From fa61203f41fdaade2f9a65e756557ea4ce72f82e00f3aa8292eb7e6182c757b8 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 8 May 2016 08:38:49 +0000 Subject: [PATCH] Accepting request 393456 from Base:System - OpenSSL Security Advisory [3rd May 2016] - update to 1.0.2h (boo#977584, boo#977663) * Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. (CVE-2016-2107, boo#977616) * Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. (CVE-2016-2105, boo#977614) * Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. (CVE-2016-2106, boo#977615) * Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. (CVE-2016-2109, boo#976942) * EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. (CVE-2016-2176, boo#978224) * Modify behavior of ALPN to invoke callback after SNI/servername (forwarded request 393446 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/393456 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=132 --- openssl-1.0.1e-add-suse-default-cipher.patch | 21 +- openssl-1.0.2e-fips.patch | 514 +++++++++---------- openssl-1.0.2g.tar.gz | 3 - openssl-1.0.2g.tar.gz.asc | 11 - openssl-1.0.2h.tar.gz | 3 + openssl-1.0.2h.tar.gz.asc | 11 + openssl.changes | 39 ++ openssl.spec | 2 +- 8 files changed, 321 insertions(+), 283 deletions(-) delete mode 100644 openssl-1.0.2g.tar.gz delete mode 100644 openssl-1.0.2g.tar.gz.asc create mode 100644 openssl-1.0.2h.tar.gz create mode 100644 openssl-1.0.2h.tar.gz.asc diff --git a/openssl-1.0.1e-add-suse-default-cipher.patch b/openssl-1.0.1e-add-suse-default-cipher.patch index 893a65d..b3e2475 100644 --- a/openssl-1.0.1e-add-suse-default-cipher.patch +++ b/openssl-1.0.1e-add-suse-default-cipher.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.2a/ssl/ssl_ciph.c +Index: openssl-1.0.2h/ssl/ssl_ciph.c =================================================================== ---- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-05-24 14:26:18.132243785 +0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-05-24 14:26:18.229245199 +0200 -@@ -1604,7 +1604,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +--- openssl-1.0.2h.orig/ssl/ssl_ciph.c 2016-05-03 16:36:50.482900040 +0200 ++++ openssl-1.0.2h/ssl/ssl_ciph.c 2016-05-03 16:36:51.951922883 +0200 +@@ -1608,7 +1608,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; rule_p = rule_str; @@ -18,21 +18,20 @@ Index: openssl-1.0.2a/ssl/ssl_ciph.c ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, ca_list); rule_p += 7; -Index: openssl-1.0.2a/ssl/ssl.h +Index: openssl-1.0.2h/ssl/ssl.h =================================================================== ---- openssl-1.0.2a.orig/ssl/ssl.h 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/ssl/ssl.h 2015-05-24 14:31:25.801726491 +0200 -@@ -338,7 +338,12 @@ extern "C" { +--- openssl-1.0.2h.orig/ssl/ssl.h 2016-05-03 16:36:51.951922883 +0200 ++++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 16:41:00.024781841 +0200 +@@ -338,7 +338,11 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ --# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES" +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" + +# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ + "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA" -+ /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/openssl-1.0.2e-fips.patch b/openssl-1.0.2e-fips.patch index b0ee374..e36f52a 100644 --- a/openssl-1.0.2e-fips.patch +++ b/openssl-1.0.2e-fips.patch @@ -1,7 +1,7 @@ -Index: openssl-1.0.2g/apps/speed.c +Index: openssl-1.0.2h/apps/speed.c =================================================================== ---- openssl-1.0.2g.orig/apps/speed.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/apps/speed.c 2016-03-01 15:09:36.519826939 +0100 +--- openssl-1.0.2h.orig/apps/speed.c 2016-05-03 16:33:08.099443503 +0200 ++++ openssl-1.0.2h/apps/speed.c 2016-05-03 16:33:10.343478369 +0200 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -134,10 +134,10 @@ Index: openssl-1.0.2g/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -Index: openssl-1.0.2g/Configure +Index: openssl-1.0.2h/Configure =================================================================== ---- openssl-1.0.2g.orig/Configure 2016-03-01 15:09:36.472826142 +0100 -+++ openssl-1.0.2g/Configure 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/Configure 2016-05-03 16:33:08.018442245 +0200 ++++ openssl-1.0.2h/Configure 2016-05-03 16:33:10.344478384 +0200 @@ -1062,11 +1062,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -172,10 +172,10 @@ Index: openssl-1.0.2g/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.2g/crypto/aes/aes_misc.c +Index: openssl-1.0.2h/crypto/aes/aes_misc.c =================================================================== ---- openssl-1.0.2g.orig/crypto/aes/aes_misc.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/aes/aes_misc.c 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/crypto/aes/aes_misc.c 2016-05-03 16:33:08.099443503 +0200 ++++ openssl-1.0.2h/crypto/aes/aes_misc.c 2016-05-03 16:33:10.344478384 +0200 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -194,10 +194,10 @@ Index: openssl-1.0.2g/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.2g/crypto/cmac/cmac.c +Index: openssl-1.0.2h/crypto/cmac/cmac.c =================================================================== ---- openssl-1.0.2g.orig/crypto/cmac/cmac.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/cmac/cmac.c 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/crypto/cmac/cmac.c 2016-05-03 16:33:08.100443518 +0200 ++++ openssl-1.0.2h/crypto/cmac/cmac.c 2016-05-03 16:33:10.344478384 +0200 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -246,10 +246,10 @@ Index: openssl-1.0.2g/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.2g/crypto/crypto.h +Index: openssl-1.0.2h/crypto/crypto.h =================================================================== ---- openssl-1.0.2g.orig/crypto/crypto.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/crypto.h 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/crypto/crypto.h 2016-05-03 16:33:08.100443518 +0200 ++++ openssl-1.0.2h/crypto/crypto.h 2016-05-03 16:33:10.344478384 +0200 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -295,10 +295,10 @@ Index: openssl-1.0.2g/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.2g/crypto/des/des.h +Index: openssl-1.0.2h/crypto/des/des.h =================================================================== ---- openssl-1.0.2g.orig/crypto/des/des.h 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/des/des.h 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/crypto/des/des.h 2016-05-03 16:33:08.100443518 +0200 ++++ openssl-1.0.2h/crypto/des/des.h 2016-05-03 16:33:10.344478384 +0200 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -310,10 +310,10 @@ Index: openssl-1.0.2g/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -Index: openssl-1.0.2g/crypto/des/set_key.c +Index: openssl-1.0.2h/crypto/des/set_key.c =================================================================== ---- openssl-1.0.2g.orig/crypto/des/set_key.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/des/set_key.c 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/crypto/des/set_key.c 2016-05-03 16:33:08.100443518 +0200 ++++ openssl-1.0.2h/crypto/des/set_key.c 2016-05-03 16:33:10.344478384 +0200 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -330,10 +330,10 @@ Index: openssl-1.0.2g/crypto/des/set_key.c { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -Index: openssl-1.0.2g/crypto/dh/dh_gen.c +Index: openssl-1.0.2h/crypto/dh/dh_gen.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dh/dh_gen.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/dh/dh_gen.c 2016-03-01 15:09:36.520826956 +0100 +--- openssl-1.0.2h.orig/crypto/dh/dh_gen.c 2016-05-03 16:33:08.100443518 +0200 ++++ openssl-1.0.2h/crypto/dh/dh_gen.c 2016-05-03 16:33:10.344478384 +0200 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -364,10 +364,10 @@ Index: openssl-1.0.2g/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -Index: openssl-1.0.2g/crypto/dh/dh.h +Index: openssl-1.0.2h/crypto/dh/dh.h =================================================================== ---- openssl-1.0.2g.orig/crypto/dh/dh.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dh/dh.h 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dh/dh.h 2016-05-03 16:33:08.100443518 +0200 ++++ openssl-1.0.2h/crypto/dh/dh.h 2016-05-03 16:33:10.345478400 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -377,10 +377,10 @@ Index: openssl-1.0.2g/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -Index: openssl-1.0.2g/crypto/dh/dh_key.c +Index: openssl-1.0.2h/crypto/dh/dh_key.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dh/dh_key.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dh/dh_key.c 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dh/dh_key.c 2016-05-03 16:33:08.101443534 +0200 ++++ openssl-1.0.2h/crypto/dh/dh_key.c 2016-05-03 16:33:10.345478400 +0200 @@ -61,6 +61,9 @@ #include #include @@ -448,10 +448,10 @@ Index: openssl-1.0.2g/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2g/crypto/dh/dh_lib.c +Index: openssl-1.0.2h/crypto/dh/dh_lib.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dh/dh_lib.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/dh/dh_lib.c 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dh/dh_lib.c 2016-05-03 16:33:08.101443534 +0200 ++++ openssl-1.0.2h/crypto/dh/dh_lib.c 2016-05-03 16:33:10.345478400 +0200 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -467,10 +467,10 @@ Index: openssl-1.0.2g/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.2g/crypto/dsa/dsa_err.c +Index: openssl-1.0.2h/crypto/dsa/dsa_err.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_err.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_err.c 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_err.c 2016-05-03 16:33:08.101443534 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_err.c 2016-05-03 16:33:10.345478400 +0200 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -489,10 +489,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -Index: openssl-1.0.2g/crypto/dsa/dsa_gen.c +Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_gen.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_gen.c 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_gen.c 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_gen.c 2016-05-03 16:33:10.345478400 +0200 @@ -91,6 +91,16 @@ # include # endif @@ -943,10 +943,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_gen.c EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -Index: openssl-1.0.2g/crypto/dsa/dsa.h +Index: openssl-1.0.2h/crypto/dsa/dsa.h =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa.h 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa.h 2016-05-03 16:33:08.102443550 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa.h 2016-05-03 16:33:10.345478400 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -1014,10 +1014,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -Index: openssl-1.0.2g/crypto/dsa/dsa_key.c +Index: openssl-1.0.2h/crypto/dsa/dsa_key.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_key.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_key.c 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_key.c 2016-05-03 16:33:08.102443550 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_key.c 2016-05-03 16:33:10.345478400 +0200 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1093,10 +1093,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_key.c ok = 1; err: -Index: openssl-1.0.2g/crypto/dsa/dsa_lib.c +Index: openssl-1.0.2h/crypto/dsa/dsa_lib.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_lib.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_lib.c 2016-03-01 15:09:36.521826973 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_lib.c 2016-05-03 16:33:08.102443550 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_lib.c 2016-05-03 16:33:10.345478400 +0200 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1112,10 +1112,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.2g/crypto/dsa/dsa_locl.h +Index: openssl-1.0.2h/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_locl.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_locl.h 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_locl.h 2016-05-03 16:33:08.102443550 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_locl.h 2016-05-03 16:33:10.346478415 +0200 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1125,10 +1125,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_locl.h int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -Index: openssl-1.0.2g/crypto/dsa/dsa_ossl.c +Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_ossl.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_ossl.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c 2016-05-03 16:33:08.103443565 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c 2016-05-03 16:33:10.346478415 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1197,10 +1197,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_ossl.c dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2g/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.2h/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsa_pmeth.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsa_pmeth.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsa_pmeth.c 2016-05-03 16:33:08.103443565 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsa_pmeth.c 2016-05-03 16:33:10.346478415 +0200 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1210,10 +1210,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.2g/crypto/dsa/dsatest.c +Index: openssl-1.0.2h/crypto/dsa/dsatest.c =================================================================== ---- openssl-1.0.2g.orig/crypto/dsa/dsatest.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/dsa/dsatest.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/dsa/dsatest.c 2016-05-03 16:33:08.103443565 +0200 ++++ openssl-1.0.2h/crypto/dsa/dsatest.c 2016-05-03 16:33:10.346478415 +0200 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1297,10 +1297,10 @@ Index: openssl-1.0.2g/crypto/dsa/dsatest.c goto end; } if (h != 2) { -Index: openssl-1.0.2g/crypto/engine/eng_all.c +Index: openssl-1.0.2h/crypto/engine/eng_all.c =================================================================== ---- openssl-1.0.2g.orig/crypto/engine/eng_all.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/engine/eng_all.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/engine/eng_all.c 2016-05-03 16:33:08.103443565 +0200 ++++ openssl-1.0.2h/crypto/engine/eng_all.c 2016-05-03 16:33:10.346478415 +0200 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1327,10 +1327,10 @@ Index: openssl-1.0.2g/crypto/engine/eng_all.c #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -Index: openssl-1.0.2g/crypto/evp/c_allc.c +Index: openssl-1.0.2h/crypto/evp/c_allc.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/c_allc.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/c_allc.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/evp/c_allc.c 2016-05-03 16:33:08.103443565 +0200 ++++ openssl-1.0.2h/crypto/evp/c_allc.c 2016-05-03 16:33:10.346478415 +0200 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1407,10 +1407,10 @@ Index: openssl-1.0.2g/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.2g/crypto/evp/c_alld.c +Index: openssl-1.0.2h/crypto/evp/c_alld.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/c_alld.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/c_alld.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/evp/c_alld.c 2016-05-03 16:33:08.103443565 +0200 ++++ openssl-1.0.2h/crypto/evp/c_alld.c 2016-05-03 16:33:10.346478415 +0200 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1516,10 +1516,10 @@ Index: openssl-1.0.2g/crypto/evp/c_alld.c + } #endif } -Index: openssl-1.0.2g/crypto/evp/digest.c +Index: openssl-1.0.2h/crypto/evp/digest.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/digest.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/digest.c 2016-03-01 15:09:36.522826990 +0100 +--- openssl-1.0.2h.orig/crypto/evp/digest.c 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/crypto/evp/digest.c 2016-05-03 16:36:31.813609758 +0200 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1598,10 +1598,10 @@ Index: openssl-1.0.2g/crypto/evp/digest.c + } + } +#endif - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); - ctx->digest = type; -@@ -236,25 +283,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + ctx->md_data = NULL; +@@ -238,25 +285,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c } if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) return 1; @@ -1629,7 +1629,7 @@ Index: openssl-1.0.2g/crypto/evp/digest.c } /* The caller can assume that this removes any secret data from the context */ -@@ -269,11 +306,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns +@@ -271,11 +308,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { @@ -1644,7 +1644,7 @@ Index: openssl-1.0.2g/crypto/evp/digest.c OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -@@ -284,7 +321,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, +@@ -286,7 +323,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, } memset(ctx->md_data, 0, ctx->digest->ctx_size); return ret; @@ -1652,7 +1652,7 @@ Index: openssl-1.0.2g/crypto/evp/digest.c } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) -@@ -373,7 +409,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +@@ -375,7 +411,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) /* This call frees resources associated with the context */ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { @@ -1660,7 +1660,7 @@ Index: openssl-1.0.2g/crypto/evp/digest.c /* * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because * sometimes only copies of the context are ever finalised. -@@ -386,7 +421,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +@@ -388,7 +423,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } @@ -1668,7 +1668,7 @@ Index: openssl-1.0.2g/crypto/evp/digest.c if (ctx->pctx) EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE -@@ -397,9 +431,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +@@ -399,9 +433,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) */ ENGINE_finish(ctx->engine); #endif @@ -1678,10 +1678,10 @@ Index: openssl-1.0.2g/crypto/evp/digest.c memset(ctx, '\0', sizeof *ctx); return 1; -Index: openssl-1.0.2g/crypto/evp/e_aes.c +Index: openssl-1.0.2h/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/e_aes.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/e_aes.c 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/e_aes.c 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/crypto/evp/e_aes.c 2016-05-03 16:33:10.347478431 +0200 @@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1719,10 +1719,10 @@ Index: openssl-1.0.2g/crypto/evp/e_aes.c if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -Index: openssl-1.0.2g/crypto/evp/e_des3.c +Index: openssl-1.0.2h/crypto/evp/e_des3.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/e_des3.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/e_des3.c 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/e_des3.c 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/crypto/evp/e_des3.c 2016-05-03 16:33:10.347478431 +0200 @@ -65,10 +65,6 @@ # include # include @@ -1734,10 +1734,10 @@ Index: openssl-1.0.2g/crypto/evp/e_des3.c typedef struct { union { double align; -Index: openssl-1.0.2g/crypto/evp/e_null.c +Index: openssl-1.0.2h/crypto/evp/e_null.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/e_null.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/e_null.c 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/e_null.c 2016-05-03 16:33:08.104443581 +0200 ++++ openssl-1.0.2h/crypto/evp/e_null.c 2016-05-03 16:33:10.347478431 +0200 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1747,10 +1747,10 @@ Index: openssl-1.0.2g/crypto/evp/e_null.c null_init_key, null_cipher, NULL, -Index: openssl-1.0.2g/crypto/evp/evp_enc.c +Index: openssl-1.0.2h/crypto/evp/evp_enc.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/evp_enc.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/evp_enc.c 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/evp_enc.c 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/crypto/evp/evp_enc.c 2016-05-03 16:33:10.347478431 +0200 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1918,10 +1918,10 @@ Index: openssl-1.0.2g/crypto/evp/evp_enc.c memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.2g/crypto/evp/evp.h +Index: openssl-1.0.2h/crypto/evp/evp.h =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/evp.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/evp.h 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/evp.h 2016-05-03 16:33:08.105443596 +0200 ++++ openssl-1.0.2h/crypto/evp/evp.h 2016-05-03 16:33:10.348478446 +0200 @@ -122,6 +122,10 @@ extern "C" { #endif @@ -1975,10 +1975,10 @@ Index: openssl-1.0.2g/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -Index: openssl-1.0.2g/crypto/evp/evp_lib.c +Index: openssl-1.0.2h/crypto/evp/evp_lib.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/evp_lib.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/evp_lib.c 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/evp_lib.c 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/evp_lib.c 2016-05-03 16:33:10.348478446 +0200 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -2064,10 +2064,10 @@ Index: openssl-1.0.2g/crypto/evp/evp_lib.c return md->flags; } -Index: openssl-1.0.2g/crypto/evp/evp_locl.h +Index: openssl-1.0.2h/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/evp_locl.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/evp_locl.h 2016-03-01 15:09:36.523827007 +0100 +--- openssl-1.0.2h.orig/crypto/evp/evp_locl.h 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/evp_locl.h 2016-05-03 16:33:10.348478446 +0200 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2101,10 +2101,10 @@ Index: openssl-1.0.2g/crypto/evp/evp_locl.h # define Camellia_set_key private_Camellia_set_key #endif -Index: openssl-1.0.2g/crypto/evp/m_dss.c +Index: openssl-1.0.2h/crypto/evp/m_dss.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/m_dss.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/m_dss.c 2016-03-01 15:09:36.524827024 +0100 +--- openssl-1.0.2h.orig/crypto/evp/m_dss.c 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/m_dss.c 2016-05-03 16:33:10.348478446 +0200 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2114,10 +2114,10 @@ Index: openssl-1.0.2g/crypto/evp/m_dss.c init, update, final, -Index: openssl-1.0.2g/crypto/evp/m_dss1.c +Index: openssl-1.0.2h/crypto/evp/m_dss1.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/m_dss1.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/m_dss1.c 2016-03-01 15:09:36.524827024 +0100 +--- openssl-1.0.2h.orig/crypto/evp/m_dss1.c 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/m_dss1.c 2016-05-03 16:33:10.348478446 +0200 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2127,10 +2127,10 @@ Index: openssl-1.0.2g/crypto/evp/m_dss1.c init, update, final, -Index: openssl-1.0.2g/crypto/evp/m_md2.c +Index: openssl-1.0.2h/crypto/evp/m_md2.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/m_md2.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/m_md2.c 2016-03-01 15:09:36.524827024 +0100 +--- openssl-1.0.2h.orig/crypto/evp/m_md2.c 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/m_md2.c 2016-05-03 16:33:10.348478446 +0200 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2139,10 +2139,10 @@ Index: openssl-1.0.2g/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { -Index: openssl-1.0.2g/crypto/evp/m_sha1.c +Index: openssl-1.0.2h/crypto/evp/m_sha1.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/m_sha1.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/m_sha1.c 2016-03-01 15:09:36.524827024 +0100 +--- openssl-1.0.2h.orig/crypto/evp/m_sha1.c 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/m_sha1.c 2016-05-03 16:33:10.348478446 +0200 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2193,10 +2193,10 @@ Index: openssl-1.0.2g/crypto/evp/m_sha1.c init512, update512, final512, -Index: openssl-1.0.2g/crypto/evp/p_sign.c +Index: openssl-1.0.2h/crypto/evp/p_sign.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/p_sign.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/p_sign.c 2016-03-01 15:09:36.524827024 +0100 +--- openssl-1.0.2h.orig/crypto/evp/p_sign.c 2016-05-03 16:33:08.106443612 +0200 ++++ openssl-1.0.2h/crypto/evp/p_sign.c 2016-05-03 16:33:10.348478446 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2228,10 +2228,10 @@ Index: openssl-1.0.2g/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.2g/crypto/evp/p_verify.c +Index: openssl-1.0.2h/crypto/evp/p_verify.c =================================================================== ---- openssl-1.0.2g.orig/crypto/evp/p_verify.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/evp/p_verify.c 2016-03-01 15:09:36.524827024 +0100 +--- openssl-1.0.2h.orig/crypto/evp/p_verify.c 2016-05-03 16:33:08.107443627 +0200 ++++ openssl-1.0.2h/crypto/evp/p_verify.c 2016-05-03 16:33:10.348478446 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2263,10 +2263,10 @@ Index: openssl-1.0.2g/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.2g/crypto/fips/fips_aes_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_aes_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_aes_selftest.c 2016-03-01 15:09:36.524827024 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_aes_selftest.c 2016-05-03 16:33:10.349478462 +0200 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2633,10 +2633,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_aes_selftest.c +} + +#endif -Index: openssl-1.0.2g/crypto/fips/fips.c +Index: openssl-1.0.2h/crypto/fips/fips.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips.c 2016-03-01 15:09:36.524827024 +0100 ++++ openssl-1.0.2h/crypto/fips/fips.c 2016-05-03 16:33:10.349478462 +0200 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3121,10 +3121,10 @@ Index: openssl-1.0.2g/crypto/fips/fips.c +# endif + +#endif -Index: openssl-1.0.2g/crypto/fips/fips_cmac_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_cmac_selftest.c 2016-03-01 15:09:36.525827041 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c 2016-05-03 16:33:10.349478462 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3282,10 +3282,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_cmac_selftest.c + return rv; +} +#endif -Index: openssl-1.0.2g/crypto/fips/fips_des_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_des_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_des_selftest.c 2016-03-01 15:09:36.525827041 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_des_selftest.c 2016-05-03 16:33:10.349478462 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3425,10 +3425,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_des_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2g/crypto/fips/fips_drbg_ctr.c +Index: openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_ctr.c 2016-03-01 15:09:36.525827041 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c 2016-05-03 16:33:10.349478462 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3845,10 +3845,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_ctr.c + + return 1; +} -Index: openssl-1.0.2g/crypto/fips/fips_drbg_hash.c +Index: openssl-1.0.2h/crypto/fips/fips_drbg_hash.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_hash.c 2016-03-01 15:09:36.525827041 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_hash.c 2016-05-03 16:33:10.349478462 +0200 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4208,10 +4208,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_hash.c + + return 1; +} -Index: openssl-1.0.2g/crypto/fips/fips_drbg_hmac.c +Index: openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_hmac.c 2016-03-01 15:09:36.525827041 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c 2016-05-03 16:33:10.350478477 +0200 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4483,10 +4483,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_hmac.c + + return 1; +} -Index: openssl-1.0.2g/crypto/fips/fips_drbg_lib.c +Index: openssl-1.0.2h/crypto/fips/fips_drbg_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_lib.c 2016-03-01 15:09:36.525827041 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_lib.c 2016-05-03 16:33:10.350478477 +0200 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5041,10 +5041,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -Index: openssl-1.0.2g/crypto/fips/fips_drbg_rand.c +Index: openssl-1.0.2h/crypto/fips/fips_drbg_rand.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_rand.c 2016-03-01 15:09:36.526827058 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_rand.c 2016-05-03 16:33:10.350478477 +0200 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5212,10 +5212,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_rand.c +{ + return &rand_drbg_meth; +} -Index: openssl-1.0.2g/crypto/fips/fips_drbg_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_selftest.c 2016-03-01 15:09:36.526827058 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c 2016-05-03 16:33:10.350478477 +0200 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6044,10 +6044,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_selftest.c + FIPS_drbg_free(dctx); + return rv; +} -Index: openssl-1.0.2g/crypto/fips/fips_drbg_selftest.h +Index: openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_drbg_selftest.h 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h 2016-05-03 16:33:10.351478493 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7840,10 +7840,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_drbg_selftest.h + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -Index: openssl-1.0.2g/crypto/fips/fips_dsa_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_dsa_selftest.c 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c 2016-05-03 16:33:10.351478493 +0200 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8037,10 +8037,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_dsa_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2g/crypto/fips/fips_enc.c +Index: openssl-1.0.2h/crypto/fips/fips_enc.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_enc.c 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_enc.c 2016-05-03 16:33:10.351478493 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8231,10 +8231,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_enc.c + + } +} -Index: openssl-1.0.2g/crypto/fips/fips.h +Index: openssl-1.0.2h/crypto/fips/fips.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips.h 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips.h 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8514,10 +8514,10 @@ Index: openssl-1.0.2g/crypto/fips/fips.h +} +# endif +#endif -Index: openssl-1.0.2g/crypto/fips/fips_hmac_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_hmac_selftest.c 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8653,10 +8653,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_hmac_selftest.c + return 1; +} +#endif -Index: openssl-1.0.2g/crypto/fips/fips_locl.h +Index: openssl-1.0.2h/crypto/fips/fips_locl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_locl.h 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_locl.h 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8729,10 +8729,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_locl.h +} +# endif +#endif -Index: openssl-1.0.2g/crypto/fips/fips_md.c +Index: openssl-1.0.2h/crypto/fips/fips_md.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_md.c 2016-03-01 15:09:36.527827075 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_md.c 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8878,10 +8878,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_md.c + return NULL; + } +} -Index: openssl-1.0.2g/crypto/fips/fips_post.c +Index: openssl-1.0.2h/crypto/fips/fips_post.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_post.c 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_post.c 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9084,10 +9084,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_post.c + return 1; +} +#endif -Index: openssl-1.0.2g/crypto/fips/fips_rand.c +Index: openssl-1.0.2h/crypto/fips/fips_rand.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rand.c 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rand.c 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9517,10 +9517,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.2g/crypto/fips/fips_rand.h +Index: openssl-1.0.2h/crypto/fips/fips_rand.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rand.h 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rand.h 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9685,10 +9685,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rand.h +# endif +# endif +#endif -Index: openssl-1.0.2g/crypto/fips/fips_rand_lcl.h +Index: openssl-1.0.2h/crypto/fips/fips_rand_lcl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rand_lcl.h 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rand_lcl.h 2016-05-03 16:33:10.352478508 +0200 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9903,10 +9903,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.2g/crypto/fips/fips_rand_lib.c +Index: openssl-1.0.2h/crypto/fips/fips_rand_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rand_lib.c 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rand_lib.c 2016-05-03 16:33:10.353478524 +0200 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10089,10 +10089,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rand_lib.c + } + return 0; +} -Index: openssl-1.0.2g/crypto/fips/fips_rand_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_rand_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rand_selftest.c 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rand_selftest.c 2016-05-03 16:33:10.353478524 +0200 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10270,10 +10270,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rand_selftest.c +} + +#endif -Index: openssl-1.0.2g/crypto/fips/fips_randtest.c +Index: openssl-1.0.2h/crypto/fips/fips_randtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_randtest.c 2016-03-01 15:09:36.528827092 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_randtest.c 2016-05-03 16:33:10.353478524 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10522,10 +10522,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_randtest.c +} + +#endif -Index: openssl-1.0.2g/crypto/fips/fips_rsa_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rsa_selftest.c 2016-03-01 15:09:36.529827109 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c 2016-05-03 16:33:10.353478524 +0200 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10971,10 +10971,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rsa_selftest.c +} + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.2g/crypto/fips/fips_rsa_x931g.c +Index: openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_rsa_x931g.c 2016-03-01 15:09:36.529827109 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c 2016-05-03 16:33:10.353478524 +0200 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11249,10 +11249,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_rsa_x931g.c + return 0; + +} -Index: openssl-1.0.2g/crypto/fips/fips_sha_selftest.c +Index: openssl-1.0.2h/crypto/fips/fips_sha_selftest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_sha_selftest.c 2016-03-01 15:09:36.529827109 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_sha_selftest.c 2016-05-03 16:33:10.353478524 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11399,10 +11399,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_sha_selftest.c +} + +#endif -Index: openssl-1.0.2g/crypto/fips/fips_standalone_hmac.c +Index: openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_standalone_hmac.c 2016-03-01 15:09:36.529827109 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c 2016-05-03 16:33:10.354478540 +0200 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11672,10 +11672,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_standalone_hmac.c +#endif + return 0; +} -Index: openssl-1.0.2g/crypto/fips/fips_test_suite.c +Index: openssl-1.0.2h/crypto/fips/fips_test_suite.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/fips_test_suite.c 2016-03-01 15:09:36.529827109 +0100 ++++ openssl-1.0.2h/crypto/fips/fips_test_suite.c 2016-05-03 16:33:10.354478540 +0200 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12316,10 +12316,10 @@ Index: openssl-1.0.2g/crypto/fips/fips_test_suite.c +} + +#endif -Index: openssl-1.0.2g/crypto/fips/Makefile +Index: openssl-1.0.2h/crypto/fips/Makefile =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2g/crypto/fips/Makefile 2016-03-01 15:09:36.530827126 +0100 ++++ openssl-1.0.2h/crypto/fips/Makefile 2016-05-03 16:33:10.354478540 +0200 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12662,10 +12662,10 @@ Index: openssl-1.0.2g/crypto/fips/Makefile +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.2g/crypto/hmac/hmac.c +Index: openssl-1.0.2h/crypto/hmac/hmac.c =================================================================== ---- openssl-1.0.2g.orig/crypto/hmac/hmac.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/hmac/hmac.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/hmac/hmac.c 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/crypto/hmac/hmac.c 2016-05-03 16:33:10.354478540 +0200 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12728,10 +12728,10 @@ Index: openssl-1.0.2g/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.2g/crypto/mdc2/mdc2dgst.c +Index: openssl-1.0.2h/crypto/mdc2/mdc2dgst.c =================================================================== ---- openssl-1.0.2g.orig/crypto/mdc2/mdc2dgst.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/mdc2/mdc2dgst.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/mdc2/mdc2dgst.c 2016-05-03 16:33:08.113443721 +0200 ++++ openssl-1.0.2h/crypto/mdc2/mdc2dgst.c 2016-05-03 16:33:10.354478540 +0200 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12741,10 +12741,10 @@ Index: openssl-1.0.2g/crypto/mdc2/mdc2dgst.c { c->num = 0; c->pad_type = 1; -Index: openssl-1.0.2g/crypto/md2/md2_dgst.c +Index: openssl-1.0.2h/crypto/md2/md2_dgst.c =================================================================== ---- openssl-1.0.2g.orig/crypto/md2/md2_dgst.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/md2/md2_dgst.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/md2/md2_dgst.c 2016-05-03 16:33:08.113443721 +0200 ++++ openssl-1.0.2h/crypto/md2/md2_dgst.c 2016-05-03 16:33:10.354478540 +0200 @@ -62,6 +62,11 @@ #include #include @@ -12766,10 +12766,10 @@ Index: openssl-1.0.2g/crypto/md2/md2_dgst.c { c->num = 0; memset(c->state, 0, sizeof c->state); -Index: openssl-1.0.2g/crypto/md4/md4_dgst.c +Index: openssl-1.0.2h/crypto/md4/md4_dgst.c =================================================================== ---- openssl-1.0.2g.orig/crypto/md4/md4_dgst.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/md4/md4_dgst.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/md4/md4_dgst.c 2016-05-03 16:33:08.113443721 +0200 ++++ openssl-1.0.2h/crypto/md4/md4_dgst.c 2016-05-03 16:33:10.355478555 +0200 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12779,10 +12779,10 @@ Index: openssl-1.0.2g/crypto/md4/md4_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2g/crypto/md5/md5_dgst.c +Index: openssl-1.0.2h/crypto/md5/md5_dgst.c =================================================================== ---- openssl-1.0.2g.orig/crypto/md5/md5_dgst.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/md5/md5_dgst.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/md5/md5_dgst.c 2016-05-03 16:33:08.113443721 +0200 ++++ openssl-1.0.2h/crypto/md5/md5_dgst.c 2016-05-03 16:33:10.355478555 +0200 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12792,10 +12792,10 @@ Index: openssl-1.0.2g/crypto/md5/md5_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2g/crypto/o_fips.c +Index: openssl-1.0.2h/crypto/o_fips.c =================================================================== ---- openssl-1.0.2g.orig/crypto/o_fips.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/o_fips.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/o_fips.c 2016-05-03 16:33:08.113443721 +0200 ++++ openssl-1.0.2h/crypto/o_fips.c 2016-05-03 16:33:10.355478555 +0200 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12805,10 +12805,10 @@ Index: openssl-1.0.2g/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.2g/crypto/o_init.c +Index: openssl-1.0.2h/crypto/o_init.c =================================================================== ---- openssl-1.0.2g.orig/crypto/o_init.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/o_init.c 2016-03-01 15:09:36.530827126 +0100 +--- openssl-1.0.2h.orig/crypto/o_init.c 2016-05-03 16:33:08.114443736 +0200 ++++ openssl-1.0.2h/crypto/o_init.c 2016-05-03 16:33:10.355478555 +0200 @@ -56,8 +56,37 @@ #include #include @@ -12878,10 +12878,10 @@ Index: openssl-1.0.2g/crypto/o_init.c +{ + OPENSSL_init_library(); +} -Index: openssl-1.0.2g/crypto/opensslconf.h.in +Index: openssl-1.0.2h/crypto/opensslconf.h.in =================================================================== ---- openssl-1.0.2g.orig/crypto/opensslconf.h.in 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/opensslconf.h.in 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/opensslconf.h.in 2016-05-03 16:33:08.114443736 +0200 ++++ openssl-1.0.2h/crypto/opensslconf.h.in 2016-05-03 16:33:10.355478555 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12903,10 +12903,10 @@ Index: openssl-1.0.2g/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.2g/crypto/rand/md_rand.c +Index: openssl-1.0.2h/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rand/md_rand.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/rand/md_rand.c 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/rand/md_rand.c 2016-05-03 16:33:08.114443736 +0200 ++++ openssl-1.0.2h/crypto/rand/md_rand.c 2016-05-03 16:33:10.355478555 +0200 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12919,10 +12919,10 @@ Index: openssl-1.0.2g/crypto/rand/md_rand.c RAND_poll(); initialized = 1; } -Index: openssl-1.0.2g/crypto/rand/rand.h +Index: openssl-1.0.2h/crypto/rand/rand.h =================================================================== ---- openssl-1.0.2g.orig/crypto/rand/rand.h 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/rand/rand.h 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/rand/rand.h 2016-05-03 16:33:08.114443736 +0200 ++++ openssl-1.0.2h/crypto/rand/rand.h 2016-05-03 16:33:10.355478555 +0200 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12963,10 +12963,10 @@ Index: openssl-1.0.2g/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.2g/crypto/ripemd/rmd_dgst.c +Index: openssl-1.0.2h/crypto/ripemd/rmd_dgst.c =================================================================== ---- openssl-1.0.2g.orig/crypto/ripemd/rmd_dgst.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/ripemd/rmd_dgst.c 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/ripemd/rmd_dgst.c 2016-05-03 16:33:08.114443736 +0200 ++++ openssl-1.0.2h/crypto/ripemd/rmd_dgst.c 2016-05-03 16:33:10.355478555 +0200 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12976,10 +12976,10 @@ Index: openssl-1.0.2g/crypto/ripemd/rmd_dgst.c { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -Index: openssl-1.0.2g/crypto/rsa/rsa_crpt.c +Index: openssl-1.0.2h/crypto/rsa/rsa_crpt.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_crpt.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_crpt.c 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_crpt.c 2016-05-03 16:33:08.114443736 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_crpt.c 2016-05-03 16:33:10.355478555 +0200 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -13006,10 +13006,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.2g/crypto/rsa/rsa_eay.c +Index: openssl-1.0.2h/crypto/rsa/rsa_eay.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_eay.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_eay.c 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_eay.c 2016-05-03 16:33:08.115443751 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_eay.c 2016-05-03 16:33:10.356478571 +0200 @@ -114,6 +114,10 @@ #include #include @@ -13132,10 +13132,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_eay.c rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -Index: openssl-1.0.2g/crypto/rsa/rsa_err.c +Index: openssl-1.0.2h/crypto/rsa/rsa_err.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_err.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_err.c 2016-03-01 15:09:36.531827143 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_err.c 2016-05-03 16:33:08.115443751 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_err.c 2016-05-03 16:33:10.356478571 +0200 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13145,10 +13145,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c +Index: openssl-1.0.2h/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_gen.c 2016-05-03 16:33:08.115443751 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_gen.c 2016-05-03 16:33:10.356478571 +0200 @@ -69,8 +69,80 @@ #include #ifdef OPENSSL_FIPS @@ -13290,10 +13290,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c ok = 1; err: if (ok == -1) { -Index: openssl-1.0.2g/crypto/rsa/rsa.h +Index: openssl-1.0.2h/crypto/rsa/rsa.h =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa.h 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa.h 2016-05-03 16:33:08.116443767 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa.h 2016-05-03 16:33:10.356478571 +0200 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13390,10 +13390,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -Index: openssl-1.0.2g/crypto/rsa/rsa_lib.c +Index: openssl-1.0.2h/crypto/rsa/rsa_lib.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_lib.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_lib.c 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_lib.c 2016-05-03 16:33:08.116443767 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_lib.c 2016-05-03 16:33:10.356478571 +0200 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13466,10 +13466,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -Index: openssl-1.0.2g/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.2h/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_pmeth.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_pmeth.c 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_pmeth.c 2016-05-03 16:33:08.116443767 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_pmeth.c 2016-05-03 16:33:10.356478571 +0200 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13509,10 +13509,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.2g/crypto/rsa/rsa_sign.c +Index: openssl-1.0.2h/crypto/rsa/rsa_sign.c =================================================================== ---- openssl-1.0.2g.orig/crypto/rsa/rsa_sign.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/rsa/rsa_sign.c 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/rsa/rsa_sign.c 2016-05-03 16:33:08.116443767 +0200 ++++ openssl-1.0.2h/crypto/rsa/rsa_sign.c 2016-05-03 16:33:10.357478586 +0200 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13551,10 +13551,10 @@ Index: openssl-1.0.2g/crypto/rsa/rsa_sign.c if (i <= 0) goto err; -Index: openssl-1.0.2g/crypto/sha/sha.h +Index: openssl-1.0.2h/crypto/sha/sha.h =================================================================== ---- openssl-1.0.2g.orig/crypto/sha/sha.h 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/sha/sha.h 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/sha/sha.h 2016-05-03 16:33:08.116443767 +0200 ++++ openssl-1.0.2h/crypto/sha/sha.h 2016-05-03 16:33:10.357478586 +0200 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13597,10 +13597,10 @@ Index: openssl-1.0.2g/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.2g/crypto/sha/sha_locl.h +Index: openssl-1.0.2h/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.2g.orig/crypto/sha/sha_locl.h 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/sha/sha_locl.h 2016-03-01 15:09:36.532827159 +0100 +--- openssl-1.0.2h.orig/crypto/sha/sha_locl.h 2016-05-03 16:33:08.117443783 +0200 ++++ openssl-1.0.2h/crypto/sha/sha_locl.h 2016-05-03 16:33:10.357478586 +0200 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13617,10 +13617,10 @@ Index: openssl-1.0.2g/crypto/sha/sha_locl.h memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -Index: openssl-1.0.2g/crypto/sha/sha256.c +Index: openssl-1.0.2h/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.2g.orig/crypto/sha/sha256.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/sha/sha256.c 2016-03-01 15:09:36.533827177 +0100 +--- openssl-1.0.2h.orig/crypto/sha/sha256.c 2016-05-03 16:33:08.117443783 +0200 ++++ openssl-1.0.2h/crypto/sha/sha256.c 2016-05-03 16:33:10.357478586 +0200 @@ -12,12 +12,19 @@ # include @@ -13651,10 +13651,10 @@ Index: openssl-1.0.2g/crypto/sha/sha256.c memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -Index: openssl-1.0.2g/crypto/sha/sha512.c +Index: openssl-1.0.2h/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.2g.orig/crypto/sha/sha512.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/crypto/sha/sha512.c 2016-03-01 15:09:36.533827177 +0100 +--- openssl-1.0.2h.orig/crypto/sha/sha512.c 2016-05-03 16:33:08.117443783 +0200 ++++ openssl-1.0.2h/crypto/sha/sha512.c 2016-05-03 16:33:10.357478586 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13686,10 +13686,10 @@ Index: openssl-1.0.2g/crypto/sha/sha512.c c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.2g/crypto/whrlpool/wp_dgst.c +Index: openssl-1.0.2h/crypto/whrlpool/wp_dgst.c =================================================================== ---- openssl-1.0.2g.orig/crypto/whrlpool/wp_dgst.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/whrlpool/wp_dgst.c 2016-03-01 15:09:36.533827177 +0100 +--- openssl-1.0.2h.orig/crypto/whrlpool/wp_dgst.c 2016-05-03 16:33:08.117443783 +0200 ++++ openssl-1.0.2h/crypto/whrlpool/wp_dgst.c 2016-05-03 16:33:10.357478586 +0200 @@ -55,7 +55,7 @@ #include #include @@ -13699,10 +13699,10 @@ Index: openssl-1.0.2g/crypto/whrlpool/wp_dgst.c { memset(c, 0, sizeof(*c)); return (1); -Index: openssl-1.0.2g/Makefile.org +Index: openssl-1.0.2h/Makefile.org =================================================================== ---- openssl-1.0.2g.orig/Makefile.org 2016-03-01 15:09:36.507826736 +0100 -+++ openssl-1.0.2g/Makefile.org 2016-03-01 15:09:36.533827177 +0100 +--- openssl-1.0.2h.orig/Makefile.org 2016-05-03 16:33:08.117443783 +0200 ++++ openssl-1.0.2h/Makefile.org 2016-05-03 16:33:10.357478586 +0200 @@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -13730,10 +13730,10 @@ Index: openssl-1.0.2g/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.2g/ssl/ssl_algs.c +Index: openssl-1.0.2h/ssl/ssl_algs.c =================================================================== ---- openssl-1.0.2g.orig/ssl/ssl_algs.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/ssl/ssl_algs.c 2016-03-01 15:09:36.533827177 +0100 +--- openssl-1.0.2h.orig/ssl/ssl_algs.c 2016-05-03 16:33:08.117443783 +0200 ++++ openssl-1.0.2h/ssl/ssl_algs.c 2016-05-03 16:33:10.357478586 +0200 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2g.tar.gz b/openssl-1.0.2g.tar.gz deleted file mode 100644 index 52da9c0..0000000 --- a/openssl-1.0.2g.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 -size 5266102 diff --git a/openssl-1.0.2g.tar.gz.asc b/openssl-1.0.2g.tar.gz.asc deleted file mode 100644 index b26c33f..0000000 --- a/openssl-1.0.2g.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJW1Zr6AAoJENnE0m0OYESRRpkH/0SkDJcp4rvICbxuaD9jyJCa -UJLH3vSMfJ9QNMdIp8yemixGSvjr0mPhFOcZPysXRZo88IwuIV0+Q5I7hvCQ0PSt -YH/HzBZO0eShhUyDxb397odbbhsAkZFJytT+EXdFqd0HJLtWuPxaBF0WPgkklOQC -3R/sv+M8FAaZiIbdBwNv1FNgGG26T4up0RgV0ETpXXv9Da+AViGrefA5szKAj9aL -SOCRuUnzQO7ohSh5AZvgHylh1m7CGpH4MIyoAtNFtyogukO3yS3CzZ1iFcjsdHDn -sDIRZ18a5JOX/vWU0OmUXGhF7XXV93S1/1mKAAEXRJZOxzrneFuyv5b61t/xXCE= -=/pDQ ------END PGP SIGNATURE----- diff --git a/openssl-1.0.2h.tar.gz b/openssl-1.0.2h.tar.gz new file mode 100644 index 0000000..0cf9807 --- /dev/null +++ b/openssl-1.0.2h.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 +size 5274412 diff --git a/openssl-1.0.2h.tar.gz.asc b/openssl-1.0.2h.tar.gz.asc new file mode 100644 index 0000000..5c08da2 --- /dev/null +++ b/openssl-1.0.2h.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJXKKvFAAoJENnE0m0OYESRGpAH/AyxYu871GheytE2YEgeEFou +1e37k9PiBgS9BUmpr0ufRGMn9QufZzYCf1b2LXr3Fn31Ui5rCHrLntGeAdD4ngmh +4fEOhEJRWpfHGlFVyXc8jHSeK6wfgvM928Up/ftSGyciDgWMDXmx5eCzJgREjJ+k +DAQwtE34lCilzrYOcEn9xVd3NEScodAHQEhRXXM7p6jesHlQ8cSFljDn8QDvFu/R +gRGAAWW9/ZjbwE6hbT8nPYq7UCUUvz2ne8U3kCwyGYwqLGt47qV0yD9mqG/oO0RB +wFOcJhcGUqKSxlHqukAusxeZLuXMzw7UmucLCDxW9ETB644KlZ3/8E4CkOlLNIM= +=a9Hy +-----END PGP SIGNATURE----- diff --git a/openssl.changes b/openssl.changes index 97492a3..08f677c 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Tue May 3 14:43:47 UTC 2016 - vcizek@suse.com + +- OpenSSL Security Advisory [3rd May 2016] +- update to 1.0.2h (boo#977584, boo#977663) + * Prevent padding oracle in AES-NI CBC MAC check + A MITM attacker can use a padding oracle attack to decrypt traffic + when the connection uses an AES CBC cipher and the server support + AES-NI. + (CVE-2016-2107, boo#977616) + * Fix EVP_EncodeUpdate overflow + An overflow can occur in the EVP_EncodeUpdate() function which is used for + Base64 encoding of binary data. If an attacker is able to supply very large + amounts of input data then a length check can overflow resulting in a heap + corruption. + (CVE-2016-2105, boo#977614) + * Fix EVP_EncryptUpdate overflow + An overflow can occur in the EVP_EncryptUpdate() function. If an attacker + is able to supply very large amounts of input data after a previous call to + EVP_EncryptUpdate() with a partial block then a length check can overflow + resulting in a heap corruption. + (CVE-2016-2106, boo#977615) + * Prevent ASN.1 BIO excessive memory allocation + When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() + a short invalid encoding can casuse allocation of large amounts of memory + potentially consuming excessive resources or exhausting memory. + (CVE-2016-2109, boo#976942) + * EBCDIC overread + ASN1 Strings that are over 1024 bytes can cause an overread in applications + using the X509_NAME_oneline() function on EBCDIC systems. This could result + in arbitrary stack data being returned in the buffer. + (CVE-2016-2176, boo#978224) + * Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + * Remove LOW from the DEFAULT cipher list. This removes singles DES from the + default. + * Only remove the SSLv2 methods with the no-ssl2-method option. When the + methods are enabled and ssl2 is disabled the methods return NULL. + ------------------------------------------------------------------- Fri Apr 15 16:55:05 UTC 2016 - dvaleev@suse.com diff --git a/openssl.spec b/openssl.spec index a47e759..aff4649 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2g +Version: 1.0.2h Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL