diff --git a/openssl-1.0.2d.tar.gz b/openssl-1.0.2d.tar.gz deleted file mode 100644 index c3859a1..0000000 --- a/openssl-1.0.2d.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8 -size 5295447 diff --git a/openssl-1.0.2d.tar.gz.asc b/openssl-1.0.2d.tar.gz.asc deleted file mode 100644 index 72fe5b8..0000000 --- a/openssl-1.0.2d.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+ -0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr -qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ -uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku -6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq -54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y= -=U3sw ------END PGP SIGNATURE----- diff --git a/openssl-1.0.2a-fips.patch b/openssl-1.0.2e-fips.patch similarity index 94% rename from openssl-1.0.2a-fips.patch rename to openssl-1.0.2e-fips.patch index c4169bc..9249aa6 100644 --- a/openssl-1.0.2a-fips.patch +++ b/openssl-1.0.2e-fips.patch @@ -1,7 +1,6 @@ -Index: openssl-1.0.2c/apps/speed.c -=================================================================== ---- openssl-1.0.2c.orig/apps/speed.c 2015-06-12 23:20:59.468588414 +0200 -+++ openssl-1.0.2c/apps/speed.c 2015-06-12 23:21:28.252934111 +0200 +diff -up openssl-1.0.2e/apps/speed.c.fips openssl-1.0.2e/apps/speed.c +--- openssl-1.0.2e/apps/speed.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/apps/speed.c 2015-12-04 13:55:51.956562389 +0100 @@ -197,7 +197,6 @@ # ifdef OPENSSL_DOING_MAKEDEPEND # undef AES_set_encrypt_key @@ -134,11 +133,10 @@ Index: openssl-1.0.2c/apps/speed.c HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); -Index: openssl-1.0.2c/Configure -=================================================================== ---- openssl-1.0.2c.orig/Configure 2015-06-12 23:20:49.250465706 +0200 -+++ openssl-1.0.2c/Configure 2015-06-12 23:21:28.253934123 +0200 -@@ -1070,11 +1070,6 @@ if (defined($disabled{"md5"}) || defined +diff -up openssl-1.0.2e/Configure.fips openssl-1.0.2e/Configure +--- openssl-1.0.2e/Configure.fips 2015-12-04 13:55:51.939561992 +0100 ++++ openssl-1.0.2e/Configure 2015-12-04 13:55:51.956562389 +0100 +@@ -1058,11 +1058,6 @@ if (defined($disabled{"md5"}) || defined $disabled{"ssl2"} = "forced"; } @@ -150,7 +148,7 @@ Index: openssl-1.0.2c/Configure # RSAX ENGINE sets default non-FIPS RSA method. if ($fips) { -@@ -1563,7 +1558,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b +@@ -1551,7 +1546,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b if ($fips) { $openssl_other_defines.="#define OPENSSL_FIPS\n"; @@ -158,7 +156,7 @@ Index: openssl-1.0.2c/Configure } $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1764,9 +1758,12 @@ while () +@@ -1754,9 +1748,12 @@ while () s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -172,10 +170,9 @@ Index: openssl-1.0.2c/Configure s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -Index: openssl-1.0.2c/crypto/aes/aes_misc.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/aes/aes_misc.c 2015-06-12 23:20:59.469588427 +0200 -+++ openssl-1.0.2c/crypto/aes/aes_misc.c 2015-06-12 23:21:28.253934123 +0200 +diff -up openssl-1.0.2e/crypto/aes/aes_misc.c.fips openssl-1.0.2e/crypto/aes/aes_misc.c +--- openssl-1.0.2e/crypto/aes/aes_misc.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/aes/aes_misc.c 2015-12-04 13:55:51.956562389 +0100 @@ -70,17 +70,11 @@ const char *AES_options(void) int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) @@ -194,10 +191,9 @@ Index: openssl-1.0.2c/crypto/aes/aes_misc.c -#endif return private_AES_set_decrypt_key(userKey, bits, key); } -Index: openssl-1.0.2c/crypto/cmac/cmac.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/cmac/cmac.c 2015-06-12 23:20:59.469588427 +0200 -+++ openssl-1.0.2c/crypto/cmac/cmac.c 2015-06-12 23:21:28.253934123 +0200 +diff -up openssl-1.0.2e/crypto/cmac/cmac.c.fips openssl-1.0.2e/crypto/cmac/cmac.c +--- openssl-1.0.2e/crypto/cmac/cmac.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/cmac/cmac.c 2015-12-04 13:55:51.957562412 +0100 @@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) void CMAC_CTX_cleanup(CMAC_CTX *ctx) @@ -246,10 +242,9 @@ Index: openssl-1.0.2c/crypto/cmac/cmac.c if (ctx->nlast_block == -1) return 0; bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -Index: openssl-1.0.2c/crypto/crypto.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/crypto.h 2015-06-12 23:20:59.470588438 +0200 -+++ openssl-1.0.2c/crypto/crypto.h 2015-06-12 23:21:28.254934135 +0200 +diff -up openssl-1.0.2e/crypto/crypto.h.fips openssl-1.0.2e/crypto/crypto.h +--- openssl-1.0.2e/crypto/crypto.h.fips 2015-12-04 13:55:51.843559753 +0100 ++++ openssl-1.0.2e/crypto/crypto.h 2015-12-04 13:55:51.957562412 +0100 @@ -600,24 +600,29 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); @@ -295,10 +290,9 @@ Index: openssl-1.0.2c/crypto/crypto.h /* Error codes for the CRYPTO functions. */ /* Function codes. */ -Index: openssl-1.0.2c/crypto/des/des.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/des/des.h 2015-06-12 23:20:59.470588438 +0200 -+++ openssl-1.0.2c/crypto/des/des.h 2015-06-12 23:21:28.254934135 +0200 +diff -up openssl-1.0.2e/crypto/des/des.h.fips openssl-1.0.2e/crypto/des/des.h +--- openssl-1.0.2e/crypto/des/des.h.fips 2015-12-04 13:55:51.871560406 +0100 ++++ openssl-1.0.2e/crypto/des/des.h 2015-12-04 13:55:51.957562412 +0100 @@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); @@ -310,10 +304,9 @@ Index: openssl-1.0.2c/crypto/des/des.h void DES_string_to_key(const char *str, DES_cblock *key); void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -Index: openssl-1.0.2c/crypto/des/set_key.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/des/set_key.c 2015-06-12 23:20:59.470588438 +0200 -+++ openssl-1.0.2c/crypto/des/set_key.c 2015-06-12 23:21:28.254934135 +0200 +diff -up openssl-1.0.2e/crypto/des/set_key.c.fips openssl-1.0.2e/crypto/des/set_key.c +--- openssl-1.0.2e/crypto/des/set_key.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/des/set_key.c 2015-12-04 13:55:51.957562412 +0100 @@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock } @@ -330,10 +323,9 @@ Index: openssl-1.0.2c/crypto/des/set_key.c { static const int shifts2[16] = { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -Index: openssl-1.0.2c/crypto/dh/dh_gen.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dh/dh_gen.c 2015-06-12 23:20:59.470588438 +0200 -+++ openssl-1.0.2c/crypto/dh/dh_gen.c 2015-06-12 23:21:28.254934135 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh_gen.c.fips openssl-1.0.2e/crypto/dh/dh_gen.c +--- openssl-1.0.2e/crypto/dh/dh_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dh/dh_gen.c 2015-12-04 13:55:51.957562412 +0100 @@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i #endif if (ret->meth->generate_params) @@ -364,10 +356,9 @@ Index: openssl-1.0.2c/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -Index: openssl-1.0.2c/crypto/dh/dh.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/dh/dh.h 2015-06-12 23:20:59.470588438 +0200 -+++ openssl-1.0.2c/crypto/dh/dh.h 2015-06-12 23:21:28.254934135 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh.h.fips openssl-1.0.2e/crypto/dh/dh.h +--- openssl-1.0.2e/crypto/dh/dh.h.fips 2015-12-04 13:55:51.816559124 +0100 ++++ openssl-1.0.2e/crypto/dh/dh.h 2015-12-04 13:55:51.957562412 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif @@ -377,10 +368,9 @@ Index: openssl-1.0.2c/crypto/dh/dh.h # define DH_FLAG_CACHE_MONT_P 0x01 /* -Index: openssl-1.0.2c/crypto/dh/dh_key.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dh/dh_key.c 2015-06-12 23:20:59.471588450 +0200 -+++ openssl-1.0.2c/crypto/dh/dh_key.c 2015-06-12 23:21:28.254934135 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh_key.c.fips openssl-1.0.2e/crypto/dh/dh_key.c +--- openssl-1.0.2e/crypto/dh/dh_key.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dh/dh_key.c 2015-12-04 13:55:51.958562435 +0100 @@ -61,6 +61,9 @@ #include #include @@ -448,10 +438,9 @@ Index: openssl-1.0.2c/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2c/crypto/dh/dh_lib.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dh/dh_lib.c 2015-06-12 23:20:59.471588450 +0200 -+++ openssl-1.0.2c/crypto/dh/dh_lib.c 2015-06-12 23:21:28.255934147 +0200 +diff -up openssl-1.0.2e/crypto/dh/dh_lib.c.fips openssl-1.0.2e/crypto/dh/dh_lib.c +--- openssl-1.0.2e/crypto/dh/dh_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dh/dh_lib.c 2015-12-04 13:55:51.958562435 +0100 @@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH const DH_METHOD *DH_get_default_method(void) { @@ -467,10 +456,9 @@ Index: openssl-1.0.2c/crypto/dh/dh_lib.c } return default_DH_method; } -Index: openssl-1.0.2c/crypto/dsa/dsa_err.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_err.c 2015-06-12 23:20:59.471588450 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_err.c 2015-06-12 23:21:28.255934147 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_err.c.fips openssl-1.0.2e/crypto/dsa/dsa_err.c +--- openssl-1.0.2e/crypto/dsa/dsa_err.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_err.c 2015-12-04 13:55:51.958562435 +0100 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -489,10 +477,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_err.c {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_gen.c 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_gen.c 2015-06-12 23:21:28.255934147 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips openssl-1.0.2e/crypto/dsa/dsa_gen.c +--- openssl-1.0.2e/crypto/dsa/dsa_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_gen.c 2015-12-04 13:57:39.122061481 +0100 @@ -91,6 +91,16 @@ # include # endif @@ -510,7 +497,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, -@@ -106,13 +116,6 @@ int DSA_generate_parameters_ex(DSA *ret, +@@ -106,97 +116,165 @@ int DSA_generate_parameters_ex(DSA *ret, if (ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); @@ -522,10 +509,8 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c - } -# endif else { - const EVP_MD *evpmd; - size_t qbits = bits >= 2048 ? 256 : 160; -@@ -126,80 +129,156 @@ int DSA_generate_parameters_ex(DSA *ret, - } + const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); + size_t qbits = EVP_MD_size(evpmd) * 8; return dsa_builtin_paramgen(ret, bits, qbits, evpmd, - seed_in, seed_len, NULL, counter_ret, @@ -653,10 +638,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c - if (evpmd == NULL) - /* use SHA1 as default */ -- evpmd = EVP_sha1(); + if (evpmd == NULL) { + if (qbits <= 160) -+ evpmd = EVP_sha1(); + evpmd = EVP_sha1(); + else if (qbits <= 224) + evpmd = EVP_sha224(); + else @@ -681,13 +665,14 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c - if (seed_in != NULL) - memcpy(seed, seed_in, seed_len); - -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- - BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); - g = BN_CTX_get(ctx); W = BN_CTX_get(ctx); @@ -706,7 +691,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c + n = (bits + qbits - 1) / qbits - 1; + /* step 4 b = bits - 1 - n * qbits */ + b = bits - 1 - n * qbits; -+ ++ for (;;) { for (;;) { /* find q */ int seed_is_random; @@ -716,7 +701,12 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c if (!BN_GENCB_call(cb, 0, m++)) goto err; -@@ -213,29 +292,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ +- if (!seed_len || !seed_in) { ++ if (!seed_len) { + if (RAND_pseudo_bytes(seed, qsize) < 0) + goto err; + seed_is_random = 1; +@@ -206,29 +284,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ * be bad */ } memcpy(buf, seed, qsize); @@ -749,7 +739,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); if (r > 0) -@@ -243,8 +311,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -236,8 +303,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (r != 0) goto err; @@ -758,7 +748,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c } if (!BN_GENCB_call(cb, 2, 0)) -@@ -252,19 +318,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -245,19 +310,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 3, 0)) goto err; @@ -781,7 +771,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c for (k = 0; k <= n; k++) { /* * obtain "SEED + offset + k" by incrementing: -@@ -278,36 +341,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -271,36 +333,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) goto err; @@ -827,7 +817,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); if (r > 0) goto end; /* found it */ -@@ -315,12 +379,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -308,12 +371,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ goto err; } @@ -843,7 +833,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c break; } } -@@ -328,7 +392,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -321,7 +384,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ if (!BN_GENCB_call(cb, 2, 1)) goto err; @@ -878,7 +868,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c /* Set r0=(p-1)/q */ if (!BN_sub(test, p, BN_value_one())) goto err; -@@ -357,46 +447,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ +@@ -350,46 +439,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ ok = 1; err: if (ok) { @@ -925,7 +915,7 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c /* * This is a parameter generation algorithm for the DSA2 algorithm as * described in FIPS 186-3. -@@ -422,14 +480,6 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -415,14 +472,6 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX mctx; unsigned int h = 2; @@ -940,10 +930,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_gen.c EVP_MD_CTX_init(&mctx); if (evpmd == NULL) { -Index: openssl-1.0.2c/crypto/dsa/dsa.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa.h 2015-06-12 23:20:59.472588462 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa.h 2015-06-12 23:21:28.255934147 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa.h.fips openssl-1.0.2e/crypto/dsa/dsa.h +--- openssl-1.0.2e/crypto/dsa/dsa.h.fips 2015-12-04 13:55:51.740557351 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa.h 2015-12-04 13:55:51.958562435 +0100 @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 # endif @@ -1011,10 +1000,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa.h # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -Index: openssl-1.0.2c/crypto/dsa/dsa_key.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_key.c 2015-06-12 23:20:59.472588462 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_key.c 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_key.c.fips openssl-1.0.2e/crypto/dsa/dsa_key.c +--- openssl-1.0.2e/crypto/dsa/dsa_key.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_key.c 2015-12-04 13:55:51.958562435 +0100 @@ -66,6 +66,34 @@ # ifdef OPENSSL_FIPS @@ -1090,10 +1078,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_key.c ok = 1; err: -Index: openssl-1.0.2c/crypto/dsa/dsa_lib.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_lib.c 2015-06-12 23:20:59.472588462 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_lib.c 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips openssl-1.0.2e/crypto/dsa/dsa_lib.c +--- openssl-1.0.2e/crypto/dsa/dsa_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_lib.c 2015-12-04 13:55:51.959562458 +0100 @@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME const DSA_METHOD *DSA_get_default_method(void) { @@ -1109,10 +1096,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_lib.c } return default_DSA_method; } -Index: openssl-1.0.2c/crypto/dsa/dsa_locl.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_locl.h 2015-06-12 23:20:59.472588462 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_locl.h 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips openssl-1.0.2e/crypto/dsa/dsa_locl.h +--- openssl-1.0.2e/crypto/dsa/dsa_locl.h.fips 2015-12-04 13:55:51.742557398 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_locl.h 2015-12-04 13:55:51.959562458 +0100 @@ -56,7 +56,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, @@ -1122,10 +1108,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_locl.h int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -Index: openssl-1.0.2c/crypto/dsa/dsa_ossl.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_ossl.c 2015-06-12 23:20:59.472588462 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_ossl.c 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2e/crypto/dsa/dsa_ossl.c +--- openssl-1.0.2e/crypto/dsa/dsa_ossl.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_ossl.c 2015-12-04 13:55:51.959562458 +0100 @@ -65,6 +65,9 @@ #include #include @@ -1194,10 +1179,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_ossl.c dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -Index: openssl-1.0.2c/crypto/dsa/dsa_pmeth.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsa_pmeth.c 2015-06-12 23:20:59.473588474 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsa_pmeth.c 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2e/crypto/dsa/dsa_pmeth.c +--- openssl-1.0.2e/crypto/dsa/dsa_pmeth.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsa_pmeth.c 2015-12-04 13:55:51.959562458 +0100 @@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT if (!dsa) return 0; @@ -1207,10 +1191,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsa_pmeth.c if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else -Index: openssl-1.0.2c/crypto/dsa/dsatest.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/dsa/dsatest.c 2015-06-12 23:20:59.473588474 +0200 -+++ openssl-1.0.2c/crypto/dsa/dsatest.c 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/dsa/dsatest.c.fips openssl-1.0.2e/crypto/dsa/dsatest.c +--- openssl-1.0.2e/crypto/dsa/dsatest.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/dsa/dsatest.c 2015-12-04 13:55:51.959562458 +0100 @@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -1294,10 +1277,9 @@ Index: openssl-1.0.2c/crypto/dsa/dsatest.c goto end; } if (h != 2) { -Index: openssl-1.0.2c/crypto/engine/eng_all.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/engine/eng_all.c 2015-06-12 23:20:59.473588474 +0200 -+++ openssl-1.0.2c/crypto/engine/eng_all.c 2015-06-12 23:21:28.256934159 +0200 +diff -up openssl-1.0.2e/crypto/engine/eng_all.c.fips openssl-1.0.2e/crypto/engine/eng_all.c +--- openssl-1.0.2e/crypto/engine/eng_all.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/engine/eng_all.c 2015-12-04 13:55:51.959562458 +0100 @@ -59,11 +59,25 @@ #include "cryptlib.h" @@ -1324,10 +1306,9 @@ Index: openssl-1.0.2c/crypto/engine/eng_all.c #if 0 /* * There's no longer any need for an "openssl" ENGINE unless, one day, it -Index: openssl-1.0.2c/crypto/evp/c_allc.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/c_allc.c 2015-06-12 23:20:59.473588474 +0200 -+++ openssl-1.0.2c/crypto/evp/c_allc.c 2015-06-12 23:21:28.257934171 +0200 +diff -up openssl-1.0.2e/crypto/evp/c_allc.c.fips openssl-1.0.2e/crypto/evp/c_allc.c +--- openssl-1.0.2e/crypto/evp/c_allc.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:55:51.959562458 +0100 @@ -65,6 +65,10 @@ void OpenSSL_add_all_ciphers(void) { @@ -1404,10 +1385,9 @@ Index: openssl-1.0.2c/crypto/evp/c_allc.c + } +#endif } -Index: openssl-1.0.2c/crypto/evp/c_alld.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/c_alld.c 2015-06-12 23:20:59.473588474 +0200 -+++ openssl-1.0.2c/crypto/evp/c_alld.c 2015-06-12 23:21:28.257934171 +0200 +diff -up openssl-1.0.2e/crypto/evp/c_alld.c.fips openssl-1.0.2e/crypto/evp/c_alld.c +--- openssl-1.0.2e/crypto/evp/c_alld.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/c_alld.c 2015-12-04 13:55:51.960562482 +0100 @@ -64,51 +64,81 @@ void OpenSSL_add_all_digests(void) @@ -1513,10 +1493,9 @@ Index: openssl-1.0.2c/crypto/evp/c_alld.c + } #endif } -Index: openssl-1.0.2c/crypto/evp/digest.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/digest.c 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/digest.c 2015-06-12 23:21:28.257934171 +0200 +diff -up openssl-1.0.2e/crypto/evp/digest.c.fips openssl-1.0.2e/crypto/evp/digest.c +--- openssl-1.0.2e/crypto/evp/digest.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/digest.c 2015-12-04 13:55:51.960562482 +0100 @@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons return EVP_DigestInit_ex(ctx, type, NULL); } @@ -1675,10 +1654,9 @@ Index: openssl-1.0.2c/crypto/evp/digest.c memset(ctx, '\0', sizeof *ctx); return 1; -Index: openssl-1.0.2c/crypto/evp/e_aes.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/e_aes.c 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/e_aes.c 2015-06-12 23:21:28.257934171 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_aes.c.fips openssl-1.0.2e/crypto/evp/e_aes.c +--- openssl-1.0.2e/crypto/evp/e_aes.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:55:51.960562482 +0100 @@ -60,9 +60,6 @@ # include "modes_lcl.h" # include @@ -1716,10 +1694,9 @@ Index: openssl-1.0.2c/crypto/evp/e_aes.c if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); -Index: openssl-1.0.2c/crypto/evp/e_des3.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/e_des3.c 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/e_des3.c 2015-06-12 23:21:28.258934183 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_des3.c.fips openssl-1.0.2e/crypto/evp/e_des3.c +--- openssl-1.0.2e/crypto/evp/e_des3.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:55:51.960562482 +0100 @@ -65,10 +65,6 @@ # include # include @@ -1731,10 +1708,9 @@ Index: openssl-1.0.2c/crypto/evp/e_des3.c typedef struct { union { double align; -Index: openssl-1.0.2c/crypto/evp/e_null.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/e_null.c 2015-06-12 23:20:59.474588486 +0200 -+++ openssl-1.0.2c/crypto/evp/e_null.c 2015-06-12 23:21:28.258934183 +0200 +diff -up openssl-1.0.2e/crypto/evp/e_null.c.fips openssl-1.0.2e/crypto/evp/e_null.c +--- openssl-1.0.2e/crypto/evp/e_null.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/e_null.c 2015-12-04 13:55:51.960562482 +0100 @@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c static const EVP_CIPHER n_cipher = { NID_undef, @@ -1744,10 +1720,9 @@ Index: openssl-1.0.2c/crypto/evp/e_null.c null_init_key, null_cipher, NULL, -Index: openssl-1.0.2c/crypto/evp/evp_enc.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/evp_enc.c 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/crypto/evp/evp_enc.c 2015-06-12 23:21:28.258934183 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp_enc.c.fips openssl-1.0.2e/crypto/evp/evp_enc.c +--- openssl-1.0.2e/crypto/evp/evp_enc.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/evp_enc.c 2015-12-04 13:55:51.961562505 +0100 @@ -69,16 +69,73 @@ #endif #include "evp_locl.h" @@ -1915,10 +1890,9 @@ Index: openssl-1.0.2c/crypto/evp/evp_enc.c memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; } -Index: openssl-1.0.2c/crypto/evp/evp.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/evp.h 2015-06-12 23:20:59.475588498 +0200 -+++ openssl-1.0.2c/crypto/evp/evp.h 2015-06-12 23:21:28.258934183 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp.h.fips openssl-1.0.2e/crypto/evp/evp.h +--- openssl-1.0.2e/crypto/evp/evp.h.fips 2015-12-04 13:55:51.855560033 +0100 ++++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:55:51.961562505 +0100 @@ -122,6 +122,10 @@ extern "C" { #endif @@ -1972,10 +1946,9 @@ Index: openssl-1.0.2c/crypto/evp/evp.h /* * Cipher handles any and all padding logic as well as finalisation. */ -Index: openssl-1.0.2c/crypto/evp/evp_lib.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/evp_lib.c 2015-06-12 23:20:59.475588498 +0200 -+++ openssl-1.0.2c/crypto/evp/evp_lib.c 2015-06-12 23:21:28.258934183 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp_lib.c.fips openssl-1.0.2e/crypto/evp/evp_lib.c +--- openssl-1.0.2e/crypto/evp/evp_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/evp_lib.c 2015-12-04 13:55:51.961562505 +0100 @@ -60,10 +60,6 @@ #include "cryptlib.h" #include @@ -1987,7 +1960,7 @@ Index: openssl-1.0.2c/crypto/evp/evp_lib.c int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { -@@ -200,6 +196,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ +@@ -224,6 +220,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -1997,7 +1970,7 @@ Index: openssl-1.0.2c/crypto/evp/evp_lib.c return ctx->cipher->do_cipher(ctx, out, in, inl); } -@@ -210,22 +209,12 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher( +@@ -234,22 +233,12 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher( unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) { @@ -2020,7 +1993,7 @@ Index: openssl-1.0.2c/crypto/evp/evp_lib.c } void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -@@ -292,40 +281,8 @@ int EVP_MD_size(const EVP_MD *md) +@@ -316,40 +305,8 @@ int EVP_MD_size(const EVP_MD *md) return md->md_size; } @@ -2061,10 +2034,9 @@ Index: openssl-1.0.2c/crypto/evp/evp_lib.c return md->flags; } -Index: openssl-1.0.2c/crypto/evp/evp_locl.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/evp_locl.h 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/evp_locl.h 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/evp_locl.h.fips openssl-1.0.2e/crypto/evp/evp_locl.h +--- openssl-1.0.2e/crypto/evp/evp_locl.h.fips 2015-12-04 13:55:51.851559940 +0100 ++++ openssl-1.0.2e/crypto/evp/evp_locl.h 2015-12-04 13:55:51.961562505 +0100 @@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ @@ -2098,10 +2070,9 @@ Index: openssl-1.0.2c/crypto/evp/evp_locl.h # define Camellia_set_key private_Camellia_set_key #endif -Index: openssl-1.0.2c/crypto/evp/m_dss.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/m_dss.c 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/m_dss.c 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_dss.c.fips openssl-1.0.2e/crypto/evp/m_dss.c +--- openssl-1.0.2e/crypto/evp/m_dss.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_dss.c 2015-12-04 13:55:51.961562505 +0100 @@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { NID_dsaWithSHA, NID_dsaWithSHA, @@ -2111,10 +2082,9 @@ Index: openssl-1.0.2c/crypto/evp/m_dss.c init, update, final, -Index: openssl-1.0.2c/crypto/evp/m_dss1.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/m_dss1.c 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/m_dss1.c 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_dss1.c.fips openssl-1.0.2e/crypto/evp/m_dss1.c +--- openssl-1.0.2e/crypto/evp/m_dss1.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_dss1.c 2015-12-04 13:55:51.961562505 +0100 @@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { NID_dsa, NID_dsaWithSHA1, @@ -2124,10 +2094,9 @@ Index: openssl-1.0.2c/crypto/evp/m_dss1.c init, update, final, -Index: openssl-1.0.2c/crypto/evp/m_md2.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/m_md2.c 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/m_md2.c 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_md2.c.fips openssl-1.0.2e/crypto/evp/m_md2.c +--- openssl-1.0.2e/crypto/evp/m_md2.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_md2.c 2015-12-04 13:55:51.962562529 +0100 @@ -68,6 +68,7 @@ # ifndef OPENSSL_NO_RSA # include @@ -2136,10 +2105,9 @@ Index: openssl-1.0.2c/crypto/evp/m_md2.c static int init(EVP_MD_CTX *ctx) { -Index: openssl-1.0.2c/crypto/evp/m_sha1.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/m_sha1.c 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/m_sha1.c 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/m_sha1.c.fips openssl-1.0.2e/crypto/evp/m_sha1.c +--- openssl-1.0.2e/crypto/evp/m_sha1.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/m_sha1.c 2015-12-04 13:55:51.962562529 +0100 @@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -2190,10 +2158,9 @@ Index: openssl-1.0.2c/crypto/evp/m_sha1.c init512, update512, final512, -Index: openssl-1.0.2c/crypto/evp/p_sign.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/p_sign.c 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/p_sign.c 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/p_sign.c.fips openssl-1.0.2e/crypto/evp/p_sign.c +--- openssl-1.0.2e/crypto/evp/p_sign.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/p_sign.c 2015-12-04 13:55:51.962562529 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2225,10 +2192,9 @@ Index: openssl-1.0.2c/crypto/evp/p_sign.c if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; -Index: openssl-1.0.2c/crypto/evp/p_verify.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/evp/p_verify.c 2015-06-12 23:20:59.476588510 +0200 -+++ openssl-1.0.2c/crypto/evp/p_verify.c 2015-06-12 23:21:28.259934195 +0200 +diff -up openssl-1.0.2e/crypto/evp/p_verify.c.fips openssl-1.0.2e/crypto/evp/p_verify.c +--- openssl-1.0.2e/crypto/evp/p_verify.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/evp/p_verify.c 2015-12-04 13:55:51.962562529 +0100 @@ -61,6 +61,7 @@ #include #include @@ -2260,10 +2226,9 @@ Index: openssl-1.0.2c/crypto/evp/p_verify.c i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: EVP_PKEY_CTX_free(pkctx); -Index: openssl-1.0.2c/crypto/fips/fips_aes_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_aes_selftest.c 2015-06-12 23:21:28.260934207 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_aes_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_aes_selftest.c.fips 2015-12-04 13:55:51.962562529 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_aes_selftest.c 2015-12-04 13:55:51.962562529 +0100 @@ -0,0 +1,365 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2630,10 +2595,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_aes_selftest.c +} + +#endif -Index: openssl-1.0.2c/crypto/fips/fips.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips.c 2015-06-12 23:21:28.260934207 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips.c.fips openssl-1.0.2e/crypto/fips/fips.c +--- openssl-1.0.2e/crypto/fips/fips.c.fips 2015-12-04 13:55:51.962562529 +0100 ++++ openssl-1.0.2e/crypto/fips/fips.c 2015-12-04 13:55:51.962562529 +0100 @@ -0,0 +1,483 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3118,10 +3082,9 @@ Index: openssl-1.0.2c/crypto/fips/fips.c +# endif + +#endif -Index: openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c 2015-06-12 23:21:28.260934207 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_cmac_selftest.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3279,10 +3242,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_cmac_selftest.c + return rv; +} +#endif -Index: openssl-1.0.2c/crypto/fips/fips_des_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_des_selftest.c 2015-06-12 23:21:28.260934207 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_des_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_des_selftest.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_des_selftest.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -3422,10 +3384,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_des_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c 2015-06-12 23:21:28.261934219 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_ctr.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3842,10 +3803,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_ctr.c + + return 1; +} -Index: openssl-1.0.2c/crypto/fips/fips_drbg_hash.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_hash.c 2015-06-12 23:21:28.261934219 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_hash.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_hash.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_hash.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,358 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4205,10 +4165,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_hash.c + + return 1; +} -Index: openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c 2015-06-12 23:21:28.261934219 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c.fips 2015-12-04 13:55:51.963562552 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_hmac.c 2015-12-04 13:55:51.963562552 +0100 @@ -0,0 +1,270 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4480,10 +4439,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_hmac.c + + return 1; +} -Index: openssl-1.0.2c/crypto/fips/fips_drbg_lib.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_lib.c 2015-06-12 23:21:28.261934219 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_lib.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_lib.c.fips 2015-12-04 13:55:51.964562575 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_lib.c 2015-12-04 13:55:51.964562575 +0100 @@ -0,0 +1,553 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5038,10 +4996,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_lib.c + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -Index: openssl-1.0.2c/crypto/fips/fips_drbg_rand.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_rand.c 2015-06-12 23:21:28.262934231 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_rand.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_rand.c.fips 2015-12-04 13:55:51.964562575 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_rand.c 2015-12-04 13:55:51.964562575 +0100 @@ -0,0 +1,166 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5209,10 +5166,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_rand.c +{ + return &rand_drbg_meth; +} -Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c 2015-06-12 23:21:28.262934231 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c.fips 2015-12-04 13:55:51.964562575 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_selftest.c 2015-12-04 13:55:51.964562575 +0100 @@ -0,0 +1,827 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -6041,10 +5997,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.c + FIPS_drbg_free(dctx); + return rv; +} -Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h 2015-06-12 23:21:28.263934243 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h +--- openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h.fips 2015-12-04 13:55:51.965562598 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_drbg_selftest.h 2015-12-04 13:55:51.965562598 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7837,10 +7792,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_drbg_selftest.h + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -Index: openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c 2015-06-12 23:21:28.263934243 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c.fips 2015-12-04 13:55:51.965562598 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_dsa_selftest.c 2015-12-04 13:55:51.965562598 +0100 @@ -0,0 +1,192 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8034,10 +7988,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_dsa_selftest.c + return ret; +} +#endif -Index: openssl-1.0.2c/crypto/fips/fips_enc.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_enc.c 2015-06-12 23:21:28.264934255 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_enc.c.fips openssl-1.0.2e/crypto/fips/fips_enc.c +--- openssl-1.0.2e/crypto/fips/fips_enc.c.fips 2015-12-04 13:55:51.965562598 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_enc.c 2015-12-04 13:55:51.965562598 +0100 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8228,10 +8181,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_enc.c + + } +} -Index: openssl-1.0.2c/crypto/fips/fips.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips.h 2015-06-12 23:21:28.264934255 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips.h.fips openssl-1.0.2e/crypto/fips/fips.h +--- openssl-1.0.2e/crypto/fips/fips.h.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips.h 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,278 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -8511,10 +8463,9 @@ Index: openssl-1.0.2c/crypto/fips/fips.h +} +# endif +#endif -Index: openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c 2015-06-12 23:21:28.264934255 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_hmac_selftest.c 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8650,10 +8601,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_hmac_selftest.c + return 1; +} +#endif -Index: openssl-1.0.2c/crypto/fips/fips_locl.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_locl.h 2015-06-12 23:21:28.264934255 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_locl.h.fips openssl-1.0.2e/crypto/fips/fips_locl.h +--- openssl-1.0.2e/crypto/fips/fips_locl.h.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_locl.h 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8726,10 +8676,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_locl.h +} +# endif +#endif -Index: openssl-1.0.2c/crypto/fips/fips_md.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_md.c 2015-06-12 23:21:28.264934255 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_md.c.fips openssl-1.0.2e/crypto/fips/fips_md.c +--- openssl-1.0.2e/crypto/fips/fips_md.c.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_md.c 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8875,10 +8824,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_md.c + return NULL; + } +} -Index: openssl-1.0.2c/crypto/fips/fips_post.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_post.c 2015-06-12 23:21:28.264934255 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_post.c.fips openssl-1.0.2e/crypto/fips/fips_post.c +--- openssl-1.0.2e/crypto/fips/fips_post.c.fips 2015-12-04 13:55:51.966562622 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_post.c 2015-12-04 13:55:51.966562622 +0100 @@ -0,0 +1,201 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9081,10 +9029,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_post.c + return 1; +} +#endif -Index: openssl-1.0.2c/crypto/fips/fips_rand.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rand.c 2015-06-12 23:21:28.265934267 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand.c.fips openssl-1.0.2e/crypto/fips/fips_rand.c +--- openssl-1.0.2e/crypto/fips/fips_rand.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,428 @@ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. @@ -9514,10 +9461,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rand.c +} + +#endif -Index: openssl-1.0.2c/crypto/fips/fips_rand.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rand.h 2015-06-12 23:21:28.265934267 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand.h.fips openssl-1.0.2e/crypto/fips/fips_rand.h +--- openssl-1.0.2e/crypto/fips/fips_rand.h.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand.h 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,163 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9682,10 +9628,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rand.h +# endif +# endif +#endif -Index: openssl-1.0.2c/crypto/fips/fips_rand_lcl.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rand_lcl.h 2015-06-12 23:21:28.265934267 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2e/crypto/fips/fips_rand_lcl.h +--- openssl-1.0.2e/crypto/fips/fips_rand_lcl.h.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand_lcl.h 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,213 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -9900,10 +9845,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rand_lcl.h +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -Index: openssl-1.0.2c/crypto/fips/fips_rand_lib.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rand_lib.c 2015-06-12 23:21:28.265934267 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2e/crypto/fips/fips_rand_lib.c +--- openssl-1.0.2e/crypto/fips/fips_rand_lib.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand_lib.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,181 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -10086,10 +10030,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rand_lib.c + } + return 0; +} -Index: openssl-1.0.2c/crypto/fips/fips_rand_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rand_selftest.c 2015-06-12 23:21:28.266934279 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_rand_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_rand_selftest.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rand_selftest.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,176 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10267,10 +10210,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rand_selftest.c +} + +#endif -Index: openssl-1.0.2c/crypto/fips/fips_randtest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_randtest.c 2015-06-12 23:21:28.266934279 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_randtest.c.fips openssl-1.0.2e/crypto/fips/fips_randtest.c +--- openssl-1.0.2e/crypto/fips/fips_randtest.c.fips 2015-12-04 13:55:51.967562645 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_randtest.c 2015-12-04 13:55:51.967562645 +0100 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10519,10 +10461,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_randtest.c +} + +#endif -Index: openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c 2015-06-12 23:21:28.266934279 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rsa_selftest.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,444 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10968,10 +10909,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rsa_selftest.c +} + +#endif /* def OPENSSL_FIPS */ -Index: openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c 2015-06-12 23:21:28.266934279 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c +--- openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_rsa_x931g.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,273 @@ +/* crypto/rsa/rsa_gen.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -11246,10 +11186,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_rsa_x931g.c + return 0; + +} -Index: openssl-1.0.2c/crypto/fips/fips_sha_selftest.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_sha_selftest.c 2015-06-12 23:21:28.266934279 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2e/crypto/fips/fips_sha_selftest.c +--- openssl-1.0.2e/crypto/fips/fips_sha_selftest.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_sha_selftest.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11396,10 +11335,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_sha_selftest.c +} + +#endif -Index: openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c 2015-06-12 23:21:28.267934291 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c +--- openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_standalone_hmac.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,268 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11669,10 +11607,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_standalone_hmac.c +#endif + return 0; +} -Index: openssl-1.0.2c/crypto/fips/fips_test_suite.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/fips_test_suite.c 2015-06-12 23:21:28.267934291 +0200 +diff -up openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips openssl-1.0.2e/crypto/fips/fips_test_suite.c +--- openssl-1.0.2e/crypto/fips/fips_test_suite.c.fips 2015-12-04 13:55:51.968562668 +0100 ++++ openssl-1.0.2e/crypto/fips/fips_test_suite.c 2015-12-04 13:55:51.968562668 +0100 @@ -0,0 +1,639 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -12313,10 +12250,9 @@ Index: openssl-1.0.2c/crypto/fips/fips_test_suite.c +} + +#endif -Index: openssl-1.0.2c/crypto/fips/Makefile -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2c/crypto/fips/Makefile 2015-06-12 23:21:28.267934291 +0200 +diff -up openssl-1.0.2e/crypto/fips/Makefile.fips openssl-1.0.2e/crypto/fips/Makefile +--- openssl-1.0.2e/crypto/fips/Makefile.fips 2015-12-04 13:55:51.969562692 +0100 ++++ openssl-1.0.2e/crypto/fips/Makefile 2015-12-04 13:55:51.969562692 +0100 @@ -0,0 +1,341 @@ +# +# OpenSSL/crypto/fips/Makefile @@ -12659,10 +12595,9 @@ Index: openssl-1.0.2c/crypto/fips/Makefile +fips_sha_selftest.o: ../../include/openssl/safestack.h +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -Index: openssl-1.0.2c/crypto/hmac/hmac.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/hmac/hmac.c 2015-06-12 16:51:27.000000000 +0200 -+++ openssl-1.0.2c/crypto/hmac/hmac.c 2015-06-12 23:22:24.640611438 +0200 +diff -up openssl-1.0.2e/crypto/hmac/hmac.c.fips openssl-1.0.2e/crypto/hmac/hmac.c +--- openssl-1.0.2e/crypto/hmac/hmac.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/hmac/hmac.c 2015-12-04 13:55:51.969562692 +0100 @@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); return 0; @@ -12725,10 +12660,9 @@ Index: openssl-1.0.2c/crypto/hmac/hmac.c EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); -Index: openssl-1.0.2c/crypto/mdc2/mdc2dgst.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/mdc2/mdc2dgst.c 2015-06-12 23:20:59.483588594 +0200 -+++ openssl-1.0.2c/crypto/mdc2/mdc2dgst.c 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2e/crypto/mdc2/mdc2dgst.c +--- openssl-1.0.2e/crypto/mdc2/mdc2dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/mdc2/mdc2dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -76,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) @@ -12738,10 +12672,9 @@ Index: openssl-1.0.2c/crypto/mdc2/mdc2dgst.c { c->num = 0; c->pad_type = 1; -Index: openssl-1.0.2c/crypto/md2/md2_dgst.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/md2/md2_dgst.c 2015-06-12 23:20:59.483588594 +0200 -+++ openssl-1.0.2c/crypto/md2/md2_dgst.c 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/md2/md2_dgst.c.fips openssl-1.0.2e/crypto/md2/md2_dgst.c +--- openssl-1.0.2e/crypto/md2/md2_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/md2/md2_dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -62,6 +62,11 @@ #include #include @@ -12763,10 +12696,9 @@ Index: openssl-1.0.2c/crypto/md2/md2_dgst.c { c->num = 0; memset(c->state, 0, sizeof c->state); -Index: openssl-1.0.2c/crypto/md4/md4_dgst.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/md4/md4_dgst.c 2015-06-12 23:20:59.483588594 +0200 -+++ openssl-1.0.2c/crypto/md4/md4_dgst.c 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/md4/md4_dgst.c.fips openssl-1.0.2e/crypto/md4/md4_dgst.c +--- openssl-1.0.2e/crypto/md4/md4_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/md4/md4_dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12776,10 +12708,9 @@ Index: openssl-1.0.2c/crypto/md4/md4_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2c/crypto/md5/md5_dgst.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/md5/md5_dgst.c 2015-06-12 23:20:59.483588594 +0200 -+++ openssl-1.0.2c/crypto/md5/md5_dgst.c 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/md5/md5_dgst.c.fips openssl-1.0.2e/crypto/md5/md5_dgst.c +--- openssl-1.0.2e/crypto/md5/md5_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/md5/md5_dgst.c 2015-12-04 13:55:51.969562692 +0100 @@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L @@ -12789,10 +12720,9 @@ Index: openssl-1.0.2c/crypto/md5/md5_dgst.c { memset(c, 0, sizeof(*c)); c->A = INIT_DATA_A; -Index: openssl-1.0.2c/crypto/o_fips.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/o_fips.c 2015-06-12 23:20:59.484588606 +0200 -+++ openssl-1.0.2c/crypto/o_fips.c 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/o_fips.c.fips openssl-1.0.2e/crypto/o_fips.c +--- openssl-1.0.2e/crypto/o_fips.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/o_fips.c 2015-12-04 13:55:51.970562715 +0100 @@ -80,6 +80,8 @@ int FIPS_mode_set(int r) # ifndef FIPS_AUTH_USER_PASS # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" @@ -12802,10 +12732,9 @@ Index: openssl-1.0.2c/crypto/o_fips.c if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) -Index: openssl-1.0.2c/crypto/o_init.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/o_init.c 2015-06-12 23:20:59.484588606 +0200 -+++ openssl-1.0.2c/crypto/o_init.c 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/o_init.c.fips openssl-1.0.2e/crypto/o_init.c +--- openssl-1.0.2e/crypto/o_init.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/o_init.c 2015-12-04 13:55:51.970562715 +0100 @@ -56,8 +56,37 @@ #include #include @@ -12875,10 +12804,9 @@ Index: openssl-1.0.2c/crypto/o_init.c +{ + OPENSSL_init_library(); +} -Index: openssl-1.0.2c/crypto/opensslconf.h.in -=================================================================== ---- openssl-1.0.2c.orig/crypto/opensslconf.h.in 2015-06-12 23:20:59.484588606 +0200 -+++ openssl-1.0.2c/crypto/opensslconf.h.in 2015-06-12 23:21:28.268934303 +0200 +diff -up openssl-1.0.2e/crypto/opensslconf.h.in.fips openssl-1.0.2e/crypto/opensslconf.h.in +--- openssl-1.0.2e/crypto/opensslconf.h.in.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/opensslconf.h.in 2015-12-04 13:55:51.970562715 +0100 @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ @@ -12900,10 +12828,9 @@ Index: openssl-1.0.2c/crypto/opensslconf.h.in /* Generate 80386 code? */ #undef I386_ONLY -Index: openssl-1.0.2c/crypto/rand/md_rand.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rand/md_rand.c 2015-06-12 23:20:59.484588606 +0200 -+++ openssl-1.0.2c/crypto/rand/md_rand.c 2015-06-12 23:21:28.269934315 +0200 +diff -up openssl-1.0.2e/crypto/rand/md_rand.c.fips openssl-1.0.2e/crypto/rand/md_rand.c +--- openssl-1.0.2e/crypto/rand/md_rand.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rand/md_rand.c 2015-12-04 13:55:51.970562715 +0100 @@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -12916,10 +12843,9 @@ Index: openssl-1.0.2c/crypto/rand/md_rand.c RAND_poll(); initialized = 1; } -Index: openssl-1.0.2c/crypto/rand/rand.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/rand/rand.h 2015-06-12 23:20:59.484588606 +0200 -+++ openssl-1.0.2c/crypto/rand/rand.h 2015-06-12 23:21:28.269934315 +0200 +diff -up openssl-1.0.2e/crypto/rand/rand.h.fips openssl-1.0.2e/crypto/rand/rand.h +--- openssl-1.0.2e/crypto/rand/rand.h.fips 2015-12-04 13:55:51.729557095 +0100 ++++ openssl-1.0.2e/crypto/rand/rand.h 2015-12-04 13:55:51.970562715 +0100 @@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -12960,10 +12886,9 @@ Index: openssl-1.0.2c/crypto/rand/rand.h #ifdef __cplusplus } -Index: openssl-1.0.2c/crypto/ripemd/rmd_dgst.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/ripemd/rmd_dgst.c 2015-06-12 23:20:59.484588606 +0200 -+++ openssl-1.0.2c/crypto/ripemd/rmd_dgst.c 2015-06-12 23:21:28.269934315 +0200 +diff -up openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2e/crypto/ripemd/rmd_dgst.c +--- openssl-1.0.2e/crypto/ripemd/rmd_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/ripemd/rmd_dgst.c 2015-12-04 13:55:51.970562715 +0100 @@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); #endif @@ -12973,10 +12898,9 @@ Index: openssl-1.0.2c/crypto/ripemd/rmd_dgst.c { memset(c, 0, sizeof(*c)); c->A = RIPEMD160_A; -Index: openssl-1.0.2c/crypto/rsa/rsa_crpt.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_crpt.c 2015-06-12 23:20:59.485588618 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_crpt.c 2015-06-12 23:21:28.269934315 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2e/crypto/rsa/rsa_crpt.c +--- openssl-1.0.2e/crypto/rsa/rsa_crpt.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_crpt.c 2015-12-04 13:55:51.970562715 +0100 @@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const unsigned char *to, RSA *rsa, int padding) { @@ -13003,10 +12927,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_crpt.c return -1; } #endif -Index: openssl-1.0.2c/crypto/rsa/rsa_eay.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_eay.c 2015-06-12 23:20:59.485588618 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_eay.c 2015-06-12 23:21:28.269934315 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips openssl-1.0.2e/crypto/rsa/rsa_eay.c +--- openssl-1.0.2e/crypto/rsa/rsa_eay.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_eay.c 2015-12-04 13:55:51.971562738 +0100 @@ -114,6 +114,10 @@ #include #include @@ -13129,10 +13052,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_eay.c rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; return (1); } -Index: openssl-1.0.2c/crypto/rsa/rsa_err.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_err.c 2015-06-12 23:20:59.485588618 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_err.c 2015-06-12 23:21:28.270934327 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_err.c.fips openssl-1.0.2e/crypto/rsa/rsa_err.c +--- openssl-1.0.2e/crypto/rsa/rsa_err.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_err.c 2015-12-04 13:55:51.971562738 +0100 @@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, @@ -13142,14 +13064,15 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_err.c {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, -Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_gen.c 2015-06-12 23:20:59.485588618 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_gen.c 2015-06-12 23:21:28.270934327 +0200 -@@ -69,6 +69,80 @@ +diff -up openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips openssl-1.0.2e/crypto/rsa/rsa_gen.c +--- openssl-1.0.2e/crypto/rsa/rsa_gen.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_gen.c 2015-12-04 13:55:51.971562738 +0100 +@@ -69,8 +69,80 @@ #include #ifdef OPENSSL_FIPS # include +-extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, +- BN_GENCB *cb); +# include +# include + @@ -13227,7 +13150,7 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -@@ -84,7 +158,7 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -86,7 +158,7 @@ static int rsa_builtin_keygen(RSA *rsa, int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { #ifdef OPENSSL_FIPS @@ -13236,18 +13159,18 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); return 0; -@@ -92,10 +166,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi +@@ -94,10 +166,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi #endif if (rsa->meth->rsa_keygen) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); -#ifdef OPENSSL_FIPS - if (FIPS_mode()) -- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); +- return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); -#endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } -@@ -108,6 +178,20 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -110,6 +178,20 @@ static int rsa_builtin_keygen(RSA *rsa, int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; @@ -13268,7 +13191,7 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -@@ -233,6 +317,16 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -235,6 +317,16 @@ static int rsa_builtin_keygen(RSA *rsa, if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) goto err; @@ -13285,10 +13208,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_gen.c ok = 1; err: if (ok == -1) { -Index: openssl-1.0.2c/crypto/rsa/rsa.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa.h 2015-06-12 23:20:59.486588631 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa.h 2015-06-12 23:21:28.270934327 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa.h.fips openssl-1.0.2e/crypto/rsa/rsa.h +--- openssl-1.0.2e/crypto/rsa/rsa.h.fips 2015-12-04 13:55:51.859560126 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa.h 2015-12-04 13:55:51.971562738 +0100 @@ -168,6 +168,8 @@ struct rsa_st { # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 # endif @@ -13385,10 +13307,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa.h # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -Index: openssl-1.0.2c/crypto/rsa/rsa_lib.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_lib.c 2015-06-12 23:20:59.486588631 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_lib.c 2015-06-12 23:21:28.270934327 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips openssl-1.0.2e/crypto/rsa/rsa_lib.c +--- openssl-1.0.2e/crypto/rsa/rsa_lib.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_lib.c 2015-12-04 13:55:51.971562738 +0100 @@ -84,23 +84,22 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -13461,10 +13382,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_lib.c if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) -Index: openssl-1.0.2c/crypto/rsa/rsa_pmeth.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_pmeth.c 2015-06-12 23:20:59.486588631 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_pmeth.c 2015-06-12 23:21:28.271934339 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2e/crypto/rsa/rsa_pmeth.c +--- openssl-1.0.2e/crypto/rsa/rsa_pmeth.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_pmeth.c 2015-12-04 13:55:51.972562762 +0100 @@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; @@ -13504,10 +13424,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_pmeth.c if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); -Index: openssl-1.0.2c/crypto/rsa/rsa_sign.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/rsa/rsa_sign.c 2015-06-12 23:20:59.486588631 +0200 -+++ openssl-1.0.2c/crypto/rsa/rsa_sign.c 2015-06-12 23:21:28.271934339 +0200 +diff -up openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips openssl-1.0.2e/crypto/rsa/rsa_sign.c +--- openssl-1.0.2e/crypto/rsa/rsa_sign.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/rsa/rsa_sign.c 2015-12-04 13:55:51.972562762 +0100 @@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch i2d_X509_SIG(&sig, &p); s = tmps; @@ -13546,10 +13465,9 @@ Index: openssl-1.0.2c/crypto/rsa/rsa_sign.c if (i <= 0) goto err; -Index: openssl-1.0.2c/crypto/sha/sha.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/sha/sha.h 2015-06-12 23:20:59.487588643 +0200 -+++ openssl-1.0.2c/crypto/sha/sha.h 2015-06-12 23:21:28.271934339 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha.h.fips openssl-1.0.2e/crypto/sha/sha.h +--- openssl-1.0.2e/crypto/sha/sha.h.fips 2015-12-04 13:55:51.651555276 +0100 ++++ openssl-1.0.2e/crypto/sha/sha.h 2015-12-04 13:55:51.972562762 +0100 @@ -105,9 +105,6 @@ typedef struct SHAstate_st { } SHA_CTX; @@ -13592,10 +13510,9 @@ Index: openssl-1.0.2c/crypto/sha/sha.h int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -Index: openssl-1.0.2c/crypto/sha/sha_locl.h -=================================================================== ---- openssl-1.0.2c.orig/crypto/sha/sha_locl.h 2015-06-12 23:20:59.487588643 +0200 -+++ openssl-1.0.2c/crypto/sha/sha_locl.h 2015-06-12 23:21:28.271934339 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha_locl.h.fips openssl-1.0.2e/crypto/sha/sha_locl.h +--- openssl-1.0.2e/crypto/sha/sha_locl.h.fips 2015-12-04 13:55:51.653555322 +0100 ++++ openssl-1.0.2e/crypto/sha/sha_locl.h 2015-12-04 13:55:51.972562762 +0100 @@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c #define INIT_DATA_h4 0xc3d2e1f0UL @@ -13612,10 +13529,9 @@ Index: openssl-1.0.2c/crypto/sha/sha_locl.h memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -Index: openssl-1.0.2c/crypto/sha/sha256.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/sha/sha256.c 2015-06-12 23:20:59.487588643 +0200 -+++ openssl-1.0.2c/crypto/sha/sha256.c 2015-06-12 23:21:28.272934351 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha256.c.fips openssl-1.0.2e/crypto/sha/sha256.c +--- openssl-1.0.2e/crypto/sha/sha256.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/sha/sha256.c 2015-12-04 13:55:51.972562762 +0100 @@ -12,12 +12,19 @@ # include @@ -13646,10 +13562,9 @@ Index: openssl-1.0.2c/crypto/sha/sha256.c memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -Index: openssl-1.0.2c/crypto/sha/sha512.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/sha/sha512.c 2015-06-12 23:20:59.487588643 +0200 -+++ openssl-1.0.2c/crypto/sha/sha512.c 2015-06-12 23:21:28.272934351 +0200 +diff -up openssl-1.0.2e/crypto/sha/sha512.c.fips openssl-1.0.2e/crypto/sha/sha512.c +--- openssl-1.0.2e/crypto/sha/sha512.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/sha/sha512.c 2015-12-04 13:55:51.972562762 +0100 @@ -5,6 +5,10 @@ * ==================================================================== */ @@ -13681,10 +13596,9 @@ Index: openssl-1.0.2c/crypto/sha/sha512.c c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -Index: openssl-1.0.2c/crypto/whrlpool/wp_dgst.c -=================================================================== ---- openssl-1.0.2c.orig/crypto/whrlpool/wp_dgst.c 2015-06-12 23:20:59.487588643 +0200 -+++ openssl-1.0.2c/crypto/whrlpool/wp_dgst.c 2015-06-12 23:21:28.272934351 +0200 +diff -up openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2e/crypto/whrlpool/wp_dgst.c +--- openssl-1.0.2e/crypto/whrlpool/wp_dgst.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/crypto/whrlpool/wp_dgst.c 2015-12-04 13:55:51.973562785 +0100 @@ -55,7 +55,7 @@ #include #include @@ -13694,11 +13608,10 @@ Index: openssl-1.0.2c/crypto/whrlpool/wp_dgst.c { memset(c, 0, sizeof(*c)); return (1); -Index: openssl-1.0.2c/Makefile.org -=================================================================== ---- openssl-1.0.2c.orig/Makefile.org 2015-06-12 23:20:59.488588654 +0200 -+++ openssl-1.0.2c/Makefile.org 2015-06-12 23:21:28.272934351 +0200 -@@ -136,6 +136,9 @@ FIPSCANLIB= +diff -up openssl-1.0.2e/Makefile.org.fips openssl-1.0.2e/Makefile.org +--- openssl-1.0.2e/Makefile.org.fips 2015-12-04 13:55:51.943562085 +0100 ++++ openssl-1.0.2e/Makefile.org 2015-12-04 13:55:51.973562785 +0100 +@@ -137,6 +137,9 @@ FIPSCANLIB= BASEADDR= @@ -13708,7 +13621,7 @@ Index: openssl-1.0.2c/Makefile.org DIRS= crypto ssl engines apps test tools ENGDIRS= ccgost SHLIBDIRS= crypto ssl -@@ -148,7 +151,7 @@ SDIRS= \ +@@ -149,7 +152,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ @@ -13717,7 +13630,7 @@ Index: openssl-1.0.2c/Makefile.org # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... -@@ -237,6 +240,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS +@@ -240,6 +243,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSDIR='${FIPSDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ @@ -13725,10 +13638,9 @@ Index: openssl-1.0.2c/Makefile.org THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. -Index: openssl-1.0.2c/ssl/ssl_algs.c -=================================================================== ---- openssl-1.0.2c.orig/ssl/ssl_algs.c 2015-06-12 23:20:59.488588654 +0200 -+++ openssl-1.0.2c/ssl/ssl_algs.c 2015-06-12 23:21:28.273934363 +0200 +diff -up openssl-1.0.2e/ssl/ssl_algs.c.fips openssl-1.0.2e/ssl/ssl_algs.c +--- openssl-1.0.2e/ssl/ssl_algs.c.fips 2015-12-03 15:04:23.000000000 +0100 ++++ openssl-1.0.2e/ssl/ssl_algs.c 2015-12-04 13:55:51.973562785 +0100 @@ -64,6 +64,11 @@ int SSL_library_init(void) { diff --git a/openssl-1.0.2e.tar.gz b/openssl-1.0.2e.tar.gz new file mode 100644 index 0000000..927a0fa --- /dev/null +++ b/openssl-1.0.2e.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff +size 5256555 diff --git a/openssl-1.0.2e.tar.gz.asc b/openssl-1.0.2e.tar.gz.asc new file mode 100644 index 0000000..c38537a --- /dev/null +++ b/openssl-1.0.2e.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJWYIyiAAoJENnE0m0OYESRdSwIAIlfOOvtTaKbsY1gDhM8LaAM +gC2HYR18ipcz0ZdZzNch/mGy8gpVNmBWDhWzTd5Yz0AHRFX0fpOX7QZXHozV/QaB +2LmQ9N1QbztqSq0MW+2VCX31BR79wWYHVQF4A9QT7MOwCSA3RhGfEiZiIHNNloRa +j55Dpe0CMVdpdQc2WxlUC1A8O837bwr6ruPxctneJAvHK/XyeS/ta7a4eI8UQxMS +zkBNlsuiWQRzlAqMyiAkqu9NBkuLdBhP5Gkh2D8XP/yt1KwECFJiyAc0PFXTMILi +cNG5KdPe3tN3xCgR38k4/DKRNi4F1IVoe5YE7sk7U2wmG4dc5Z/9zGCTx+2atc0= +=PIJl +-----END PGP SIGNATURE----- diff --git a/openssl-ocloexec.patch b/openssl-ocloexec.patch index 9072131..78ca5b2 100644 --- a/openssl-ocloexec.patch +++ b/openssl-ocloexec.patch @@ -1,7 +1,7 @@ Index: crypto/bio/b_sock.c =================================================================== ---- crypto/bio/b_sock.c.orig 2015-05-29 11:54:57.219659682 +0200 -+++ crypto/bio/b_sock.c 2015-05-29 11:56:47.059884761 +0200 +--- crypto/bio/b_sock.c.orig 2015-12-05 00:04:11.291027369 +0100 ++++ crypto/bio/b_sock.c 2015-12-05 00:04:13.283055286 +0100 @@ -723,7 +723,7 @@ int BIO_get_accept_socket(char *host, in } @@ -31,8 +31,8 @@ Index: crypto/bio/b_sock.c sa.len.i = (int)sa.len.s; Index: crypto/bio/bss_conn.c =================================================================== ---- crypto/bio/bss_conn.c.orig 2015-05-29 11:54:57.219659682 +0200 -+++ crypto/bio/bss_conn.c 2015-05-29 11:57:45.668538446 +0200 +--- crypto/bio/bss_conn.c.orig 2015-12-05 00:04:11.291027369 +0100 ++++ crypto/bio/bss_conn.c 2015-12-05 00:04:13.283055286 +0100 @@ -195,7 +195,7 @@ static int conn_state(BIO *b, BIO_CONNEC c->them.sin_addr.s_addr = htonl(l); c->state = BIO_CONN_S_CREATE_SOCKET; @@ -44,9 +44,9 @@ Index: crypto/bio/bss_conn.c ERR_add_error_data(4, "host=", c->param_hostname, Index: crypto/bio/bss_dgram.c =================================================================== ---- crypto/bio/bss_dgram.c.orig 2015-05-29 11:54:57.221659705 +0200 -+++ crypto/bio/bss_dgram.c 2015-05-29 13:29:42.463696425 +0200 -@@ -1176,7 +1176,7 @@ static int dgram_sctp_read(BIO *b, char +--- crypto/bio/bss_dgram.c.orig 2015-12-05 00:04:11.292027383 +0100 ++++ crypto/bio/bss_dgram.c 2015-12-05 00:04:13.284055300 +0100 +@@ -1177,7 +1177,7 @@ static int dgram_sctp_read(BIO *b, char msg.msg_control = cmsgbuf; msg.msg_controllen = 512; msg.msg_flags = 0; @@ -55,7 +55,7 @@ Index: crypto/bio/bss_dgram.c if (n <= 0) { if (n < 0) -@@ -1801,7 +1801,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1802,7 +1802,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -64,7 +64,7 @@ Index: crypto/bio/bss_dgram.c if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1823,7 +1823,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1824,7 +1824,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) msg.msg_controllen = 0; msg.msg_flags = 0; @@ -73,7 +73,7 @@ Index: crypto/bio/bss_dgram.c if (n <= 0) { if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK)) -@@ -1888,7 +1888,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) +@@ -1889,7 +1889,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) fcntl(b->num, F_SETFL, O_NONBLOCK); } @@ -82,7 +82,7 @@ Index: crypto/bio/bss_dgram.c if (is_dry) { fcntl(b->num, F_SETFL, sockflags); -@@ -1930,7 +1930,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1931,7 +1931,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) sockflags = fcntl(b->num, F_GETFL, 0); fcntl(b->num, F_SETFL, O_NONBLOCK); @@ -91,7 +91,7 @@ Index: crypto/bio/bss_dgram.c fcntl(b->num, F_SETFL, sockflags); /* if notification, process and try again */ -@@ -1950,7 +1950,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) +@@ -1951,7 +1951,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_flags = 0; @@ -102,11 +102,11 @@ Index: crypto/bio/bss_dgram.c data->handle_notifications(b, data->notification_context, Index: crypto/bio/bss_file.c =================================================================== ---- crypto/bio/bss_file.c.orig 2015-05-29 11:54:57.221659705 +0200 -+++ crypto/bio/bss_file.c 2015-05-29 13:33:08.553070567 +0200 -@@ -119,6 +119,10 @@ BIO *BIO_new_file(const char *filename, +--- crypto/bio/bss_file.c.orig 2015-12-05 00:04:11.292027383 +0100 ++++ crypto/bio/bss_file.c 2015-12-05 00:04:49.780566910 +0100 +@@ -118,6 +118,10 @@ static BIO_METHOD methods_filep = { + static FILE *file_fopen(const char *filename, const char *mode) { - BIO *ret; FILE *file = NULL; + size_t modelen = strlen (mode); + char newmode[modelen + 2]; @@ -115,16 +115,16 @@ Index: crypto/bio/bss_file.c # if defined(_WIN32) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename) + 1; -@@ -162,7 +166,7 @@ BIO *BIO_new_file(const char *filename, +@@ -161,7 +165,7 @@ static FILE *file_fopen(const char *file file = fopen(filename, mode); } # else - file = fopen(filename, mode); + file = fopen(filename, newmode); # endif - if (file == NULL) { - SYSerr(SYS_F_FOPEN, get_last_sys_error()); -@@ -275,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b + return (file); + } +@@ -282,7 +286,7 @@ static long MS_CALLBACK file_ctrl(BIO *b long ret = 1; FILE *fp = (FILE *)b->ptr; FILE **fpp; @@ -133,18 +133,18 @@ Index: crypto/bio/bss_file.c switch (cmd) { case BIO_C_FILE_SEEK: -@@ -386,6 +390,7 @@ static long MS_CALLBACK file_ctrl(BIO *b +@@ -393,6 +397,7 @@ static long MS_CALLBACK file_ctrl(BIO *b else strcat(p, "t"); # endif + strcat(p, "e"); - fp = fopen(ptr, p); + fp = file_fopen(ptr, p); if (fp == NULL) { SYSerr(SYS_F_FOPEN, get_last_sys_error()); Index: crypto/rand/rand_unix.c =================================================================== ---- crypto/rand/rand_unix.c.orig 2015-05-29 11:54:57.222659716 +0200 -+++ crypto/rand/rand_unix.c 2015-05-29 13:36:11.270174218 +0200 +--- crypto/rand/rand_unix.c.orig 2015-12-05 00:04:11.292027383 +0100 ++++ crypto/rand/rand_unix.c 2015-12-05 00:04:13.285055314 +0100 @@ -269,7 +269,7 @@ int RAND_poll(void) for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && @@ -156,8 +156,8 @@ Index: crypto/rand/rand_unix.c # endif Index: crypto/rand/randfile.c =================================================================== ---- crypto/rand/randfile.c.orig 2015-05-29 11:54:57.222659716 +0200 -+++ crypto/rand/randfile.c 2015-05-29 13:37:38.156170674 +0200 +--- crypto/rand/randfile.c.orig 2015-12-05 00:04:11.293027397 +0100 ++++ crypto/rand/randfile.c 2015-12-05 00:04:13.285055314 +0100 @@ -147,7 +147,7 @@ int RAND_load_file(const char *file, lon #ifdef OPENSSL_SYS_VMS in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); diff --git a/openssl.changes b/openssl.changes index 9e58e34..74e95eb 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Fri Dec 4 23:06:18 UTC 2015 - vcizek@suse.com + +- update to 1.0.2e + * fixes five security vulnerabilities + * Anon DH ServerKeyExchange with 0 p parameter + (CVE-2015-1794) (bsc#957984) + * BN_mod_exp may produce incorrect results on x86_64 + (CVE-2015-3193) (bsc#957814) + * Certificate verify crash with missing PSS parameter + (CVE-2015-3194) (bsc#957815) + * X509_ATTRIBUTE memory leak + (CVE-2015-3195) (bsc#957812) + * Race condition handling PSK identify hint + (CVE-2015-3196) (bsc#957813) +- pulled a refreshed fips patch from Fedora + * openssl-1.0.2a-fips.patch was replaced by + openssl-1.0.2e-fips.patch +- refresh openssl-ocloexec.patch + ------------------------------------------------------------------- Thu Jul 9 13:32:34 UTC 2015 - vcizek@suse.com diff --git a/openssl.spec b/openssl.spec index 91270a0..8b27526 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ Provides: ssl %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.2d +Version: 1.0.2e Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -62,7 +62,7 @@ Patch10: openssl-pkgconfig.patch Patch13: openssl-1.0.2a-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch # FIPS patches: -Patch15: openssl-1.0.2a-fips.patch +Patch15: openssl-1.0.2e-fips.patch Patch16: openssl-1.0.2a-fips-ec.patch Patch17: openssl-1.0.2a-fips-ctor.patch Patch18: openssl-1.0.2a-new-fips-reqs.patch