diff --git a/0001-libcrypto-Hide-library-private-symbols.patch b/0001-libcrypto-Hide-library-private-symbols.patch index 1e43037..1592860 100644 --- a/0001-libcrypto-Hide-library-private-symbols.patch +++ b/0001-libcrypto-Hide-library-private-symbols.patch @@ -37,10 +37,8 @@ Subject: [PATCH] libcrypto: Hide library-private symbols crypto/x509v3/pcy_int.h | 3 +++ 31 files changed, 85 insertions(+), 17 deletions(-) -Index: openssl-1.0.1h/apps/Makefile -=================================================================== ---- openssl-1.0.1h.orig/apps/Makefile -+++ openssl-1.0.1h/apps/Makefile +--- openssl-1.0.1j.orig/apps/Makefile ++++ openssl-1.0.1j/apps/Makefile @@ -20,7 +20,7 @@ EXE_EXT= SHLIB_TARGET= @@ -50,10 +48,8 @@ Index: openssl-1.0.1h/apps/Makefile GENERAL=Makefile makeapps.com install.com -Index: openssl-1.0.1h/crypto/asn1/asn1_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/asn1/asn1_locl.h -+++ openssl-1.0.1h/crypto/asn1/asn1_locl.h +--- openssl-1.0.1j.orig/crypto/asn1/asn1_locl.h ++++ openssl-1.0.1j/crypto/asn1/asn1_locl.h @@ -58,6 +58,8 @@ /* Internal ASN1 structures and functions: not for application use */ @@ -69,10 +65,8 @@ Index: openssl-1.0.1h/crypto/asn1/asn1_locl.h }; + +#pragma GCC visibility pop -Index: openssl-1.0.1h/crypto/bn/bn_lcl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/bn/bn_lcl.h -+++ openssl-1.0.1h/crypto/bn/bn_lcl.h +--- openssl-1.0.1j.orig/crypto/bn/bn_lcl.h ++++ openssl-1.0.1j/crypto/bn/bn_lcl.h @@ -483,6 +483,8 @@ extern "C" { #undef bn_div_words #endif @@ -91,10 +85,8 @@ Index: openssl-1.0.1h/crypto/bn/bn_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.1h/crypto/camellia/cmll_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/camellia/cmll_locl.h -+++ openssl-1.0.1h/crypto/camellia/cmll_locl.h +--- openssl-1.0.1j.orig/crypto/camellia/cmll_locl.h ++++ openssl-1.0.1j/crypto/camellia/cmll_locl.h @@ -68,6 +68,8 @@ #ifndef HEADER_CAMELLIA_LOCL_H #define HEADER_CAMELLIA_LOCL_H @@ -110,10 +102,8 @@ Index: openssl-1.0.1h/crypto/camellia/cmll_locl.h CAMELLIA_KEY *key); +#pragma GCC visibility pop #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ -Index: openssl-1.0.1h/crypto/cast/cast_lcl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/cast/cast_lcl.h -+++ openssl-1.0.1h/crypto/cast/cast_lcl.h +--- openssl-1.0.1j.orig/crypto/cast/cast_lcl.h ++++ openssl-1.0.1j/crypto/cast/cast_lcl.h @@ -217,6 +217,7 @@ } #endif @@ -127,10 +117,8 @@ Index: openssl-1.0.1h/crypto/cast/cast_lcl.h extern const CAST_LONG CAST_S_table6[256]; extern const CAST_LONG CAST_S_table7[256]; +#pragma GCC visibility pop -Index: openssl-1.0.1h/crypto/cms/cms_lcl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/cms/cms_lcl.h -+++ openssl-1.0.1h/crypto/cms/cms_lcl.h +--- openssl-1.0.1j.orig/crypto/cms/cms_lcl.h ++++ openssl-1.0.1j/crypto/cms/cms_lcl.h @@ -426,6 +426,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA #define CMS_RECIPINFO_ISSUER_SERIAL 0 #define CMS_RECIPINFO_KEYIDENTIFIER 1 @@ -150,10 +138,8 @@ Index: openssl-1.0.1h/crypto/cms/cms_lcl.h #ifdef __cplusplus } #endif -Index: openssl-1.0.1h/crypto/des/des_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/des/des_locl.h -+++ openssl-1.0.1h/crypto/des/des_locl.h +--- openssl-1.0.1j.orig/crypto/des/des_locl.h ++++ openssl-1.0.1j/crypto/des/des_locl.h @@ -421,10 +421,12 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } @@ -167,20 +153,16 @@ Index: openssl-1.0.1h/crypto/des/des_locl.h #ifdef OPENSSL_SMALL_FOOTPRINT #undef DES_UNROLL -Index: openssl-1.0.1h/crypto/dsa/dsa_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/dsa/dsa_locl.h -+++ openssl-1.0.1h/crypto/dsa/dsa_locl.h +--- openssl-1.0.1j.orig/crypto/dsa/dsa_locl.h ++++ openssl-1.0.1j/crypto/dsa/dsa_locl.h @@ -57,4 +57,4 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.1h/crypto/ec/ec_lcl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/ec/ec_lcl.h -+++ openssl-1.0.1h/crypto/ec/ec_lcl.h +--- openssl-1.0.1j.orig/crypto/ec/ec_lcl.h ++++ openssl-1.0.1j/crypto/ec/ec_lcl.h @@ -88,6 +88,8 @@ /* Structure details are not part of the exported interface, * so all this may change in future versions. */ @@ -196,10 +178,8 @@ Index: openssl-1.0.1h/crypto/ec/ec_lcl.h #endif + +#pragma GCC visibility pop -Index: openssl-1.0.1h/crypto/ecdh/ech_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/ecdh/ech_locl.h -+++ openssl-1.0.1h/crypto/ecdh/ech_locl.h +--- openssl-1.0.1j.orig/crypto/ecdh/ech_locl.h ++++ openssl-1.0.1j/crypto/ecdh/ech_locl.h @@ -58,6 +58,8 @@ #include @@ -216,10 +196,8 @@ Index: openssl-1.0.1h/crypto/ecdh/ech_locl.h - +#pragma GCC visibility pop #endif /* HEADER_ECH_LOCL_H */ -Index: openssl-1.0.1h/crypto/ecdsa/ecs_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/ecdsa/ecs_locl.h -+++ openssl-1.0.1h/crypto/ecdsa/ecs_locl.h +--- openssl-1.0.1j.orig/crypto/ecdsa/ecs_locl.h ++++ openssl-1.0.1j/crypto/ecdsa/ecs_locl.h @@ -61,6 +61,8 @@ #include @@ -236,10 +214,8 @@ Index: openssl-1.0.1h/crypto/ecdsa/ecs_locl.h +#pragma GCC visibility pop + #endif /* HEADER_ECS_LOCL_H */ -Index: openssl-1.0.1h/crypto/engine/eng_int.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/engine/eng_int.h -+++ openssl-1.0.1h/crypto/engine/eng_int.h +--- openssl-1.0.1j.orig/crypto/engine/eng_int.h ++++ openssl-1.0.1j/crypto/engine/eng_int.h @@ -68,6 +68,8 @@ /* Take public definitions from engine.h */ #include @@ -256,10 +232,8 @@ Index: openssl-1.0.1h/crypto/engine/eng_int.h - +#pragma GCC visibility pop #endif /* HEADER_ENGINE_INT_H */ -Index: openssl-1.0.1h/crypto/engine/eng_rsax.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/engine/eng_rsax.c -+++ openssl-1.0.1h/crypto/engine/eng_rsax.c +--- openssl-1.0.1j.orig/crypto/engine/eng_rsax.c ++++ openssl-1.0.1j/crypto/engine/eng_rsax.c @@ -262,7 +262,7 @@ static int mod_exp_pre_compute_data_512( void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ UINT64 *g, /* 512 bits, 8 qwords */ @@ -269,10 +243,8 @@ Index: openssl-1.0.1h/crypto/engine/eng_rsax.c typedef struct st_e_rsax_mod_ctx { -Index: openssl-1.0.1h/crypto/evp/e_aes.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/evp/e_aes.c -+++ openssl-1.0.1h/crypto/evp/e_aes.c +--- openssl-1.0.1j.orig/crypto/evp/e_aes.c ++++ openssl-1.0.1j/crypto/evp/e_aes.c @@ -108,6 +108,8 @@ typedef struct #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) @@ -318,10 +290,8 @@ Index: openssl-1.0.1h/crypto/evp/e_aes.c static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { -Index: openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/evp/e_aes_cbc_hmac_sha1.c -+++ openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c +--- openssl-1.0.1j.orig/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ openssl-1.0.1j/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -97,6 +97,8 @@ typedef struct extern unsigned int OPENSSL_ia32cap_P[2]; #define AESNI_CAPABLE (1<<(57-32)) @@ -340,10 +310,8 @@ Index: openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c #define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, -Index: openssl-1.0.1h/crypto/evp/evp_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/evp/evp_locl.h -+++ openssl-1.0.1h/crypto/evp/evp_locl.h +--- openssl-1.0.1j.orig/crypto/evp/evp_locl.h ++++ openssl-1.0.1j/crypto/evp/evp_locl.h @@ -263,6 +263,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void EVP_CIPHER_get_asn1_iv, \ NULL) @@ -362,10 +330,8 @@ Index: openssl-1.0.1h/crypto/evp/evp_locl.h #ifdef OPENSSL_FIPS #ifdef OPENSSL_DOING_MAKEDEPEND -Index: openssl-1.0.1h/crypto/md4/md4_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/md4/md4_locl.h -+++ openssl-1.0.1h/crypto/md4/md4_locl.h +--- openssl-1.0.1j.orig/crypto/md4/md4_locl.h ++++ openssl-1.0.1j/crypto/md4/md4_locl.h @@ -65,7 +65,7 @@ #define MD4_LONG_LOG2 2 /* default to 32 bits */ #endif @@ -375,10 +341,8 @@ Index: openssl-1.0.1h/crypto/md4/md4_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.1h/crypto/md5/md5_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/md5/md5_locl.h -+++ openssl-1.0.1h/crypto/md5/md5_locl.h +--- openssl-1.0.1j.orig/crypto/md5/md5_locl.h ++++ openssl-1.0.1j/crypto/md5/md5_locl.h @@ -74,7 +74,7 @@ # endif #endif @@ -388,10 +352,8 @@ Index: openssl-1.0.1h/crypto/md5/md5_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.1h/crypto/modes/modes_lcl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/modes/modes_lcl.h -+++ openssl-1.0.1h/crypto/modes/modes_lcl.h +--- openssl-1.0.1j.orig/crypto/modes/modes_lcl.h ++++ openssl-1.0.1j/crypto/modes/modes_lcl.h @@ -83,6 +83,8 @@ typedef unsigned char u8; #define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) #endif @@ -407,10 +369,8 @@ Index: openssl-1.0.1h/crypto/modes/modes_lcl.h }; - +#pragma GCC visibility pop -Index: openssl-1.0.1h/crypto/o_str.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/o_str.h -+++ openssl-1.0.1h/crypto/o_str.h +--- openssl-1.0.1j.orig/crypto/o_str.h ++++ openssl-1.0.1j/crypto/o_str.h @@ -61,8 +61,12 @@ #include /* to get size_t */ @@ -424,10 +384,8 @@ Index: openssl-1.0.1h/crypto/o_str.h +#pragma GCC visibility pop + #endif -Index: openssl-1.0.1h/crypto/o_time.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/o_time.h -+++ openssl-1.0.1h/crypto/o_time.h +--- openssl-1.0.1j.orig/crypto/o_time.h ++++ openssl-1.0.1j/crypto/o_time.h @@ -61,7 +61,11 @@ #include @@ -440,10 +398,8 @@ Index: openssl-1.0.1h/crypto/o_time.h +#pragma GCC visibility pop + #endif -Index: openssl-1.0.1h/crypto/ripemd/rmd_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/ripemd/rmd_locl.h -+++ openssl-1.0.1h/crypto/ripemd/rmd_locl.h +--- openssl-1.0.1j.orig/crypto/ripemd/rmd_locl.h ++++ openssl-1.0.1j/crypto/ripemd/rmd_locl.h @@ -76,7 +76,7 @@ # endif #endif @@ -453,20 +409,16 @@ Index: openssl-1.0.1h/crypto/ripemd/rmd_locl.h #define DATA_ORDER_IS_LITTLE_ENDIAN -Index: openssl-1.0.1h/crypto/rsa/rsa_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/rsa/rsa_locl.h -+++ openssl-1.0.1h/crypto/rsa/rsa_locl.h +--- openssl-1.0.1j.orig/crypto/rsa/rsa_locl.h ++++ openssl-1.0.1j/crypto/rsa/rsa_locl.h @@ -1,4 +1,4 @@ extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf, size_t siglen, - RSA *rsa); + RSA *rsa) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.1h/crypto/sha/sha256.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/sha/sha256.c -+++ openssl-1.0.1h/crypto/sha/sha256.c +--- openssl-1.0.1j.orig/crypto/sha/sha256.c ++++ openssl-1.0.1j/crypto/sha/sha256.c @@ -110,7 +110,7 @@ int SHA224_Final (unsigned char *md, SHA #ifndef SHA256_ASM static @@ -476,10 +428,8 @@ Index: openssl-1.0.1h/crypto/sha/sha256.c #include "md32_common.h" -Index: openssl-1.0.1h/crypto/sha/sha512.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/sha/sha512.c -+++ openssl-1.0.1h/crypto/sha/sha512.c +--- openssl-1.0.1j.orig/crypto/sha/sha512.c ++++ openssl-1.0.1j/crypto/sha/sha512.c @@ -94,7 +94,7 @@ fips_md_init(SHA512) #ifndef SHA512_ASM static @@ -489,10 +439,8 @@ Index: openssl-1.0.1h/crypto/sha/sha512.c int SHA512_Final (unsigned char *md, SHA512_CTX *c) { -Index: openssl-1.0.1h/crypto/sha/sha_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/sha/sha_locl.h -+++ openssl-1.0.1h/crypto/sha/sha_locl.h +--- openssl-1.0.1j.orig/crypto/sha/sha_locl.h ++++ openssl-1.0.1j/crypto/sha/sha_locl.h @@ -108,7 +108,7 @@ static void sha_block_data_order (SHA_CT #ifndef SHA1_ASM static @@ -502,10 +450,8 @@ Index: openssl-1.0.1h/crypto/sha/sha_locl.h #else # error "Either SHA_0 or SHA_1 must be defined." -Index: openssl-1.0.1h/crypto/store/str_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/store/str_locl.h -+++ openssl-1.0.1h/crypto/store/str_locl.h +--- openssl-1.0.1j.orig/crypto/store/str_locl.h ++++ openssl-1.0.1j/crypto/store/str_locl.h @@ -62,6 +62,8 @@ #include #include @@ -522,10 +468,8 @@ Index: openssl-1.0.1h/crypto/store/str_locl.h - +#pragma GCC visibility pop #endif -Index: openssl-1.0.1h/crypto/ui/ui_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/ui/ui_locl.h -+++ openssl-1.0.1h/crypto/ui/ui_locl.h +--- openssl-1.0.1j.orig/crypto/ui/ui_locl.h ++++ openssl-1.0.1j/crypto/ui/ui_locl.h @@ -66,6 +66,8 @@ #undef _ #endif @@ -542,19 +486,15 @@ Index: openssl-1.0.1h/crypto/ui/ui_locl.h - +#pragma GCC visibility pop #endif -Index: openssl-1.0.1h/crypto/whrlpool/wp_locl.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/whrlpool/wp_locl.h -+++ openssl-1.0.1h/crypto/whrlpool/wp_locl.h +--- openssl-1.0.1j.orig/crypto/whrlpool/wp_locl.h ++++ openssl-1.0.1j/crypto/whrlpool/wp_locl.h @@ -1,3 +1,3 @@ #include -void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t); +void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.1h/crypto/x509v3/ext_dat.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/x509v3/ext_dat.h -+++ openssl-1.0.1h/crypto/x509v3/ext_dat.h +--- openssl-1.0.1j.orig/crypto/x509v3/ext_dat.h ++++ openssl-1.0.1j/crypto/x509v3/ext_dat.h @@ -57,6 +57,8 @@ */ /* This file contains a table of "standard" extensions */ @@ -572,10 +512,8 @@ Index: openssl-1.0.1h/crypto/x509v3/ext_dat.h /* Number of standard extensions */ #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) -Index: openssl-1.0.1h/crypto/x509v3/pcy_int.h -=================================================================== ---- openssl-1.0.1h.orig/crypto/x509v3/pcy_int.h -+++ openssl-1.0.1h/crypto/x509v3/pcy_int.h +--- openssl-1.0.1j.orig/crypto/x509v3/pcy_int.h ++++ openssl-1.0.1j/crypto/x509v3/pcy_int.h @@ -56,6 +56,7 @@ * */ @@ -590,10 +528,8 @@ Index: openssl-1.0.1h/crypto/x509v3/pcy_int.h const X509_POLICY_CACHE *policy_cache_set(X509 *x); + +#pragma GCC visibility pop -Index: openssl-1.0.1h/crypto/modes/gcm128.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/modes/gcm128.c -+++ openssl-1.0.1h/crypto/modes/gcm128.c +--- openssl-1.0.1j.orig/crypto/modes/gcm128.c ++++ openssl-1.0.1j/crypto/modes/gcm128.c @@ -567,8 +567,8 @@ static void gcm_ghash_4bit(u64 Xi[2],con } #endif @@ -618,10 +554,8 @@ Index: openssl-1.0.1h/crypto/modes/gcm128.c # if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define GHASH_ASM_X86 -Index: openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/evp/e_rc4_hmac_md5.c -+++ openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c +--- openssl-1.0.1j.orig/crypto/evp/e_rc4_hmac_md5.c ++++ openssl-1.0.1j/crypto/evp/e_rc4_hmac_md5.c @@ -78,7 +78,7 @@ typedef struct #define NO_PAYLOAD_LENGTH ((size_t)-1) @@ -631,10 +565,8 @@ Index: openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c #define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) -Index: openssl-1.0.1h/crypto/cmac/cm_ameth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/cmac/cm_ameth.c -+++ openssl-1.0.1h/crypto/cmac/cm_ameth.c +--- openssl-1.0.1j.orig/crypto/cmac/cm_ameth.c ++++ openssl-1.0.1j/crypto/cmac/cm_ameth.c @@ -73,6 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey CMAC_CTX_free(cmctx); } @@ -643,10 +575,8 @@ Index: openssl-1.0.1h/crypto/cmac/cm_ameth.c const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, -Index: openssl-1.0.1h/crypto/evp/pmeth_lib.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/evp/pmeth_lib.c -+++ openssl-1.0.1h/crypto/evp/pmeth_lib.c +--- openssl-1.0.1j.orig/crypto/evp/pmeth_lib.c ++++ openssl-1.0.1j/crypto/evp/pmeth_lib.c @@ -70,7 +70,7 @@ typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); @@ -656,10 +586,8 @@ Index: openssl-1.0.1h/crypto/evp/pmeth_lib.c extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; -Index: openssl-1.0.1h/crypto/cmac/cm_pmeth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/cmac/cm_pmeth.c -+++ openssl-1.0.1h/crypto/cmac/cm_pmeth.c +--- openssl-1.0.1j.orig/crypto/cmac/cm_pmeth.c ++++ openssl-1.0.1j/crypto/cmac/cm_pmeth.c @@ -188,6 +188,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C return -2; } @@ -668,11 +596,9 @@ Index: openssl-1.0.1h/crypto/cmac/cm_pmeth.c const EVP_PKEY_METHOD cmac_pkey_meth = { EVP_PKEY_CMAC, -Index: openssl-1.0.1h/crypto/rand/md_rand.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/rand/md_rand.c -+++ openssl-1.0.1h/crypto/rand/md_rand.c -@@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un +--- openssl-1.0.1j.orig/crypto/rand/md_rand.c ++++ openssl-1.0.1j/crypto/rand/md_rand.c +@@ -163,7 +163,7 @@ static int ssleay_rand_nopseudo_bytes(un static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); static int ssleay_rand_status(void); @@ -681,10 +607,8 @@ Index: openssl-1.0.1h/crypto/rand/md_rand.c ssleay_rand_seed, ssleay_rand_nopseudo_bytes, ssleay_rand_cleanup, -Index: openssl-1.0.1h/crypto/dh/dh_ameth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/dh/dh_ameth.c -+++ openssl-1.0.1h/crypto/dh/dh_ameth.c +--- openssl-1.0.1j.orig/crypto/dh/dh_ameth.c ++++ openssl-1.0.1j/crypto/dh/dh_ameth.c @@ -466,6 +466,7 @@ int DHparams_print(BIO *bp, const DH *x) return do_dh_print(bp, x, 4, NULL, 0); } @@ -693,10 +617,8 @@ Index: openssl-1.0.1h/crypto/dh/dh_ameth.c const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, -Index: openssl-1.0.1h/crypto/dh/dh_pmeth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/dh/dh_pmeth.c -+++ openssl-1.0.1h/crypto/dh/dh_pmeth.c +--- openssl-1.0.1j.orig/crypto/dh/dh_pmeth.c ++++ openssl-1.0.1j/crypto/dh/dh_pmeth.c @@ -217,6 +217,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * return 1; } @@ -705,11 +627,9 @@ Index: openssl-1.0.1h/crypto/dh/dh_pmeth.c const EVP_PKEY_METHOD dh_pkey_meth = { EVP_PKEY_DH, -Index: openssl-1.0.1h/crypto/dsa/dsa_ameth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/dsa/dsa_ameth.c -+++ openssl-1.0.1h/crypto/dsa/dsa_ameth.c -@@ -639,7 +639,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, +--- openssl-1.0.1j.orig/crypto/dsa/dsa_ameth.c ++++ openssl-1.0.1j/crypto/dsa/dsa_ameth.c +@@ -645,7 +645,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, } /* NB these are sorted in pkey_id order, lowest first */ @@ -718,10 +638,8 @@ Index: openssl-1.0.1h/crypto/dsa/dsa_ameth.c const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { -Index: openssl-1.0.1h/crypto/dsa/dsa_pmeth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/dsa/dsa_pmeth.c -+++ openssl-1.0.1h/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_pmeth.c ++++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c @@ -281,6 +281,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX return DSA_generate_key(pkey->pkey.dsa); } @@ -730,11 +648,9 @@ Index: openssl-1.0.1h/crypto/dsa/dsa_pmeth.c const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, -Index: openssl-1.0.1h/crypto/ec/ec_ameth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/ec/ec_ameth.c -+++ openssl-1.0.1h/crypto/ec/ec_ameth.c -@@ -626,6 +626,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, +--- openssl-1.0.1j.orig/crypto/ec/ec_ameth.c ++++ openssl-1.0.1j/crypto/ec/ec_ameth.c +@@ -628,6 +628,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, } @@ -742,10 +658,8 @@ Index: openssl-1.0.1h/crypto/ec/ec_ameth.c const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, -Index: openssl-1.0.1h/crypto/ec/ec_pmeth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/ec/ec_pmeth.c -+++ openssl-1.0.1h/crypto/ec/ec_pmeth.c +--- openssl-1.0.1j.orig/crypto/ec/ec_pmeth.c ++++ openssl-1.0.1j/crypto/ec/ec_pmeth.c @@ -304,6 +304,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * return EC_KEY_generate_key(pkey->pkey.ec); } @@ -754,10 +668,8 @@ Index: openssl-1.0.1h/crypto/ec/ec_pmeth.c const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, -Index: openssl-1.0.1h/crypto/hmac/hm_ameth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/hmac/hm_ameth.c -+++ openssl-1.0.1h/crypto/hmac/hm_ameth.c +--- openssl-1.0.1j.orig/crypto/hmac/hm_ameth.c ++++ openssl-1.0.1j/crypto/hmac/hm_ameth.c @@ -138,6 +138,7 @@ static int old_hmac_encode(const EVP_PKE #endif @@ -766,10 +678,8 @@ Index: openssl-1.0.1h/crypto/hmac/hm_ameth.c const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { EVP_PKEY_HMAC, -Index: openssl-1.0.1h/crypto/hmac/hm_pmeth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/hmac/hm_pmeth.c -+++ openssl-1.0.1h/crypto/hmac/hm_pmeth.c +--- openssl-1.0.1j.orig/crypto/hmac/hm_pmeth.c ++++ openssl-1.0.1j/crypto/hmac/hm_pmeth.c @@ -235,6 +235,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C return -2; } @@ -778,10 +688,8 @@ Index: openssl-1.0.1h/crypto/hmac/hm_pmeth.c const EVP_PKEY_METHOD hmac_pkey_meth = { EVP_PKEY_HMAC, -Index: openssl-1.0.1h/crypto/rsa/rsa_ameth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/rsa/rsa_ameth.c -+++ openssl-1.0.1h/crypto/rsa/rsa_ameth.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_ameth.c ++++ openssl-1.0.1j/crypto/rsa/rsa_ameth.c @@ -657,6 +657,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx return 2; } @@ -790,10 +698,8 @@ Index: openssl-1.0.1h/crypto/rsa/rsa_ameth.c const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { -Index: openssl-1.0.1h/crypto/rsa/rsa_pmeth.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/rsa/rsa_pmeth.c -+++ openssl-1.0.1h/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_pmeth.c ++++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c @@ -685,6 +685,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX return ret; } @@ -802,10 +708,8 @@ Index: openssl-1.0.1h/crypto/rsa/rsa_pmeth.c const EVP_PKEY_METHOD rsa_pkey_meth = { EVP_PKEY_RSA, -Index: openssl-1.0.1h/crypto/objects/obj_xref.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/objects/obj_xref.c -+++ openssl-1.0.1h/crypto/objects/obj_xref.c +--- openssl-1.0.1j.orig/crypto/objects/obj_xref.c ++++ openssl-1.0.1j/crypto/objects/obj_xref.c @@ -60,7 +60,7 @@ #include "obj_xref.h" @@ -815,10 +719,8 @@ Index: openssl-1.0.1h/crypto/objects/obj_xref.c static int sig_cmp(const nid_triple *a, const nid_triple *b) { -Index: openssl-1.0.1h/crypto/pem/pem_lib.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/pem/pem_lib.c -+++ openssl-1.0.1h/crypto/pem/pem_lib.c +--- openssl-1.0.1j.orig/crypto/pem/pem_lib.c ++++ openssl-1.0.1j/crypto/pem/pem_lib.c @@ -80,7 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_V static int load_iv(char **fromp,unsigned char *to, int num); @@ -828,10 +730,8 @@ Index: openssl-1.0.1h/crypto/pem/pem_lib.c int PEM_def_callback(char *buf, int num, int w, void *key) { -Index: openssl-1.0.1h/crypto/asn1/tasn_prn.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/asn1/tasn_prn.c -+++ openssl-1.0.1h/crypto/asn1/tasn_prn.c +--- openssl-1.0.1j.orig/crypto/asn1/tasn_prn.c ++++ openssl-1.0.1j/crypto/asn1/tasn_prn.c @@ -72,7 +72,7 @@ /* ASN1_PCTX routines */ @@ -841,10 +741,8 @@ Index: openssl-1.0.1h/crypto/asn1/tasn_prn.c { ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ 0, /* nm_flags */ -Index: openssl-1.0.1h/crypto/bn/bn_exp.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/bn/bn_exp.c -+++ openssl-1.0.1h/crypto/bn/bn_exp.c +--- openssl-1.0.1j.orig/crypto/bn/bn_exp.c ++++ openssl-1.0.1j/crypto/bn/bn_exp.c @@ -684,11 +684,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr { void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap, @@ -860,10 +758,8 @@ Index: openssl-1.0.1h/crypto/bn/bn_exp.c BN_ULONG *np=mont->N.d, *n0=mont->n0; -Index: openssl-1.0.1h/crypto/bn/bn_gf2m.c -=================================================================== ---- openssl-1.0.1h.orig/crypto/bn/bn_gf2m.c -+++ openssl-1.0.1h/crypto/bn/bn_gf2m.c +--- openssl-1.0.1j.orig/crypto/bn/bn_gf2m.c ++++ openssl-1.0.1j/crypto/bn/bn_gf2m.c @@ -220,7 +220,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ } @@ -873,34 +769,3 @@ Index: openssl-1.0.1h/crypto/bn/bn_gf2m.c #endif /* Add polynomials a and b and store result in r; r could be a or b, a and b -Index: openssl-1.0.1h/test/Makefile -=================================================================== ---- openssl-1.0.1h.orig/test/Makefile -+++ openssl-1.0.1h/test/Makefile -@@ -75,7 +75,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_ - $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ - $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ -- $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) -+ $(ASN1TEST)$(EXE_EXT) - - # $(METHTEST)$(EXE_EXT) - -@@ -87,7 +87,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATES - $(MDC2TEST).o $(RMDTEST).o \ - $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ - $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ -- $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(HEARTBEATTEST).o -+ $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o - - SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ - $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ -@@ -140,7 +140,7 @@ alltests: \ - test_enc test_x509 test_rsa test_crl test_sid \ - test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ -- test_jpake test_srp test_cms test_heartbeat -+ test_jpake test_srp test_cms - - test_evp: - ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt diff --git a/openssl-1.0.1e-fips-ec.patch b/openssl-1.0.1e-fips-ec.patch index 2452736..ab87f28 100644 --- a/openssl-1.0.1e-fips-ec.patch +++ b/openssl-1.0.1e-fips-ec.patch @@ -1,7 +1,5 @@ -Index: openssl-1.0.1g/crypto/ecdh/ecdh.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdh/ecdh.h -+++ openssl-1.0.1g/crypto/ecdh/ecdh.h +--- openssl-1.0.1j.orig/crypto/ecdh/ecdh.h ++++ openssl-1.0.1j/crypto/ecdh/ecdh.h @@ -85,6 +85,8 @@ extern "C" { #endif @@ -11,10 +9,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ecdh.h const ECDH_METHOD *ECDH_OpenSSL(void); void ECDH_set_default_method(const ECDH_METHOD *); -Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdh/ecdhtest.c -+++ openssl-1.0.1g/crypto/ecdh/ecdhtest.c +--- openssl-1.0.1j.orig/crypto/ecdh/ecdhtest.c ++++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c @@ -323,11 +323,15 @@ int main(int argc, char *argv[]) if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -31,10 +27,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c #ifndef OPENSSL_NO_EC2M /* NIST BINARY CURVES TESTS */ if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err; -Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdh/ech_lib.c -+++ openssl-1.0.1g/crypto/ecdh/ech_lib.c +--- openssl-1.0.1j.orig/crypto/ecdh/ech_lib.c ++++ openssl-1.0.1j/crypto/ecdh/ech_lib.c @@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth { if(!default_ECDH_method) @@ -50,10 +44,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c } return default_ECDH_method; } -Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdh/ech_ossl.c -+++ openssl-1.0.1g/crypto/ecdh/ech_ossl.c +--- openssl-1.0.1j.orig/crypto/ecdh/ech_ossl.c ++++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c @@ -79,6 +79,10 @@ #include #include @@ -108,10 +100,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c if ((tmp=EC_POINT_new(group)) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); -Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdsa/ecdsatest.c -+++ openssl-1.0.1g/crypto/ecdsa/ecdsatest.c +--- openssl-1.0.1j.orig/crypto/ecdsa/ecdsatest.c ++++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c @@ -138,11 +138,14 @@ int restore_rand(void) } @@ -147,10 +137,8 @@ Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c if (!test_builtin(out)) goto err; ret = 0; -Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdsa/ecs_lib.c -+++ openssl-1.0.1g/crypto/ecdsa/ecs_lib.c +--- openssl-1.0.1j.orig/crypto/ecdsa/ecs_lib.c ++++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c @@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me { if(!default_ECDSA_method) @@ -166,10 +154,8 @@ Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c } return default_ECDSA_method; } -Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ecdsa/ecs_ossl.c -+++ openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c +--- openssl-1.0.1j.orig/crypto/ecdsa/ecs_ossl.c ++++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c @@ -60,6 +60,9 @@ #include #include @@ -219,10 +205,8 @@ Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) -Index: openssl-1.0.1g/crypto/ec/ec_key.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ec/ec_key.c -+++ openssl-1.0.1g/crypto/ec/ec_key.c +--- openssl-1.0.1j.orig/crypto/ec/ec_key.c ++++ openssl-1.0.1j/crypto/ec/ec_key.c @@ -64,9 +64,6 @@ #include #include "ec_lcl.h" @@ -319,114 +303,8 @@ Index: openssl-1.0.1g/crypto/ec/ec_key.c { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, EC_R_COORDINATES_OUT_OF_RANGE); -Index: openssl-1.0.1g/crypto/ec/ecp_mont.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ec/ecp_mont.c -+++ openssl-1.0.1g/crypto/ec/ecp_mont.c -@@ -63,18 +63,11 @@ - - #include - --#ifdef OPENSSL_FIPS --#include --#endif -- - #include "ec_lcl.h" - - - const EC_METHOD *EC_GFp_mont_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_mont_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void - ec_GFp_mont_field_set_to_one }; - - return &ret; --#endif - } - - -Index: openssl-1.0.1g/crypto/ec/ecp_nist.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ec/ecp_nist.c -+++ openssl-1.0.1g/crypto/ec/ecp_nist.c -@@ -67,15 +67,8 @@ - #include - #include "ec_lcl.h" - --#ifdef OPENSSL_FIPS --#include --#endif -- - const EC_METHOD *EC_GFp_nist_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_nist_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void - 0 /* field_set_to_one */ }; - - return &ret; --#endif - } - - int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) -Index: openssl-1.0.1g/crypto/ec/ecp_smpl.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ec/ecp_smpl.c -+++ openssl-1.0.1g/crypto/ec/ecp_smpl.c -@@ -65,17 +65,10 @@ - #include - #include - --#ifdef OPENSSL_FIPS --#include --#endif -- - #include "ec_lcl.h" - - const EC_METHOD *EC_GFp_simple_method(void) - { --#ifdef OPENSSL_FIPS -- return fips_ec_gfp_simple_method(); --#else - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, -@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo - 0 /* field_set_to_one */ }; - - return &ret; --#endif - } - - -@@ -186,6 +178,14 @@ int ec_GFp_simple_group_set_curve(EC_GRO - return 0; - } - -+/* we comment the few following lines, temporarily...for avoiding small curves */ -+/* -+ if (BN_num_bits(p) < 256) -+ { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+*/ - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); -Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/m_ecdsa.c -+++ openssl-1.0.1g/crypto/evp/m_ecdsa.c +--- openssl-1.0.1j.orig/crypto/evp/m_ecdsa.c ++++ openssl-1.0.1j/crypto/evp/m_ecdsa.c @@ -116,7 +116,6 @@ #include @@ -449,10 +327,8 @@ Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c } #endif -#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c @@ -0,0 +1,496 @@ +/* fips/ecdh/fips_ecdhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -950,10 +826,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c @@ -0,0 +1,533 @@ +/* fips/ecdsa/fips_ecdsavs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1488,10 +1362,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c @@ -0,0 +1,252 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1745,10 +1617,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c @@ -0,0 +1,167 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1917,10 +1787,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/fips/fips.h -+++ openssl-1.0.1g/crypto/fips/fips.h +--- openssl-1.0.1j.orig/crypto/fips/fips.h ++++ openssl-1.0.1j/crypto/fips/fips.h @@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void); void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); @@ -1930,10 +1798,8 @@ Index: openssl-1.0.1g/crypto/fips/fips.h void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); -Index: openssl-1.0.1g/crypto/fips/fips_post.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/fips/fips_post.c -+++ openssl-1.0.1g/crypto/fips/fips_post.c +--- openssl-1.0.1j.orig/crypto/fips/fips_post.c ++++ openssl-1.0.1j/crypto/fips/fips_post.c @@ -95,8 +95,12 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_rsa()) @@ -1947,10 +1813,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_post.c return rv; } -Index: openssl-1.0.1g/crypto/fips/Makefile -=================================================================== ---- openssl-1.0.1g.orig/crypto/fips/Makefile -+++ openssl-1.0.1g/crypto/fips/Makefile +--- openssl-1.0.1j.orig/crypto/fips/Makefile ++++ openssl-1.0.1j/crypto/fips/Makefile @@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -2052,3 +1916,45 @@ Index: openssl-1.0.1g/crypto/fips/Makefile fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +--- openssl-1.0.1j.orig/crypto/ec/ecp_nist.c ++++ openssl-1.0.1j/crypto/ec/ecp_nist.c +@@ -112,11 +112,6 @@ const EC_METHOD *EC_GFp_nist_method(void + 0 /* field_decode */, + 0 /* field_set_to_one */ }; + +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_nist_method(); +-#endif +- + return &ret; + } + +--- openssl-1.0.1j.orig/crypto/ec/ecp_smpl.c ++++ openssl-1.0.1j/crypto/ec/ecp_smpl.c +@@ -112,11 +112,6 @@ const EC_METHOD *EC_GFp_simple_method(vo + 0 /* field_decode */, + 0 /* field_set_to_one */ }; + +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_simple_method(); +-#endif +- + return &ret; + } + +--- openssl-1.0.1j.orig/crypto/ec/ecp_mont.c ++++ openssl-1.0.1j/crypto/ec/ecp_mont.c +@@ -111,11 +111,6 @@ const EC_METHOD *EC_GFp_mont_method(void + ec_GFp_mont_field_decode, + ec_GFp_mont_field_set_to_one }; + +-#ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- return fips_ec_gfp_mont_method(); +-#endif +- + return &ret; + } + diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch index 58c7113..9344963 100644 --- a/openssl-1.0.1e-fips.patch +++ b/openssl-1.0.1e-fips.patch @@ -113,11 +113,9 @@ ssl/ssl_algs.c | 50 112 files changed, 18073 insertions(+), 403 deletions(-) -Index: openssl-1.0.1g/Configure -=================================================================== ---- openssl-1.0.1g.orig/Configure -+++ openssl-1.0.1g/Configure -@@ -990,11 +990,6 @@ if (defined($disabled{"md5"}) || defined +--- openssl-1.0.1j.orig/Configure ++++ openssl-1.0.1j/Configure +@@ -991,11 +991,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -129,7 +127,7 @@ Index: openssl-1.0.1g/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1469,7 +1464,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1470,7 +1465,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -137,7 +135,7 @@ Index: openssl-1.0.1g/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1656,9 +1650,12 @@ while () +@@ -1657,9 +1651,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -151,10 +149,8 @@ Index: openssl-1.0.1g/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.1g/Makefile.org -=================================================================== ---- openssl-1.0.1g.orig/Makefile.org -+++ openssl-1.0.1g/Makefile.org +--- openssl-1.0.1j.orig/Makefile.org ++++ openssl-1.0.1j/Makefile.org @@ -135,6 +135,9 @@ FIPSCANLIB= BASEADDR= @@ -182,10 +178,8 @@ Index: openssl-1.0.1g/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.1g/apps/pkcs12.c -=================================================================== ---- openssl-1.0.1g.orig/apps/pkcs12.c -+++ openssl-1.0.1g/apps/pkcs12.c +--- openssl-1.0.1j.orig/apps/pkcs12.c ++++ openssl-1.0.1j/apps/pkcs12.c @@ -67,6 +67,9 @@ #include #include @@ -208,10 +202,8 @@ Index: openssl-1.0.1g/apps/pkcs12.c enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); -Index: openssl-1.0.1g/apps/speed.c -=================================================================== ---- openssl-1.0.1g.orig/apps/speed.c -+++ openssl-1.0.1g/apps/speed.c +--- openssl-1.0.1j.orig/apps/speed.c ++++ openssl-1.0.1j/apps/speed.c @@ -195,7 +195,6 @@ #ifdef OPENSSL_DOING_MAKEDEPEND #undef AES_set_encrypt_key @@ -337,10 +329,8 @@ Index: openssl-1.0.1g/apps/speed.c HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 16,EVP_md5(), NULL); -Index: openssl-1.0.1g/crypto/aes/aes_misc.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/aes/aes_misc.c -+++ openssl-1.0.1g/crypto/aes/aes_misc.c +--- openssl-1.0.1j.orig/crypto/aes/aes_misc.c ++++ openssl-1.0.1j/crypto/aes/aes_misc.c @@ -69,17 +69,11 @@ const char *AES_options(void) { int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -359,10 +349,8 @@ Index: openssl-1.0.1g/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.1g/crypto/camellia/cmll_locl.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/camellia/cmll_locl.h -+++ openssl-1.0.1g/crypto/camellia/cmll_locl.h +--- openssl-1.0.1j.orig/crypto/camellia/cmll_locl.h ++++ openssl-1.0.1j/crypto/camellia/cmll_locl.h @@ -68,7 +68,8 @@ #ifndef HEADER_CAMELLIA_LOCL_H #define HEADER_CAMELLIA_LOCL_H @@ -380,10 +368,8 @@ Index: openssl-1.0.1g/crypto/camellia/cmll_locl.h -#pragma GCC visibility pop +//#pragma GCC visibility pop #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ -Index: openssl-1.0.1g/crypto/cmac/cmac.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/cmac/cmac.c -+++ openssl-1.0.1g/crypto/cmac/cmac.c +--- openssl-1.0.1j.orig/crypto/cmac/cmac.c ++++ openssl-1.0.1j/crypto/cmac/cmac.c @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -432,10 +418,8 @@ Index: openssl-1.0.1g/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.1g/crypto/crypto.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/crypto.h -+++ openssl-1.0.1g/crypto/crypto.h +--- openssl-1.0.1j.orig/crypto/crypto.h ++++ openssl-1.0.1j/crypto/crypto.h @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -481,10 +465,8 @@ Index: openssl-1.0.1g/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.1g/crypto/des/des.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/des/des.h -+++ openssl-1.0.1g/crypto/des/des.h +--- openssl-1.0.1j.orig/crypto/des/des.h ++++ openssl-1.0.1j/crypto/des/des.h @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); @@ -495,10 +477,8 @@ Index: openssl-1.0.1g/crypto/des/des.h void DES_string_to_key(const char *str,DES_cblock *key); void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, -Index: openssl-1.0.1g/crypto/des/set_key.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/des/set_key.c -+++ openssl-1.0.1g/crypto/des/set_key.c +--- openssl-1.0.1j.orig/crypto/des/set_key.c ++++ openssl-1.0.1j/crypto/des/set_key.c @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -513,10 +493,8 @@ Index: openssl-1.0.1g/crypto/des/set_key.c { static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; -Index: openssl-1.0.1g/crypto/dh/dh.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/dh/dh.h -+++ openssl-1.0.1g/crypto/dh/dh.h +--- openssl-1.0.1j.orig/crypto/dh/dh.h ++++ openssl-1.0.1j/crypto/dh/dh.h @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -526,10 +504,8 @@ Index: openssl-1.0.1g/crypto/dh/dh.h #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time -Index: openssl-1.0.1g/crypto/dh/dh_gen.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dh/dh_gen.c -+++ openssl-1.0.1g/crypto/dh/dh_gen.c +--- openssl-1.0.1j.orig/crypto/dh/dh_gen.c ++++ openssl-1.0.1j/crypto/dh/dh_gen.c @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if(ret->meth->generate_params) @@ -563,10 +539,8 @@ Index: openssl-1.0.1g/crypto/dh/dh_gen.c ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); -Index: openssl-1.0.1g/crypto/dh/dh_key.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dh/dh_key.c -+++ openssl-1.0.1g/crypto/dh/dh_key.c +--- openssl-1.0.1j.orig/crypto/dh/dh_key.c ++++ openssl-1.0.1j/crypto/dh/dh_key.c @@ -61,6 +61,9 @@ #include #include @@ -625,10 +599,8 @@ Index: openssl-1.0.1g/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -Index: openssl-1.0.1g/crypto/dh/dh_lib.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dh/dh_lib.c -+++ openssl-1.0.1g/crypto/dh/dh_lib.c +--- openssl-1.0.1j.orig/crypto/dh/dh_lib.c ++++ openssl-1.0.1j/crypto/dh/dh_lib.c @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v { if(!default_DH_method) @@ -644,10 +616,8 @@ Index: openssl-1.0.1g/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.1g/crypto/dsa/dsa.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa.h -+++ openssl-1.0.1g/crypto/dsa/dsa.h +--- openssl-1.0.1j.orig/crypto/dsa/dsa.h ++++ openssl-1.0.1j/crypto/dsa/dsa.h @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -708,10 +678,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsa.h #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus -Index: openssl-1.0.1g/crypto/dsa/dsa_err.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_err.c -+++ openssl-1.0.1g/crypto/dsa/dsa_err.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_err.c ++++ openssl-1.0.1j/crypto/dsa/dsa_err.c @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -730,10 +698,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, -Index: openssl-1.0.1g/crypto/dsa/dsa_gen.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_gen.c -+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_gen.c ++++ openssl-1.0.1j/crypto/dsa/dsa_gen.c @@ -85,6 +85,14 @@ #include #endif @@ -1140,10 +1106,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsa_gen.c } if (mont != NULL) BN_MONT_CTX_free(mont); return ok; -Index: openssl-1.0.1g/crypto/dsa/dsa_key.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_key.c -+++ openssl-1.0.1g/crypto/dsa/dsa_key.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_key.c ++++ openssl-1.0.1j/crypto/dsa/dsa_key.c @@ -66,6 +66,35 @@ #ifdef OPENSSL_FIPS @@ -1222,10 +1186,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsa_key.c ok=1; err: -Index: openssl-1.0.1g/crypto/dsa/dsa_lib.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_lib.c -+++ openssl-1.0.1g/crypto/dsa/dsa_lib.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_lib.c ++++ openssl-1.0.1j/crypto/dsa/dsa_lib.c @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method { if(!default_DSA_method) @@ -1241,20 +1203,16 @@ Index: openssl-1.0.1g/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.1g/crypto/dsa/dsa_locl.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_locl.h -+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h +--- openssl-1.0.1j.orig/crypto/dsa/dsa_locl.h ++++ openssl-1.0.1j/crypto/dsa/dsa_locl.h @@ -56,5 +56,4 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden"))); -Index: openssl-1.0.1g/crypto/dsa/dsa_ossl.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_ossl.c -+++ openssl-1.0.1g/crypto/dsa/dsa_ossl.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_ossl.c ++++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c @@ -65,6 +65,9 @@ #include #include @@ -1328,10 +1286,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsa_ossl.c dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } -Index: openssl-1.0.1g/crypto/dsa/dsa_pmeth.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsa_pmeth.c -+++ openssl-1.0.1g/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.1j.orig/crypto/dsa/dsa_pmeth.c ++++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1341,10 +1297,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.1g/crypto/dsa/dsatest.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/dsa/dsatest.c -+++ openssl-1.0.1g/crypto/dsa/dsatest.c +--- openssl-1.0.1j.orig/crypto/dsa/dsatest.c ++++ openssl-1.0.1j/crypto/dsa/dsatest.c @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1429,10 +1383,8 @@ Index: openssl-1.0.1g/crypto/dsa/dsatest.c goto end; } if (h != 2) -Index: openssl-1.0.1g/crypto/engine/eng_all.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/engine/eng_all.c -+++ openssl-1.0.1g/crypto/engine/eng_all.c +--- openssl-1.0.1j.orig/crypto/engine/eng_all.c ++++ openssl-1.0.1j/crypto/engine/eng_all.c @@ -58,11 +58,25 @@ #include "cryptlib.h" @@ -1459,10 +1411,8 @@ Index: openssl-1.0.1g/crypto/engine/eng_all.c #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be -Index: openssl-1.0.1g/crypto/evp/Makefile -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/Makefile -+++ openssl-1.0.1g/crypto/evp/Makefile +--- openssl-1.0.1j.orig/crypto/evp/Makefile ++++ openssl-1.0.1j/crypto/evp/Makefile @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -1481,10 +1431,8 @@ Index: openssl-1.0.1g/crypto/evp/Makefile e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o SRC= $(LIBSRC) -Index: openssl-1.0.1g/crypto/evp/c_allc.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/c_allc.c -+++ openssl-1.0.1g/crypto/evp/c_allc.c +--- openssl-1.0.1j.orig/crypto/evp/c_allc.c ++++ openssl-1.0.1j/crypto/evp/c_allc.c @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -1558,10 +1506,8 @@ Index: openssl-1.0.1g/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.1g/crypto/evp/c_alld.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/c_alld.c -+++ openssl-1.0.1g/crypto/evp/c_alld.c +--- openssl-1.0.1j.orig/crypto/evp/c_alld.c ++++ openssl-1.0.1j/crypto/evp/c_alld.c @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -1607,10 +1553,8 @@ Index: openssl-1.0.1g/crypto/evp/c_alld.c + } +#endif } -Index: openssl-1.0.1g/crypto/evp/digest.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/digest.c -+++ openssl-1.0.1g/crypto/evp/digest.c +--- openssl-1.0.1j.orig/crypto/evp/digest.c ++++ openssl-1.0.1j/crypto/evp/digest.c @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1759,10 +1703,8 @@ Index: openssl-1.0.1g/crypto/evp/digest.c memset(ctx,'\0',sizeof *ctx); return 1; -Index: openssl-1.0.1g/crypto/evp/e_aes.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/e_aes.c -+++ openssl-1.0.1g/crypto/evp/e_aes.c +--- openssl-1.0.1j.orig/crypto/evp/e_aes.c ++++ openssl-1.0.1j/crypto/evp/e_aes.c @@ -56,7 +56,6 @@ #include #include @@ -1780,7 +1722,7 @@ Index: openssl-1.0.1g/crypto/evp/e_aes.c && arg < 12) return 0; #endif -@@ -1144,7 +1143,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -1185,7 +1184,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; #ifdef OPENSSL_FIPS /* Requirement of SP800-38E */ @@ -1789,15 +1731,13 @@ Index: openssl-1.0.1g/crypto/evp/e_aes.c (len > (1UL<<20)*16)) { EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); -@@ -1327,4 +1326,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm +@@ -1382,4 +1381,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif -#endif -Index: openssl-1.0.1g/crypto/evp/e_des3.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/e_des3.c -+++ openssl-1.0.1g/crypto/evp/e_des3.c +--- openssl-1.0.1j.orig/crypto/evp/e_des3.c ++++ openssl-1.0.1j/crypto/evp/e_des3.c @@ -65,8 +65,6 @@ #include #include @@ -1856,10 +1796,8 @@ Index: openssl-1.0.1g/crypto/evp/e_des3.c } #endif -#endif -Index: openssl-1.0.1g/crypto/evp/e_null.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/e_null.c -+++ openssl-1.0.1g/crypto/evp/e_null.c +--- openssl-1.0.1j.orig/crypto/evp/e_null.c ++++ openssl-1.0.1j/crypto/evp/e_null.c @@ -61,8 +61,6 @@ #include #include @@ -1883,10 +1821,8 @@ Index: openssl-1.0.1g/crypto/evp/e_null.c return 1; } -#endif -Index: openssl-1.0.1g/crypto/evp/evp.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/evp.h -+++ openssl-1.0.1g/crypto/evp/evp.h +--- openssl-1.0.1j.orig/crypto/evp/evp.h ++++ openssl-1.0.1j/crypto/evp/evp.h @@ -75,6 +75,10 @@ #include #endif @@ -1939,12 +1875,10 @@ Index: openssl-1.0.1g/crypto/evp/evp.h /* Cipher handles any and all padding logic as well * as finalisation. */ -Index: openssl-1.0.1g/crypto/evp/evp_enc.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/evp_enc.c -+++ openssl-1.0.1g/crypto/evp/evp_enc.c -@@ -69,17 +69,58 @@ - #endif +--- openssl-1.0.1j.orig/crypto/evp/evp_enc.c ++++ openssl-1.0.1j/crypto/evp/evp_enc.c +@@ -70,17 +70,58 @@ + #include "constant_time_locl.h" #include "evp_locl.h" -#ifdef OPENSSL_FIPS @@ -2006,7 +1940,7 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c memset(ctx,0,sizeof(EVP_CIPHER_CTX)); /* ctx->cipher=NULL; */ } -@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -2021,7 +1955,7 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct ctx->engine = NULL; #endif @@ -2032,7 +1966,7 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c ctx->cipher=cipher; if (ctx->cipher->ctx_size) { -@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif @@ -2043,7 +1977,7 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 -@@ -249,6 +290,22 @@ skip_to_init: +@@ -250,6 +291,22 @@ skip_to_init: } } @@ -2066,7 +2000,7 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX +@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { @@ -2074,7 +2008,7 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c if (c->cipher != NULL) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT +@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT } if (c->cipher_data) OPENSSL_free(c->cipher_data); @@ -2091,10 +2025,8 @@ Index: openssl-1.0.1g/crypto/evp/evp_enc.c memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.1g/crypto/evp/evp_lib.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/evp_lib.c -+++ openssl-1.0.1g/crypto/evp/evp_lib.c +--- openssl-1.0.1j.orig/crypto/evp/evp_lib.c ++++ openssl-1.0.1j/crypto/evp/evp_lib.c @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -2105,10 +2037,8 @@ Index: openssl-1.0.1g/crypto/evp/evp_lib.c return ctx->cipher->do_cipher(ctx,out,in,inl); } -Index: openssl-1.0.1g/crypto/evp/evp_locl.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/evp_locl.h -+++ openssl-1.0.1g/crypto/evp/evp_locl.h +--- openssl-1.0.1j.orig/crypto/evp/evp_locl.h ++++ openssl-1.0.1j/crypto/evp/evp_locl.h @@ -371,11 +371,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ #define MD2_Init private_MD2_Init #define MDC2_Init private_MDC2_Init @@ -2129,10 +2059,8 @@ Index: openssl-1.0.1g/crypto/evp/evp_locl.h #define Camellia_set_key private_Camellia_set_key #endif -Index: openssl-1.0.1g/crypto/evp/m_dss.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/m_dss.c -+++ openssl-1.0.1g/crypto/evp/m_dss.c +--- openssl-1.0.1j.orig/crypto/evp/m_dss.c ++++ openssl-1.0.1j/crypto/evp/m_dss.c @@ -66,7 +66,6 @@ #endif @@ -2155,10 +2083,8 @@ Index: openssl-1.0.1g/crypto/evp/m_dss.c } #endif -#endif -Index: openssl-1.0.1g/crypto/evp/m_dss1.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/m_dss1.c -+++ openssl-1.0.1g/crypto/evp/m_dss1.c +--- openssl-1.0.1j.orig/crypto/evp/m_dss1.c ++++ openssl-1.0.1j/crypto/evp/m_dss1.c @@ -68,8 +68,6 @@ #include #endif @@ -2182,10 +2108,8 @@ Index: openssl-1.0.1g/crypto/evp/m_dss1.c } #endif -#endif -Index: openssl-1.0.1g/crypto/evp/m_md2.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/m_md2.c -+++ openssl-1.0.1g/crypto/evp/m_md2.c +--- openssl-1.0.1j.orig/crypto/evp/m_md2.c ++++ openssl-1.0.1j/crypto/evp/m_md2.c @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -2194,10 +2118,8 @@ Index: openssl-1.0.1g/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } -Index: openssl-1.0.1g/crypto/evp/m_sha1.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/m_sha1.c -+++ openssl-1.0.1g/crypto/evp/m_sha1.c +--- openssl-1.0.1j.orig/crypto/evp/m_sha1.c ++++ openssl-1.0.1j/crypto/evp/m_sha1.c @@ -59,8 +59,6 @@ #include #include "cryptlib.h" @@ -2262,10 +2184,8 @@ Index: openssl-1.0.1g/crypto/evp/m_sha1.c #endif /* ifndef OPENSSL_NO_SHA512 */ -#endif -Index: openssl-1.0.1g/crypto/evp/p_sign.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/p_sign.c -+++ openssl-1.0.1g/crypto/evp/p_sign.c +--- openssl-1.0.1j.orig/crypto/evp/p_sign.c ++++ openssl-1.0.1j/crypto/evp/p_sign.c @@ -61,6 +61,7 @@ #include #include @@ -2297,10 +2217,8 @@ Index: openssl-1.0.1g/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.1g/crypto/evp/p_verify.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/evp/p_verify.c -+++ openssl-1.0.1g/crypto/evp/p_verify.c +--- openssl-1.0.1j.orig/crypto/evp/p_verify.c ++++ openssl-1.0.1j/crypto/evp/p_verify.c @@ -61,6 +61,7 @@ #include #include @@ -2332,10 +2250,8 @@ Index: openssl-1.0.1g/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.1g/crypto/fips/Makefile -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/Makefile ++++ openssl-1.0.1j/crypto/fips/Makefile @@ -0,0 +1,340 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -2677,10 +2593,8 @@ Index: openssl-1.0.1g/crypto/fips/Makefile +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3621,10 +3535,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c @@ -0,0 +1,517 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4143,10 +4055,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -4850,10 +4760,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c @@ -0,0 +1,292 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5147,10 +5055,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c @@ -0,0 +1,416 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5568,10 +5474,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c @@ -0,0 +1,537 @@ +#include + @@ -6110,10 +6014,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c @@ -0,0 +1,571 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6686,10 +6588,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c +} + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -6921,10 +6821,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c + return 0; + } +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7316,10 +7214,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7691,10 +7587,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c + return ret; + } +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8073,10 +7967,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c + return ret; + } +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c ++++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8466,10 +8358,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/cavs/fips_utl.h -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/cavs/fips_utl.h ++++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -8814,10 +8704,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_utl.h +#endif + } + -Index: openssl-1.0.1g/crypto/fips/fips.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips.c ++++ openssl-1.0.1j/crypto/fips/fips.c @@ -0,0 +1,489 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9308,10 +9196,8 @@ Index: openssl-1.0.1g/crypto/fips/fips.c + + +#endif -Index: openssl-1.0.1g/crypto/fips/fips.h -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips.h ++++ openssl-1.0.1j/crypto/fips/fips.h @@ -0,0 +1,279 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9592,10 +9478,8 @@ Index: openssl-1.0.1g/crypto/fips/fips.h +} +#endif +#endif -Index: openssl-1.0.1g/crypto/fips/fips_aes_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_aes_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c @@ -0,0 +1,359 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9956,10 +9840,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_aes_selftest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c @@ -0,0 +1,161 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10122,10 +10004,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c + return rv; + } +#endif -Index: openssl-1.0.1g/crypto/fips/fips_des_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_des_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c @@ -0,0 +1,147 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10274,10 +10154,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_des_selftest.c + return ret; + } +#endif -Index: openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c ++++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10715,10 +10593,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c + + return 1; + } -Index: openssl-1.0.1g/crypto/fips/fips_drbg_hash.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_hash.c ++++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c @@ -0,0 +1,378 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11098,10 +10974,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_hash.c + + return 1; + } -Index: openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c ++++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c @@ -0,0 +1,281 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11384,10 +11258,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c + + return 1; + } -Index: openssl-1.0.1g/crypto/fips/fips_drbg_lib.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_lib.c ++++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c @@ -0,0 +1,578 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -11967,10 +11839,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; + } -Index: openssl-1.0.1g/crypto/fips/fips_drbg_rand.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c ++++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c @@ -0,0 +1,172 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12144,10 +12014,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_rand.c + return &rand_drbg_meth; + } + -Index: openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c @@ -0,0 +1,862 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -13011,10 +12879,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c + return rv; + } + -Index: openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h ++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h @@ -0,0 +1,2335 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15351,10 +15217,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h + 0xc2,0xd6,0xfd,0xa5 + }; + -Index: openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c @@ -0,0 +1,193 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15549,10 +15413,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c + return ret; + } +#endif -Index: openssl-1.0.1g/crypto/fips/fips_enc.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_enc.c ++++ openssl-1.0.1j/crypto/fips/fips_enc.c @@ -0,0 +1,191 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15745,10 +15607,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_enc.c + } + } + -Index: openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -15887,10 +15747,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c + return 1; + } +#endif -Index: openssl-1.0.1g/crypto/fips/fips_locl.h -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_locl.h ++++ openssl-1.0.1j/crypto/fips/fips_locl.h @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15963,10 +15821,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_locl.h +} +#endif +#endif -Index: openssl-1.0.1g/crypto/fips/fips_md.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_md.c ++++ openssl-1.0.1j/crypto/fips/fips_md.c @@ -0,0 +1,145 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -16113,10 +15969,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_md.c + return NULL; + } + } -Index: openssl-1.0.1g/crypto/fips/fips_post.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_post.c ++++ openssl-1.0.1j/crypto/fips/fips_post.c @@ -0,0 +1,205 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -16323,10 +16177,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_post.c + return 1; + } +#endif -Index: openssl-1.0.1g/crypto/fips/fips_rand.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rand.c ++++ openssl-1.0.1j/crypto/fips/fips_rand.c @@ -0,0 +1,457 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -16785,10 +16637,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_rand.h -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rand.h ++++ openssl-1.0.1j/crypto/fips/fips_rand.h @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16935,10 +16785,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rand.h +#endif +#endif +#endif -Index: openssl-1.0.1g/crypto/fips/fips_rand_lcl.h -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rand_lcl.h ++++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h @@ -0,0 +1,219 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -17159,10 +17007,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.1g/crypto/fips/fips_rand_lib.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rand_lib.c ++++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c @@ -0,0 +1,191 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -17355,10 +17201,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rand_lib.c + } + return 0; + } -Index: openssl-1.0.1g/crypto/fips/fips_rand_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rand_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c @@ -0,0 +1,183 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -17543,10 +17387,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rand_selftest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_randtest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_randtest.c ++++ openssl-1.0.1j/crypto/fips/fips_randtest.c @@ -0,0 +1,250 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -17798,10 +17640,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_randtest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -18247,10 +18087,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c + } + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c ++++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c @@ -0,0 +1,282 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -18534,10 +18372,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c + return 0; + + } -Index: openssl-1.0.1g/crypto/fips/fips_sha_selftest.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_sha_selftest.c ++++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c @@ -0,0 +1,140 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18679,10 +18515,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_sha_selftest.c + } + +#endif -Index: openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c ++++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18864,10 +18698,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c + } + + -Index: openssl-1.0.1g/crypto/fips/fips_test_suite.c -=================================================================== --- /dev/null -+++ openssl-1.0.1g/crypto/fips/fips_test_suite.c ++++ openssl-1.0.1j/crypto/fips/fips_test_suite.c @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -19457,10 +19289,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_test_suite.c + } + +#endif -Index: openssl-1.0.1g/crypto/hmac/hmac.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/hmac/hmac.c -+++ openssl-1.0.1g/crypto/hmac/hmac.c +--- openssl-1.0.1j.orig/crypto/hmac/hmac.c ++++ openssl-1.0.1j/crypto/hmac/hmac.c @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -19523,10 +19353,8 @@ Index: openssl-1.0.1g/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.1g/crypto/md2/md2_dgst.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/md2/md2_dgst.c -+++ openssl-1.0.1g/crypto/md2/md2_dgst.c +--- openssl-1.0.1j.orig/crypto/md2/md2_dgst.c ++++ openssl-1.0.1j/crypto/md2/md2_dgst.c @@ -62,6 +62,11 @@ #include #include @@ -19548,10 +19376,8 @@ Index: openssl-1.0.1g/crypto/md2/md2_dgst.c { c->num=0; memset(c->state,0,sizeof c->state); -Index: openssl-1.0.1g/crypto/md4/md4_dgst.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/md4/md4_dgst.c -+++ openssl-1.0.1g/crypto/md4/md4_dgst.c +--- openssl-1.0.1j.orig/crypto/md4/md4_dgst.c ++++ openssl-1.0.1j/crypto/md4/md4_dgst.c @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19561,10 +19387,8 @@ Index: openssl-1.0.1g/crypto/md4/md4_dgst.c { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -Index: openssl-1.0.1g/crypto/md5/md5_dgst.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/md5/md5_dgst.c -+++ openssl-1.0.1g/crypto/md5/md5_dgst.c +--- openssl-1.0.1j.orig/crypto/md5/md5_dgst.c ++++ openssl-1.0.1j/crypto/md5/md5_dgst.c @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19574,10 +19398,8 @@ Index: openssl-1.0.1g/crypto/md5/md5_dgst.c { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; -Index: openssl-1.0.1g/crypto/mdc2/mdc2dgst.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/mdc2/mdc2dgst.c -+++ openssl-1.0.1g/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.1j.orig/crypto/mdc2/mdc2dgst.c ++++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -19587,10 +19409,8 @@ Index: openssl-1.0.1g/crypto/mdc2/mdc2dgst.c { c->num=0; c->pad_type=1; -Index: openssl-1.0.1g/crypto/o_fips.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/o_fips.c -+++ openssl-1.0.1g/crypto/o_fips.c +--- openssl-1.0.1j.orig/crypto/o_fips.c ++++ openssl-1.0.1j/crypto/o_fips.c @@ -79,6 +79,8 @@ int FIPS_mode_set(int r) #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -19600,10 +19420,8 @@ Index: openssl-1.0.1g/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.1g/crypto/o_init.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/o_init.c -+++ openssl-1.0.1g/crypto/o_init.c +--- openssl-1.0.1j.orig/crypto/o_init.c ++++ openssl-1.0.1j/crypto/o_init.c @@ -55,28 +55,68 @@ #include #include @@ -19677,24 +19495,19 @@ Index: openssl-1.0.1g/crypto/o_init.c + { + OPENSSL_init_library(); + } -Index: openssl-1.0.1g/crypto/opensslconf.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/opensslconf.h -+++ openssl-1.0.1g/crypto/opensslconf.h -@@ -1,6 +1,9 @@ - /* opensslconf.h */ - /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - +--- openssl-1.0.1j.orig/crypto/opensslconf.h ++++ openssl-1.0.1j/crypto/opensslconf.h +@@ -4,6 +4,8 @@ + #ifdef __cplusplus + extern "C" { + #endif +/* FIPS */ +#define OPENSSL_FIPS -+ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND -Index: openssl-1.0.1g/crypto/opensslconf.h.in -=================================================================== ---- openssl-1.0.1g.orig/crypto/opensslconf.h.in -+++ openssl-1.0.1g/crypto/opensslconf.h.in +--- openssl-1.0.1j.orig/crypto/opensslconf.h.in ++++ openssl-1.0.1j/crypto/opensslconf.h.in @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -19716,10 +19529,8 @@ Index: openssl-1.0.1g/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.1g/crypto/pkcs12/p12_crt.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/pkcs12/p12_crt.c -+++ openssl-1.0.1g/crypto/pkcs12/p12_crt.c +--- openssl-1.0.1j.orig/crypto/pkcs12/p12_crt.c ++++ openssl-1.0.1j/crypto/pkcs12/p12_crt.c @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -19731,11 +19542,9 @@ Index: openssl-1.0.1g/crypto/pkcs12/p12_crt.c static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); -Index: openssl-1.0.1g/crypto/rand/md_rand.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rand/md_rand.c -+++ openssl-1.0.1g/crypto/rand/md_rand.c -@@ -395,7 +395,10 @@ static int ssleay_rand_bytes(unsigned ch +--- openssl-1.0.1j.orig/crypto/rand/md_rand.c ++++ openssl-1.0.1j/crypto/rand/md_rand.c +@@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -19747,10 +19556,8 @@ Index: openssl-1.0.1g/crypto/rand/md_rand.c { RAND_poll(); initialized = 1; -Index: openssl-1.0.1g/crypto/rand/rand.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/rand/rand.h -+++ openssl-1.0.1g/crypto/rand/rand.h +--- openssl-1.0.1j.orig/crypto/rand/rand.h ++++ openssl-1.0.1j/crypto/rand/rand.h @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -19791,10 +19598,8 @@ Index: openssl-1.0.1g/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.1g/crypto/ripemd/rmd_dgst.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/ripemd/rmd_dgst.c -+++ openssl-1.0.1g/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.1j.orig/crypto/ripemd/rmd_dgst.c ++++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif @@ -19804,10 +19609,8 @@ Index: openssl-1.0.1g/crypto/ripemd/rmd_dgst.c { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; -Index: openssl-1.0.1g/crypto/rsa/rsa.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa.h -+++ openssl-1.0.1g/crypto/rsa/rsa.h +--- openssl-1.0.1j.orig/crypto/rsa/rsa.h ++++ openssl-1.0.1j/crypto/rsa/rsa.h @@ -164,6 +164,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -19891,11 +19694,9 @@ Index: openssl-1.0.1g/crypto/rsa/rsa.h +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 - #define RSA_R_P_NOT_PRIME 128 -Index: openssl-1.0.1g/crypto/rsa/rsa_crpt.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_crpt.c -+++ openssl-1.0.1g/crypto/rsa/rsa_crpt.c + #define RSA_R_PKCS_DECODING_ERROR 159 +--- openssl-1.0.1j.orig/crypto/rsa/rsa_crpt.c ++++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const RSA *rsa, int padding) { @@ -19922,10 +19723,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.1g/crypto/rsa/rsa_eay.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_eay.c -+++ openssl-1.0.1g/crypto/rsa/rsa_eay.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_eay.c ++++ openssl-1.0.1j/crypto/rsa/rsa_eay.c @@ -114,6 +114,10 @@ #include #include @@ -20056,10 +19855,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_eay.c rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -Index: openssl-1.0.1g/crypto/rsa/rsa_err.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_err.c -+++ openssl-1.0.1g/crypto/rsa/rsa_err.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_err.c ++++ openssl-1.0.1j/crypto/rsa/rsa_err.c @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -20069,10 +19866,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, -Index: openssl-1.0.1g/crypto/rsa/rsa_gen.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_gen.c -+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_gen.c ++++ openssl-1.0.1j/crypto/rsa/rsa_gen.c @@ -69,6 +69,78 @@ #include #ifdef OPENSSL_FIPS @@ -20214,10 +20009,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_gen.c ok=1; err: if (ok == -1) -Index: openssl-1.0.1g/crypto/rsa/rsa_lib.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_lib.c -+++ openssl-1.0.1g/crypto/rsa/rsa_lib.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_lib.c ++++ openssl-1.0.1j/crypto/rsa/rsa_lib.c @@ -84,6 +84,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -20293,10 +20086,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE -Index: openssl-1.0.1g/crypto/rsa/rsa_pmeth.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_pmeth.c -+++ openssl-1.0.1g/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_pmeth.c ++++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -20340,10 +20131,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.1g/crypto/rsa/rsa_sign.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/rsa/rsa_sign.c -+++ openssl-1.0.1g/crypto/rsa/rsa_sign.c +--- openssl-1.0.1j.orig/crypto/rsa/rsa_sign.c ++++ openssl-1.0.1j/crypto/rsa/rsa_sign.c @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -20354,7 +20143,7 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_sign.c if (i <= 0) ret=0; else -@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi +@@ -197,8 +198,8 @@ int int_rsa_verify(int dtype, const unsi if((dtype == NID_md5_sha1) && rm) { @@ -20365,7 +20154,7 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_sign.c if (i <= 0) return 0; *prm_len = i; -@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi +@@ -215,7 +216,8 @@ int int_rsa_verify(int dtype, const unsi RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); goto err; } @@ -20375,10 +20164,8 @@ Index: openssl-1.0.1g/crypto/rsa/rsa_sign.c if (i <= 0) goto err; /* Oddball MDC2 case: signature can be OCTET STRING. -Index: openssl-1.0.1g/crypto/sha/sha.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/sha/sha.h -+++ openssl-1.0.1g/crypto/sha/sha.h +--- openssl-1.0.1j.orig/crypto/sha/sha.h ++++ openssl-1.0.1j/crypto/sha/sha.h @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -20411,10 +20198,8 @@ Index: openssl-1.0.1g/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.1g/crypto/sha/sha256.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/sha/sha256.c -+++ openssl-1.0.1g/crypto/sha/sha256.c +--- openssl-1.0.1j.orig/crypto/sha/sha256.c ++++ openssl-1.0.1j/crypto/sha/sha256.c @@ -12,12 +12,19 @@ #include @@ -20445,10 +20230,8 @@ Index: openssl-1.0.1g/crypto/sha/sha256.c memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; -Index: openssl-1.0.1g/crypto/sha/sha512.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/sha/sha512.c -+++ openssl-1.0.1g/crypto/sha/sha512.c +--- openssl-1.0.1j.orig/crypto/sha/sha512.c ++++ openssl-1.0.1j/crypto/sha/sha512.c @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -20480,10 +20263,8 @@ Index: openssl-1.0.1g/crypto/sha/sha512.c c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.1g/crypto/sha/sha_locl.h -=================================================================== ---- openssl-1.0.1g.orig/crypto/sha/sha_locl.h -+++ openssl-1.0.1g/crypto/sha/sha_locl.h +--- openssl-1.0.1j.orig/crypto/sha/sha_locl.h ++++ openssl-1.0.1j/crypto/sha/sha_locl.h @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h4 0xc3d2e1f0UL @@ -20500,10 +20281,8 @@ Index: openssl-1.0.1g/crypto/sha/sha_locl.h memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; -Index: openssl-1.0.1g/crypto/whrlpool/wp_dgst.c -=================================================================== ---- openssl-1.0.1g.orig/crypto/whrlpool/wp_dgst.c -+++ openssl-1.0.1g/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.1j.orig/crypto/whrlpool/wp_dgst.c ++++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c @@ -55,7 +55,7 @@ #include #include @@ -20513,11 +20292,9 @@ Index: openssl-1.0.1g/crypto/whrlpool/wp_dgst.c { memset (c,0,sizeof(*c)); return(1); -Index: openssl-1.0.1g/ssl/d1_srvr.c -=================================================================== ---- openssl-1.0.1g.orig/ssl/d1_srvr.c -+++ openssl-1.0.1g/ssl/d1_srvr.c -@@ -1383,6 +1383,8 @@ int dtls1_send_server_key_exchange(SSL * +--- openssl-1.0.1j.orig/ssl/d1_srvr.c ++++ openssl-1.0.1j/ssl/d1_srvr.c +@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL * j=0; for (num=2; num > 0; num--) { @@ -20526,10 +20303,8 @@ Index: openssl-1.0.1g/ssl/d1_srvr.c EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); -Index: openssl-1.0.1g/ssl/ssl_algs.c -=================================================================== ---- openssl-1.0.1g.orig/ssl/ssl_algs.c -+++ openssl-1.0.1g/ssl/ssl_algs.c +--- openssl-1.0.1j.orig/ssl/ssl_algs.c ++++ openssl-1.0.1j/ssl/ssl_algs.c @@ -64,6 +64,12 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.1i-noec2m-fix.patch b/openssl-1.0.1i-noec2m-fix.patch new file mode 100644 index 0000000..63bec22 --- /dev/null +++ b/openssl-1.0.1i-noec2m-fix.patch @@ -0,0 +1,59 @@ +From 90fec44393443f93d6f7fb00662472bb2a8a6c9b Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Mon, 10 Nov 2014 23:42:50 +0000 +Subject: [PATCH] Added OPENSSL_NO_EC2M guards around the preferred EC curve + list + +--- + ssl/t1_lib.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index d6aff4b..8dafc6e 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -204,28 +204,40 @@ static int nid_list[] = + + static int pref_list[] = + { ++#ifndef OPENSSL_NO_EC2M + NID_sect571r1, /* sect571r1 (14) */ + NID_sect571k1, /* sect571k1 (13) */ ++#endif + NID_secp521r1, /* secp521r1 (25) */ ++#ifndef OPENSSL_NO_EC2M + NID_sect409k1, /* sect409k1 (11) */ + NID_sect409r1, /* sect409r1 (12) */ ++#endif + NID_secp384r1, /* secp384r1 (24) */ ++#ifndef OPENSSL_NO_EC2M + NID_sect283k1, /* sect283k1 (9) */ + NID_sect283r1, /* sect283r1 (10) */ ++#endif + NID_secp256k1, /* secp256k1 (22) */ + NID_X9_62_prime256v1, /* secp256r1 (23) */ ++#ifndef OPENSSL_NO_EC2M + NID_sect239k1, /* sect239k1 (8) */ + NID_sect233k1, /* sect233k1 (6) */ + NID_sect233r1, /* sect233r1 (7) */ ++#endif + NID_secp224k1, /* secp224k1 (20) */ + NID_secp224r1, /* secp224r1 (21) */ ++#ifndef OPENSSL_NO_EC2M + NID_sect193r1, /* sect193r1 (4) */ + NID_sect193r2, /* sect193r2 (5) */ ++#endif + NID_secp192k1, /* secp192k1 (18) */ + NID_X9_62_prime192v1, /* secp192r1 (19) */ ++#ifndef OPENSSL_NO_EC2M + NID_sect163k1, /* sect163k1 (1) */ + NID_sect163r1, /* sect163r1 (2) */ + NID_sect163r2, /* sect163r2 (3) */ ++#endif + NID_secp160k1, /* secp160k1 (15) */ + NID_secp160r1, /* secp160r1 (16) */ + NID_secp160r2, /* secp160r2 (17) */ +-- +2.1.0 + + diff --git a/openssl-1.0.1i.tar.gz b/openssl-1.0.1i.tar.gz deleted file mode 100644 index d81aae1..0000000 --- a/openssl-1.0.1i.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7 -size 4422117 diff --git a/openssl-1.0.1i.tar.gz.asc b/openssl-1.0.1i.tar.gz.asc deleted file mode 100644 index 855998c..0000000 --- a/openssl-1.0.1i.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJT4pu4AAoJENnE0m0OYESRle0H/A6fmNlUkhJ5NS5/W6HbztKE -j5xWzecv7HKElr01tleyGkefwg/whBhE1HN0QsFygOR29HFF4dhijjarYj7gh6tR -rsTGpbi+i0j2355a/BJdisXx9IESQLHeXxIAcGYEyWJKAUPzIHnIq/de+/IU9Luz -Ck5aNaB2epB8mAyqHD8tkyK52764ngATElsuz9/aSGBSgoNkLXa/3nDEink2ckaD -+fiBftKALEmJy+aaKp3E3PE3rQ02L0UK0hsO9DfOe0SZtFOd1nGF3Pb1DgGvum+R -RYUXuroGc6D126lK/ThhqZxBOWn+TYmm9g+P15r9nWOUvqvP1Bn2no0AvRvZH30= -=f6Uy ------END PGP SIGNATURE----- diff --git a/openssl-1.0.1j.tar.gz b/openssl-1.0.1j.tar.gz new file mode 100644 index 0000000..5ce9bae --- /dev/null +++ b/openssl-1.0.1j.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 +size 4432964 diff --git a/openssl-1.0.1j.tar.gz.asc b/openssl-1.0.1j.tar.gz.asc new file mode 100644 index 0000000..78b2f34 --- /dev/null +++ b/openssl-1.0.1j.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJUPm6ZAAoJENnE0m0OYESRnTMH/3C0nbnYzAn5mO+PIZUs/yJ5 +DWFKNY4nUeJDuI6V1M95qhnQVn4ae3ikCQeXXVQEMMeWf2giATGJAmt0bJsyylfE +M/q9K6/hyshJDMXNWK0BvoC/XjE5ohwZQEFHjqvcS1+ednOsuLoBPNslghA2CNTC +8+iv9+eOMcTJyraEh09jjCzn7WNaL2IMyvx1b7xtj4zvZ6chVEoqSSYM820NdqZQ +1xoClVOXn/IEkoUOG81NgzsMol7AjPM8AVeG7UGHqqKy/TGKHAiik6gpLjOpGpzv +iyU7nMzK+YhWU1UgJdXu7De0FjekTFgZgHCANdw1FmPcGpiXJsZcY+jPaYNCouQ= +=h6ga +-----END PGP SIGNATURE----- diff --git a/openssl.changes b/openssl.changes index 4a94b83..cd1ff82 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Tue Nov 18 09:42:50 UTC 2014 - brian@aljex.com + +- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128 + +------------------------------------------------------------------- +Mon Nov 17 12:34:12 UTC 2014 - meissner@suse.com + +- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves + we actually support (not the binary ones) (bnc#905037) + +------------------------------------------------------------------- +Fri Nov 7 22:09:27 UTC 2014 - brian@aljex.com + +- openSUSE < 11.2 doesn't have accept4() + +------------------------------------------------------------------- +Tue Oct 21 19:58:31 UTC 2014 - crrodriguez@opensuse.org + +- openSSL 1.0.1j +* Fix SRTP Memory Leak (CVE-2014-3513) +* Session Ticket Memory Leak (CVE-2014-3567) +* Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) +* Build option no-ssl3 is incomplete (CVE-2014-3568) + ------------------------------------------------------------------- Thu Aug 21 15:05:43 UTC 2014 - meissner@suse.com diff --git a/openssl.spec b/openssl.spec index 8dcd281..98bcfae 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.1i +Version: 1.0.1j Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -47,7 +47,9 @@ Source11: README-FIPS.txt Patch0: merge_from_0.9.8k.patch Patch1: openssl-1.0.0-c_rehash-compat.diff Patch2: bug610223.patch +%if 0%{?suse_version} >= 1120 Patch3: openssl-ocloexec.patch +%endif Patch4: VIA_padlock_support_on_64systems.patch # PATCH-FIX-UPSTREAM http://rt.openssl.org/Ticket/Attachment/WithHeaders/20049 Patch5: openssl-fix-pod-syntax.diff @@ -72,6 +74,7 @@ Patch34: openssl-fips-hidden.patch Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch36: openssl-1.0.1e-add-suse-default-cipher-header.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch +Patch38: openssl-1.0.1i-noec2m-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -164,7 +167,9 @@ this package's base documentation. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%if 0%{?suse_version} >= 1120 %patch3 +%endif %patch4 -p1 %patch5 -p1 %patch6 -p1 @@ -186,6 +191,7 @@ this package's base documentation. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure" @@ -243,8 +249,10 @@ no-ssl2 \ enable-rfc3779 \ %endif %ifarch x86_64 aarch64 ppc64le +%if 0%{?suse_version} < 1010 || 0%{?suse_version} > 1020 enable-ec_nistp_64_gcc_128 \ %endif +%endif enable-camellia \ zlib \ no-ec2m \