a/ssl/kssl_lcl.h
+++ b/ssl/kssl_lcl.h
Index: openssl-1.0.1g/ssl/kssl_lcl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/kssl_lcl.h
+++ openssl-1.0.1g/ssl/kssl_lcl.h
@@ -61,6 +61,10 @@
#include <openssl/kssl.h>
@ -28,7 +28,7 @@ index c039c91..69972b1 100644
#ifndef OPENSSL_NO_KRB5
#ifdef __cplusplus
@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl
}
#endif
#endif /* OPENSSL_NO_KRB5 */
@ -38,10 +38,10 @@ index c039c91..69972b1 100644
+#endif
+
#endif /* KSSL_LCL_H */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 56f9b4b..dde4e3e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
Index: openssl-1.0.1g/ssl/ssl_locl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl_locl.h
+++ openssl-1.0.1g/ssl/ssl_locl.h
@@ -165,6 +165,10 @@
#include <openssl/ssl.h>
#include <openssl/symhacks.h>
@ -53,7 +53,7 @@ index 56f9b4b..dde4e3e 100644
#ifdef OPENSSL_BUILD_SHLIBSSL
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
@@ -1357,4 +1361,8 @@ void tls_fips_digest_extra(
@@ -1174,4 +1178,8 @@ void tls_fips_digest_extra(
const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
const unsigned char *data, size_t data_len, size_t orig_len);
@ -62,6 +62,3 @@ index 56f9b4b..dde4e3e 100644
+#endif
+
#endif
--
1.8.3.1

150
CVE-2014-0076.patch
View File

@ -1,150 +0,0 @@
Index: openssl-1.0.1f/crypto/bn/bn.h
===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn.h
+++ openssl-1.0.1f/crypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
/* Deprecated versions */
#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,12 +776,22 @@ int RAND_pseudo_bytes(unsigned char *buf
#define bn_fix_top(a) bn_check_top(a)
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
#else /* !BN_DEBUG */
#define bn_pollute(a)
#define bn_check_top(a)
#define bn_fix_top(a) bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
+
#endif
#define bn_correct_top(a) \
Index: openssl-1.0.1f/crypto/bn/bn_lib.c
===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn_lib.c
+++ openssl-1.0.1f/crypto/bn/bn_lib.c
@@ -824,3 +824,56 @@ int bn_cmp_part_words(const BN_ULONG *a,
}
return bn_cmp_words(a,b,cl);
}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
+
Index: openssl-1.0.1f/crypto/ec/ec2_mult.c
===================================================================
--- openssl-1.0.1f.orig/crypto/ec/ec2_mult.c
+++ openssl-1.0.1f/crypto/ec/ec2_mult.c
@@ -210,9 +210,12 @@ static int gf2m_Mxy(const EC_GROUP *grou
/* Computes scalar*point and stores the result in r.
* point can not equal r.
- * Uses algorithm 2P of
+ * Uses a modified algorithm 2P of
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
*/
static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +249,11 @@ static int ec_GF2m_montgomery_point_mult
x2 = &r->X;
z2 = &r->Y;
+ bn_wexpand(x1, group->field.top);
+ bn_wexpand(z1, group->field.top);
+ bn_wexpand(x2, group->field.top);
+ bn_wexpand(z2, group->field.top);
+
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
if (!BN_one(z1)) goto err; /* z1 = 1 */
if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +278,12 @@ static int ec_GF2m_montgomery_point_mult
word = scalar->d[i];
while (mask)
{
- if (word & mask)
- {
- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
- }
- else
- {
- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
- }
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
mask >>= 1;
}
mask = BN_TBIT;

8
bug610223.patch
View File

@ -1,8 +1,8 @@
Index: openssl-1.0.0/Configure
Index: openssl-1.0.1g/Configure
===================================================================
--- openssl-1.0.0.orig/Configure
+++ openssl-1.0.0/Configure
@@ -1673,7 +1673,8 @@ while (<IN>)
--- openssl-1.0.1g.orig/Configure
+++ openssl-1.0.1g/Configure
@@ -1804,7 +1804,8 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{

16
merge_from_0.9.8k.patch
View File

@ -1,6 +1,8 @@
--- openssl-1.0.1c.orig/Configure
+++ openssl-1.0.1c/Configure
@@ -931,7 +931,7 @@ PROCESS_ARGS:
Index: openssl-1.0.1g/Configure
===================================================================
--- openssl-1.0.1g.orig/Configure
+++ openssl-1.0.1g/Configure
@@ -933,7 +933,7 @@ PROCESS_ARGS:
}
else
{
@ -9,7 +11,7 @@
$target=$_;
}
@@ -1204,7 +1204,7 @@ if ($target =~ /^mingw/ && `$cc --target
@@ -1206,7 +1206,7 @@ if ($target =~ /^mingw/ && `$cc --target
my $no_shared_warn=0;
my $no_user_cflags=0;
@ -18,8 +20,10 @@
else { $no_user_cflags=1; }
# Kerberos settings. The flavor must be provided from outside, either through
--- openssl-1.0.1c.orig/config
+++ openssl-1.0.1c/config
Index: openssl-1.0.1g/config
===================================================================
--- openssl-1.0.1g.orig/config
+++ openssl-1.0.1g/config
@@ -573,7 +573,8 @@ case "$GUESSOS" in
options="$options -arch%20${MACHINE}"
OUT="iphoneos-cross" ;;

27
openssl-1.0.1c-default-paths.patch
View File

@ -1,7 +1,8 @@
diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100
@@ -1166,12 +1166,19 @@ bad:
Index: openssl-1.0.1g/apps/s_client.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_client.c
+++ openssl-1.0.1g/apps/s_client.c
@@ -1174,12 +1174,19 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
@ -26,10 +27,11 @@ diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_clie
}
#ifndef OPENSSL_NO_TLSEXT
diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100
@@ -1565,13 +1565,21 @@ bad:
Index: openssl-1.0.1g/apps/s_server.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_server.c
+++ openssl-1.0.1g/apps/s_server.c
@@ -1572,13 +1572,21 @@ bad:
}
#endif
@ -56,7 +58,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_serv
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
@@ -1622,8 +1630,11 @@ bad:
@@ -1629,8 +1637,11 @@ bad:
else
SSL_CTX_sess_set_cache_size(ctx2,128);
@ -70,9 +72,10 @@ diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_serv
{
ERR_print_errors(bio_err);
}
diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
--- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100
Index: openssl-1.0.1g/apps/s_time.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_time.c
+++ openssl-1.0.1g/apps/s_time.c
@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();

40
openssl-1.0.1c-ipv6-apps.patch
View File

@ -1,6 +1,7 @@
diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
--- openssl-1.0.1c/apps/s_apps.h.ipv6-apps 2012-07-11 22:46:02.409221206 +0200
+++ openssl-1.0.1c/apps/s_apps.h 2012-07-11 22:46:02.451222165 +0200
Index: openssl-1.0.1g/apps/s_apps.h
===================================================================
--- openssl-1.0.1g.orig/apps/s_apps.h
+++ openssl-1.0.1g/apps/s_apps.h
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
@ -23,10 +24,11 @@ diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.ipv6-apps 2012-07-11 22:46:02.433221754 +0200
+++ openssl-1.0.1c/apps/s_client.c 2012-07-11 22:46:02.452222187 +0200
@@ -563,7 +563,7 @@ int MAIN(int argc, char **argv)
Index: openssl-1.0.1g/apps/s_client.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_client.c
+++ openssl-1.0.1g/apps/s_client.c
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
@ -35,7 +37,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -664,13 +664,12 @@ int MAIN(int argc, char **argv)
@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
@ -51,7 +53,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -1253,7 +1252,7 @@ bad:
@@ -1267,7 +1266,7 @@ bad:
re_start:
@ -60,10 +62,11 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.ipv6-apps 2012-07-11 22:46:02.434221777 +0200
+++ openssl-1.0.1c/apps/s_server.c 2012-07-11 22:46:02.453222210 +0200
@@ -929,7 +929,7 @@ int MAIN(int argc, char *argv[])
Index: openssl-1.0.1g/apps/s_server.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_server.c
+++ openssl-1.0.1g/apps/s_server.c
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
@ -72,7 +75,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -1000,8 +1000,7 @@ int MAIN(int argc, char *argv[])
@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
@ -82,7 +85,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1878,9 +1877,9 @@ bad:
@@ -1892,9 +1891,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
@ -94,9 +97,10 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
print_stats(bio_s_out,ctx);
ret=0;
end:
diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
--- openssl-1.0.1c/apps/s_socket.c.ipv6-apps 2011-12-02 15:39:40.000000000 +0100
+++ openssl-1.0.1c/apps/s_socket.c 2012-07-11 22:49:05.411400450 +0200
Index: openssl-1.0.1g/apps/s_socket.c
===================================================================
--- openssl-1.0.1g.orig/apps/s_socket.c
+++ openssl-1.0.1g/apps/s_socket.c
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif

106
openssl-1.0.1e-fips-ec.patch
View File

@ -1,7 +1,7 @@
Index: openssl-1.0.1e/crypto/ecdh/ecdh.h
Index: openssl-1.0.1g/crypto/ecdh/ecdh.h
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ecdh.h
+++ openssl-1.0.1e/crypto/ecdh/ecdh.h
--- openssl-1.0.1g.orig/crypto/ecdh/ecdh.h
+++ openssl-1.0.1g/crypto/ecdh/ecdh.h
@@ -85,6 +85,8 @@
extern "C" {
#endif
@ -11,10 +11,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ecdh.h
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
Index: openssl-1.0.1e/crypto/ecdh/ecdhtest.c
Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c
--- openssl-1.0.1g.orig/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1g/crypto/ecdh/ecdhtest.c
@@ -323,11 +323,15 @@ int main(int argc, char *argv[])
if ((ctx=BN_CTX_new()) == NULL) goto err;
@ -31,10 +31,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ecdhtest.c
#ifndef OPENSSL_NO_EC2M
/* NIST BINARY CURVES TESTS */
if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
Index: openssl-1.0.1e/crypto/ecdh/ech_lib.c
Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c
--- openssl-1.0.1g.orig/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1g/crypto/ecdh/ech_lib.c
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
{
if(!default_ECDH_method)
@ -50,10 +50,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_lib.c
}
return default_ECDH_method;
}
Index: openssl-1.0.1e/crypto/ecdh/ech_ossl.c
Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c
--- openssl-1.0.1g.orig/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1g/crypto/ecdh/ech_ossl.c
@@ -79,6 +79,10 @@
#include <openssl/obj_mac.h>
#include <openssl/bn.h>
@ -108,10 +108,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_ossl.c
if ((tmp=EC_POINT_new(group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
Index: openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
--- openssl-1.0.1g.orig/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
@@ -138,11 +138,14 @@ int restore_rand(void)
}
@ -147,10 +147,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
if (!test_builtin(out)) goto err;
ret = 0;
Index: openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
{
if(!default_ECDSA_method)
@ -166,10 +166,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
}
return default_ECDSA_method;
}
Index: openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
@@ -60,6 +60,9 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
@ -219,10 +219,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
Index: openssl-1.0.1e/crypto/ec/ec_key.c
Index: openssl-1.0.1g/crypto/ec/ec_key.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ec_key.c
+++ openssl-1.0.1e/crypto/ec/ec_key.c
--- openssl-1.0.1g.orig/crypto/ec/ec_key.c
+++ openssl-1.0.1g/crypto/ec/ec_key.c
@@ -64,9 +64,6 @@
#include <string.h>
#include "ec_lcl.h"
@ -319,10 +319,10 @@ Index: openssl-1.0.1e/crypto/ec/ec_key.c
{
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
EC_R_COORDINATES_OUT_OF_RANGE);
Index: openssl-1.0.1e/crypto/ec/ecp_mont.c
Index: openssl-1.0.1g/crypto/ec/ecp_mont.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_mont.c
+++ openssl-1.0.1e/crypto/ec/ecp_mont.c
--- openssl-1.0.1g.orig/crypto/ec/ecp_mont.c
+++ openssl-1.0.1g/crypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
#include <openssl/err.h>
@ -350,10 +350,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_mont.c
}
Index: openssl-1.0.1e/crypto/ec/ecp_nist.c
Index: openssl-1.0.1g/crypto/ec/ecp_nist.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_nist.c
+++ openssl-1.0.1e/crypto/ec/ecp_nist.c
--- openssl-1.0.1g.orig/crypto/ec/ecp_nist.c
+++ openssl-1.0.1g/crypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
#include <openssl/obj_mac.h>
#include "ec_lcl.h"
@ -378,10 +378,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_nist.c
}
int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
Index: openssl-1.0.1e/crypto/ec/ecp_smpl.c
Index: openssl-1.0.1g/crypto/ec/ecp_smpl.c
===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c
--- openssl-1.0.1g.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1g/crypto/ec/ecp_smpl.c
@@ -65,17 +65,10 @@
#include <openssl/err.h>
#include <openssl/symhacks.h>
@ -423,10 +423,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_smpl.c
if (ctx == NULL)
{
ctx = new_ctx = BN_CTX_new();
Index: openssl-1.0.1e/crypto/evp/m_ecdsa.c
Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c
===================================================================
--- openssl-1.0.1e.orig/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c
--- openssl-1.0.1g.orig/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1g/crypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
#include <openssl/x509.h>
@ -449,10 +449,10 @@ Index: openssl-1.0.1e/crypto/evp/m_ecdsa.c
}
#endif
-#endif
Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
@@ -0,0 +1,496 @@
+/* fips/ecdh/fips_ecdhvs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -950,10 +950,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
@@ -0,0 +1,533 @@
+/* fips/ecdsa/fips_ecdsavs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1488,10 +1488,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
@@ -0,0 +1,252 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1745,10 +1745,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
@@ -0,0 +1,167 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1917,10 +1917,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+ }
+
+#endif
Index: openssl-1.0.1e/crypto/fips/fips.h
Index: openssl-1.0.1g/crypto/fips/fips.h
===================================================================
--- openssl-1.0.1e.orig/crypto/fips/fips.h
+++ openssl-1.0.1e/crypto/fips/fips.h
--- openssl-1.0.1g.orig/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
void FIPS_corrupt_dsa(void);
void FIPS_corrupt_dsa_keygen(void);
@ -1930,10 +1930,10 @@ Index: openssl-1.0.1e/crypto/fips/fips.h
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
Index: openssl-1.0.1e/crypto/fips/fips_post.c
Index: openssl-1.0.1g/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.1e.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1e/crypto/fips/fips_post.c
--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_rsa())
@ -1947,10 +1947,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_post.c
return rv;
}
Index: openssl-1.0.1e/crypto/fips/Makefile
Index: openssl-1.0.1g/crypto/fips/Makefile
===================================================================
--- openssl-1.0.1e.orig/crypto/fips/Makefile
+++ openssl-1.0.1e/crypto/fips/Makefile
--- openssl-1.0.1g.orig/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \

674
openssl-1.0.1e-fips.patch
View File

File diff suppressed because it is too large Load Diff

157
openssl-1.0.1e-new-fips-reqs.patch
View File

@ -1,7 +1,7 @@
Index: openssl-1.0.1f/crypto/bn/bn_rand.c
Index: openssl-1.0.1g/crypto/bn/bn_rand.c
===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn_rand.c
+++ openssl-1.0.1f/crypto/bn/bn_rand.c
--- openssl-1.0.1g.orig/crypto/bn/bn_rand.c
+++ openssl-1.0.1g/crypto/bn/bn_rand.c
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
}
@ -18,10 +18,10 @@ Index: openssl-1.0.1f/crypto/bn/bn_rand.c
if (pseudorand)
{
Index: openssl-1.0.1f/crypto/dh/dh_gen.c
Index: openssl-1.0.1g/crypto/dh/dh_gen.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh_gen.c
+++ openssl-1.0.1f/crypto/dh/dh_gen.c
--- openssl-1.0.1g.orig/crypto/dh/dh_gen.c
+++ openssl-1.0.1g/crypto/dh/dh_gen.c
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
return 0;
}
@ -31,10 +31,10 @@ Index: openssl-1.0.1f/crypto/dh/dh_gen.c
{
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
goto err;
Index: openssl-1.0.1f/crypto/dh/dh.h
Index: openssl-1.0.1g/crypto/dh/dh.h
===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh.h
+++ openssl-1.0.1f/crypto/dh/dh.h
--- openssl-1.0.1g.orig/crypto/dh/dh.h
+++ openssl-1.0.1g/crypto/dh/dh.h
@@ -78,6 +78,7 @@
#endif
@ -43,10 +43,10 @@ Index: openssl-1.0.1f/crypto/dh/dh.h
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
Index: openssl-1.0.1f/crypto/dh/dh_check.c
Index: openssl-1.0.1g/crypto/dh/dh_check.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh_check.c
+++ openssl-1.0.1f/crypto/dh/dh_check.c
--- openssl-1.0.1g.orig/crypto/dh/dh_check.c
+++ openssl-1.0.1g/crypto/dh/dh_check.c
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
BN_sub_word(q,1);
if (BN_cmp(pub_key,q)>=0)
@ -81,10 +81,10 @@ Index: openssl-1.0.1f/crypto/dh/dh_check.c
ok = 1;
err:
if (q != NULL) BN_free(q);
Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c
Index: openssl-1.0.1g/crypto/dsa/dsa_gen.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa_gen.c
+++ openssl-1.0.1f/crypto/dsa/dsa_gen.c
--- openssl-1.0.1g.orig/crypto/dsa/dsa_gen.c
+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c
@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
}
@ -93,10 +93,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c
(bits != 2048 || qbits != 224) &&
(bits != 2048 || qbits != 256) &&
(bits != 3072 || qbits != 256))
Index: openssl-1.0.1f/crypto/dsa/dsa.h
Index: openssl-1.0.1g/crypto/dsa/dsa.h
===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa.h
+++ openssl-1.0.1f/crypto/dsa/dsa.h
--- openssl-1.0.1g.orig/crypto/dsa/dsa.h
+++ openssl-1.0.1g/crypto/dsa/dsa.h
@@ -89,6 +89,7 @@
#endif
@ -118,10 +118,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa.h
#define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
Index: openssl-1.0.1f/crypto/dsa/dsa_key.c
Index: openssl-1.0.1g/crypto/dsa/dsa_key.c
===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa_key.c
+++ openssl-1.0.1f/crypto/dsa/dsa_key.c
--- openssl-1.0.1g.orig/crypto/dsa/dsa_key.c
+++ openssl-1.0.1g/crypto/dsa/dsa_key.c
@@ -122,7 +122,7 @@ static int dsa_builtin_keygen(DSA *dsa)
#ifdef OPENSSL_FIPS
@ -131,10 +131,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa_key.c
{
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
goto err;
Index: openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
@@ -0,0 +1,162 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@ -298,10 +298,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
+ return ret;
+ }
+#endif
Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
Index: openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_drbg_rand.c
+++ openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
--- openssl-1.0.1g.orig/crypto/fips/fips_drbg_rand.c
+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
int rv = 0;
unsigned char *adin = NULL;
@ -382,10 +382,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
}
static const RAND_METHOD rand_drbg_meth =
Index: openssl-1.0.1f/crypto/fips/fips.h
Index: openssl-1.0.1g/crypto/fips/fips.h
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips.h
+++ openssl-1.0.1f/crypto/fips/fips.h
--- openssl-1.0.1g.orig/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
@ -394,10 +394,10 @@ Index: openssl-1.0.1f/crypto/fips/fips.h
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
Index: openssl-1.0.1f/crypto/fips/fips_post.c
Index: openssl-1.0.1g/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1f/crypto/fips/fips_post.c
--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
@@ -99,6 +99,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_dsa())
@ -407,10 +407,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_post.c
if (!FIPS_selftest_ecdh())
rv = 0;
return rv;
Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
Index: openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_rsa_selftest.c
+++ openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
--- openssl-1.0.1g.orig/crypto/fips/fips_rsa_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
};
@ -480,10 +480,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
RSA_free(key);
return ret;
}
Index: openssl-1.0.1f/crypto/fips/Makefile
Index: openssl-1.0.1g/crypto/fips/Makefile
===================================================================
--- openssl-1.0.1f.orig/crypto/fips/Makefile
+++ openssl-1.0.1f/crypto/fips/Makefile
--- openssl-1.0.1g.orig/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -502,11 +502,11 @@ Index: openssl-1.0.1f/crypto/fips/Makefile
LIBCRYPTO=-L.. -lcrypto
Index: openssl-1.0.1f/crypto/modes/gcm128.c
Index: openssl-1.0.1g/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.1f.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1f/crypto/modes/gcm128.c
@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1g/crypto/modes/gcm128.c
@@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
# endif
#endif
@ -517,7 +517,7 @@ Index: openssl-1.0.1f/crypto/modes/gcm128.c
#if 0
n = (unsigned int)mlen%16; /* alternative to ctx->mres */
#endif
@@ -1213,6 +1217,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
@@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
# endif
#endif
@ -528,10 +528,10 @@ Index: openssl-1.0.1f/crypto/modes/gcm128.c
mlen += len;
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
return -1;
Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
Index: openssl-1.0.1g/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1f/crypto/modes/modes_lcl.h
--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
@@ -114,6 +114,8 @@ struct gcm128_context {
unsigned int mres, ares;
block128_f block;
@ -541,10 +541,10 @@ Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
};
struct xts128_context {
Index: openssl-1.0.1f/crypto/rand/md_rand.c
Index: openssl-1.0.1g/crypto/rand/md_rand.c
===================================================================
--- openssl-1.0.1f.orig/crypto/rand/md_rand.c
+++ openssl-1.0.1f/crypto/rand/md_rand.c
--- openssl-1.0.1g.orig/crypto/rand/md_rand.c
+++ openssl-1.0.1g/crypto/rand/md_rand.c
@@ -143,12 +143,6 @@ static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
@ -565,9 +565,9 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
- int do_not_lock;
+ int locked;
/*
* (Based on the rand(3) manpage)
@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void *
if (!num)
return;
@@ -216,19 +210,8 @@ static void ssleay_rand_add(const void *
* hash function.
*/
@ -588,7 +588,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
st_idx=state_index;
/* use our own copies of the counters so that even
@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void *
@@ -260,7 +243,8 @@ static void ssleay_rand_add(const void *
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
@ -598,7 +598,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
EVP_MD_CTX_init(&m);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void *
@@ -311,7 +295,7 @@ static void ssleay_rand_add(const void *
}
EVP_MD_CTX_cleanup(&m);
@ -607,7 +607,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
/* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as
@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void *
@@ -322,7 +306,8 @@ static void ssleay_rand_add(const void *
}
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
@ -617,7 +617,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
assert(md_c[1] == md_count[1]);
@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch
@@ -347,6 +332,7 @@ static int ssleay_rand_bytes(unsigned ch
pid_t curr_pid = getpid();
#endif
int do_stir_pool = 0;
@ -625,7 +625,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
#ifdef PREDICT
if (rand_predictable)
@@ -384,13 +370,8 @@ static int ssleay_rand_bytes(unsigned ch
@@ -387,13 +373,8 @@ static int ssleay_rand_bytes(unsigned ch
/* NB: in FIPS mode we are already under a lock */
if (!FIPS_mode())
#endif
@ -640,7 +640,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
/* always poll for external entropy in FIPS mode, drbg provides the
* expansion
@@ -464,12 +445,11 @@ static int ssleay_rand_bytes(unsigned ch
@@ -467,12 +448,11 @@ static int ssleay_rand_bytes(unsigned ch
md_count[0] += 1;
@ -655,7 +655,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
while (num > 0)
{
@@ -524,13 +504,15 @@ static int ssleay_rand_bytes(unsigned ch
@@ -527,13 +507,15 @@ static int ssleay_rand_bytes(unsigned ch
#ifdef OPENSSL_FIPS
if (!FIPS_mode())
#endif
@ -673,7 +673,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
EVP_MD_CTX_cleanup(&m);
if (ok)
@@ -560,32 +542,10 @@ static int ssleay_rand_pseudo_bytes(unsi
@@ -563,32 +545,10 @@ static int ssleay_rand_pseudo_bytes(unsi
static int ssleay_rand_status(void)
{
@ -708,7 +708,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
if (!initialized)
{
@@ -595,13 +555,8 @@ static int ssleay_rand_status(void)
@@ -598,13 +558,8 @@ static int ssleay_rand_status(void)
ret = entropy >= ENTROPY_NEEDED;
@ -724,9 +724,10 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
return ret;
}
diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h
--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs 2013-12-18 12:17:09.764636958 +0100
+++ openssl-1.0.1e/crypto/rand/rand.h 2013-12-18 12:17:09.800637730 +0100
Index: openssl-1.0.1g/crypto/rand/rand.h
===================================================================
--- openssl-1.0.1g.orig/crypto/rand/rand.h
+++ openssl-1.0.1g/crypto/rand/rand.h
@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
int RAND_init_fips(void);
#endif
@ -736,9 +737,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-12-18 12:17:09.507631447 +0100
+++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-12-18 12:17:09.800637730 +0100
Index: openssl-1.0.1g/crypto/rand/rand_lcl.h
===================================================================
--- openssl-1.0.1g.orig/crypto/rand/rand_lcl.h
+++ openssl-1.0.1g/crypto/rand/rand_lcl.h
@@ -112,7 +112,7 @@
#ifndef HEADER_RAND_LCL_H
#define HEADER_RAND_LCL_H
@ -748,9 +750,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/r
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-12-18 18:16:45.625850730 +0100
Index: openssl-1.0.1g/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.0.1g.orig/crypto/rand/rand_lib.c
+++ openssl-1.0.1g/crypto/rand/rand_lib.c
@@ -181,6 +181,41 @@ int RAND_status(void)
return 0;
}
@ -810,9 +813,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/r
return 1;
}
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs 2013-12-18 12:17:09.764636958 +0100
+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-12-19 17:40:58.483154314 +0100
Index: openssl-1.0.1g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.1g.orig/crypto/rsa/rsa_gen.c
+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c
@@ -1,5 +1,6 @@
/* crypto/rsa/rsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@ -1080,9 +1084,10 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa
ok=1;
err:
if (ok == -1)
diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c
--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-18 12:17:09.801637751 +0100
Index: openssl-1.0.1g/ssl/t1_enc.c
===================================================================
--- openssl-1.0.1g.orig/ssl/t1_enc.c
+++ openssl-1.0.1g/ssl/t1_enc.c
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
err:
return ret;

3
openssl-1.0.1f.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
size 4509212

11
openssl-1.0.1f.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUAUsq/WqLSm3vylcdZAQI63Af8DQSLbopKVXumiTiK0dAtXU+FwGl3FSXE
KKJgpfMdPPTSn/kdcmh4LXv4rFae5gNn0GEpEMlcLPxJSSauo8CO9xfYzA2Y1POE
bL9qemk7B/g/i2WZi6gTVP0/38/qRBh/3WyR94iVplZm5P8e+7bXqoHDEBtNMew1
YcalGMgd/1ajvGo9+Y6qHHSNVu2FfSLQ7vqeurTHgo9c2ZhvDEsw/rQjqn7oQ3c7
mz2qTYbgJ1+cikue47E0T0mQFv/my9flG6Bu63vhyioNZUxR5QVluuqAoLUAuM7h
xdJ8fVXMmqbLdr3ZQsCkdHeDQgke/FRVgyvzAdt7ensZoFSshfXcJw==
=exdx
-----END PGP SIGNATURE-----

3
openssl-1.0.1g.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
size 4509047

17
openssl-1.0.1g.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCAAGBQJTQtiaAAoJENNXdQf6QOniuAkP/2hFMcb2NEG36by4oleDQQA1
xw/qiE5NryMU7+bwwhjvVdGsyeLnnPxN0K5fFVlsWHFIJCArZ/ERsR3xJfldSoZX
xz/PgU4JAWT7vkhIR0zW2SInzxdX2hUsonG3dRqVY5JVX3aAMkcIanczpxrv39Cb
ZeKwStINV5HOXH++Y7O4SWsFF3w2H4cmijyF2QQngrvyGkkS4C1Wy/PH54rAQrSH
phfsDlULL48/4NPul9LiRK6clgf+6DtOa9eY/NF+enjmEw2B73PRt1DmCaaaabWU
RwKHyVZUvXGhZYnPnfriz+V09FEq9SMEyyCBg2JeTljESPaPKxPP53ueI7OTo3B8
cyXcVMq3nckgq3XI1j/Z/BJVTO6Zp/thTlkGv35O/+AgdY/lWiMictFYLLfbHC1Z
9A9gbwuhO7pc1BrQF0vhIR+NlHAq4fVA81xHrClsIWebs8XjaH4zLRoeYBKqK0+m
4T2vf78yh+viiSOU2KpQdi4kWOUpCMVBa4CJclyAWdX+jjhnrudWcV5JwCz1KtNK
Pdaje0WrJ8gqAKpZC88q2vhVZF8FQt2YGhe16sGM5N9aSeg0/GMd1rAbJPUlpQ41
/b64wg+J3/ZQsRDfNvXwIgaGa1Ur8mUv/hmtAr1ecXK+rOcn6wcoouWwDYcOCQj/
opNSFe0Slj1X6unB62z2
=9S5s
-----END PGP SIGNATURE-----

145
openssl-fix-pod-syntax.diff
View File

@ -59,10 +59,10 @@ Content-Length: 12835
doc/ssl/SSL_write.pod | 2 +-
23 files changed, 59 insertions(+), 55 deletions(-)
Index: openssl-1.0.1f/doc/apps/cms.pod
Index: openssl-1.0.1g/doc/apps/cms.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/cms.pod 2014-01-09 23:42:30.000000000 +0000
--- openssl-1.0.1g.orig/doc/apps/cms.pod
+++ openssl-1.0.1g/doc/apps/cms.pod
@@ -450,28 +450,28 @@ remains DER.
=over 4
@ -98,10 +98,10 @@ Index: openssl-1.0.1f/doc/apps/cms.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1f/doc/apps/smime.pod
Index: openssl-1.0.1g/doc/apps/smime.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/smime.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/apps/smime.pod
+++ openssl-1.0.1g/doc/apps/smime.pod
@@ -308,28 +308,28 @@ remains DER.
=over 4
@ -137,10 +137,10 @@ Index: openssl-1.0.1f/doc/apps/smime.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1f/doc/apps/ts.pod
Index: openssl-1.0.1g/doc/apps/ts.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/ts.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/apps/ts.pod 2014-01-09 23:45:03.000000000 +0000
--- openssl-1.0.1g.orig/doc/apps/ts.pod
+++ openssl-1.0.1g/doc/apps/ts.pod
@@ -58,19 +58,19 @@ time. Here is a brief description of the
=over 4
@ -164,10 +164,10 @@ Index: openssl-1.0.1f/doc/apps/ts.pod
The TSA client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
===================================================================
--- openssl-1.0.1f.orig/doc/crypto/OPENSSL_ia32cap.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod
+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
crypto library behaviour. For the moment of this writing six bits are
significant, namely:
@ -186,10 +186,10 @@ Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
For example, clearing bit #26 at run-time disables high-performance
SSE2 code present in the crypto library. You might have to do this if
target OpenSSL application is executed on SSE2 capable CPU, but under
Index: openssl-1.0.1f/doc/crypto/rand.pod
Index: openssl-1.0.1g/doc/crypto/rand.pod
===================================================================
--- openssl-1.0.1f.orig/doc/crypto/rand.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/crypto/rand.pod 2014-01-09 23:43:46.000000000 +0000
--- openssl-1.0.1g.orig/doc/crypto/rand.pod
+++ openssl-1.0.1g/doc/crypto/rand.pod
@@ -74,16 +74,16 @@ First up I will state the things I belie
=over 4
@ -241,10 +241,10 @@ Index: openssl-1.0.1f/doc/crypto/rand.pod
Given the random number output stream, it should not be possible to determine
the RNG state or the next random number.
Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
=over 4
@ -259,10 +259,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
The operation failed. Check the error queue to find out the reason.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@ The following values are returned by all
=over 4
@ -279,10 +279,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
=over 4
@ -299,10 +299,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
=over 4
@ -319,10 +319,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@ return the following values:
=over 4
@ -339,10 +339,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
=over 4
@ -357,10 +357,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-09 23:44:18.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
connection will fail with decryption_error before it will be finished
completely.
@ -370,10 +370,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod
+++ openssl-1.0.1g/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@ The following return values can occur:
=over 4
@ -390,10 +390,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod
+++ openssl-1.0.1g/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@ The following return values can occur:
=over 4
@ -409,10 +409,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
The SSL_clear() operation was successful.
Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod
+++ openssl-1.0.1g/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@ The following return values can occur:
=over 4
@ -429,10 +429,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod
+++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@ The following return values can occur:
=over 4
@ -449,10 +449,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod
+++ openssl-1.0.1g/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@ The following return values can occur:
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
@ -462,10 +462,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod
+++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@ The following return values can occur:
=over 4
@ -480,10 +480,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
A session was reused.
Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod
+++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@ The following return values can occur:
=over 4
@ -498,10 +498,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod
+++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@ The following return values can occur:
=over 4
@ -516,23 +516,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod
Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_shutdown.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod 2014-01-09 23:42:31.000000000 +0000
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection
=over 4
-=item 0
+=item Z<>0
No shutdown setting, yet.
Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod
+++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
@@ -92,19 +92,19 @@ The following return values can occur:
=over 4
@ -556,10 +543,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 13:47:42.000000000 +0000
+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-01-09 23:42:31.000000000 +0000
--- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod
+++ openssl-1.0.1g/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.

30
openssl-ocloexec.patch
View File

@ -1,3 +1,5 @@
Index: crypto/bio/b_sock.c
===================================================================
--- crypto/bio/b_sock.c.orig
+++ crypto/bio/b_sock.c
@@ -735,7 +735,7 @@ int BIO_get_accept_socket(char *host, in
@ -18,6 +20,8 @@
if (cs != INVALID_SOCKET)
{
int ii;
Index: crypto/bio/bss_conn.c
===================================================================
--- crypto/bio/bss_conn.c.orig
+++ crypto/bio/bss_conn.c
@@ -209,7 +209,7 @@ static int conn_state(BIO *b, BIO_CONNEC
@ -29,9 +33,11 @@
if (ret == INVALID_SOCKET)
{
SYSerr(SYS_F_SOCKET,get_last_socket_error());
Index: crypto/bio/bss_dgram.c
===================================================================
--- crypto/bio/bss_dgram.c.orig
+++ crypto/bio/bss_dgram.c
@@ -999,7 +999,7 @@ static int dgram_sctp_read(BIO *b, char
@@ -1032,7 +1032,7 @@ static int dgram_sctp_read(BIO *b, char
msg.msg_control = cmsgbuf;
msg.msg_controllen = 512;
msg.msg_flags = 0;
@ -40,7 +46,7 @@
if (msg.msg_controllen > 0)
{
@@ -1560,7 +1560,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1593,7 +1593,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -49,7 +55,7 @@
if (n <= 0)
{
if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
@@ -1583,7 +1583,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1616,7 +1616,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -58,7 +64,7 @@
if (n <= 0)
{
if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
@@ -1644,7 +1644,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
@@ -1677,7 +1677,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
fcntl(b->num, F_SETFL, O_NONBLOCK);
}
@ -67,7 +73,7 @@
if (is_dry)
{
@@ -1688,7 +1688,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
@@ -1721,7 +1721,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
sockflags = fcntl(b->num, F_GETFL, 0);
fcntl(b->num, F_SETFL, O_NONBLOCK);
@ -76,7 +82,7 @@
fcntl(b->num, F_SETFL, sockflags);
/* if notification, process and try again */
@@ -1709,7 +1709,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
@@ -1742,7 +1742,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
@ -85,6 +91,8 @@
if (data->handle_notifications != NULL)
data->handle_notifications(b, data->notification_context, (void*) &snp);
Index: crypto/bio/bss_file.c
===================================================================
--- crypto/bio/bss_file.c.orig
+++ crypto/bio/bss_file.c
@@ -120,6 +120,10 @@ BIO *BIO_new_file(const char *filename,
@ -125,6 +133,8 @@
fp=fopen(ptr,p);
if (fp == NULL)
{
Index: crypto/rand/rand_unix.c
===================================================================
--- crypto/rand/rand_unix.c.orig
+++ crypto/rand/rand_unix.c
@@ -262,7 +262,7 @@ int RAND_poll(void)
@ -136,9 +146,11 @@
#ifdef O_NONBLOCK
|O_NONBLOCK
#endif
Index: crypto/rand/randfile.c
===================================================================
--- crypto/rand/randfile.c.orig
+++ crypto/rand/randfile.c
@@ -134,7 +134,7 @@ int RAND_load_file(const char *file, lon
@@ -136,7 +136,7 @@ int RAND_load_file(const char *file, lon
#ifdef OPENSSL_SYS_VMS
in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
#else
@ -147,7 +159,7 @@
#endif
if (in == NULL) goto err;
#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
@@ -207,7 +207,7 @@ int RAND_write_file(const char *file)
@@ -209,7 +209,7 @@ int RAND_write_file(const char *file)
#endif
/* chmod(..., 0600) is too late to protect the file,
* permissions should be restrictive from the start */
@ -156,7 +168,7 @@
if (fd != -1)
out = fdopen(fd, "wb");
}
@@ -238,7 +238,7 @@ int RAND_write_file(const char *file)
@@ -240,7 +240,7 @@ int RAND_write_file(const char *file)
out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
#else
if (out == NULL)

12
openssl-pkgconfig.patch
View File

@ -1,6 +1,8 @@
--- openssl-1.0.1e.orig/Makefile.org
+++ openssl-1.0.1e/Makefile.org
@@ -366,7 +366,7 @@ libcrypto.pc: Makefile
Index: openssl-1.0.1g/Makefile.org
===================================================================
--- openssl-1.0.1g.orig/Makefile.org
+++ openssl-1.0.1g/Makefile.org
@@ -367,7 +367,7 @@ libcrypto.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
@ -9,7 +11,7 @@
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -380,7 +380,7 @@ libssl.pc: Makefile
@@ -381,7 +381,7 @@ libssl.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
@ -18,7 +20,7 @@
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -394,7 +394,7 @@ openssl.pc: Makefile
@@ -395,7 +395,7 @@ openssl.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \

14
openssl.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Tue Apr 8 08:12:38 UTC 2014 - dmueller@suse.com
- update to 1.0.1g:
* fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299)
* Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945)
* Workaround for the "TLS hang bug" (see FAQ and PR#2771)
- remove CVE-2014-0076.patch
- openssl.keyring: upstream changed to:
pub 4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org>
uid Dr Stephen Henson <shenson@drh-consultancy.co.uk>
uid Dr Stephen Henson <shenson@opensslfoundation.com>
-------------------------------------------------------------------
Tue Mar 25 08:11:11 UTC 2014 - shchang@suse.com

243
openssl.keyring
View File

@ -1,100 +1,149 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<style type="text/css">
/*<![CDATA[*/
.uid { color: green; text-decoration: underline; }
.warn { color: red; font-weight: bold; }
/*]]>*/
</style></head><body><h1>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</h1>
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: pgp.mit.edu
Version: GnuPG v2.0.22 (GNU/Linux)
mQENAzZz6nwAAAEIAMo0phUn+IyEMv4v4gN7ANsdksYAwsrN+3XutOrNlJIJ1HSKVxlgzU7N
6XkYvFH+fSMaHE1+SRREyCO2MVBXWDrSAGCYETcKY+KM2gzSEB2pMxNdewZDFM5ayUHMCVjv
ROanLr5KfjEcA6uibwLcq+tvKGTq16kba3COgYElM5LR1vHx7EZB3PHAonHfgggM/MmKZw30
61PG+xfAvJZFyOojVLcGGqa510ctnoqLBhCceRQbQEaEO+1KIxJ+qf3BGyl5i1Ldz04252Wx
ANVlEyVhqaVLFwY7jAcaeqWK+CxOyK0HjJnQZpygIJgWMaaS2UN1/2nzB0kMotKbe/KVx1kA
BRG0MURyIFN0ZXBoZW4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5jby51az6I
RgQQEQIABgUCRFyrXAAKCRCL2C5vMLlLXKlsAKCUWipHE16bE8yRsxiLikjx0fO84wCfTGSi
DknIYZWFa5bKJ1KY4uIEqhSIRgQQEQIABgUCRsddmgAKCRAQN5GDEzHzW2w6AJ0SqqSEuEGj
MH31xtwQQDEjVou2tACdHqASE+VZRLdzJHoZN7V0err0zP2JARUDBRNDwVDootKbe/KVx1kB
AUljB/9ilmpYqqMFIMFrOB3hlIQMao6ZkHPqsrMeePUvAX9oa3p7uXloDm3aQggc9SFeNIoo
pZPCQpR+5LcP5ybbYJb3NQOR1KuCRaBwt5e/49uBYpH14B74RddOZS/UThUXPSQ5fVY4Bs9I
zNp4rMydpr3fEIXgW8CGzRussLKUj5f93o7S4pzvucTw8Z5lWhvtUmA6VqvZvK26FklkhVB0
vPGSMHgE7y6eHPKjAZoGvgiuf7L65YOTceQcTPlW34vqel8YtJpBdIM8Ju7Zdx8hfD/HScVY
r+RBzEOM6nPzKj3vFCUhFeq6ywj1yCAF3J3bkeU6voJnT9Ad15f88t5w45hMiQIcBBABAgAG
BQJPtt+IAAoJECx8HnpWTIi8QAIQALBqDaLOJICo3x9bkULIq49Ly1zUbKKbnqXQmv11KCHT
UsLK4Wj0ztEza8kT99Of6IaB0hLAn4qZQFx9LeiX4QruiXB9ti86LHrLypFR3XgTIvdULcBz
/kQmAwB6eXW5Zqw/5SJ8F90B/XvtADpBnHnZNOmFOesnJSX7Urho2002Ep3beUR1zvtdJf5l
F+enFPZ/cOnQvJNPaDbh+WoXfWVRz5aYR4TbNsT0Fetsvi6unO/GWHv04rlWiRCwbpEDem60
54KiDYxXZR5Gh29ivap6KeX3Sdy8T4aeBnxb1asY66EUAge5GGF3mYJJ5+Jaqro47SYe3NzK
kbYURUKeTLOCik16tYhI2TgKBDePi69nE8dORRkzm+1S2LVZKX4D/P/zbkB3Fc/Kp0f0nneK
rfn5bwWF79r71Z6xHh6E8bv51b9eb3ODAObRSGWYv5NNqSSAN+7CXeplVjXXeB8S/e1RE5J4
TScWVJ+rMSWzodktA72d4rTFkMmLscAht6HCGNG8hQQ6EB5Pgr5JbVu5vv56cwO9wczZttSD
ZPxCu4Ww+cf9x40s0xrsYr9sDaXsRPiC+UjUe5h3pkJgXFWUNdBqCob5G92Z7RYcQ63IfAzb
Ufu+xWpDDoyO6Gb/NZzQapMn8cq+1cIftjSbBG4dN+LkErroD58Fby26ODoHFKeztDNEciBT
IE4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5kZW1vbi5jby51az6IRgQQEQIA
BgUCQkCrkAAKCRAYWdAfZ3uh7BT0AJ9moE8PhFPA7kFkBO2mLRhBdTzpGACfW5yvlfyaJTnH
DhXTA4CeHdl+F8CIRgQQEQIABgUCQkCrswAKCRCBwvfr4hO2kkX9AJwMfPm8dq5Bmpeoq26/
8cqU/j+98gCfYC/nxPtcV2ubDUmMZPJFtL17E72IRgQQEQIABgUCQkCr4QAKCRBrcOzZXcP0
c6kIAJ90icvg9nDJ+A+jRcY1zO3rH/n7UgCgtKTJsi75aUqGjA3gc+1CnCyNtwyIRgQQEQIA
BgUCQojbUgAKCRCL2C5vMLlLXEUXAJ9HkA1nXtU2nw2jSHIY0wISde0x/QCgiUz2QjlojUI7
niTTgV4lQNGmItCIRgQQEQIABgUCRsddqAAKCRAQN5GDEzHzW8Q1AKCknK1tOm4tnWbTX2ry
+HN7e28SXwCgpIDDVI1+oH3FFmeCbRDY0UO0anyIlQMFE0Grc8DurUz9SaVj2QEBSb8EAJnV
6oeLEWO/d96dvLRHYHbR9F9efQZjLnTeDMLy4kIkPuMAJk1L7mvnrcIA+DcHl80rNMhQVJUP
zYZ5Rq77VuBf20C14Az4rLgoOgcAU7pI61C0L7eygX/P8nZQu87JeFf1A/ussXDtqA/1KWSl
tVRwFX3dCmSgYG1LjzEa2AVxiQEVAwUQNnPqfKLSm3vylcdZAQFBuQgApiGtXIxJPtCvF3zS
ZYk1HOF1u9Qg05s4AdeGvQG6Gmx0MK4SRRUt4MYX8nvQ0VwZRQnvPIRfWixWnEBzpujC+sC9
fqgStj7bG+Uy4YQ1JNph5y6I/75TT0/z0pRAC7Jlwet5+PWrYa9m9rKqyaZVCw5IUSrcjkTo
/gjBLmrxVme+O8e6dF4Te0SIjFrvnNeA3B1TI0tDusxlHkKyJ3jEUf9Mu3Vx+fAukmiWUCTH
52QXZPcLP2V5Ud9X0mS+N2mTVi3rPK8wVhTiu93cXEqhTHoIEPOlLW0J/1n8x8kngGgX/TiE
G8Hd13SOh+YembJVaV7JlYAISdEgCj6JdPSsc4kCHAQQAQIABgUCQkCsCwAKCRCq4+bOZqFE
aO5vEACsZZZeb8TZBeuT4YCopBenHLl+hS1mVqDf4Qy8L5wxXnRwCAugwKf0j8T0KZQodRKI
iTWI2Oe3dDBUDE5CS1wyyku7QMsi22mUPOwLL3VddITEa8c3JJmU1ec86c5rEB4xIV8Rcgqw
CCPeyam+nwyoVKRuijbFJyj0pymTbhpqmGi7oQw0IwVsFKMmgVXiSPdC6MpIOD8+wrc9Sfno
CW+jgfcJLu/k/WEgw7qpj5cOwbFvBRzs7VO4RwU9jzXpZdouRRIZhrNwQYmBKRXC5Aa0o8gd
aN0hWlS+KQ+S73m/XFabGtCyMPU5HX5g2EtvP61+ovqRYvHseBpKwjTTgWthw40IQxIkRU+Y
PxiEXM9yMcBvs2F25zDw9g3SGLleFqizhUyLAyvY3T1IJgWCU3BFCXy0XJuguQM5znFNDZZ4
TZnEAKddhf/v/3AOHg0RFzNgMsA8H7MaJey50vOiqn4mFiy+nXA+ILI8Pz+UaJKihs8KutFG
YEuXiMPn+9vbKdAK/wYzUmilM1xei30E4/bFPt+nwOHF/4ghuKM4KyaImOCijAnkbOaPUBT+
9qPua+AO15DfAEVoGLIDOMIx2CNqKaOsYadUq3wnFTs/erc/sz/3a1pFYATz3G1jh4kk163q
zZpEfewFgAB1mynkXA4vBqKNarwApBTgZ4kR9XYXpIkCHAQQAQIABgUCT7bfiAAKCRAsfB56
VkyIvBV9EACET5QEw0RdpgU5BVVRBnz4XCWXmPUX7/YSfZUQt2sDzKKHYB+yc0h6DnbMenw6
9YnIg2l8v7hKguLAIxbg21T6y/rne5CtEAzysEIDncqEnxDSMGXlFdMHzRWBKjASqzfxkD8+
K2no0VMNr/nK+iScfn64FLuH/D0+NEghrx/Vx1dU7ewYGcY5OybfOmBrrSGNwOKfKnRbxTbo
avBnREnBeY/6xgadwZt0gwoHLEgLotQzLkchJiSfBZcK54nZ1y+NqKfLg+8etXbBDFhgS/OP
dBmthi5Gt9gKj4u+t1Tjqvrcni203CdXv5HPL5zBc7ZQX+XzwODnAk2+OE28ql+DR3X5SYru
o355/fUUZgGNpi043+uL6xjZPFARiDc25vqSuY/KQUjFknMgYSm5aw7a7ZM5WiyLO4AdnvX4
UhRLcXyWqHbpGCQXJr6itJx26JKyQ7sSABrZ/Vj9MOmc3kjcoEW+wcJTKthOpZ3HfB8xreWJ
IKj+593sqjlStz9kEDMwTmA66B/QVhRx9jPZrbTkQR1DQJ4dOUcBweJ1XF7oP4+Zk++qVZsV
ez38JptDYqd8+rdQyw3xFfy4iur32oEA92nUdtcs2eIrgGhR96Fuah9wB090hZwPDsiYB1wR
+7HeDl/XSdiisIWZk8V75oJuSuzoYqFhWQeWQK/2fUNx7bQ6RHIgU3RlcGhlbiBIZW5zb24g
PHN0ZXBoZW4uaGVuc29uQG9wZW5uZXR3b3Jrc2VjdXJpdHkuY29tPohGBBARAgAGBQJEXKtf
AAoJEIvYLm8wuUtcd9UAnjmdDad6Qxwun/i0dbZbLjXE0KTzAJ9b49qIv1RTSled84xjp8LI
GzaZaohGBBARAgAGBQJGx12oAAoJEBA3kYMTMfNblFkAmwTFV2BtA4bTJgwZzbqP57yt9hJS
AJ9bVKWTmWRbKGltql/VwUXvTms3TYkBFQMFE0PBUKmi0pt78pXHWQEBa1YH/14MRmPhcl8r
6nlqhJUuPFB1FOI9Epy1sP+FaIGRmBxq63nN7pLLor6wzTQ7LEMnC4OkXQIaylYYC8uOGW7L
FCFBGnqLHwVUTxWc9Y0r/fdVYGwKn7f134RVSCFfIzr210ogX/e9CHsX+jhRSNG1IrG7t62l
uyMz2GIrz5+tDgRJJT3MraEIprW0jiB8ZMHhI41u6a1DGUcmbVFS0oRkFHpCJjeFglcG0ZFo
Lle6QqFgtOQ742JuB6d+ccHVRadQOGnyxv5jQf2PMGr+USEuJFEU7VUDi8ja/WYdTdJD+g8r
qrkzYofsmngrU0ZfxfaDG3esnN7qqEXsf1wXE1KfCFSJAhwEEAECAAYFAk+234gACgkQLHwe
elZMiLxCgQ/+IicQEYoNtf9VgmiGAFtoRKD+bZhQtTP4mrAplqZBXSo+Ro2EM+3Z0nUe52I1
Ydsd8/ofYY2jhCzOkKpD5asH7+jondeVs7G4PdaiAIsrMwQAbU1S1rgnWB9KrLB+RWvIHsDT
JNEuJQO/2+etNoYsEBp+xl7Tx0uwQdueHg1TrjCAOMImJjGAwOXDS4wD8DPnpaqJnIkwNMXa
Kaxsz0Kybqh+eYkIibvj04R3K+Zoh2i1Fr/MFPP8F7UrGWOQZkjtg30m3nSTVgsLwTWTbcZ/
bRNZu9h5lkeqktH8BDHPSjDh5VzeM1G9zP+5/gBXzH2R9NohzYHjnsM6JyXTMGKiErqhRfPw
shiteXN9xTglw3P2GCdYzO9cp7y2YA3/BJtKweZV19qtRk5NxRdVnUP+DeYc4Fl7vICQ6wVO
VMJ765SDkHaGx7fIKHNs9LlMNDC0PHvT+Ta1tCTv1qJl6uYao6rwlXAk+OO2dNndYkV8kIN2
g7o5xRUx4n2wIOGQFHk3/PQGYaoeIahy1wl2cnq2kjQdhhbex6lUc4s9alMOz8HN9zn4e4cz
rDK7MEQcEUcjMVk9ATnmf3UKblgQGsod1BvrXo3lpt+CSUdtYO+IrqWaC+cUpYmfoXjxBTZH
gm838LRUnA/P+cb+taZBysUrxDthEtKNKZNCpZ541EIFvzE=
=DUIo
mQILBEI8bW8BEAC4MIXcibrtBmTq6mYlLRHhgZnX9b4c5ej4ObLsFVH30Q/PDArT
jINEiqFCTJegBiuFpzbw207+WkpljmQYC5gTWln3u99lMEpHpxJJn+IWZF4avUAS
aoDE+kD3vjOAxDmWyNlx22gxjG6XmMi/InpMSJjlcCl2c/G01bD1corNaasx7D3T
nHljAwkLFSJirrc5Ojb2oMgRvQ5cTygshGGYdGbYCSo66a9ewDW5oxst61rYqJUh
MYhWs06i7KIHHavkBzUy/Rtmw8AQgTfwYtHj3uC29/u1+AHNM81WfNbjjZUtEAPv
BfL68DHo/8Y+sehBJSL6jiBBdJrt5lzX9TmoNSHgmr+eyGzioU0rhjqhWK3aTxCx
cMp3fCmdXnrrhBvxntsXAPVU/JRfOnWy5tCipzX02pDMxTPZSrtGM3qtO1kUtJkW
gltsJuqZOcEThKpcYu2ozSPDEI+1LMyAzb6H7Hvts6+B4eP8f86cVkfpJ+A4wE9+
5FCpXDXWEhH4Y/Le6bJX/PdMqsX4qG3o+vLF2SVL0dzX/udO9GscZPqcpbEjd2fV
SU1uqTfLIchzchgJNHnAySMcz8EP+08iUTw+sI+n5k7gZ3is+baMjQYztVn9oB+/
o8AO/RAnkJklb/GpzcfoHBPp17OuQI8ZuvxRfbRJISEMqnatHLAFvP9T7QAGKbQn
RHIgU3RlcGhlbiBOIEhlbnNvbiA8c3RldmVAb3BlbnNzbC5vcmc+iQEcBBABAgAG
BQJCPG3TAAoJEKLSm3vylcdZAcIIAJEpkP59JmnU8b/tzojGe3YHBR0L9YA54GZz
7MdSEQgIYaZKb+8uwvZG6nxir/HrJOhtvZKHqbna7qvx6LltJ7K+cqLSHz72Iiv9
KvR1THLpqJaYaQfS8j0VSPNofLm1T/azKf0AVDfrBDnO1vo5dNhG514U6i96GMHX
YniRBzOkJqDNtNzh7cyyp+0Lc8vOzODjenYWUtqL2Lfqv9aOk2NV2V6LL/qUTmdt
r/KQwgSCf1yAgqgc0i5l3NJGDI0+706TIhyA3pSc/cqN2zO1oDkzRpsnyoxXrjOC
/nO6aLH2DI6TrxLfWoGQphWsjM6QLl7/90MxXCffbjJuA7ETt06JARwEEAEIAAYF
AlML0wwACgkQotKbe/KVx1nbBwf/Z1RgCusMaGQpkPUOKe3gUiuuX7kJNRxKzJZs
sXQAIalXrxnoGMmJ0vTMOqRbCYsmm8aIWO7Cj/ZNp2JJ6Z8kZSvkvXrUpbq9E9fL
OeYUBLsfQr+yR2wCl26ycZoAizZ53Rsp/4pbNEF2qivBEAgxHUQrHYaASmhq6AQd
IKgppgl+d1Oa/4tpAbv1Zr1Tgq+1s7V+//64lAPyptG7N/sgQv86jk7VAcPWwSdJ
qfsCm3nbd4WgTtS6AbZ0K5hxD9UmDMwLUeCsBzBb0NxUOA2uYrdChu5MKt+ITZMz
IyAvufNoT+nrU5WX0dlrmBKP43geOnq2lvPzip3bnOEwXbUNfYkCNQQTAQIAHwUC
QjxtbwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQ01d1B/pA6eL8Gg/9HDb2
ccQ8vkPPvihtrWP91yItAnHN2BqziYkH/u63L9xaW90B7KFUjo6xJSF1TqXtb4NX
vGa79IJ94yit1dHTyeBqi1vsy2JlYuPxQXvwoQpyNiq05OsrAJFy9MTeWcP/OXpO
R7HwE2F9vqtmJLdwhBmuFiKT4LzhcKutMDTovWm506ow738wKQNJaRToJpd9R+Rn
UWEIz8oc4y6h1Q8aFtxjIyVMWxD9Ry+SmSLg3ZPpQNxN7UnRfYu/2YaRAWOh56tQ
vy8O+1UmJuenC2mAN1m4EUN/jibKZgFDPLrQ7H5LdR3vzKx5yB/wCAtOYJBRQIrv
o2hKOqhY3lk5AEJ1r+zq8jH9sXhy0MapZKEs9mbJq0iS7jaUlIohxXcl/bqSe2bl
JBfETc800Vxbg96A6dwWN7kn9zuF3UWNbxCeoVDDioILozekndpn2Mvz/tslTrC5
rU7ai+/D+S3caxYxvCY8eJ741uwy7Po5/Obn1met+qhDb107jxP9p3vYHu2Y8KFd
Js9idqUyBeg10uxIIITpux1Dq/caCHBZLJ4vMWGmlBh3L1diMNRyilXiTaX58A6J
OzRjpO5s3dKwaK8j9jI7fnreqR3/nP/IJPrldEIiy3TBIxSF9u8iTDuuOF40h8ai
QAsVYQ6JlHglvrk4pZneHvMwlZaJIB/abOUjKPOJAjYEEwECACACGwMCHgECF4AF
AlMLv7YFCwkIBwMEFQoJCAUWAgMBAAAKCRDTV3UH+kDp4n4HD/9hNPUuNVLnA/m7
ZlR/WNCCDICYNUBUj7g9o0gcVsg+5zp8Dp6wwrn5n1ZG3h/oL6zGdxgp4nQ7rPBc
xZT7vr2mVqiNppQqD88be52jmRcCI3W06SWRAVayxHXFryslFzXMfoosmAYUtPPR
hckCNwHLlbkNYXLfAU+e0pTJrAAcmCSDTU2f9KPu43JToJ2PMaIj2gRr+5pALali
KMBIsW+E9pKDiN4v3l16bHP5esqC/CC7JivUjvv+q2kU/I9+Ep4yritrw0UxMk8l
hlSnOOsdIeSD2OoVZWP9nFN8jvrPIBAGBEY6Y8uj+WNWCEM3cJhbdilqOBuOmgZJ
cbpTnEzKGtPWqDNivPcrTpJ3sxRxxnUyicaFK0jOH+L/mj/gY0Zt5RD6C/zw9oPL
PqYAAjEudGK+v15wRJDp5noitRJwjUs+08ttlTAW7uR+5KU/uRdykprcHvfGr11l
J3cSOyUMH6FOgH7pvJ35c7lmzL0b34ZEgRLL2xbKSsFyUlzubUM6LE4FEGxLOYFn
JkX8ZfReGAxvg1B5RtxdcdLjR0OFXff1ERvUmsw+phk0iayyukAzJ6albckotLr8
V4JtJJpM4s1aldaxTmf7rNoBCvUKB5bJ/xDrUow3omt4oyQN6pAKWHrydeXF0LZZ
xsfLebHPMjxTIldbb/K9ikMx4Vh4kIkCNwQTAQgAIQUCUwvRVQIbAwULCQgHAwUV
CgkICwUWAgMBAAIeAQIXgAAKCRDTV3UH+kDp4uObD/4qOhFldhiNSezwC+EiSEwH
MFMSEneSjllAu9ZHikf7KNYLcgq/8vk3TiobsgzTls9vEdXJYsr7BvKJ3fLUwZoo
MVwycfyTC4zP0Buu2o4rMlYPvFZ9y5tfftmVQUwGVtTEUo/WQ0NREFyU/C0Q9Og0
PRRkmuztpRJlhQFImhdPH6KCEU00xrAOsOflz1xJ3XpbWwccrm0R3gwJcA6KGVGa
9g+1nnkR2VveTqU0j6BBrPlYvdWbgYStabrdCYHTaX1lh7JfEv4fGMtaMAaqklGP
abVeCSFzm37EOWCz+n7Fs7BHq8IIj6E1jmj1pkJGAdbTF1c/7iLTU7E8EU/D6ii9
Hu46dKyzIz+6MOlkEw+zPJNSs4Kg5xNMQF1iWjq9E3pwvPPpFWehAkUDUnfmK9Ek
q1hAq8JuE0RRedxh+xWkJS9b8p5r84S8XpixMeTrTAPmSgY3jROUvTKi6Pa9wNJh
UOM5coGL6EsBhXwQfFd/+CxyWUnCakfkp11SI4Er7oVxsHm1mvGK2oTHWZnJuxp4
u3uCTz5f44DRZufIbSiFrzk9dKTbuQGup34gC/SvvPBbHxwz81tYq8ppxYelHQfW
JJUYKF3TJfPCTiOhLJvF0yf1N2zv7qkiL8v/IgCU8aMFwDmWEXLe92xxlDgT+6cs
DoyG656zUyzOC7VsoXGhsLQxRHIgU3RlcGhlbiBIZW5zb24gPHNoZW5zb25AZHJo
LWNvbnN1bHRhbmN5LmNvLnVrPokBHAQQAQgABgUCUwvTDAAKCRCi0pt78pXHWTny
CAC4niLxJJz4dlbNAlxu0sY4jeYAKVVsYO4Mp443Z/AqdF3O2kCyoLCjbEiRN1mN
EedpVdd7s/GFAcd1/yXG9MnUjNjKT4sEaGk8/ZiJqQVzkpMwHY6tF9kI9XMwrGrI
3pcBcBlHknrmledaQarB1e4SeCPADWMdR4dWK0zW/xDcDeHcPe0jr4Cks6lFB3P3
8b33tI5O4vow+aqAis9klgYebvBNdIHeuAbP9eir5iYeO3zt/36BYdq+qITkiGFK
v/qqlPqEjXcsZlNGM2gFYclWGrWVE4XECOxqRwvEGYAfJaHIyiWfkf1Bz6t8vdro
PSwQ+whX/OydLxUBLTNRAeU0iQI3BBMBCAAhBQJTC8zlAhsDBQsJCAcDBRUKCQgL
BRYCAwEAAh4BAheAAAoJENNXdQf6QOniuKUQAJHU9ikZxaZrInUMKHWSEdQrwgWI
Dpcf51eun9nBvEYSpduDJ0DbtzxnkS4+Kb/KYBf7QYCuc98Aszit1iR4i+qiRvK/
/ZDXn9UyHaWFbjNUTiYIjor13DB4wjshiVFV3vE84BJx43jNatMfnRwSuVpOWgVW
qGRxJ5IAIBeWjOzTQfwumzrrWNCT+c/RL3/yEAc/C+iSZdEAjwFdSQ7yj0ACQg+S
Z2Eqo4BMFMbBjp6N1urcO4cy+2KMdvHztj+F2siqhBwsPtqnQEkLOywvuotzpMeI
DhkI++VFX6hE/XRkvktiiq5i5byrQC3jFfuWvJ0LvoMxShBv3U/UbCJqBoqyFwMf
JVlvMqN21qxsEV1+44cvLcd1VqD8ErR3Pa2h++WGOsuKoIm6rhfWYcM2ewxk0bp6
QtYrohT8/Ydw2G3TYYcR+8+mIAxRU39+kRsMnr5mt1oNzBqJ3vkXQddaQy9PJR06
HERhwaaII0Ecrb2B1QdFxhvdYRqU15RaEH7dyWycFhiEEoUX4Vf28pNksH0xblVU
I9ZJwHV+Z1VgGXQk8dpdc6QQf9wvvFae9nKtKxkmmaolFiQMgZQodXxhNvDj+AjQ
sc6CZCnSfRly0DKaaHOYioUcqd7LVKnTpzmXlYOQFIASN0+R74ue8M4uFte353Yh
oWLK2Q2O+HxYtc8MiQI3BBMBCAAhBQJTC9FYAhsDBQsJCAcDBRUKCQgLBRYCAwEA
Ah4BAheAAAoJENNXdQf6QOnitssP/R9q0rQr3takz0pPAcWfn5g8fDFcEe5SBW7d
AkWCpJ9mQilDsI8L3TeCUhk3bM3mOxsxkJo6ZTaPGwS/0bR8pAZZ4DwP8CPZr8hf
X5IcqB0IXVzPuIBYibSyanw1KA7EDJ8qJBZw4+FEXGpYAmlqRvq3PEs4a5cBjtAd
o4KBePY0nI+kwC8bwuApORtuLz8vbXovGydLZJndRkLxRhLIrftWg3kpn7KNafxK
irgXciwoZKUajhfVtL/W+bKj0rS6eGoIqw52WkS9sTn0vBnrw20l4UsBHGDixCEw
TNLU/m45kB4folUvnuoq8WVx18StPrTPLmD3hzNKbWiCAmiIlbbE0/vtmP+9iGns
/ZsdhFE0dr6XBei58KIlaeTRlx0c3OB5Xq9zqMtK+BUE9vmZIzDw3UXLiV0X9ldx
9ntn5I/F+uXLEclJd0bX7WvZrKo+upHsu9UfIIvm4qNSyCr3iuVsNTQ7qZjSSlpv
nOClduFILACuCTvQ7ZTXPN7JJrdEmpm9SFtVGf8GAqYxf2W+PdD6LZ6gPGHBaSCS
S1/1MMe+khibmyUo5ceanKe+2sKraChhE75/56Zwq6EBNXRBN8v4XZIL9BbkzTpv
dYN8R55Qrdu9jeoWmGdKLFjPaoYhTPU8gnnP38buvBM/i56gowuebb72oC8wKIOM
FLpsBMJvtDFEciBTdGVwaGVuIEhlbnNvbiA8c2hlbnNvbkBvcGVuc3NsZm91bmRh
dGlvbi5jb20+iQEcBBABCAAGBQJTC9OoAAoJEKLSm3vylcdZ2AwH/jPyNrn2uZrq
1M+UG/6C/znQQDE4dRriveHtGqVlu/adJRDga74hBAWYsym520KUu/x1bGz84Lfe
aZHPKTbr3FuIA9s873BeMepGTVYuMJ66AAelcFC97AXvYIopSwg5Ru0dbb7AXFB+
6Cwhdp7BNZRWsYeOrIhmiYD779LpNyef43bSuYU1cIdAKl9gnhWVLm9ykX+zcgim
FBnOXfAXEyJknghqyfVUoIkzDIBptv1culEWWM+5SHZm1MtSGLJsyFGn6M3mnOEk
ceMJNbLkcs4Mw7d9dDL7nqbxr4IX4uSxLO5GQ+UnN03jEYJGFH0oHrwfDdgg509F
vcU6aJm7srGJAjcEEwEIACEFAlMLzRACGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
F4AACgkQ01d1B/pA6eIHwA//TSYOfBe6UVlBuZnBB4RXorMASy3US/RWJgjpIKsy
Vn+jU8362srXlMtPglmLxfkI9qdyCOjXpDP+a0432m6PZNVY2tmsKEvGnaBZieAX
SXH6X0Led26qN78YN4DCAskmlRwip2/WTAe7s8eZtfUtuu/fWEYxyC7ZgqdCIJLf
QzQtxDybM/6i8tJrSKfx4G7x+bl/DT2KUHoTnAvxElVhtl1a62kIv+AYdqYv0d+h
Aho+6uIpvzd7Niy1ZFJFg+JAUrnqy9PRb4T8FUhvyvWNx9gYuHGuovQ5e2FQNdit
eEy6EQwP4EyUXhi1HWqCZypogMdCxytHB0VnQBzxxsZSiWCQMcAxvAFvYl+TD90J
KWRlnU0SMKc+nGTEENHxPPbI7BJil7d6LFDj7gGfNSkyZuqB2uBraB8d2tSy6s8i
6y/akKg9UYGVETC4IZl+eL6OXnqQcFIPSf29t8GF8J7kZMzcDNEVCkDjUu0dx+mI
/UWaNpYotAXHUCVHmkQ1KjXvnEMtmChGRJullDGm/L9gjzei8ZKB75Stdynp18T9
M7YPVMQRT4+FUvjq+374kI8QjSm0BZEZsz/2thkaqlG+i2Sfr1TyiRXFvLNil2aj
nJ7Oh04xVJDmz4Ln4j3z/M1iiNVsA7PQ6Zz842nm2YD/x7ugZa9C9SmGRtl4KXnx
rDuJAjcEEwEIACEFAlML03kCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
01d1B/pA6eLXtw/9FeV38cRwnPkdTCiqVtwzKh9VaYn6AFX/1X0LoLV+3Mh6Lkzw
8ZRHJfb21sPjA+NVAA4yo20Dm9tI0R6jy7ikxIgmHUZZH5sH3tUfBYILtqRfTHyX
qhjFSjPPcOqU7NA3zmsAmGTc9Eu73F+4hPP/kXoF4OmiEJjiDZm+38wQ/q2sZoxy
aPussddWpmUbIPYJwfCz0Dy3GvsVhLN3deWGjtyMTLrfYYqweKnJpWF1p1ke4ZxC
YI7DSbDVdqYCkh1BTHWNqpYjMab3p4bRdLgwCDkOvIt1fSf8b/lFCkD0ZHcvL+TQ
f5h9YsuaTIMJu9M0il73eLlc9z5PlZpMD4R1mbdEMMMs82d7vEbLT9cHYlJ1lZlU
cNlaRvuIR4cCHdYqJXZ+9fCc0nElXLmrPSWEgauYlEb4XOCCgnHnP3VEMAVycSkY
rBgucYycfMQ2CXJoz4FPVST/irGCe1vpf3Vqq0SVoiAZdz3yNQ9M8iXhaA+hdrbp
pgoRgGIPBf2BjUA+Xgz8rB184tA3p9VOcvQ0LrK/N3y5FU1tk9OEemsHTKgEFFQ7
b7OSIIUChvfl7ugXcOosNtZmD1pdyAuaiqDkeTBO+teD0LjUaUwWxl7uwLjOODjj
WN5ixjNRjv7us6htnPvv/GhhWb66Fc15XQ1gJdhiMrp426dJ32YP6OG6WWy5AgsE
Qjxx+AEQANWX4zqswKPWnq5nRhPuLm68QJxUbFiYYL6+ir4+LOV9uwKhuMtZIfZQ
3do7S3b74QMhubOrdAnNbsvd9glqHrULQzmfSM97bJn6TJNzWOunGbu35OX6aO9J
mIYCcwZq/6JYqawTYhkL5Pu4jrLSPa9BOJR5wNZ78geqeKhp6VFGAS77lt21PrFr
uVVCoIXE2iYM2V9Rn8/lW/+ah3Z6Y+ZXgjQ+0npMTdQYwKh+ZdPpq7zkyXGn4LH0
y0oALEZZaUaZUDn8wCVhcZsQYRXzH+W6KSplb+zq7VEUT5Yf3c1XC8sBzcF5UWfW
+urodROCoWgEpz/DygM98d+Sfpj2Ui4qDrnfe3dJ6etF955/755XZ+LqLij8gu5C
GB/dWVeRUBY34fUviqUuXAmnA50Sbl66h+6R+kuyQhMQYSLfd4o3u4l06qBNf5eG
D1hj1RdBmfFN2tiD/XkwLSSl0t813J5fSm8TPwHu5rt1KvxXU8EFiTGhIZcALB1t
8tROywo253tEOaD1S2VmkJSGTa4xA5dZwe61MzcBA5SN6+lRC7PRK04ov2DMIky7
vcJ9b3qVXKDNmKyPigGrOnc8MDX1LIQ6F2JC5A0+tiWSghO5BTMptcWzNxVdcp5Z
ClD8iFdsc0nMtqECT+WTh4MIFMMK/hHw7QkaYglQ+kLb6EwMW4ozAAYpiQIfBBgB
AgAJBQJCPHH4AhsMAAoJENNXdQf6QOnisnIP/11tnqTaiD6giEijgMFDoXOgd3eC
ecNw0KkMkY25VK9QGMaGOKHPJUxF8UOoJfzL3rAGs1ezvYfxQb4uYkTPZcsWndZJ
g0QzKRRu2GSa4p8lJAHThaVMTJ+AbyWwgQIcnskyY3eMEaB7tUEReJKiKf/f2RhS
VMKbHukqw1Tq5SabRT/o+gIFvVUlH/2m3konlvhxQlevAMPsI8hebTFCnPS5CZbu
SVxUFlC/HLxNXmSN+TxFCu9WmCIXt1biKWmVYC524dsGu3F5ojTuVGn3ND88bQCc
+GsZnU7wZ1HodEZMgYhdttR53BsVv/VkkwnmuFykq5g9nFEez7GfSm4a3Wg12zG3
LVWCv997jNmfVIskzTvz6GwkvKS7VjSmOT7hIjI/PZcZ60KNTkXxVyqs8E6Y0h9S
W4+TRmjSbGgH1j0PpufxVqndxZSH388Nprq7CJZ/tEZkWwv+UvEGeMmSqk4adECc
J3AoXiAOsYkGin0oTWIAja5X7DKjeNQJfwfwtMjQ46aJnvGEpypWKu7Y4UnkFWGd
H3j4ZdyzVgCRUnIuIHCzOKR8jrHw7Udxb6Ck6Y9MLJ/pcOzrUCnaALKhMREaNZmY
G/cu/anS1ekMIWkC/QyX6xbXi7IedakaL56y7nJRBRmPuETKACSAWkGJ5ojm6BxT
TInCFx1evwVXM3s6
=eP1B
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</body></html>

6
openssl.spec
View File

@ -29,7 +29,7 @@ Provides: ssl
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
Version: 1.0.1f
Version: 1.0.1g
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -64,7 +64,6 @@ Patch15: openssl-1.0.1e-fips.patch
Patch16: openssl-1.0.1e-fips-ec.patch
Patch17: openssl-1.0.1e-fips-ctor.patch
Patch18: openssl-1.0.1e-new-fips-reqs.patch
Patch19: CVE-2014-0076.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -170,7 +169,6 @@ this package's base documentation.
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
cp -p %{S:10} .
cp -p %{S:11} .
@ -228,7 +226,7 @@ no-ec2m \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
$RPM_OPT_FLAGS -std=gnu99 \
$RPM_OPT_FLAGS -O3 -std=gnu99 \
-Wa,--noexecstack \
-fomit-frame-pointer \
-DTERMIO \