From 2ebd052507b25d702867c580a4349fc83861ceb9cabfaa39ba2be345fa5729bf Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 5 Mar 2016 10:21:18 +0000 Subject: [PATCH] Accepting request 363602 from Base:System - update to 1.0.2g (bsc#968044) * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); (CVE-2016-0800) * Fix a double-free in DSA code (CVE-2016-0705) * Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. (CVE-2016-0798) * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) *) Side channel attack on modular exponentiation http://cachebleed.info. (CVE-2016-0702) *) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default. (forwarded request 363599 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/363602 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=130 --- ...ntf-implementation-use-glibc-instead.patch | 206 +++--- openssl-1.0.2a-new-fips-reqs.patch | 154 ++-- openssl-1.0.2e-fips.patch | 675 ++++++++++-------- openssl-1.0.2e.tar.gz | 3 - openssl-1.0.2e.tar.gz.asc | 11 - openssl-1.0.2g.tar.gz | 3 + openssl-1.0.2g.tar.gz.asc | 11 + openssl.changes | 55 ++ openssl.spec | 4 +- 9 files changed, 648 insertions(+), 474 deletions(-) delete mode 100644 openssl-1.0.2e.tar.gz delete mode 100644 openssl-1.0.2e.tar.gz.asc create mode 100644 openssl-1.0.2g.tar.gz create mode 100644 openssl-1.0.2g.tar.gz.asc diff --git a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch index c3732db..282776e 100644 --- a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch +++ b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch @@ -4,10 +4,10 @@ Date: Sun, 4 May 2014 23:36:54 -0400 Subject: [PATCH] Axe builtin printf implementation, use glibc instead -Index: openssl-1.0.2b/crypto/bio/b_print.c +Index: openssl-1.0.2g/crypto/bio/b_print.c =================================================================== ---- openssl-1.0.2b.orig/crypto/bio/b_print.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/bio/b_print.c 2015-06-11 17:50:00.893823977 +0200 +--- openssl-1.0.2g.orig/crypto/bio/b_print.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/bio/b_print.c 2016-03-01 15:26:55.597307479 +0100 @@ -56,17 +56,10 @@ * [including the GNU Public Licence.] */ @@ -28,7 +28,7 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c #include #include #include -@@ -79,668 +72,6 @@ +@@ -79,708 +72,6 @@ #include /* To get BN_LLONG properly defined */ #include @@ -78,16 +78,16 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c -# define LLONG long -#endif - --static void fmtstr(char **, char **, size_t *, size_t *, -- const char *, int, int, int); --static void fmtint(char **, char **, size_t *, size_t *, -- LLONG, int, int, int, int); --static void fmtfp(char **, char **, size_t *, size_t *, -- LDOUBLE, int, int, int); --static void doapr_outch(char **, char **, size_t *, size_t *, int); --static void _dopr(char **sbuffer, char **buffer, -- size_t *maxlen, size_t *retlen, int *truncated, -- const char *format, va_list args); +-static int fmtstr(char **, char **, size_t *, size_t *, +- const char *, int, int, int); +-static int fmtint(char **, char **, size_t *, size_t *, +- LLONG, int, int, int, int); +-static int fmtfp(char **, char **, size_t *, size_t *, +- LDOUBLE, int, int, int); +-static int doapr_outch(char **, char **, size_t *, size_t *, int); +-static int _dopr(char **sbuffer, char **buffer, +- size_t *maxlen, size_t *retlen, int *truncated, +- const char *format, va_list args); - -/* format read states */ -#define DP_S_DEFAULT 0 @@ -118,7 +118,7 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c -#define char_to_int(p) (p - '0') -#define OSSL_MAX(p,q) ((p >= q) ? p : q) - --static void +-static int -_dopr(char **sbuffer, - char **buffer, - size_t *maxlen, @@ -149,7 +149,8 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - if (ch == '%') - state = DP_S_FLAGS; - else -- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); +- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) +- return 0; - ch = *format++; - break; - case DP_S_FLAGS: @@ -255,8 +256,9 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - value = va_arg(args, int); - break; - } -- fmtint(sbuffer, buffer, &currlen, maxlen, -- value, 10, min, max, flags); +- if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, +- max, flags)) +- return 0; - break; - case 'X': - flags |= DP_F_UP; @@ -279,17 +281,19 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - value = (LLONG) va_arg(args, unsigned int); - break; - } -- fmtint(sbuffer, buffer, &currlen, maxlen, value, -- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), -- min, max, flags); +- if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, +- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), +- min, max, flags)) +- return 0; - break; - case 'f': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); -- fmtfp(sbuffer, buffer, &currlen, maxlen, -- fvalue, min, max, flags); +- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, +- flags)) +- return 0; - break; - case 'E': - flags |= DP_F_UP; @@ -308,8 +312,9 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - fvalue = va_arg(args, double); - break; - case 'c': -- doapr_outch(sbuffer, buffer, &currlen, maxlen, -- va_arg(args, int)); +- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, +- va_arg(args, int))) +- return 0; - break; - case 's': - strvalue = va_arg(args, char *); @@ -319,13 +324,15 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - else - max = *maxlen; - } -- fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, -- flags, min, max); +- if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, +- flags, min, max)) +- return 0; - break; - case 'p': - value = (long)va_arg(args, void *); -- fmtint(sbuffer, buffer, &currlen, maxlen, -- value, 16, min, max, flags | DP_F_NUM); +- if (!fmtint(sbuffer, buffer, &currlen, maxlen, +- value, 16, min, max, flags | DP_F_NUM)) +- return 0; - break; - case 'n': /* XXX */ - if (cflags == DP_C_SHORT) { @@ -347,7 +354,8 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - } - break; - case '%': -- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); +- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) +- return 0; - break; - case 'w': - /* not supported yet, treat as next char */ @@ -371,46 +379,56 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - *truncated = (currlen > *maxlen - 1); - if (*truncated) - currlen = *maxlen - 1; -- doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); +- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) +- return 0; - *retlen = currlen - 1; -- return; +- return 1; -} - --static void +-static int -fmtstr(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, const char *value, int flags, int min, int max) -{ -- int padlen, strln; +- int padlen; +- size_t strln; - int cnt = 0; - - if (value == 0) - value = ""; -- for (strln = 0; value[strln]; ++strln) ; +- +- strln = strlen(value); +- if (strln > INT_MAX) +- strln = INT_MAX; +- - padlen = min - strln; -- if (padlen < 0) +- if (min < 0 || padlen < 0) - padlen = 0; - if (flags & DP_F_MINUS) - padlen = -padlen; - - while ((padlen > 0) && (cnt < max)) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +- return 0; - --padlen; - ++cnt; - } - while (*value && (cnt < max)) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) +- return 0; - ++cnt; - } - while ((padlen < 0) && (cnt < max)) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +- return 0; - ++padlen; - ++cnt; - } +- return 1; -} - --static void +-static int -fmtint(char **sbuffer, - char **buffer, - size_t *currlen, @@ -470,37 +488,44 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - - /* spaces */ - while (spadlen > 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +- return 0; - --spadlen; - } - - /* sign */ - if (signvalue) -- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) +- return 0; - - /* prefix */ - while (*prefix) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) +- return 0; - prefix++; - } - - /* zeros */ - if (zpadlen > 0) { - while (zpadlen > 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) +- return 0; - --zpadlen; - } - } - /* digits */ -- while (place > 0) -- doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); +- while (place > 0) { +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) +- return 0; +- } - - /* left justified spaces */ - while (spadlen < 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +- return 0; - ++spadlen; - } -- return; +- return 1; -} - -static LDOUBLE abs_val(LDOUBLE value) @@ -531,7 +556,7 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - return intpart; -} - --static void +-static int -fmtfp(char **sbuffer, - char **buffer, - size_t *currlen, @@ -610,47 +635,61 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - - if ((flags & DP_F_ZERO) && (padlen > 0)) { - if (signvalue) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) +- return 0; - --padlen; - signvalue = 0; - } - while (padlen > 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) +- return 0; - --padlen; - } - } - while (padlen > 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +- return 0; - --padlen; - } -- if (signvalue) -- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); +- if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) +- return 0; - -- while (iplace > 0) -- doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); +- while (iplace > 0) { +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace])) +- return 0; +- } - - /* - * Decimal point. This should probably use locale to find the correct - * char to print out. - */ - if (max > 0 || (flags & DP_F_NUM)) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.')) +- return 0; - -- while (fplace > 0) -- doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); +- while (fplace > 0) { +- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, +- fconvert[--fplace])) +- return 0; +- } - } - while (zpadlen > 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) +- return 0; - --zpadlen; - } - - while (padlen < 0) { -- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +- return 0; - ++padlen; - } +- return 1; -} - --static void +-#define BUFFER_INC 1024 +- +-static int -doapr_outch(char **sbuffer, - char **buffer, size_t *currlen, size_t *maxlen, int c) -{ @@ -661,24 +700,25 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - assert(*currlen <= *maxlen); - - if (buffer && *currlen == *maxlen) { -- *maxlen += 1024; +- if (*maxlen > INT_MAX - BUFFER_INC) +- return 0; +- +- *maxlen += BUFFER_INC; - if (*buffer == NULL) { - *buffer = OPENSSL_malloc(*maxlen); -- if (!*buffer) { -- /* Panic! Can't really do anything sensible. Just return */ -- return; -- } +- if (*buffer == NULL) +- return 0; - if (*currlen > 0) { - assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { -- *buffer = OPENSSL_realloc(*buffer, *maxlen); -- if (!*buffer) { -- /* Panic! Can't really do anything sensible. Just return */ -- return; -- } +- char *tmpbuf; +- tmpbuf = OPENSSL_realloc(*buffer, *maxlen); +- if (tmpbuf == NULL) +- return 0; +- *buffer = tmpbuf; - } - } - @@ -689,7 +729,7 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - (*buffer)[(*currlen)++] = (char)c; - } - -- return; +- return 1; -} - -/***************************************************************************/ @@ -697,7 +737,7 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c int BIO_printf(BIO *bio, const char *format, ...) { va_list args; -@@ -754,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for +@@ -794,32 +85,36 @@ int BIO_printf(BIO *bio, const char *for return (ret); } @@ -726,7 +766,11 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - - dynbuf = NULL; - CRYPTO_push_info("doapr()"); -- _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args); +- if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, +- args)) { +- OPENSSL_free(dynbuf); +- return -1; +- } - if (dynbuf) { - ret = BIO_write(bio, dynbuf, (int)retlen); - OPENSSL_free(dynbuf); @@ -753,7 +797,7 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c return (ret); } -@@ -791,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co +@@ -835,29 +130,21 @@ int BIO_snprintf(char *buf, size_t n, co int ret; va_start(args, format); @@ -772,10 +816,13 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - size_t retlen; - int truncated; + int ret; - -- _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); + ret = vsnprintf(buf, n, format, args); +- if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) +- return -1; ++ if (ret >= n || ret == -1) ++ return (-1); + - if (truncated) - /* - * In case of truncation, return -1 like traditional snprintf. @@ -786,8 +833,5 @@ Index: openssl-1.0.2b/crypto/bio/b_print.c - return -1; - else - return (retlen <= INT_MAX) ? (int)retlen : -1; -+ if (ret >= n || ret == -1) -+ return (-1); -+ + return (ret); } diff --git a/openssl-1.0.2a-new-fips-reqs.patch b/openssl-1.0.2a-new-fips-reqs.patch index eea1ae8..8a003e8 100644 --- a/openssl-1.0.2a-new-fips-reqs.patch +++ b/openssl-1.0.2a-new-fips-reqs.patch @@ -1,7 +1,8 @@ -diff -up openssl-1.0.2a/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2a/crypto/bn/bn_rand.c ---- openssl-1.0.2a/crypto/bn/bn_rand.c.fips-reqs 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/bn/bn_rand.c 2015-04-22 15:06:37.907003880 +0200 -@@ -136,9 +136,11 @@ static int bnrand(int pseudorand, BIGNUM +Index: openssl-1.0.2f/crypto/bn/bn_rand.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/bn/bn_rand.c 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.2f/crypto/bn/bn_rand.c 2016-01-28 15:59:54.945269236 +0100 +@@ -141,9 +141,11 @@ static int bnrand(int pseudorand, BIGNUM goto err; } @@ -16,9 +17,10 @@ diff -up openssl-1.0.2a/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2a/crypto/bn/b if (pseudorand) { if (RAND_pseudo_bytes(buf, bytes) == -1) -diff -up openssl-1.0.2a/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2a/crypto/dh/dh_gen.c ---- openssl-1.0.2a/crypto/dh/dh_gen.c.fips-reqs 2015-04-22 15:06:37.840002285 +0200 -+++ openssl-1.0.2a/crypto/dh/dh_gen.c 2015-04-22 15:06:37.907003880 +0200 +Index: openssl-1.0.2f/crypto/dh/dh_gen.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/dh/dh_gen.c 2016-01-28 15:59:54.912268693 +0100 ++++ openssl-1.0.2f/crypto/dh/dh_gen.c 2016-01-28 15:59:54.945269236 +0100 @@ -128,7 +128,7 @@ static int dh_builtin_genparams(DH *ret, return 0; } @@ -28,9 +30,10 @@ diff -up openssl-1.0.2a/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2a/crypto/dh/dh DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); goto err; } -diff -up openssl-1.0.2a/crypto/dh/dh.h.fips-reqs openssl-1.0.2a/crypto/dh/dh.h ---- openssl-1.0.2a/crypto/dh/dh.h.fips-reqs 2015-04-22 15:06:37.908003903 +0200 -+++ openssl-1.0.2a/crypto/dh/dh.h 2015-04-22 15:07:25.265130812 +0200 +Index: openssl-1.0.2f/crypto/dh/dh.h +=================================================================== +--- openssl-1.0.2f.orig/crypto/dh/dh.h 2016-01-28 15:59:54.912268693 +0100 ++++ openssl-1.0.2f/crypto/dh/dh.h 2016-01-28 15:59:54.945269236 +0100 @@ -78,6 +78,7 @@ # endif @@ -39,44 +42,11 @@ diff -up openssl-1.0.2a/crypto/dh/dh.h.fips-reqs openssl-1.0.2a/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.0.2a/crypto/dh/dh_check.c.fips-reqs openssl-1.0.2a/crypto/dh/dh_check.c ---- openssl-1.0.2a/crypto/dh/dh_check.c.fips-reqs 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/dh/dh_check.c 2015-04-22 15:06:37.908003903 +0200 -@@ -164,7 +164,30 @@ int DH_check_pub_key(const DH *dh, const - BN_sub_word(q, 1); - if (BN_cmp(pub_key, q) >= 0) - *ret |= DH_CHECK_PUBKEY_TOO_LARGE; -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && dh->q != NULL) { -+ BN_CTX *ctx = NULL; - -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ -+ if (BN_mod_exp_mont(q, pub_key, dh->q, dh->p, ctx, NULL) <= 0) { -+ BN_CTX_free(ctx); -+ goto err; -+ } -+ if (!BN_is_one(q)) { -+ /* it would be more correct to add new return flag -+ * for this test, but we do not want to do it -+ * so just error out -+ */ -+ BN_CTX_free(ctx); -+ goto err; -+ } -+ -+ BN_CTX_free(ctx); -+ } -+#endif - ok = 1; - err: - if (q != NULL) -diff -up openssl-1.0.2a/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.2a/crypto/dsa/dsa_gen.c ---- openssl-1.0.2a/crypto/dsa/dsa_gen.c.fips-reqs 2015-04-22 15:06:37.841002309 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_gen.c 2015-04-22 15:06:37.908003903 +0200 -@@ -165,9 +165,11 @@ int dsa_builtin_paramgen(DSA *ret, size_ +Index: openssl-1.0.2f/crypto/dsa/dsa_gen.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/dsa/dsa_gen.c 2016-01-28 15:59:54.913268710 +0100 ++++ openssl-1.0.2f/crypto/dsa/dsa_gen.c 2016-01-28 15:59:54.945269236 +0100 +@@ -157,9 +157,11 @@ int dsa_builtin_paramgen(DSA *ret, size_ } if (FIPS_module_mode() && @@ -91,9 +61,10 @@ diff -up openssl-1.0.2a/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.2a/crypto/dsa DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID); goto err; } -diff -up openssl-1.0.2a/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2a/crypto/dsa/dsa.h ---- openssl-1.0.2a/crypto/dsa/dsa.h.fips-reqs 2015-04-22 15:06:37.908003903 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa.h 2015-04-22 15:09:01.291415852 +0200 +Index: openssl-1.0.2f/crypto/dsa/dsa.h +=================================================================== +--- openssl-1.0.2f.orig/crypto/dsa/dsa.h 2016-01-28 15:59:54.913268710 +0100 ++++ openssl-1.0.2f/crypto/dsa/dsa.h 2016-01-28 15:59:54.946269253 +0100 @@ -89,6 +89,7 @@ # endif @@ -114,10 +85,11 @@ diff -up openssl-1.0.2a/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2a/crypto/dsa/dsa * Rabin-Miller */ # define DSA_is_prime(n, callback, cb_arg) \ -diff -up openssl-1.0.2a/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.2a/crypto/dsa/dsa_key.c ---- openssl-1.0.2a/crypto/dsa/dsa_key.c.fips-reqs 2015-04-22 15:06:37.905003832 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_key.c 2015-04-22 15:06:37.908003903 +0200 -@@ -125,7 +125,7 @@ static int dsa_builtin_keygen(DSA *dsa) +Index: openssl-1.0.2f/crypto/dsa/dsa_key.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/dsa/dsa_key.c 2016-01-28 15:59:54.913268710 +0100 ++++ openssl-1.0.2f/crypto/dsa/dsa_key.c 2016-01-28 15:59:54.946269253 +0100 +@@ -120,7 +120,7 @@ static int dsa_builtin_keygen(DSA *dsa) # ifdef OPENSSL_FIPS if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) @@ -126,10 +98,11 @@ diff -up openssl-1.0.2a/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.2a/crypto/dsa DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); goto err; } -diff -up openssl-1.0.2a/crypto/fips/fips.c.fips-reqs openssl-1.0.2a/crypto/fips/fips.c ---- openssl-1.0.2a/crypto/fips/fips.c.fips-reqs 2015-04-22 15:06:37.905003832 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.c 2015-04-22 15:06:37.909003927 +0200 -@@ -424,26 +424,24 @@ int FIPS_module_mode_set(int onoff, cons +Index: openssl-1.0.2f/crypto/fips/fips.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/fips/fips.c 2016-01-28 15:59:54.939269138 +0100 ++++ openssl-1.0.2f/crypto/fips/fips.c 2016-01-28 15:59:54.946269253 +0100 +@@ -418,26 +418,24 @@ int FIPS_module_mode_set(int onoff, cons ret = 0; goto end; } @@ -162,9 +135,10 @@ diff -up openssl-1.0.2a/crypto/fips/fips.c.fips-reqs openssl-1.0.2a/crypto/fips/ ret = 1; goto end; } -diff -up openssl-1.0.2a/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.2a/crypto/fips/fips_dh_selftest.c ---- openssl-1.0.2a/crypto/fips/fips_dh_selftest.c.fips-reqs 2015-04-22 15:06:37.909003927 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_dh_selftest.c 2015-04-22 15:06:37.909003927 +0200 +Index: openssl-1.0.2f/crypto/fips/fips_dh_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2f/crypto/fips/fips_dh_selftest.c 2016-01-28 15:59:54.946269253 +0100 @@ -0,0 +1,162 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -328,9 +302,10 @@ diff -up openssl-1.0.2a/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.2a/ + return ret; +} +#endif -diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-reqs openssl-1.0.2a/crypto/fips/fips.h ---- openssl-1.0.2a/crypto/fips/fips.h.fips-reqs 2015-04-22 15:06:37.899003689 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-04-22 15:06:37.909003927 +0200 +Index: openssl-1.0.2f/crypto/fips/fips.h +=================================================================== +--- openssl-1.0.2f.orig/crypto/fips/fips.h 2016-01-28 15:59:54.939269138 +0100 ++++ openssl-1.0.2f/crypto/fips/fips.h 2016-01-28 15:59:54.946269253 +0100 @@ -96,6 +96,7 @@ extern "C" { int FIPS_selftest_dsa(void); int FIPS_selftest_ecdsa(void); @@ -339,9 +314,10 @@ diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-reqs openssl-1.0.2a/crypto/fips/ void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -diff -up openssl-1.0.2a/crypto/fips/fips_post.c.fips-reqs openssl-1.0.2a/crypto/fips/fips_post.c ---- openssl-1.0.2a/crypto/fips/fips_post.c.fips-reqs 2015-04-22 15:06:37.895003594 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_post.c 2015-04-22 15:06:37.909003927 +0200 +Index: openssl-1.0.2f/crypto/fips/fips_post.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/fips/fips_post.c 2016-01-28 15:59:54.933269039 +0100 ++++ openssl-1.0.2f/crypto/fips/fips_post.c 2016-01-28 15:59:54.946269253 +0100 @@ -99,6 +99,8 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_dsa()) @@ -351,9 +327,10 @@ diff -up openssl-1.0.2a/crypto/fips/fips_post.c.fips-reqs openssl-1.0.2a/crypto/ if (!FIPS_selftest_ecdh()) rv = 0; return rv; -diff -up openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c.fips-reqs 2015-04-22 15:06:37.854002618 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c 2015-04-22 15:06:37.910003951 +0200 +Index: openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/fips/fips_rsa_selftest.c 2016-01-28 15:59:54.920268825 +0100 ++++ openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c 2016-01-28 15:59:54.947269270 +0100 @@ -60,68 +60,107 @@ #ifdef OPENSSL_FIPS @@ -1008,9 +985,10 @@ diff -up openssl-1.0.2a/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.2a RSA_free(key); return ret; } -diff -up openssl-1.0.2a/crypto/fips/Makefile.fips-reqs openssl-1.0.2a/crypto/fips/Makefile ---- openssl-1.0.2a/crypto/fips/Makefile.fips-reqs 2015-04-22 15:06:37.895003594 +0200 -+++ openssl-1.0.2a/crypto/fips/Makefile 2015-04-22 15:06:37.910003951 +0200 +Index: openssl-1.0.2f/crypto/fips/Makefile +=================================================================== +--- openssl-1.0.2f.orig/crypto/fips/Makefile 2016-01-28 15:59:54.933269039 +0100 ++++ openssl-1.0.2f/crypto/fips/Makefile 2016-01-28 15:59:54.947269270 +0100 @@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -1029,9 +1007,10 @@ diff -up openssl-1.0.2a/crypto/fips/Makefile.fips-reqs openssl-1.0.2a/crypto/fip LIBCRYPTO=-L.. -lcrypto -diff -up openssl-1.0.2a/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.2a/crypto/rand/rand_lcl.h ---- openssl-1.0.2a/crypto/rand/rand_lcl.h.fips-reqs 2015-04-22 15:06:37.599996574 +0200 -+++ openssl-1.0.2a/crypto/rand/rand_lcl.h 2015-04-22 15:06:37.910003951 +0200 +Index: openssl-1.0.2f/crypto/rand/rand_lcl.h +=================================================================== +--- openssl-1.0.2f.orig/crypto/rand/rand_lcl.h 2016-01-28 14:38:31.000000000 +0100 ++++ openssl-1.0.2f/crypto/rand/rand_lcl.h 2016-01-28 15:59:54.947269270 +0100 @@ -112,7 +112,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -1041,9 +1020,10 @@ diff -up openssl-1.0.2a/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.2a/crypto/r # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -diff -up openssl-1.0.2a/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.2a/crypto/rand/rand_lib.c ---- openssl-1.0.2a/crypto/rand/rand_lib.c.fips-reqs 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rand/rand_lib.c 2015-04-22 15:06:37.910003951 +0200 +Index: openssl-1.0.2f/crypto/rand/rand_lib.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/rand/rand_lib.c 2016-01-28 14:38:31.000000000 +0100 ++++ openssl-1.0.2f/crypto/rand/rand_lib.c 2016-01-28 15:59:54.947269270 +0100 @@ -236,12 +236,22 @@ static int drbg_rand_add(DRBG_CTX *ctx, double entropy) { @@ -1067,9 +1047,10 @@ diff -up openssl-1.0.2a/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.2a/crypto/r return 1; } -diff -up openssl-1.0.2a/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.2a/crypto/rsa/rsa_gen.c ---- openssl-1.0.2a/crypto/rsa/rsa_gen.c.fips-reqs 2015-04-22 15:06:37.858002714 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_gen.c 2015-04-22 15:06:37.910003951 +0200 +Index: openssl-1.0.2f/crypto/rsa/rsa_gen.c +=================================================================== +--- openssl-1.0.2f.orig/crypto/rsa/rsa_gen.c 2016-01-28 15:59:54.923268874 +0100 ++++ openssl-1.0.2f/crypto/rsa/rsa_gen.c 2016-01-28 15:59:54.947269270 +0100 @@ -1,5 +1,6 @@ /* crypto/rsa/rsa_gen.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -1371,9 +1352,10 @@ diff -up openssl-1.0.2a/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.2a/crypto/rsa ok = 1; err: if (ok == -1) { -diff -up openssl-1.0.2a/ssl/t1_enc.c.fips-reqs openssl-1.0.2a/ssl/t1_enc.c ---- openssl-1.0.2a/ssl/t1_enc.c.fips-reqs 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/ssl/t1_enc.c 2015-04-22 15:06:37.911003975 +0200 +Index: openssl-1.0.2f/ssl/t1_enc.c +=================================================================== +--- openssl-1.0.2f.orig/ssl/t1_enc.c 2016-01-28 14:56:08.000000000 +0100 ++++ openssl-1.0.2f/ssl/t1_enc.c 2016-01-28 15:59:54.947269270 +0100 @@ -292,6 +292,23 @@ static int tls1_PRF(long digest_mask, return ret; } diff --git a/openssl-1.0.2e-fips.patch b/openssl-1.0.2e-fips.patch index 9249aa6..b0ee374 100644 --- a/openssl-1.0.2e-fips.patch +++ b/openssl-1.0.2e-fips.patch @@ -1,6 +1,7 @@ -diff -up openssl-1.0.2e/apps/speed.c.fips openssl-1.0.2e/apps/speed.c ---- openssl-1.0.2e/apps/speed.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/apps/speed.c 2015-12-04 13:55:51.956562389 +0100 +Index: openssl-1.0.2g/apps/speed.c +=================================================================== +--- openssl-1.0.2g.orig/apps/speed.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/apps/speed.c 2016-03-01 15:09:36.519826939 +0100 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -133,10 +134,11 @@ diff -up openssl-1.0.2e/apps/speed.c.fips openssl-1.0.2e/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -diff -up openssl-1.0.2e/Configure.fips openssl-1.0.2e/Configure ---- openssl-1.0.2e/Configure.fips 2015-12-04 13:55:51.939561992 +0100 -+++ openssl-1.0.2e/Configure 2015-12-04 13:55:51.956562389 +0100 -@@ -1058,11 +1058,6 @@ if (defined($disabled{"md5"}) || defined +Index: openssl-1.0.2g/Configure +=================================================================== +--- openssl-1.0.2g.orig/Configure 2016-03-01 15:09:36.472826142 +0100 ++++ openssl-1.0.2g/Configure 2016-03-01 15:09:36.520826956 +0100 +@@ -1062,11 +1062,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -148,7 +150,7 @@ diff -up openssl-1.0.2e/Configure.fips openssl-1.0.2e/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1551,7 +1546,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1555,7 +1550,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -156,7 +158,7 @@ diff -up openssl-1.0.2e/Configure.fips openssl-1.0.2e/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1754,9 +1748,12 @@ while () +@@ -1758,9 +1752,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -170,9 +172,10 @@ diff -up openssl-1.0.2e/Configure.fips openssl-1.0.2e/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.2e/crypto/aes/aes_misc.c.fips openssl-1.0.2e/crypto/aes/aes_misc.c ---- openssl-1.0.2e/crypto/aes/aes_misc.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/aes/aes_misc.c 2015-12-04 13:55:51.956562389 +0100 +Index: openssl-1.0.2g/crypto/aes/aes_misc.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/aes/aes_misc.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/aes/aes_misc.c 2016-03-01 15:09:36.520826956 +0100 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -191,9 +194,10 @@ diff -up openssl-1.0.2e/crypto/aes/aes_misc.c.fips openssl-1.0.2e/crypto/aes/aes -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac.c ---- openssl-1.0.2e/crypto/cmac/cmac.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/cmac/cmac.c 2015-12-04 13:55:51.957562412 +0100 +Index: openssl-1.0.2g/crypto/cmac/cmac.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/cmac/cmac.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/cmac/cmac.c 2016-03-01 15:09:36.520826956 +0100 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -207,9 +211,9 @@ diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac. EVP_CIPHER_CTX_cleanup(&ctx->cctx); OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); -@@ -160,12 +154,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void - EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); - return 0; +@@ -168,12 +162,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void + if (fcipher != NULL) + cipher = fcipher; } - /* - * Other algorithm blocking will be done in FIPS_cmac_init, via @@ -220,7 +224,7 @@ diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac. } #endif /* All zeros means restart */ -@@ -211,10 +199,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -219,10 +207,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi { const unsigned char *data = in; size_t bl; @@ -231,7 +235,7 @@ diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac. if (ctx->nlast_block == -1) return 0; if (dlen == 0) -@@ -254,10 +238,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -262,10 +246,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb; @@ -242,9 +246,10 @@ diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac. if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -diff -up openssl-1.0.2e/crypto/crypto.h.fips openssl-1.0.2e/crypto/crypto.h ---- openssl-1.0.2e/crypto/crypto.h.fips 2015-12-04 13:55:51.843559753 +0100 -+++ openssl-1.0.2e/crypto/crypto.h 2015-12-04 13:55:51.957562412 +0100 +Index: openssl-1.0.2g/crypto/crypto.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/crypto.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/crypto.h 2016-03-01 15:09:36.520826956 +0100 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -280,7 +285,7 @@ diff -up openssl-1.0.2e/crypto/crypto.h.fips openssl-1.0.2e/crypto/crypto.h # define fips_cipher_abort(alg) while(0) # endif -@@ -637,6 +642,9 @@ int CRYPTO_memcmp(const void *a, const v +@@ -637,6 +642,9 @@ int CRYPTO_memcmp(const volatile void *a */ void ERR_load_CRYPTO_strings(void); @@ -290,9 +295,10 @@ diff -up openssl-1.0.2e/crypto/crypto.h.fips openssl-1.0.2e/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -diff -up openssl-1.0.2e/crypto/des/des.h.fips openssl-1.0.2e/crypto/des/des.h ---- openssl-1.0.2e/crypto/des/des.h.fips 2015-12-04 13:55:51.871560406 +0100 -+++ openssl-1.0.2e/crypto/des/des.h 2015-12-04 13:55:51.957562412 +0100 +Index: openssl-1.0.2g/crypto/des/des.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/des/des.h 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/des/des.h 2016-03-01 15:09:36.520826956 +0100 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -304,9 +310,10 @@ diff -up openssl-1.0.2e/crypto/des/des.h.fips openssl-1.0.2e/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -diff -up openssl-1.0.2e/crypto/des/set_key.c.fips openssl-1.0.2e/crypto/des/set_key.c ---- openssl-1.0.2e/crypto/des/set_key.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/des/set_key.c 2015-12-04 13:55:51.957562412 +0100 +Index: openssl-1.0.2g/crypto/des/set_key.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/des/set_key.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/des/set_key.c 2016-03-01 15:09:36.520826956 +0100 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -323,9 +330,10 @@ diff -up openssl-1.0.2e/crypto/des/set_key.c.fips openssl-1.0.2e/crypto/des/set_ { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -diff -up openssl-1.0.2e/crypto/dh/dh_gen.c.fips openssl-1.0.2e/crypto/dh/dh_gen.c ---- openssl-1.0.2e/crypto/dh/dh_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dh/dh_gen.c 2015-12-04 13:55:51.957562412 +0100 +Index: openssl-1.0.2g/crypto/dh/dh_gen.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dh/dh_gen.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/dh/dh_gen.c 2016-03-01 15:09:36.520826956 +0100 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -356,9 +364,10 @@ diff -up openssl-1.0.2e/crypto/dh/dh_gen.c.fips openssl-1.0.2e/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.0.2e/crypto/dh/dh.h.fips openssl-1.0.2e/crypto/dh/dh.h ---- openssl-1.0.2e/crypto/dh/dh.h.fips 2015-12-04 13:55:51.816559124 +0100 -+++ openssl-1.0.2e/crypto/dh/dh.h 2015-12-04 13:55:51.957562412 +0100 +Index: openssl-1.0.2g/crypto/dh/dh.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/dh/dh.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dh/dh.h 2016-03-01 15:09:36.521826973 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -368,9 +377,10 @@ diff -up openssl-1.0.2e/crypto/dh/dh.h.fips openssl-1.0.2e/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -diff -up openssl-1.0.2e/crypto/dh/dh_key.c.fips openssl-1.0.2e/crypto/dh/dh_key.c ---- openssl-1.0.2e/crypto/dh/dh_key.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dh/dh_key.c 2015-12-04 13:55:51.958562435 +0100 +Index: openssl-1.0.2g/crypto/dh/dh_key.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dh/dh_key.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dh/dh_key.c 2016-03-01 15:09:36.521826973 +0100 @@ -61,6 +61,9 @@ #include #include @@ -438,9 +448,10 @@ diff -up openssl-1.0.2e/crypto/dh/dh_key.c.fips openssl-1.0.2e/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.0.2e/crypto/dh/dh_lib.c.fips openssl-1.0.2e/crypto/dh/dh_lib.c ---- openssl-1.0.2e/crypto/dh/dh_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dh/dh_lib.c 2015-12-04 13:55:51.958562435 +0100 +Index: openssl-1.0.2g/crypto/dh/dh_lib.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dh/dh_lib.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/dh/dh_lib.c 2016-03-01 15:09:36.521826973 +0100 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -456,9 +467,10 @@ diff -up openssl-1.0.2e/crypto/dh/dh_lib.c.fips openssl-1.0.2e/crypto/dh/dh_lib. } return default_DH_method; } -diff -up openssl-1.0.2e/crypto/dsa/dsa_err.c.fips openssl-1.0.2e/crypto/dsa/dsa_err.c ---- openssl-1.0.2e/crypto/dsa/dsa_err.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_err.c 2015-12-04 13:55:51.958562435 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_err.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_err.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_err.c 2016-03-01 15:09:36.521826973 +0100 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -477,9 +489,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_err.c.fips openssl-1.0.2e/crypto/dsa/dsa_ {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -diff -up openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips openssl-1.0.2e/crypto/dsa/dsa_gen.c ---- openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_gen.c 2015-12-04 13:57:39.122061481 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_gen.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_gen.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_gen.c 2016-03-01 15:09:36.521826973 +0100 @@ -91,6 +91,16 @@ # include # endif @@ -930,9 +943,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips openssl-1.0.2e/crypto/dsa/dsa_ EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -diff -up openssl-1.0.2e/crypto/dsa/dsa.h.fips openssl-1.0.2e/crypto/dsa/dsa.h ---- openssl-1.0.2e/crypto/dsa/dsa.h.fips 2015-12-04 13:55:51.740557351 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa.h 2015-12-04 13:55:51.958562435 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa.h 2016-03-01 15:09:36.521826973 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -1000,9 +1014,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa.h.fips openssl-1.0.2e/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -diff -up openssl-1.0.2e/crypto/dsa/dsa_key.c.fips openssl-1.0.2e/crypto/dsa/dsa_key.c ---- openssl-1.0.2e/crypto/dsa/dsa_key.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_key.c 2015-12-04 13:55:51.958562435 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_key.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_key.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_key.c 2016-03-01 15:09:36.521826973 +0100 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1078,9 +1093,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_key.c.fips openssl-1.0.2e/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips openssl-1.0.2e/crypto/dsa/dsa_lib.c ---- openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_lib.c 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_lib.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_lib.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_lib.c 2016-03-01 15:09:36.521826973 +0100 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1096,9 +1112,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips openssl-1.0.2e/crypto/dsa/dsa_ } return default_DSA_method; } -diff -up openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips openssl-1.0.2e/crypto/dsa/dsa_locl.h ---- openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips 2015-12-04 13:55:51.742557398 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_locl.h 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_locl.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_locl.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_locl.h 2016-03-01 15:09:36.522826990 +0100 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1108,9 +1125,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips openssl-1.0.2e/crypto/dsa/dsa int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -diff -up openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2e/crypto/dsa/dsa_ossl.c ---- openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_ossl.c 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_ossl.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_ossl.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_ossl.c 2016-03-01 15:09:36.522826990 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1179,9 +1197,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2e/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2e/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsa_pmeth.c 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsa_pmeth.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsa_pmeth.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsa_pmeth.c 2016-03-01 15:09:36.522826990 +0100 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1191,9 +1210,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2e/crypto/dsa/ds if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -diff -up openssl-1.0.2e/crypto/dsa/dsatest.c.fips openssl-1.0.2e/crypto/dsa/dsatest.c ---- openssl-1.0.2e/crypto/dsa/dsatest.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/dsa/dsatest.c 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/dsa/dsatest.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/dsa/dsatest.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/dsa/dsatest.c 2016-03-01 15:09:36.522826990 +0100 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1277,9 +1297,10 @@ diff -up openssl-1.0.2e/crypto/dsa/dsatest.c.fips openssl-1.0.2e/crypto/dsa/dsat goto end; } if (h != 2) { -diff -up openssl-1.0.2e/crypto/engine/eng_all.c.fips openssl-1.0.2e/crypto/engine/eng_all.c ---- openssl-1.0.2e/crypto/engine/eng_all.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/engine/eng_all.c 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/engine/eng_all.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/engine/eng_all.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/engine/eng_all.c 2016-03-01 15:09:36.522826990 +0100 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1306,9 +1327,10 @@ diff -up openssl-1.0.2e/crypto/engine/eng_all.c.fips openssl-1.0.2e/crypto/engin #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -diff -up openssl-1.0.2e/crypto/evp/c_allc.c.fips openssl-1.0.2e/crypto/evp/c_allc.c ---- openssl-1.0.2e/crypto/evp/c_allc.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:55:51.959562458 +0100 +Index: openssl-1.0.2g/crypto/evp/c_allc.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/c_allc.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/c_allc.c 2016-03-01 15:09:36.522826990 +0100 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1385,9 +1407,10 @@ diff -up openssl-1.0.2e/crypto/evp/c_allc.c.fips openssl-1.0.2e/crypto/evp/c_all + } +#endif } -diff -up openssl-1.0.2e/crypto/evp/c_alld.c.fips openssl-1.0.2e/crypto/evp/c_alld.c ---- openssl-1.0.2e/crypto/evp/c_alld.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/c_alld.c 2015-12-04 13:55:51.960562482 +0100 +Index: openssl-1.0.2g/crypto/evp/c_alld.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/c_alld.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/c_alld.c 2016-03-01 15:09:36.522826990 +0100 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1493,9 +1516,10 @@ diff -up openssl-1.0.2e/crypto/evp/c_alld.c.fips openssl-1.0.2e/crypto/evp/c_all + } #endif } -diff -up openssl-1.0.2e/crypto/evp/digest.c.fips openssl-1.0.2e/crypto/evp/digest.c ---- openssl-1.0.2e/crypto/evp/digest.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/digest.c 2015-12-04 13:55:51.960562482 +0100 +Index: openssl-1.0.2g/crypto/evp/digest.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/digest.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/digest.c 2016-03-01 15:09:36.522826990 +0100 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1654,9 +1678,10 @@ diff -up openssl-1.0.2e/crypto/evp/digest.c.fips openssl-1.0.2e/crypto/evp/diges memset(ctx, '\0', sizeof *ctx); return 1; -diff -up openssl-1.0.2e/crypto/evp/e_aes.c.fips openssl-1.0.2e/crypto/evp/e_aes.c ---- openssl-1.0.2e/crypto/evp/e_aes.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:55:51.960562482 +0100 +Index: openssl-1.0.2g/crypto/evp/e_aes.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/e_aes.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/e_aes.c 2016-03-01 15:09:36.523827007 +0100 @@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1694,9 +1719,10 @@ diff -up openssl-1.0.2e/crypto/evp/e_aes.c.fips openssl-1.0.2e/crypto/evp/e_aes. if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -diff -up openssl-1.0.2e/crypto/evp/e_des3.c.fips openssl-1.0.2e/crypto/evp/e_des3.c ---- openssl-1.0.2e/crypto/evp/e_des3.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:55:51.960562482 +0100 +Index: openssl-1.0.2g/crypto/evp/e_des3.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/e_des3.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/e_des3.c 2016-03-01 15:09:36.523827007 +0100 @@ -65,10 +65,6 @@ # include # include @@ -1708,9 +1734,10 @@ diff -up openssl-1.0.2e/crypto/evp/e_des3.c.fips openssl-1.0.2e/crypto/evp/e_des typedef struct { union { double align; -diff -up openssl-1.0.2e/crypto/evp/e_null.c.fips openssl-1.0.2e/crypto/evp/e_null.c ---- openssl-1.0.2e/crypto/evp/e_null.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/e_null.c 2015-12-04 13:55:51.960562482 +0100 +Index: openssl-1.0.2g/crypto/evp/e_null.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/e_null.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/e_null.c 2016-03-01 15:09:36.523827007 +0100 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1720,9 +1747,10 @@ diff -up openssl-1.0.2e/crypto/evp/e_null.c.fips openssl-1.0.2e/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.0.2e/crypto/evp/evp_enc.c.fips openssl-1.0.2e/crypto/evp/evp_enc.c ---- openssl-1.0.2e/crypto/evp/evp_enc.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/evp_enc.c 2015-12-04 13:55:51.961562505 +0100 +Index: openssl-1.0.2g/crypto/evp/evp_enc.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/evp_enc.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/evp_enc.c 2016-03-01 15:09:36.523827007 +0100 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1890,9 +1918,10 @@ diff -up openssl-1.0.2e/crypto/evp/evp_enc.c.fips openssl-1.0.2e/crypto/evp/evp_ memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -diff -up openssl-1.0.2e/crypto/evp/evp.h.fips openssl-1.0.2e/crypto/evp/evp.h ---- openssl-1.0.2e/crypto/evp/evp.h.fips 2015-12-04 13:55:51.855560033 +0100 -+++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:55:51.961562505 +0100 +Index: openssl-1.0.2g/crypto/evp/evp.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/evp.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/evp.h 2016-03-01 15:09:36.523827007 +0100 @@ -122,6 +122,10 @@ extern "C" { #endif @@ -1946,9 +1975,10 @@ diff -up openssl-1.0.2e/crypto/evp/evp.h.fips openssl-1.0.2e/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -diff -up openssl-1.0.2e/crypto/evp/evp_lib.c.fips openssl-1.0.2e/crypto/evp/evp_lib.c ---- openssl-1.0.2e/crypto/evp/evp_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/evp_lib.c 2015-12-04 13:55:51.961562505 +0100 +Index: openssl-1.0.2g/crypto/evp/evp_lib.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/evp_lib.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/evp_lib.c 2016-03-01 15:09:36.523827007 +0100 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -2034,9 +2064,10 @@ diff -up openssl-1.0.2e/crypto/evp/evp_lib.c.fips openssl-1.0.2e/crypto/evp/evp_ return md->flags; } -diff -up openssl-1.0.2e/crypto/evp/evp_locl.h.fips openssl-1.0.2e/crypto/evp/evp_locl.h ---- openssl-1.0.2e/crypto/evp/evp_locl.h.fips 2015-12-04 13:55:51.851559940 +0100 -+++ openssl-1.0.2e/crypto/evp/evp_locl.h 2015-12-04 13:55:51.961562505 +0100 +Index: openssl-1.0.2g/crypto/evp/evp_locl.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/evp_locl.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/evp_locl.h 2016-03-01 15:09:36.523827007 +0100 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2070,9 +2101,10 @@ diff -up openssl-1.0.2e/crypto/evp/evp_locl.h.fips openssl-1.0.2e/crypto/evp/evp # define Camellia_set_key private_Camellia_set_key #endif -diff -up openssl-1.0.2e/crypto/evp/m_dss.c.fips openssl-1.0.2e/crypto/evp/m_dss.c ---- openssl-1.0.2e/crypto/evp/m_dss.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/m_dss.c 2015-12-04 13:55:51.961562505 +0100 +Index: openssl-1.0.2g/crypto/evp/m_dss.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/m_dss.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/m_dss.c 2016-03-01 15:09:36.524827024 +0100 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2082,9 +2114,10 @@ diff -up openssl-1.0.2e/crypto/evp/m_dss.c.fips openssl-1.0.2e/crypto/evp/m_dss. init, update, final, -diff -up openssl-1.0.2e/crypto/evp/m_dss1.c.fips openssl-1.0.2e/crypto/evp/m_dss1.c ---- openssl-1.0.2e/crypto/evp/m_dss1.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/m_dss1.c 2015-12-04 13:55:51.961562505 +0100 +Index: openssl-1.0.2g/crypto/evp/m_dss1.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/m_dss1.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/m_dss1.c 2016-03-01 15:09:36.524827024 +0100 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2094,9 +2127,10 @@ diff -up openssl-1.0.2e/crypto/evp/m_dss1.c.fips openssl-1.0.2e/crypto/evp/m_dss init, update, final, -diff -up openssl-1.0.2e/crypto/evp/m_md2.c.fips openssl-1.0.2e/crypto/evp/m_md2.c ---- openssl-1.0.2e/crypto/evp/m_md2.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/m_md2.c 2015-12-04 13:55:51.962562529 +0100 +Index: openssl-1.0.2g/crypto/evp/m_md2.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/m_md2.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/m_md2.c 2016-03-01 15:09:36.524827024 +0100 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2105,9 +2139,10 @@ diff -up openssl-1.0.2e/crypto/evp/m_md2.c.fips openssl-1.0.2e/crypto/evp/m_md2. static int init(EVP_MD_CTX *ctx) { -diff -up openssl-1.0.2e/crypto/evp/m_sha1.c.fips openssl-1.0.2e/crypto/evp/m_sha1.c ---- openssl-1.0.2e/crypto/evp/m_sha1.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/m_sha1.c 2015-12-04 13:55:51.962562529 +0100 +Index: openssl-1.0.2g/crypto/evp/m_sha1.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/m_sha1.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/m_sha1.c 2016-03-01 15:09:36.524827024 +0100 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2158,9 +2193,10 @@ diff -up openssl-1.0.2e/crypto/evp/m_sha1.c.fips openssl-1.0.2e/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.0.2e/crypto/evp/p_sign.c.fips openssl-1.0.2e/crypto/evp/p_sign.c ---- openssl-1.0.2e/crypto/evp/p_sign.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/p_sign.c 2015-12-04 13:55:51.962562529 +0100 +Index: openssl-1.0.2g/crypto/evp/p_sign.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/p_sign.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/p_sign.c 2016-03-01 15:09:36.524827024 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2192,9 +2228,10 @@ diff -up openssl-1.0.2e/crypto/evp/p_sign.c.fips openssl-1.0.2e/crypto/evp/p_sig if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -diff -up openssl-1.0.2e/crypto/evp/p_verify.c.fips openssl-1.0.2e/crypto/evp/p_verify.c ---- openssl-1.0.2e/crypto/evp/p_verify.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/p_verify.c 2015-12-04 13:55:51.962562529 +0100 +Index: openssl-1.0.2g/crypto/evp/p_verify.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/evp/p_verify.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/evp/p_verify.c 2016-03-01 15:09:36.524827024 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2226,9 +2263,10 @@ diff -up openssl-1.0.2e/crypto/evp/p_verify.c.fips openssl-1.0.2e/crypto/evp/p_v i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips 2015-12-04 13:55:51.962562529 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_aes_selftest.c 2015-12-04 13:55:51.962562529 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_aes_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_aes_selftest.c 2016-03-01 15:09:36.524827024 +0100 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2595,9 +2633,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2e/cryp +} + +#endif -diff -up openssl-1.0.2e/crypto/fips/fips.c.fips openssl-1.0.2e/crypto/fips/fips.c ---- openssl-1.0.2e/crypto/fips/fips.c.fips 2015-12-04 13:55:51.962562529 +0100 -+++ openssl-1.0.2e/crypto/fips/fips.c 2015-12-04 13:55:51.962562529 +0100 +Index: openssl-1.0.2g/crypto/fips/fips.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips.c 2016-03-01 15:09:36.524827024 +0100 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3082,9 +3121,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips.c.fips openssl-1.0.2e/crypto/fips/fips. +# endif + +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips 2015-12-04 13:55:51.963562552 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c 2015-12-04 13:55:51.963562552 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_cmac_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_cmac_selftest.c 2016-03-01 15:09:36.525827041 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3242,9 +3282,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2e/cry + return rv; +} +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_des_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips 2015-12-04 13:55:51.963562552 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_des_selftest.c 2015-12-04 13:55:51.963562552 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_des_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_des_selftest.c 2016-03-01 15:09:36.525827041 +0100 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3384,9 +3425,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2e/cryp + return ret; +} +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c ---- openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips 2015-12-04 13:55:51.963562552 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c 2015-12-04 13:55:51.963562552 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_ctr.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_ctr.c 2016-03-01 15:09:36.525827041 +0100 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3803,9 +3845,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2e/crypto/f + + return 1; +} -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_hash.c ---- openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips 2015-12-04 13:55:51.963562552 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_hash.c 2015-12-04 13:55:51.963562552 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_hash.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_hash.c 2016-03-01 15:09:36.525827041 +0100 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4165,9 +4208,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2e/crypto/ + + return 1; +} -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c ---- openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips 2015-12-04 13:55:51.963562552 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c 2015-12-04 13:55:51.963562552 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_hmac.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_hmac.c 2016-03-01 15:09:36.525827041 +0100 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4439,9 +4483,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2e/crypto/ + + return 1; +} -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_lib.c ---- openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips 2015-12-04 13:55:51.964562575 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_lib.c 2015-12-04 13:55:51.964562575 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_lib.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_lib.c 2016-03-01 15:09:36.525827041 +0100 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4996,9 +5041,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2e/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_rand.c ---- openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips 2015-12-04 13:55:51.964562575 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_rand.c 2015-12-04 13:55:51.964562575 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_rand.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_rand.c 2016-03-01 15:09:36.526827058 +0100 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5166,9 +5212,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2e/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips 2015-12-04 13:55:51.964562575 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c 2015-12-04 13:55:51.964562575 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_selftest.c 2016-03-01 15:09:36.526827058 +0100 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5997,9 +6044,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2e/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h ---- openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips 2015-12-04 13:55:51.965562598 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h 2015-12-04 13:55:51.965562598 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_drbg_selftest.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_drbg_selftest.h 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7792,9 +7840,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2e/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips 2015-12-04 13:55:51.965562598 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c 2015-12-04 13:55:51.965562598 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_dsa_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_dsa_selftest.c 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7988,9 +8037,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2e/cryp + return ret; +} +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_enc.c.fips openssl-1.0.2e/crypto/fips/fips_enc.c ---- openssl-1.0.2e/crypto/fips/fips_enc.c.fips 2015-12-04 13:55:51.965562598 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_enc.c 2015-12-04 13:55:51.965562598 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_enc.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_enc.c 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8181,9 +8231,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_enc.c.fips openssl-1.0.2e/crypto/fips/f + + } +} -diff -up openssl-1.0.2e/crypto/fips/fips.h.fips openssl-1.0.2e/crypto/fips/fips.h ---- openssl-1.0.2e/crypto/fips/fips.h.fips 2015-12-04 13:55:51.966562622 +0100 -+++ openssl-1.0.2e/crypto/fips/fips.h 2015-12-04 13:55:51.966562622 +0100 +Index: openssl-1.0.2g/crypto/fips/fips.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips.h 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8463,9 +8514,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips.h.fips openssl-1.0.2e/crypto/fips/fips. +} +# endif +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips 2015-12-04 13:55:51.966562622 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c 2015-12-04 13:55:51.966562622 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_hmac_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_hmac_selftest.c 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8601,9 +8653,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2e/cry + return 1; +} +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_locl.h.fips openssl-1.0.2e/crypto/fips/fips_locl.h ---- openssl-1.0.2e/crypto/fips/fips_locl.h.fips 2015-12-04 13:55:51.966562622 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_locl.h 2015-12-04 13:55:51.966562622 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_locl.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_locl.h 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8676,9 +8729,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_locl.h.fips openssl-1.0.2e/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_md.c.fips openssl-1.0.2e/crypto/fips/fips_md.c ---- openssl-1.0.2e/crypto/fips/fips_md.c.fips 2015-12-04 13:55:51.966562622 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_md.c 2015-12-04 13:55:51.966562622 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_md.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_md.c 2016-03-01 15:09:36.527827075 +0100 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8824,9 +8878,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_md.c.fips openssl-1.0.2e/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.0.2e/crypto/fips/fips_post.c.fips openssl-1.0.2e/crypto/fips/fips_post.c ---- openssl-1.0.2e/crypto/fips/fips_post.c.fips 2015-12-04 13:55:51.966562622 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_post.c 2015-12-04 13:55:51.966562622 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_post.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_post.c 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9029,9 +9084,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_post.c.fips openssl-1.0.2e/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_rand.c.fips openssl-1.0.2e/crypto/fips/fips_rand.c ---- openssl-1.0.2e/crypto/fips/fips_rand.c.fips 2015-12-04 13:55:51.967562645 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rand.c 2015-12-04 13:55:51.967562645 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rand.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rand.c 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9461,9 +9517,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rand.c.fips openssl-1.0.2e/crypto/fips/ +} + +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_rand.h.fips openssl-1.0.2e/crypto/fips/fips_rand.h ---- openssl-1.0.2e/crypto/fips/fips_rand.h.fips 2015-12-04 13:55:51.967562645 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rand.h 2015-12-04 13:55:51.967562645 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rand.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rand.h 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9628,9 +9685,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rand.h.fips openssl-1.0.2e/crypto/fips/ +# endif +# endif +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2e/crypto/fips/fips_rand_lcl.h ---- openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips 2015-12-04 13:55:51.967562645 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rand_lcl.h 2015-12-04 13:55:51.967562645 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rand_lcl.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rand_lcl.h 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9845,9 +9903,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2e/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2e/crypto/fips/fips_rand_lib.c ---- openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips 2015-12-04 13:55:51.967562645 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rand_lib.c 2015-12-04 13:55:51.967562645 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rand_lib.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rand_lib.c 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10030,9 +10089,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2e/crypto/f + } + return 0; +} -diff -up openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips 2015-12-04 13:55:51.967562645 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rand_selftest.c 2015-12-04 13:55:51.967562645 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rand_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rand_selftest.c 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10210,9 +10270,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2e/cry +} + +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_randtest.c.fips openssl-1.0.2e/crypto/fips/fips_randtest.c ---- openssl-1.0.2e/crypto/fips/fips_randtest.c.fips 2015-12-04 13:55:51.967562645 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_randtest.c 2015-12-04 13:55:51.967562645 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_randtest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_randtest.c 2016-03-01 15:09:36.528827092 +0100 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10461,9 +10522,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_randtest.c.fips openssl-1.0.2e/crypto/f +} + +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips 2015-12-04 13:55:51.968562668 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c 2015-12-04 13:55:51.968562668 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rsa_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rsa_selftest.c 2016-03-01 15:09:36.529827109 +0100 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10909,9 +10971,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2e/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips 2015-12-04 13:55:51.968562668 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c 2015-12-04 13:55:51.968562668 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_rsa_x931g.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_rsa_x931g.c 2016-03-01 15:09:36.529827109 +0100 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11186,9 +11249,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2e/crypto/ + return 0; + +} -diff -up openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_sha_selftest.c ---- openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips 2015-12-04 13:55:51.968562668 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_sha_selftest.c 2015-12-04 13:55:51.968562668 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_sha_selftest.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_sha_selftest.c 2016-03-01 15:09:36.529827109 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11335,9 +11399,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2e/cryp +} + +#endif -diff -up openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c ---- openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips 2015-12-04 13:55:51.968562668 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c 2015-12-04 13:55:51.968562668 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_standalone_hmac.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_standalone_hmac.c 2016-03-01 15:09:36.529827109 +0100 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11607,9 +11672,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2e/c +#endif + return 0; +} -diff -up openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips openssl-1.0.2e/crypto/fips/fips_test_suite.c ---- openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips 2015-12-04 13:55:51.968562668 +0100 -+++ openssl-1.0.2e/crypto/fips/fips_test_suite.c 2015-12-04 13:55:51.968562668 +0100 +Index: openssl-1.0.2g/crypto/fips/fips_test_suite.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/fips_test_suite.c 2016-03-01 15:09:36.529827109 +0100 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12250,9 +12316,10 @@ diff -up openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips openssl-1.0.2e/crypto +} + +#endif -diff -up openssl-1.0.2e/crypto/fips/Makefile.fips openssl-1.0.2e/crypto/fips/Makefile ---- openssl-1.0.2e/crypto/fips/Makefile.fips 2015-12-04 13:55:51.969562692 +0100 -+++ openssl-1.0.2e/crypto/fips/Makefile 2015-12-04 13:55:51.969562692 +0100 +Index: openssl-1.0.2g/crypto/fips/Makefile +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.0.2g/crypto/fips/Makefile 2016-03-01 15:09:36.530827126 +0100 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12595,9 +12662,10 @@ diff -up openssl-1.0.2e/crypto/fips/Makefile.fips openssl-1.0.2e/crypto/fips/Mak +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -diff -up openssl-1.0.2e/crypto/hmac/hmac.c.fips openssl-1.0.2e/crypto/hmac/hmac.c ---- openssl-1.0.2e/crypto/hmac/hmac.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/hmac/hmac.c 2015-12-04 13:55:51.969562692 +0100 +Index: openssl-1.0.2g/crypto/hmac/hmac.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/hmac/hmac.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/hmac/hmac.c 2016-03-01 15:09:36.530827126 +0100 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12660,9 +12728,10 @@ diff -up openssl-1.0.2e/crypto/hmac/hmac.c.fips openssl-1.0.2e/crypto/hmac/hmac. EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -diff -up openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2e/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/mdc2/mdc2dgst.c 2015-12-04 13:55:51.969562692 +0100 +Index: openssl-1.0.2g/crypto/mdc2/mdc2dgst.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/mdc2/mdc2dgst.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/mdc2/mdc2dgst.c 2016-03-01 15:09:36.530827126 +0100 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12672,9 +12741,10 @@ diff -up openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2e/crypto/mdc2/m { c->num = 0; c->pad_type = 1; -diff -up openssl-1.0.2e/crypto/md2/md2_dgst.c.fips openssl-1.0.2e/crypto/md2/md2_dgst.c ---- openssl-1.0.2e/crypto/md2/md2_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/md2/md2_dgst.c 2015-12-04 13:55:51.969562692 +0100 +Index: openssl-1.0.2g/crypto/md2/md2_dgst.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/md2/md2_dgst.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/md2/md2_dgst.c 2016-03-01 15:09:36.530827126 +0100 @@ -62,6 +62,11 @@ #include #include @@ -12696,9 +12766,10 @@ diff -up openssl-1.0.2e/crypto/md2/md2_dgst.c.fips openssl-1.0.2e/crypto/md2/md2 { c->num = 0; memset(c->state, 0, sizeof c->state); -diff -up openssl-1.0.2e/crypto/md4/md4_dgst.c.fips openssl-1.0.2e/crypto/md4/md4_dgst.c ---- openssl-1.0.2e/crypto/md4/md4_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/md4/md4_dgst.c 2015-12-04 13:55:51.969562692 +0100 +Index: openssl-1.0.2g/crypto/md4/md4_dgst.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/md4/md4_dgst.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/md4/md4_dgst.c 2016-03-01 15:09:36.530827126 +0100 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12708,9 +12779,10 @@ diff -up openssl-1.0.2e/crypto/md4/md4_dgst.c.fips openssl-1.0.2e/crypto/md4/md4 { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -diff -up openssl-1.0.2e/crypto/md5/md5_dgst.c.fips openssl-1.0.2e/crypto/md5/md5_dgst.c ---- openssl-1.0.2e/crypto/md5/md5_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/md5/md5_dgst.c 2015-12-04 13:55:51.969562692 +0100 +Index: openssl-1.0.2g/crypto/md5/md5_dgst.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/md5/md5_dgst.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/md5/md5_dgst.c 2016-03-01 15:09:36.530827126 +0100 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12720,9 +12792,10 @@ diff -up openssl-1.0.2e/crypto/md5/md5_dgst.c.fips openssl-1.0.2e/crypto/md5/md5 { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -diff -up openssl-1.0.2e/crypto/o_fips.c.fips openssl-1.0.2e/crypto/o_fips.c ---- openssl-1.0.2e/crypto/o_fips.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/o_fips.c 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/o_fips.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/o_fips.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/o_fips.c 2016-03-01 15:09:36.530827126 +0100 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12732,9 +12805,10 @@ diff -up openssl-1.0.2e/crypto/o_fips.c.fips openssl-1.0.2e/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -diff -up openssl-1.0.2e/crypto/o_init.c.fips openssl-1.0.2e/crypto/o_init.c ---- openssl-1.0.2e/crypto/o_init.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/o_init.c 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/o_init.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/o_init.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/o_init.c 2016-03-01 15:09:36.530827126 +0100 @@ -56,8 +56,37 @@ #include #include @@ -12804,9 +12878,10 @@ diff -up openssl-1.0.2e/crypto/o_init.c.fips openssl-1.0.2e/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.0.2e/crypto/opensslconf.h.in.fips openssl-1.0.2e/crypto/opensslconf.h.in ---- openssl-1.0.2e/crypto/opensslconf.h.in.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/opensslconf.h.in 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/opensslconf.h.in +=================================================================== +--- openssl-1.0.2g.orig/crypto/opensslconf.h.in 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/opensslconf.h.in 2016-03-01 15:09:36.531827143 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12828,9 +12903,10 @@ diff -up openssl-1.0.2e/crypto/opensslconf.h.in.fips openssl-1.0.2e/crypto/opens /* Generate 80386 code? */ #undef I386_ONLY -diff -up openssl-1.0.2e/crypto/rand/md_rand.c.fips openssl-1.0.2e/crypto/rand/md_rand.c ---- openssl-1.0.2e/crypto/rand/md_rand.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rand/md_rand.c 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/rand/md_rand.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rand/md_rand.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/rand/md_rand.c 2016-03-01 15:09:36.531827143 +0100 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12843,9 +12919,10 @@ diff -up openssl-1.0.2e/crypto/rand/md_rand.c.fips openssl-1.0.2e/crypto/rand/md RAND_poll(); initialized = 1; } -diff -up openssl-1.0.2e/crypto/rand/rand.h.fips openssl-1.0.2e/crypto/rand/rand.h ---- openssl-1.0.2e/crypto/rand/rand.h.fips 2015-12-04 13:55:51.729557095 +0100 -+++ openssl-1.0.2e/crypto/rand/rand.h 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/rand/rand.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/rand/rand.h 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/rand/rand.h 2016-03-01 15:09:36.531827143 +0100 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12886,9 +12963,10 @@ diff -up openssl-1.0.2e/crypto/rand/rand.h.fips openssl-1.0.2e/crypto/rand/rand. #ifdef __cplusplus } -diff -up openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2e/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/ripemd/rmd_dgst.c 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/ripemd/rmd_dgst.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/ripemd/rmd_dgst.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/ripemd/rmd_dgst.c 2016-03-01 15:09:36.531827143 +0100 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12898,9 +12976,10 @@ diff -up openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2e/crypto/ripe { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -diff -up openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2e/crypto/rsa/rsa_crpt.c ---- openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_crpt.c 2015-12-04 13:55:51.970562715 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_crpt.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_crpt.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_crpt.c 2016-03-01 15:09:36.531827143 +0100 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -12927,9 +13006,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2e/crypto/rsa/rsa return -1; } #endif -diff -up openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips openssl-1.0.2e/crypto/rsa/rsa_eay.c ---- openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_eay.c 2015-12-04 13:55:51.971562738 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_eay.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_eay.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_eay.c 2016-03-01 15:09:36.531827143 +0100 @@ -114,6 +114,10 @@ #include #include @@ -13052,9 +13132,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips openssl-1.0.2e/crypto/rsa/rsa_ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -diff -up openssl-1.0.2e/crypto/rsa/rsa_err.c.fips openssl-1.0.2e/crypto/rsa/rsa_err.c ---- openssl-1.0.2e/crypto/rsa/rsa_err.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_err.c 2015-12-04 13:55:51.971562738 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_err.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_err.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_err.c 2016-03-01 15:09:36.531827143 +0100 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13064,9 +13145,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_err.c.fips openssl-1.0.2e/crypto/rsa/rsa_ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -diff -up openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips openssl-1.0.2e/crypto/rsa/rsa_gen.c ---- openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_gen.c 2015-12-04 13:55:51.971562738 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-03-01 15:09:36.532827159 +0100 @@ -69,8 +69,80 @@ #include #ifdef OPENSSL_FIPS @@ -13208,9 +13290,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips openssl-1.0.2e/crypto/rsa/rsa_ ok = 1; err: if (ok == -1) { -diff -up openssl-1.0.2e/crypto/rsa/rsa.h.fips openssl-1.0.2e/crypto/rsa/rsa.h ---- openssl-1.0.2e/crypto/rsa/rsa.h.fips 2015-12-04 13:55:51.859560126 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa.h 2015-12-04 13:55:51.971562738 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa.h 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa.h 2016-03-01 15:09:36.532827159 +0100 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13307,9 +13390,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa.h.fips openssl-1.0.2e/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips openssl-1.0.2e/crypto/rsa/rsa_lib.c ---- openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_lib.c 2015-12-04 13:55:51.971562738 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_lib.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_lib.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_lib.c 2016-03-01 15:09:36.532827159 +0100 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13382,9 +13466,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips openssl-1.0.2e/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -diff -up openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2e/crypto/rsa/rsa_pmeth.c ---- openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_pmeth.c 2015-12-04 13:55:51.972562762 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_pmeth.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_pmeth.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_pmeth.c 2016-03-01 15:09:36.532827159 +0100 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13424,9 +13509,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2e/crypto/rsa/rs if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -diff -up openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips openssl-1.0.2e/crypto/rsa/rsa_sign.c ---- openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/rsa/rsa_sign.c 2015-12-04 13:55:51.972562762 +0100 +Index: openssl-1.0.2g/crypto/rsa/rsa_sign.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/rsa/rsa_sign.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/rsa/rsa_sign.c 2016-03-01 15:09:36.532827159 +0100 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13465,9 +13551,10 @@ diff -up openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips openssl-1.0.2e/crypto/rsa/rsa if (i <= 0) goto err; -diff -up openssl-1.0.2e/crypto/sha/sha.h.fips openssl-1.0.2e/crypto/sha/sha.h ---- openssl-1.0.2e/crypto/sha/sha.h.fips 2015-12-04 13:55:51.651555276 +0100 -+++ openssl-1.0.2e/crypto/sha/sha.h 2015-12-04 13:55:51.972562762 +0100 +Index: openssl-1.0.2g/crypto/sha/sha.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/sha/sha.h 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/sha/sha.h 2016-03-01 15:09:36.532827159 +0100 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13510,9 +13597,10 @@ diff -up openssl-1.0.2e/crypto/sha/sha.h.fips openssl-1.0.2e/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -diff -up openssl-1.0.2e/crypto/sha/sha_locl.h.fips openssl-1.0.2e/crypto/sha/sha_locl.h ---- openssl-1.0.2e/crypto/sha/sha_locl.h.fips 2015-12-04 13:55:51.653555322 +0100 -+++ openssl-1.0.2e/crypto/sha/sha_locl.h 2015-12-04 13:55:51.972562762 +0100 +Index: openssl-1.0.2g/crypto/sha/sha_locl.h +=================================================================== +--- openssl-1.0.2g.orig/crypto/sha/sha_locl.h 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/sha/sha_locl.h 2016-03-01 15:09:36.532827159 +0100 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13529,9 +13617,10 @@ diff -up openssl-1.0.2e/crypto/sha/sha_locl.h.fips openssl-1.0.2e/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.0.2e/crypto/sha/sha256.c.fips openssl-1.0.2e/crypto/sha/sha256.c ---- openssl-1.0.2e/crypto/sha/sha256.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/sha/sha256.c 2015-12-04 13:55:51.972562762 +0100 +Index: openssl-1.0.2g/crypto/sha/sha256.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/sha/sha256.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/sha/sha256.c 2016-03-01 15:09:36.533827177 +0100 @@ -12,12 +12,19 @@ # include @@ -13562,9 +13651,10 @@ diff -up openssl-1.0.2e/crypto/sha/sha256.c.fips openssl-1.0.2e/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.0.2e/crypto/sha/sha512.c.fips openssl-1.0.2e/crypto/sha/sha512.c ---- openssl-1.0.2e/crypto/sha/sha512.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/sha/sha512.c 2015-12-04 13:55:51.972562762 +0100 +Index: openssl-1.0.2g/crypto/sha/sha512.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/sha/sha512.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/crypto/sha/sha512.c 2016-03-01 15:09:36.533827177 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13596,9 +13686,10 @@ diff -up openssl-1.0.2e/crypto/sha/sha512.c.fips openssl-1.0.2e/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2e/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/whrlpool/wp_dgst.c 2015-12-04 13:55:51.973562785 +0100 +Index: openssl-1.0.2g/crypto/whrlpool/wp_dgst.c +=================================================================== +--- openssl-1.0.2g.orig/crypto/whrlpool/wp_dgst.c 2016-03-01 14:35:05.000000000 +0100 ++++ openssl-1.0.2g/crypto/whrlpool/wp_dgst.c 2016-03-01 15:09:36.533827177 +0100 @@ -55,7 +55,7 @@ #include #include @@ -13608,10 +13699,11 @@ diff -up openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2e/crypto/whr { memset(c, 0, sizeof(*c)); return (1); -diff -up openssl-1.0.2e/Makefile.org.fips openssl-1.0.2e/Makefile.org ---- openssl-1.0.2e/Makefile.org.fips 2015-12-04 13:55:51.943562085 +0100 -+++ openssl-1.0.2e/Makefile.org 2015-12-04 13:55:51.973562785 +0100 -@@ -137,6 +137,9 @@ FIPSCANLIB= +Index: openssl-1.0.2g/Makefile.org +=================================================================== +--- openssl-1.0.2g.orig/Makefile.org 2016-03-01 15:09:36.507826736 +0100 ++++ openssl-1.0.2g/Makefile.org 2016-03-01 15:09:36.533827177 +0100 +@@ -136,6 +136,9 @@ FIPSCANLIB= BASEADDR= @@ -13621,7 +13713,7 @@ diff -up openssl-1.0.2e/Makefile.org.fips openssl-1.0.2e/Makefile.org DIRS= crypto ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl -@@ -149,7 +152,7 @@ SDIRS= \ +@@ -148,7 +151,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ @@ -13630,7 +13722,7 @@ diff -up openssl-1.0.2e/Makefile.org.fips openssl-1.0.2e/Makefile.org # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... -@@ -240,6 +243,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) +@@ -238,6 +241,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSDIR='${FIPSDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ @@ -13638,9 +13730,10 @@ diff -up openssl-1.0.2e/Makefile.org.fips openssl-1.0.2e/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.2e/ssl/ssl_algs.c.fips openssl-1.0.2e/ssl/ssl_algs.c ---- openssl-1.0.2e/ssl/ssl_algs.c.fips 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/ssl/ssl_algs.c 2015-12-04 13:55:51.973562785 +0100 +Index: openssl-1.0.2g/ssl/ssl_algs.c +=================================================================== +--- openssl-1.0.2g.orig/ssl/ssl_algs.c 2016-03-01 14:35:53.000000000 +0100 ++++ openssl-1.0.2g/ssl/ssl_algs.c 2016-03-01 15:09:36.533827177 +0100 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2e.tar.gz b/openssl-1.0.2e.tar.gz deleted file mode 100644 index 927a0fa..0000000 --- a/openssl-1.0.2e.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff -size 5256555 diff --git a/openssl-1.0.2e.tar.gz.asc b/openssl-1.0.2e.tar.gz.asc deleted file mode 100644 index c38537a..0000000 --- a/openssl-1.0.2e.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJWYIyiAAoJENnE0m0OYESRdSwIAIlfOOvtTaKbsY1gDhM8LaAM -gC2HYR18ipcz0ZdZzNch/mGy8gpVNmBWDhWzTd5Yz0AHRFX0fpOX7QZXHozV/QaB -2LmQ9N1QbztqSq0MW+2VCX31BR79wWYHVQF4A9QT7MOwCSA3RhGfEiZiIHNNloRa -j55Dpe0CMVdpdQc2WxlUC1A8O837bwr6ruPxctneJAvHK/XyeS/ta7a4eI8UQxMS -zkBNlsuiWQRzlAqMyiAkqu9NBkuLdBhP5Gkh2D8XP/yt1KwECFJiyAc0PFXTMILi -cNG5KdPe3tN3xCgR38k4/DKRNi4F1IVoe5YE7sk7U2wmG4dc5Z/9zGCTx+2atc0= -=PIJl ------END PGP SIGNATURE----- diff --git a/openssl-1.0.2g.tar.gz b/openssl-1.0.2g.tar.gz new file mode 100644 index 0000000..52da9c0 --- /dev/null +++ b/openssl-1.0.2g.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 +size 5266102 diff --git a/openssl-1.0.2g.tar.gz.asc b/openssl-1.0.2g.tar.gz.asc new file mode 100644 index 0000000..b26c33f --- /dev/null +++ b/openssl-1.0.2g.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJW1Zr6AAoJENnE0m0OYESRRpkH/0SkDJcp4rvICbxuaD9jyJCa +UJLH3vSMfJ9QNMdIp8yemixGSvjr0mPhFOcZPysXRZo88IwuIV0+Q5I7hvCQ0PSt +YH/HzBZO0eShhUyDxb397odbbhsAkZFJytT+EXdFqd0HJLtWuPxaBF0WPgkklOQC +3R/sv+M8FAaZiIbdBwNv1FNgGG26T4up0RgV0ETpXXv9Da+AViGrefA5szKAj9aL +SOCRuUnzQO7ohSh5AZvgHylh1m7CGpH4MIyoAtNFtyogukO3yS3CzZ1iFcjsdHDn +sDIRZ18a5JOX/vWU0OmUXGhF7XXV93S1/1mKAAEXRJZOxzrneFuyv5b61t/xXCE= +=/pDQ +-----END PGP SIGNATURE----- diff --git a/openssl.changes b/openssl.changes index 74e95eb..2b8c16c 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Tue Mar 1 14:40:18 UTC 2016 - vcizek@suse.com + +- update to 1.0.2g (bsc#968044) + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + (CVE-2016-0800) + * Fix a double-free in DSA code + (CVE-2016-0705) + * Disable SRP fake user seed to address a server memory leak. + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. + (CVE-2016-0798) + * Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + *) Side channel attack on modular exponentiation + http://cachebleed.info. + (CVE-2016-0702) + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + +------------------------------------------------------------------- +Thu Jan 28 15:10:38 UTC 2016 - vcizek@suse.com + +- update to 1.0.2f (boo#963410) + *) DH small subgroups (boo#963413) + Historically OpenSSL only ever generated DH parameters based on "safe" + primes. More recently (in version 1.0.2) support was provided for + generating X9.42 style parameter files such as those required for RFC 5114 + support. The primes used in such files may not be "safe". Where an + application is using DH configured with parameters based on primes that are + not "safe" then an attacker could use this fact to find a peer's private + DH exponent. This attack requires that the attacker complete multiple + handshakes in which the peer uses the same private DH exponent. For example + this could be used to discover a TLS server's private DH exponent if it's + reusing the private DH exponent or it's using a static DH ciphersuite. + (CVE-2016-0701) + *) SSLv2 doesn't block disabled ciphers (boo#963415) + A malicious client can negotiate SSLv2 ciphers that have been disabled on + the server and complete SSLv2 handshakes even if all SSLv2 ciphers have + been disabled, provided that the SSLv2 protocol was not also disabled via + SSL_OP_NO_SSLv2. + (CVE-2015-3197) + *) Reject DH handshakes with parameters shorter than 1024 bits. + ------------------------------------------------------------------- Fri Dec 4 23:06:18 UTC 2015 - vcizek@suse.com diff --git a/openssl.spec b/openssl.spec index 8b27526..10dbd24 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,7 +1,7 @@ # # spec file for package openssl # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2e +Version: 1.0.2g Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL