diff --git a/VIA_padlock_support_on_64systems.patch b/VIA_padlock_support_on_64systems.patch index 3a34fdc..67c846f 100644 --- a/VIA_padlock_support_on_64systems.patch +++ b/VIA_padlock_support_on_64systems.patch @@ -1,7 +1,7 @@ -Index: openssl-1.0.1c/engines/e_padlock.c +Index: openssl-1.0.1k/engines/e_padlock.c =================================================================== ---- openssl-1.0.1c.orig/engines/e_padlock.c -+++ openssl-1.0.1c/engines/e_padlock.c +--- openssl-1.0.1k.orig/engines/e_padlock.c ++++ openssl-1.0.1k/engines/e_padlock.c @@ -101,7 +101,10 @@ compiler choice is limited to GCC and Microsoft C. */ #undef COMPILE_HW_PADLOCK @@ -22,29 +22,7 @@ Index: openssl-1.0.1c/engines/e_padlock.c /* * As for excessive "push %ebx"/"pop %ebx" found all over. * When generating position-independent code GCC won't let -@@ -383,21 +387,6 @@ padlock_available(void) - return padlock_use_ace + padlock_use_rng; - } - --#ifndef OPENSSL_NO_AES --/* Our own htonl()/ntohl() */ --static inline void --padlock_bswapl(AES_KEY *ks) --{ -- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -- -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } --} --#endif -- - /* Force key reload from memory to the CPU microcode. - Loading EFLAGS from the stack clears EFLAGS[30] - which does the trick. */ -@@ -456,11 +445,130 @@ static inline void *name(size_t cnt, \ +@@ -458,11 +462,136 @@ static inline void *name(size_t cnt, \ return iv; \ } @@ -60,30 +38,33 @@ Index: openssl-1.0.1c/engines/e_padlock.c +{ + char vendor_string[16]; + unsigned int eax, edx; ++ size_t scratch; + + /* Are we running on the Centaur (VIA) CPU? */ + eax = 0x00000000; + vendor_string[12] = 0; + asm volatile ( ++ "movq %%rbx,%1\n" + "cpuid\n" -+ "movl %%ebx,(%1)\n" -+ "movl %%edx,4(%1)\n" -+ "movl %%ecx,8(%1)\n" -+ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); ++ "movl %%ebx,(%2)\n" ++ "movl %%edx,4(%2)\n" ++ "movl %%ecx,8(%2)\n" ++ "movq %1,%%rbx" ++ : "+a"(eax), "=&r"(scratch) : "r"(vendor_string) : "rcx", "rdx"); + if (strcmp(vendor_string, "CentaurHauls") != 0) + return 0; + + /* Check for Centaur Extended Feature Flags presence */ + eax = 0xC0000000; -+ asm volatile ("cpuid" -+ : "+a"(eax) : : "rbx", "rcx", "rdx"); ++ asm volatile ("movq %%rbx,%1; cpuid; movq %1,%%rbx" ++ : "+a"(eax), "=&r"(scratch) : : "rcx", "rdx"); + if (eax < 0xC0000001) + return 0; + + /* Read the Centaur Extended Feature Flags */ + eax = 0xC0000001; -+ asm volatile ("cpuid" -+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); ++ asm volatile ("movq %%rbx,%2; cpuid; movq %2,%%rbx" ++ : "+a"(eax), "=d"(edx), "=&r"(scratch) : : "rcx"); + + /* Fill up some flags */ + padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); @@ -139,12 +120,15 @@ Index: openssl-1.0.1c/engines/e_padlock.c + struct padlock_cipher_data *cdata, \ + void *out, const void *inp) \ +{ void *iv; \ -+ asm volatile ( "leaq 16(%0),%%rdx\n" \ ++ size_t scratch; \ ++ asm volatile ( "movq %%rbx,%4\n" \ ++ " leaq 16(%0),%%rdx\n" \ + " leaq 32(%0),%%rbx\n" \ + rep_xcrypt "\n" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ ++ " movq %4,%%rbx" \ ++ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp), "=&r"(scratch) \ + : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "rbx", "rdx", "cc", "memory"); \ ++ : "rdx", "cc", "memory"); \ + return iv; \ +} +#endif @@ -175,7 +159,7 @@ Index: openssl-1.0.1c/engines/e_padlock.c #endif /* The RNG call itself */ -@@ -491,8 +599,8 @@ padlock_xstore(void *addr, unsigned int +@@ -493,8 +622,8 @@ padlock_xstore(void *addr, unsigned int static inline unsigned char * padlock_memcpy(void *dst,const void *src,size_t n) { @@ -186,68 +170,3 @@ Index: openssl-1.0.1c/engines/e_padlock.c n /= sizeof(*d); do { *d++ = *s++; } while (--n); -Index: openssl-1.0.1c/engines/e_padlock.c -=================================================================== ---- openssl-1.0.1c.orig/engines/e_padlock.c -+++ openssl-1.0.1c/engines/e_padlock.c -@@ -457,30 +457,33 @@ padlock_available(void) - { - char vendor_string[16]; - unsigned int eax, edx; -+ size_t scratch; - - /* Are we running on the Centaur (VIA) CPU? */ - eax = 0x00000000; - vendor_string[12] = 0; - asm volatile ( -+ "movq %%rbx,%1\n" - "cpuid\n" -- "movl %%ebx,(%1)\n" -- "movl %%edx,4(%1)\n" -- "movl %%ecx,8(%1)\n" -- : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); -+ "movl %%ebx,(%2)\n" -+ "movl %%edx,4(%2)\n" -+ "movl %%ecx,8(%2)\n" -+ "movq %1,%%rbx" -+ : "+a"(eax), "=&r"(scratch) : "r"(vendor_string) : "rcx", "rdx"); - if (strcmp(vendor_string, "CentaurHauls") != 0) - return 0; - - /* Check for Centaur Extended Feature Flags presence */ - eax = 0xC0000000; -- asm volatile ("cpuid" -- : "+a"(eax) : : "rbx", "rcx", "rdx"); -+ asm volatile ("movq %%rbx,%1; cpuid; movq %1,%%rbx" -+ : "+a"(eax), "=&r"(scratch) : : "rcx", "rdx"); - if (eax < 0xC0000001) - return 0; - - /* Read the Centaur Extended Feature Flags */ - eax = 0xC0000001; -- asm volatile ("cpuid" -- : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); -+ asm volatile ("movq %%rbx,%2; cpuid; movq %2,%%rbx" -+ : "+a"(eax), "=d"(edx), "=&r"(scratch) : : "rcx"); - - /* Fill up some flags */ - padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -@@ -536,12 +539,15 @@ padlock_verify_context(struct padlock_ci - struct padlock_cipher_data *cdata, \ - void *out, const void *inp) \ - { void *iv; \ -- asm volatile ( "leaq 16(%0),%%rdx\n" \ -+ size_t scratch; \ -+ asm volatile ( "movq %%rbx,%4\n" \ -+ " leaq 16(%0),%%rdx\n" \ - " leaq 32(%0),%%rbx\n" \ - rep_xcrypt "\n" \ -- : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ " movq %4,%%rbx" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp), "=&r"(scratch) \ - : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -- : "rbx", "rdx", "cc", "memory"); \ -+ : "rdx", "cc", "memory"); \ - return iv; \ - } - #endif diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch index 9344963..ca8281e 100644 --- a/openssl-1.0.1e-fips.patch +++ b/openssl-1.0.1e-fips.patch @@ -113,9 +113,11 @@ ssl/ssl_algs.c | 50 112 files changed, 18073 insertions(+), 403 deletions(-) ---- openssl-1.0.1j.orig/Configure -+++ openssl-1.0.1j/Configure -@@ -991,11 +991,6 @@ if (defined($disabled{"md5"}) || defined +Index: openssl-1.0.1k/Configure +=================================================================== +--- openssl-1.0.1k.orig/Configure ++++ openssl-1.0.1k/Configure +@@ -996,11 +996,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -127,7 +129,7 @@ # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1470,7 +1465,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1475,7 +1470,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -135,7 +137,7 @@ } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1657,9 +1651,12 @@ while () +@@ -1662,9 +1656,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -149,8 +151,10 @@ s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); ---- openssl-1.0.1j.orig/Makefile.org -+++ openssl-1.0.1j/Makefile.org +Index: openssl-1.0.1k/Makefile.org +=================================================================== +--- openssl-1.0.1k.orig/Makefile.org ++++ openssl-1.0.1k/Makefile.org @@ -135,6 +135,9 @@ FIPSCANLIB= BASEADDR= @@ -178,8 +182,10 @@ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. ---- openssl-1.0.1j.orig/apps/pkcs12.c -+++ openssl-1.0.1j/apps/pkcs12.c +Index: openssl-1.0.1k/apps/pkcs12.c +=================================================================== +--- openssl-1.0.1k.orig/apps/pkcs12.c ++++ openssl-1.0.1k/apps/pkcs12.c @@ -67,6 +67,9 @@ #include #include @@ -202,8 +208,10 @@ enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); ---- openssl-1.0.1j.orig/apps/speed.c -+++ openssl-1.0.1j/apps/speed.c +Index: openssl-1.0.1k/apps/speed.c +=================================================================== +--- openssl-1.0.1k.orig/apps/speed.c ++++ openssl-1.0.1k/apps/speed.c @@ -195,7 +195,6 @@ #ifdef OPENSSL_DOING_MAKEDEPEND #undef AES_set_encrypt_key @@ -329,8 +337,10 @@ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", 16,EVP_md5(), NULL); ---- openssl-1.0.1j.orig/crypto/aes/aes_misc.c -+++ openssl-1.0.1j/crypto/aes/aes_misc.c +Index: openssl-1.0.1k/crypto/aes/aes_misc.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/aes/aes_misc.c ++++ openssl-1.0.1k/crypto/aes/aes_misc.c @@ -69,17 +69,11 @@ const char *AES_options(void) { int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -349,8 +359,10 @@ -#endif return private_AES_set_decrypt_key(userKey, bits, key); } ---- openssl-1.0.1j.orig/crypto/camellia/cmll_locl.h -+++ openssl-1.0.1j/crypto/camellia/cmll_locl.h +Index: openssl-1.0.1k/crypto/camellia/cmll_locl.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/camellia/cmll_locl.h ++++ openssl-1.0.1k/crypto/camellia/cmll_locl.h @@ -68,7 +68,8 @@ #ifndef HEADER_CAMELLIA_LOCL_H #define HEADER_CAMELLIA_LOCL_H @@ -368,8 +380,10 @@ -#pragma GCC visibility pop +//#pragma GCC visibility pop #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ ---- openssl-1.0.1j.orig/crypto/cmac/cmac.c -+++ openssl-1.0.1j/crypto/cmac/cmac.c +Index: openssl-1.0.1k/crypto/cmac/cmac.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/cmac/cmac.c ++++ openssl-1.0.1k/crypto/cmac/cmac.c @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -418,8 +432,10 @@ if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); ---- openssl-1.0.1j.orig/crypto/crypto.h -+++ openssl-1.0.1j/crypto/crypto.h +Index: openssl-1.0.1k/crypto/crypto.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/crypto.h ++++ openssl-1.0.1k/crypto/crypto.h @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -465,8 +481,10 @@ /* Error codes for the CRYPTO functions. */ /* Function codes. */ ---- openssl-1.0.1j.orig/crypto/des/des.h -+++ openssl-1.0.1j/crypto/des/des.h +Index: openssl-1.0.1k/crypto/des/des.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/des/des.h ++++ openssl-1.0.1k/crypto/des/des.h @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); @@ -477,8 +495,10 @@ void DES_string_to_key(const char *str,DES_cblock *key); void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, ---- openssl-1.0.1j.orig/crypto/des/set_key.c -+++ openssl-1.0.1j/crypto/des/set_key.c +Index: openssl-1.0.1k/crypto/des/set_key.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/des/set_key.c ++++ openssl-1.0.1k/crypto/des/set_key.c @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -493,8 +513,10 @@ { static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; ---- openssl-1.0.1j.orig/crypto/dh/dh.h -+++ openssl-1.0.1j/crypto/dh/dh.h +Index: openssl-1.0.1k/crypto/dh/dh.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/dh/dh.h ++++ openssl-1.0.1k/crypto/dh/dh.h @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -504,8 +526,10 @@ #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time ---- openssl-1.0.1j.orig/crypto/dh/dh_gen.c -+++ openssl-1.0.1j/crypto/dh/dh_gen.c +Index: openssl-1.0.1k/crypto/dh/dh_gen.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dh/dh_gen.c ++++ openssl-1.0.1k/crypto/dh/dh_gen.c @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if(ret->meth->generate_params) @@ -539,8 +563,10 @@ ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); ---- openssl-1.0.1j.orig/crypto/dh/dh_key.c -+++ openssl-1.0.1j/crypto/dh/dh_key.c +Index: openssl-1.0.1k/crypto/dh/dh_key.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dh/dh_key.c ++++ openssl-1.0.1k/crypto/dh/dh_key.c @@ -61,6 +61,9 @@ #include #include @@ -599,8 +625,10 @@ dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } ---- openssl-1.0.1j.orig/crypto/dh/dh_lib.c -+++ openssl-1.0.1j/crypto/dh/dh_lib.c +Index: openssl-1.0.1k/crypto/dh/dh_lib.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dh/dh_lib.c ++++ openssl-1.0.1k/crypto/dh/dh_lib.c @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v { if(!default_DH_method) @@ -616,8 +644,10 @@ } return default_DH_method; } ---- openssl-1.0.1j.orig/crypto/dsa/dsa.h -+++ openssl-1.0.1j/crypto/dsa/dsa.h +Index: openssl-1.0.1k/crypto/dsa/dsa.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa.h ++++ openssl-1.0.1k/crypto/dsa/dsa.h @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif @@ -678,8 +708,10 @@ #define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus ---- openssl-1.0.1j.orig/crypto/dsa/dsa_err.c -+++ openssl-1.0.1j/crypto/dsa/dsa_err.c +Index: openssl-1.0.1k/crypto/dsa/dsa_err.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_err.c ++++ openssl-1.0.1k/crypto/dsa/dsa_err.c @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -698,8 +730,10 @@ {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, ---- openssl-1.0.1j.orig/crypto/dsa/dsa_gen.c -+++ openssl-1.0.1j/crypto/dsa/dsa_gen.c +Index: openssl-1.0.1k/crypto/dsa/dsa_gen.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_gen.c ++++ openssl-1.0.1k/crypto/dsa/dsa_gen.c @@ -85,6 +85,14 @@ #include #endif @@ -1106,8 +1140,10 @@ } if (mont != NULL) BN_MONT_CTX_free(mont); return ok; ---- openssl-1.0.1j.orig/crypto/dsa/dsa_key.c -+++ openssl-1.0.1j/crypto/dsa/dsa_key.c +Index: openssl-1.0.1k/crypto/dsa/dsa_key.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_key.c ++++ openssl-1.0.1k/crypto/dsa/dsa_key.c @@ -66,6 +66,35 @@ #ifdef OPENSSL_FIPS @@ -1186,8 +1222,10 @@ ok=1; err: ---- openssl-1.0.1j.orig/crypto/dsa/dsa_lib.c -+++ openssl-1.0.1j/crypto/dsa/dsa_lib.c +Index: openssl-1.0.1k/crypto/dsa/dsa_lib.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_lib.c ++++ openssl-1.0.1k/crypto/dsa/dsa_lib.c @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method { if(!default_DSA_method) @@ -1203,16 +1241,20 @@ } return default_DSA_method; } ---- openssl-1.0.1j.orig/crypto/dsa/dsa_locl.h -+++ openssl-1.0.1j/crypto/dsa/dsa_locl.h +Index: openssl-1.0.1k/crypto/dsa/dsa_locl.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_locl.h ++++ openssl-1.0.1k/crypto/dsa/dsa_locl.h @@ -56,5 +56,4 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden"))); ---- openssl-1.0.1j.orig/crypto/dsa/dsa_ossl.c -+++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c +Index: openssl-1.0.1k/crypto/dsa/dsa_ossl.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_ossl.c ++++ openssl-1.0.1k/crypto/dsa/dsa_ossl.c @@ -65,6 +65,9 @@ #include #include @@ -1286,8 +1328,10 @@ dsa->flags|=DSA_FLAG_CACHE_MONT_P; return(1); } ---- openssl-1.0.1j.orig/crypto/dsa/dsa_pmeth.c -+++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c +Index: openssl-1.0.1k/crypto/dsa/dsa_pmeth.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsa_pmeth.c ++++ openssl-1.0.1k/crypto/dsa/dsa_pmeth.c @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1297,8 +1341,10 @@ if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else ---- openssl-1.0.1j.orig/crypto/dsa/dsatest.c -+++ openssl-1.0.1j/crypto/dsa/dsatest.c +Index: openssl-1.0.1k/crypto/dsa/dsatest.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/dsa/dsatest.c ++++ openssl-1.0.1k/crypto/dsa/dsatest.c @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1383,8 +1429,10 @@ goto end; } if (h != 2) ---- openssl-1.0.1j.orig/crypto/engine/eng_all.c -+++ openssl-1.0.1j/crypto/engine/eng_all.c +Index: openssl-1.0.1k/crypto/engine/eng_all.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/engine/eng_all.c ++++ openssl-1.0.1k/crypto/engine/eng_all.c @@ -58,11 +58,25 @@ #include "cryptlib.h" @@ -1411,8 +1459,10 @@ #if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be ---- openssl-1.0.1j.orig/crypto/evp/Makefile -+++ openssl-1.0.1j/crypto/evp/Makefile +Index: openssl-1.0.1k/crypto/evp/Makefile +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/Makefile ++++ openssl-1.0.1k/crypto/evp/Makefile @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -1431,8 +1481,10 @@ e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o SRC= $(LIBSRC) ---- openssl-1.0.1j.orig/crypto/evp/c_allc.c -+++ openssl-1.0.1j/crypto/evp/c_allc.c +Index: openssl-1.0.1k/crypto/evp/c_allc.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/c_allc.c ++++ openssl-1.0.1k/crypto/evp/c_allc.c @@ -65,6 +65,11 @@ void OpenSSL_add_all_ciphers(void) { @@ -1506,8 +1558,10 @@ + } +#endif } ---- openssl-1.0.1j.orig/crypto/evp/c_alld.c -+++ openssl-1.0.1j/crypto/evp/c_alld.c +Index: openssl-1.0.1k/crypto/evp/c_alld.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/c_alld.c ++++ openssl-1.0.1k/crypto/evp/c_alld.c @@ -64,6 +64,11 @@ void OpenSSL_add_all_digests(void) @@ -1553,8 +1607,10 @@ + } +#endif } ---- openssl-1.0.1j.orig/crypto/evp/digest.c -+++ openssl-1.0.1j/crypto/evp/digest.c +Index: openssl-1.0.1k/crypto/evp/digest.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/digest.c ++++ openssl-1.0.1k/crypto/evp/digest.c @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1703,8 +1759,10 @@ memset(ctx,'\0',sizeof *ctx); return 1; ---- openssl-1.0.1j.orig/crypto/evp/e_aes.c -+++ openssl-1.0.1j/crypto/evp/e_aes.c +Index: openssl-1.0.1k/crypto/evp/e_aes.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/e_aes.c ++++ openssl-1.0.1k/crypto/evp/e_aes.c @@ -56,7 +56,6 @@ #include #include @@ -1736,8 +1794,10 @@ #endif -#endif ---- openssl-1.0.1j.orig/crypto/evp/e_des3.c -+++ openssl-1.0.1j/crypto/evp/e_des3.c +Index: openssl-1.0.1k/crypto/evp/e_des3.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/e_des3.c ++++ openssl-1.0.1k/crypto/evp/e_des3.c @@ -65,8 +65,6 @@ #include #include @@ -1747,7 +1807,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); -@@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH +@@ -207,9 +205,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, @@ -1760,7 +1820,7 @@ des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher -@@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, +@@ -218,21 +216,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, @@ -1791,13 +1851,15 @@ des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, -@@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void) +@@ -315,4 +313,3 @@ const EVP_CIPHER *EVP_des_ede3(void) return &des_ede3_ecb; } #endif -#endif ---- openssl-1.0.1j.orig/crypto/evp/e_null.c -+++ openssl-1.0.1j/crypto/evp/e_null.c +Index: openssl-1.0.1k/crypto/evp/e_null.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/e_null.c ++++ openssl-1.0.1k/crypto/evp/e_null.c @@ -61,8 +61,6 @@ #include #include @@ -1821,8 +1883,10 @@ return 1; } -#endif ---- openssl-1.0.1j.orig/crypto/evp/evp.h -+++ openssl-1.0.1j/crypto/evp/evp.h +Index: openssl-1.0.1k/crypto/evp/evp.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/evp.h ++++ openssl-1.0.1k/crypto/evp/evp.h @@ -75,6 +75,10 @@ #include #endif @@ -1875,10 +1939,12 @@ /* Cipher handles any and all padding logic as well * as finalisation. */ ---- openssl-1.0.1j.orig/crypto/evp/evp_enc.c -+++ openssl-1.0.1j/crypto/evp/evp_enc.c -@@ -70,17 +70,58 @@ - #include "constant_time_locl.h" +Index: openssl-1.0.1k/crypto/evp/evp_enc.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/evp_enc.c ++++ openssl-1.0.1k/crypto/evp/evp_enc.c +@@ -69,17 +69,58 @@ + #endif #include "evp_locl.h" -#ifdef OPENSSL_FIPS @@ -1940,7 +2006,7 @@ memset(ctx,0,sizeof(EVP_CIPHER_CTX)); /* ctx->cipher=NULL; */ } -@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1955,7 +2021,7 @@ #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing -@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct ctx->engine = NULL; #endif @@ -1966,7 +2032,7 @@ ctx->cipher=cipher; if (ctx->cipher->ctx_size) { -@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif @@ -1977,7 +2043,7 @@ /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 -@@ -250,6 +291,22 @@ skip_to_init: +@@ -249,6 +290,22 @@ skip_to_init: } } @@ -2000,7 +2066,7 @@ if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; } -@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX +@@ -573,7 +630,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { @@ -2008,7 +2074,7 @@ if (c->cipher != NULL) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT +@@ -584,16 +640,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT } if (c->cipher_data) OPENSSL_free(c->cipher_data); @@ -2025,8 +2091,10 @@ memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } ---- openssl-1.0.1j.orig/crypto/evp/evp_lib.c -+++ openssl-1.0.1j/crypto/evp/evp_lib.c +Index: openssl-1.0.1k/crypto/evp/evp_lib.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/evp_lib.c ++++ openssl-1.0.1k/crypto/evp/evp_lib.c @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -2037,8 +2105,10 @@ return ctx->cipher->do_cipher(ctx,out,in,inl); } ---- openssl-1.0.1j.orig/crypto/evp/evp_locl.h -+++ openssl-1.0.1j/crypto/evp/evp_locl.h +Index: openssl-1.0.1k/crypto/evp/evp_locl.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/evp_locl.h ++++ openssl-1.0.1k/crypto/evp/evp_locl.h @@ -371,11 +371,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ #define MD2_Init private_MD2_Init #define MDC2_Init private_MDC2_Init @@ -2059,8 +2129,10 @@ #define Camellia_set_key private_Camellia_set_key #endif ---- openssl-1.0.1j.orig/crypto/evp/m_dss.c -+++ openssl-1.0.1j/crypto/evp/m_dss.c +Index: openssl-1.0.1k/crypto/evp/m_dss.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/m_dss.c ++++ openssl-1.0.1k/crypto/evp/m_dss.c @@ -66,7 +66,6 @@ #endif @@ -2083,8 +2155,10 @@ } #endif -#endif ---- openssl-1.0.1j.orig/crypto/evp/m_dss1.c -+++ openssl-1.0.1j/crypto/evp/m_dss1.c +Index: openssl-1.0.1k/crypto/evp/m_dss1.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/m_dss1.c ++++ openssl-1.0.1k/crypto/evp/m_dss1.c @@ -68,8 +68,6 @@ #include #endif @@ -2108,8 +2182,10 @@ } #endif -#endif ---- openssl-1.0.1j.orig/crypto/evp/m_md2.c -+++ openssl-1.0.1j/crypto/evp/m_md2.c +Index: openssl-1.0.1k/crypto/evp/m_md2.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/m_md2.c ++++ openssl-1.0.1k/crypto/evp/m_md2.c @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include @@ -2118,8 +2194,10 @@ static int init(EVP_MD_CTX *ctx) { return MD2_Init(ctx->md_data); } ---- openssl-1.0.1j.orig/crypto/evp/m_sha1.c -+++ openssl-1.0.1j/crypto/evp/m_sha1.c +Index: openssl-1.0.1k/crypto/evp/m_sha1.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/m_sha1.c ++++ openssl-1.0.1k/crypto/evp/m_sha1.c @@ -59,8 +59,6 @@ #include #include "cryptlib.h" @@ -2184,8 +2262,10 @@ #endif /* ifndef OPENSSL_NO_SHA512 */ -#endif ---- openssl-1.0.1j.orig/crypto/evp/p_sign.c -+++ openssl-1.0.1j/crypto/evp/p_sign.c +Index: openssl-1.0.1k/crypto/evp/p_sign.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/p_sign.c ++++ openssl-1.0.1k/crypto/evp/p_sign.c @@ -61,6 +61,7 @@ #include #include @@ -2217,8 +2297,10 @@ if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; ---- openssl-1.0.1j.orig/crypto/evp/p_verify.c -+++ openssl-1.0.1j/crypto/evp/p_verify.c +Index: openssl-1.0.1k/crypto/evp/p_verify.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/evp/p_verify.c ++++ openssl-1.0.1k/crypto/evp/p_verify.c @@ -61,6 +61,7 @@ #include #include @@ -2250,8 +2332,10 @@ i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); +Index: openssl-1.0.1k/crypto/fips/Makefile +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/Makefile ++++ openssl-1.0.1k/crypto/fips/Makefile @@ -0,0 +1,340 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -2593,8 +2677,10 @@ +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c +Index: openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c @@ -0,0 +1,939 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -3535,8 +3621,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c @@ -0,0 +1,517 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4055,8 +4143,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c @@ -0,0 +1,702 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -4760,8 +4850,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c @@ -0,0 +1,292 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5055,8 +5147,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c @@ -0,0 +1,416 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5474,8 +5568,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c @@ -0,0 +1,537 @@ +#include + @@ -6014,8 +6110,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c @@ -0,0 +1,571 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6588,8 +6686,10 @@ +} + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files @@ -6821,8 +6921,10 @@ + return 0; + } +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c @@ -0,0 +1,390 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7214,8 +7316,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c @@ -0,0 +1,370 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7587,8 +7691,10 @@ + return ret; + } +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c @@ -0,0 +1,377 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7967,8 +8073,10 @@ + return ret; + } +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c ++++ openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8358,8 +8466,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/cavs/fips_utl.h +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h ++++ openssl-1.0.1k/crypto/fips/cavs/fips_utl.h @@ -0,0 +1,343 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -8704,8 +8814,10 @@ +#endif + } + +Index: openssl-1.0.1k/crypto/fips/fips.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips.c ++++ openssl-1.0.1k/crypto/fips/fips.c @@ -0,0 +1,489 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9196,8 +9308,10 @@ + + +#endif +Index: openssl-1.0.1k/crypto/fips/fips.h +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips.h ++++ openssl-1.0.1k/crypto/fips/fips.h @@ -0,0 +1,279 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9478,8 +9592,10 @@ +} +#endif +#endif +Index: openssl-1.0.1k/crypto/fips/fips_aes_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_aes_selftest.c @@ -0,0 +1,359 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9840,8 +9956,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c @@ -0,0 +1,161 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10004,8 +10122,10 @@ + return rv; + } +#endif +Index: openssl-1.0.1k/crypto/fips/fips_des_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_des_selftest.c @@ -0,0 +1,147 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10154,8 +10274,10 @@ + return ret; + } +#endif +Index: openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c ++++ openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10593,8 +10715,10 @@ + + return 1; + } +Index: openssl-1.0.1k/crypto/fips/fips_drbg_hash.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c ++++ openssl-1.0.1k/crypto/fips/fips_drbg_hash.c @@ -0,0 +1,378 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -10974,8 +11098,10 @@ + + return 1; + } +Index: openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c ++++ openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c @@ -0,0 +1,281 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -11258,8 +11384,10 @@ + + return 1; + } +Index: openssl-1.0.1k/crypto/fips/fips_drbg_lib.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c ++++ openssl-1.0.1k/crypto/fips/fips_drbg_lib.c @@ -0,0 +1,578 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -11839,8 +11967,10 @@ + memcpy(dctx->lb, out, dctx->blocklength); + return 1; + } +Index: openssl-1.0.1k/crypto/fips/fips_drbg_rand.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c ++++ openssl-1.0.1k/crypto/fips/fips_drbg_rand.c @@ -0,0 +1,172 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12014,8 +12144,10 @@ + return &rand_drbg_meth; + } + +Index: openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c @@ -0,0 +1,862 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -12879,8 +13011,10 @@ + return rv; + } + +Index: openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h ++++ openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h @@ -0,0 +1,2335 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15217,8 +15351,10 @@ + 0xc2,0xd6,0xfd,0xa5 + }; + +Index: openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c @@ -0,0 +1,193 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15413,8 +15549,10 @@ + return ret; + } +#endif +Index: openssl-1.0.1k/crypto/fips/fips_enc.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_enc.c ++++ openssl-1.0.1k/crypto/fips/fips_enc.c @@ -0,0 +1,191 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15607,8 +15745,10 @@ + } + } + +Index: openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c @@ -0,0 +1,137 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -15747,8 +15887,10 @@ + return 1; + } +#endif +Index: openssl-1.0.1k/crypto/fips/fips_locl.h +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_locl.h ++++ openssl-1.0.1k/crypto/fips/fips_locl.h @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -15821,8 +15963,10 @@ +} +#endif +#endif +Index: openssl-1.0.1k/crypto/fips/fips_md.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_md.c ++++ openssl-1.0.1k/crypto/fips/fips_md.c @@ -0,0 +1,145 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -15969,8 +16113,10 @@ + return NULL; + } + } +Index: openssl-1.0.1k/crypto/fips/fips_post.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_post.c ++++ openssl-1.0.1k/crypto/fips/fips_post.c @@ -0,0 +1,205 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -16177,8 +16323,10 @@ + return 1; + } +#endif +Index: openssl-1.0.1k/crypto/fips/fips_rand.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rand.c ++++ openssl-1.0.1k/crypto/fips/fips_rand.c @@ -0,0 +1,457 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -16637,8 +16785,10 @@ +} + +#endif +Index: openssl-1.0.1k/crypto/fips/fips_rand.h +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rand.h ++++ openssl-1.0.1k/crypto/fips/fips_rand.h @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -16785,8 +16935,10 @@ +#endif +#endif +#endif +Index: openssl-1.0.1k/crypto/fips/fips_rand_lcl.h +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h ++++ openssl-1.0.1k/crypto/fips/fips_rand_lcl.h @@ -0,0 +1,219 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -17007,8 +17159,10 @@ +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size +Index: openssl-1.0.1k/crypto/fips/fips_rand_lib.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c ++++ openssl-1.0.1k/crypto/fips/fips_rand_lib.c @@ -0,0 +1,191 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -17201,8 +17355,10 @@ + } + return 0; + } +Index: openssl-1.0.1k/crypto/fips/fips_rand_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_rand_selftest.c @@ -0,0 +1,183 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -17387,8 +17543,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/fips_randtest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_randtest.c ++++ openssl-1.0.1k/crypto/fips/fips_randtest.c @@ -0,0 +1,250 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -17640,8 +17798,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -18087,8 +18247,10 @@ + } + +#endif /* def OPENSSL_FIPS */ +Index: openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c ++++ openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c @@ -0,0 +1,282 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -18372,8 +18534,10 @@ + return 0; + + } +Index: openssl-1.0.1k/crypto/fips/fips_sha_selftest.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c ++++ openssl-1.0.1k/crypto/fips/fips_sha_selftest.c @@ -0,0 +1,140 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18515,8 +18679,10 @@ + } + +#endif +Index: openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c ++++ openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -18698,8 +18864,10 @@ + } + + +Index: openssl-1.0.1k/crypto/fips/fips_test_suite.c +=================================================================== --- /dev/null -+++ openssl-1.0.1j/crypto/fips/fips_test_suite.c ++++ openssl-1.0.1k/crypto/fips/fips_test_suite.c @@ -0,0 +1,588 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -19289,8 +19457,10 @@ + } + +#endif ---- openssl-1.0.1j.orig/crypto/hmac/hmac.c -+++ openssl-1.0.1j/crypto/hmac/hmac.c +Index: openssl-1.0.1k/crypto/hmac/hmac.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/hmac/hmac.c ++++ openssl-1.0.1k/crypto/hmac/hmac.c @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -19353,8 +19523,10 @@ EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); ---- openssl-1.0.1j.orig/crypto/md2/md2_dgst.c -+++ openssl-1.0.1j/crypto/md2/md2_dgst.c +Index: openssl-1.0.1k/crypto/md2/md2_dgst.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/md2/md2_dgst.c ++++ openssl-1.0.1k/crypto/md2/md2_dgst.c @@ -62,6 +62,11 @@ #include #include @@ -19376,8 +19548,10 @@ { c->num=0; memset(c->state,0,sizeof c->state); ---- openssl-1.0.1j.orig/crypto/md4/md4_dgst.c -+++ openssl-1.0.1j/crypto/md4/md4_dgst.c +Index: openssl-1.0.1k/crypto/md4/md4_dgst.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/md4/md4_dgst.c ++++ openssl-1.0.1k/crypto/md4/md4_dgst.c @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19387,8 +19561,10 @@ { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; ---- openssl-1.0.1j.orig/crypto/md5/md5_dgst.c -+++ openssl-1.0.1j/crypto/md5/md5_dgst.c +Index: openssl-1.0.1k/crypto/md5/md5_dgst.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/md5/md5_dgst.c ++++ openssl-1.0.1k/crypto/md5/md5_dgst.c @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -19398,8 +19574,10 @@ { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; ---- openssl-1.0.1j.orig/crypto/mdc2/mdc2dgst.c -+++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c +Index: openssl-1.0.1k/crypto/mdc2/mdc2dgst.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/mdc2/mdc2dgst.c ++++ openssl-1.0.1k/crypto/mdc2/mdc2dgst.c @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -19409,8 +19587,10 @@ { c->num=0; c->pad_type=1; ---- openssl-1.0.1j.orig/crypto/o_fips.c -+++ openssl-1.0.1j/crypto/o_fips.c +Index: openssl-1.0.1k/crypto/o_fips.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/o_fips.c ++++ openssl-1.0.1k/crypto/o_fips.c @@ -79,6 +79,8 @@ int FIPS_mode_set(int r) #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -19420,8 +19600,10 @@ if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) ---- openssl-1.0.1j.orig/crypto/o_init.c -+++ openssl-1.0.1j/crypto/o_init.c +Index: openssl-1.0.1k/crypto/o_init.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/o_init.c ++++ openssl-1.0.1k/crypto/o_init.c @@ -55,28 +55,68 @@ #include #include @@ -19495,8 +19677,10 @@ + { + OPENSSL_init_library(); + } ---- openssl-1.0.1j.orig/crypto/opensslconf.h -+++ openssl-1.0.1j/crypto/opensslconf.h +Index: openssl-1.0.1k/crypto/opensslconf.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/opensslconf.h ++++ openssl-1.0.1k/crypto/opensslconf.h @@ -4,6 +4,8 @@ #ifdef __cplusplus extern "C" { @@ -19506,8 +19690,10 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND ---- openssl-1.0.1j.orig/crypto/opensslconf.h.in -+++ openssl-1.0.1j/crypto/opensslconf.h.in +Index: openssl-1.0.1k/crypto/opensslconf.h.in +=================================================================== +--- openssl-1.0.1k.orig/crypto/opensslconf.h.in ++++ openssl-1.0.1k/crypto/opensslconf.h.in @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -19529,8 +19715,10 @@ /* Generate 80386 code? */ #undef I386_ONLY ---- openssl-1.0.1j.orig/crypto/pkcs12/p12_crt.c -+++ openssl-1.0.1j/crypto/pkcs12/p12_crt.c +Index: openssl-1.0.1k/crypto/pkcs12/p12_crt.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/pkcs12/p12_crt.c ++++ openssl-1.0.1k/crypto/pkcs12/p12_crt.c @@ -59,6 +59,10 @@ #include #include "cryptlib.h" @@ -19542,8 +19730,10 @@ static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); ---- openssl-1.0.1j.orig/crypto/rand/md_rand.c -+++ openssl-1.0.1j/crypto/rand/md_rand.c +Index: openssl-1.0.1k/crypto/rand/md_rand.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rand/md_rand.c ++++ openssl-1.0.1k/crypto/rand/md_rand.c @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -19556,8 +19746,10 @@ { RAND_poll(); initialized = 1; ---- openssl-1.0.1j.orig/crypto/rand/rand.h -+++ openssl-1.0.1j/crypto/rand/rand.h +Index: openssl-1.0.1k/crypto/rand/rand.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/rand/rand.h ++++ openssl-1.0.1k/crypto/rand/rand.h @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -19598,8 +19790,10 @@ #ifdef __cplusplus } ---- openssl-1.0.1j.orig/crypto/ripemd/rmd_dgst.c -+++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c +Index: openssl-1.0.1k/crypto/ripemd/rmd_dgst.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/ripemd/rmd_dgst.c ++++ openssl-1.0.1k/crypto/ripemd/rmd_dgst.c @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif @@ -19609,8 +19803,10 @@ { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; ---- openssl-1.0.1j.orig/crypto/rsa/rsa.h -+++ openssl-1.0.1j/crypto/rsa/rsa.h +Index: openssl-1.0.1k/crypto/rsa/rsa.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa.h ++++ openssl-1.0.1k/crypto/rsa/rsa.h @@ -164,6 +164,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif @@ -19695,8 +19891,10 @@ #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_PKCS_DECODING_ERROR 159 ---- openssl-1.0.1j.orig/crypto/rsa/rsa_crpt.c -+++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c +Index: openssl-1.0.1k/crypto/rsa/rsa_crpt.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_crpt.c ++++ openssl-1.0.1k/crypto/rsa/rsa_crpt.c @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const RSA *rsa, int padding) { @@ -19723,8 +19921,10 @@ return -1; } #endif ---- openssl-1.0.1j.orig/crypto/rsa/rsa_eay.c -+++ openssl-1.0.1j/crypto/rsa/rsa_eay.c +Index: openssl-1.0.1k/crypto/rsa/rsa_eay.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_eay.c ++++ openssl-1.0.1k/crypto/rsa/rsa_eay.c @@ -114,6 +114,10 @@ #include #include @@ -19855,8 +20055,10 @@ rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } ---- openssl-1.0.1j.orig/crypto/rsa/rsa_err.c -+++ openssl-1.0.1j/crypto/rsa/rsa_err.c +Index: openssl-1.0.1k/crypto/rsa/rsa_err.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_err.c ++++ openssl-1.0.1k/crypto/rsa/rsa_err.c @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -19866,8 +20068,10 @@ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, ---- openssl-1.0.1j.orig/crypto/rsa/rsa_gen.c -+++ openssl-1.0.1j/crypto/rsa/rsa_gen.c +Index: openssl-1.0.1k/crypto/rsa/rsa_gen.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_gen.c ++++ openssl-1.0.1k/crypto/rsa/rsa_gen.c @@ -69,6 +69,78 @@ #include #ifdef OPENSSL_FIPS @@ -20009,8 +20213,10 @@ ok=1; err: if (ok == -1) ---- openssl-1.0.1j.orig/crypto/rsa/rsa_lib.c -+++ openssl-1.0.1j/crypto/rsa/rsa_lib.c +Index: openssl-1.0.1k/crypto/rsa/rsa_lib.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_lib.c ++++ openssl-1.0.1k/crypto/rsa/rsa_lib.c @@ -84,6 +84,13 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -20086,8 +20292,10 @@ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE ---- openssl-1.0.1j.orig/crypto/rsa/rsa_pmeth.c -+++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c +Index: openssl-1.0.1k/crypto/rsa/rsa_pmeth.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_pmeth.c ++++ openssl-1.0.1k/crypto/rsa/rsa_pmeth.c @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -20131,8 +20339,10 @@ if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); ---- openssl-1.0.1j.orig/crypto/rsa/rsa_sign.c -+++ openssl-1.0.1j/crypto/rsa/rsa_sign.c +Index: openssl-1.0.1k/crypto/rsa/rsa_sign.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/rsa/rsa_sign.c ++++ openssl-1.0.1k/crypto/rsa/rsa_sign.c @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig,&p); s=tmps; @@ -20164,8 +20374,10 @@ if (i <= 0) goto err; /* Oddball MDC2 case: signature can be OCTET STRING. ---- openssl-1.0.1j.orig/crypto/sha/sha.h -+++ openssl-1.0.1j/crypto/sha/sha.h +Index: openssl-1.0.1k/crypto/sha/sha.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/sha/sha.h ++++ openssl-1.0.1k/crypto/sha/sha.h @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -20198,8 +20410,10 @@ int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); ---- openssl-1.0.1j.orig/crypto/sha/sha256.c -+++ openssl-1.0.1j/crypto/sha/sha256.c +Index: openssl-1.0.1k/crypto/sha/sha256.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/sha/sha256.c ++++ openssl-1.0.1k/crypto/sha/sha256.c @@ -12,12 +12,19 @@ #include @@ -20230,8 +20444,10 @@ memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; ---- openssl-1.0.1j.orig/crypto/sha/sha512.c -+++ openssl-1.0.1j/crypto/sha/sha512.c +Index: openssl-1.0.1k/crypto/sha/sha512.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/sha/sha512.c ++++ openssl-1.0.1k/crypto/sha/sha512.c @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -20263,8 +20479,10 @@ c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); ---- openssl-1.0.1j.orig/crypto/sha/sha_locl.h -+++ openssl-1.0.1j/crypto/sha/sha_locl.h +Index: openssl-1.0.1k/crypto/sha/sha_locl.h +=================================================================== +--- openssl-1.0.1k.orig/crypto/sha/sha_locl.h ++++ openssl-1.0.1k/crypto/sha/sha_locl.h @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, #define INIT_DATA_h4 0xc3d2e1f0UL @@ -20281,8 +20499,10 @@ memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; ---- openssl-1.0.1j.orig/crypto/whrlpool/wp_dgst.c -+++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c +Index: openssl-1.0.1k/crypto/whrlpool/wp_dgst.c +=================================================================== +--- openssl-1.0.1k.orig/crypto/whrlpool/wp_dgst.c ++++ openssl-1.0.1k/crypto/whrlpool/wp_dgst.c @@ -55,7 +55,7 @@ #include #include @@ -20292,9 +20512,11 @@ { memset (c,0,sizeof(*c)); return(1); ---- openssl-1.0.1j.orig/ssl/d1_srvr.c -+++ openssl-1.0.1j/ssl/d1_srvr.c -@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL * +Index: openssl-1.0.1k/ssl/d1_srvr.c +=================================================================== +--- openssl-1.0.1k.orig/ssl/d1_srvr.c ++++ openssl-1.0.1k/ssl/d1_srvr.c +@@ -1402,6 +1402,8 @@ int dtls1_send_server_key_exchange(SSL * j=0; for (num=2; num > 0; num--) { @@ -20303,8 +20525,10 @@ EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); ---- openssl-1.0.1j.orig/ssl/ssl_algs.c -+++ openssl-1.0.1j/ssl/ssl_algs.c +Index: openssl-1.0.1k/ssl/ssl_algs.c +=================================================================== +--- openssl-1.0.1k.orig/ssl/ssl_algs.c ++++ openssl-1.0.1k/ssl/ssl_algs.c @@ -64,6 +64,12 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.1i-noec2m-fix.patch b/openssl-1.0.1i-noec2m-fix.patch deleted file mode 100644 index 63bec22..0000000 --- a/openssl-1.0.1i-noec2m-fix.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 90fec44393443f93d6f7fb00662472bb2a8a6c9b Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Mon, 10 Nov 2014 23:42:50 +0000 -Subject: [PATCH] Added OPENSSL_NO_EC2M guards around the preferred EC curve - list - ---- - ssl/t1_lib.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index d6aff4b..8dafc6e 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -204,28 +204,40 @@ static int nid_list[] = - - static int pref_list[] = - { -+#ifndef OPENSSL_NO_EC2M - NID_sect571r1, /* sect571r1 (14) */ - NID_sect571k1, /* sect571k1 (13) */ -+#endif - NID_secp521r1, /* secp521r1 (25) */ -+#ifndef OPENSSL_NO_EC2M - NID_sect409k1, /* sect409k1 (11) */ - NID_sect409r1, /* sect409r1 (12) */ -+#endif - NID_secp384r1, /* secp384r1 (24) */ -+#ifndef OPENSSL_NO_EC2M - NID_sect283k1, /* sect283k1 (9) */ - NID_sect283r1, /* sect283r1 (10) */ -+#endif - NID_secp256k1, /* secp256k1 (22) */ - NID_X9_62_prime256v1, /* secp256r1 (23) */ -+#ifndef OPENSSL_NO_EC2M - NID_sect239k1, /* sect239k1 (8) */ - NID_sect233k1, /* sect233k1 (6) */ - NID_sect233r1, /* sect233r1 (7) */ -+#endif - NID_secp224k1, /* secp224k1 (20) */ - NID_secp224r1, /* secp224r1 (21) */ -+#ifndef OPENSSL_NO_EC2M - NID_sect193r1, /* sect193r1 (4) */ - NID_sect193r2, /* sect193r2 (5) */ -+#endif - NID_secp192k1, /* secp192k1 (18) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */ -+#ifndef OPENSSL_NO_EC2M - NID_sect163k1, /* sect163k1 (1) */ - NID_sect163r1, /* sect163r1 (2) */ - NID_sect163r2, /* sect163r2 (3) */ -+#endif - NID_secp160k1, /* secp160k1 (15) */ - NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r2, /* secp160r2 (17) */ --- -2.1.0 - - diff --git a/openssl-1.0.1j.tar.gz b/openssl-1.0.1j.tar.gz deleted file mode 100644 index 5ce9bae..0000000 --- a/openssl-1.0.1j.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 -size 4432964 diff --git a/openssl-1.0.1j.tar.gz.asc b/openssl-1.0.1j.tar.gz.asc deleted file mode 100644 index 78b2f34..0000000 --- a/openssl-1.0.1j.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJUPm6ZAAoJENnE0m0OYESRnTMH/3C0nbnYzAn5mO+PIZUs/yJ5 -DWFKNY4nUeJDuI6V1M95qhnQVn4ae3ikCQeXXVQEMMeWf2giATGJAmt0bJsyylfE -M/q9K6/hyshJDMXNWK0BvoC/XjE5ohwZQEFHjqvcS1+ednOsuLoBPNslghA2CNTC -8+iv9+eOMcTJyraEh09jjCzn7WNaL2IMyvx1b7xtj4zvZ6chVEoqSSYM820NdqZQ -1xoClVOXn/IEkoUOG81NgzsMol7AjPM8AVeG7UGHqqKy/TGKHAiik6gpLjOpGpzv -iyU7nMzK+YhWU1UgJdXu7De0FjekTFgZgHCANdw1FmPcGpiXJsZcY+jPaYNCouQ= -=h6ga ------END PGP SIGNATURE----- diff --git a/openssl-1.0.1k.tar.gz b/openssl-1.0.1k.tar.gz new file mode 100644 index 0000000..ab2ab87 --- /dev/null +++ b/openssl-1.0.1k.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c +size 4434910 diff --git a/openssl-1.0.1k.tar.gz.asc b/openssl-1.0.1k.tar.gz.asc new file mode 100644 index 0000000..c2545c3 --- /dev/null +++ b/openssl-1.0.1k.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJUro4+AAoJENnE0m0OYESRdWQH/0h7DRno0VcesRBkHE0S8zyt +DNbIyJ2QwyhFw3yKvUcau2qP6DCAi+6Fcs/MONRI6uRAN7NWxsROBstkjIVEWLq/ +fvhF27QWGCEUB9iYIk00dOtISGpUBuB0e5goOH5Gyb89c10wPkDa5ZLpAavZxzne +BFdfXQU624nt8D4k2Can9JIme3QCr6LgxVQhbU7pmXQN+dFOv8Bza9Fnm5sfo2fP +MDZNOIJusCpu15lSyJdoKpkCFy2OaQrDw6h/VAWfHENdklbkWJtCsJIV5zL6OlWn +2+6hABhE0ErmS3ax9uhWbDW9/Z0fz6WLSRGuWOVHb1ighzOj7K4WgTdMILcINQg= +=kQEU +-----END PGP SIGNATURE----- diff --git a/openssl-ocloexec.patch b/openssl-ocloexec.patch index 933b92e..ea42cb8 100644 --- a/openssl-ocloexec.patch +++ b/openssl-ocloexec.patch @@ -1,3 +1,5 @@ +Index: crypto/bio/b_sock.c +=================================================================== --- crypto/bio/b_sock.c.orig +++ crypto/bio/b_sock.c @@ -735,7 +735,7 @@ int BIO_get_accept_socket(char *host, in @@ -27,6 +29,8 @@ if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) { OPENSSL_assert(sa.len.s<=sizeof(sa.from)); +Index: crypto/bio/bss_conn.c +=================================================================== --- crypto/bio/bss_conn.c.orig +++ crypto/bio/bss_conn.c @@ -209,7 +209,7 @@ static int conn_state(BIO *b, BIO_CONNEC @@ -38,18 +42,20 @@ if (ret == INVALID_SOCKET) { SYSerr(SYS_F_SOCKET,get_last_socket_error()); +Index: crypto/bio/bss_dgram.c +=================================================================== --- crypto/bio/bss_dgram.c.orig +++ crypto/bio/bss_dgram.c -@@ -1032,7 +1032,7 @@ static int dgram_sctp_read(BIO *b, char +@@ -1101,7 +1101,7 @@ static int dgram_sctp_read(BIO *b, char msg.msg_control = cmsgbuf; msg.msg_controllen = 512; msg.msg_flags = 0; - n = recvmsg(b->num, &msg, 0); + n = recvmsg(b->num, &msg, MSG_CMSG_CLOEXEC); - if (msg.msg_controllen > 0) + if (n <= 0) { -@@ -1593,7 +1593,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1688,7 +1688,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -58,7 +64,7 @@ if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1616,7 +1616,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1711,7 +1711,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -67,7 +73,7 @@ if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1677,7 +1677,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1772,7 +1772,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) fcntl(b->num, F_SETFL, O_NONBLOCK); } @@ -76,7 +82,7 @@ if (is_dry) { -@@ -1721,7 +1721,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1816,7 +1816,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) sockflags = fcntl(b->num, F_GETFL, 0); fcntl(b->num, F_SETFL, O_NONBLOCK); @@ -85,7 +91,7 @@ fcntl(b->num, F_SETFL, sockflags); /* if notification, process and try again */ -@@ -1742,7 +1742,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1837,7 +1837,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_flags = 0; @@ -94,6 +100,8 @@ if (data->handle_notifications != NULL) data->handle_notifications(b, data->notification_context, (void*) &snp); +Index: crypto/bio/bss_file.c +=================================================================== --- crypto/bio/bss_file.c.orig +++ crypto/bio/bss_file.c @@ -120,6 +120,10 @@ BIO *BIO_new_file(const char *filename, @@ -134,6 +142,8 @@ fp=fopen(ptr,p); if (fp == NULL) { +Index: crypto/rand/rand_unix.c +=================================================================== --- crypto/rand/rand_unix.c.orig +++ crypto/rand/rand_unix.c @@ -262,7 +262,7 @@ int RAND_poll(void) @@ -145,9 +155,11 @@ #ifdef O_NONBLOCK |O_NONBLOCK #endif +Index: crypto/rand/randfile.c +=================================================================== --- crypto/rand/randfile.c.orig +++ crypto/rand/randfile.c -@@ -136,7 +136,7 @@ int RAND_load_file(const char *file, lon +@@ -137,7 +137,7 @@ int RAND_load_file(const char *file, lon #ifdef OPENSSL_SYS_VMS in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); #else @@ -156,7 +168,7 @@ #endif if (in == NULL) goto err; #if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO) -@@ -209,7 +209,7 @@ int RAND_write_file(const char *file) +@@ -210,7 +210,7 @@ int RAND_write_file(const char *file) #endif /* chmod(..., 0600) is too late to protect the file, * permissions should be restrictive from the start */ @@ -165,7 +177,7 @@ if (fd != -1) out = fdopen(fd, "wb"); } -@@ -240,7 +240,7 @@ int RAND_write_file(const char *file) +@@ -241,7 +241,7 @@ int RAND_write_file(const char *file) out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); #else if (out == NULL) diff --git a/openssl.changes b/openssl.changes index cd1ff82..8b7cd52 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Fri Jan 9 10:03:37 UTC 2015 - meissner@suse.com + +- openssl 1.0.1k release + bsc#912294 CVE-2014-3571: Fix DTLS segmentation fault in dtls1_get_record. + bsc#912292 CVE-2015-0206: Fix DTLS memory leak in dtls1_buffer_record. + bsc#911399 CVE-2014-3569: Fix issue where no-ssl3 configuration sets method to NULL. + bsc#912015 CVE-2014-3572: Abort handshake if server key exchange + message is omitted for ephemeral ECDH ciphersuites. + bsc#912014 CVE-2015-0204: Remove non-export ephemeral RSA code on client and server. + bsc#912293 CVE-2015-0205: Fixed issue where DH client certificates are accepted without verification. + bsc#912018 CVE-2014-8275: Fix various certificate fingerprint issues. + bsc#912296 CVE-2014-3570: Correct Bignum squaring. + and other bugfixes. +- openssl.keyring: use Matt Caswells current key. + pub 2048R/0E604491 2013-04-30 + uid Matt Caswell + uid Matt Caswell + sub 2048R/E3C21B70 2013-04-30 + +- openssl-1.0.1e-fips.patch: rediffed +- openssl-1.0.1i-noec2m-fix.patch: removed (upstream) +- openssl-ocloexec.patch: rediffed + ------------------------------------------------------------------- Tue Nov 18 09:42:50 UTC 2014 - brian@aljex.com diff --git a/openssl.keyring b/openssl.keyring index 952d91a..bba5399 100644 --- a/openssl.keyring +++ b/openssl.keyring @@ -1,154 +1,5 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.22 (GNU/Linux) - -mQILBEI8bW8BEAC4MIXcibrtBmTq6mYlLRHhgZnX9b4c5ej4ObLsFVH30Q/PDArT -jINEiqFCTJegBiuFpzbw207+WkpljmQYC5gTWln3u99lMEpHpxJJn+IWZF4avUAS -aoDE+kD3vjOAxDmWyNlx22gxjG6XmMi/InpMSJjlcCl2c/G01bD1corNaasx7D3T -nHljAwkLFSJirrc5Ojb2oMgRvQ5cTygshGGYdGbYCSo66a9ewDW5oxst61rYqJUh -MYhWs06i7KIHHavkBzUy/Rtmw8AQgTfwYtHj3uC29/u1+AHNM81WfNbjjZUtEAPv -BfL68DHo/8Y+sehBJSL6jiBBdJrt5lzX9TmoNSHgmr+eyGzioU0rhjqhWK3aTxCx -cMp3fCmdXnrrhBvxntsXAPVU/JRfOnWy5tCipzX02pDMxTPZSrtGM3qtO1kUtJkW -gltsJuqZOcEThKpcYu2ozSPDEI+1LMyAzb6H7Hvts6+B4eP8f86cVkfpJ+A4wE9+ -5FCpXDXWEhH4Y/Le6bJX/PdMqsX4qG3o+vLF2SVL0dzX/udO9GscZPqcpbEjd2fV -SU1uqTfLIchzchgJNHnAySMcz8EP+08iUTw+sI+n5k7gZ3is+baMjQYztVn9oB+/ -o8AO/RAnkJklb/GpzcfoHBPp17OuQI8ZuvxRfbRJISEMqnatHLAFvP9T7QAGKbQn -RHIgU3RlcGhlbiBOIEhlbnNvbiA8c3RldmVAb3BlbnNzbC5vcmc+iQEcBBABAgAG -BQJCPG3TAAoJEKLSm3vylcdZAcIIAJEpkP59JmnU8b/tzojGe3YHBR0L9YA54GZz -7MdSEQgIYaZKb+8uwvZG6nxir/HrJOhtvZKHqbna7qvx6LltJ7K+cqLSHz72Iiv9 -KvR1THLpqJaYaQfS8j0VSPNofLm1T/azKf0AVDfrBDnO1vo5dNhG514U6i96GMHX -YniRBzOkJqDNtNzh7cyyp+0Lc8vOzODjenYWUtqL2Lfqv9aOk2NV2V6LL/qUTmdt -r/KQwgSCf1yAgqgc0i5l3NJGDI0+706TIhyA3pSc/cqN2zO1oDkzRpsnyoxXrjOC -/nO6aLH2DI6TrxLfWoGQphWsjM6QLl7/90MxXCffbjJuA7ETt06JARwEEAEIAAYF -AlML0wwACgkQotKbe/KVx1nbBwf/Z1RgCusMaGQpkPUOKe3gUiuuX7kJNRxKzJZs -sXQAIalXrxnoGMmJ0vTMOqRbCYsmm8aIWO7Cj/ZNp2JJ6Z8kZSvkvXrUpbq9E9fL -OeYUBLsfQr+yR2wCl26ycZoAizZ53Rsp/4pbNEF2qivBEAgxHUQrHYaASmhq6AQd -IKgppgl+d1Oa/4tpAbv1Zr1Tgq+1s7V+//64lAPyptG7N/sgQv86jk7VAcPWwSdJ -qfsCm3nbd4WgTtS6AbZ0K5hxD9UmDMwLUeCsBzBb0NxUOA2uYrdChu5MKt+ITZMz -IyAvufNoT+nrU5WX0dlrmBKP43geOnq2lvPzip3bnOEwXbUNfYkCNQQTAQIAHwUC -QjxtbwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQ01d1B/pA6eL8Gg/9HDb2 -ccQ8vkPPvihtrWP91yItAnHN2BqziYkH/u63L9xaW90B7KFUjo6xJSF1TqXtb4NX -vGa79IJ94yit1dHTyeBqi1vsy2JlYuPxQXvwoQpyNiq05OsrAJFy9MTeWcP/OXpO -R7HwE2F9vqtmJLdwhBmuFiKT4LzhcKutMDTovWm506ow738wKQNJaRToJpd9R+Rn -UWEIz8oc4y6h1Q8aFtxjIyVMWxD9Ry+SmSLg3ZPpQNxN7UnRfYu/2YaRAWOh56tQ -vy8O+1UmJuenC2mAN1m4EUN/jibKZgFDPLrQ7H5LdR3vzKx5yB/wCAtOYJBRQIrv -o2hKOqhY3lk5AEJ1r+zq8jH9sXhy0MapZKEs9mbJq0iS7jaUlIohxXcl/bqSe2bl -JBfETc800Vxbg96A6dwWN7kn9zuF3UWNbxCeoVDDioILozekndpn2Mvz/tslTrC5 -rU7ai+/D+S3caxYxvCY8eJ741uwy7Po5/Obn1met+qhDb107jxP9p3vYHu2Y8KFd -Js9idqUyBeg10uxIIITpux1Dq/caCHBZLJ4vMWGmlBh3L1diMNRyilXiTaX58A6J -OzRjpO5s3dKwaK8j9jI7fnreqR3/nP/IJPrldEIiy3TBIxSF9u8iTDuuOF40h8ai -QAsVYQ6JlHglvrk4pZneHvMwlZaJIB/abOUjKPOJAjYEEwECACACGwMCHgECF4AF -AlMLv7YFCwkIBwMEFQoJCAUWAgMBAAAKCRDTV3UH+kDp4n4HD/9hNPUuNVLnA/m7 -ZlR/WNCCDICYNUBUj7g9o0gcVsg+5zp8Dp6wwrn5n1ZG3h/oL6zGdxgp4nQ7rPBc -xZT7vr2mVqiNppQqD88be52jmRcCI3W06SWRAVayxHXFryslFzXMfoosmAYUtPPR -hckCNwHLlbkNYXLfAU+e0pTJrAAcmCSDTU2f9KPu43JToJ2PMaIj2gRr+5pALali -KMBIsW+E9pKDiN4v3l16bHP5esqC/CC7JivUjvv+q2kU/I9+Ep4yritrw0UxMk8l -hlSnOOsdIeSD2OoVZWP9nFN8jvrPIBAGBEY6Y8uj+WNWCEM3cJhbdilqOBuOmgZJ -cbpTnEzKGtPWqDNivPcrTpJ3sxRxxnUyicaFK0jOH+L/mj/gY0Zt5RD6C/zw9oPL -PqYAAjEudGK+v15wRJDp5noitRJwjUs+08ttlTAW7uR+5KU/uRdykprcHvfGr11l -J3cSOyUMH6FOgH7pvJ35c7lmzL0b34ZEgRLL2xbKSsFyUlzubUM6LE4FEGxLOYFn -JkX8ZfReGAxvg1B5RtxdcdLjR0OFXff1ERvUmsw+phk0iayyukAzJ6albckotLr8 -V4JtJJpM4s1aldaxTmf7rNoBCvUKB5bJ/xDrUow3omt4oyQN6pAKWHrydeXF0LZZ -xsfLebHPMjxTIldbb/K9ikMx4Vh4kIkCNwQTAQgAIQUCUwvRVQIbAwULCQgHAwUV -CgkICwUWAgMBAAIeAQIXgAAKCRDTV3UH+kDp4uObD/4qOhFldhiNSezwC+EiSEwH -MFMSEneSjllAu9ZHikf7KNYLcgq/8vk3TiobsgzTls9vEdXJYsr7BvKJ3fLUwZoo -MVwycfyTC4zP0Buu2o4rMlYPvFZ9y5tfftmVQUwGVtTEUo/WQ0NREFyU/C0Q9Og0 -PRRkmuztpRJlhQFImhdPH6KCEU00xrAOsOflz1xJ3XpbWwccrm0R3gwJcA6KGVGa -9g+1nnkR2VveTqU0j6BBrPlYvdWbgYStabrdCYHTaX1lh7JfEv4fGMtaMAaqklGP -abVeCSFzm37EOWCz+n7Fs7BHq8IIj6E1jmj1pkJGAdbTF1c/7iLTU7E8EU/D6ii9 -Hu46dKyzIz+6MOlkEw+zPJNSs4Kg5xNMQF1iWjq9E3pwvPPpFWehAkUDUnfmK9Ek -q1hAq8JuE0RRedxh+xWkJS9b8p5r84S8XpixMeTrTAPmSgY3jROUvTKi6Pa9wNJh -UOM5coGL6EsBhXwQfFd/+CxyWUnCakfkp11SI4Er7oVxsHm1mvGK2oTHWZnJuxp4 -u3uCTz5f44DRZufIbSiFrzk9dKTbuQGup34gC/SvvPBbHxwz81tYq8ppxYelHQfW -JJUYKF3TJfPCTiOhLJvF0yf1N2zv7qkiL8v/IgCU8aMFwDmWEXLe92xxlDgT+6cs -DoyG656zUyzOC7VsoXGhsLQxRHIgU3RlcGhlbiBIZW5zb24gPHNoZW5zb25AZHJo -LWNvbnN1bHRhbmN5LmNvLnVrPokBHAQQAQgABgUCUwvTDAAKCRCi0pt78pXHWTny -CAC4niLxJJz4dlbNAlxu0sY4jeYAKVVsYO4Mp443Z/AqdF3O2kCyoLCjbEiRN1mN -EedpVdd7s/GFAcd1/yXG9MnUjNjKT4sEaGk8/ZiJqQVzkpMwHY6tF9kI9XMwrGrI -3pcBcBlHknrmledaQarB1e4SeCPADWMdR4dWK0zW/xDcDeHcPe0jr4Cks6lFB3P3 -8b33tI5O4vow+aqAis9klgYebvBNdIHeuAbP9eir5iYeO3zt/36BYdq+qITkiGFK -v/qqlPqEjXcsZlNGM2gFYclWGrWVE4XECOxqRwvEGYAfJaHIyiWfkf1Bz6t8vdro -PSwQ+whX/OydLxUBLTNRAeU0iQI3BBMBCAAhBQJTC8zlAhsDBQsJCAcDBRUKCQgL -BRYCAwEAAh4BAheAAAoJENNXdQf6QOniuKUQAJHU9ikZxaZrInUMKHWSEdQrwgWI -Dpcf51eun9nBvEYSpduDJ0DbtzxnkS4+Kb/KYBf7QYCuc98Aszit1iR4i+qiRvK/ -/ZDXn9UyHaWFbjNUTiYIjor13DB4wjshiVFV3vE84BJx43jNatMfnRwSuVpOWgVW -qGRxJ5IAIBeWjOzTQfwumzrrWNCT+c/RL3/yEAc/C+iSZdEAjwFdSQ7yj0ACQg+S -Z2Eqo4BMFMbBjp6N1urcO4cy+2KMdvHztj+F2siqhBwsPtqnQEkLOywvuotzpMeI -DhkI++VFX6hE/XRkvktiiq5i5byrQC3jFfuWvJ0LvoMxShBv3U/UbCJqBoqyFwMf -JVlvMqN21qxsEV1+44cvLcd1VqD8ErR3Pa2h++WGOsuKoIm6rhfWYcM2ewxk0bp6 -QtYrohT8/Ydw2G3TYYcR+8+mIAxRU39+kRsMnr5mt1oNzBqJ3vkXQddaQy9PJR06 -HERhwaaII0Ecrb2B1QdFxhvdYRqU15RaEH7dyWycFhiEEoUX4Vf28pNksH0xblVU -I9ZJwHV+Z1VgGXQk8dpdc6QQf9wvvFae9nKtKxkmmaolFiQMgZQodXxhNvDj+AjQ -sc6CZCnSfRly0DKaaHOYioUcqd7LVKnTpzmXlYOQFIASN0+R74ue8M4uFte353Yh -oWLK2Q2O+HxYtc8MiQI3BBMBCAAhBQJTC9FYAhsDBQsJCAcDBRUKCQgLBRYCAwEA -Ah4BAheAAAoJENNXdQf6QOnitssP/R9q0rQr3takz0pPAcWfn5g8fDFcEe5SBW7d -AkWCpJ9mQilDsI8L3TeCUhk3bM3mOxsxkJo6ZTaPGwS/0bR8pAZZ4DwP8CPZr8hf -X5IcqB0IXVzPuIBYibSyanw1KA7EDJ8qJBZw4+FEXGpYAmlqRvq3PEs4a5cBjtAd -o4KBePY0nI+kwC8bwuApORtuLz8vbXovGydLZJndRkLxRhLIrftWg3kpn7KNafxK -irgXciwoZKUajhfVtL/W+bKj0rS6eGoIqw52WkS9sTn0vBnrw20l4UsBHGDixCEw -TNLU/m45kB4folUvnuoq8WVx18StPrTPLmD3hzNKbWiCAmiIlbbE0/vtmP+9iGns -/ZsdhFE0dr6XBei58KIlaeTRlx0c3OB5Xq9zqMtK+BUE9vmZIzDw3UXLiV0X9ldx -9ntn5I/F+uXLEclJd0bX7WvZrKo+upHsu9UfIIvm4qNSyCr3iuVsNTQ7qZjSSlpv -nOClduFILACuCTvQ7ZTXPN7JJrdEmpm9SFtVGf8GAqYxf2W+PdD6LZ6gPGHBaSCS -S1/1MMe+khibmyUo5ceanKe+2sKraChhE75/56Zwq6EBNXRBN8v4XZIL9BbkzTpv -dYN8R55Qrdu9jeoWmGdKLFjPaoYhTPU8gnnP38buvBM/i56gowuebb72oC8wKIOM -FLpsBMJvtDFEciBTdGVwaGVuIEhlbnNvbiA8c2hlbnNvbkBvcGVuc3NsZm91bmRh -dGlvbi5jb20+iQEcBBABCAAGBQJTC9OoAAoJEKLSm3vylcdZ2AwH/jPyNrn2uZrq -1M+UG/6C/znQQDE4dRriveHtGqVlu/adJRDga74hBAWYsym520KUu/x1bGz84Lfe -aZHPKTbr3FuIA9s873BeMepGTVYuMJ66AAelcFC97AXvYIopSwg5Ru0dbb7AXFB+ -6Cwhdp7BNZRWsYeOrIhmiYD779LpNyef43bSuYU1cIdAKl9gnhWVLm9ykX+zcgim -FBnOXfAXEyJknghqyfVUoIkzDIBptv1culEWWM+5SHZm1MtSGLJsyFGn6M3mnOEk -ceMJNbLkcs4Mw7d9dDL7nqbxr4IX4uSxLO5GQ+UnN03jEYJGFH0oHrwfDdgg509F -vcU6aJm7srGJAjcEEwEIACEFAlMLzRACGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC -F4AACgkQ01d1B/pA6eIHwA//TSYOfBe6UVlBuZnBB4RXorMASy3US/RWJgjpIKsy -Vn+jU8362srXlMtPglmLxfkI9qdyCOjXpDP+a0432m6PZNVY2tmsKEvGnaBZieAX -SXH6X0Led26qN78YN4DCAskmlRwip2/WTAe7s8eZtfUtuu/fWEYxyC7ZgqdCIJLf -QzQtxDybM/6i8tJrSKfx4G7x+bl/DT2KUHoTnAvxElVhtl1a62kIv+AYdqYv0d+h -Aho+6uIpvzd7Niy1ZFJFg+JAUrnqy9PRb4T8FUhvyvWNx9gYuHGuovQ5e2FQNdit -eEy6EQwP4EyUXhi1HWqCZypogMdCxytHB0VnQBzxxsZSiWCQMcAxvAFvYl+TD90J -KWRlnU0SMKc+nGTEENHxPPbI7BJil7d6LFDj7gGfNSkyZuqB2uBraB8d2tSy6s8i -6y/akKg9UYGVETC4IZl+eL6OXnqQcFIPSf29t8GF8J7kZMzcDNEVCkDjUu0dx+mI -/UWaNpYotAXHUCVHmkQ1KjXvnEMtmChGRJullDGm/L9gjzei8ZKB75Stdynp18T9 -M7YPVMQRT4+FUvjq+374kI8QjSm0BZEZsz/2thkaqlG+i2Sfr1TyiRXFvLNil2aj -nJ7Oh04xVJDmz4Ln4j3z/M1iiNVsA7PQ6Zz842nm2YD/x7ugZa9C9SmGRtl4KXnx -rDuJAjcEEwEIACEFAlML03kCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ -01d1B/pA6eLXtw/9FeV38cRwnPkdTCiqVtwzKh9VaYn6AFX/1X0LoLV+3Mh6Lkzw -8ZRHJfb21sPjA+NVAA4yo20Dm9tI0R6jy7ikxIgmHUZZH5sH3tUfBYILtqRfTHyX -qhjFSjPPcOqU7NA3zmsAmGTc9Eu73F+4hPP/kXoF4OmiEJjiDZm+38wQ/q2sZoxy -aPussddWpmUbIPYJwfCz0Dy3GvsVhLN3deWGjtyMTLrfYYqweKnJpWF1p1ke4ZxC -YI7DSbDVdqYCkh1BTHWNqpYjMab3p4bRdLgwCDkOvIt1fSf8b/lFCkD0ZHcvL+TQ -f5h9YsuaTIMJu9M0il73eLlc9z5PlZpMD4R1mbdEMMMs82d7vEbLT9cHYlJ1lZlU -cNlaRvuIR4cCHdYqJXZ+9fCc0nElXLmrPSWEgauYlEb4XOCCgnHnP3VEMAVycSkY -rBgucYycfMQ2CXJoz4FPVST/irGCe1vpf3Vqq0SVoiAZdz3yNQ9M8iXhaA+hdrbp -pgoRgGIPBf2BjUA+Xgz8rB184tA3p9VOcvQ0LrK/N3y5FU1tk9OEemsHTKgEFFQ7 -b7OSIIUChvfl7ugXcOosNtZmD1pdyAuaiqDkeTBO+teD0LjUaUwWxl7uwLjOODjj -WN5ixjNRjv7us6htnPvv/GhhWb66Fc15XQ1gJdhiMrp426dJ32YP6OG6WWy5AgsE -Qjxx+AEQANWX4zqswKPWnq5nRhPuLm68QJxUbFiYYL6+ir4+LOV9uwKhuMtZIfZQ -3do7S3b74QMhubOrdAnNbsvd9glqHrULQzmfSM97bJn6TJNzWOunGbu35OX6aO9J -mIYCcwZq/6JYqawTYhkL5Pu4jrLSPa9BOJR5wNZ78geqeKhp6VFGAS77lt21PrFr -uVVCoIXE2iYM2V9Rn8/lW/+ah3Z6Y+ZXgjQ+0npMTdQYwKh+ZdPpq7zkyXGn4LH0 -y0oALEZZaUaZUDn8wCVhcZsQYRXzH+W6KSplb+zq7VEUT5Yf3c1XC8sBzcF5UWfW -+urodROCoWgEpz/DygM98d+Sfpj2Ui4qDrnfe3dJ6etF955/755XZ+LqLij8gu5C -GB/dWVeRUBY34fUviqUuXAmnA50Sbl66h+6R+kuyQhMQYSLfd4o3u4l06qBNf5eG -D1hj1RdBmfFN2tiD/XkwLSSl0t813J5fSm8TPwHu5rt1KvxXU8EFiTGhIZcALB1t -8tROywo253tEOaD1S2VmkJSGTa4xA5dZwe61MzcBA5SN6+lRC7PRK04ov2DMIky7 -vcJ9b3qVXKDNmKyPigGrOnc8MDX1LIQ6F2JC5A0+tiWSghO5BTMptcWzNxVdcp5Z -ClD8iFdsc0nMtqECT+WTh4MIFMMK/hHw7QkaYglQ+kLb6EwMW4ozAAYpiQIfBBgB -AgAJBQJCPHH4AhsMAAoJENNXdQf6QOnisnIP/11tnqTaiD6giEijgMFDoXOgd3eC -ecNw0KkMkY25VK9QGMaGOKHPJUxF8UOoJfzL3rAGs1ezvYfxQb4uYkTPZcsWndZJ -g0QzKRRu2GSa4p8lJAHThaVMTJ+AbyWwgQIcnskyY3eMEaB7tUEReJKiKf/f2RhS -VMKbHukqw1Tq5SabRT/o+gIFvVUlH/2m3konlvhxQlevAMPsI8hebTFCnPS5CZbu -SVxUFlC/HLxNXmSN+TxFCu9WmCIXt1biKWmVYC524dsGu3F5ojTuVGn3ND88bQCc -+GsZnU7wZ1HodEZMgYhdttR53BsVv/VkkwnmuFykq5g9nFEez7GfSm4a3Wg12zG3 -LVWCv997jNmfVIskzTvz6GwkvKS7VjSmOT7hIjI/PZcZ60KNTkXxVyqs8E6Y0h9S -W4+TRmjSbGgH1j0PpufxVqndxZSH388Nprq7CJZ/tEZkWwv+UvEGeMmSqk4adECc -J3AoXiAOsYkGin0oTWIAja5X7DKjeNQJfwfwtMjQ46aJnvGEpypWKu7Y4UnkFWGd -H3j4ZdyzVgCRUnIuIHCzOKR8jrHw7Udxb6Ck6Y9MLJ/pcOzrUCnaALKhMREaNZmY -G/cu/anS1ekMIWkC/QyX6xbXi7IedakaL56y7nJRBRmPuETKACSAWkGJ5ojm6BxT -TInCFx1evwVXM3s6 -=eP1B ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.19 (GNU/Linux) +Version: GnuPG v2 mQENBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3 @@ -162,25 +13,146 @@ nzGOUV1w/dgDLSzavmysVxb4q9psp1vj1KEtm18vzZO79AeARGwWTQYGmFmrNRWZ 2DgbjGyJ4LS5kLBqQ9FaF7vUFtml6R04yx+RTgQTg601XsAjeU8uSarmeZgGVMAI nsdMrUc74lJeWKSnovr4IFOdgiU/env19tK355bsfTvb0ksE5Q7wnnoRXdLyNet0 AWf4ednWDEnRb6cIVDF28URjxH6yIfqAVe7VnuDB4Sfuck4R4gYFS/xGfTgocPUD -Z4rUz8wleGLwDIiU7GpilmtZTl1FTPkFa/mqbcJgdVTJqLZO5vISJkZvqE5UtB9N -YXR0IENhc3dlbGwgPG1hdHRAb3BlbnNzbC5vcmc+iQE4BBMBAgAiBQJT3r68AhsD -BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDZxNJtDmBEkaA9B/9ZRCV36+uq -3b7JMjotM1NAEb1Fx425pmJGexE5HV4e1Wv045/NU96cJq9xeCHCxjSw8+BIOu8W -6v0/K67BDzseZ1f5kZ1E/e1JrELi50dsCxm0QbtuBSjO6F9ykL4CHSVncRxybI6R -glYhNZiBQEQM5Tfuqd7T250MwDY0cu4vz2FP54hnalXDIXJ2Ql+Re2B+sOrdGZmB -95tUHkRJ1qn8bu3sh7CL3mzICkyP2zBvGeypS2YWvR8KxV0ADyEk+rH3NW5SifSD -VAzPYiug0f7pZMO3tIZhy6o1qmLOT88l3qDZ7D1ybevcIgA2Ko+CjQyHTadUaBfa -n29ZxPgzOq4GuQENBFGALsIBCADPZ1CQBKbFQWMCvdjz/TJaNf3rV6eiYASOvLDg -icU8Mwa208yJXr1UF6lvc3Tgw+jmynIBjbhvhujcJ+eD+jHEaXdncaK/WAPsmiNM -k+glZ4cbF48HP77kOLQQC+rX7jAF0VSHhFZNtnCpOByQevCJlwgkXckYvRyBOYk6 -2R7BwuLIwLIq4ZXNKPIVN4KpCodhIcGuvlPJczcdOoaBRGcSFUbXqM9Y8whyJhex -F87RHAyGpjvLnJFSgLimyYBRpFN25LzYFpXPD4MeLUVDSRgtSxOJ2KmkhMHntUqQ -P1XsIgzm4/ez6Mwkxc0QlAQp0r2gJU56QPdE5zgx+2q/i+WhABEBAAGJAR8EGAEC -AAkFAlGALsICGwwACgkQ2cTSbQ5gRJELNgf/elwfYchaV/24buNWDa+50gOuXQ4v -Xfj5DKry6aYnJBt1UeMV1ssMxCU8OltgzTMhTupjrXV1oDXYAxexymWLxwa+qcrb -SwDD+wX1gb1O2GOfbiplEnOb5dDc7Gkm8eTw0kBJEiAiyPv4SMLhFzm+me4Dq1+x -dbsvN05hxTjow9pi5eYrFMxYWi1ZNH2UmPpgoIN/4p28G/IN9fdWG5Ni315p3WhL -HRMzC609IOsCIJsm8+lHVblT30jxpctFVlQBtbDTzgqQLiaTVevlca3VYgMd70D2 -8d186gxUtSEpZ3dKkv+0V8DLhQ6VR/wQ780HKIpFp6UWP5aDxpEoOEwe2g== -=Q8X3 +Z4rUz8wleGLwDIiU7GpilmtZTl1FTPkFa/mqbcJgdVTJqLZO5vISJkZvqE5UiQEc +BBABAgAGBQJUV6uPAAoJEPI0eUVcUbJ8A/4H/2h9ONzArTOEl5y/eN6jJrZc1Af3 +sC/CKxOVBJzpfVnda9O9Ldc4IFJG40ksNWuetDvShQTQtTy7dgne1lkfhud/uUG0 +uo5W2ZoYaHIXOqoC0uxCR3ctOQg5hiVsL5XPjR7YQT+0c/bDK4HWr2GgX7Fo03dt +8LETRSjovUO2xPb8MFUNc9eZNokLPq9CbOMvmEdbZIt2EEXBOnhktdT0SvXu5E0t +AC6HqZXAo+my1vSqDxxF9MlpDHysLKIM9G2mvLDbG583pYB3+DEYyr0F/vQIVEb+ +O8qUFaYCFaZKmEhIb3NC4SqLXV24+QKVu2NWtKY7wrg/rsmSI5/DmHVejXeJARwE +EwECAAYFAlRX/6sACgkQumzaRh/o4CMu2AgAl1Th443nVuobOv3tKlC89l0m048J +LG7fg8uMV0ejogQ7MAHkzQt/9uq5pQfDEtuIdLaoKqz93RtPECXfj/cBUT5iEkWl +PmOOR4UXfKUahU3qHED9+niOmlip3vZII/92oGSHv4KXPHZHOFUPn+nvaNypnIWG +TUJODueW9neoa+D8y3CC0KlZ9jTbwxSHVWTZjo8pezpJ1Fr4tE9bDibkWEm3pIcp +demSodBatNliSFcj/VeOF2AV4ABSKH0PGSrZazrefdTKPGiz01ZHmPAb6qsbLd66 +94/brzuVz9YhoSRJCTqSmXmEowPbs8TsjfMeSQkkx4STSr86+DNYmG3Kc4kCHAQQ +AQIABgUCVDuigAAKCRDfq1kqvdUvHHktD/9je36p4LXhLda0+NqWsh1Vm9dC9RxM +023LqwoMNw6khLiLzzhmXKyazvV/q/lidPYCr3rWR3tCrmEkULogHf60unBghxYH +xva5XvObFDVXDmMBTP2M3XvKIAQXhNk9I22HtfgYTIhI2Bs/D7HDFgszoBurLLQK +l+rjDevDbeWbdXJZ7J4Z63kb0GaIIHnNXnvxWo7muomXfdKJEL8LIlmeUOh/ZYcI +u8HMoGvDKYMeRZ9ph7f2Z7iJDCUmtMauLM/qPP9wiyzZKZE/wwapWkWL1KgAC+vt +hwrFzcirkhvI2rnWUOeec+nEjmnnnPzA5tDtpyOQYqkcIf9hewkfA6l9js3fbf1i +jCluP+nZjsbYb7MO9IT+bBQ1Jm0tjwu8MiX3HJZGl8CNBzk0UXImIl+0kSzSAnQg +MK6EweTzDkCMIjVLRQAmpNw/8smvzu4JF3bX+w1S1MWZ5NNebCT5hs4kVhXT8Uvw +TLmdt+afRpxtlKFxhJ05v6lNgV1o8CaOm1tmmgyqWM53/nGUi1XqtXu1+0uoO65f +JMoJOjCoK+tHzNUvyoPmU/qhyCC0yftZHA0k1BRaI7Kf0ll+i+8laJceFlFr+k6/ +Be2Mzp/C/3KyK04nU3/jY9oyUKAjq5D1mb/Ht5TWEOPoSuUtlqzgWWpNxJWTq0xe +jsLg/e/q5z7mR4kCHAQQAQIABgUCVDumsQAKCRDV6eQ/ffnujDUSD/9ar/zoYKhJ +/SsEuhEZ+taED4YRgKy0eeaT7YPqtmGVcs4meww06Og9L9FeK/8Qn/pa3xnFtTvX +K6XriSLly4DtmAZnwmtARidgXeXp+hfjEoeIXoAUpY88Af4FQhIkmJwcWRZYtM6x +/Gno8+LyzQGrGNmeoNNLJ5t7RsvBHYRR44LQNbGpv8dN0LTOAWKCmnGmNn5cN9Uq +BvrgJRsJvvBRtF/V53Y5giHX4N9C4VT21odQ4sEq3HrsofwEWDHnl0hEoWOpu3zu +AcxsAdm4A113z2+WnTLcQnCRjmG7mGpDStLTiBcw45MsGOLnR2CgtNXEQOYp97/C +wkgNF5rUyx/Owr63uw0EWOFkaqDWd8KPt4ZTmOcOUChVnEyFCXu9F3oD2ypbaM5O +ielMwj3Uq8Br5c21g0qCeDAIUaNQLl6cFfPtD6jDiYNhVBgOGrlvHyGP3+mm+Ix3 +w2CpKmHv6z0ed2XWqQElBuOr2I8vcSos8SAK5oJz50t1joLP5PQ4T/FlbBBfXYgW +PtEGsae9K/cXVSV6NSxcfXDtNggfDG1S4AkwH1Ka96AtrGutJCPm1xSMpMJ7m3+G +5EfEqHnF5lnn/By+gZTvC+nnqGM4UolcAyz6FFVha/CtfoYBiXekUXnz6dDEgxm5 +fA7CVeo+TDg4LgvvHh+P+EuJKQ4lQqGQl4kCHAQQAQIABgUCVEJylwAKCRBDFxH3 +bRiS9VfrD/9yo5fWTBHdCMAVRsLa/rKSk0oB2jKXg+5Jo1m/FM3UF4JibDor8VLo +TgKUXTn2eyqX3Dr6/3UiGFzU43kg+IG9ZdCLx8FwGAEo0MA7Tef7W0Drq00kAdVy +dhS+1gi4NZc4Hj+rSYcYkto2/e+zlSmD5CB3X3kgTK3+qv7bQbGlLMxZfP1sWsUd +jI2gWpxIeqqUZXM1CwIzqXWFEktKTov2CRLftk3pSQ6pS4sw60dpq2+e7EeARZfp +WIHAG8PXCgbq2M8mhAZ1NADWgXRPHCN3MeDV3qM5Lj6ov2/i3Crmy1IV5Bxt6QLD +A04Sbv5TpJ1tecriW2wTWUU3b/QWzFuCS+FUNSKWJe7tbQJyWQY+BtVZsMeFdjiY +B8QrUY5WOc97tgBVXZG7+5ustM5d0VDk83sHnQrGxPVqQq57Pwi1JFTxM7YDzePX +3KZVNXi5NR+EI69+Ej3cBRKpOUdAsq7ywKzlqiYtpcZD/uzJKi0F+AyOKLPFG4Ny +f8eGqr75tDAXqdoE4fu6IKSybc3MKlX9+LiDyTlQmgoZIRmczHPfbCBQQln7NNk/ +6BegL87/yJYSZuR10SLzRNdYa2E1wliPZezrUxu6Y4OeYEIxL0/w6j7I1YFGqwR4 +83B2SdTXC1NKQVDUR6tbm/oDhNVo7mZ4VjUFJ7oS8en5+rbNv30svokCHAQQAQoA +BgUCVD7PygAKCRAgZMU2QcJeXYG/D/9KUEi7mN50xURhILUp7KKJnS3WbGP32N+/ +/XXr1QIEiOuRhbCBp49Y9/Q9TGYFYGm42ClkMyGLW9Dp7zcyejjVrVRO5srQ5e9g +q5IPgfeoa6Wu301YzsvO3RBa10dg9thA6HJsDlU+vyCnU8fKThdSS1aaYtBqEAUJ +IzdFK0KIShqHyjKB31iVg2NL8AziBKHWIqr5Tyh84DFRuT+PAwwSYW5sy5j9wsyX +FK1ZAfkmS9fJsrr3n0l9KsUYW8dJzLcdEmtS+dbJLAPrqbhssK1wk/NE1/N+8+Y6 +ocegn2lFfMheA6s+d1ejBnk0angY8ZGgLIvCuB/iTfivDefqM2KtbQBOqbw6rf3B +TLlVVfiCbFo/RJgxoAQTKs4D+OH8RnWoNANoIOitpIpieBD2I0pFmVDob9sh0toV +Hk8aDO6s6lNoEiLEJVWoh/6+qxsRX/rDAGyWO+4Oz6ctyS/laQjT2FxLGODZBMxj +XrdyRXrC/nIcwYUlFfB3xX54xAo1j38OIauO9u93338LFLYAcpHhkW78nmkRxNa5 +SjiribecDj5/bzOI7G7gfTCKmEkUuZltCrG5MwSHorhGP/v8M+TeLsjkvzgm1Hd6 +0pf1+NXOPbZpiCq1S/yIs1zBEj1Q1t1PuJT+BYkOzlR/RhSJFSY/B4dBA+HxN/cY +KzwNZN88HLQfTWF0dCBDYXN3ZWxsIDxtYXR0QG9wZW5zc2wub3JnPokBOAQTAQIA +IgUCU96+vAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2cTSbQ5gRJGg +PQf/WUQld+vrqt2+yTI6LTNTQBG9RceNuaZiRnsROR1eHtVr9OOfzVPenCavcXgh +wsY0sPPgSDrvFur9PyuuwQ87HmdX+ZGdRP3tSaxC4udHbAsZtEG7bgUozuhfcpC+ +Ah0lZ3EccmyOkYJWITWYgUBEDOU37qne09udDMA2NHLuL89hT+eIZ2pVwyFydkJf +kXtgfrDq3RmZgfebVB5ESdap/G7t7Iewi95syApMj9swbxnsqUtmFr0fCsVdAA8h +JPqx9zVuUon0g1QMz2IroNH+6WTDt7SGYcuqNapizk/PJd6g2ew9cm3r3CIANiqP +go0Mh02nVGgX2p9vWcT4MzquBokCHAQQAQoABgUCVD7PygAKCRAgZMU2QcJeXSx6 +EACM2ZWwnTz0FwLaQfqcAUEUee2rX03GwXgZsw00fIv+IRtCGvZ+c5OyP6Blujb+ +gylHK6sohL/JBqPO6y49HlQ+VOjo2iFzeFdoC8No936fKxfvM1NeocsXShb1rXak +LDtiUj3UEqFbfdwrt7s6xqpNF6cEcci8sE8vGTSazNePui0C9NqV5Gh924MCNTwC +EasEhXvyurKB8Sgo2X5lH3OutDlHnUuiNtJ10n8rRNe87ZKgKcPahjpsMKC87rqK +55/sGLdqAndyXmnasHUKEd7bwQzq396SZgdKxlEruwQPyrecjaqf0CpHhGVsTpCi +78IQ7jR6xZWdBBAAn6SeFKfxnDypx5thqXsWDRrzH5gTXAqN3BNUluTn0gQgqGVx +dU5/uY0fHXlXjjyS/CcEBQlhMeMbXvnWCQ+IGOToRedpUwTENB1+TkdUz/RuQm/U +EP2Lmkfx4XDj+R+lgbftQ6cfJtZccmvh+euWRcbJUlPXIeM6DJVRaL700R1VHrSi +2oPXQi9YcMlyzh4BZ9fe3DIBiIDBDOURMGB75ULlCxi39H1H2Anf0/E11aPOOkr7 +oavD6AVziihQJ8LqNI2obdX+UwivoU35NXZMCifmTOcCbrCxw+Xih+X6EPC0qwhR +pDevf7mqWxWVyu30hLv3YJOgmHEh+++GRzS7SL9iovev+4kBHAQQAQIABgUCU/p2 +2gAKCRA1IssGdHjPYDuZB/9arXoSdE0WGasdEfG+Qup0lL2rsfAYYXyCP08wVsZ0 +pBVmoby+hpIHEkcVH47Au+lYW9UTrvK3yMKEhSrxTzA9LIjC9Q0Mfms1CEo9oRa8 +2p2jM9Yy9thCMR21Xhq/GmCkaKuR3oK5ofMXngTf4eyMwCQYPcYhL69OVx+/60w0 +DbG6/nJ553Rd0qDTGxjk/gzji4VYe0rJcATZSIO5TjJdd2VATkDDvRWa2asvMMN+ +CcPL6U2iZi8g4s413CmImz5W8/u7R2v7dkRJ0FLbP3+OAiHFD6n7uD0WAhZKT4+H +HSKbOnh6mMnyGMnyn2N5IvrEL3FM0cflUrKfqnbFa/KyiQEcBBABAgAGBQJUV6uP +AAoJEPI0eUVcUbJ8OaoIALRdJKgFzcsDqtX4SeJpefJ4796u8O5B7w/16nXwOw7i +2lDUpmz9+bwEliVOc8etFCRvB6nl/NSq8OUCdha5MIIJVoJn3EWz4LNHCcplxE0g +zHfVMBaV8eB/+AEyvJ6QlaeN+PKBW3VPPGHxnBQBDdXmfIh2ceAkB9pCU6zN/lHV +95fs+E3X028OAaN/uwbyaJYCmWxRYOA0nIA7A9C2UWugrnka1qISR6XtiOhjTe9u +G9/K9FclJueW0FnFVXXwl+/O0epy4oOq199UoJvF0FEDChNvnAjjrS1iUOxGcvJ7 +/sSgCV3t8sYyNm+euCCXbKTdF5iPkpRvpSKauPjO5nmJARwEEwECAAYFAlRX/6sA +CgkQumzaRh/o4CM5egf+J/+ia/Iqes82Gd5Q5I+I9yrNy+itjtEpBHNX3XrT+iJH +BrRfVUN2MGW/ovElEOkxo7ZuA6c5zSnPBqsrzuLdacFR5LNMVrE2i5B7H5bcMGJ9 +AZPXud1YBTzbGaKCzdVnvW9EnrYSQK5eiDTQkPPJiHjrvz1QLrng7AJUFfWm4/xh +RchpPT8cVHBRP7qAInkP1IYJ7dVDKOJRFsEM7J1Jx5M6vmSi1du1IvNsSeD19+8a +fyWc5q88fJRx/DlRZ+y/R4OH8wj4fbwRwuMTqWLXAlY4A8r0AGXYhR5BN4jKZAyx +pyq7hY64D9WNhojqYRYwxOADWn9GqxMfSesSCr1gzokCHAQQAQIABgUCVDuigAAK +CRDfq1kqvdUvHGVQD/9WuFZgc24DIw3mAJKk2dNG+zIEmJx+EKRTqhwrs97y48xP +0KWKGtmuEwx6fHDhBnHiOB41pixk2GD7K0XGy9sqTL3PBINgECgEPEhkmSLATqrp +bYFA6IiAGlDtc7ySZ3qlajUgLGoUTuen5HfMxrF8waldv1IUm2MarkCYShz7/RD8 +Zq6VpnkqNAlUch9f3hnZgRI2MpuTRl2aij/vtPVzg01t5KFvfZLYI8OkJx57A1L+ +/8w6BEmKyC5WhNEEaH9uF5qhnZjZHsien7BZS7Tvkgb+6OMowS3ShNqUH3A2YVbW +AupaLq1nRwvs7rTWDuoRMVZGGUm0SM08TUKkl16hWxsAJEzCCdVxO+8l5Ul26LkC +KJLdeFPrJmutgQnPJOQ6Q/EsYYua3iNAbJp+hZ9quw0R0oiyO5b7Cn8P9KffpiY0 +01GQ4SqYrll80WJn1kUWp+QqvIvZC595aVmF9Fplqp24qXdXt2OMhzZF6FdSB0GS +xplHgjR866XD2EjH6RgHZ/PTUYI9zjEEro2gk/BG5dshSa42nBkD+aJfmvjQ4CDI +sccsHdYlLdtvujsN0F/rFRRKdIAPZhnbVB45AqNL81AUDEaXXWa93GyW58GjZy0i +l29i0Zg/hMn7vhqt3pZY8GL9ND3J90rJuvls/zmeITIUR3wDH20ZdTw07P62RIkC +HAQQAQIABgUCVDumsQAKCRDV6eQ/ffnujPWzD/43HZVkH0GTm9LpXlEvXGNGTmce +y5majqUTmEOmqD2j3wJZZatW8uOCDCclKdjcwiL3B1DOZbrtVZqit4mK6uhxN/MW +lgPnH3lO8o3xtmLNED3POZXkTUD1+VkOJRFiekg9Y9tVAn5CfUlu8/V/1p0smBvI +HArJmhgpOy4ZzGtMTrlJHxNCuxlj+IAGL48xw+3zIrgpjuUoGHZwiLO0+bTls3Tt +/xUvPH192OQlbBWIrby2uGfjaoM+iiRuuvztYzd/BpxLlbU61E7yYe9T/9Or35jh +40T20KC9Ugv9etHER5QdtoNxrXJhkBGfGz9av/apTTgEuG2WeSlyFlom2scfuEsV +XwXIHHewv9Hqpr9yIEi5vwSwEtn5/FFoAUl5cY3hN+6BMUTn7DEOIrKjuzyOwPTM +mrS+BL8nUg/FgiO6KvdNBHMwW2cB97DTCo3ThL0Hr87i3J8bg0mB7jUIWcldAox2 +5vsKdGo9UBygEtHIHPojc5n3ludmeMpkMdM7pI8WvWfHqiOstaJhyyfWw+0RWr/c +n5e2RaK9Ieef5PwCn6yrFmzR/KOnSV34XkBgfzMBf8J3OJzDZXDuZzw9ns/3fU25 +om3OsiCDLuXkRESLBCYBbYnenWiaUacDOkS+DqLw9P9SsPWIKOaz0cVnbPmZFIzu +67KxPiPHmY9DZ0xuFYkCHAQQAQIABgUCVEJylwAKCRBDFxH3bRiS9VzQEACuEjJC +doXPGk+e8orcS1Xq7/Y4FbtChfuYaqjreccV1fmTmY7EPMj6YARyVslM39TcwDwN +gYhZ52pn7BtAGUVoz+p+A+kEerwUE2Id7J3yViH0kFk2ar3FZTUXA8rp3HhBKOZj +P+d0FBEzTCEhS44s3SyoD+ByY7jZeTg0F9f2p4HBoEeEbTBcOR1fJv0NG/A+5lsc +zfD6YDgJsT9C3TCLKV4AMRy/wDZjkHMoXYB0ttXASlFzjsMGsy0FwbgyAdg9XIIt +7jrDuWHy9M9eVHCp8JBW+gEMq116Jmq1FT7/5VMBdK+o1fiU5zRRAPdYGfr9PWy5 +ygH7g6nl/jFV5XmRnnrgL7etWI07pjpoPWqHqjUTGg5UbnzMfRk9TnPBAJGXFJIw +S2QszDEU3ApESc14NHrUUYVH4GvyeG5DYKZlz7HCpwtdpoYJ4DL2adE8U8qUmQkc +izaoE8x8rf0h6qrQcOOw4H1vX/RdhDtxbcK/fOgaHeQYOa5+lcNAlE7lU3z/bl6f +iB2hWlQdyzajceEoFJpxMm+QvRV/Z3wmwWeVPjZexFChbQVtaGagPJxXhid7rc2T +o8egQq5gAAfUOPwB5YWnvmFnmq3o1zCy5wZGUcm9aU0/sNZjBa9J7Fisv6uCQblQ +HA90wVUJ351GEm5Nh+j8oOpNafAgVim/zTaYS7kBDQRRgC7CAQgAz2dQkASmxUFj +Ar3Y8/0yWjX961enomAEjryw4InFPDMGttPMiV69VBepb3N04MPo5spyAY24b4bo +3Cfng/oxxGl3Z3Giv1gD7JojTJPoJWeHGxePBz++5Di0EAvq1+4wBdFUh4RWTbZw +qTgckHrwiZcIJF3JGL0cgTmJOtkewcLiyMCyKuGVzSjyFTeCqQqHYSHBrr5TyXM3 +HTqGgURnEhVG16jPWPMIciYXsRfO0RwMhqY7y5yRUoC4psmAUaRTduS82BaVzw+D +Hi1FQ0kYLUsTidippITB57VKkD9V7CIM5uP3s+jMJMXNEJQEKdK9oCVOekD3ROc4 +Mftqv4vloQARAQABiQEfBBgBAgAJBQJRgC7CAhsMAAoJENnE0m0OYESRCzYH/3pc +H2HIWlf9uG7jVg2vudIDrl0OL134+Qyq8ummJyQbdVHjFdbLDMQlPDpbYM0zIU7q +Y611daA12AMXscpli8cGvqnK20sAw/sF9YG9Tthjn24qZRJzm+XQ3OxpJvHk8NJA +SRIgIsj7+EjC4Rc5vpnuA6tfsXW7LzdOYcU46MPaYuXmKxTMWFotWTR9lJj6YKCD +f+KdvBvyDfX3VhuTYt9ead1oSx0TMwutPSDrAiCbJvPpR1W5U99I8aXLRVZUAbWw +084KkC4mk1Xr5XGt1WIDHe9A9vHdfOoMVLUhKWd3SpL/tFfAy4UOlUf8EO/NByiK +RaelFj+Wg8aRKDhMHto= +=m5FY -----END PGP PUBLIC KEY BLOCK----- diff --git a/openssl.spec b/openssl.spec index 98bcfae..bbde688 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,7 +1,7 @@ # # spec file for package openssl # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.1j +Version: 1.0.1k Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -38,7 +38,8 @@ Url: https://www.openssl.org/ Source: https://www.%{name}.org/source/%{name}-%{version}.tar.gz Source42: https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc # https://www.openssl.org/about/ -Source43: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring +# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring +Source43: %name.keyring # to get mtime of file: Source1: openssl.changes Source2: baselibs.conf @@ -74,7 +75,6 @@ Patch34: openssl-fips-hidden.patch Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch36: openssl-1.0.1e-add-suse-default-cipher-header.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch -Patch38: openssl-1.0.1i-noec2m-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -191,7 +191,6 @@ this package's base documentation. %patch35 -p1 %patch36 -p1 %patch37 -p1 -%patch38 -p1 cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure"