From f6a62c4c2ca8d8156e978be92921ad45ee05b8ad Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Sep 13 2019 15:25:44 +0000 Subject: update to the 1.1.1d release --- diff --git a/.gitignore b/.gitignore index a3a6054..f5aac5a 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.1a-hobbled.tar.xz /openssl-1.1.1b-hobbled.tar.xz /openssl-1.1.1c-hobbled.tar.xz +/openssl-1.1.1d-hobbled.tar.xz diff --git a/ec_curve.c b/ec_curve.c index 58f8f3f..342765a 100644 --- a/ec_curve.c +++ b/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -468,3 +468,115 @@ int EC_curve_nist2nid(const char *name) } return NID_undef; } + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const EC_METHOD *meth; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + meth = EC_GROUP_method_of(group); + if (meth == NULL) + return -1; + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_METHOD_get_field_type(meth); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/ectest.c b/ectest.c index 53adf88..ef4e6b9 100644 --- a/ectest.c +++ b/ectest.c @@ -844,6 +844,271 @@ static const unsigned char p521_explicit[] = { 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, }; +/* + * Sometime we cannot compare nids for equality, as the built-in curve table + * includes aliases with different names for the same curve. + * + * This function returns TRUE (1) if the checked nids are identical, or if they + * alias to the same curve. FALSE (0) otherwise. + */ +static ossl_inline +int are_ec_nids_compatible(int n1d, int n2d) +{ + int ret = 0; + switch (n1d) { +# ifndef OPENSSL_NO_EC2M + case NID_sect113r1: + case NID_wap_wsg_idm_ecid_wtls4: + ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); + break; + case NID_sect163k1: + case NID_wap_wsg_idm_ecid_wtls3: + ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); + break; + case NID_sect233k1: + case NID_wap_wsg_idm_ecid_wtls10: + ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); + break; + case NID_sect233r1: + case NID_wap_wsg_idm_ecid_wtls11: + ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); + break; + case NID_X9_62_c2pnb163v1: + case NID_wap_wsg_idm_ecid_wtls5: + ret = (n2d == NID_X9_62_c2pnb163v1 + || n2d == NID_wap_wsg_idm_ecid_wtls5); + break; +# endif /* OPENSSL_NO_EC2M */ + case NID_secp112r1: + case NID_wap_wsg_idm_ecid_wtls6: + ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); + break; + case NID_secp160r2: + case NID_wap_wsg_idm_ecid_wtls7: + ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); + break; +# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 + case NID_secp224r1: + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); + break; +# else + /* + * For SEC P-224 we want to ensure that the SECP nid is returned, as + * that is associated with a specialized method. + */ + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1); + break; +# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + default: + ret = (n1d == n2d); + } + return ret; +} + +/* + * This checks that EC_GROUP_bew_from_ecparameters() returns a "named" + * EC_GROUP for built-in curves. + * + * Note that it is possible to retrieve an alternative alias that does not match + * the original nid. + * + * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. + */ +static int check_named_curve_from_ecparameters(int id) +{ + int ret = 0, nid, tnid; + EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_gen_x = NULL, *other_gen_y = NULL; + const BIGNUM *group_order = NULL; + BIGNUM *other_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + ECPARAMETERS *params = NULL, *other_params = NULL; + EC_GROUP *g_ary[8] = {NULL}; + EC_GROUP **g_next = &g_ary[0]; + ECPARAMETERS *p_ary[8] = {NULL}; + ECPARAMETERS **p_next = &p_ary[0]; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(bn_ctx = BN_CTX_new())) + return ret; + BN_CTX_start(bn_ctx); + + if (/* Allocations */ + !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_order = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx)) + /* Generate reference group and params */ + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + /* compute `other_*` values */ + || !TEST_ptr(tmpg = EC_GROUP_dup(group)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, + other_gen_x, other_gen_y, bn_ctx)) + || !TEST_true(BN_copy(other_order, group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_true(BN_copy(other_cofactor, group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + EC_POINT_free(other_gen); + other_gen = NULL; + + if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) + || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, + other_gen_x, other_gen_y, + bn_ctx))) + goto err; + + /* + * ########################### + * # Actual tests start here # + * ########################### + */ + + /* + * Creating a group from built-in explicit parameters returns a + * "named" EC_GROUP + */ + if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)) + goto err; + /* + * We cannot always guarantee the names match, as the built-in table + * contains aliases for the same curve with different names. + */ + if (!TEST_true(are_ec_nids_compatible(nid, tnid))) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */ + if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + /* + * An invalid seed in the parameters should be ignored: expect a "named" + * group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), + invalid_seed_len) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * A null seed in the parameters should be ignored, as it is optional: + * expect a "named" group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * Check that changing any of the generator parameters does not yield a + * match with the built-in curves + */ + if (/* Other gen, same group order & cofactor */ + !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* Same gen & cofactor, different order */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, + group_cofactor)) + /* Check that a wrong cofactor is ignored, and we still match */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + other_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* Check that if the cofactor is not set then it still matches */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + NULL)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + ret = 1; +err: + for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++) + EC_GROUP_free(*g_next); + for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++) + ECPARAMETERS_free(*p_next); + ECPARAMETERS_free(params); + EC_POINT_free(other_gen); + EC_GROUP_free(tmpg); + EC_GROUP_free(group); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + return ret; +} + static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; @@ -886,6 +1151,179 @@ err: OPENSSL_free(buf); return r; } + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) + * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit) + */ +static const unsigned char params_cf_pass[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc, + 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27, + 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23, + 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77, + 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b, + 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4, + 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9, + 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a, + 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c, + 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96, + 0x14, 0xa8, 0x2f, 0x4f +}; + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit) + * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit) + */ +static const unsigned char params_cf_fail[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09, + 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d, + 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02, + 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59, + 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11, + 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24, + 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70, + 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73, + 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04, + 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e, + 0x34, 0xa2, 0x21, 0x01 +}; + +/*- + * Test two random 256-bit explicit parameters curves with absent cofactor. + * The two curves are chosen to roughly straddle the bounds at which the lib + * can compute the cofactor automatically, roughly 4*sqrt(p). So test that: + * + * - params_cf_pass: order is sufficiently close to p to compute cofactor + * - params_cf_fail: order is too far away from p to compute cofactor + * + * For standards-compliant curves, cofactor is chosen as small as possible. + * So you can see neither of these curves are fit for cryptographic use. + * + * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2: + * h <= 2**(t/8) where t is the security level of the curve, for which the lib + * will always succeed in computing the cofactor. Neither of these curves + * conform to that -- this is just robustness testing. + */ +static int cofactor_range_test(void) +{ + EC_GROUP *group = NULL; + BIGNUM *cf = NULL; + int ret = 0; + const unsigned char *b1 = (const unsigned char *)params_cf_fail; + const unsigned char *b2 = (const unsigned char *)params_cf_pass; + + if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) + || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) + || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, + sizeof(params_cf_pass))) + || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) + || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) + goto err; + ret = 1; + err: + BN_free(cf); + EC_GROUP_free(group); + return ret; +} + +/*- + * For named curves, test that: + * - the lib correctly computes the cofactor if passed a NULL or zero cofactor + * - a nonsensical cofactor throws an error (negative test) + * - nonsensical orders throw errors (negative tests) + */ +static int cardinality_test(int n) +{ + int ret = 0; + int nid = curves[n].nid; + BN_CTX *ctx = NULL; + EC_GROUP *g1 = NULL, *g2 = NULL; + EC_POINT *g2_gen = NULL; + BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, + *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; + + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(g2 = EC_GROUP_new(EC_GROUP_method_of(g1)))) { + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_free(ctx); + return 0; + } + + BN_CTX_start(ctx); + g1_p = BN_CTX_get(ctx); + g1_a = BN_CTX_get(ctx); + g1_b = BN_CTX_get(ctx); + g1_x = BN_CTX_get(ctx); + g1_y = BN_CTX_get(ctx); + g1_order = BN_CTX_get(ctx); + g1_cf = BN_CTX_get(ctx); + + if (!TEST_ptr(g2_cf = BN_CTX_get(ctx)) + /* pull out the explicit curve parameters */ + || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(g1, + EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) + || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) + || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) + /* construct g2 manually with g1 parameters */ + || !TEST_true(EC_GROUP_set_curve(g2, g1_p, g1_a, g1_b, ctx)) + || !TEST_ptr(g2_gen = EC_POINT_new(g2)) + || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) + /* pass NULL cofactor: lib should compute it */ + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* pass zero cofactor: lib should compute it */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* negative test for invalid cofactor */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + /* negative test for NULL order */ + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) + /* negative test for zero order */ + || !TEST_true(BN_set_word(g1_order, 0)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for negative order */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for too large order */ + || !TEST_true(BN_lshift(g1_order, g1_p, 2)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) + goto err; + ret = 1; + err: + EC_POINT_free(g2_gen); + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} #endif int setup_tests(void) @@ -897,6 +1335,8 @@ int setup_tests(void) return 0; ADD_TEST(parameter_test); + ADD_TEST(cofactor_range_test); + ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M ADD_TEST(char2_field_tests); @@ -908,7 +1348,9 @@ int setup_tests(void) # endif ADD_ALL_TESTS(internal_curve_test, crv_len); ADD_ALL_TESTS(internal_curve_test_method, crv_len); -#endif + + ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); +#endif /* OPENSSL_NO_EC */ return 1; } diff --git a/openssl-1.1.0-no-html.patch b/openssl-1.1.0-no-html.patch deleted file mode 100644 index f6a941e..0000000 --- a/openssl-1.1.0-no-html.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200 -+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200 -@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi - - uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev - --install_docs: install_man_docs install_html_docs -+install_docs: install_man_docs - - uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r -v $(DESTDIR)$(DOCDIR) diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch index 6a73a61..b25dffb 100644 --- a/openssl-1.1.1-evp-kdf.patch +++ b/openssl-1.1.1-evp-kdf.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err/openssl.txt ---- openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/err/openssl.txt 2019-02-28 13:05:05.651521474 +0100 -@@ -743,6 +743,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn +diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err/openssl.txt +--- openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/err/openssl.txt 2019-09-13 15:45:01.723001323 +0200 +@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate @@ -11,7 +11,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex EVP_F_EVP_MD_SIZE:162:EVP_MD_size EVP_F_EVP_OPENINIT:102:EVP_OpenInit -@@ -805,11 +808,30 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k +@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen @@ -19,6 +19,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth EVP_F_RC5_CTRL:125:rc5_ctrl + EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl +EVP_F_SCRYPT_ALG:228:scrypt_alg EVP_F_UPDATE:173:update @@ -42,7 +43,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init -@@ -821,6 +843,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc +@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init @@ -50,7 +51,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid -@@ -2264,6 +2287,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on +@@ -2273,6 +2296,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized @@ -58,7 +59,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ -@@ -2299,6 +2323,7 @@ KDF_R_MISSING_SEED:106:missing seed +@@ -2309,6 +2333,7 @@ KDF_R_MISSING_SEED:106:missing seed KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type KDF_R_VALUE_ERROR:108:value error KDF_R_VALUE_MISSING:102:value missing @@ -66,9 +67,9 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err OBJ_R_OID_EXISTS:102:oid exists OBJ_R_UNKNOWN_NID:101:unknown nid OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error -diff -up openssl-1.1.1b/crypto/evp/build.info.evp-kdf openssl-1.1.1b/crypto/evp/build.info ---- openssl-1.1.1b/crypto/evp/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/build.info 2019-02-28 13:05:05.651521474 +0100 +diff -up openssl-1.1.1d/crypto/evp/build.info.evp-kdf openssl-1.1.1d/crypto/evp/build.info +--- openssl-1.1.1d/crypto/evp/build.info.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/build.info 2019-09-13 15:39:20.268982830 +0200 @@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -79,9 +80,9 @@ diff -up openssl-1.1.1b/crypto/evp/build.info.evp-kdf openssl-1.1.1b/crypto/evp/ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c cmeth_lib.c -diff -up openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c ---- openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c 2019-02-28 13:05:05.651521474 +0100 +diff -up openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c +--- openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c 2019-09-13 15:39:20.268982830 +0200 @@ -14,8 +14,8 @@ # include @@ -92,9 +93,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1b/ # include "internal/chacha.h" typedef struct { -diff -up openssl-1.1.1b/crypto/evp/encode.c.evp-kdf openssl-1.1.1b/crypto/evp/encode.c ---- openssl-1.1.1b/crypto/evp/encode.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/encode.c 2019-02-28 13:05:05.651521474 +0100 +diff -up openssl-1.1.1d/crypto/evp/encode.c.evp-kdf openssl-1.1.1d/crypto/evp/encode.c +--- openssl-1.1.1d/crypto/evp/encode.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/encode.c 2019-09-13 15:39:20.268982830 +0200 @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" @@ -105,18 +106,10 @@ diff -up openssl-1.1.1b/crypto/evp/encode.c.evp-kdf openssl-1.1.1b/crypto/evp/en static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); -diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_err.c ---- openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf 2019-02-28 13:05:05.617522103 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-02-28 13:05:05.651521474 +0100 -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -56,6 +56,9 @@ static const ERR_STRING_DATA EVP_str_fun +diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/evp_err.c +--- openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf 2019-09-13 15:39:20.226983569 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-13 15:44:00.070076961 +0200 +@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), "EVP_EncryptFinal_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, @@ -126,7 +119,7 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/e {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, -@@ -147,10 +150,12 @@ static const ERR_STRING_DATA EVP_str_fun +@@ -151,12 +154,14 @@ static const ERR_STRING_DATA EVP_str_fun "PKCS5_v2_PBKDF2_keyivgen"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), "PKCS5_v2_scrypt_keyivgen"}, @@ -134,12 +127,14 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/e {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), + "r_32_12_16_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} }; -@@ -233,6 +238,8 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -240,6 +245,8 @@ static const ERR_STRING_DATA EVP_str_rea "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, @@ -148,9 +143,9 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/e {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, -diff -up openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1b/crypto/evp/evp_locl.h ---- openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf 2019-02-28 13:05:05.253528831 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_locl.h 2019-02-28 13:05:05.652521456 +0100 +diff -up openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1d/crypto/evp/evp_locl.h +--- openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf 2019-09-13 15:39:19.820990718 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_locl.h 2019-09-13 15:39:24.144914578 +0200 @@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ } /* EVP_CIPHER_CTX */ ; @@ -163,9 +158,9 @@ diff -up openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1b/crypto/evp/ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, -diff -up openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_pbe.c ---- openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_pbe.c 2019-02-28 13:05:05.652521456 +0100 +diff -up openssl-1.1.1d/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1d/crypto/evp/evp_pbe.c +--- openssl-1.1.1d/crypto/evp/evp_pbe.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_pbe.c 2019-09-13 15:39:24.145914561 +0200 @@ -12,6 +12,7 @@ #include #include @@ -174,9 +169,9 @@ diff -up openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1b/crypto/evp/e #include "evp_locl.h" /* Password based encryption (PBE) functions */ -diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/kdf_lib.c ---- openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf 2019-02-28 13:05:05.652521456 +0100 -+++ openssl-1.1.1b/crypto/evp/kdf_lib.c 2019-02-28 13:05:05.652521456 +0100 +diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/kdf_lib.c +--- openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf 2019-09-13 15:39:24.146914543 +0200 ++++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2019-09-13 15:39:24.146914543 +0200 @@ -0,0 +1,165 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -343,9 +338,9 @@ diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/k + return ctx->kmeth->derive(ctx->impl, key, keylen); +} + -diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/p5_crpt2.c ---- openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/p5_crpt2.c 2019-02-28 13:05:05.652521456 +0100 +diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/p5_crpt2.c +--- openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/p5_crpt2.c 2019-09-13 15:39:24.147914525 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. @@ -494,9 +489,9 @@ diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/ } int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/evp/pbe_scrypt.c ---- openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/pbe_scrypt.c 2019-02-28 13:33:18.446264056 +0100 +diff -up openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1d/crypto/evp/pbe_scrypt.c +--- openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c 2019-09-13 15:39:24.150914473 +0200 @@ -7,135 +7,12 @@ * https://www.openssl.org/source/license.html */ @@ -682,9 +677,11 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev - */ - if (Blen > INT_MAX) { - EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -- return 0; -- } -- ++ if (r > UINT32_MAX || p > UINT32_MAX) { ++ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); + return 0; + } + - /* - * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t - * This is combined size V, X and T (section 4) @@ -692,21 +689,18 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev - i = UINT64_MAX / (32 * sizeof(uint32_t)); - if (N + 2 > i / r) { - EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); -+ if (r > UINT32_MAX || p > UINT32_MAX) { -+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); - return 0; +- return 0; ++ /* Maintain existing behaviour. */ ++ if (pass == NULL) { ++ pass = empty; ++ passlen = 0; } - Vlen = 32 * r * (N + 2) * sizeof(uint32_t); - +- - /* check total allocated size fits in uint64_t */ - if (Blen > UINT64_MAX - Vlen) { - EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); - return 0; -+ /* Maintain existing behaviour. */ -+ if (pass == NULL) { -+ pass = empty; -+ passlen = 0; -+ } + if (salt == NULL) { + salt = (const unsigned char *)empty; + saltlen = 0; @@ -768,9 +762,9 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev } + #endif -diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/pkey_kdf.c ---- openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf 2019-02-28 13:05:05.653521437 +0100 -+++ openssl-1.1.1b/crypto/evp/pkey_kdf.c 2019-02-28 13:05:05.653521437 +0100 +diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/pkey_kdf.c +--- openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf 2019-09-13 15:39:24.154914402 +0200 ++++ openssl-1.1.1d/crypto/evp/pkey_kdf.c 2019-09-13 15:39:24.154914402 +0200 @@ -0,0 +1,255 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1027,9 +1021,9 @@ diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/ + pkey_kdf_ctrl_str +}; + -diff -up openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1b/crypto/include/internal/evp_int.h ---- openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf 2019-02-28 13:05:05.304527888 +0100 -+++ openssl-1.1.1b/crypto/include/internal/evp_int.h 2019-02-28 13:05:05.653521437 +0100 +diff -up openssl-1.1.1d/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1d/crypto/include/internal/evp_int.h +--- openssl-1.1.1d/crypto/include/internal/evp_int.h.evp-kdf 2019-09-13 15:39:19.873989785 +0200 ++++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2019-09-13 15:39:24.155914384 +0200 @@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m extern const EVP_PKEY_METHOD poly1305_pkey_meth; extern const EVP_PKEY_METHOD siphash_pkey_meth; @@ -1055,17 +1049,17 @@ diff -up openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1b struct evp_md_st { int type; int pkey_type; -diff -up openssl-1.1.1b/crypto/kdf/build.info.evp-kdf openssl-1.1.1b/crypto/kdf/build.info ---- openssl-1.1.1b/crypto/kdf/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/kdf/build.info 2019-02-28 13:05:05.653521437 +0100 +diff -up openssl-1.1.1d/crypto/kdf/build.info.evp-kdf openssl-1.1.1d/crypto/kdf/build.info +--- openssl-1.1.1d/crypto/kdf/build.info.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/kdf/build.info 2019-09-13 15:39:24.156914367 +0200 @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - tls1_prf.c kdf_err.c hkdf.c scrypt.c + tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c -diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf.c ---- openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/kdf/hkdf.c 2019-02-28 13:05:05.653521437 +0100 +diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf.c +--- openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/kdf/hkdf.c 2019-09-13 15:39:24.158914332 +0200 @@ -8,32 +8,33 @@ */ @@ -1532,9 +1526,9 @@ diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf err: OPENSSL_cleanse(prev, sizeof(prev)); -diff -up openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_err.c ---- openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/kdf/kdf_err.c 2019-02-28 13:05:05.654521419 +0100 +diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_err.c +--- openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2019-09-13 15:39:24.159914314 +0200 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT @@ -1590,9 +1584,9 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1b/crypto/kdf/k {0, NULL} }; -diff -up openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_local.h ---- openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf 2019-02-28 13:05:05.654521419 +0100 -+++ openssl-1.1.1b/crypto/kdf/kdf_local.h 2019-02-28 13:05:05.654521419 +0100 +diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_local.h +--- openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf 2019-09-13 15:39:24.160914297 +0200 ++++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2019-09-13 15:39:24.160914297 +0200 @@ -0,0 +1,22 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1616,9 +1610,9 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1b/crypto/kdf + int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), + int cmd, const char *md_name); + -diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_util.c ---- openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100 -+++ openssl-1.1.1b/crypto/kdf/kdf_util.c 2019-02-28 13:05:05.654521419 +0100 +diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_util.c +--- openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf 2019-09-13 15:39:24.161914279 +0200 ++++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2019-09-13 15:39:24.160914297 +0200 @@ -0,0 +1,73 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1693,9 +1687,9 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/ + return call_ctrl(ctrl, impl, cmd, md); +} + -diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pbkdf2.c ---- openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100 -+++ openssl-1.1.1b/crypto/kdf/pbkdf2.c 2019-02-28 13:05:05.654521419 +0100 +diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pbkdf2.c +--- openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf 2019-09-13 15:39:24.162914261 +0200 ++++ openssl-1.1.1d/crypto/kdf/pbkdf2.c 2019-09-13 15:39:24.162914261 +0200 @@ -0,0 +1,264 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1961,9 +1955,9 @@ diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pb + HMAC_CTX_free(hctx_tpl); + return ret; +} -diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/scrypt.c ---- openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/kdf/scrypt.c 2019-02-28 13:05:05.655521400 +0100 +diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/scrypt.c +--- openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/kdf/scrypt.c 2019-09-13 15:39:24.164914226 +0200 @@ -8,25 +8,34 @@ */ @@ -2552,9 +2546,9 @@ diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/sc +} #endif -diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/tls1_prf.c ---- openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/kdf/tls1_prf.c 2019-02-28 13:05:05.655521400 +0100 +diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/tls1_prf.c +--- openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/kdf/tls1_prf.c 2019-09-13 15:39:24.167914173 +0200 @@ -8,11 +8,15 @@ */ @@ -2838,9 +2832,9 @@ diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/ OPENSSL_clear_free(tmp, olen); return 0; } -diff -up openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod ---- openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 -+++ openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod 2019-02-28 13:05:05.655521400 +0100 +diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod +--- openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2019-09-13 15:39:24.169914138 +0200 ++++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2019-09-13 15:39:24.169914138 +0200 @@ -0,0 +1,217 @@ +=pod + @@ -3059,9 +3053,9 @@ diff -up openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1b/doc/man3 +L. + +=cut -diff -up openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod ---- openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 -+++ openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod 2019-02-28 13:05:05.656521382 +0100 +diff -up openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod +--- openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2019-09-13 15:39:24.171914103 +0200 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod 2019-09-13 15:39:24.171914103 +0200 @@ -0,0 +1,180 @@ +=pod + @@ -3243,9 +3237,9 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1b/doc/man +L. + +=cut -diff -up openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod ---- openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 -+++ openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod 2019-02-28 13:05:05.656521382 +0100 +diff -up openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod +--- openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2019-09-13 15:39:24.172914085 +0200 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod 2019-09-13 15:39:24.172914085 +0200 @@ -0,0 +1,78 @@ +=pod + @@ -3325,9 +3319,9 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1b/doc/m +L. + +=cut -diff -up openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod ---- openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 -+++ openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod 2019-02-28 13:05:05.656521382 +0100 +diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod +--- openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2019-09-13 15:39:24.173914068 +0200 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod 2019-09-13 15:39:24.173914068 +0200 @@ -0,0 +1,149 @@ +=pod + @@ -3478,9 +3472,9 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1b/doc/m +L. + +=cut -diff -up openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod ---- openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100 -+++ openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-02-28 13:05:05.656521382 +0100 +diff -up openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod +--- openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2019-09-13 15:39:24.174914050 +0200 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-09-13 15:39:24.174914050 +0200 @@ -0,0 +1,142 @@ +=pod + @@ -3624,18 +3618,10 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1b/doc +L. + +=cut -diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/openssl/evperr.h ---- openssl-1.1.1b/include/openssl/evperr.h.evp-kdf 2019-02-28 13:05:05.633521807 +0100 -+++ openssl-1.1.1b/include/openssl/evperr.h 2019-02-28 13:05:05.657521363 +0100 -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -51,6 +51,9 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/openssl/evperr.h +--- openssl-1.1.1d/include/openssl/evperr.h.evp-kdf 2019-09-13 15:39:20.242983287 +0200 ++++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-13 15:42:42.818424742 +0200 +@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 167 @@ -3645,7 +3631,7 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/ # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 -@@ -113,10 +116,12 @@ int ERR_load_EVP_strings(void); +@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 @@ -3653,12 +3639,13 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/ # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 # define EVP_F_RC5_CTRL 125 + # define EVP_F_R_32_12_16_INIT_KEY 242 # define EVP_F_S390X_AES_GCM_CTRL 201 +# define EVP_F_SCRYPT_ALG 228 # define EVP_F_UPDATE 173 /* -@@ -171,6 +176,7 @@ int ERR_load_EVP_strings(void); +@@ -180,6 +185,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 @@ -3666,18 +3653,10 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/ # define EVP_R_PARTIALLY_OVERLAPPING 162 # define EVP_R_PBKDF2_ERROR 181 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 -diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/openssl/kdferr.h ---- openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/kdferr.h 2019-02-28 13:05:05.657521363 +0100 -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -19,6 +19,23 @@ int ERR_load_KDF_strings(void); +diff -up openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf openssl-1.1.1d/include/openssl/kdferr.h +--- openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/kdferr.h 2019-09-13 15:39:34.856725957 +0200 +@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void); /* * KDF function codes. */ @@ -3701,7 +3680,7 @@ diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/ # define KDF_F_PKEY_HKDF_CTRL_STR 103 # define KDF_F_PKEY_HKDF_DERIVE 102 # define KDF_F_PKEY_HKDF_INIT 108 -@@ -30,6 +47,7 @@ int ERR_load_KDF_strings(void); +@@ -34,6 +51,7 @@ int ERR_load_KDF_strings(void); # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 # define KDF_F_PKEY_TLS1_PRF_INIT 110 @@ -3709,16 +3688,16 @@ diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/ # define KDF_F_TLS1_PRF_ALG 111 /* -@@ -47,5 +65,6 @@ int ERR_load_KDF_strings(void); +@@ -51,5 +69,6 @@ int ERR_load_KDF_strings(void); # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 # define KDF_R_VALUE_ERROR 108 # define KDF_R_VALUE_MISSING 102 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 #endif -diff -up openssl-1.1.1b/include/openssl/kdf.h.evp-kdf openssl-1.1.1b/include/openssl/kdf.h ---- openssl-1.1.1b/include/openssl/kdf.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/kdf.h 2019-02-28 13:05:05.657521363 +0100 +diff -up openssl-1.1.1d/include/openssl/kdf.h.evp-kdf openssl-1.1.1d/include/openssl/kdf.h +--- openssl-1.1.1d/include/openssl/kdf.h.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/kdf.h 2019-09-13 15:39:34.857725939 +0200 @@ -10,10 +10,50 @@ #ifndef HEADER_KDF_H # define HEADER_KDF_H @@ -3797,9 +3776,9 @@ diff -up openssl-1.1.1b/include/openssl/kdf.h.evp-kdf openssl-1.1.1b/include/ope } # endif #endif -diff -up openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1b/include/openssl/ossl_typ.h ---- openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/ossl_typ.h 2019-02-28 13:05:05.657521363 +0100 +diff -up openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1d/include/openssl/ossl_typ.h +--- openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/ossl_typ.h 2019-09-13 15:39:34.858725922 +0200 @@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; @@ -3809,10 +3788,10 @@ diff -up openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1b/includ typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; -diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info ---- openssl-1.1.1b/test/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/build.info 2019-02-28 13:05:05.657521363 +0100 -@@ -43,7 +43,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I +diff -up openssl-1.1.1d/test/build.info.evp-kdf openssl-1.1.1d/test/build.info +--- openssl-1.1.1d/test/build.info.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/build.info 2019-09-13 15:39:34.861725869 +0200 +@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ @@ -3822,7 +3801,7 @@ diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info asn1_encode_test asn1_decode_test asn1_string_table_test \ x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ recordlentest drbgtest sslbuffertest \ -@@ -335,6 +336,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I +@@ -336,6 +337,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I INCLUDE[pkey_meth_kdf_test]=../include DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a @@ -3833,9 +3812,9 @@ diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info SOURCE[x509_time_test]=x509_time_test.c INCLUDE[x509_time_test]=../include DEPEND[x509_time_test]=../libcrypto libtestutil.a -diff -up openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf openssl-1.1.1b/test/evp_kdf_test.c ---- openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf 2019-02-28 13:05:05.658521345 +0100 -+++ openssl-1.1.1b/test/evp_kdf_test.c 2019-02-28 13:05:05.658521345 +0100 +diff -up openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf openssl-1.1.1d/test/evp_kdf_test.c +--- openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf 2019-09-13 15:39:34.862725851 +0200 ++++ openssl-1.1.1d/test/evp_kdf_test.c 2019-09-13 15:39:34.862725851 +0200 @@ -0,0 +1,237 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. @@ -4074,10 +4053,10 @@ diff -up openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf openssl-1.1.1b/test/evp_kdf_ +#endif + return 1; +} -diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c ---- openssl-1.1.1b/test/evp_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/evp_test.c 2019-02-28 13:05:05.658521345 +0100 -@@ -1672,13 +1672,14 @@ static const EVP_TEST_METHOD encode_test +diff -up openssl-1.1.1d/test/evp_test.c.evp-kdf openssl-1.1.1d/test/evp_test.c +--- openssl-1.1.1d/test/evp_test.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/evp_test.c 2019-09-13 15:39:34.865725798 +0200 +@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test encode_test_run, }; @@ -4093,7 +4072,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c /* Expected output */ unsigned char *output; size_t output_len; -@@ -1705,16 +1706,11 @@ static int kdf_test_init(EVP_TEST *t, co +@@ -1738,16 +1739,11 @@ static int kdf_test_init(EVP_TEST *t, co if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; @@ -4111,7 +4090,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c t->data = kdata; return 1; } -@@ -1723,7 +1719,42 @@ static void kdf_test_cleanup(EVP_TEST *t +@@ -1756,7 +1752,42 @@ static void kdf_test_cleanup(EVP_TEST *t { KDF_DATA *kdata = t->data; OPENSSL_free(kdata->output); @@ -4155,7 +4134,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c } static int kdf_test_parse(EVP_TEST *t, -@@ -1734,7 +1765,7 @@ static int kdf_test_parse(EVP_TEST *t, +@@ -1767,7 +1798,7 @@ static int kdf_test_parse(EVP_TEST *t, if (strcmp(keyword, "Output") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); if (strncmp(keyword, "Ctrl", 4) == 0) @@ -4164,7 +4143,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c return 0; } -@@ -1748,7 +1779,7 @@ static int kdf_test_run(EVP_TEST *t) +@@ -1781,7 +1812,7 @@ static int kdf_test_run(EVP_TEST *t) t->err = "INTERNAL_ERROR"; goto err; } @@ -4173,7 +4152,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c t->err = "KDF_DERIVE_ERROR"; goto err; } -@@ -1774,6 +1805,106 @@ static const EVP_TEST_METHOD kdf_test_me +@@ -1807,6 +1838,106 @@ static const EVP_TEST_METHOD kdf_test_me /** @@ -4280,7 +4259,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c *** KEYPAIR TESTS **/ -@@ -2277,6 +2408,7 @@ static const EVP_TEST_METHOD *evp_test_l +@@ -2310,6 +2441,7 @@ static const EVP_TEST_METHOD *evp_test_l &digestverify_test_method, &encode_test_method, &kdf_test_method, @@ -4288,9 +4267,9 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c &keypair_test_method, &keygen_test_method, &mac_test_method, -diff -up openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1b/test/pkey_meth_kdf_test.c ---- openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/pkey_meth_kdf_test.c 2019-02-28 13:05:05.658521345 +0100 +diff -up openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1d/test/pkey_meth_kdf_test.c +--- openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/pkey_meth_kdf_test.c 2019-09-13 15:39:34.867725763 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -4494,9 +4473,9 @@ diff -up openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1b/test/pk } #endif -diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt ---- openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt 2019-02-28 13:05:05.659521326 +0100 +diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt +--- openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-13 15:39:34.870725710 +0200 @@ -1,5 +1,5 @@ # -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. @@ -4895,9 +4874,9 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl +Ctrl.digest = digest:sha512 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14 + -diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt ---- openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2019-02-28 13:05:05.659521326 +0100 -+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-02-28 13:05:05.659521326 +0100 +diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt +--- openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2019-09-13 15:39:34.873725658 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-09-13 15:39:34.872725675 +0200 @@ -0,0 +1,305 @@ +# +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -5204,9 +5183,9 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op +Ctrl.p = p:1 +Result = INTERNAL_ERROR + -diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_kdf.t ---- openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf 2019-02-28 13:05:05.659521326 +0100 -+++ openssl-1.1.1b/test/recipes/30-test_evp_kdf.t 2019-02-28 13:05:05.659521326 +0100 +diff -up openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_kdf.t +--- openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf 2019-09-13 15:39:34.875725622 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t 2019-09-13 15:39:34.875725622 +0200 @@ -0,0 +1,13 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -5221,9 +5200,9 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/te +use OpenSSL::Test::Simple; + +simple_test("test_evp_kdf", "evp_kdf_test"); -diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/recipes/30-test_evp.t ---- openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf 2019-05-29 16:55:38.236960543 +0200 -+++ openssl-1.1.1c/test/recipes/30-test_evp.t 2019-05-29 16:57:46.348718012 +0200 +diff -up openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp.t +--- openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp.t 2019-09-13 15:39:34.876725605 +0200 @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/ setup("test_evp"); @@ -5233,11 +5212,10 @@ diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/r "evpcase.txt", "evpccmcavs.txt" ); plan tests => scalar(@files); - -diff -up openssl-1.1.1b/util/libcrypto.num.evp-kdf openssl-1.1.1b/util/libcrypto.num ---- openssl-1.1.1b/util/libcrypto.num.evp-kdf 2019-02-28 13:05:05.636521752 +0100 -+++ openssl-1.1.1b/util/libcrypto.num 2019-02-28 13:05:05.660521308 +0100 -@@ -4614,3 +4614,11 @@ FIPS_drbg_get_strength +diff -up openssl-1.1.1d/util/libcrypto.num.evp-kdf openssl-1.1.1d/util/libcrypto.num +--- openssl-1.1.1d/util/libcrypto.num.evp-kdf 2019-09-13 15:39:20.248983182 +0200 ++++ openssl-1.1.1d/util/libcrypto.num 2019-09-13 15:39:34.881725517 +0200 +@@ -4617,3 +4617,11 @@ FIPS_drbg_get_strength FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: @@ -5249,9 +5227,9 @@ diff -up openssl-1.1.1b/util/libcrypto.num.evp-kdf openssl-1.1.1b/util/libcrypto +EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION: +EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION: +EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION: -diff -up openssl-1.1.1b/util/private.num.evp-kdf openssl-1.1.1b/util/private.num ---- openssl-1.1.1b/util/private.num.evp-kdf 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/util/private.num 2019-02-28 13:05:05.660521308 +0100 +diff -up openssl-1.1.1d/util/private.num.evp-kdf openssl-1.1.1d/util/private.num +--- openssl-1.1.1d/util/private.num.evp-kdf 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/util/private.num 2019-09-13 15:39:34.883725481 +0200 @@ -21,6 +21,7 @@ CRYPTO_EX_dup CRYPTO_EX_free datatype CRYPTO_EX_new datatype diff --git a/openssl-1.1.1-fips-crng-test.patch b/openssl-1.1.1-fips-crng-test.patch index 91841f1..9be5c30 100644 --- a/openssl-1.1.1-fips-crng-test.patch +++ b/openssl-1.1.1-fips-crng-test.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1b/crypto/include/internal/rand_int.h ---- openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test 2019-05-07 08:56:33.242179136 +0200 -+++ openssl-1.1.1b/crypto/include/internal/rand_int.h 2019-05-07 09:54:14.920204875 +0200 -@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN +diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1d/crypto/include/internal/rand_int.h +--- openssl-1.1.1d/crypto/include/internal/rand_int.h.crng-test 2019-09-13 16:03:54.572238927 +0200 ++++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2019-09-13 16:03:54.966232056 +0200 +@@ -48,6 +48,14 @@ size_t rand_drbg_get_additional_data(RAN void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); @@ -16,18 +16,18 @@ diff -up openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test openssl-1.1 /* * RAND_POOL functions */ -diff -up openssl-1.1.1b/crypto/rand/build.info.crng-test openssl-1.1.1b/crypto/rand/build.info ---- openssl-1.1.1b/crypto/rand/build.info.crng-test 2019-05-07 09:54:14.921204857 +0200 -+++ openssl-1.1.1b/crypto/rand/build.info 2019-05-07 09:55:22.730014705 +0200 +diff -up openssl-1.1.1d/crypto/rand/build.info.crng-test openssl-1.1.1d/crypto/rand/build.info +--- openssl-1.1.1d/crypto/rand/build.info.crng-test 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rand/build.info 2019-09-13 16:03:54.968232021 +0200 @@ -1,4 +1,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - randfile.c rand_lib.c rand_err.c rand_egd.c \ + randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c -diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/rand/drbg_lib.c ---- openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rand/drbg_lib.c 2019-05-07 10:04:51.753157224 +0200 +diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1d/crypto/rand/drbg_lib.c +--- openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2019-09-13 16:03:54.969232004 +0200 @@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg; @@ -51,9 +51,9 @@ diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/r #ifndef RAND_DRBG_GET_RANDOM_NONCE drbg->get_nonce = rand_drbg_get_nonce; drbg->cleanup_nonce = rand_drbg_cleanup_nonce; -diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/crypto/rand/rand_crng_test.c ---- openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test 2019-05-07 09:54:14.925204787 +0200 -+++ openssl-1.1.1b/crypto/rand/rand_crng_test.c 2019-05-07 09:54:14.932204664 +0200 +diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/crypto/rand/rand_crng_test.c +--- openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test 2019-09-13 16:03:54.969232004 +0200 ++++ openssl-1.1.1d/crypto/rand/rand_crng_test.c 2019-09-13 16:15:20.834271063 +0200 @@ -0,0 +1,118 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. @@ -110,7 +110,7 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr +{ + unsigned char buf[CRNGT_BUFSIZ]; + -+ if ((crngt_pool = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) ++ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) + return 0; + if (crngt_get_entropy(buf, crngt_prev, NULL)) { + OPENSSL_cleanse(buf, sizeof(buf)); @@ -147,7 +147,7 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr + if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init)) + return 0; + -+ if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL) ++ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL) + return 0; + + while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { @@ -173,9 +173,9 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr +{ + OPENSSL_secure_clear_free(out, outlen); +} -diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/rand/rand_lcl.h ---- openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test 2019-05-07 08:56:33.330177674 +0200 -+++ openssl-1.1.1b/crypto/rand/rand_lcl.h 2019-05-07 09:54:14.933204647 +0200 +diff -up openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1d/crypto/rand/rand_lcl.h +--- openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test 2019-09-13 16:03:54.653237514 +0200 ++++ openssl-1.1.1d/crypto/rand/rand_lcl.h 2019-09-13 16:03:54.969232004 +0200 @@ -33,7 +33,15 @@ # define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ # define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ @@ -193,17 +193,16 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/r /* * Maximum input size for the DRBG (entropy, nonce, personalization string) -@@ -44,7 +52,8 @@ +@@ -44,6 +52,8 @@ */ # define DRBG_MAX_LENGTH INT32_MAX -- +/* The default nonce */ +# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG" /* * Maximum allocation size for RANDOM_POOL buffers -@@ -290,4 +299,22 @@ int rand_drbg_enable_locking(RAND_DRBG * +@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG * /* initializes the AES-CTR DRBG implementation */ int drbg_ctr_init(RAND_DRBG *drbg); @@ -226,10 +225,10 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/r +int rand_crngt_single_init(void); + #endif -diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c ---- openssl-1.1.1b/test/drbgtest.c.crng-test 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/drbgtest.c 2019-05-07 10:06:24.706551561 +0200 -@@ -143,6 +143,31 @@ static size_t kat_nonce(RAND_DRBG *drbg, +diff -up openssl-1.1.1d/test/drbgtest.c.crng-test openssl-1.1.1d/test/drbgtest.c +--- openssl-1.1.1d/test/drbgtest.c.crng-test 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/drbgtest.c 2019-09-13 16:03:54.969232004 +0200 +@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg, return t->noncelen; } @@ -261,7 +260,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c static int uninstantiate(RAND_DRBG *drbg) { int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg); -@@ -168,7 +193,8 @@ static int single_kat(DRBG_SELFTEST_DATA +@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) return 0; if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, @@ -271,7 +270,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c failures++; goto err; } -@@ -286,7 +312,8 @@ static int error_check(DRBG_SELFTEST_DAT +@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT unsigned int reseed_counter_tmp; int ret = 0; @@ -281,7 +280,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c goto err; /* -@@ -699,6 +726,10 @@ static int test_rand_drbg_reseed(void) +@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void) || !TEST_ptr_eq(private->parent, master)) return 0; @@ -292,7 +291,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c /* uninstantiate the three global DRBGs */ RAND_DRBG_uninstantiate(private); RAND_DRBG_uninstantiate(public); -@@ -919,7 +950,8 @@ static int test_rand_seed(void) +@@ -964,7 +995,8 @@ static int test_rand_seed(void) size_t rand_buflen; size_t required_seed_buflen = 0; @@ -302,7 +301,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c return 0; #ifdef OPENSSL_RAND_SEED_NONE -@@ -968,6 +1000,95 @@ static int test_rand_add(void) +@@ -1013,6 +1045,95 @@ static int test_rand_add(void) return 1; } @@ -398,7 +397,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c int setup_tests(void) { app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); -@@ -980,5 +1101,6 @@ int setup_tests(void) +@@ -1025,5 +1146,6 @@ int setup_tests(void) #if defined(OPENSSL_THREADS) ADD_TEST(test_multi_thread); #endif diff --git a/openssl-1.1.1-fips-post-rand.patch b/openssl-1.1.1-fips-post-rand.patch index fc60e33..02d7df3 100644 --- a/openssl-1.1.1-fips-post-rand.patch +++ b/openssl-1.1.1-fips-post-rand.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c ---- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200 -+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand openssl-1.1.1d/crypto/fips/fips.c +--- openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand 2019-09-13 16:15:52.656716089 +0200 ++++ openssl-1.1.1d/crypto/fips/fips.c 2019-09-13 16:44:33.217852364 +0200 @@ -68,6 +68,7 @@ # include @@ -46,14 +46,14 @@ diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/ + fips_set_mode(onoff); + /* force RNG reseed with entropy from getrandom() on next call */ -+ rand_fork(); ++ rand_force_reseed(); + ret = 1; goto end; } -diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h ---- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200 -+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200 +diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/fips_int.h +--- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand 2019-09-13 16:15:52.666715914 +0200 ++++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2019-09-13 16:15:52.690715496 +0200 @@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void); int FIPS_selftest_drbg(void); int FIPS_selftest_cmac(void); @@ -63,24 +63,58 @@ diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openss int fips_pkey_signature_test(EVP_PKEY *pkey, const unsigned char *tbs, int tbslen, const unsigned char *kat, -diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c ---- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200 -@@ -16,10 +16,12 @@ - #include +diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/rand_int.h +--- openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand 2019-09-13 16:15:52.307722175 +0200 ++++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2019-09-13 16:41:47.133736023 +0200 +@@ -24,6 +24,7 @@ + typedef struct rand_pool_st RAND_POOL; + + void rand_cleanup_int(void); ++void rand_force_reseed(void); + void rand_drbg_cleanup_int(void); + void drbg_delete_thread_state(void); + +diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1d/crypto/rand/drbg_lib.c +--- openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2019-09-13 16:44:04.808345620 +0200 +@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg + return min_entropy > min_entropylen ? min_entropy : min_entropylen; + } + ++void rand_force_reseed(void) ++{ ++ RAND_DRBG *drbg; ++ ++ drbg = RAND_DRBG_get0_master(); ++ drbg->fork_id = 0; ++ ++ drbg = RAND_DRBG_get0_private(); ++ drbg->fork_id = 0; ++ ++ drbg = RAND_DRBG_get0_public(); ++ drbg->fork_id = 0; ++} ++ + /* Implements the default OpenSSL RAND_add() method */ + static int drbg_add(const void *buf, int num, double randomness) + { +diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/crypto/rand/rand_unix.c +--- openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rand/rand_unix.c 2019-09-13 16:15:52.690715496 +0200 +@@ -17,10 +17,12 @@ + #include #include "rand_lcl.h" #include "internal/rand_int.h" +#include "internal/fips_int.h" #include #include "internal/dso.h" - #if defined(__linux) --# include -+# include + #ifdef __linux + # include +# include - #endif - #if defined(__FreeBSD__) - # include -@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf, + # ifdef DEVRANDOM_WAIT + # include + # include +@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf, * syscall_random(): Try to get random data using a system call * returns the number of bytes returned in buf, or < 0 on error. */ @@ -89,7 +123,7 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr { /* * Note: 'buflen' equals the size of the buffer which is used by the -@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf, +@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf, * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) */ @@ -97,7 +131,7 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); -@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf, +@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf, if (p_getentropy.p != NULL) return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; # endif @@ -111,19 +145,17 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) return sysctl_random(buf, buflen); # else -@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO - size_t bytes_needed; - size_t entropy_available = 0; - unsigned char *buffer; -- +@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO + size_t entropy_available; + # if defined(OPENSSL_RAND_SEED_GETRANDOM) + int in_post; + + for (in_post = fips_in_post(); in_post >= 0; --in_post) { { - ssize_t bytes; - /* Maximum allowed number of consecutive unsuccessful attempts */ -@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO + size_t bytes_needed; + unsigned char *buffer; +@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); while (bytes_needed != 0 && attempts-- > 0) { buffer = rand_pool_add_begin(pool, bytes_needed); @@ -132,7 +164,7 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr if (bytes > 0) { rand_pool_add_end(pool, bytes, 8 * bytes); bytes_needed -= bytes; -@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO +@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO int attempts = 3; const int fd = get_random_device(i); @@ -144,8 +176,8 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr while (bytes_needed != 0 && attempts-- > 0) { buffer = rand_pool_add_begin(pool, bytes_needed); -@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO - } +@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO + return entropy_available; } # endif - diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index 3ff5aa4..9ccdcbf 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c ---- openssl-1.1.1b/apps/pkcs12.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/apps/pkcs12.c 2019-05-24 12:08:40.524523735 +0200 +diff -up openssl-1.1.1d/apps/pkcs12.c.fips openssl-1.1.1d/apps/pkcs12.c +--- openssl-1.1.1d/apps/pkcs12.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/apps/pkcs12.c 2019-09-13 15:13:11.022525640 +0200 @@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv) int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; @@ -10,10 +10,10 @@ diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c # else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; # endif -diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c ---- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200 -+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200 -@@ -1592,7 +1592,8 @@ int speed_main(int argc, char **argv) +diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c +--- openssl-1.1.1d/apps/speed.c.fips 2019-09-13 15:13:11.008525884 +0200 ++++ openssl-1.1.1d/apps/speed.c 2019-09-13 15:13:11.022525640 +0200 +@@ -1595,7 +1595,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) @@ -23,7 +23,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c continue; } if (found(*argv, rsa_choices, &i)) { -@@ -1602,7 +1603,9 @@ int speed_main(int argc, char **argv) +@@ -1605,7 +1606,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -34,7 +34,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1633,19 +1636,21 @@ int speed_main(int argc, char **argv) +@@ -1636,19 +1639,21 @@ int speed_main(int argc, char **argv) } if (strcmp(*argv, "ecdh") == 0) { for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) @@ -60,7 +60,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c eddsa_doit[i] = 2; continue; } -@@ -1734,23 +1739,30 @@ int speed_main(int argc, char **argv) +@@ -1737,23 +1742,30 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -96,7 +96,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c #endif } for (i = 0; i < ALGOR_NUM; i++) -@@ -1798,30 +1810,46 @@ int speed_main(int argc, char **argv) +@@ -1801,30 +1813,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -153,7 +153,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -2118,6 +2146,7 @@ int speed_main(int argc, char **argv) +@@ -2122,6 +2150,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -161,10 +161,10 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.1b/Configure.fips openssl-1.1.1b/Configure ---- openssl-1.1.1b/Configure.fips 2019-02-28 11:30:06.775746246 +0100 -+++ openssl-1.1.1b/Configure 2019-02-28 11:30:06.779746172 +0100 -@@ -313,7 +313,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.1d/Configure.fips openssl-1.1.1d/Configure +--- openssl-1.1.1d/Configure.fips 2019-09-13 15:13:11.017525727 +0200 ++++ openssl-1.1.1d/Configure 2019-09-13 15:13:11.023525622 +0200 +@@ -307,7 +307,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", @@ -173,9 +173,9 @@ diff -up openssl-1.1.1b/Configure.fips openssl-1.1.1b/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1b/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/cmac/cm_pmeth.c 2019-05-06 14:55:32.866749109 +0200 +diff -up openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1d/crypto/cmac/cm_pmeth.c +--- openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/cmac/cm_pmeth.c 2019-09-13 15:13:11.023525622 +0200 @@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD cmac_pkey_meth = { @@ -185,9 +185,9 @@ diff -up openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1b/crypto/cmac/c pkey_cmac_init, pkey_cmac_copy, pkey_cmac_cleanup, -diff -up openssl-1.1.1b/crypto/dh/dh_err.c.fips openssl-1.1.1b/crypto/dh/dh_err.c ---- openssl-1.1.1b/crypto/dh/dh_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_err.c 2019-02-28 11:30:06.779746172 +0100 +diff -up openssl-1.1.1d/crypto/dh/dh_err.c.fips openssl-1.1.1d/crypto/dh/dh_err.c +--- openssl-1.1.1d/crypto/dh/dh_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_err.c 2019-09-13 15:13:11.023525622 +0200 @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -213,9 +213,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_err.c.fips openssl-1.1.1b/crypto/dh/dh_err. {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen.c ---- openssl-1.1.1b/crypto/dh/dh_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_gen.c 2019-02-28 11:30:06.780746153 +0100 +diff -up openssl-1.1.1d/crypto/dh/dh_gen.c.fips openssl-1.1.1d/crypto/dh/dh_gen.c +--- openssl-1.1.1d/crypto/dh/dh_gen.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_gen.c 2019-09-13 15:13:11.023525622 +0200 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -240,7 +240,7 @@ diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen. if (ret->meth->generate_params) return ret->meth->generate_params(ret, prime_len, generator, cb); return dh_builtin_genparams(ret, prime_len, generator, cb); -@@ -62,6 +72,18 @@ static int dh_builtin_genparams(DH *ret, +@@ -65,6 +75,18 @@ static int dh_builtin_genparams(DH *ret, int g, ok = -1; BN_CTX *ctx = NULL; @@ -259,9 +259,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key.c ---- openssl-1.1.1b/crypto/dh/dh_key.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_key.c 2019-02-28 11:30:06.780746153 +0100 +diff -up openssl-1.1.1d/crypto/dh/dh_key.c.fips openssl-1.1.1d/crypto/dh/dh_key.c +--- openssl-1.1.1d/crypto/dh/dh_key.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_key.c 2019-09-13 15:13:11.024525605 +0200 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -321,7 +321,7 @@ diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key. if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); return 0; -@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke +@@ -179,6 +204,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -335,7 +335,7 @@ diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -228,6 +260,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -345,9 +345,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips openssl-1.1.1b/crypto/dh/dh_pmeth.c ---- openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_pmeth.c 2019-05-06 14:57:29.184723430 +0200 +diff -up openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips openssl-1.1.1d/crypto/dh/dh_pmeth.c +--- openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_pmeth.c 2019-09-13 15:13:11.024525605 +0200 @@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * const EVP_PKEY_METHOD dh_pkey_meth = { @@ -366,9 +366,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips openssl-1.1.1b/crypto/dh/dh_pm pkey_dh_init, pkey_dh_copy, pkey_dh_cleanup, -diff -up openssl-1.1.1b/crypto/dsa/dsa_err.c.fips openssl-1.1.1b/crypto/dsa/dsa_err.c ---- openssl-1.1.1b/crypto/dsa/dsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_err.c 2019-02-28 11:30:06.798745819 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_err.c.fips openssl-1.1.1d/crypto/dsa/dsa_err.c +--- openssl-1.1.1d/crypto/dsa/dsa_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_err.c 2019-09-13 15:14:33.737079876 +0200 @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -385,22 +385,24 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_err.c.fips openssl-1.1.1b/crypto/dsa/dsa_ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, -@@ -51,9 +54,12 @@ static const ERR_STRING_DATA DSA_str_rea +@@ -51,11 +54,14 @@ static const ERR_STRING_DATA DSA_str_rea {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_INVALID), "key size invalid"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_gen.c ---- openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_gen.c 2019-02-28 11:30:06.799745800 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips openssl-1.1.1d/crypto/dsa/dsa_gen.c +--- openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_gen.c 2019-09-13 15:13:11.046525220 +0200 @@ -22,12 +22,22 @@ #include #include @@ -440,7 +442,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ } } -@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -309,7 +325,7 @@ int dsa_builtin_paramgen2(DSA *ret, size int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { @@ -449,7 +451,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ unsigned char *seed = NULL, *seed_tmp = NULL; unsigned char md[EVP_MAX_MD_SIZE]; int mdsize; -@@ -333,6 +349,20 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -332,6 +348,20 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; } @@ -470,7 +472,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); -@@ -433,9 +463,10 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -432,9 +462,10 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; /* Provided seed didn't produce a prime: error */ if (seed_in) { @@ -484,7 +486,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ } /* do a callback call */ -@@ -521,11 +552,14 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -520,11 +551,14 @@ int dsa_builtin_paramgen2(DSA *ret, size if (counter >= (int)(4 * L)) break; } @@ -499,7 +501,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ } end: if (!BN_GENCB_call(cb, 2, 1)) -@@ -596,7 +630,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -595,7 +629,7 @@ int dsa_builtin_paramgen2(DSA *ret, size BN_free(ret->g); ret->g = BN_dup(g); if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { @@ -508,7 +510,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ goto err; } if (counter_ret != NULL) -@@ -614,3 +648,53 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -612,3 +646,53 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX_free(mctx); return ok; } @@ -562,9 +564,9 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.1b/crypto/dsa/dsa_key.c.fips openssl-1.1.1b/crypto/dsa/dsa_key.c ---- openssl-1.1.1b/crypto/dsa/dsa_key.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_key.c 2019-02-28 11:30:06.799745800 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_key.c.fips openssl-1.1.1d/crypto/dsa/dsa_key.c +--- openssl-1.1.1d/crypto/dsa/dsa_key.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_key.c 2019-09-13 15:13:11.046525220 +0200 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -644,9 +646,9 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_key.c.fips openssl-1.1.1b/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_ossl.c 2019-02-28 11:30:06.800745781 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1d/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_ossl.c 2019-09-13 15:13:11.047525203 +0200 @@ -14,6 +14,9 @@ #include #include "dsa_locl.h" @@ -657,7 +659,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -73,6 +76,19 @@ static DSA_SIG *dsa_do_sign(const unsign +@@ -77,6 +80,19 @@ static DSA_SIG *dsa_do_sign(const unsign goto err; } @@ -677,7 +679,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa ret = DSA_SIG_new(); if (ret == NULL) goto err; -@@ -301,6 +317,18 @@ static int dsa_do_verify(const unsigned +@@ -315,6 +331,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -696,7 +698,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -389,6 +417,9 @@ static int dsa_do_verify(const unsigned +@@ -403,6 +431,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -706,10 +708,10 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_pmeth.c 2019-02-28 11:30:06.800745781 +0100 -@@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT +diff -up openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1d/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_pmeth.c 2019-09-13 15:13:11.047525203 +0200 +@@ -215,8 +215,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; } @@ -720,7 +722,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -@@ -241,7 +241,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX +@@ -245,7 +245,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, @@ -729,9 +731,9 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/ds pkey_dsa_init, pkey_dsa_copy, pkey_dsa_cleanup, -diff -up openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ecdh_ossl.c 2019-02-28 11:30:06.801745763 +0100 +diff -up openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ecdh_ossl.c 2019-09-13 15:13:11.047525203 +0200 @@ -19,9 +19,20 @@ #include #include "ec_lcl.h" @@ -753,9 +755,9 @@ diff -up openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ecdsa_ossl.c 2019-02-28 11:30:06.801745763 +0100 +diff -up openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c 2019-09-13 15:13:11.047525203 +0200 @@ -14,6 +14,10 @@ #include "internal/bn_int.h" #include "ec_lcl.h" @@ -767,7 +769,7 @@ diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecd int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -159,6 +163,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns +@@ -163,6 +167,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns ECDSA_SIG *ret; const BIGNUM *priv_key; @@ -781,7 +783,7 @@ diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecd group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); -@@ -317,6 +328,13 @@ int ossl_ecdsa_verify_sig(const unsigned +@@ -325,6 +336,13 @@ int ossl_ecdsa_verify_sig(const unsigned const EC_GROUP *group; const EC_POINT *pub_key; @@ -795,9 +797,9 @@ diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1b/crypto/ec/ec_key.c.fips openssl-1.1.1b/crypto/ec/ec_key.c ---- openssl-1.1.1b/crypto/ec/ec_key.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ec_key.c 2019-02-28 11:30:06.802745744 +0100 +diff -up openssl-1.1.1d/crypto/ec/ec_key.c.fips openssl-1.1.1d/crypto/ec/ec_key.c +--- openssl-1.1.1d/crypto/ec/ec_key.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ec_key.c 2019-09-13 15:13:11.048525186 +0200 @@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -863,10 +865,10 @@ diff -up openssl-1.1.1b/crypto/ec/ec_key.c.fips openssl-1.1.1b/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips openssl-1.1.1b/crypto/ec/ec_pmeth.c ---- openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ec_pmeth.c 2019-05-06 14:47:34.651077251 +0200 -@@ -434,7 +434,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * +diff -up openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips openssl-1.1.1d/crypto/ec/ec_pmeth.c +--- openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ec_pmeth.c 2019-09-13 15:13:11.048525186 +0200 +@@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, @@ -875,9 +877,9 @@ diff -up openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips openssl-1.1.1b/crypto/ec/ec_pm pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, -diff -up openssl-1.1.1b/crypto/evp/c_allc.c.fips openssl-1.1.1b/crypto/evp/c_allc.c ---- openssl-1.1.1b/crypto/evp/c_allc.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/c_allc.c 2019-02-28 11:30:06.802745744 +0100 +diff -up openssl-1.1.1d/crypto/evp/c_allc.c.fips openssl-1.1.1d/crypto/evp/c_allc.c +--- openssl-1.1.1d/crypto/evp/c_allc.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/c_allc.c 2019-09-13 15:13:11.048525186 +0200 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -959,9 +961,9 @@ diff -up openssl-1.1.1b/crypto/evp/c_allc.c.fips openssl-1.1.1b/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_alld.c ---- openssl-1.1.1b/crypto/evp/c_alld.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/c_alld.c 2019-02-28 11:30:06.803745726 +0100 +diff -up openssl-1.1.1d/crypto/evp/c_alld.c.fips openssl-1.1.1d/crypto/evp/c_alld.c +--- openssl-1.1.1d/crypto/evp/c_alld.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/c_alld.c 2019-09-13 15:13:11.048525186 +0200 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -997,9 +999,9 @@ diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/digest.c ---- openssl-1.1.1c/crypto/evp/digest.c.fips 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/crypto/evp/digest.c 2019-05-29 15:47:59.220499971 +0200 +diff -up openssl-1.1.1d/crypto/evp/digest.c.fips openssl-1.1.1d/crypto/evp/digest.c +--- openssl-1.1.1d/crypto/evp/digest.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/digest.c 2019-09-13 15:13:11.049525168 +0200 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -1060,95 +1062,28 @@ diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes.c ---- openssl-1.1.1b/crypto/evp/e_aes.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_aes.c 2019-05-06 16:32:41.631668333 +0200 -@@ -387,22 +387,33 @@ static int aesni_xts_init_key(EVP_CIPHER - return 1; - - if (key) { -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ const int bits = bytes * 8; -+ -+ /* -+ * Verify that the two keys are different. -+ * -+ * This addresses Rogaway's vulnerability. -+ * See comment in aes_xts_init_key() below. -+ */ -+ if (memcmp(key, key + bytes, bytes) == 0) { -+ EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); -+ return 0; -+ } -+ - /* key_len is two AES keys */ - if (enc) { -- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aesni_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_encrypt; - xctx->stream = aesni_xts_encrypt; - } else { -- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aesni_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_decrypt; - xctx->stream = aesni_xts_decrypt; +diff -up openssl-1.1.1d/crypto/evp/e_aes.c.fips openssl-1.1.1d/crypto/evp/e_aes.c +--- openssl-1.1.1d/crypto/evp/e_aes.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_aes.c 2019-09-13 17:19:00.558994569 +0200 +@@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ +- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ++ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; } - -- aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aesni_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -791,7 +802,21 @@ static int aes_t4_xts_init_key(EVP_CIPHE - return 1; - - if (key) { -- int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ const int bits = bytes * 8; -+ -+ /* -+ * Verify that the two keys are different. -+ * -+ * This addresses Rogaway's vulnerability. -+ * See comment in aes_xts_init_key() below. -+ */ -+ if (memcmp(key, key + bytes, bytes) == 0) { -+ EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); -+ return 0; -+ } -+ - xctx->stream = NULL; - /* key_len is two AES keys */ - if (enc) { -@@ -808,8 +833,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE - return 0; - } - } else { -- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: -@@ -823,9 +847,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE - } +@@ -817,7 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ +- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ++ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; } - -- aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aes_t4_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -2794,9 +2816,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX +@@ -2833,9 +2833,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -1161,7 +1096,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { -@@ -2826,6 +2848,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -2869,6 +2869,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; @@ -1173,141 +1108,16 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != c->iv) -@@ -3275,11 +3302,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX - | EVP_CIPH_CUSTOM_COPY) - - BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, -- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | -+ CUSTOM_FLAGS) - - static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { -@@ -3313,8 +3343,33 @@ static int aes_xts_init_key(EVP_CIPHER_C - if (!iv && !key) - return 1; - -- if (key) -+ if (key) { - do { -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ const int bits = bytes * 8; -+ -+ /* -+ * Verify that the two keys are different. -+ * -+ * This addresses the vulnerability described in Rogaway's -+ * September 2004 paper: -+ * -+ * "Efficient Instantiations of Tweakable Blockciphers and -+ * Refinements to Modes OCB and PMAC". -+ * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf) -+ * -+ * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states -+ * that: -+ * "The check for Key_1 != Key_2 shall be done at any place -+ * BEFORE using the keys in the XTS-AES algorithm to process -+ * data with them." -+ */ -+ if (memcmp(key, key + bytes, bytes) == 0) { -+ EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); -+ return 0; -+ } -+ - #ifdef AES_XTS_ASM - xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; - #else -@@ -3324,26 +3379,20 @@ static int aes_xts_init_key(EVP_CIPHER_C - #ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - if (enc) { -- HWAES_set_encrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_encrypt; - # ifdef HWAES_xts_encrypt - xctx->stream = HWAES_xts_encrypt; - # endif - } else { -- HWAES_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_decrypt; - # ifdef HWAES_xts_decrypt - xctx->stream = HWAES_xts_decrypt; - #endif - } - -- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) HWAES_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -3358,20 +3407,14 @@ static int aes_xts_init_key(EVP_CIPHER_C - #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - if (enc) { -- vpaes_set_encrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_encrypt; - } else { -- vpaes_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_decrypt; - } - -- vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) vpaes_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -3381,22 +3424,19 @@ static int aes_xts_init_key(EVP_CIPHER_C - (void)0; /* terminate potentially open 'else' */ - - if (enc) { -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ AES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_encrypt; - } else { -- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ AES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_decrypt; +@@ -3380,7 +3385,7 @@ static int aes_xts_init_key(EVP_CIPHER_C + * BEFORE using the keys in the XTS-AES algorithm to process + * data with them." + */ +- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ++ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; } - -- AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) AES_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } while (0); -+ } - - if (iv) { - xctx->xts.key2 = &xctx->ks2; -@@ -3414,6 +3454,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -3484,6 +3489,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; @@ -1322,7 +1132,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, -@@ -3431,8 +3479,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -3501,8 +3514,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) @@ -1335,7 +1145,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -3697,11 +3747,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX +@@ -3772,11 +3787,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX #define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, @@ -1350,7 +1160,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. typedef struct { union { -@@ -3794,7 +3844,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT +@@ -3869,7 +3884,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT return rv ? (int)rv : -1; } @@ -1359,9 +1169,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.1b/crypto/evp/e_des3.c.fips openssl-1.1.1b/crypto/evp/e_des3.c ---- openssl-1.1.1b/crypto/evp/e_des3.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_des3.c 2019-02-28 11:30:06.804745707 +0100 +diff -up openssl-1.1.1d/crypto/evp/e_des3.c.fips openssl-1.1.1d/crypto/evp/e_des3.c +--- openssl-1.1.1d/crypto/evp/e_des3.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_des3.c 2019-09-13 15:13:11.050525151 +0200 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1388,9 +1198,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_des3.c.fips openssl-1.1.1b/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.1b/crypto/evp/e_null.c.fips openssl-1.1.1b/crypto/evp/e_null.c ---- openssl-1.1.1b/crypto/evp/e_null.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_null.c 2019-02-28 11:30:06.805745688 +0100 +diff -up openssl-1.1.1d/crypto/evp/e_null.c.fips openssl-1.1.1d/crypto/evp/e_null.c +--- openssl-1.1.1d/crypto/evp/e_null.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_null.c 2019-09-13 15:13:11.051525133 +0200 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1401,9 +1211,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_null.c.fips openssl-1.1.1b/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.fips openssl-1.1.1b/crypto/evp/evp_enc.c ---- openssl-1.1.1b/crypto/evp/evp_enc.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-02-28 11:30:06.805745688 +0100 +diff -up openssl-1.1.1d/crypto/evp/evp_enc.c.fips openssl-1.1.1d/crypto/evp/evp_enc.c +--- openssl-1.1.1d/crypto/evp/evp_enc.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_enc.c 2019-09-13 15:13:11.051525133 +0200 @@ -17,10 +17,19 @@ #include #include "internal/evp_int.h" @@ -1479,27 +1289,18 @@ diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.fips openssl-1.1.1b/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_err.c ---- openssl-1.1.1b/crypto/evp/evp_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-05-06 16:41:08.565739361 +0200 -@@ -15,11 +15,16 @@ - - static const ERR_STRING_DATA EVP_str_functs[] = { - {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), -+ "aes_t4_xts_init_key"}, +diff -up openssl-1.1.1d/crypto/evp/evp_err.c.fips openssl-1.1.1d/crypto/evp/evp_err.c +--- openssl-1.1.1d/crypto/evp/evp_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-13 15:25:47.290298192 +0200 +@@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), + "aes_t4_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, -@@ -179,6 +180,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -186,6 +187,7 @@ static const ERR_STRING_DATA EVP_str_rea "different key types"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, @@ -1507,7 +1308,7 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -241,6 +243,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -248,6 +250,7 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1515,20 +1316,18 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -266,6 +269,10 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -273,6 +276,8 @@ static const ERR_STRING_DATA EVP_str_rea "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), + "xts data unit is too large"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), -+ "xts duplicated keys"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), + "xts duplicated keys"}, {0, NULL} - }; - -diff -up openssl-1.1.1b/crypto/evp/evp_lib.c.fips openssl-1.1.1b/crypto/evp/evp_lib.c ---- openssl-1.1.1b/crypto/evp/evp_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_lib.c 2019-02-28 11:30:06.806745670 +0100 +diff -up openssl-1.1.1d/crypto/evp/evp_lib.c.fips openssl-1.1.1d/crypto/evp/evp_lib.c +--- openssl-1.1.1d/crypto/evp/evp_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_lib.c 2019-09-13 15:13:11.051525133 +0200 @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1539,9 +1338,9 @@ diff -up openssl-1.1.1b/crypto/evp/evp_lib.c.fips openssl-1.1.1b/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.1b/crypto/evp/m_sha1.c.fips openssl-1.1.1b/crypto/evp/m_sha1.c ---- openssl-1.1.1b/crypto/evp/m_sha1.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/m_sha1.c 2019-02-28 11:30:06.806745670 +0100 +diff -up openssl-1.1.1d/crypto/evp/m_sha1.c.fips openssl-1.1.1d/crypto/evp/m_sha1.c +--- openssl-1.1.1d/crypto/evp/m_sha1.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/m_sha1.c 2019-09-13 15:13:11.052525116 +0200 @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1605,10 +1404,10 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha1.c.fips openssl-1.1.1b/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha3.c ---- openssl-1.1.1b/crypto/evp/m_sha3.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/m_sha3.c 2019-05-06 16:12:23.012851747 +0200 -@@ -292,7 +292,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) +diff -up openssl-1.1.1d/crypto/evp/m_sha3.c.fips openssl-1.1.1d/crypto/evp/m_sha3.c +--- openssl-1.1.1d/crypto/evp/m_sha3.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/m_sha3.c 2019-09-13 15:13:11.052525116 +0200 +@@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ @@ -1617,7 +1416,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha s390x_sha3_init, \ s390x_sha3_update, \ s390x_sha3_final, \ -@@ -305,7 +305,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) +@@ -308,7 +308,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ @@ -1626,7 +1425,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha sha3_init, \ sha3_update, \ sha3_final, \ -@@ -326,7 +326,7 @@ const EVP_MD *EVP_shake##bitlen(void) +@@ -329,7 +329,7 @@ const EVP_MD *EVP_shake##bitlen(void) NID_shake##bitlen, \ 0, \ bitlen / 8, \ @@ -1635,7 +1434,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha s390x_shake_init, \ s390x_sha3_update, \ s390x_shake_final, \ -@@ -340,7 +340,7 @@ const EVP_MD *EVP_shake##bitlen(void) +@@ -343,7 +343,7 @@ const EVP_MD *EVP_shake##bitlen(void) NID_shake##bitlen, \ 0, \ bitlen / 8, \ @@ -1644,7 +1443,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -@@ -364,7 +364,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) +@@ -367,7 +367,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ @@ -1653,7 +1452,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha sha3_init, \ sha3_update, \ sha3_final, \ -@@ -383,7 +383,7 @@ const EVP_MD *EVP_shake##bitlen(void) +@@ -386,7 +386,7 @@ const EVP_MD *EVP_shake##bitlen(void) NID_shake##bitlen, \ 0, \ bitlen / 8, \ @@ -1662,9 +1461,9 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pmeth_lib.c ---- openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/pmeth_lib.c 2019-05-06 15:11:33.207095983 +0200 +diff -up openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips openssl-1.1.1d/crypto/evp/pmeth_lib.c +--- openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/pmeth_lib.c 2019-09-13 15:13:11.052525116 +0200 @@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE pmeth = ENGINE_get_pkey_meth(e, id); else @@ -1681,9 +1480,9 @@ diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pm if (pmeth == NULL) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.1.1b/crypto/fips/build.info.fips openssl-1.1.1b/crypto/fips/build.info ---- openssl-1.1.1b/crypto/fips/build.info.fips 2019-02-28 11:30:06.806745670 +0100 -+++ openssl-1.1.1b/crypto/fips/build.info 2019-02-28 11:30:06.806745670 +0100 +diff -up openssl-1.1.1d/crypto/fips/build.info.fips openssl-1.1.1d/crypto/fips/build.info +--- openssl-1.1.1d/crypto/fips/build.info.fips 2019-09-13 15:13:11.052525116 +0200 ++++ openssl-1.1.1d/crypto/fips/build.info 2019-09-13 15:13:11.052525116 +0200 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1700,9 +1499,9 @@ diff -up openssl-1.1.1b/crypto/fips/build.info.fips openssl-1.1.1b/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips 2019-02-28 11:30:06.807745651 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_aes_selftest.c 2019-02-28 11:30:06.807745651 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_aes_selftest.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2076,9 +1875,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1b/cryp +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips.c.fips openssl-1.1.1b/crypto/fips/fips.c ---- openssl-1.1.1b/crypto/fips/fips.c.fips 2019-02-28 11:30:06.807745651 +0100 -+++ openssl-1.1.1b/crypto/fips/fips.c 2019-02-28 11:30:06.807745651 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips.c.fips openssl-1.1.1d/crypto/fips/fips.c +--- openssl-1.1.1d/crypto/fips/fips.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2606,9 +2405,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips.c.fips openssl-1.1.1b/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c 2019-02-28 11:30:06.808745633 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2766,9 +2565,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1b/cry + return rv; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_des_selftest.c 2019-02-28 11:30:06.808745633 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_des_selftest.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2903,9 +2702,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1b/cryp + return ret; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips 2019-02-28 11:30:06.810745596 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_dh_selftest.c 2019-02-28 11:30:06.810745596 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips 2019-09-13 15:13:11.055525063 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_dh_selftest.c 2019-09-13 15:13:11.055525063 +0200 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3087,9 +2886,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1b/crypt + return ret; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips 2019-02-28 11:30:06.811745577 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c 2019-02-28 11:30:06.811745577 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips 2019-09-13 15:13:11.055525063 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c 2019-09-13 15:13:11.055525063 +0200 @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3497,9 +3296,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1b/crypto/f + + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips 2019-02-28 11:30:06.811745577 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_hash.c 2019-02-28 11:30:06.811745577 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_hash.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3855,9 +3654,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1b/crypto/ + + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips 2019-02-28 11:30:06.811745577 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c 2019-02-28 11:30:06.811745577 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4121,9 +3920,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1b/crypto/ + + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips 2019-02-28 11:30:06.812745558 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_lib.c 2019-02-28 11:30:06.812745558 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_lib.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4653,9 +4452,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1b/crypto/f +{ + /* Just backwards compatibility API call with no effect. */ +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips 2019-02-28 11:30:06.812745558 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_rand.c 2019-02-28 11:30:06.812745558 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_rand.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,185 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4842,9 +4641,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1b/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips 2019-02-28 11:30:06.812745558 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c 2019-02-28 11:30:06.812745558 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips 2019-09-13 15:13:11.057525028 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c 2019-09-13 15:13:11.057525028 +0200 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5674,9 +5473,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1b/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips 2019-02-28 11:30:06.813745540 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h 2019-02-28 11:30:06.813745540 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips 2019-09-13 15:13:11.057525028 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h 2019-09-13 15:13:11.057525028 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7469,9 +7268,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1b/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c 2019-02-28 11:30:06.814745521 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips 2019-09-13 15:13:11.057525028 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c 2019-09-13 15:13:11.057525028 +0200 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7668,9 +7467,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1b/cryp + return ret; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c 2019-02-28 11:30:06.814745521 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7914,9 +7713,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1b/cry +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c 2019-02-28 11:30:06.814745521 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8084,9 +7883,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1b/cr +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_err.h.fips openssl-1.1.1b/crypto/fips/fips_err.h ---- openssl-1.1.1b/crypto/fips/fips_err.h.fips 2019-05-06 16:08:46.792598211 +0200 -+++ openssl-1.1.1b/crypto/fips/fips_err.h 2019-05-06 16:19:56.403993551 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips_err.h.fips openssl-1.1.1d/crypto/fips/fips_err.h +--- openssl-1.1.1d/crypto/fips/fips_err.h.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_err.h 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,197 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8285,9 +8084,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_err.h.fips openssl-1.1.1b/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_ers.c.fips openssl-1.1.1b/crypto/fips/fips_ers.c ---- openssl-1.1.1b/crypto/fips/fips_ers.c.fips 2019-02-28 11:30:06.815745503 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_ers.c 2019-02-28 11:30:06.815745503 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_ers.c.fips openssl-1.1.1d/crypto/fips/fips_ers.c +--- openssl-1.1.1d/crypto/fips/fips_ers.c.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_ers.c 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,7 @@ +#include + @@ -8296,9 +8095,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_ers.c.fips openssl-1.1.1b/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips 2019-02-28 11:30:06.815745503 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c 2019-02-28 11:30:06.815745503 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips 2019-09-13 15:13:11.059524993 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c 2019-09-13 15:13:11.059524993 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8434,9 +8233,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1b/cry + return 1; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_locl.h.fips openssl-1.1.1b/crypto/fips/fips_locl.h ---- openssl-1.1.1b/crypto/fips/fips_locl.h.fips 2019-02-28 11:30:06.815745503 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_locl.h 2019-02-28 11:30:06.815745503 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_locl.h.fips openssl-1.1.1d/crypto/fips/fips_locl.h +--- openssl-1.1.1d/crypto/fips/fips_locl.h.fips 2019-09-13 15:13:11.059524993 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_locl.h 2019-09-13 15:13:11.059524993 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8509,9 +8308,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_locl.h.fips openssl-1.1.1b/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_post.c.fips openssl-1.1.1b/crypto/fips/fips_post.c ---- openssl-1.1.1b/crypto/fips/fips_post.c.fips 2019-05-06 16:08:46.794598177 +0200 -+++ openssl-1.1.1b/crypto/fips/fips_post.c 2019-05-06 16:08:46.794598177 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips_post.c.fips openssl-1.1.1d/crypto/fips/fips_post.c +--- openssl-1.1.1d/crypto/fips/fips_post.c.fips 2019-09-13 15:13:11.059524993 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_post.c 2019-09-13 15:13:11.059524993 +0200 @@ -0,0 +1,224 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8737,9 +8536,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_post.c.fips openssl-1.1.1b/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1b/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips 2019-02-28 11:30:06.816745484 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_rand_lcl.h 2019-02-28 11:30:06.816745484 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1d/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_rand_lcl.h 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8944,9 +8743,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1b/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1b/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips 2019-02-28 11:30:06.816745484 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_rand_lib.c 2019-02-28 11:30:06.816745484 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1d/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_rand_lib.c 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9182,9 +8981,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1b/crypto/f +# endif +} + -diff -up openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips 2019-02-28 11:30:06.816745484 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c 2019-02-28 11:30:06.816745484 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9524,9 +9323,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1b/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips 2019-05-06 16:08:46.795598159 +0200 -+++ openssl-1.1.1b/crypto/fips/fips_sha_selftest.c 2019-05-06 17:35:40.211316880 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_sha_selftest.c 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,223 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9751,9 +9550,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1b/cryp +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips 2019-02-28 11:30:06.817745466 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips 2019-09-13 15:13:11.061524958 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c 2019-09-13 15:13:11.061524958 +0200 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9882,9 +9681,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/c +#endif + return 0; +} -diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac.c ---- openssl-1.1.1c/crypto/hmac/hmac.c.fips 2019-05-29 15:46:19.138261106 +0200 -+++ openssl-1.1.1c/crypto/hmac/hmac.c 2019-05-29 15:49:09.508263133 +0200 +diff -up openssl-1.1.1d/crypto/hmac/hmac.c.fips openssl-1.1.1d/crypto/hmac/hmac.c +--- openssl-1.1.1d/crypto/hmac/hmac.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/hmac/hmac.c 2019-09-13 15:13:11.061524958 +0200 @@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo return 0; @@ -9899,9 +9698,9 @@ diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); if (!ossl_assert(j <= (int)sizeof(ctx->key))) -diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/hmac/hm_pmeth.c 2019-05-06 14:56:01.123257022 +0200 +diff -up openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1d/crypto/hmac/hm_pmeth.c +--- openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/hmac/hm_pmeth.c 2019-09-13 15:13:11.061524958 +0200 @@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD hmac_pkey_meth = { @@ -9911,9 +9710,9 @@ diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/h pkey_hmac_init, pkey_hmac_copy, pkey_hmac_cleanup, -diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/crypto/include/internal/fips_int.h ---- openssl-1.1.1b/crypto/include/internal/fips_int.h.fips 2019-02-28 11:30:06.817745466 +0100 -+++ openssl-1.1.1b/crypto/include/internal/fips_int.h 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips openssl-1.1.1d/crypto/include/internal/fips_int.h +--- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips 2019-09-13 15:13:11.061524958 +0200 ++++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2019-09-13 15:13:11.061524958 +0200 @@ -0,0 +1,98 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10013,9 +9812,9 @@ diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.1b/crypto/o_fips.c.fips openssl-1.1.1b/crypto/o_fips.c ---- openssl-1.1.1b/crypto/o_fips.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/o_fips.c 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/o_fips.c.fips openssl-1.1.1d/crypto/o_fips.c +--- openssl-1.1.1d/crypto/o_fips.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/o_fips.c 2019-09-13 15:13:11.061524958 +0200 @@ -8,17 +8,28 @@ */ @@ -10045,9 +9844,9 @@ diff -up openssl-1.1.1b/crypto/o_fips.c.fips openssl-1.1.1b/crypto/o_fips.c return 0; +#endif } -diff -up openssl-1.1.1b/crypto/o_init.c.fips openssl-1.1.1b/crypto/o_init.c ---- openssl-1.1.1b/crypto/o_init.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/o_init.c 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/o_init.c.fips openssl-1.1.1d/crypto/o_init.c +--- openssl-1.1.1d/crypto/o_init.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/o_init.c 2019-09-13 15:13:11.062524941 +0200 @@ -7,8 +7,68 @@ * https://www.openssl.org/source/license.html */ @@ -10117,9 +9916,9 @@ diff -up openssl-1.1.1b/crypto/o_init.c.fips openssl-1.1.1b/crypto/o_init.c /* * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/rand_lib.c ---- openssl-1.1.1b/crypto/rand/rand_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rand/rand_lib.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rand/rand_lib.c.fips openssl-1.1.1d/crypto/rand/rand_lib.c +--- openssl-1.1.1d/crypto/rand/rand_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rand/rand_lib.c 2019-09-13 15:13:11.062524941 +0200 @@ -16,6 +16,10 @@ #include "internal/thread_once.h" #include "rand_lcl.h" @@ -10131,7 +9930,7 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/r #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -857,3 +861,15 @@ int RAND_status(void) +@@ -959,3 +963,15 @@ int RAND_status(void) return meth->status(); return 0; } @@ -10147,9 +9946,9 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/r + return 1; +} +#endif -diff -up openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1b/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_crpt.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1d/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_crpt.c 2019-09-13 15:13:11.062524941 +0200 @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10203,9 +10002,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1b/crypto/rsa/rsa return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_err.c ---- openssl-1.1.1b/crypto/rsa/rsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_err.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_err.c.fips openssl-1.1.1d/crypto/rsa/rsa_err.c +--- openssl-1.1.1d/crypto/rsa/rsa_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_err.c 2019-09-13 15:13:11.062524941 +0200 @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -10248,7 +10047,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, {0, NULL} }; -@@ -181,6 +192,7 @@ static const ERR_STRING_DATA RSA_str_rea +@@ -183,6 +194,7 @@ static const ERR_STRING_DATA RSA_str_rea "mp exponent not congruent to d"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, @@ -10256,7 +10055,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), -@@ -189,6 +201,8 @@ static const ERR_STRING_DATA RSA_str_rea +@@ -191,6 +203,8 @@ static const ERR_STRING_DATA RSA_str_rea "n does not equal p q"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, @@ -10265,7 +10064,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), -@@ -224,6 +238,8 @@ static const ERR_STRING_DATA RSA_str_rea +@@ -226,6 +240,8 @@ static const ERR_STRING_DATA RSA_str_rea "unsupported mask algorithm"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"}, @@ -10274,9 +10073,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips openssl-1.1.1b/crypto/rsa/rsa_gen.c ---- openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_gen.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips openssl-1.1.1d/crypto/rsa/rsa_gen.c +--- openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_gen.c 2019-09-13 15:13:11.063524923 +0200 @@ -18,6 +18,76 @@ #include "internal/cryptlib.h" #include @@ -10669,9 +10468,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips openssl-1.1.1b/crypto/rsa/rsa_ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -diff -up openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips openssl-1.1.1b/crypto/rsa/rsa_lib.c ---- openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_lib.c 2019-02-28 11:30:06.819745428 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips openssl-1.1.1d/crypto/rsa/rsa_lib.c +--- openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_lib.c 2019-09-13 15:13:11.063524923 +0200 @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10714,9 +10513,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips openssl-1.1.1b/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_ossl.c 2019-02-28 11:31:57.315691372 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1d/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_ossl.c 2019-09-13 15:13:11.063524923 +0200 @@ -12,6 +12,10 @@ #include "rsa_locl.h" #include "internal/constant_time_locl.h" @@ -10764,7 +10563,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -@@ -247,6 +273,22 @@ static int rsa_ossl_private_encrypt(int +@@ -246,6 +272,22 @@ static int rsa_ossl_private_encrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -10787,7 +10586,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -377,6 +419,22 @@ static int rsa_ossl_private_decrypt(int +@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -10810,7 +10609,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -500,6 +558,22 @@ static int rsa_ossl_public_decrypt(int f +@@ -507,6 +565,22 @@ static int rsa_ossl_public_decrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -10833,9 +10632,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1b/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips 2019-05-06 14:48:26.514174053 +0200 -+++ openssl-1.1.1b/crypto/rsa/rsa_pmeth.c 2019-05-06 14:45:46.732956649 +0200 +diff -up openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1d/crypto/rsa/rsa_pmeth.c +--- openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_pmeth.c 2019-09-13 15:13:11.063524923 +0200 @@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD rsa_pkey_meth = { @@ -10854,9 +10653,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1b/crypto/rsa/rs pkey_rsa_init, pkey_rsa_copy, pkey_rsa_cleanup, -diff -up openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips openssl-1.1.1b/crypto/rsa/rsa_sign.c ---- openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_sign.c 2019-02-28 11:30:06.819745428 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips openssl-1.1.1d/crypto/rsa/rsa_sign.c +--- openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_sign.c 2019-09-13 15:13:11.064524906 +0200 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10883,9 +10682,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips openssl-1.1.1b/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.1b/crypto/sha/sha256.c.fips openssl-1.1.1b/crypto/sha/sha256.c ---- openssl-1.1.1b/crypto/sha/sha256.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/sha/sha256.c 2019-02-28 11:30:06.819745428 +0100 +diff -up openssl-1.1.1d/crypto/sha/sha256.c.fips openssl-1.1.1d/crypto/sha/sha256.c +--- openssl-1.1.1d/crypto/sha/sha256.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/sha/sha256.c 2019-09-13 15:13:11.064524906 +0200 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10906,9 +10705,9 @@ diff -up openssl-1.1.1b/crypto/sha/sha256.c.fips openssl-1.1.1b/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1b/crypto/sha/sha512.c.fips openssl-1.1.1b/crypto/sha/sha512.c ---- openssl-1.1.1b/crypto/sha/sha512.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/sha/sha512.c 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/crypto/sha/sha512.c.fips openssl-1.1.1d/crypto/sha/sha512.c +--- openssl-1.1.1d/crypto/sha/sha512.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/sha/sha512.c 2019-09-13 15:13:11.064524906 +0200 @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10929,9 +10728,9 @@ diff -up openssl-1.1.1b/crypto/sha/sha512.c.fips openssl-1.1.1b/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1b/crypto/sha/sha_locl.h.fips openssl-1.1.1b/crypto/sha/sha_locl.h ---- openssl-1.1.1b/crypto/sha/sha_locl.h.fips 2019-02-28 11:30:06.628748979 +0100 -+++ openssl-1.1.1b/crypto/sha/sha_locl.h 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/crypto/sha/sha_locl.h.fips openssl-1.1.1d/crypto/sha/sha_locl.h +--- openssl-1.1.1d/crypto/sha/sha_locl.h.fips 2019-09-13 15:13:10.837528873 +0200 ++++ openssl-1.1.1d/crypto/sha/sha_locl.h 2019-09-13 15:13:11.064524906 +0200 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -10942,9 +10741,9 @@ diff -up openssl-1.1.1b/crypto/sha/sha_locl.h.fips openssl-1.1.1b/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod 2019-09-13 15:13:11.064524906 +0200 @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10958,9 +10757,9 @@ diff -up openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1b DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.1b/include/openssl/crypto.h.fips openssl-1.1.1b/include/openssl/crypto.h ---- openssl-1.1.1b/include/openssl/crypto.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/crypto.h 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/include/openssl/crypto.h.fips openssl-1.1.1d/include/openssl/crypto.h +--- openssl-1.1.1d/include/openssl/crypto.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/crypto.h 2019-09-13 15:13:11.065524888 +0200 @@ -331,6 +331,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10973,10 +10772,10 @@ diff -up openssl-1.1.1b/include/openssl/crypto.h.fips openssl-1.1.1b/include/ope void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/openssl/dherr.h ---- openssl-1.1.1b/include/openssl/dherr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dherr.h 2019-02-28 11:30:06.820745410 +0100 -@@ -32,6 +32,9 @@ int ERR_load_DH_strings(void); +diff -up openssl-1.1.1d/include/openssl/dherr.h.fips openssl-1.1.1d/include/openssl/dherr.h +--- openssl-1.1.1d/include/openssl/dherr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dherr.h 2019-09-13 15:13:11.065524888 +0200 +@@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 # define DH_F_DH_CMS_SET_SHARED_INFO 116 @@ -10986,7 +10785,7 @@ diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/open # define DH_F_DH_METH_DUP 117 # define DH_F_DH_METH_NEW 118 # define DH_F_DH_METH_SET1_NAME 119 -@@ -69,12 +72,14 @@ int ERR_load_DH_strings(void); +@@ -73,12 +76,14 @@ int ERR_load_DH_strings(void); # define DH_R_INVALID_PARAMETER_NID 114 # define DH_R_INVALID_PUBKEY 102 # define DH_R_KDF_PARAMETER_ERROR 112 @@ -11001,9 +10800,9 @@ diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/open # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1b/include/openssl/dh.h.fips openssl-1.1.1b/include/openssl/dh.h ---- openssl-1.1.1b/include/openssl/dh.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dh.h 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/include/openssl/dh.h.fips openssl-1.1.1d/include/openssl/dh.h +--- openssl-1.1.1d/include/openssl/dh.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dh.h 2019-09-13 15:13:11.065524888 +0200 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -11012,10 +10811,10 @@ diff -up openssl-1.1.1b/include/openssl/dh.h.fips openssl-1.1.1b/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.1.1b/include/openssl/dsaerr.h.fips openssl-1.1.1b/include/openssl/dsaerr.h ---- openssl-1.1.1b/include/openssl/dsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dsaerr.h 2019-02-28 11:30:06.821745391 +0100 -@@ -25,8 +25,11 @@ int ERR_load_DSA_strings(void); +diff -up openssl-1.1.1d/include/openssl/dsaerr.h.fips openssl-1.1.1d/include/openssl/dsaerr.h +--- openssl-1.1.1d/include/openssl/dsaerr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dsaerr.h 2019-09-13 15:16:32.263008157 +0200 +@@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 # define DSA_F_DSAPARAMS_PRINT_FP 101 @@ -11027,22 +10826,23 @@ diff -up openssl-1.1.1b/include/openssl/dsaerr.h.fips openssl-1.1.1b/include/ope # define DSA_F_DSA_DO_SIGN 112 # define DSA_F_DSA_DO_VERIFY 113 # define DSA_F_DSA_METH_DUP 127 -@@ -56,9 +59,12 @@ int ERR_load_DSA_strings(void); +@@ -60,10 +63,13 @@ int ERR_load_DSA_strings(void); # define DSA_R_DECODE_ERROR 104 # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_KEY_SIZE_INVALID 201 +# define DSA_R_KEY_SIZE_TOO_SMALL 202 # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MISSING_PRIVATE_KEY 111 # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_NON_FIPS_DSA_METHOD 200 # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1b/include/openssl/dsa.h.fips openssl-1.1.1b/include/openssl/dsa.h ---- openssl-1.1.1b/include/openssl/dsa.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dsa.h 2019-02-28 11:30:06.821745391 +0100 +diff -up openssl-1.1.1d/include/openssl/dsa.h.fips openssl-1.1.1d/include/openssl/dsa.h +--- openssl-1.1.1d/include/openssl/dsa.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dsa.h 2019-09-13 15:13:11.065524888 +0200 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -11051,26 +10851,29 @@ diff -up openssl-1.1.1b/include/openssl/dsa.h.fips openssl-1.1.1b/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/openssl/evperr.h ---- openssl-1.1.1b/include/openssl/evperr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/evperr.h 2019-05-06 16:40:21.324571446 +0200 -@@ -20,11 +20,15 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1d/include/openssl/evperr.h.fips openssl-1.1.1d/include/openssl/evperr.h +--- openssl-1.1.1d/include/openssl/evperr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-13 15:18:17.552167810 +0200 +@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 +-# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AESNI_XTS_INIT_KEY 233 # define EVP_F_AES_GCM_CTRL 196 # define EVP_F_AES_INIT_KEY 133 # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 +-# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_T4_XTS_INIT_KEY 234 # define EVP_F_AES_WRAP_CIPHER 170 +-# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_AES_XTS_CIPHER 229 +# define EVP_F_AES_XTS_INIT_KEY 235 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 -@@ -133,6 +134,7 @@ int ERR_load_EVP_strings(void); +@@ -142,6 +143,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -11078,7 +10881,7 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/ope # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -175,6 +177,7 @@ int ERR_load_EVP_strings(void); +@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -11086,18 +10889,19 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/ope # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -@@ -190,5 +193,7 @@ int ERR_load_EVP_strings(void); +@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +-# define EVP_R_XTS_DUPLICATED_KEYS 183 +# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif -diff -up openssl-1.1.1b/include/openssl/evp.h.fips openssl-1.1.1b/include/openssl/evp.h ---- openssl-1.1.1b/include/openssl/evp.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/evp.h 2019-05-06 14:54:13.213136281 +0200 -@@ -1319,6 +1319,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP +diff -up openssl-1.1.1d/include/openssl/evp.h.fips openssl-1.1.1d/include/openssl/evp.h +--- openssl-1.1.1d/include/openssl/evp.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/evp.h 2019-09-13 15:13:11.066524871 +0200 +@@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 @@ -11107,9 +10911,9 @@ diff -up openssl-1.1.1b/include/openssl/evp.h.fips openssl-1.1.1b/include/openss const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -diff -up openssl-1.1.1b/include/openssl/fips.h.fips openssl-1.1.1b/include/openssl/fips.h ---- openssl-1.1.1b/include/openssl/fips.h.fips 2019-05-06 16:08:46.800598073 +0200 -+++ openssl-1.1.1b/include/openssl/fips.h 2019-05-06 16:43:12.874549821 +0200 +diff -up openssl-1.1.1d/include/openssl/fips.h.fips openssl-1.1.1d/include/openssl/fips.h +--- openssl-1.1.1d/include/openssl/fips.h.fips 2019-09-13 15:13:11.066524871 +0200 ++++ openssl-1.1.1d/include/openssl/fips.h 2019-09-13 15:13:11.066524871 +0200 @@ -0,0 +1,187 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11298,9 +11102,9 @@ diff -up openssl-1.1.1b/include/openssl/fips.h.fips openssl-1.1.1b/include/opens +} +# endif +#endif -diff -up openssl-1.1.1b/include/openssl/fips_rand.h.fips openssl-1.1.1b/include/openssl/fips_rand.h ---- openssl-1.1.1b/include/openssl/fips_rand.h.fips 2019-02-28 11:30:06.821745391 +0100 -+++ openssl-1.1.1b/include/openssl/fips_rand.h 2019-02-28 11:30:06.821745391 +0100 +diff -up openssl-1.1.1d/include/openssl/fips_rand.h.fips openssl-1.1.1d/include/openssl/fips_rand.h +--- openssl-1.1.1d/include/openssl/fips_rand.h.fips 2019-09-13 15:13:11.066524871 +0200 ++++ openssl-1.1.1d/include/openssl/fips_rand.h 2019-09-13 15:13:11.066524871 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11447,9 +11251,9 @@ diff -up openssl-1.1.1b/include/openssl/fips_rand.h.fips openssl-1.1.1b/include/ +# endif +# endif +#endif -diff -up openssl-1.1.1b/include/openssl/opensslconf.h.in.fips openssl-1.1.1b/include/openssl/opensslconf.h.in ---- openssl-1.1.1b/include/openssl/opensslconf.h.in.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/opensslconf.h.in 2019-02-28 11:30:06.822745372 +0100 +diff -up openssl-1.1.1d/include/openssl/opensslconf.h.in.fips openssl-1.1.1d/include/openssl/opensslconf.h.in +--- openssl-1.1.1d/include/openssl/opensslconf.h.in.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/opensslconf.h.in 2019-09-13 15:13:11.067524853 +0200 @@ -150,6 +150,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11462,10 +11266,10 @@ diff -up openssl-1.1.1b/include/openssl/opensslconf.h.in.fips openssl-1.1.1b/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.1b/include/openssl/randerr.h.fips openssl-1.1.1b/include/openssl/randerr.h ---- openssl-1.1.1b/include/openssl/randerr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/randerr.h 2019-02-28 11:30:06.822745372 +0100 -@@ -35,6 +35,7 @@ int ERR_load_RAND_strings(void); +diff -up openssl-1.1.1d/include/openssl/randerr.h.fips openssl-1.1.1d/include/openssl/randerr.h +--- openssl-1.1.1d/include/openssl/randerr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/randerr.h 2019-09-13 15:13:11.067524853 +0200 +@@ -37,6 +37,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 # define RAND_F_RAND_DRBG_UNINSTANTIATE 118 @@ -11473,9 +11277,9 @@ diff -up openssl-1.1.1b/include/openssl/randerr.h.fips openssl-1.1.1b/include/op # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1b/include/openssl/rand.h.fips openssl-1.1.1b/include/openssl/rand.h ---- openssl-1.1.1b/include/openssl/rand.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/rand.h 2019-02-28 11:30:06.822745372 +0100 +diff -up openssl-1.1.1d/include/openssl/rand.h.fips openssl-1.1.1d/include/openssl/rand.h +--- openssl-1.1.1d/include/openssl/rand.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/rand.h 2019-09-13 15:13:11.067524853 +0200 @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11488,10 +11292,10 @@ diff -up openssl-1.1.1b/include/openssl/rand.h.fips openssl-1.1.1b/include/opens #ifdef __cplusplus } -diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/openssl/rsaerr.h ---- openssl-1.1.1b/include/openssl/rsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/rsaerr.h 2019-02-28 11:30:06.822745372 +0100 -@@ -21,6 +21,7 @@ int ERR_load_RSA_strings(void); +diff -up openssl-1.1.1d/include/openssl/rsaerr.h.fips openssl-1.1.1d/include/openssl/rsaerr.h +--- openssl-1.1.1d/include/openssl/rsaerr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/rsaerr.h 2019-09-13 15:13:11.067524853 +0200 +@@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 # define RSA_F_ENCODE_PKCS1 146 @@ -11499,7 +11303,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_OLD_RSA_PRIV_DECODE 147 # define RSA_F_PKEY_PSS_INIT 165 -@@ -35,6 +36,8 @@ int ERR_load_RSA_strings(void); +@@ -39,6 +40,8 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_CHECK_KEY_EX 160 # define RSA_F_RSA_CMS_DECRYPT 159 # define RSA_F_RSA_CMS_VERIFY 158 @@ -11508,7 +11312,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_F_RSA_ITEM_VERIFY 148 # define RSA_F_RSA_METH_DUP 161 # define RSA_F_RSA_METH_NEW 162 -@@ -72,10 +75,16 @@ int ERR_load_RSA_strings(void); +@@ -76,10 +79,16 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_PRINT_FP 116 # define RSA_F_RSA_PRIV_DECODE 150 # define RSA_F_RSA_PRIV_ENCODE 138 @@ -11525,7 +11329,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_F_RSA_SIGN 117 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 # define RSA_F_RSA_VERIFY 119 -@@ -132,10 +141,12 @@ int ERR_load_RSA_strings(void); +@@ -137,10 +146,12 @@ int ERR_load_RSA_strings(void); # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 # define RSA_R_MP_R_NOT_PRIME 170 # define RSA_R_NO_PUBLIC_EXPONENT 140 @@ -11538,7 +11342,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -@@ -155,6 +166,7 @@ int ERR_load_RSA_strings(void); +@@ -160,6 +171,7 @@ int ERR_load_RSA_strings(void); # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 @@ -11546,9 +11350,9 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c ---- openssl-1.1.1b/ssl/ssl_ciph.c.fips 2019-02-28 11:30:06.776746228 +0100 -+++ openssl-1.1.1b/ssl/ssl_ciph.c 2019-02-28 11:30:06.822745372 +0100 +diff -up openssl-1.1.1d/ssl/ssl_ciph.c.fips openssl-1.1.1d/ssl/ssl_ciph.c +--- openssl-1.1.1d/ssl/ssl_ciph.c.fips 2019-09-13 15:13:11.019525692 +0200 ++++ openssl-1.1.1d/ssl/ssl_ciph.c 2019-09-13 15:13:11.068524836 +0200 @@ -387,7 +387,7 @@ int ssl_load_ciphers(void) } } @@ -11577,7 +11381,7 @@ diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || -@@ -1670,7 +1675,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1671,7 +1676,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ for (curr = head; curr != NULL; curr = curr->next) { @@ -11587,9 +11391,9 @@ diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1b/ssl/ssl_init.c.fips openssl-1.1.1b/ssl/ssl_init.c ---- openssl-1.1.1b/ssl/ssl_init.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/ssl/ssl_init.c 2019-02-28 11:30:06.823745354 +0100 +diff -up openssl-1.1.1d/ssl/ssl_init.c.fips openssl-1.1.1d/ssl/ssl_init.c +--- openssl-1.1.1d/ssl/ssl_init.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/ssl/ssl_init.c 2019-09-13 15:13:11.068524836 +0200 @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11633,10 +11437,10 @@ diff -up openssl-1.1.1b/ssl/ssl_init.c.fips openssl-1.1.1b/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c ---- openssl-1.1.1b/ssl/ssl_lib.c.fips 2019-02-28 11:30:06.776746228 +0100 -+++ openssl-1.1.1b/ssl/ssl_lib.c 2019-02-28 11:30:06.823745354 +0100 -@@ -2908,6 +2908,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1d/ssl/ssl_lib.c.fips openssl-1.1.1d/ssl/ssl_lib.c +--- openssl-1.1.1d/ssl/ssl_lib.c.fips 2019-09-13 15:13:11.019525692 +0200 ++++ openssl-1.1.1d/ssl/ssl_lib.c 2019-09-13 15:13:11.069524818 +0200 +@@ -2916,6 +2916,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11648,7 +11452,7 @@ diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; -@@ -2964,13 +2969,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -2972,13 +2977,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -11673,10 +11477,10 @@ diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h ---- openssl-1.1.1c/ssl/ssl_locl.h.fips 2019-06-03 16:44:58.963560101 +0200 -+++ openssl-1.1.1c/ssl/ssl_locl.h 2019-06-24 14:43:19.547353076 +0200 -@@ -1507,6 +1507,7 @@ typedef struct tls_group_info_st { +diff -up openssl-1.1.1d/ssl/ssl_locl.h.fips openssl-1.1.1d/ssl/ssl_locl.h +--- openssl-1.1.1d/ssl/ssl_locl.h.fips 2019-09-13 15:13:10.901527755 +0200 ++++ openssl-1.1.1d/ssl/ssl_locl.h 2019-09-13 15:13:11.069524818 +0200 +@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st { # define TLS_CURVE_PRIME 0x0 # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 @@ -11684,10 +11488,10 @@ diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h typedef struct cert_pkey_st CERT_PKEY; -diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c ---- openssl-1.1.1c/ssl/t1_lib.c.fips 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/ssl/t1_lib.c 2019-06-24 14:49:00.638576235 +0200 -@@ -156,11 +156,11 @@ static const TLS_GROUP_INFO nid_list[] = +diff -up openssl-1.1.1d/ssl/t1_lib.c.fips openssl-1.1.1d/ssl/t1_lib.c +--- openssl-1.1.1d/ssl/t1_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/ssl/t1_lib.c 2019-09-13 15:13:11.069524818 +0200 +@@ -158,11 +158,11 @@ static const TLS_GROUP_INFO nid_list[] = {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */ @@ -11703,7 +11507,7 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ -@@ -255,6 +255,8 @@ int tls_curve_allowed(SSL *s, uint16_t c +@@ -257,6 +257,8 @@ int tls_curve_allowed(SSL *s, uint16_t c if (cinfo->flags & TLS_CURVE_CHAR2) return 0; # endif @@ -11712,9 +11516,9 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c ctmp[0] = curve >> 8; ctmp[1] = curve & 0xff; return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c ---- openssl-1.1.1b/test/dsatest.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/dsatest.c 2019-02-28 11:30:06.824745335 +0100 +diff -up openssl-1.1.1d/test/dsatest.c.fips openssl-1.1.1d/test/dsatest.c +--- openssl-1.1.1d/test/dsatest.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/dsatest.c 2019-09-13 15:13:11.070524801 +0200 @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11797,10 +11601,10 @@ diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c goto end; if (!TEST_int_eq(h, 2)) goto end; -diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt ---- openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-05-06 16:08:46.857597085 +0200 -+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt 2019-05-06 16:35:37.917563292 +0200 -@@ -1184,6 +1184,7 @@ Key = 0000000000000000000000000000000000 +diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt +--- openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt 2019-09-13 15:13:11.070524801 +0200 +@@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e @@ -11808,13 +11612,13 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1 Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 -diff -up openssl-1.1.1c/util/libcrypto.num.fips openssl-1.1.1c/util/libcrypto.num ---- openssl-1.1.1c/util/libcrypto.num.fips 2019-05-29 15:46:19.154260824 +0200 -+++ openssl-1.1.1c/util/libcrypto.num 2019-05-29 15:50:10.390191805 +0200 -@@ -4580,3 +4580,38 @@ EVP_PKEY_meth_get_digest_custom - OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO - OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO +diff -up openssl-1.1.1d/util/libcrypto.num.fips openssl-1.1.1d/util/libcrypto.num +--- openssl-1.1.1d/util/libcrypto.num.fips 2019-09-13 15:13:11.071524783 +0200 ++++ openssl-1.1.1d/util/libcrypto.num 2019-09-13 15:15:39.895923481 +0200 +@@ -4582,3 +4582,38 @@ OPENSSL_INIT_set_config_file_flags EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE + X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION: + X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION: +FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: +FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: +FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1-no-brainpool.patch b/openssl-1.1.1-no-brainpool.patch index 2ab6fc9..90c87a8 100644 --- a/openssl-1.1.1-no-brainpool.patch +++ b/openssl-1.1.1-no-brainpool.patch @@ -1,17 +1,16 @@ -diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in ---- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in 2019-05-07 11:52:35.885597934 +0200 -@@ -141,22 +141,23 @@ our @tests = ( +diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in +--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200 +@@ -147,22 +147,22 @@ our @tests = ( { name => "ECDSA with brainpool", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", -+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), +# "Groups" => "brainpoolP256r1", -+ "CipherString" => "aNULL", }, client => { #We don't restrict this to TLSv1.2, although use of brainpool @@ -32,17 +31,16 @@ diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool opens "ExpectedResult" => "Success" }, }, -@@ -787,18 +788,19 @@ my @tests_tls_1_3 = ( +@@ -853,18 +853,18 @@ my @tests_tls_1_3 = ( { name => "TLS 1.3 ECDSA with brainpool", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", -+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), -+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), ++ "Certificate" => test_pem("server-ecdsa-cert.pem"), ++ "PrivateKey" => test_pem("server-ecdsa-key.pem"), +# "Groups" => "brainpoolP256r1", -+ "CipherString" => "aNULL", }, client => { "RequestCAFile" => test_pem("root-cert.pem"), @@ -57,20 +55,19 @@ diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool opens }, }, ); -diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf ---- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf 2019-05-07 12:15:12.762907496 +0200 -@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server +diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf +--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200 +@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server client = 5-ECDSA with brainpool-client [5-ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem --CipherString = DEFAULT ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = aNULL -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem [5-ECDSA with brainpool-client] CipherString = aECDSA @@ -87,28 +84,27 @@ diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl- # =========================================================== -@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool - client = 47-TLS 1.3 ECDSA with brainpool-client +@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool + client = 52-TLS 1.3 ECDSA with brainpool-client - [47-TLS 1.3 ECDSA with brainpool-server] + [52-TLS 1.3 ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem --CipherString = DEFAULT ++Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem + CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem -+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -+CipherString = aNULL -+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem - [47-TLS 1.3 ECDSA with brainpool-client] + [52-TLS 1.3 ECDSA with brainpool-client] CipherString = DEFAULT -Groups = brainpoolP256r1 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro +@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro VerifyMode = Peer - [test-47] + [test-52] -ExpectedResult = ServerFail +ExpectedResult = Success diff --git a/openssl-1.1.1-no-html.patch b/openssl-1.1.1-no-html.patch new file mode 100644 index 0000000..6688d1c --- /dev/null +++ b/openssl-1.1.1-no-html.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.1d/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1d/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1d/Configurations/unix-Makefile.tmpl.no-html 2019-09-13 15:00:32.976774673 +0200 ++++ openssl-1.1.1d/Configurations/unix-Makefile.tmpl 2019-09-13 15:02:22.283864321 +0200 +@@ -544,7 +544,7 @@ install_sw: install_dev install_engines + + uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev + +-install_docs: install_man_docs install_html_docs ++install_docs: install_man_docs + + uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r $(DESTDIR)$(DOCDIR) diff --git a/openssl-1.1.1-upstream-sync.patch b/openssl-1.1.1-upstream-sync.patch index 7e03b8d..86448a0 100644 --- a/openssl-1.1.1-upstream-sync.patch +++ b/openssl-1.1.1-upstream-sync.patch @@ -1,534 +1,153 @@ -diff -up openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync openssl-1.1.1c/crypto/dsa/dsa_ameth.c ---- openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/crypto/dsa/dsa_ameth.c 2019-05-29 17:10:39.768187283 +0200 -@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha256; -- return 2; -+ return 1; - - default: - return -2; -diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c ---- openssl-1.1.1c/crypto/err/err.c.sync 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/crypto/err/err.c 2019-05-29 17:07:13.345793792 +0200 -@@ -184,8 +184,8 @@ static ERR_STRING_DATA *int_err_get_item - } - - #ifndef OPENSSL_NO_ERR --/* A measurement on Linux 2018-11-21 showed about 3.5kib */ --# define SPACE_SYS_STR_REASONS 4 * 1024 -+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */ -+# define SPACE_SYS_STR_REASONS 8 * 1024 - # define NUM_SYS_STR_REASONS 127 - - static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; -@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void) - ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - - str->error = ERR_PACK(ERR_LIB_SYS, 0, i); -- if (str->string == NULL) { -+ /* -+ * If we have used up all the space in strerror_pool, -+ * there's no point in calling openssl_strerror_r() -+ */ -+ if (str->string == NULL && cnt < sizeof(strerror_pool)) { - if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) { - size_t l = strlen(cur); - - str->string = cur; - cnt += l; -- if (cnt > sizeof(strerror_pool)) -- cnt = sizeof(strerror_pool); - cur += l; - - /* - * VMS has an unusual quirk of adding spaces at the end of -- * some (most? all?) messages. Lets trim them off. -+ * some (most? all?) messages. Lets trim them off. - */ -- while (ossl_isspace(cur[-1])) { -+ while (cur > strerror_pool && ossl_isspace(cur[-1])) { - cur--; - cnt--; - } -diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c ---- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200 -+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200 -@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr - struct { - void * instance; - int count; -- } data = { NULL, 0 }; -+ } data; - -+ memset(&data, 0, sizeof(data)); - pool = rand_pool_new(0, min_len, max_len); - if (pool == NULL) - return 0; -From 6c2f347c78a530407b5310497080810094427920 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 17 Apr 2019 11:09:05 +0100 -Subject: [PATCH 1/2] Defer sending a KeyUpdate until after pending writes are - complete - -If we receive a KeyUpdate message (update requested) from the peer while -we are in the middle of a write, we should defer sending the responding -KeyUpdate message until after the current write is complete. We do this -by waiting to send the KeyUpdate until the next time we write and there is -no pending write data. +commit 515c728dbaa92211d2eafb0041ab9fcd258fdc41 +Author: Bernd Edlinger +Date: Mon Sep 9 19:12:25 2019 +0200 -This does imply a subtle change in behaviour. Firstly the responding -KeyUpdate message won't be sent straight away as it is now. Secondly if -the peer sends multiple KeyUpdates without us doing any writing then we -will only send one response, as opposed to previously where we sent a -response for each KeyUpdate received. + Fix potential memory leaks with BN_to_ASN1_INTEGER + + Reviewed-by: Paul Dale + Reviewed-by: Matt Caswell + (Merged from https://github.com/openssl/openssl/pull/9833) + + (cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09) -Fixes #8677 - -Reviewed-by: Ben Kaduk -(Merged from https://github.com/openssl/openssl/pull/8773) - -(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99) ---- - ssl/record/rec_layer_s3.c | 7 +++++++ - ssl/statem/statem_clnt.c | 6 ------ - ssl/statem/statem_lib.c | 7 ++----- - ssl/statem/statem_srvr.c | 6 ------ - 4 files changed, 9 insertions(+), 17 deletions(-) - -diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c -index b2f97ef905..b65137c332 100644 ---- a/ssl/record/rec_layer_s3.c -+++ b/ssl/record/rec_layer_s3.c -@@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, - - s->rlayer.wnum = 0; - -+ /* -+ * If we are supposed to be sending a KeyUpdate then go into init unless we -+ * have writes pending - in which case we should finish doing that first. -+ */ -+ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE) -+ ossl_statem_set_in_init(s, 1); -+ - /* - * When writing early data on the server side we could be "in_init" in - * between receiving the EoED and the CF - but we don't want to handle those -diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c -index 87800cd835..6410414fb6 100644 ---- a/ssl/statem/statem_clnt.c -+++ b/ssl/statem/statem_clnt.c -@@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) - return WRITE_TRAN_CONTINUE; - - case TLS_ST_CR_KEY_UPDATE: -- if (s->key_update != SSL_KEY_UPDATE_NONE) { -- st->hand_state = TLS_ST_CW_KEY_UPDATE; -- return WRITE_TRAN_CONTINUE; -- } -- /* Fall through */ -- - case TLS_ST_CW_KEY_UPDATE: - case TLS_ST_CR_SESSION_TICKET: - case TLS_ST_CW_FINISHED: -diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c -index c0482b0a90..2960dafa52 100644 ---- a/ssl/statem/statem_lib.c -+++ b/ssl/statem/statem_lib.c -@@ -645,12 +645,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) - /* - * If we get a request for us to update our sending keys too then, we need - * to additionally send a KeyUpdate message. However that message should -- * not also request an update (otherwise we get into an infinite loop). We -- * ignore a request for us to update our sending keys too if we already -- * sent close_notify. -+ * not also request an update (otherwise we get into an infinite loop). - */ -- if (updatetype == SSL_KEY_UPDATE_REQUESTED -- && (s->shutdown & SSL_SENT_SHUTDOWN) == 0) -+ if (updatetype == SSL_KEY_UPDATE_REQUESTED) - s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED; - - if (!tls13_update_key(s, 0)) { -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index d454326a99..04a23320fc 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -502,12 +502,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) - return WRITE_TRAN_CONTINUE; - - case TLS_ST_SR_KEY_UPDATE: -- if (s->key_update != SSL_KEY_UPDATE_NONE) { -- st->hand_state = TLS_ST_SW_KEY_UPDATE; -- return WRITE_TRAN_CONTINUE; -- } -- /* Fall through */ -- - case TLS_ST_SW_KEY_UPDATE: - st->hand_state = TLS_ST_OK; - return WRITE_TRAN_CONTINUE; --- -2.20.1 - -From c8feb1039ccc4cd11e6db084df1446bf863bee1e Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 17 Apr 2019 10:30:53 +0100 -Subject: [PATCH 2/2] Write a test for receiving a KeyUpdate (update requested) - while writing - -Reviewed-by: Ben Kaduk -(Merged from https://github.com/openssl/openssl/pull/8773) - -(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f) ---- - test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++ - test/ssltestlib.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++ - test/ssltestlib.h | 3 ++ - 3 files changed, 191 insertions(+) - -diff --git a/test/sslapitest.c b/test/sslapitest.c -index 2261fe4a7a..577342644d 100644 ---- a/test/sslapitest.c -+++ b/test/sslapitest.c -@@ -4290,6 +4290,11 @@ static int test_key_update(void) - || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)), - strlen(mess))) - goto end; -+ -+ if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess)) -+ || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)), -+ strlen(mess))) -+ goto end; +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 1ce1181fc1..7cbf8de981 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + unsigned char *buffer = NULL; + const EC_POINT *point = NULL; + point_conversion_form_t form; ++ ASN1_INTEGER *orig; + + if (params == NULL) { + if ((ret = ECPARAMETERS_new()) == NULL) { +@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); + goto err; } - - testresult = 1; -@@ -4302,6 +4307,91 @@ static int test_key_update(void) - - return testresult; - } -+ -+/* -+ * Test we can handle a KeyUpdate (update requested) message while write data -+ * is pending. -+ * Test 0: Client sends KeyUpdate while Server is writing -+ * Test 1: Server sends KeyUpdate while Client is writing -+ */ -+static int test_key_update_in_write(int tst) -+{ -+ SSL_CTX *cctx = NULL, *sctx = NULL; -+ SSL *clientssl = NULL, *serverssl = NULL; -+ int testresult = 0; -+ char buf[20]; -+ static char *mess = "A test message"; -+ BIO *bretry = BIO_new(bio_s_always_retry()); -+ BIO *tmp = NULL; -+ SSL *peerupdate = NULL, *peerwrite = NULL; -+ -+ if (!TEST_ptr(bretry) -+ || !TEST_true(create_ssl_ctx_pair(TLS_server_method(), -+ TLS_client_method(), -+ TLS1_3_VERSION, -+ 0, -+ &sctx, &cctx, cert, privkey)) -+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, -+ NULL, NULL)) -+ || !TEST_true(create_ssl_connection(serverssl, clientssl, -+ SSL_ERROR_NONE))) -+ goto end; -+ -+ peerupdate = tst == 0 ? clientssl : serverssl; -+ peerwrite = tst == 0 ? serverssl : clientssl; -+ -+ if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED)) -+ || !TEST_true(SSL_do_handshake(peerupdate))) -+ goto end; -+ -+ /* Swap the writing endpoint's write BIO to force a retry */ -+ tmp = SSL_get_wbio(peerwrite); -+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) { -+ tmp = NULL; -+ goto end; -+ } -+ SSL_set0_wbio(peerwrite, bretry); -+ bretry = NULL; -+ -+ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */ -+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1) -+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE)) -+ goto end; -+ -+ /* Reinstate the original writing endpoint's write BIO */ -+ SSL_set0_wbio(peerwrite, tmp); -+ tmp = NULL; -+ -+ /* Now read some data - we will read the key update */ -+ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1) -+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ)) -+ goto end; -+ -+ /* -+ * Complete the write we started previously and read it from the other -+ * endpoint -+ */ -+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) -+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) -+ goto end; -+ -+ /* Write more data to ensure we send the KeyUpdate message back */ -+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess)) -+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess))) -+ goto end; -+ -+ testresult = 1; -+ -+ end: -+ SSL_free(serverssl); -+ SSL_free(clientssl); -+ SSL_CTX_free(sctx); -+ SSL_CTX_free(cctx); -+ BIO_free(bretry); -+ BIO_free(tmp); -+ -+ return testresult; -+} - #endif /* OPENSSL_NO_TLS1_3 */ - - static int test_ssl_clear(int idx) -@@ -5982,6 +6072,7 @@ int setup_tests(void) - #ifndef OPENSSL_NO_TLS1_3 - ADD_ALL_TESTS(test_export_key_mat_early, 3); - ADD_TEST(test_key_update); -+ ADD_ALL_TESTS(test_key_update_in_write, 2); - #endif - ADD_ALL_TESTS(test_ssl_clear, 2); - ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); -@@ -6002,4 +6093,5 @@ int setup_tests(void) - void cleanup_tests(void) +- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); ++ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); + if (ret->order == NULL) { ++ ret->order = orig; + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + /* set the cofactor (optional) */ + tmp = EC_GROUP_get0_cofactor(group); + if (tmp != NULL) { +- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); ++ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); + if (ret->cofactor == NULL) { ++ ret->cofactor = orig; + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c +index 089f2ae29f..ef2d64826f 100644 +--- a/crypto/x509v3/v3_asid.c ++++ b/crypto/x509v3/v3_asid.c +@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, + static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) { - bio_s_mempacket_test_free(); -+ bio_s_always_retry_free(); - } -diff --git a/test/ssltestlib.c b/test/ssltestlib.c -index 05139be750..e1038620ac 100644 ---- a/test/ssltestlib.c -+++ b/test/ssltestlib.c -@@ -62,9 +62,11 @@ static int tls_dump_puts(BIO *bp, const char *str); - /* Choose a sufficiently large type likely to be unused for this custom BIO */ - #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) - #define BIO_TYPE_MEMPACKET_TEST 0x81 -+#define BIO_TYPE_ALWAYS_RETRY 0x82 - - static BIO_METHOD *method_tls_dump = NULL; - static BIO_METHOD *meth_mem = NULL; -+static BIO_METHOD *meth_always_retry = NULL; - - /* Note: Not thread safe! */ - const BIO_METHOD *bio_f_tls_dump_filter(void) -@@ -612,6 +614,100 @@ static int mempacket_test_puts(BIO *bio, const char *str) - return mempacket_test_write(bio, str, strlen(str)); - } - -+static int always_retry_new(BIO *bi); -+static int always_retry_free(BIO *a); -+static int always_retry_read(BIO *b, char *out, int outl); -+static int always_retry_write(BIO *b, const char *in, int inl); -+static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr); -+static int always_retry_gets(BIO *bp, char *buf, int size); -+static int always_retry_puts(BIO *bp, const char *str); -+ -+const BIO_METHOD *bio_s_always_retry(void) -+{ -+ if (meth_always_retry == NULL) { -+ if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY, -+ "Always Retry")) -+ || !TEST_true(BIO_meth_set_write(meth_always_retry, -+ always_retry_write)) -+ || !TEST_true(BIO_meth_set_read(meth_always_retry, -+ always_retry_read)) -+ || !TEST_true(BIO_meth_set_puts(meth_always_retry, -+ always_retry_puts)) -+ || !TEST_true(BIO_meth_set_gets(meth_always_retry, -+ always_retry_gets)) -+ || !TEST_true(BIO_meth_set_ctrl(meth_always_retry, -+ always_retry_ctrl)) -+ || !TEST_true(BIO_meth_set_create(meth_always_retry, -+ always_retry_new)) -+ || !TEST_true(BIO_meth_set_destroy(meth_always_retry, -+ always_retry_free))) -+ return NULL; -+ } -+ return meth_always_retry; -+} -+ -+void bio_s_always_retry_free(void) -+{ -+ BIO_meth_free(meth_always_retry); -+} -+ -+static int always_retry_new(BIO *bio) -+{ -+ BIO_set_init(bio, 1); -+ return 1; -+} -+ -+static int always_retry_free(BIO *bio) -+{ -+ BIO_set_data(bio, NULL); -+ BIO_set_init(bio, 0); -+ return 1; -+} -+ -+static int always_retry_read(BIO *bio, char *out, int outl) -+{ -+ BIO_set_retry_read(bio); -+ return -1; -+} -+ -+static int always_retry_write(BIO *bio, const char *in, int inl) -+{ -+ BIO_set_retry_write(bio); -+ return -1; -+} -+ -+static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) -+{ -+ long ret = 1; -+ -+ switch (cmd) { -+ case BIO_CTRL_FLUSH: -+ BIO_set_retry_write(bio); -+ /* fall through */ -+ case BIO_CTRL_EOF: -+ case BIO_CTRL_RESET: -+ case BIO_CTRL_DUP: -+ case BIO_CTRL_PUSH: -+ case BIO_CTRL_POP: -+ default: -+ ret = 0; -+ break; -+ } -+ return ret; -+} -+ -+static int always_retry_gets(BIO *bio, char *buf, int size) -+{ -+ BIO_set_retry_read(bio); -+ return -1; -+} -+ -+static int always_retry_puts(BIO *bio, const char *str) -+{ -+ BIO_set_retry_write(bio); -+ return -1; -+} -+ - int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, - int min_proto_version, int max_proto_version, - SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, -diff --git a/test/ssltestlib.h b/test/ssltestlib.h -index fa19e7d80d..56e323f5bc 100644 ---- a/test/ssltestlib.h -+++ b/test/ssltestlib.h -@@ -30,6 +30,9 @@ void bio_f_tls_dump_filter_free(void); - const BIO_METHOD *bio_s_mempacket_test(void); - void bio_s_mempacket_test_free(void); - -+const BIO_METHOD *bio_s_always_retry(void); -+void bio_s_always_retry_free(void); -+ - /* Packet types - value 0 is reserved */ - #define INJECT_PACKET 1 - #define INJECT_PACKET_IGNORE_REC_SEQ 2 --- -2.20.1 + ASN1_INTEGER *a_max_plus_one = NULL; ++ ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + +@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = +- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ !BN_add_word(bn, 1)) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ if ((a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { ++ a_max_plus_one = orig; + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; +@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) + static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + { + ASN1_INTEGER *a_max_plus_one = NULL; ++ ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + +@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = +- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ !BN_add_word(bn, 1)) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ if ((a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { ++ a_max_plus_one = orig; + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; +commit 86ed78676c660b553696cc10c682962522dfeb6c +Author: Tomas Mraz +Date: Thu Sep 12 12:27:36 2019 +0200 -diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h ---- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200 -@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan - return constant_time_eq_8((unsigned)(a), (unsigned)(b)); - } - -+/* Returns the value unmodified, but avoids optimizations. */ -+static ossl_inline unsigned int value_barrier(unsigned int a) -+{ -+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) -+ unsigned int r; -+ __asm__("" : "=r"(r) : "0"(a)); -+#else -+ volatile unsigned int r = a; -+#endif -+ return r; -+} -+ -+/* Convenience method for uint32_t. */ -+static ossl_inline uint32_t value_barrier_32(uint32_t a) -+{ -+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) -+ uint32_t r; -+ __asm__("" : "=r"(r) : "0"(a)); -+#else -+ volatile uint32_t r = a; -+#endif -+ return r; -+} -+ -+/* Convenience method for uint64_t. */ -+static ossl_inline uint64_t value_barrier_64(uint64_t a) -+{ -+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) -+ uint64_t r; -+ __asm__("" : "=r"(r) : "0"(a)); -+#else -+ volatile uint64_t r = a; -+#endif -+ return r; -+} + BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. + + There can be data to write in output buffer and data to read that were + not yet read in the input stream. + + Fixes #9866 + + Reviewed-by: Richard Levitte + (Merged from https://github.com/openssl/openssl/pull/9877) + + (cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95) + +diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c +index d688deee5f..7c1be358fd 100644 +--- a/crypto/comp/c_zlib.c ++++ b/crypto/comp/c_zlib.c +@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + BIO_copy_next_retry(b); + break; + ++ case BIO_CTRL_WPENDING: ++ if (ctx->obuf == NULL) ++ return 0; ++ ++ if (ctx->odone) { ++ ret = ctx->ocount; ++ } else { ++ ret = ctx->ocount; ++ if (ret == 0) ++ /* Unknown amount pending but we are not finished */ ++ ret = 1; ++ } ++ if (ret == 0) ++ ret = BIO_ctrl(next, cmd, num, ptr); ++ break; + -+/* Convenience method for size_t. */ -+static ossl_inline size_t value_barrier_s(size_t a) -+{ -+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) -+ size_t r; -+ __asm__("" : "=r"(r) : "0"(a)); -+#else -+ volatile size_t r = a; -+#endif -+ return r; -+} ++ case BIO_CTRL_PENDING: ++ ret = ctx->zin.avail_in; ++ if (ret == 0) ++ ret = BIO_ctrl(next, cmd, num, ptr); ++ break; + - static ossl_inline unsigned int constant_time_select(unsigned int mask, - unsigned int a, - unsigned int b) - { -- return (mask & a) | (~mask & b); -+ return (value_barrier(mask) & a) | (value_barrier(~mask) & b); - } - - static ossl_inline size_t constant_time_select_s(size_t mask, - size_t a, - size_t b) - { -- return (mask & a) | (~mask & b); -+ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b); - } - - static ossl_inline unsigned char constant_time_select_8(unsigned char mask, -@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel - static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a, - uint32_t b) - { -- return (mask & a) | (~mask & b); -+ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b); - } - - static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a, - uint64_t b) - { -- return (mask & a) | (~mask & b); -+ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b); - } - - /* + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch index 7970b84..cbecb90 100644 --- a/openssl-1.1.1-version-override.patch +++ b/openssl-1.1.1-version-override.patch @@ -1,12 +1,12 @@ -diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h ---- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200 -+++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200 +diff -up openssl-1.1.1d/include/openssl/opensslv.h.version-override openssl-1.1.1d/include/openssl/opensslv.h +--- openssl-1.1.1d/include/openssl/opensslv.h.version-override 2019-09-13 15:26:32.606500244 +0200 ++++ openssl-1.1.1d/include/openssl/opensslv.h 2019-09-13 15:27:03.805950866 +0200 @@ -40,7 +40,7 @@ extern "C" { * major minor fix final patch/beta) */ - # define OPENSSL_VERSION_NUMBER 0x1010103fL --# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019" -+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019" + # define OPENSSL_VERSION_NUMBER 0x1010104fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d 10 Sep 2019" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d FIPS 10 Sep 2019" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/openssl.spec b/openssl.spec index 0670bd8..2f6fdfc 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,8 +21,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.1c -Release: 6%{?dist} +Version: 1.1.1d +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -40,7 +40,7 @@ Source13: ectest.c # Build changes Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-defaults.patch -Patch3: openssl-1.1.0-no-html.patch +Patch3: openssl-1.1.1-no-html.patch Patch4: openssl-1.1.1-man-rename.patch # Bug fixes Patch21: openssl-1.1.0-issuer-hash.patch @@ -454,6 +454,9 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog +* Fri Sep 13 2019 Tomáš Mráz 1.1.1d-1 +- update to the 1.1.1d release + * Fri Sep 6 2019 Tomáš Mráz 1.1.1c-6 - upstream fix for status request extension non-compliance (#1737471) diff --git a/sources b/sources index 1c013a4..787f150 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.1c-hobbled.tar.xz) = e6476209366d284bd02dca7e59a7ba2562aa7c58c91f0063b1e2b0f1a7f96fcff000e26d9c6f59b944e047b3305d237ed442f702ddd2e8c6c7a4d5b12e23c8db +SHA512 (openssl-1.1.1d-hobbled.tar.xz) = c350e4669b82dcbc7fcc997726e376392e2ee0c92c37a952eb02369f05780a8d1b0c265f6264ce0e7619e44200d2d057e3fdcb0fe22c168dfb28e9381841fc00