diff --git a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch index 282776e..1bafead 100644 --- a/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch +++ b/0001-Axe-builtin-printf-implementation-use-glibc-instead.patch @@ -4,10 +4,10 @@ Date: Sun, 4 May 2014 23:36:54 -0400 Subject: [PATCH] Axe builtin printf implementation, use glibc instead -Index: openssl-1.0.2g/crypto/bio/b_print.c +Index: openssl-1.0.2i/crypto/bio/b_print.c =================================================================== ---- openssl-1.0.2g.orig/crypto/bio/b_print.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/crypto/bio/b_print.c 2016-03-01 15:26:55.597307479 +0100 +--- openssl-1.0.2i.orig/crypto/bio/b_print.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/bio/b_print.c 2016-09-23 10:18:39.805097010 +0200 @@ -56,17 +56,10 @@ * [including the GNU Public Licence.] */ @@ -28,7 +28,7 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c #include #include #include -@@ -79,708 +72,6 @@ +@@ -79,714 +72,6 @@ #include /* To get BN_LLONG properly defined */ #include @@ -376,9 +376,15 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c - break; - } - } -- *truncated = (currlen > *maxlen - 1); -- if (*truncated) -- currlen = *maxlen - 1; +- /* +- * We have to truncate if there is no dynamic buffer and we have filled the +- * static buffer. +- */ +- if (buffer == NULL) { +- *truncated = (currlen > *maxlen - 1); +- if (*truncated) +- currlen = *maxlen - 1; +- } - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) - return 0; - *retlen = currlen - 1; @@ -737,7 +743,7 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c int BIO_printf(BIO *bio, const char *format, ...) { va_list args; -@@ -794,32 +85,36 @@ int BIO_printf(BIO *bio, const char *for +@@ -800,32 +85,36 @@ int BIO_printf(BIO *bio, const char *for return (ret); } @@ -797,7 +803,7 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c return (ret); } -@@ -835,29 +130,21 @@ int BIO_snprintf(char *buf, size_t n, co +@@ -841,29 +130,21 @@ int BIO_snprintf(char *buf, size_t n, co int ret; va_start(args, format); diff --git a/0001-libcrypto-Hide-library-private-symbols.patch b/0001-libcrypto-Hide-library-private-symbols.patch index 023ce2f..9b44092 100644 --- a/0001-libcrypto-Hide-library-private-symbols.patch +++ b/0001-libcrypto-Hide-library-private-symbols.patch @@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols crypto/x509v3/pcy_int.h | 3 +++ 31 files changed, 85 insertions(+), 17 deletions(-) -Index: openssl-1.0.2b/apps/Makefile +Index: openssl-1.0.2i/apps/Makefile =================================================================== ---- openssl-1.0.2b.orig/apps/Makefile 2015-06-11 15:55:38.000000000 +0200 -+++ openssl-1.0.2b/apps/Makefile 2015-06-11 17:50:03.669860202 +0200 +--- openssl-1.0.2i.orig/apps/Makefile 2016-09-22 12:24:52.000000000 +0200 ++++ openssl-1.0.2i/apps/Makefile 2016-09-23 10:20:47.883004040 +0200 @@ -20,7 +20,7 @@ EXE_EXT= SHLIB_TARGET= @@ -50,10 +50,10 @@ Index: openssl-1.0.2b/apps/Makefile GENERAL=Makefile makeapps.com install.com -Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h +Index: openssl-1.0.2i/crypto/asn1/asn1_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/asn1/asn1_locl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/asn1/asn1_locl.h 2015-06-11 17:50:03.670860215 +0200 +--- openssl-1.0.2i.orig/crypto/asn1/asn1_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/asn1/asn1_locl.h 2016-09-23 10:20:47.883004040 +0200 @@ -62,6 +62,8 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); @@ -69,10 +69,10 @@ Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.2b/crypto/bn/bn_lcl.h +Index: openssl-1.0.2i/crypto/bn/bn_lcl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/bn/bn_lcl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/bn/bn_lcl.h 2015-06-11 17:50:03.670860215 +0200 +--- openssl-1.0.2i.orig/crypto/bn/bn_lcl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/bn/bn_lcl.h 2016-09-23 10:20:47.883004040 +0200 @@ -505,6 +505,8 @@ unsigned __int64 _umul128(unsigned __int # undef bn_div_words # endif @@ -91,10 +91,10 @@ Index: openssl-1.0.2b/crypto/bn/bn_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.2b/crypto/cast/cast_lcl.h +Index: openssl-1.0.2i/crypto/cast/cast_lcl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/cast/cast_lcl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/cast/cast_lcl.h 2015-06-11 17:50:03.670860215 +0200 +--- openssl-1.0.2i.orig/crypto/cast/cast_lcl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/cast/cast_lcl.h 2016-09-23 10:20:47.883004040 +0200 @@ -217,6 +217,7 @@ } #endif @@ -108,10 +108,10 @@ Index: openssl-1.0.2b/crypto/cast/cast_lcl.h extern const CAST_LONG CAST_S_table6[256]; extern const CAST_LONG CAST_S_table7[256]; +#pragma GCC visibility pop -Index: openssl-1.0.2b/crypto/cms/cms_lcl.h +Index: openssl-1.0.2i/crypto/cms/cms_lcl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/cms/cms_lcl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/cms/cms_lcl.h 2015-06-11 17:50:03.670860215 +0200 +--- openssl-1.0.2i.orig/crypto/cms/cms_lcl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/cms/cms_lcl.h 2016-09-23 10:20:47.883004040 +0200 @@ -410,6 +410,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA # define CMS_OIK_KEYIDENTIFIER 1 # define CMS_OIK_PUBKEY 2 @@ -130,10 +130,10 @@ Index: openssl-1.0.2b/crypto/cms/cms_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.2b/crypto/des/des_locl.h +Index: openssl-1.0.2i/crypto/des/des_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/des/des_locl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/des/des_locl.h 2015-06-11 17:50:03.670860215 +0200 +--- openssl-1.0.2i.orig/crypto/des/des_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/des/des_locl.h 2016-09-23 10:20:47.883004040 +0200 @@ -432,10 +432,12 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } @@ -147,10 +147,10 @@ Index: openssl-1.0.2b/crypto/des/des_locl.h # ifdef OPENSSL_SMALL_FOOTPRINT # undef DES_UNROLL -Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h +Index: openssl-1.0.2i/crypto/dsa/dsa_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/dsa/dsa_locl.h 2015-06-11 17:41:59.488534507 +0200 -+++ openssl-1.0.2b/crypto/dsa/dsa_locl.h 2015-06-11 17:50:03.670860215 +0200 +--- openssl-1.0.2i.orig/crypto/dsa/dsa_locl.h 2016-09-23 10:20:47.695001240 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_locl.h 2016-09-23 10:20:47.883004040 +0200 @@ -58,7 +58,7 @@ int dsa_builtin_paramgen(DSA *ret, size_ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, @@ -160,10 +160,10 @@ Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, const EVP_MD *evpmd, const unsigned char *seed_in, -Index: openssl-1.0.2b/crypto/ec/ec_lcl.h +Index: openssl-1.0.2i/crypto/ec/ec_lcl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/ec/ec_lcl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/ec/ec_lcl.h 2015-06-11 17:50:03.671860227 +0200 +--- openssl-1.0.2i.orig/crypto/ec/ec_lcl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ec/ec_lcl.h 2016-09-23 10:20:47.887004099 +0200 @@ -89,6 +89,8 @@ * change in future versions. */ @@ -179,10 +179,10 @@ Index: openssl-1.0.2b/crypto/ec/ec_lcl.h #endif + +#pragma GCC visibility pop -Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h +Index: openssl-1.0.2i/crypto/ecdh/ech_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/ecdh/ech_locl.h 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/ecdh/ech_locl.h 2015-06-11 17:50:03.671860227 +0200 +--- openssl-1.0.2i.orig/crypto/ecdh/ech_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ecdh/ech_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -58,6 +58,8 @@ # include @@ -198,10 +198,10 @@ Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h +#pragma GCC visibility pop #endif /* HEADER_ECH_LOCL_H */ -Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h +Index: openssl-1.0.2i/crypto/ecdsa/ecs_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/ecdsa/ecs_locl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/ecdsa/ecs_locl.h 2015-06-11 17:50:03.671860227 +0200 +--- openssl-1.0.2i.orig/crypto/ecdsa/ecs_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ecdsa/ecs_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -61,6 +61,8 @@ # include @@ -217,10 +217,10 @@ Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h +#pragma GCC visibility pop #endif /* HEADER_ECS_LOCL_H */ -Index: openssl-1.0.2b/crypto/engine/eng_int.h +Index: openssl-1.0.2i/crypto/engine/eng_int.h =================================================================== ---- openssl-1.0.2b.orig/crypto/engine/eng_int.h 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/engine/eng_int.h 2015-06-11 17:50:03.671860227 +0200 +--- openssl-1.0.2i.orig/crypto/engine/eng_int.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/engine/eng_int.h 2016-09-23 10:20:47.887004099 +0200 @@ -69,6 +69,8 @@ /* Take public definitions from engine.h */ # include @@ -236,10 +236,10 @@ Index: openssl-1.0.2b/crypto/engine/eng_int.h +#pragma GCC visibility pop #endif /* HEADER_ENGINE_INT_H */ -Index: openssl-1.0.2b/crypto/evp/e_aes.c +Index: openssl-1.0.2i/crypto/evp/e_aes.c =================================================================== ---- openssl-1.0.2b.orig/crypto/evp/e_aes.c 2015-06-11 17:41:59.490534533 +0200 -+++ openssl-1.0.2b/crypto/evp/e_aes.c 2015-06-11 17:50:03.671860227 +0200 +--- openssl-1.0.2i.orig/crypto/evp/e_aes.c 2016-09-23 10:20:47.695001240 +0200 ++++ openssl-1.0.2i/crypto/evp/e_aes.c 2016-09-23 10:20:47.887004099 +0200 @@ -116,6 +116,8 @@ typedef struct { # define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) @@ -275,11 +275,11 @@ Index: openssl-1.0.2b/crypto/evp/e_aes.c static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { -Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c +Index: openssl-1.0.2i/crypto/evp/e_aes_cbc_hmac_sha1.c =================================================================== ---- openssl-1.0.2b.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 17:50:03.672860241 +0200 -@@ -97,6 +97,8 @@ typedef struct { +--- openssl-1.0.2i.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-09-23 10:20:47.887004099 +0200 +@@ -98,6 +98,8 @@ typedef struct { extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) @@ -288,7 +288,7 @@ Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, -@@ -115,6 +117,8 @@ void aesni256_cbc_sha1_dec(const void *i +@@ -116,6 +118,8 @@ void aesni256_cbc_sha1_dec(const void *i const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0); @@ -297,10 +297,10 @@ Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c # define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, -Index: openssl-1.0.2b/crypto/evp/evp_locl.h +Index: openssl-1.0.2i/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/evp/evp_locl.h 2015-06-11 17:41:59.492534560 +0200 -+++ openssl-1.0.2b/crypto/evp/evp_locl.h 2015-06-11 17:50:03.672860241 +0200 +--- openssl-1.0.2i.orig/crypto/evp/evp_locl.h 2016-09-23 10:20:47.695001240 +0200 ++++ openssl-1.0.2i/crypto/evp/evp_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -261,6 +261,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void EVP_CIPH_FLAG_DEFAULT_ASN1, \ cipher##_init_key, NULL, NULL, NULL, NULL) @@ -319,10 +319,10 @@ Index: openssl-1.0.2b/crypto/evp/evp_locl.h #ifdef OPENSSL_FIPS # ifdef OPENSSL_DOING_MAKEDEPEND -Index: openssl-1.0.2b/crypto/md4/md4_locl.h +Index: openssl-1.0.2i/crypto/md4/md4_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/md4/md4_locl.h 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/md4/md4_locl.h 2015-06-11 17:50:03.672860241 +0200 +--- openssl-1.0.2i.orig/crypto/md4/md4_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/md4/md4_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -65,7 +65,7 @@ # define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif @@ -332,10 +332,10 @@ Index: openssl-1.0.2b/crypto/md4/md4_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2b/crypto/md5/md5_locl.h +Index: openssl-1.0.2i/crypto/md5/md5_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/md5/md5_locl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/md5/md5_locl.h 2015-06-11 17:50:03.672860241 +0200 +--- openssl-1.0.2i.orig/crypto/md5/md5_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/md5/md5_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -76,7 +76,7 @@ # endif #endif @@ -345,10 +345,10 @@ Index: openssl-1.0.2b/crypto/md5/md5_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2b/crypto/modes/modes_lcl.h +Index: openssl-1.0.2i/crypto/modes/modes_lcl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/modes/modes_lcl.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/modes/modes_lcl.h 2015-06-11 17:50:03.672860241 +0200 +--- openssl-1.0.2i.orig/crypto/modes/modes_lcl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/modes/modes_lcl.h 2016-09-23 10:20:47.887004099 +0200 @@ -89,6 +89,9 @@ _asm mov eax, val _asm bswap eax} # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) @@ -365,10 +365,10 @@ Index: openssl-1.0.2b/crypto/modes/modes_lcl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.2b/crypto/o_str.h +Index: openssl-1.0.2i/crypto/o_str.h =================================================================== ---- openssl-1.0.2b.orig/crypto/o_str.h 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/o_str.h 2015-06-11 17:50:03.672860241 +0200 +--- openssl-1.0.2i.orig/crypto/o_str.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/o_str.h 2016-09-23 10:20:47.887004099 +0200 @@ -61,9 +61,11 @@ # define HEADER_O_STR_H @@ -381,10 +381,10 @@ Index: openssl-1.0.2b/crypto/o_str.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2b/crypto/o_time.h +Index: openssl-1.0.2i/crypto/o_time.h =================================================================== ---- openssl-1.0.2b.orig/crypto/o_time.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/o_time.h 2015-06-11 17:50:03.672860241 +0200 +--- openssl-1.0.2i.orig/crypto/o_time.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/o_time.h 2016-09-23 10:20:47.887004099 +0200 @@ -61,10 +61,12 @@ # define HEADER_O_TIME_H @@ -398,10 +398,10 @@ Index: openssl-1.0.2b/crypto/o_time.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h +Index: openssl-1.0.2i/crypto/ripemd/rmd_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/ripemd/rmd_locl.h 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/ripemd/rmd_locl.h 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/ripemd/rmd_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ripemd/rmd_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -76,7 +76,7 @@ # endif #endif @@ -411,20 +411,20 @@ Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.2b/crypto/rsa/rsa_locl.h +Index: openssl-1.0.2i/crypto/rsa/rsa_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/rsa/rsa_locl.h 2015-06-11 15:00:12.000000000 +0200 -+++ openssl-1.0.2b/crypto/rsa/rsa_locl.h 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/rsa/rsa_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -1,4 +1,4 @@ extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf, - size_t siglen, RSA *rsa); + size_t siglen, RSA *rsa) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.2b/crypto/sha/sha256.c +Index: openssl-1.0.2i/crypto/sha/sha256.c =================================================================== ---- openssl-1.0.2b.orig/crypto/sha/sha256.c 2015-06-11 17:41:59.509534778 +0200 -+++ openssl-1.0.2b/crypto/sha/sha256.c 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/sha/sha256.c 2016-09-23 10:20:47.707001419 +0200 ++++ openssl-1.0.2i/crypto/sha/sha256.c 2016-09-23 10:20:47.887004099 +0200 @@ -135,7 +135,7 @@ int SHA224_Final(unsigned char *md, SHA2 # ifndef SHA256_ASM static @@ -434,10 +434,10 @@ Index: openssl-1.0.2b/crypto/sha/sha256.c # include "md32_common.h" -Index: openssl-1.0.2b/crypto/sha/sha512.c +Index: openssl-1.0.2i/crypto/sha/sha512.c =================================================================== ---- openssl-1.0.2b.orig/crypto/sha/sha512.c 2015-06-11 17:41:59.509534778 +0200 -+++ openssl-1.0.2b/crypto/sha/sha512.c 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/sha/sha512.c 2016-09-23 10:20:47.707001419 +0200 ++++ openssl-1.0.2i/crypto/sha/sha512.c 2016-09-23 10:20:47.887004099 +0200 @@ -109,7 +109,7 @@ fips_md_init(SHA512) # ifndef SHA512_ASM static @@ -447,10 +447,10 @@ Index: openssl-1.0.2b/crypto/sha/sha512.c int SHA512_Final(unsigned char *md, SHA512_CTX *c) { -Index: openssl-1.0.2b/crypto/sha/sha_locl.h +Index: openssl-1.0.2i/crypto/sha/sha_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/sha/sha_locl.h 2015-06-11 17:41:59.509534778 +0200 -+++ openssl-1.0.2b/crypto/sha/sha_locl.h 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/sha/sha_locl.h 2016-09-23 10:20:47.707001419 +0200 ++++ openssl-1.0.2i/crypto/sha/sha_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -108,7 +108,7 @@ static void sha_block_data_order(SHA_CTX # ifndef SHA1_ASM static @@ -460,10 +460,10 @@ Index: openssl-1.0.2b/crypto/sha/sha_locl.h #else # error "Either SHA_0 or SHA_1 must be defined." -Index: openssl-1.0.2b/crypto/store/str_locl.h +Index: openssl-1.0.2i/crypto/store/str_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/store/str_locl.h 2015-03-19 15:02:02.000000000 +0100 -+++ openssl-1.0.2b/crypto/store/str_locl.h 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/store/str_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/store/str_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -63,6 +63,8 @@ # include # include @@ -480,10 +480,10 @@ Index: openssl-1.0.2b/crypto/store/str_locl.h - +#pragma GCC visibility pop #endif -Index: openssl-1.0.2b/crypto/ui/ui_locl.h +Index: openssl-1.0.2i/crypto/ui/ui_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/ui/ui_locl.h 2015-03-19 15:02:02.000000000 +0100 -+++ openssl-1.0.2b/crypto/ui/ui_locl.h 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/ui/ui_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ui/ui_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -67,6 +67,8 @@ # undef _ # endif @@ -499,19 +499,19 @@ Index: openssl-1.0.2b/crypto/ui/ui_locl.h +#pragma GCC visibility pop #endif -Index: openssl-1.0.2b/crypto/whrlpool/wp_locl.h +Index: openssl-1.0.2i/crypto/whrlpool/wp_locl.h =================================================================== ---- openssl-1.0.2b.orig/crypto/whrlpool/wp_locl.h 2015-06-11 15:00:12.000000000 +0200 -+++ openssl-1.0.2b/crypto/whrlpool/wp_locl.h 2015-06-11 17:50:03.673860254 +0200 +--- openssl-1.0.2i.orig/crypto/whrlpool/wp_locl.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/whrlpool/wp_locl.h 2016-09-23 10:20:47.887004099 +0200 @@ -1,3 +1,3 @@ #include -void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t); +void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h +Index: openssl-1.0.2i/crypto/x509v3/ext_dat.h =================================================================== ---- openssl-1.0.2b.orig/crypto/x509v3/ext_dat.h 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/x509v3/ext_dat.h 2015-06-11 17:50:03.674860267 +0200 +--- openssl-1.0.2i.orig/crypto/x509v3/ext_dat.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/x509v3/ext_dat.h 2016-09-23 10:20:47.887004099 +0200 @@ -58,6 +58,8 @@ */ /* This file contains a table of "standard" extensions */ @@ -529,10 +529,10 @@ Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h /* Number of standard extensions */ #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) -Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h +Index: openssl-1.0.2i/crypto/x509v3/pcy_int.h =================================================================== ---- openssl-1.0.2b.orig/crypto/x509v3/pcy_int.h 2015-06-11 15:00:12.000000000 +0200 -+++ openssl-1.0.2b/crypto/x509v3/pcy_int.h 2015-06-11 17:50:03.674860267 +0200 +--- openssl-1.0.2i.orig/crypto/x509v3/pcy_int.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/x509v3/pcy_int.h 2016-09-23 10:20:47.887004099 +0200 @@ -57,6 +57,8 @@ * */ @@ -548,10 +548,10 @@ Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h const X509_POLICY_CACHE *policy_cache_set(X509 *x); + +#pragma GCC visibility pop -Index: openssl-1.0.2b/crypto/modes/gcm128.c +Index: openssl-1.0.2i/crypto/modes/gcm128.c =================================================================== ---- openssl-1.0.2b.orig/crypto/modes/gcm128.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/modes/gcm128.c 2015-06-11 17:50:03.674860267 +0200 +--- openssl-1.0.2i.orig/crypto/modes/gcm128.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/modes/gcm128.c 2016-09-23 10:20:47.887004099 +0200 @@ -602,9 +602,9 @@ static void gcm_ghash_4bit(u64 Xi[2], co } # endif @@ -578,10 +578,10 @@ Index: openssl-1.0.2b/crypto/modes/gcm128.c # if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define gcm_init_avx gcm_init_clmul -Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c +Index: openssl-1.0.2i/crypto/evp/e_rc4_hmac_md5.c =================================================================== ---- openssl-1.0.2b.orig/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 17:50:03.674860267 +0200 +--- openssl-1.0.2i.orig/crypto/evp/e_rc4_hmac_md5.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/e_rc4_hmac_md5.c 2016-09-23 10:20:47.887004099 +0200 @@ -78,7 +78,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) @@ -591,10 +591,10 @@ Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c # define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) -Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c +Index: openssl-1.0.2i/crypto/cmac/cm_ameth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/cmac/cm_ameth.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/cmac/cm_ameth.c 2015-06-11 17:50:03.674860267 +0200 +--- openssl-1.0.2i.orig/crypto/cmac/cm_ameth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/cmac/cm_ameth.c 2016-09-23 10:20:47.887004099 +0200 @@ -73,7 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey if (cmctx) CMAC_CTX_free(cmctx); @@ -604,10 +604,10 @@ Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, -Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c +Index: openssl-1.0.2i/crypto/evp/pmeth_lib.c =================================================================== ---- openssl-1.0.2b.orig/crypto/evp/pmeth_lib.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/evp/pmeth_lib.c 2015-06-11 17:50:03.675860280 +0200 +--- openssl-1.0.2i.orig/crypto/evp/pmeth_lib.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/pmeth_lib.c 2016-09-23 10:20:47.887004099 +0200 @@ -71,7 +71,7 @@ typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -617,10 +617,10 @@ Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c +Index: openssl-1.0.2i/crypto/cmac/cm_pmeth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/cmac/cm_pmeth.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/cmac/cm_pmeth.c 2015-06-11 17:50:03.675860280 +0200 +--- openssl-1.0.2i.orig/crypto/cmac/cm_pmeth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/cmac/cm_pmeth.c 2016-09-23 10:20:47.887004099 +0200 @@ -182,6 +182,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C return -2; } @@ -629,10 +629,10 @@ Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c const EVP_PKEY_METHOD cmac_pkey_meth = { EVP_PKEY_CMAC, EVP_PKEY_FLAG_SIGCTX_CUSTOM, -Index: openssl-1.0.2b/crypto/rand/md_rand.c +Index: openssl-1.0.2i/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2b.orig/crypto/rand/md_rand.c 2015-06-11 17:41:59.506534739 +0200 -+++ openssl-1.0.2b/crypto/rand/md_rand.c 2015-06-11 17:50:03.675860280 +0200 +--- openssl-1.0.2i.orig/crypto/rand/md_rand.c 2016-09-23 10:20:47.827003205 +0200 ++++ openssl-1.0.2i/crypto/rand/md_rand.c 2016-09-23 10:20:47.887004099 +0200 @@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_status(void); @@ -642,10 +642,10 @@ Index: openssl-1.0.2b/crypto/rand/md_rand.c ssleay_rand_seed, ssleay_rand_nopseudo_bytes, ssleay_rand_cleanup, -Index: openssl-1.0.2b/crypto/dh/dh_ameth.c +Index: openssl-1.0.2i/crypto/dh/dh_ameth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/dh/dh_ameth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/dh/dh_ameth.c 2015-06-11 17:50:03.675860280 +0200 +--- openssl-1.0.2i.orig/crypto/dh/dh_ameth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dh/dh_ameth.c 2016-09-23 10:20:47.887004099 +0200 @@ -584,6 +584,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, } @@ -654,10 +654,10 @@ Index: openssl-1.0.2b/crypto/dh/dh_ameth.c const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, EVP_PKEY_DH, -Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c +Index: openssl-1.0.2i/crypto/dh/dh_pmeth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/dh/dh_pmeth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/dh/dh_pmeth.c 2015-06-11 17:50:03.675860280 +0200 +--- openssl-1.0.2i.orig/crypto/dh/dh_pmeth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dh/dh_pmeth.c 2016-09-23 10:20:47.887004099 +0200 @@ -482,6 +482,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * return 1; } @@ -666,11 +666,11 @@ Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c const EVP_PKEY_METHOD dh_pkey_meth = { EVP_PKEY_DH, 0, -Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c +Index: openssl-1.0.2i/crypto/dsa/dsa_ameth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/dsa/dsa_ameth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/dsa/dsa_ameth.c 2015-06-11 17:50:03.676860293 +0200 -@@ -620,6 +620,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, +--- openssl-1.0.2i.orig/crypto/dsa/dsa_ameth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_ameth.c 2016-09-23 10:20:47.887004099 +0200 +@@ -621,6 +621,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, /* NB these are sorted in pkey_id order, lowest first */ @@ -678,10 +678,10 @@ Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { { -Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.2i/crypto/dsa/dsa_pmeth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/dsa/dsa_pmeth.c 2015-06-11 17:41:59.488534507 +0200 -+++ openssl-1.0.2b/crypto/dsa/dsa_pmeth.c 2015-06-11 17:50:03.676860293 +0200 +--- openssl-1.0.2i.orig/crypto/dsa/dsa_pmeth.c 2016-09-23 10:20:47.695001240 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_pmeth.c 2016-09-23 10:20:47.887004099 +0200 @@ -278,6 +278,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX return DSA_generate_key(pkey->pkey.dsa); } @@ -690,10 +690,10 @@ Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, EVP_PKEY_FLAG_AUTOARGLEN, -Index: openssl-1.0.2b/crypto/ec/ec_ameth.c +Index: openssl-1.0.2i/crypto/ec/ec_ameth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/ec/ec_ameth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/ec/ec_ameth.c 2015-06-11 17:50:03.676860293 +0200 +--- openssl-1.0.2i.orig/crypto/ec/ec_ameth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ec/ec_ameth.c 2016-09-23 10:20:47.891004159 +0200 @@ -608,6 +608,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, } @@ -702,10 +702,10 @@ Index: openssl-1.0.2b/crypto/ec/ec_ameth.c const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, -Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c +Index: openssl-1.0.2i/crypto/ec/ec_pmeth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/ec/ec_pmeth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/ec/ec_pmeth.c 2015-06-11 17:50:03.676860293 +0200 +--- openssl-1.0.2i.orig/crypto/ec/ec_pmeth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ec/ec_pmeth.c 2016-09-23 10:20:47.891004159 +0200 @@ -491,6 +491,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * return EC_KEY_generate_key(pkey->pkey.ec); } @@ -714,11 +714,11 @@ Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, 0, -Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c +Index: openssl-1.0.2i/crypto/hmac/hm_ameth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/hmac/hm_ameth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/hmac/hm_ameth.c 2015-06-11 17:50:03.676860293 +0200 -@@ -135,6 +135,7 @@ static int old_hmac_encode(const EVP_PKE +--- openssl-1.0.2i.orig/crypto/hmac/hm_ameth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/hmac/hm_ameth.c 2016-09-23 10:20:47.891004159 +0200 +@@ -140,6 +140,7 @@ static int old_hmac_encode(const EVP_PKE #endif @@ -726,10 +726,10 @@ Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, -Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c +Index: openssl-1.0.2i/crypto/hmac/hm_pmeth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/hmac/hm_pmeth.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/hmac/hm_pmeth.c 2015-06-11 17:50:03.676860293 +0200 +--- openssl-1.0.2i.orig/crypto/hmac/hm_pmeth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/hmac/hm_pmeth.c 2016-09-23 10:20:47.891004159 +0200 @@ -228,6 +228,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C return -2; } @@ -738,23 +738,23 @@ Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c const EVP_PKEY_METHOD hmac_pkey_meth = { EVP_PKEY_HMAC, 0, -Index: openssl-1.0.2b/crypto/rsa/rsa_ameth.c +Index: openssl-1.0.2i/crypto/rsa/rsa_ameth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/rsa/rsa_ameth.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/rsa/rsa_ameth.c 2015-06-11 17:50:03.677860306 +0200 -@@ -921,6 +921,7 @@ static int rsa_cms_encrypt(CMS_Recipient - return rv; +--- openssl-1.0.2i.orig/crypto/rsa/rsa_ameth.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_ameth.c 2016-09-23 10:20:47.891004159 +0200 +@@ -929,6 +929,7 @@ static int rsa_cms_encrypt(CMS_Recipient } + #endif + __attribute__ ((visibility ("hidden"))) const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { EVP_PKEY_RSA, -Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.2i/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-1.0.2b.orig/crypto/rsa/rsa_pmeth.c 2015-06-11 17:41:59.508534765 +0200 -+++ openssl-1.0.2b/crypto/rsa/rsa_pmeth.c 2015-06-11 17:50:03.677860306 +0200 -@@ -723,6 +723,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX +--- openssl-1.0.2i.orig/crypto/rsa/rsa_pmeth.c 2016-09-23 10:20:47.707001419 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_pmeth.c 2016-09-23 10:20:47.891004159 +0200 +@@ -725,6 +725,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX return ret; } @@ -762,10 +762,10 @@ Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c const EVP_PKEY_METHOD rsa_pkey_meth = { EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN, -Index: openssl-1.0.2b/crypto/objects/obj_xref.c +Index: openssl-1.0.2i/crypto/objects/obj_xref.c =================================================================== ---- openssl-1.0.2b.orig/crypto/objects/obj_xref.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/objects/obj_xref.c 2015-06-11 17:50:03.677860306 +0200 +--- openssl-1.0.2i.orig/crypto/objects/obj_xref.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/objects/obj_xref.c 2016-09-23 10:20:47.891004159 +0200 @@ -61,7 +61,7 @@ #include "obj_xref.h" @@ -775,10 +775,10 @@ Index: openssl-1.0.2b/crypto/objects/obj_xref.c static int sig_cmp(const nid_triple *a, const nid_triple *b) { -Index: openssl-1.0.2b/crypto/pem/pem_lib.c +Index: openssl-1.0.2i/crypto/pem/pem_lib.c =================================================================== ---- openssl-1.0.2b.orig/crypto/pem/pem_lib.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/pem/pem_lib.c 2015-06-11 17:50:03.677860306 +0200 +--- openssl-1.0.2i.orig/crypto/pem/pem_lib.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/pem/pem_lib.c 2016-09-23 10:20:47.891004159 +0200 @@ -80,7 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL static int load_iv(char **fromp, unsigned char *to, int num); @@ -788,10 +788,10 @@ Index: openssl-1.0.2b/crypto/pem/pem_lib.c int PEM_def_callback(char *buf, int num, int w, void *key) { -Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c +Index: openssl-1.0.2i/crypto/asn1/tasn_prn.c =================================================================== ---- openssl-1.0.2b.orig/crypto/asn1/tasn_prn.c 2015-06-11 15:01:06.000000000 +0200 -+++ openssl-1.0.2b/crypto/asn1/tasn_prn.c 2015-06-11 17:50:03.677860306 +0200 +--- openssl-1.0.2i.orig/crypto/asn1/tasn_prn.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/asn1/tasn_prn.c 2016-09-23 10:20:47.891004159 +0200 @@ -73,7 +73,7 @@ /* ASN1_PCTX routines */ @@ -801,11 +801,11 @@ Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ 0, /* nm_flags */ 0, /* cert_flags */ -Index: openssl-1.0.2b/crypto/bn/bn_exp.c +Index: openssl-1.0.2i/crypto/bn/bn_exp.c =================================================================== ---- openssl-1.0.2b.orig/crypto/bn/bn_exp.c 2015-06-11 15:50:11.000000000 +0200 -+++ openssl-1.0.2b/crypto/bn/bn_exp.c 2015-06-11 17:50:03.678860319 +0200 -@@ -947,10 +947,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr +--- openssl-1.0.2i.orig/crypto/bn/bn_exp.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/bn/bn_exp.c 2016-09-23 10:20:47.891004159 +0200 +@@ -998,10 +998,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr */ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, @@ -819,10 +819,10 @@ Index: openssl-1.0.2b/crypto/bn/bn_exp.c void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); -Index: openssl-1.0.2b/crypto/bn/bn_gf2m.c +Index: openssl-1.0.2i/crypto/bn/bn_gf2m.c =================================================================== ---- openssl-1.0.2b.orig/crypto/bn/bn_gf2m.c 2015-06-11 15:52:57.000000000 +0200 -+++ openssl-1.0.2b/crypto/bn/bn_gf2m.c 2015-06-11 17:50:03.678860319 +0200 +--- openssl-1.0.2i.orig/crypto/bn/bn_gf2m.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/bn/bn_gf2m.c 2016-09-23 10:20:47.891004159 +0200 @@ -321,7 +321,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, } # else diff --git a/openssl-1.0.2h.tar.gz b/openssl-1.0.2h.tar.gz deleted file mode 100644 index 0cf9807..0000000 --- a/openssl-1.0.2h.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 -size 5274412 diff --git a/openssl-1.0.2h.tar.gz.asc b/openssl-1.0.2h.tar.gz.asc deleted file mode 100644 index 5c08da2..0000000 --- a/openssl-1.0.2h.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJXKKvFAAoJENnE0m0OYESRGpAH/AyxYu871GheytE2YEgeEFou -1e37k9PiBgS9BUmpr0ufRGMn9QufZzYCf1b2LXr3Fn31Ui5rCHrLntGeAdD4ngmh -4fEOhEJRWpfHGlFVyXc8jHSeK6wfgvM928Up/ftSGyciDgWMDXmx5eCzJgREjJ+k -DAQwtE34lCilzrYOcEn9xVd3NEScodAHQEhRXXM7p6jesHlQ8cSFljDn8QDvFu/R -gRGAAWW9/ZjbwE6hbT8nPYq7UCUUvz2ne8U3kCwyGYwqLGt47qV0yD9mqG/oO0RB -wFOcJhcGUqKSxlHqukAusxeZLuXMzw7UmucLCDxW9ETB644KlZ3/8E4CkOlLNIM= -=a9Hy ------END PGP SIGNATURE----- diff --git a/openssl-1.0.2e-fips.patch b/openssl-1.0.2i-fips.patch similarity index 94% rename from openssl-1.0.2e-fips.patch rename to openssl-1.0.2i-fips.patch index e36f52a..2185143 100644 --- a/openssl-1.0.2e-fips.patch +++ b/openssl-1.0.2i-fips.patch @@ -1,7 +1,6 @@ -Index: openssl-1.0.2h/apps/speed.c -=================================================================== ---- openssl-1.0.2h.orig/apps/speed.c 2016-05-03 16:33:08.099443503 +0200 -+++ openssl-1.0.2h/apps/speed.c 2016-05-03 16:33:10.343478369 +0200 +diff -up openssl-1.0.2i/apps/speed.c.fips openssl-1.0.2i/apps/speed.c +--- openssl-1.0.2i/apps/speed.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/apps/speed.c 2016-09-22 13:35:57.007220767 +0200 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -134,11 +133,10 @@ Index: openssl-1.0.2h/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -Index: openssl-1.0.2h/Configure -=================================================================== ---- openssl-1.0.2h.orig/Configure 2016-05-03 16:33:08.018442245 +0200 -+++ openssl-1.0.2h/Configure 2016-05-03 16:33:10.344478384 +0200 -@@ -1062,11 +1062,6 @@ if (defined($disabled{"md5"}) || defined +diff -up openssl-1.0.2i/Configure.fips openssl-1.0.2i/Configure +--- openssl-1.0.2i/Configure.fips 2016-09-22 13:35:56.993220444 +0200 ++++ openssl-1.0.2i/Configure 2016-09-22 13:35:57.008220790 +0200 +@@ -1067,11 +1067,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -150,7 +148,7 @@ Index: openssl-1.0.2h/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1555,7 +1550,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1556,7 +1551,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -158,7 +156,7 @@ Index: openssl-1.0.2h/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1758,9 +1752,12 @@ while () +@@ -1768,9 +1762,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -172,10 +170,9 @@ Index: openssl-1.0.2h/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.2h/crypto/aes/aes_misc.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/aes/aes_misc.c 2016-05-03 16:33:08.099443503 +0200 -+++ openssl-1.0.2h/crypto/aes/aes_misc.c 2016-05-03 16:33:10.344478384 +0200 +diff -up openssl-1.0.2i/crypto/aes/aes_misc.c.fips openssl-1.0.2i/crypto/aes/aes_misc.c +--- openssl-1.0.2i/crypto/aes/aes_misc.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/aes/aes_misc.c 2016-09-22 13:35:57.008220790 +0200 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -194,10 +191,9 @@ Index: openssl-1.0.2h/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.2h/crypto/cmac/cmac.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/cmac/cmac.c 2016-05-03 16:33:08.100443518 +0200 -+++ openssl-1.0.2h/crypto/cmac/cmac.c 2016-05-03 16:33:10.344478384 +0200 +diff -up openssl-1.0.2i/crypto/cmac/cmac.c.fips openssl-1.0.2i/crypto/cmac/cmac.c +--- openssl-1.0.2i/crypto/cmac/cmac.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/cmac/cmac.c 2016-09-22 13:35:57.008220790 +0200 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -211,10 +207,18 @@ Index: openssl-1.0.2h/crypto/cmac/cmac.c EVP_CIPHER_CTX_cleanup(&ctx->cctx); OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); -@@ -168,12 +162,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void - if (fcipher != NULL) - cipher = fcipher; +@@ -160,20 +154,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void + EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); + return 0; } +- +- /* Switch to FIPS cipher implementation if possible */ +- if (cipher != NULL) { +- const EVP_CIPHER *fcipher; +- fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher)); +- if (fcipher != NULL) +- cipher = fcipher; +- } - /* - * Other algorithm blocking will be done in FIPS_cmac_init, via - * FIPS_cipherinit(). @@ -224,7 +228,7 @@ Index: openssl-1.0.2h/crypto/cmac/cmac.c } #endif /* All zeros means restart */ -@@ -219,10 +207,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -219,10 +199,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi { const unsigned char *data = in; size_t bl; @@ -235,7 +239,7 @@ Index: openssl-1.0.2h/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; if (dlen == 0) -@@ -262,10 +246,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi +@@ -262,10 +238,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { int i, bl, lb; @@ -246,10 +250,9 @@ Index: openssl-1.0.2h/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.2h/crypto/crypto.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/crypto.h 2016-05-03 16:33:08.100443518 +0200 -+++ openssl-1.0.2h/crypto/crypto.h 2016-05-03 16:33:10.344478384 +0200 +diff -up openssl-1.0.2i/crypto/crypto.h.fips openssl-1.0.2i/crypto/crypto.h +--- openssl-1.0.2i/crypto/crypto.h.fips 2016-09-22 13:35:56.890218070 +0200 ++++ openssl-1.0.2i/crypto/crypto.h 2016-09-22 13:35:57.008220790 +0200 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -295,10 +298,9 @@ Index: openssl-1.0.2h/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.2h/crypto/des/des.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/des/des.h 2016-05-03 16:33:08.100443518 +0200 -+++ openssl-1.0.2h/crypto/des/des.h 2016-05-03 16:33:10.344478384 +0200 +diff -up openssl-1.0.2i/crypto/des/des.h.fips openssl-1.0.2i/crypto/des/des.h +--- openssl-1.0.2i/crypto/des/des.h.fips 2016-09-22 13:35:56.918218715 +0200 ++++ openssl-1.0.2i/crypto/des/des.h 2016-09-22 13:35:57.008220790 +0200 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -310,10 +312,9 @@ Index: openssl-1.0.2h/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -Index: openssl-1.0.2h/crypto/des/set_key.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/des/set_key.c 2016-05-03 16:33:08.100443518 +0200 -+++ openssl-1.0.2h/crypto/des/set_key.c 2016-05-03 16:33:10.344478384 +0200 +diff -up openssl-1.0.2i/crypto/des/set_key.c.fips openssl-1.0.2i/crypto/des/set_key.c +--- openssl-1.0.2i/crypto/des/set_key.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/des/set_key.c 2016-09-22 13:35:57.008220790 +0200 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -330,10 +331,9 @@ Index: openssl-1.0.2h/crypto/des/set_key.c { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -Index: openssl-1.0.2h/crypto/dh/dh_gen.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dh/dh_gen.c 2016-05-03 16:33:08.100443518 +0200 -+++ openssl-1.0.2h/crypto/dh/dh_gen.c 2016-05-03 16:33:10.344478384 +0200 +diff -up openssl-1.0.2i/crypto/dh/dh_gen.c.fips openssl-1.0.2i/crypto/dh/dh_gen.c +--- openssl-1.0.2i/crypto/dh/dh_gen.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dh/dh_gen.c 2016-09-22 13:35:57.009220813 +0200 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -364,10 +364,9 @@ Index: openssl-1.0.2h/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -Index: openssl-1.0.2h/crypto/dh/dh.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/dh/dh.h 2016-05-03 16:33:08.100443518 +0200 -+++ openssl-1.0.2h/crypto/dh/dh.h 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dh/dh.h.fips openssl-1.0.2i/crypto/dh/dh.h +--- openssl-1.0.2i/crypto/dh/dh.h.fips 2016-09-22 13:35:56.863217447 +0200 ++++ openssl-1.0.2i/crypto/dh/dh.h 2016-09-22 13:35:57.009220813 +0200 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -377,10 +376,9 @@ Index: openssl-1.0.2h/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -Index: openssl-1.0.2h/crypto/dh/dh_key.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dh/dh_key.c 2016-05-03 16:33:08.101443534 +0200 -+++ openssl-1.0.2h/crypto/dh/dh_key.c 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dh/dh_key.c.fips openssl-1.0.2i/crypto/dh/dh_key.c +--- openssl-1.0.2i/crypto/dh/dh_key.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dh/dh_key.c 2016-09-22 13:35:57.009220813 +0200 @@ -61,6 +61,9 @@ #include #include @@ -448,10 +446,9 @@ Index: openssl-1.0.2h/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2h/crypto/dh/dh_lib.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dh/dh_lib.c 2016-05-03 16:33:08.101443534 +0200 -+++ openssl-1.0.2h/crypto/dh/dh_lib.c 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dh/dh_lib.c.fips openssl-1.0.2i/crypto/dh/dh_lib.c +--- openssl-1.0.2i/crypto/dh/dh_lib.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dh/dh_lib.c 2016-09-22 13:35:57.009220813 +0200 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -467,10 +464,9 @@ Index: openssl-1.0.2h/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.2h/crypto/dsa/dsa_err.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_err.c 2016-05-03 16:33:08.101443534 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_err.c 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_err.c.fips openssl-1.0.2i/crypto/dsa/dsa_err.c +--- openssl-1.0.2i/crypto/dsa/dsa_err.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_err.c 2016-09-22 13:35:57.009220813 +0200 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -489,10 +485,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_gen.c 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_gen.c 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips openssl-1.0.2i/crypto/dsa/dsa_gen.c +--- openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_gen.c 2016-09-22 13:42:54.389840662 +0200 @@ -91,6 +91,16 @@ # include # endif @@ -510,7 +505,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, -@@ -106,97 +116,165 @@ int DSA_generate_parameters_ex(DSA *ret, +@@ -106,83 +116,146 @@ int DSA_generate_parameters_ex(DSA *ret, if (ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); @@ -697,6 +692,8 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c + *p_ret = p = BN_CTX_get(ctx); test = BN_CTX_get(ctx); + if (test == NULL) +@@ -191,15 +264,20 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_lshift(test, BN_value_one(), bits - 1)) goto err; @@ -716,10 +713,10 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c - if (!seed_len || !seed_in) { + if (!seed_len) { - if (RAND_pseudo_bytes(seed, qsize) < 0) + if (RAND_bytes(seed, qsize) <= 0) goto err; seed_is_random = 1; -@@ -206,29 +284,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -209,29 +287,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ * be bad */ } memcpy(buf, seed, qsize); @@ -752,7 +749,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); if (r > 0) -@@ -236,8 +303,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -239,8 +306,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (r != 0) goto err; @@ -761,7 +758,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c } if (!BN_GENCB_call(cb, 2, 0)) -@@ -245,19 +310,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -248,19 +313,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 3, 0)) goto err; @@ -784,7 +781,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c for (k = 0; k <= n; k++) { /* * obtain "SEED + offset + k" by incrementing: -@@ -271,36 +333,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -274,36 +336,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) goto err; @@ -830,7 +827,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); if (r > 0) goto end; /* found it */ -@@ -308,12 +371,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -311,12 +374,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ goto err; } @@ -846,7 +843,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c break; } } -@@ -321,7 +384,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -324,7 +387,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 2, 1)) goto err; @@ -881,7 +878,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c /* Set r0=(p-1)/q */ if (!BN_sub(test, p, BN_value_one())) goto err; -@@ -350,46 +439,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -353,46 +442,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ ok = 1; err: if (ok) { @@ -928,7 +925,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c /* * This is a parameter generation algorithm for the DSA2 algorithm as * described in FIPS 186-3. -@@ -415,14 +472,6 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -418,14 +475,6 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX mctx; unsigned int h = 2; @@ -943,10 +940,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_gen.c EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -Index: openssl-1.0.2h/crypto/dsa/dsa.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa.h 2016-05-03 16:33:08.102443550 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa.h 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa.h.fips openssl-1.0.2i/crypto/dsa/dsa.h +--- openssl-1.0.2i/crypto/dsa/dsa.h.fips 2016-09-22 13:35:56.789215742 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa.h 2016-09-22 13:35:57.010220836 +0200 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -1014,10 +1010,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -Index: openssl-1.0.2h/crypto/dsa/dsa_key.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_key.c 2016-05-03 16:33:08.102443550 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_key.c 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_key.c.fips openssl-1.0.2i/crypto/dsa/dsa_key.c +--- openssl-1.0.2i/crypto/dsa/dsa_key.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_key.c 2016-09-22 13:35:57.010220836 +0200 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1093,10 +1088,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_key.c ok = 1; err: -Index: openssl-1.0.2h/crypto/dsa/dsa_lib.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_lib.c 2016-05-03 16:33:08.102443550 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_lib.c 2016-05-03 16:33:10.345478400 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_lib.c.fips openssl-1.0.2i/crypto/dsa/dsa_lib.c +--- openssl-1.0.2i/crypto/dsa/dsa_lib.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_lib.c 2016-09-22 13:35:57.010220836 +0200 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1112,10 +1106,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.2h/crypto/dsa/dsa_locl.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_locl.h 2016-05-03 16:33:08.102443550 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_locl.h 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_locl.h.fips openssl-1.0.2i/crypto/dsa/dsa_locl.h +--- openssl-1.0.2i/crypto/dsa/dsa_locl.h.fips 2016-09-22 13:35:56.790215765 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_locl.h 2016-09-22 13:35:57.010220836 +0200 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1125,10 +1118,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_locl.h int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c 2016-05-03 16:33:08.103443565 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2i/crypto/dsa/dsa_ossl.c +--- openssl-1.0.2i/crypto/dsa/dsa_ossl.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_ossl.c 2016-09-22 13:35:57.010220836 +0200 @@ -65,6 +65,9 @@ #include #include @@ -1168,7 +1160,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c BN_init(&m); BN_init(&xr); -@@ -330,6 +346,18 @@ static int dsa_do_verify(const unsigned +@@ -335,6 +351,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -1187,7 +1179,7 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -410,6 +438,9 @@ static int dsa_do_verify(const unsigned +@@ -415,6 +443,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -1197,10 +1189,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2h/crypto/dsa/dsa_pmeth.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_pmeth.c 2016-05-03 16:33:08.103443565 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_pmeth.c 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2i/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.2i/crypto/dsa/dsa_pmeth.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_pmeth.c 2016-09-22 13:35:57.010220836 +0200 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1210,10 +1201,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.2h/crypto/dsa/dsatest.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsatest.c 2016-05-03 16:33:08.103443565 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsatest.c 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/dsa/dsatest.c.fips openssl-1.0.2i/crypto/dsa/dsatest.c +--- openssl-1.0.2i/crypto/dsa/dsatest.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsatest.c 2016-09-22 13:35:57.010220836 +0200 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1297,10 +1287,9 @@ Index: openssl-1.0.2h/crypto/dsa/dsatest.c goto end; } if (h != 2) { -Index: openssl-1.0.2h/crypto/engine/eng_all.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/engine/eng_all.c 2016-05-03 16:33:08.103443565 +0200 -+++ openssl-1.0.2h/crypto/engine/eng_all.c 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/engine/eng_all.c.fips openssl-1.0.2i/crypto/engine/eng_all.c +--- openssl-1.0.2i/crypto/engine/eng_all.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/engine/eng_all.c 2016-09-22 13:35:57.011220859 +0200 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1327,10 +1316,9 @@ Index: openssl-1.0.2h/crypto/engine/eng_all.c #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -Index: openssl-1.0.2h/crypto/evp/c_allc.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/c_allc.c 2016-05-03 16:33:08.103443565 +0200 -+++ openssl-1.0.2h/crypto/evp/c_allc.c 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/evp/c_allc.c.fips openssl-1.0.2i/crypto/evp/c_allc.c +--- openssl-1.0.2i/crypto/evp/c_allc.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/c_allc.c 2016-09-22 13:35:57.011220859 +0200 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1407,10 +1395,9 @@ Index: openssl-1.0.2h/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.2h/crypto/evp/c_alld.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/c_alld.c 2016-05-03 16:33:08.103443565 +0200 -+++ openssl-1.0.2h/crypto/evp/c_alld.c 2016-05-03 16:33:10.346478415 +0200 +diff -up openssl-1.0.2i/crypto/evp/c_alld.c.fips openssl-1.0.2i/crypto/evp/c_alld.c +--- openssl-1.0.2i/crypto/evp/c_alld.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/c_alld.c 2016-09-22 13:35:57.011220859 +0200 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1516,10 +1503,9 @@ Index: openssl-1.0.2h/crypto/evp/c_alld.c + } #endif } -Index: openssl-1.0.2h/crypto/evp/digest.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/digest.c 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/digest.c 2016-05-03 16:36:31.813609758 +0200 +diff -up openssl-1.0.2i/crypto/evp/digest.c.fips openssl-1.0.2i/crypto/evp/digest.c +--- openssl-1.0.2i/crypto/evp/digest.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/digest.c 2016-09-22 13:45:40.054658929 +0200 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1601,7 +1587,7 @@ Index: openssl-1.0.2h/crypto/evp/digest.c if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); ctx->md_data = NULL; -@@ -238,25 +285,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c +@@ -238,23 +285,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c } if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) return 1; @@ -1620,38 +1606,26 @@ Index: openssl-1.0.2h/crypto/evp/digest.c int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { #ifdef OPENSSL_FIPS -- return FIPS_digestupdate(ctx, data, count); --#else -- return ctx->update(ctx, data, count); +- if (FIPS_mode()) +- return FIPS_digestupdate(ctx, data, count); + FIPS_selftest_check(); #endif -+ return ctx->update(ctx, data, count); + return ctx->update(ctx, data, count); } - - /* The caller can assume that this removes any secret data from the context */ -@@ -271,11 +308,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns - /* The caller can assume that this removes any secret data from the context */ +@@ -272,11 +309,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { --#ifdef OPENSSL_FIPS -- return FIPS_digestfinal(ctx, md, size); --#else int ret; - -+#ifdef OPENSSL_FIPS ++ + #ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return FIPS_digestfinal(ctx, md, size); + FIPS_selftest_check(); -+#endif + #endif +- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -@@ -286,7 +323,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, - } - memset(ctx->md_data, 0, ctx->digest->ctx_size); - return ret; --#endif - } - - int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) @@ -375,7 +411,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) /* This call frees resources associated with the context */ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) @@ -1678,10 +1652,9 @@ Index: openssl-1.0.2h/crypto/evp/digest.c memset(ctx, '\0', sizeof *ctx); return 1; -Index: openssl-1.0.2h/crypto/evp/e_aes.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/e_aes.c 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/e_aes.c 2016-05-03 16:33:10.347478431 +0200 +diff -up openssl-1.0.2i/crypto/evp/e_aes.c.fips openssl-1.0.2i/crypto/evp/e_aes.c +--- openssl-1.0.2i/crypto/evp/e_aes.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/e_aes.c 2016-09-22 13:35:57.011220859 +0200 @@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1719,10 +1692,9 @@ Index: openssl-1.0.2h/crypto/evp/e_aes.c if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -Index: openssl-1.0.2h/crypto/evp/e_des3.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/e_des3.c 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/e_des3.c 2016-05-03 16:33:10.347478431 +0200 +diff -up openssl-1.0.2i/crypto/evp/e_des3.c.fips openssl-1.0.2i/crypto/evp/e_des3.c +--- openssl-1.0.2i/crypto/evp/e_des3.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/e_des3.c 2016-09-22 13:35:57.012220882 +0200 @@ -65,10 +65,6 @@ # include # include @@ -1734,10 +1706,9 @@ Index: openssl-1.0.2h/crypto/evp/e_des3.c typedef struct { union { double align; -Index: openssl-1.0.2h/crypto/evp/e_null.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/e_null.c 2016-05-03 16:33:08.104443581 +0200 -+++ openssl-1.0.2h/crypto/evp/e_null.c 2016-05-03 16:33:10.347478431 +0200 +diff -up openssl-1.0.2i/crypto/evp/e_null.c.fips openssl-1.0.2i/crypto/evp/e_null.c +--- openssl-1.0.2i/crypto/evp/e_null.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/e_null.c 2016-09-22 13:35:57.012220882 +0200 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1747,10 +1718,9 @@ Index: openssl-1.0.2h/crypto/evp/e_null.c null_init_key, null_cipher, NULL, -Index: openssl-1.0.2h/crypto/evp/evp_enc.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/evp_enc.c 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/evp_enc.c 2016-05-03 16:33:10.347478431 +0200 +diff -up openssl-1.0.2i/crypto/evp/evp_enc.c.fips openssl-1.0.2i/crypto/evp/evp_enc.c +--- openssl-1.0.2i/crypto/evp/evp_enc.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/evp_enc.c 2016-09-22 13:46:12.998418222 +0200 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1850,7 +1820,7 @@ Index: openssl-1.0.2h/crypto/evp/evp_enc.c -#ifdef OPENSSL_FIPS - if (FIPS_mode()) { -- const EVP_CIPHER *fcipher; +- const EVP_CIPHER *fcipher = NULL; - if (cipher) - fcipher = evp_get_fips_cipher(cipher); - if (fcipher) @@ -1918,10 +1888,9 @@ Index: openssl-1.0.2h/crypto/evp/evp_enc.c memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.2h/crypto/evp/evp.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/evp.h 2016-05-03 16:33:08.105443596 +0200 -+++ openssl-1.0.2h/crypto/evp/evp.h 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/evp.h.fips openssl-1.0.2i/crypto/evp/evp.h +--- openssl-1.0.2i/crypto/evp/evp.h.fips 2016-09-22 13:35:56.902218346 +0200 ++++ openssl-1.0.2i/crypto/evp/evp.h 2016-09-22 13:35:57.012220882 +0200 @@ -122,6 +122,10 @@ extern "C" { #endif @@ -1975,10 +1944,9 @@ Index: openssl-1.0.2h/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -Index: openssl-1.0.2h/crypto/evp/evp_lib.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/evp_lib.c 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/evp_lib.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/evp_lib.c.fips openssl-1.0.2i/crypto/evp/evp_lib.c +--- openssl-1.0.2i/crypto/evp/evp_lib.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/evp_lib.c 2016-09-22 13:35:57.012220882 +0200 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -2064,10 +2032,9 @@ Index: openssl-1.0.2h/crypto/evp/evp_lib.c return md->flags; } -Index: openssl-1.0.2h/crypto/evp/evp_locl.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/evp_locl.h 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/evp_locl.h 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/evp_locl.h.fips openssl-1.0.2i/crypto/evp/evp_locl.h +--- openssl-1.0.2i/crypto/evp/evp_locl.h.fips 2016-09-22 13:35:56.898218254 +0200 ++++ openssl-1.0.2i/crypto/evp/evp_locl.h 2016-09-22 13:35:57.013220905 +0200 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2101,10 +2068,9 @@ Index: openssl-1.0.2h/crypto/evp/evp_locl.h # define Camellia_set_key private_Camellia_set_key #endif -Index: openssl-1.0.2h/crypto/evp/m_dss.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/m_dss.c 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/m_dss.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/m_dss.c.fips openssl-1.0.2i/crypto/evp/m_dss.c +--- openssl-1.0.2i/crypto/evp/m_dss.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/m_dss.c 2016-09-22 13:35:57.013220905 +0200 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2114,10 +2080,9 @@ Index: openssl-1.0.2h/crypto/evp/m_dss.c init, update, final, -Index: openssl-1.0.2h/crypto/evp/m_dss1.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/m_dss1.c 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/m_dss1.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/m_dss1.c.fips openssl-1.0.2i/crypto/evp/m_dss1.c +--- openssl-1.0.2i/crypto/evp/m_dss1.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/m_dss1.c 2016-09-22 13:35:57.013220905 +0200 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2127,10 +2092,9 @@ Index: openssl-1.0.2h/crypto/evp/m_dss1.c init, update, final, -Index: openssl-1.0.2h/crypto/evp/m_md2.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/m_md2.c 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/m_md2.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/m_md2.c.fips openssl-1.0.2i/crypto/evp/m_md2.c +--- openssl-1.0.2i/crypto/evp/m_md2.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/m_md2.c 2016-09-22 13:35:57.013220905 +0200 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2139,10 +2103,9 @@ Index: openssl-1.0.2h/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { -Index: openssl-1.0.2h/crypto/evp/m_sha1.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/m_sha1.c 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/m_sha1.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/m_sha1.c.fips openssl-1.0.2i/crypto/evp/m_sha1.c +--- openssl-1.0.2i/crypto/evp/m_sha1.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/m_sha1.c 2016-09-22 13:35:57.013220905 +0200 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2193,10 +2156,9 @@ Index: openssl-1.0.2h/crypto/evp/m_sha1.c init512, update512, final512, -Index: openssl-1.0.2h/crypto/evp/p_sign.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/p_sign.c 2016-05-03 16:33:08.106443612 +0200 -+++ openssl-1.0.2h/crypto/evp/p_sign.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/p_sign.c.fips openssl-1.0.2i/crypto/evp/p_sign.c +--- openssl-1.0.2i/crypto/evp/p_sign.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/p_sign.c 2016-09-22 13:35:57.013220905 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2228,10 +2190,9 @@ Index: openssl-1.0.2h/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.2h/crypto/evp/p_verify.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/evp/p_verify.c 2016-05-03 16:33:08.107443627 +0200 -+++ openssl-1.0.2h/crypto/evp/p_verify.c 2016-05-03 16:33:10.348478446 +0200 +diff -up openssl-1.0.2i/crypto/evp/p_verify.c.fips openssl-1.0.2i/crypto/evp/p_verify.c +--- openssl-1.0.2i/crypto/evp/p_verify.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/evp/p_verify.c 2016-09-22 13:35:57.013220905 +0200 @@ -61,6 +61,7 @@ #include #include @@ -2263,10 +2224,9 @@ Index: openssl-1.0.2h/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.2h/crypto/fips/fips_aes_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_aes_selftest.c 2016-05-03 16:33:10.349478462 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_aes_selftest.c.fips 2016-09-22 13:35:57.013220905 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_aes_selftest.c 2016-09-22 13:35:57.013220905 +0200 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2633,10 +2593,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_aes_selftest.c +} + +#endif -Index: openssl-1.0.2h/crypto/fips/fips.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips.c 2016-05-03 16:33:10.349478462 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips.c.fips openssl-1.0.2i/crypto/fips/fips.c +--- openssl-1.0.2i/crypto/fips/fips.c.fips 2016-09-22 13:35:57.014220928 +0200 ++++ openssl-1.0.2i/crypto/fips/fips.c 2016-09-22 13:35:57.014220928 +0200 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3121,10 +3080,9 @@ Index: openssl-1.0.2h/crypto/fips/fips.c +# endif + +#endif -Index: openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c 2016-05-03 16:33:10.349478462 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_cmac_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_cmac_selftest.c.fips 2016-09-22 13:35:57.014220928 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_cmac_selftest.c 2016-09-22 13:35:57.014220928 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3282,10 +3240,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c + return rv; +} +#endif -Index: openssl-1.0.2h/crypto/fips/fips_des_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_des_selftest.c 2016-05-03 16:33:10.349478462 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_des_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_des_selftest.c.fips 2016-09-22 13:35:57.014220928 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_des_selftest.c 2016-09-22 13:35:57.014220928 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3425,10 +3382,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_des_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c 2016-05-03 16:33:10.349478462 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_ctr.c +--- openssl-1.0.2i/crypto/fips/fips_drbg_ctr.c.fips 2016-09-22 13:35:57.014220928 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_ctr.c 2016-09-22 13:35:57.014220928 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3845,10 +3801,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c + + return 1; +} -Index: openssl-1.0.2h/crypto/fips/fips_drbg_hash.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_hash.c 2016-05-03 16:33:10.349478462 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_hash.c +--- openssl-1.0.2i/crypto/fips/fips_drbg_hash.c.fips 2016-09-22 13:35:57.014220928 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_hash.c 2016-09-22 13:35:57.014220928 +0200 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4208,10 +4163,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_hash.c + + return 1; +} -Index: openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c 2016-05-03 16:33:10.350478477 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_hmac.c +--- openssl-1.0.2i/crypto/fips/fips_drbg_hmac.c.fips 2016-09-22 13:35:57.015220951 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_hmac.c 2016-09-22 13:35:57.015220951 +0200 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4483,10 +4437,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c + + return 1; +} -Index: openssl-1.0.2h/crypto/fips/fips_drbg_lib.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_lib.c 2016-05-03 16:33:10.350478477 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_lib.c +--- openssl-1.0.2i/crypto/fips/fips_drbg_lib.c.fips 2016-09-22 13:35:57.015220951 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_lib.c 2016-09-22 13:35:57.015220951 +0200 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5041,10 +4994,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -Index: openssl-1.0.2h/crypto/fips/fips_drbg_rand.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_rand.c 2016-05-03 16:33:10.350478477 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_rand.c +--- openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips 2016-09-22 13:35:57.015220951 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_rand.c 2016-09-22 13:35:57.015220951 +0200 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5212,10 +5164,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_rand.c +{ + return &rand_drbg_meth; +} -Index: openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c 2016-05-03 16:33:10.350478477 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_drbg_selftest.c.fips 2016-09-22 13:35:57.015220951 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_selftest.c 2016-09-22 13:35:57.015220951 +0200 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6044,10 +5995,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c + FIPS_drbg_free(dctx); + return rv; +} -Index: openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h 2016-05-03 16:33:10.351478493 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2i/crypto/fips/fips_drbg_selftest.h +--- openssl-1.0.2i/crypto/fips/fips_drbg_selftest.h.fips 2016-09-22 13:35:57.016220974 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_drbg_selftest.h 2016-09-22 13:35:57.016220974 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7840,10 +7790,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -Index: openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c 2016-05-03 16:33:10.351478493 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_dsa_selftest.c.fips 2016-09-22 13:35:57.016220974 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_dsa_selftest.c 2016-09-22 13:35:57.016220974 +0200 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8037,10 +7986,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2h/crypto/fips/fips_enc.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_enc.c 2016-05-03 16:33:10.351478493 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_enc.c.fips openssl-1.0.2i/crypto/fips/fips_enc.c +--- openssl-1.0.2i/crypto/fips/fips_enc.c.fips 2016-09-22 13:35:57.017220997 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_enc.c 2016-09-22 13:35:57.017220997 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8231,10 +8179,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_enc.c + + } +} -Index: openssl-1.0.2h/crypto/fips/fips.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips.h 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips.h.fips openssl-1.0.2i/crypto/fips/fips.h +--- openssl-1.0.2i/crypto/fips/fips.h.fips 2016-09-22 13:35:57.017220997 +0200 ++++ openssl-1.0.2i/crypto/fips/fips.h 2016-09-22 13:35:57.017220997 +0200 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8514,10 +8461,9 @@ Index: openssl-1.0.2h/crypto/fips/fips.h +} +# endif +#endif -Index: openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_hmac_selftest.c.fips 2016-09-22 13:35:57.017220997 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_hmac_selftest.c 2016-09-22 13:35:57.017220997 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8653,10 +8599,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c + return 1; +} +#endif -Index: openssl-1.0.2h/crypto/fips/fips_locl.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_locl.h 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_locl.h.fips openssl-1.0.2i/crypto/fips/fips_locl.h +--- openssl-1.0.2i/crypto/fips/fips_locl.h.fips 2016-09-22 13:35:57.017220997 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_locl.h 2016-09-22 13:35:57.017220997 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8729,10 +8674,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_locl.h +} +# endif +#endif -Index: openssl-1.0.2h/crypto/fips/fips_md.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_md.c 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_md.c.fips openssl-1.0.2i/crypto/fips/fips_md.c +--- openssl-1.0.2i/crypto/fips/fips_md.c.fips 2016-09-22 13:35:57.017220997 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_md.c 2016-09-22 13:35:57.017220997 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8878,10 +8822,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_md.c + return NULL; + } +} -Index: openssl-1.0.2h/crypto/fips/fips_post.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_post.c 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_post.c.fips openssl-1.0.2i/crypto/fips/fips_post.c +--- openssl-1.0.2i/crypto/fips/fips_post.c.fips 2016-09-22 13:35:57.017220997 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_post.c 2016-09-22 13:35:57.017220997 +0200 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9084,10 +9027,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_post.c + return 1; +} +#endif -Index: openssl-1.0.2h/crypto/fips/fips_rand.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rand.c 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rand.c.fips openssl-1.0.2i/crypto/fips/fips_rand.c +--- openssl-1.0.2i/crypto/fips/fips_rand.c.fips 2016-09-22 13:35:57.018221020 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rand.c 2016-09-22 13:35:57.018221020 +0200 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9517,10 +9459,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.2h/crypto/fips/fips_rand.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rand.h 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rand.h.fips openssl-1.0.2i/crypto/fips/fips_rand.h +--- openssl-1.0.2i/crypto/fips/fips_rand.h.fips 2016-09-22 13:35:57.018221020 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rand.h 2016-09-22 13:35:57.018221020 +0200 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9685,10 +9626,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rand.h +# endif +# endif +#endif -Index: openssl-1.0.2h/crypto/fips/fips_rand_lcl.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rand_lcl.h 2016-05-03 16:33:10.352478508 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2i/crypto/fips/fips_rand_lcl.h +--- openssl-1.0.2i/crypto/fips/fips_rand_lcl.h.fips 2016-09-22 13:35:57.018221020 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rand_lcl.h 2016-09-22 13:35:57.018221020 +0200 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9903,10 +9843,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.2h/crypto/fips/fips_rand_lib.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rand_lib.c 2016-05-03 16:33:10.353478524 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2i/crypto/fips/fips_rand_lib.c +--- openssl-1.0.2i/crypto/fips/fips_rand_lib.c.fips 2016-09-22 13:35:57.018221020 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rand_lib.c 2016-09-22 13:35:57.018221020 +0200 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10089,10 +10028,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rand_lib.c + } + return 0; +} -Index: openssl-1.0.2h/crypto/fips/fips_rand_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rand_selftest.c 2016-05-03 16:33:10.353478524 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_rand_selftest.c.fips 2016-09-22 13:35:57.018221020 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rand_selftest.c 2016-09-22 13:35:57.018221020 +0200 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10270,10 +10208,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rand_selftest.c +} + +#endif -Index: openssl-1.0.2h/crypto/fips/fips_randtest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_randtest.c 2016-05-03 16:33:10.353478524 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_randtest.c.fips openssl-1.0.2i/crypto/fips/fips_randtest.c +--- openssl-1.0.2i/crypto/fips/fips_randtest.c.fips 2016-09-22 13:35:57.018221020 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_randtest.c 2016-09-22 13:35:57.018221020 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10522,10 +10459,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_randtest.c +} + +#endif -Index: openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c 2016-05-03 16:33:10.353478524 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips 2016-09-22 13:35:57.019221043 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c 2016-09-22 13:35:57.019221043 +0200 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10971,10 +10907,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c +} + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c 2016-05-03 16:33:10.353478524 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2i/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.2i/crypto/fips/fips_rsa_x931g.c.fips 2016-09-22 13:35:57.019221043 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rsa_x931g.c 2016-09-22 13:35:57.019221043 +0200 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11249,10 +11184,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c + return 0; + +} -Index: openssl-1.0.2h/crypto/fips/fips_sha_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_sha_selftest.c 2016-05-03 16:33:10.353478524 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2i/crypto/fips/fips_sha_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_sha_selftest.c.fips 2016-09-22 13:35:57.019221043 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_sha_selftest.c 2016-09-22 13:35:57.019221043 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11399,10 +11333,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_sha_selftest.c +} + +#endif -Index: openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c 2016-05-03 16:33:10.354478540 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2i/crypto/fips/fips_standalone_hmac.c +--- openssl-1.0.2i/crypto/fips/fips_standalone_hmac.c.fips 2016-09-22 13:35:57.019221043 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_standalone_hmac.c 2016-09-22 13:35:57.019221043 +0200 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11672,10 +11605,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c +#endif + return 0; +} -Index: openssl-1.0.2h/crypto/fips/fips_test_suite.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/fips_test_suite.c 2016-05-03 16:33:10.354478540 +0200 +diff -up openssl-1.0.2i/crypto/fips/fips_test_suite.c.fips openssl-1.0.2i/crypto/fips/fips_test_suite.c +--- openssl-1.0.2i/crypto/fips/fips_test_suite.c.fips 2016-09-22 13:35:57.020221066 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_test_suite.c 2016-09-22 13:35:57.019221043 +0200 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12316,10 +12248,9 @@ Index: openssl-1.0.2h/crypto/fips/fips_test_suite.c +} + +#endif -Index: openssl-1.0.2h/crypto/fips/Makefile -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2h/crypto/fips/Makefile 2016-05-03 16:33:10.354478540 +0200 +diff -up openssl-1.0.2i/crypto/fips/Makefile.fips openssl-1.0.2i/crypto/fips/Makefile +--- openssl-1.0.2i/crypto/fips/Makefile.fips 2016-09-22 13:35:57.020221066 +0200 ++++ openssl-1.0.2i/crypto/fips/Makefile 2016-09-22 13:35:57.020221066 +0200 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12662,10 +12593,9 @@ Index: openssl-1.0.2h/crypto/fips/Makefile +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.2h/crypto/hmac/hmac.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/hmac/hmac.c 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/hmac/hmac.c 2016-05-03 16:33:10.354478540 +0200 +diff -up openssl-1.0.2i/crypto/hmac/hmac.c.fips openssl-1.0.2i/crypto/hmac/hmac.c +--- openssl-1.0.2i/crypto/hmac/hmac.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/hmac/hmac.c 2016-09-22 13:35:57.020221066 +0200 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12728,10 +12658,9 @@ Index: openssl-1.0.2h/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.2h/crypto/mdc2/mdc2dgst.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/mdc2/mdc2dgst.c 2016-05-03 16:33:08.113443721 +0200 -+++ openssl-1.0.2h/crypto/mdc2/mdc2dgst.c 2016-05-03 16:33:10.354478540 +0200 +diff -up openssl-1.0.2i/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2i/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.2i/crypto/mdc2/mdc2dgst.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/mdc2/mdc2dgst.c 2016-09-22 13:35:57.020221066 +0200 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12741,10 +12670,9 @@ Index: openssl-1.0.2h/crypto/mdc2/mdc2dgst.c { c->num = 0; c->pad_type = 1; -Index: openssl-1.0.2h/crypto/md2/md2_dgst.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/md2/md2_dgst.c 2016-05-03 16:33:08.113443721 +0200 -+++ openssl-1.0.2h/crypto/md2/md2_dgst.c 2016-05-03 16:33:10.354478540 +0200 +diff -up openssl-1.0.2i/crypto/md2/md2_dgst.c.fips openssl-1.0.2i/crypto/md2/md2_dgst.c +--- openssl-1.0.2i/crypto/md2/md2_dgst.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/md2/md2_dgst.c 2016-09-22 13:35:57.020221066 +0200 @@ -62,6 +62,11 @@ #include #include @@ -12766,10 +12694,9 @@ Index: openssl-1.0.2h/crypto/md2/md2_dgst.c { c->num = 0; memset(c->state, 0, sizeof c->state); -Index: openssl-1.0.2h/crypto/md4/md4_dgst.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/md4/md4_dgst.c 2016-05-03 16:33:08.113443721 +0200 -+++ openssl-1.0.2h/crypto/md4/md4_dgst.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/md4/md4_dgst.c.fips openssl-1.0.2i/crypto/md4/md4_dgst.c +--- openssl-1.0.2i/crypto/md4/md4_dgst.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/md4/md4_dgst.c 2016-09-22 13:35:57.020221066 +0200 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12779,10 +12706,9 @@ Index: openssl-1.0.2h/crypto/md4/md4_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2h/crypto/md5/md5_dgst.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/md5/md5_dgst.c 2016-05-03 16:33:08.113443721 +0200 -+++ openssl-1.0.2h/crypto/md5/md5_dgst.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/md5/md5_dgst.c.fips openssl-1.0.2i/crypto/md5/md5_dgst.c +--- openssl-1.0.2i/crypto/md5/md5_dgst.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/md5/md5_dgst.c 2016-09-22 13:35:57.020221066 +0200 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12792,10 +12718,9 @@ Index: openssl-1.0.2h/crypto/md5/md5_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2h/crypto/o_fips.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/o_fips.c 2016-05-03 16:33:08.113443721 +0200 -+++ openssl-1.0.2h/crypto/o_fips.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/o_fips.c.fips openssl-1.0.2i/crypto/o_fips.c +--- openssl-1.0.2i/crypto/o_fips.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/o_fips.c 2016-09-22 13:35:57.020221066 +0200 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12805,10 +12730,9 @@ Index: openssl-1.0.2h/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.2h/crypto/o_init.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/o_init.c 2016-05-03 16:33:08.114443736 +0200 -+++ openssl-1.0.2h/crypto/o_init.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/o_init.c.fips openssl-1.0.2i/crypto/o_init.c +--- openssl-1.0.2i/crypto/o_init.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/o_init.c 2016-09-22 13:38:19.150496906 +0200 @@ -56,8 +56,37 @@ #include #include @@ -12847,7 +12771,7 @@ Index: openssl-1.0.2h/crypto/o_init.c #endif /* -@@ -65,19 +94,26 @@ +@@ -65,22 +94,26 @@ * sets FIPS callbacks */ @@ -12860,6 +12784,9 @@ Index: openssl-1.0.2h/crypto/o_init.c done = 1; #ifdef OPENSSL_FIPS - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); +-# ifndef OPENSSL_NO_DEPRECATED +- FIPS_crypto_set_id_callback(CRYPTO_thread_id); +-# endif - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); RAND_init_fips(); @@ -12878,10 +12805,9 @@ Index: openssl-1.0.2h/crypto/o_init.c +{ + OPENSSL_init_library(); +} -Index: openssl-1.0.2h/crypto/opensslconf.h.in -=================================================================== ---- openssl-1.0.2h.orig/crypto/opensslconf.h.in 2016-05-03 16:33:08.114443736 +0200 -+++ openssl-1.0.2h/crypto/opensslconf.h.in 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/opensslconf.h.in.fips openssl-1.0.2i/crypto/opensslconf.h.in +--- openssl-1.0.2i/crypto/opensslconf.h.in.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/opensslconf.h.in 2016-09-22 13:35:57.021221089 +0200 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12903,10 +12829,9 @@ Index: openssl-1.0.2h/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.2h/crypto/rand/md_rand.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rand/md_rand.c 2016-05-03 16:33:08.114443736 +0200 -+++ openssl-1.0.2h/crypto/rand/md_rand.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/rand/md_rand.c.fips openssl-1.0.2i/crypto/rand/md_rand.c +--- openssl-1.0.2i/crypto/rand/md_rand.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rand/md_rand.c 2016-09-22 13:35:57.021221089 +0200 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12919,10 +12844,9 @@ Index: openssl-1.0.2h/crypto/rand/md_rand.c RAND_poll(); initialized = 1; } -Index: openssl-1.0.2h/crypto/rand/rand.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/rand/rand.h 2016-05-03 16:33:08.114443736 +0200 -+++ openssl-1.0.2h/crypto/rand/rand.h 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/rand/rand.h.fips openssl-1.0.2i/crypto/rand/rand.h +--- openssl-1.0.2i/crypto/rand/rand.h.fips 2016-09-22 13:35:56.777215465 +0200 ++++ openssl-1.0.2i/crypto/rand/rand.h 2016-09-22 13:35:57.021221089 +0200 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12963,10 +12887,9 @@ Index: openssl-1.0.2h/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.2h/crypto/ripemd/rmd_dgst.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/ripemd/rmd_dgst.c 2016-05-03 16:33:08.114443736 +0200 -+++ openssl-1.0.2h/crypto/ripemd/rmd_dgst.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2i/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.2i/crypto/ripemd/rmd_dgst.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/ripemd/rmd_dgst.c 2016-09-22 13:35:57.021221089 +0200 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12976,10 +12899,9 @@ Index: openssl-1.0.2h/crypto/ripemd/rmd_dgst.c { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -Index: openssl-1.0.2h/crypto/rsa/rsa_crpt.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_crpt.c 2016-05-03 16:33:08.114443736 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_crpt.c 2016-05-03 16:33:10.355478555 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2i/crypto/rsa/rsa_crpt.c +--- openssl-1.0.2i/crypto/rsa/rsa_crpt.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_crpt.c 2016-09-22 13:35:57.021221089 +0200 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -13006,10 +12928,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.2h/crypto/rsa/rsa_eay.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_eay.c 2016-05-03 16:33:08.115443751 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_eay.c 2016-05-03 16:33:10.356478571 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_eay.c.fips openssl-1.0.2i/crypto/rsa/rsa_eay.c +--- openssl-1.0.2i/crypto/rsa/rsa_eay.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_eay.c 2016-09-22 13:35:57.022221112 +0200 @@ -114,6 +114,10 @@ #include #include @@ -13132,10 +13053,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_eay.c rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -Index: openssl-1.0.2h/crypto/rsa/rsa_err.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_err.c 2016-05-03 16:33:08.115443751 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_err.c 2016-05-03 16:33:10.356478571 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_err.c.fips openssl-1.0.2i/crypto/rsa/rsa_err.c +--- openssl-1.0.2i/crypto/rsa/rsa_err.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_err.c 2016-09-22 13:35:57.022221112 +0200 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13145,10 +13065,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -Index: openssl-1.0.2h/crypto/rsa/rsa_gen.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_gen.c 2016-05-03 16:33:08.115443751 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_gen.c 2016-05-03 16:33:10.356478571 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips openssl-1.0.2i/crypto/rsa/rsa_gen.c +--- openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_gen.c 2016-09-22 13:35:57.022221112 +0200 @@ -69,8 +69,80 @@ #include #ifdef OPENSSL_FIPS @@ -13290,10 +13209,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_gen.c ok = 1; err: if (ok == -1) { -Index: openssl-1.0.2h/crypto/rsa/rsa.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa.h 2016-05-03 16:33:08.116443767 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa.h 2016-05-03 16:33:10.356478571 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa.h.fips openssl-1.0.2i/crypto/rsa/rsa.h +--- openssl-1.0.2i/crypto/rsa/rsa.h.fips 2016-09-22 13:35:56.906218439 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa.h 2016-09-22 13:35:57.022221112 +0200 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13390,10 +13308,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -Index: openssl-1.0.2h/crypto/rsa/rsa_lib.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_lib.c 2016-05-03 16:33:08.116443767 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_lib.c 2016-05-03 16:33:10.356478571 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_lib.c.fips openssl-1.0.2i/crypto/rsa/rsa_lib.c +--- openssl-1.0.2i/crypto/rsa/rsa_lib.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_lib.c 2016-09-22 13:35:57.022221112 +0200 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13439,7 +13356,7 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_lib.c mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -@@ -165,6 +170,17 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -166,6 +171,17 @@ RSA *RSA_new_method(ENGINE *engine) } } #endif @@ -13457,7 +13374,7 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_lib.c ret->pad = 0; ret->version = 0; -@@ -183,7 +199,7 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -184,7 +200,7 @@ RSA *RSA_new_method(ENGINE *engine) ret->blinding = NULL; ret->mt_blinding = NULL; ret->bignum_data = NULL; @@ -13466,10 +13383,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -Index: openssl-1.0.2h/crypto/rsa/rsa_pmeth.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_pmeth.c 2016-05-03 16:33:08.116443767 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_pmeth.c 2016-05-03 16:33:10.356478571 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2i/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.2i/crypto/rsa/rsa_pmeth.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_pmeth.c 2016-09-22 13:35:57.022221112 +0200 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13509,10 +13425,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.2h/crypto/rsa/rsa_sign.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/rsa/rsa_sign.c 2016-05-03 16:33:08.116443767 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_sign.c 2016-05-03 16:33:10.357478586 +0200 +diff -up openssl-1.0.2i/crypto/rsa/rsa_sign.c.fips openssl-1.0.2i/crypto/rsa/rsa_sign.c +--- openssl-1.0.2i/crypto/rsa/rsa_sign.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_sign.c 2016-09-22 13:35:57.023221135 +0200 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13551,10 +13466,9 @@ Index: openssl-1.0.2h/crypto/rsa/rsa_sign.c if (i <= 0) goto err; -Index: openssl-1.0.2h/crypto/sha/sha.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/sha/sha.h 2016-05-03 16:33:08.116443767 +0200 -+++ openssl-1.0.2h/crypto/sha/sha.h 2016-05-03 16:33:10.357478586 +0200 +diff -up openssl-1.0.2i/crypto/sha/sha.h.fips openssl-1.0.2i/crypto/sha/sha.h +--- openssl-1.0.2i/crypto/sha/sha.h.fips 2016-09-22 13:35:56.699213667 +0200 ++++ openssl-1.0.2i/crypto/sha/sha.h 2016-09-22 13:35:57.023221135 +0200 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13597,10 +13511,9 @@ Index: openssl-1.0.2h/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.2h/crypto/sha/sha_locl.h -=================================================================== ---- openssl-1.0.2h.orig/crypto/sha/sha_locl.h 2016-05-03 16:33:08.117443783 +0200 -+++ openssl-1.0.2h/crypto/sha/sha_locl.h 2016-05-03 16:33:10.357478586 +0200 +diff -up openssl-1.0.2i/crypto/sha/sha_locl.h.fips openssl-1.0.2i/crypto/sha/sha_locl.h +--- openssl-1.0.2i/crypto/sha/sha_locl.h.fips 2016-09-22 13:35:56.702213737 +0200 ++++ openssl-1.0.2i/crypto/sha/sha_locl.h 2016-09-22 13:35:57.023221135 +0200 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13617,10 +13530,9 @@ Index: openssl-1.0.2h/crypto/sha/sha_locl.h memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -Index: openssl-1.0.2h/crypto/sha/sha256.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/sha/sha256.c 2016-05-03 16:33:08.117443783 +0200 -+++ openssl-1.0.2h/crypto/sha/sha256.c 2016-05-03 16:33:10.357478586 +0200 +diff -up openssl-1.0.2i/crypto/sha/sha256.c.fips openssl-1.0.2i/crypto/sha/sha256.c +--- openssl-1.0.2i/crypto/sha/sha256.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/sha/sha256.c 2016-09-22 13:35:57.023221135 +0200 @@ -12,12 +12,19 @@ # include @@ -13651,10 +13563,9 @@ Index: openssl-1.0.2h/crypto/sha/sha256.c memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -Index: openssl-1.0.2h/crypto/sha/sha512.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/sha/sha512.c 2016-05-03 16:33:08.117443783 +0200 -+++ openssl-1.0.2h/crypto/sha/sha512.c 2016-05-03 16:33:10.357478586 +0200 +diff -up openssl-1.0.2i/crypto/sha/sha512.c.fips openssl-1.0.2i/crypto/sha/sha512.c +--- openssl-1.0.2i/crypto/sha/sha512.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/sha/sha512.c 2016-09-22 13:35:57.023221135 +0200 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13686,11 +13597,10 @@ Index: openssl-1.0.2h/crypto/sha/sha512.c c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.2h/crypto/whrlpool/wp_dgst.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/whrlpool/wp_dgst.c 2016-05-03 16:33:08.117443783 +0200 -+++ openssl-1.0.2h/crypto/whrlpool/wp_dgst.c 2016-05-03 16:33:10.357478586 +0200 -@@ -55,7 +55,7 @@ +diff -up openssl-1.0.2i/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2i/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.2i/crypto/whrlpool/wp_dgst.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/whrlpool/wp_dgst.c 2016-09-22 13:35:57.023221135 +0200 +@@ -56,7 +56,7 @@ #include #include @@ -13699,11 +13609,10 @@ Index: openssl-1.0.2h/crypto/whrlpool/wp_dgst.c { memset(c, 0, sizeof(*c)); return (1); -Index: openssl-1.0.2h/Makefile.org -=================================================================== ---- openssl-1.0.2h.orig/Makefile.org 2016-05-03 16:33:08.117443783 +0200 -+++ openssl-1.0.2h/Makefile.org 2016-05-03 16:33:10.357478586 +0200 -@@ -136,6 +136,9 @@ FIPSCANLIB= +diff -up openssl-1.0.2i/Makefile.org.fips openssl-1.0.2i/Makefile.org +--- openssl-1.0.2i/Makefile.org.fips 2016-09-22 13:35:56.996220513 +0200 ++++ openssl-1.0.2i/Makefile.org 2016-09-22 13:35:57.023221135 +0200 +@@ -138,6 +138,9 @@ FIPSCANLIB= BASEADDR= @@ -13713,7 +13622,7 @@ Index: openssl-1.0.2h/Makefile.org DIRS= crypto ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl -@@ -148,7 +151,7 @@ SDIRS= \ +@@ -150,7 +153,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ @@ -13722,7 +13631,7 @@ Index: openssl-1.0.2h/Makefile.org # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... -@@ -238,6 +241,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) +@@ -241,6 +244,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSDIR='${FIPSDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ @@ -13730,10 +13639,9 @@ Index: openssl-1.0.2h/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.2h/ssl/ssl_algs.c -=================================================================== ---- openssl-1.0.2h.orig/ssl/ssl_algs.c 2016-05-03 16:33:08.117443783 +0200 -+++ openssl-1.0.2h/ssl/ssl_algs.c 2016-05-03 16:33:10.357478586 +0200 +diff -up openssl-1.0.2i/ssl/ssl_algs.c.fips openssl-1.0.2i/ssl/ssl_algs.c +--- openssl-1.0.2i/ssl/ssl_algs.c.fips 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/ssl/ssl_algs.c 2016-09-22 13:35:57.024221158 +0200 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2a-new-fips-reqs.patch b/openssl-1.0.2i-new-fips-reqs.patch similarity index 92% rename from openssl-1.0.2a-new-fips-reqs.patch rename to openssl-1.0.2i-new-fips-reqs.patch index 8a003e8..cc37e34 100644 --- a/openssl-1.0.2a-new-fips-reqs.patch +++ b/openssl-1.0.2i-new-fips-reqs.patch @@ -1,26 +1,23 @@ -Index: openssl-1.0.2f/crypto/bn/bn_rand.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/bn/bn_rand.c 2016-01-28 14:38:30.000000000 +0100 -+++ openssl-1.0.2f/crypto/bn/bn_rand.c 2016-01-28 15:59:54.945269236 +0100 -@@ -141,9 +141,11 @@ static int bnrand(int pseudorand, BIGNUM - goto err; +diff -up openssl-1.0.2i/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2i/crypto/bn/bn_rand.c +--- openssl-1.0.2i/crypto/bn/bn_rand.c.fips-reqs 2016-09-22 13:54:26.533848449 +0200 ++++ openssl-1.0.2i/crypto/bn/bn_rand.c 2016-09-22 13:56:52.169233060 +0200 +@@ -141,8 +141,11 @@ static int bnrand(int pseudorand, BIGNUM } -- /* make a random number and set the top and bottom bits */ + /* make a random number and set the top and bottom bits */ - time(&tim); - RAND_add(&tim, sizeof(tim), 0.0); -+ if (!FIPS_mode()) { /* in FIPS mode the RNG is always properly seeded or the module fails */ -+ /* make a random number and set the top and bottom bits */ ++ if (!FIPS_mode()) { ++ /* in FIPS mode the RNG is always properly seeded or the module fails */ + time(&tim); + RAND_add(&tim, sizeof(tim), 0.0); + } - if (pseudorand) { - if (RAND_pseudo_bytes(buf, bytes) == -1) -Index: openssl-1.0.2f/crypto/dh/dh_gen.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/dh/dh_gen.c 2016-01-28 15:59:54.912268693 +0100 -+++ openssl-1.0.2f/crypto/dh/dh_gen.c 2016-01-28 15:59:54.945269236 +0100 + /* We ignore the value of pseudorand and always call RAND_bytes */ + if (RAND_bytes(buf, bytes) <= 0) +diff -up openssl-1.0.2i/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2i/crypto/dh/dh_gen.c +--- openssl-1.0.2i/crypto/dh/dh_gen.c.fips-reqs 2016-09-22 13:54:26.489847426 +0200 ++++ openssl-1.0.2i/crypto/dh/dh_gen.c 2016-09-22 13:54:26.533848449 +0200 @@ -128,7 +128,7 @@ static int dh_builtin_genparams(DH *ret, return 0; } @@ -30,10 +27,9 @@ Index: openssl-1.0.2f/crypto/dh/dh_gen.c DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); goto err; } -Index: openssl-1.0.2f/crypto/dh/dh.h -=================================================================== ---- openssl-1.0.2f.orig/crypto/dh/dh.h 2016-01-28 15:59:54.912268693 +0100 -+++ openssl-1.0.2f/crypto/dh/dh.h 2016-01-28 15:59:54.945269236 +0100 +diff -up openssl-1.0.2i/crypto/dh/dh.h.fips-reqs openssl-1.0.2i/crypto/dh/dh.h +--- openssl-1.0.2i/crypto/dh/dh.h.fips-reqs 2016-09-22 13:54:26.489847426 +0200 ++++ openssl-1.0.2i/crypto/dh/dh.h 2016-09-22 13:54:26.534848472 +0200 @@ -78,6 +78,7 @@ # endif @@ -42,10 +38,9 @@ Index: openssl-1.0.2f/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 -Index: openssl-1.0.2f/crypto/dsa/dsa_gen.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/dsa/dsa_gen.c 2016-01-28 15:59:54.913268710 +0100 -+++ openssl-1.0.2f/crypto/dsa/dsa_gen.c 2016-01-28 15:59:54.945269236 +0100 +diff -up openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.2i/crypto/dsa/dsa_gen.c +--- openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips-reqs 2016-09-22 13:54:26.490847450 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_gen.c 2016-09-22 13:54:26.534848472 +0200 @@ -157,9 +157,11 @@ int dsa_builtin_paramgen(DSA *ret, size_ } @@ -61,10 +56,9 @@ Index: openssl-1.0.2f/crypto/dsa/dsa_gen.c DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID); goto err; } -Index: openssl-1.0.2f/crypto/dsa/dsa.h -=================================================================== ---- openssl-1.0.2f.orig/crypto/dsa/dsa.h 2016-01-28 15:59:54.913268710 +0100 -+++ openssl-1.0.2f/crypto/dsa/dsa.h 2016-01-28 15:59:54.946269253 +0100 +diff -up openssl-1.0.2i/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2i/crypto/dsa/dsa.h +--- openssl-1.0.2i/crypto/dsa/dsa.h.fips-reqs 2016-09-22 13:54:26.490847450 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa.h 2016-09-22 13:54:26.534848472 +0200 @@ -89,6 +89,7 @@ # endif @@ -85,11 +79,10 @@ Index: openssl-1.0.2f/crypto/dsa/dsa.h * Rabin-Miller */ # define DSA_is_prime(n, callback, cb_arg) \ -Index: openssl-1.0.2f/crypto/dsa/dsa_key.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/dsa/dsa_key.c 2016-01-28 15:59:54.913268710 +0100 -+++ openssl-1.0.2f/crypto/dsa/dsa_key.c 2016-01-28 15:59:54.946269253 +0100 -@@ -120,7 +120,7 @@ static int dsa_builtin_keygen(DSA *dsa) +diff -up openssl-1.0.2i/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.2i/crypto/dsa/dsa_key.c +--- openssl-1.0.2i/crypto/dsa/dsa_key.c.fips-reqs 2016-09-22 13:54:26.532848426 +0200 ++++ openssl-1.0.2i/crypto/dsa/dsa_key.c 2016-09-22 13:54:26.534848472 +0200 +@@ -125,7 +125,7 @@ static int dsa_builtin_keygen(DSA *dsa) # ifdef OPENSSL_FIPS if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) @@ -98,11 +91,10 @@ Index: openssl-1.0.2f/crypto/dsa/dsa_key.c DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); goto err; } -Index: openssl-1.0.2f/crypto/fips/fips.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/fips/fips.c 2016-01-28 15:59:54.939269138 +0100 -+++ openssl-1.0.2f/crypto/fips/fips.c 2016-01-28 15:59:54.946269253 +0100 -@@ -418,26 +418,24 @@ int FIPS_module_mode_set(int onoff, cons +diff -up openssl-1.0.2i/crypto/fips/fips.c.fips-reqs openssl-1.0.2i/crypto/fips/fips.c +--- openssl-1.0.2i/crypto/fips/fips.c.fips-reqs 2016-09-22 13:54:26.532848426 +0200 ++++ openssl-1.0.2i/crypto/fips/fips.c 2016-09-22 13:54:26.534848472 +0200 +@@ -424,26 +424,24 @@ int FIPS_module_mode_set(int onoff, cons ret = 0; goto end; } @@ -135,10 +127,9 @@ Index: openssl-1.0.2f/crypto/fips/fips.c ret = 1; goto end; } -Index: openssl-1.0.2f/crypto/fips/fips_dh_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2f/crypto/fips/fips_dh_selftest.c 2016-01-28 15:59:54.946269253 +0100 +diff -up openssl-1.0.2i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_dh_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_dh_selftest.c.fips-reqs 2016-09-22 13:54:26.535848495 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_dh_selftest.c 2016-09-22 13:54:26.535848495 +0200 @@ -0,0 +1,162 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -302,10 +293,9 @@ Index: openssl-1.0.2f/crypto/fips/fips_dh_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2f/crypto/fips/fips.h -=================================================================== ---- openssl-1.0.2f.orig/crypto/fips/fips.h 2016-01-28 15:59:54.939269138 +0100 -+++ openssl-1.0.2f/crypto/fips/fips.h 2016-01-28 15:59:54.946269253 +0100 +diff -up openssl-1.0.2i/crypto/fips/fips.h.fips-reqs openssl-1.0.2i/crypto/fips/fips.h +--- openssl-1.0.2i/crypto/fips/fips.h.fips-reqs 2016-09-22 13:54:26.527848309 +0200 ++++ openssl-1.0.2i/crypto/fips/fips.h 2016-09-22 13:54:26.535848495 +0200 @@ -96,6 +96,7 @@ extern "C" { int FIPS_selftest_dsa(void); int FIPS_selftest_ecdsa(void); @@ -314,10 +304,9 @@ Index: openssl-1.0.2f/crypto/fips/fips.h void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -Index: openssl-1.0.2f/crypto/fips/fips_post.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/fips/fips_post.c 2016-01-28 15:59:54.933269039 +0100 -+++ openssl-1.0.2f/crypto/fips/fips_post.c 2016-01-28 15:59:54.946269253 +0100 +diff -up openssl-1.0.2i/crypto/fips/fips_post.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_post.c +--- openssl-1.0.2i/crypto/fips/fips_post.c.fips-reqs 2016-09-22 13:54:26.524848240 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_post.c 2016-09-22 13:54:26.535848495 +0200 @@ -99,6 +99,8 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_dsa()) @@ -327,10 +316,9 @@ Index: openssl-1.0.2f/crypto/fips/fips_post.c if (!FIPS_selftest_ecdh()) rv = 0; return rv; -Index: openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/fips/fips_rsa_selftest.c 2016-01-28 15:59:54.920268825 +0100 -+++ openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c 2016-01-28 15:59:54.947269270 +0100 +diff -up openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips-reqs 2016-09-22 13:54:26.499847659 +0200 ++++ openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c 2016-09-22 13:54:26.537848542 +0200 @@ -60,68 +60,107 @@ #ifdef OPENSSL_FIPS @@ -985,10 +973,9 @@ Index: openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c RSA_free(key); return ret; } -Index: openssl-1.0.2f/crypto/fips/Makefile -=================================================================== ---- openssl-1.0.2f.orig/crypto/fips/Makefile 2016-01-28 15:59:54.933269039 +0100 -+++ openssl-1.0.2f/crypto/fips/Makefile 2016-01-28 15:59:54.947269270 +0100 +diff -up openssl-1.0.2i/crypto/fips/Makefile.fips-reqs openssl-1.0.2i/crypto/fips/Makefile +--- openssl-1.0.2i/crypto/fips/Makefile.fips-reqs 2016-09-22 13:54:26.524848240 +0200 ++++ openssl-1.0.2i/crypto/fips/Makefile 2016-09-22 13:54:26.537848542 +0200 @@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -1007,10 +994,9 @@ Index: openssl-1.0.2f/crypto/fips/Makefile LIBCRYPTO=-L.. -lcrypto -Index: openssl-1.0.2f/crypto/rand/rand_lcl.h -=================================================================== ---- openssl-1.0.2f.orig/crypto/rand/rand_lcl.h 2016-01-28 14:38:31.000000000 +0100 -+++ openssl-1.0.2f/crypto/rand/rand_lcl.h 2016-01-28 15:59:54.947269270 +0100 +diff -up openssl-1.0.2i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.2i/crypto/rand/rand_lcl.h +--- openssl-1.0.2i/crypto/rand/rand_lcl.h.fips-reqs 2016-09-22 13:54:26.261842127 +0200 ++++ openssl-1.0.2i/crypto/rand/rand_lcl.h 2016-09-22 13:54:26.537848542 +0200 @@ -112,7 +112,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -1020,10 +1006,9 @@ Index: openssl-1.0.2f/crypto/rand/rand_lcl.h # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -Index: openssl-1.0.2f/crypto/rand/rand_lib.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/rand/rand_lib.c 2016-01-28 14:38:31.000000000 +0100 -+++ openssl-1.0.2f/crypto/rand/rand_lib.c 2016-01-28 15:59:54.947269270 +0100 +diff -up openssl-1.0.2i/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.2i/crypto/rand/rand_lib.c +--- openssl-1.0.2i/crypto/rand/rand_lib.c.fips-reqs 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/crypto/rand/rand_lib.c 2016-09-22 13:54:26.537848542 +0200 @@ -236,12 +236,22 @@ static int drbg_rand_add(DRBG_CTX *ctx, double entropy) { @@ -1047,10 +1032,9 @@ Index: openssl-1.0.2f/crypto/rand/rand_lib.c return 1; } -Index: openssl-1.0.2f/crypto/rsa/rsa_gen.c -=================================================================== ---- openssl-1.0.2f.orig/crypto/rsa/rsa_gen.c 2016-01-28 15:59:54.923268874 +0100 -+++ openssl-1.0.2f/crypto/rsa/rsa_gen.c 2016-01-28 15:59:54.947269270 +0100 +diff -up openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.2i/crypto/rsa/rsa_gen.c +--- openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips-reqs 2016-09-22 13:54:26.502847728 +0200 ++++ openssl-1.0.2i/crypto/rsa/rsa_gen.c 2016-09-22 13:54:26.538848565 +0200 @@ -1,5 +1,6 @@ /* crypto/rsa/rsa_gen.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -1352,10 +1336,9 @@ Index: openssl-1.0.2f/crypto/rsa/rsa_gen.c ok = 1; err: if (ok == -1) { -Index: openssl-1.0.2f/ssl/t1_enc.c -=================================================================== ---- openssl-1.0.2f.orig/ssl/t1_enc.c 2016-01-28 14:56:08.000000000 +0100 -+++ openssl-1.0.2f/ssl/t1_enc.c 2016-01-28 15:59:54.947269270 +0100 +diff -up openssl-1.0.2i/ssl/t1_enc.c.fips-reqs openssl-1.0.2i/ssl/t1_enc.c +--- openssl-1.0.2i/ssl/t1_enc.c.fips-reqs 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/ssl/t1_enc.c 2016-09-22 13:54:26.538848565 +0200 @@ -292,6 +292,23 @@ static int tls1_PRF(long digest_mask, return ret; } diff --git a/openssl-1.0.2j.tar.gz b/openssl-1.0.2j.tar.gz new file mode 100644 index 0000000..c57e541 --- /dev/null +++ b/openssl-1.0.2j.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 +size 5307912 diff --git a/openssl-1.0.2j.tar.gz.asc b/openssl-1.0.2j.tar.gz.asc new file mode 100644 index 0000000..f04cb84 --- /dev/null +++ b/openssl-1.0.2j.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJX6O9BAAoJENnE0m0OYESRhC4H/0feEYv4JBbtk3cFyIt39ph6 +A700qbm8pnOukXOg5Q2HrYz6TxE1C/p7MO4+iYnttvtC7WMz9oK0fEQ/k2PEjoU7 +I65vM/LlrQjY6pJe+pORk+UL9uHamcDpeyYCa+Ro61o/l4Vd9iHQMN77LDfkKzDK +qq8q/DMlHVhPv1U8+kDCT9r4nEOqb0tkvJEIns3wFlkw1Wp+VwnhAS5s3J1Xwetj +MK6TFOtI1UOULXiYjSRs4Sy8nyxG5V6VVofAL+aQNOFqAzF45RE5R/6AjL5I8J9y +yoyIzj1a/h8M/PJGzADgpxZAdE2cpZAlQAhZdQutst0GRma6i36HGzq4IUDwbCc= +=puH/ +-----END PGP SIGNATURE----- diff --git a/openssl-fips-dont-fall-back-to-default-digest.patch b/openssl-fips-dont-fall-back-to-default-digest.patch index 03b21b3..fc76963 100644 --- a/openssl-fips-dont-fall-back-to-default-digest.patch +++ b/openssl-fips-dont-fall-back-to-default-digest.patch @@ -1,7 +1,7 @@ -Index: openssl-1.0.2g/apps/dgst.c +Index: openssl-1.0.2i/apps/dgst.c =================================================================== ---- openssl-1.0.2g.orig/apps/dgst.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/apps/dgst.c 2016-04-14 11:04:21.706558132 +0200 +--- openssl-1.0.2i.orig/apps/dgst.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/apps/dgst.c 2016-09-23 10:20:02.162323196 +0200 @@ -147,7 +147,7 @@ int MAIN(int argc, char **argv) /* first check the program name */ program_name(argv[0], pname, sizeof pname); @@ -20,12 +20,12 @@ Index: openssl-1.0.2g/apps/dgst.c md = m; else break; -Index: openssl-1.0.2g/apps/apps.c +Index: openssl-1.0.2i/apps/apps.c =================================================================== ---- openssl-1.0.2g.orig/apps/apps.c 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/apps/apps.c 2016-04-14 11:04:21.707558145 +0200 -@@ -3226,3 +3226,45 @@ int raw_write_stdout(const void *buf, in - return write(fileno(stdout), buf, siz); +--- openssl-1.0.2i.orig/apps/apps.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/apps/apps.c 2016-09-23 10:20:02.162323196 +0200 +@@ -3266,3 +3266,45 @@ int raw_write_stdout(const void *buf, in + return write(fileno_stdout(), buf, siz); } #endif + @@ -70,10 +70,10 @@ Index: openssl-1.0.2g/apps/apps.c + return ciph; + } + -Index: openssl-1.0.2g/apps/apps.h +Index: openssl-1.0.2i/apps/apps.h =================================================================== ---- openssl-1.0.2g.orig/apps/apps.h 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/apps/apps.h 2016-04-14 11:04:21.707558145 +0200 +--- openssl-1.0.2i.orig/apps/apps.h 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/apps/apps.h 2016-09-23 10:20:02.162323196 +0200 @@ -348,6 +348,9 @@ void print_cert_checks(BIO *bio, X509 *x void store_setup_crl_download(X509_STORE *st); @@ -84,10 +84,10 @@ Index: openssl-1.0.2g/apps/apps.h # define FORMAT_UNDEF 0 # define FORMAT_ASN1 1 # define FORMAT_TEXT 2 -Index: openssl-1.0.2g/apps/enc.c +Index: openssl-1.0.2i/apps/enc.c =================================================================== ---- openssl-1.0.2g.orig/apps/enc.c 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/apps/enc.c 2016-04-15 13:57:22.782628623 +0200 +--- openssl-1.0.2i.orig/apps/enc.c 2016-09-22 12:23:06.000000000 +0200 ++++ openssl-1.0.2i/apps/enc.c 2016-09-23 10:20:02.162323196 +0200 @@ -150,7 +150,7 @@ int MAIN(int argc, char **argv) do_zlib = 1; #endif diff --git a/openssl-print_notice-NULL_crash.patch b/openssl-print_notice-NULL_crash.patch new file mode 100644 index 0000000..4babfdc --- /dev/null +++ b/openssl-print_notice-NULL_crash.patch @@ -0,0 +1,13 @@ +Index: openssl-1.0.2i/crypto/x509v3/v3_cpols.c +=================================================================== +--- openssl-1.0.2i.orig/crypto/x509v3/v3_cpols.c 2016-09-23 11:35:30.509972948 +0200 ++++ openssl-1.0.2i/crypto/x509v3/v3_cpols.c 2016-09-23 11:36:16.742667963 +0200 +@@ -459,6 +459,8 @@ static void print_notice(BIO *out, USERN + if (i) + BIO_puts(out, ", "); + tmp = i2s_ASN1_INTEGER(NULL, num); ++ if (tmp == NULL) ++ return; + BIO_puts(out, tmp); + OPENSSL_free(tmp); + } diff --git a/openssl.changes b/openssl.changes index 08f677c..7df0269 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Tue Sep 27 06:20:03 UTC 2016 - michael@stroeder.com + +- update to openssl-1.0.2j + * Missing CRL sanity check (CVE-2016-7052 bsc#1001148) + +------------------------------------------------------------------- +Fri Sep 23 08:22:01 UTC 2016 - vcizek@suse.com + +- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) + Severity: High + * OCSP Status Request extension unbounded memory growth + (CVE-2016-6304) (bsc#999666) + Severity: Low + * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) + * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) + * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) + * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) + * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) + * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) + * Birthday attack against 64-bit block ciphers (SWEET32) + (CVE-2016-2183) (bsc#995359) + * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) + * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) + * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) +- update to openssl-1.0.2i + * remove patches: + openssl-1.0.2a-new-fips-reqs.patch + openssl-1.0.2e-fips.patch + * add patches: + openssl-1.0.2i-fips.patch + openssl-1.0.2i-new-fips-reqs.patch + +------------------------------------------------------------------- +Wed Aug 3 12:41:41 UTC 2016 - vcizek@suse.com + +- fix crash in print_notice (bsc#998190) + * add openssl-print_notice-NULL_crash.patch + ------------------------------------------------------------------- Tue May 3 14:43:47 UTC 2016 - vcizek@suse.com diff --git a/openssl.spec b/openssl.spec index aff4649..3cdeb6a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2h +Version: 1.0.2j Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -62,10 +62,10 @@ Patch10: openssl-pkgconfig.patch Patch13: openssl-1.0.2a-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch # FIPS patches: -Patch15: openssl-1.0.2e-fips.patch +Patch15: openssl-1.0.2i-fips.patch Patch16: openssl-1.0.2a-fips-ec.patch Patch17: openssl-1.0.2a-fips-ctor.patch -Patch18: openssl-1.0.2a-new-fips-reqs.patch +Patch18: openssl-1.0.2i-new-fips-reqs.patch Patch19: openssl-gcc-attributes.patch Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch Patch33: openssl-no-egd.patch @@ -85,6 +85,8 @@ Patch57: openssl-fips-fix-odd-rsakeybits.patch Patch58: openssl-fips-clearerror.patch Patch59: openssl-fips-dont-fall-back-to-default-digest.patch +Patch60: openssl-print_notice-NULL_crash.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -204,6 +206,7 @@ this package's base documentation. %patch57 -p1 %patch58 -p1 %patch59 -p1 +%patch60 -p1 %if 0%{?suse_version} >= 1120 %patch3 %endif