diff --git a/.gitignore b/.gitignore index 16dc15d..8ff039e 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.2i-hobbled.tar.xz /openssl-1.0.2j-hobbled.tar.xz /openssl-1.1.0b-hobbled.tar.xz +/openssl-1.1.0c-hobbled.tar.xz diff --git a/openssl-1.1.0-afalg-endian.patch b/openssl-1.1.0-afalg-endian.patch deleted file mode 100644 index 633c0c3..0000000 --- a/openssl-1.1.0-afalg-endian.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9161bcb63b58114eda5f3223d96953f93ea072aa Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 12 Oct 2016 14:32:05 +0200 -Subject: [PATCH] Engine afalg: properly set operation type also on big endian. - -Copy the whole ALG_OP_TYPE to CMSG_DATA. ---- - engines/afalg/e_afalg.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c -index 2c13ba8..658de42 100644 ---- a/engines/afalg/e_afalg.c -+++ b/engines/afalg/e_afalg.c -@@ -322,12 +322,12 @@ int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, - } - - static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg, -- const unsigned int op) -+ const ALG_OP_TYPE op) - { - cmsg->cmsg_level = SOL_ALG; - cmsg->cmsg_type = ALG_SET_OP; - cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN); -- *CMSG_DATA(cmsg) = (char)op; -+ memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN); - } - - static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv, --- -2.5.5 - diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch index ff6cfef..dc976f2 100644 --- a/openssl-1.1.0-build.patch +++ b/openssl-1.1.0-build.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.build openssl-1.1.0b/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0b/Configurations/unix-Makefile.tmpl.build 2016-09-26 11:46:04.000000000 +0200 -+++ openssl-1.1.0b/Configurations/unix-Makefile.tmpl 2016-09-26 15:16:26.935660147 +0200 -@@ -640,7 +640,7 @@ install_man_docs: +diff -up openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build openssl-1.1.0c/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build 2016-11-10 15:03:43.000000000 +0100 ++++ openssl-1.1.0c/Configurations/unix-Makefile.tmpl 2016-11-11 13:26:36.094400833 +0100 +@@ -630,7 +630,7 @@ install_man_docs: @\ OUTSUFFIX='.$${SEC}$(MANSUFFIX)'; \ OUTTOP="$(DESTDIR)$(MANDIR)"; \ @@ -10,18 +10,18 @@ diff -up openssl-1.1.0b/Configurations/unix-Makefile.tmpl.build openssl-1.1.0b/C $(PROCESS_PODS) uninstall_man_docs: -diff -up openssl-1.1.0b/Configurations/10-main.conf.build openssl-1.1.0b/Configurations/10-main.conf ---- openssl-1.1.0b/Configurations/10-main.conf.build 2016-09-26 11:46:04.000000000 +0200 -+++ openssl-1.1.0b/Configurations/10-main.conf 2016-09-26 15:16:26.935660147 +0200 -@@ -655,6 +655,7 @@ sub vms_info { +diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configurations/10-main.conf +--- openssl-1.1.0c/Configurations/10-main.conf.build 2016-11-10 15:03:43.000000000 +0100 ++++ openssl-1.1.0c/Configurations/10-main.conf 2016-11-11 13:29:26.502289226 +0100 +@@ -656,6 +656,7 @@ sub vms_info { cflags => add("-m64 -DL_ENDIAN"), perlasm_scheme => "linux64le", - shared_ldflag => "-m64", + shared_ldflag => add("-m64"), + multilib => "64", }, "linux-armv4" => { -@@ -681,6 +682,7 @@ sub vms_info { +@@ -696,6 +697,7 @@ sub vms_info { "linux-aarch64" => { inherit_from => [ "linux-generic64", asm("aarch64_asm") ], perlasm_scheme => "linux64", @@ -29,9 +29,9 @@ diff -up openssl-1.1.0b/Configurations/10-main.conf.build openssl-1.1.0b/Configu }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], -diff -up openssl-1.1.0b/crypto/ec/ec_lib.c.build openssl-1.1.0b/crypto/ec/ec_lib.c ---- openssl-1.1.0b/crypto/ec/ec_lib.c.build 2016-09-26 15:16:26.936660171 +0200 -+++ openssl-1.1.0b/crypto/ec/ec_lib.c 2016-09-26 15:18:38.351742195 +0200 +diff -up openssl-1.1.0c/crypto/ec/ec_lib.c.build openssl-1.1.0c/crypto/ec/ec_lib.c +--- openssl-1.1.0c/crypto/ec/ec_lib.c.build 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/ec/ec_lib.c 2016-11-11 13:26:36.097400901 +0100 @@ -74,9 +74,6 @@ void EC_pre_comp_free(EC_GROUP *group) break; #endif @@ -52,9 +52,9 @@ diff -up openssl-1.1.0b/crypto/ec/ec_lib.c.build openssl-1.1.0b/crypto/ec/ec_lib case PCT_nistp256: dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256); break; -diff -up openssl-1.1.0b/test/ecdhtest_cavs.h.build openssl-1.1.0b/test/ecdhtest_cavs.h ---- openssl-1.1.0b/test/ecdhtest_cavs.h.build 2016-09-26 15:16:26.918659749 +0200 -+++ openssl-1.1.0b/test/ecdhtest_cavs.h 2016-09-26 15:16:26.936660171 +0200 +diff -up openssl-1.1.0c/test/ecdhtest_cavs.h.build openssl-1.1.0c/test/ecdhtest_cavs.h +--- openssl-1.1.0c/test/ecdhtest_cavs.h.build 2016-11-11 13:26:36.079400491 +0100 ++++ openssl-1.1.0c/test/ecdhtest_cavs.h 2016-11-11 13:26:36.097400901 +0100 @@ -29,6 +29,7 @@ typedef struct { static const ecdh_cavs_kat_t ecdh_cavs_kats[] = { @@ -71,9 +71,9 @@ diff -up openssl-1.1.0b/test/ecdhtest_cavs.h.build openssl-1.1.0b/test/ecdhtest_ { NID_X9_62_prime256v1, "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287", "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac", -diff -up openssl-1.1.0b/test/ecdhtest.c.build openssl-1.1.0b/test/ecdhtest.c ---- openssl-1.1.0b/test/ecdhtest.c.build 2016-09-26 11:46:08.000000000 +0200 -+++ openssl-1.1.0b/test/ecdhtest.c 2016-09-26 15:16:26.936660171 +0200 +diff -up openssl-1.1.0c/test/ecdhtest.c.build openssl-1.1.0c/test/ecdhtest.c +--- openssl-1.1.0c/test/ecdhtest.c.build 2016-11-10 15:03:47.000000000 +0100 ++++ openssl-1.1.0c/test/ecdhtest.c 2016-11-11 13:26:36.097400901 +0100 @@ -252,6 +252,7 @@ typedef struct { static const ecdh_kat_t ecdh_kats[] = { @@ -106,9 +106,9 @@ diff -up openssl-1.1.0b/test/ecdhtest.c.build openssl-1.1.0b/test/ecdhtest.c }; /* Given private value and NID, create EC_KEY structure */ -diff -up openssl-1.1.0b/test/ecdsatest.c.build openssl-1.1.0b/test/ecdsatest.c ---- openssl-1.1.0b/test/ecdsatest.c.build 2016-09-26 11:46:08.000000000 +0200 -+++ openssl-1.1.0b/test/ecdsatest.c 2016-09-26 15:16:26.936660171 +0200 +diff -up openssl-1.1.0c/test/ecdsatest.c.build openssl-1.1.0c/test/ecdsatest.c +--- openssl-1.1.0c/test/ecdsatest.c.build 2016-11-10 15:03:47.000000000 +0100 ++++ openssl-1.1.0c/test/ecdsatest.c 2016-11-11 13:26:36.097400901 +0100 @@ -216,6 +216,7 @@ int x9_62_tests(BIO *out) if (!change_rand()) goto x962_err; diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index 8fa2880..81c6d7b 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0/apps/speed.c.fips openssl-1.1.0/apps/speed.c ---- openssl-1.1.0/apps/speed.c.fips 2016-09-08 11:37:38.728459783 +0200 -+++ openssl-1.1.0/apps/speed.c 2016-09-08 11:37:38.733459895 +0200 -@@ -1443,7 +1443,9 @@ int speed_main(int argc, char **argv) +diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c +--- openssl-1.1.0c/apps/speed.c.fips 2016-11-11 13:31:51.317603352 +0100 ++++ openssl-1.1.0c/apps/speed.c 2016-11-11 13:31:51.326603557 +0100 +@@ -1440,7 +1440,9 @@ int speed_main(int argc, char **argv) } # endif if (strcmp(*argv, "rsa") == 0) { @@ -12,7 +12,7 @@ diff -up openssl-1.1.0/apps/speed.c.fips openssl-1.1.0/apps/speed.c rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = rsa_doit[R_RSA_15360] = 1; -@@ -1456,7 +1458,9 @@ int speed_main(int argc, char **argv) +@@ -1453,7 +1455,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -23,7 +23,7 @@ diff -up openssl-1.1.0/apps/speed.c.fips openssl-1.1.0/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1545,15 +1549,21 @@ int speed_main(int argc, char **argv) +@@ -1542,15 +1546,21 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -48,7 +48,7 @@ diff -up openssl-1.1.0/apps/speed.c.fips openssl-1.1.0/apps/speed.c #endif #ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) -@@ -1602,30 +1612,46 @@ int speed_main(int argc, char **argv) +@@ -1599,30 +1609,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -105,7 +105,7 @@ diff -up openssl-1.1.0/apps/speed.c.fips openssl-1.1.0/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -1886,6 +1912,7 @@ int speed_main(int argc, char **argv) +@@ -1883,6 +1909,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -113,10 +113,10 @@ diff -up openssl-1.1.0/apps/speed.c.fips openssl-1.1.0/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.0/Configure.fips openssl-1.1.0/Configure ---- openssl-1.1.0/Configure.fips 2016-08-25 17:29:19.000000000 +0200 -+++ openssl-1.1.0/Configure 2016-09-08 11:37:38.734459917 +0200 -@@ -252,7 +252,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.0c/Configure.fips openssl-1.1.0c/Configure +--- openssl-1.1.0c/Configure.fips 2016-11-11 13:31:51.323603489 +0100 ++++ openssl-1.1.0c/Configure 2016-11-11 13:31:51.327603581 +0100 +@@ -311,7 +311,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", @@ -125,10 +125,10 @@ diff -up openssl-1.1.0/Configure.fips openssl-1.1.0/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; -diff -up openssl-1.1.0/crypto/bn/bn_rand.c.fips openssl-1.1.0/crypto/bn/bn_rand.c ---- openssl-1.1.0/crypto/bn/bn_rand.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/bn/bn_rand.c 2016-09-08 11:37:38.734459917 +0200 -@@ -40,9 +40,11 @@ static int bnrand(int pseudorand, BIGNUM +diff -up openssl-1.1.0c/crypto/bn/bn_rand.c.fips openssl-1.1.0c/crypto/bn/bn_rand.c +--- openssl-1.1.0c/crypto/bn/bn_rand.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/bn/bn_rand.c 2016-11-11 13:31:51.327603581 +0100 +@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM goto err; } @@ -143,9 +143,9 @@ diff -up openssl-1.1.0/crypto/bn/bn_rand.c.fips openssl-1.1.0/crypto/bn/bn_rand. if (RAND_bytes(buf, bytes) <= 0) goto err; -diff -up openssl-1.1.0/crypto/dh/dh_err.c.fips openssl-1.1.0/crypto/dh/dh_err.c ---- openssl-1.1.0/crypto/dh/dh_err.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dh/dh_err.c 2016-09-08 11:37:38.734459917 +0200 +diff -up openssl-1.1.0c/crypto/dh/dh_err.c.fips openssl-1.1.0c/crypto/dh/dh_err.c +--- openssl-1.1.0c/crypto/dh/dh_err.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dh/dh_err.c 2016-11-11 13:31:51.327603581 +0100 @@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, @@ -168,9 +168,9 @@ diff -up openssl-1.1.0/crypto/dh/dh_err.c.fips openssl-1.1.0/crypto/dh/dh_err.c {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, -diff -up openssl-1.1.0/crypto/dh/dh_gen.c.fips openssl-1.1.0/crypto/dh/dh_gen.c ---- openssl-1.1.0/crypto/dh/dh_gen.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dh/dh_gen.c 2016-09-08 11:37:38.734459917 +0200 +diff -up openssl-1.1.0c/crypto/dh/dh_gen.c.fips openssl-1.1.0c/crypto/dh/dh_gen.c +--- openssl-1.1.0c/crypto/dh/dh_gen.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dh/dh_gen.c 2016-11-11 13:31:51.327603581 +0100 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -214,9 +214,9 @@ diff -up openssl-1.1.0/crypto/dh/dh_gen.c.fips openssl-1.1.0/crypto/dh/dh_gen.c ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0/crypto/dh/dh_key.c.fips openssl-1.1.0/crypto/dh/dh_key.c ---- openssl-1.1.0/crypto/dh/dh_key.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dh/dh_key.c 2016-09-08 11:37:38.734459917 +0200 +diff -up openssl-1.1.0c/crypto/dh/dh_key.c.fips openssl-1.1.0c/crypto/dh/dh_key.c +--- openssl-1.1.0c/crypto/dh/dh_key.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dh/dh_key.c 2016-11-11 13:31:51.327603581 +0100 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -300,9 +300,9 @@ diff -up openssl-1.1.0/crypto/dh/dh_key.c.fips openssl-1.1.0/crypto/dh/dh_key.c dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0/crypto/dsa/dsa_err.c.fips openssl-1.1.0/crypto/dsa/dsa_err.c ---- openssl-1.1.0/crypto/dsa/dsa_err.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dsa/dsa_err.c 2016-09-08 11:37:38.734459917 +0200 +diff -up openssl-1.1.0c/crypto/dsa/dsa_err.c.fips openssl-1.1.0c/crypto/dsa/dsa_err.c +--- openssl-1.1.0c/crypto/dsa/dsa_err.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dsa/dsa_err.c 2016-11-11 13:31:51.327603581 +0100 @@ -21,10 +21,13 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -331,9 +331,9 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_err.c.fips openssl-1.1.0/crypto/dsa/dsa_er {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, {0, NULL} -diff -up openssl-1.1.0b/crypto/dsa/dsa_gen.c.fips openssl-1.1.0b/crypto/dsa/dsa_gen.c ---- openssl-1.1.0b/crypto/dsa/dsa_gen.c.fips 2016-09-26 11:46:05.000000000 +0200 -+++ openssl-1.1.0b/crypto/dsa/dsa_gen.c 2016-11-04 11:47:40.258493737 +0100 +diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_gen.c +--- openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dsa/dsa_gen.c 2016-11-11 13:31:51.327603581 +0100 @@ -22,12 +22,22 @@ #include #include @@ -495,9 +495,9 @@ diff -up openssl-1.1.0b/crypto/dsa/dsa_gen.c.fips openssl-1.1.0b/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_key.c ---- openssl-1.1.0/crypto/dsa/dsa_key.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dsa/dsa_key.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/dsa/dsa_key.c.fips openssl-1.1.0c/crypto/dsa/dsa_key.c +--- openssl-1.1.0c/crypto/dsa/dsa_key.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dsa/dsa_key.c 2016-11-11 13:31:51.328603603 +0100 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -577,9 +577,9 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_ke ok = 1; err: -diff -up openssl-1.1.0/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0/crypto/dsa/dsa_ossl.c ---- openssl-1.1.0/crypto/dsa/dsa_ossl.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dsa/dsa_ossl.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0c/crypto/dsa/dsa_ossl.c +--- openssl-1.1.0c/crypto/dsa/dsa_ossl.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dsa/dsa_ossl.c 2016-11-11 13:31:51.328603603 +0100 @@ -15,6 +15,9 @@ #include #include "dsa_locl.h" @@ -639,9 +639,9 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0/crypto/dsa/dsa_o dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.0/crypto/dsa/dsa_pmeth.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/dsa/dsa_pmeth.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0c/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.0c/crypto/dsa/dsa_pmeth.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/dsa/dsa_pmeth.c 2016-11-11 13:31:51.328603603 +0100 @@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -653,9 +653,9 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0/crypto/dsa/dsa_ BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.0/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0/crypto/ec/ecdh_ossl.c ---- openssl-1.1.0/crypto/ec/ecdh_ossl.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/ec/ecdh_ossl.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0c/crypto/ec/ecdh_ossl.c +--- openssl-1.1.0c/crypto/ec/ecdh_ossl.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/ec/ecdh_ossl.c 2016-11-11 13:31:51.328603603 +0100 @@ -33,9 +33,20 @@ #include #include "ec_lcl.h" @@ -677,9 +677,9 @@ diff -up openssl-1.1.0/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0/crypto/ec/ecdh_o if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.0/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.0/crypto/ec/ecdsa_ossl.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/ec/ecdsa_ossl.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0c/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.0c/crypto/ec/ecdsa_ossl.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/ec/ecdsa_ossl.c 2016-11-11 13:31:51.328603603 +0100 @@ -15,6 +15,10 @@ #include #include "ec_lcl.h" @@ -719,9 +719,9 @@ diff -up openssl-1.1.0/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0/crypto/ec/ecdsa /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.0/crypto/ec/ec_key.c.fips openssl-1.1.0/crypto/ec/ec_key.c ---- openssl-1.1.0/crypto/ec/ec_key.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/ec/ec_key.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/ec/ec_key.c.fips openssl-1.1.0c/crypto/ec/ec_key.c +--- openssl-1.1.0c/crypto/ec/ec_key.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/ec/ec_key.c 2016-11-11 13:31:51.328603603 +0100 @@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } @@ -786,9 +786,9 @@ diff -up openssl-1.1.0/crypto/ec/ec_key.c.fips openssl-1.1.0/crypto/ec/ec_key.c ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.0/crypto/ec/ecp_smpl.c.fips openssl-1.1.0/crypto/ec/ecp_smpl.c ---- openssl-1.1.0/crypto/ec/ecp_smpl.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/ec/ecp_smpl.c 2016-09-08 11:37:38.735459940 +0200 +diff -up openssl-1.1.0c/crypto/ec/ecp_smpl.c.fips openssl-1.1.0c/crypto/ec/ecp_smpl.c +--- openssl-1.1.0c/crypto/ec/ecp_smpl.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/ec/ecp_smpl.c 2016-11-11 13:31:51.329603626 +0100 @@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO return 0; } @@ -801,9 +801,9 @@ diff -up openssl-1.1.0/crypto/ec/ecp_smpl.c.fips openssl-1.1.0/crypto/ec/ecp_smp if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) -diff -up openssl-1.1.0/crypto/err/err_all.c.fips openssl-1.1.0/crypto/err/err_all.c ---- openssl-1.1.0/crypto/err/err_all.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/err/err_all.c 2016-09-08 11:37:38.736459962 +0200 +diff -up openssl-1.1.0c/crypto/err/err_all.c.fips openssl-1.1.0c/crypto/err/err_all.c +--- openssl-1.1.0c/crypto/err/err_all.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/err/err_all.c 2016-11-11 13:31:51.329603626 +0100 @@ -43,9 +43,6 @@ int err_load_crypto_strings_int(void) { @@ -814,9 +814,9 @@ diff -up openssl-1.1.0/crypto/err/err_all.c.fips openssl-1.1.0/crypto/err/err_al #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || -diff -up openssl-1.1.0/crypto/evp/c_allc.c.fips openssl-1.1.0/crypto/evp/c_allc.c ---- openssl-1.1.0/crypto/evp/c_allc.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/c_allc.c 2016-09-08 11:37:38.736459962 +0200 +diff -up openssl-1.1.0c/crypto/evp/c_allc.c.fips openssl-1.1.0c/crypto/evp/c_allc.c +--- openssl-1.1.0c/crypto/evp/c_allc.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/c_allc.c 2016-11-11 13:31:51.329603626 +0100 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -898,9 +898,9 @@ diff -up openssl-1.1.0/crypto/evp/c_allc.c.fips openssl-1.1.0/crypto/evp/c_allc. + } +#endif } -diff -up openssl-1.1.0/crypto/evp/c_alld.c.fips openssl-1.1.0/crypto/evp/c_alld.c ---- openssl-1.1.0/crypto/evp/c_alld.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/c_alld.c 2016-09-08 11:37:38.736459962 +0200 +diff -up openssl-1.1.0c/crypto/evp/c_alld.c.fips openssl-1.1.0c/crypto/evp/c_alld.c +--- openssl-1.1.0c/crypto/evp/c_alld.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/c_alld.c 2016-11-11 13:31:51.329603626 +0100 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -927,9 +927,9 @@ diff -up openssl-1.1.0/crypto/evp/c_alld.c.fips openssl-1.1.0/crypto/evp/c_alld. + } +#endif } -diff -up openssl-1.1.0/crypto/evp/digest.c.fips openssl-1.1.0/crypto/evp/digest.c ---- openssl-1.1.0/crypto/evp/digest.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/digest.c 2016-09-08 11:37:38.736459962 +0200 +diff -up openssl-1.1.0c/crypto/evp/digest.c.fips openssl-1.1.0c/crypto/evp/digest.c +--- openssl-1.1.0c/crypto/evp/digest.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/digest.c 2016-11-11 13:31:51.329603626 +0100 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -989,9 +989,9 @@ diff -up openssl-1.1.0/crypto/evp/digest.c.fips openssl-1.1.0/crypto/evp/digest. OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.0/crypto/evp/e_aes.c.fips openssl-1.1.0/crypto/evp/e_aes.c ---- openssl-1.1.0/crypto/evp/e_aes.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/e_aes.c 2016-09-08 11:37:38.736459962 +0200 +diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.c +--- openssl-1.1.0c/crypto/evp/e_aes.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/e_aes.c 2016-11-11 13:31:51.329603626 +0100 @@ -16,6 +16,7 @@ #include #include "internal/evp_int.h" @@ -1095,9 +1095,9 @@ diff -up openssl-1.1.0/crypto/evp/e_aes.c.fips openssl-1.1.0/crypto/evp/e_aes.c | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.0/crypto/evp/e_des3.c.fips openssl-1.1.0/crypto/evp/e_des3.c ---- openssl-1.1.0/crypto/evp/e_des3.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/e_des3.c 2016-09-08 11:37:38.736459962 +0200 +diff -up openssl-1.1.0c/crypto/evp/e_des3.c.fips openssl-1.1.0c/crypto/evp/e_des3.c +--- openssl-1.1.0c/crypto/evp/e_des3.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/e_des3.c 2016-11-11 13:31:51.330603649 +0100 @@ -210,16 +210,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1124,9 +1124,9 @@ diff -up openssl-1.1.0/crypto/evp/e_des3.c.fips openssl-1.1.0/crypto/evp/e_des3. static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.0/crypto/evp/e_null.c.fips openssl-1.1.0/crypto/evp/e_null.c ---- openssl-1.1.0/crypto/evp/e_null.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/e_null.c 2016-09-08 11:37:38.737459985 +0200 +diff -up openssl-1.1.0c/crypto/evp/e_null.c.fips openssl-1.1.0c/crypto/evp/e_null.c +--- openssl-1.1.0c/crypto/evp/e_null.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/e_null.c 2016-11-11 13:31:51.330603649 +0100 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1137,9 +1137,9 @@ diff -up openssl-1.1.0/crypto/evp/e_null.c.fips openssl-1.1.0/crypto/evp/e_null. null_init_key, null_cipher, NULL, -diff -up openssl-1.1.0/crypto/evp/evp_enc.c.fips openssl-1.1.0/crypto/evp/evp_enc.c ---- openssl-1.1.0/crypto/evp/evp_enc.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/evp_enc.c 2016-09-21 13:19:09.284169997 +0200 +diff -up openssl-1.1.0c/crypto/evp/evp_enc.c.fips openssl-1.1.0c/crypto/evp/evp_enc.c +--- openssl-1.1.0c/crypto/evp/evp_enc.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/evp_enc.c 2016-11-11 13:31:51.330603649 +0100 @@ -16,10 +16,19 @@ #include #include "internal/evp_int.h" @@ -1215,9 +1215,9 @@ diff -up openssl-1.1.0/crypto/evp/evp_enc.c.fips openssl-1.1.0/crypto/evp/evp_en if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.0/crypto/evp/evp_err.c.fips openssl-1.1.0/crypto/evp/evp_err.c ---- openssl-1.1.0/crypto/evp/evp_err.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/evp_err.c 2016-09-08 11:37:38.737459985 +0200 +diff -up openssl-1.1.0c/crypto/evp/evp_err.c.fips openssl-1.1.0c/crypto/evp/evp_err.c +--- openssl-1.1.0c/crypto/evp/evp_err.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/evp_err.c 2016-11-11 13:31:51.330603649 +0100 @@ -22,6 +22,7 @@ static ERR_STRING_DATA EVP_str_functs[] {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"}, {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"}, @@ -1242,9 +1242,9 @@ diff -up openssl-1.1.0/crypto/evp/evp_err.c.fips openssl-1.1.0/crypto/evp/evp_er {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.0/crypto/evp/evp_lib.c.fips openssl-1.1.0/crypto/evp/evp_lib.c ---- openssl-1.1.0/crypto/evp/evp_lib.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/evp_lib.c 2016-09-08 11:37:38.737459985 +0200 +diff -up openssl-1.1.0c/crypto/evp/evp_lib.c.fips openssl-1.1.0c/crypto/evp/evp_lib.c +--- openssl-1.1.0c/crypto/evp/evp_lib.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/evp_lib.c 2016-11-11 13:31:51.330603649 +0100 @@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1255,9 +1255,9 @@ diff -up openssl-1.1.0/crypto/evp/evp_lib.c.fips openssl-1.1.0/crypto/evp/evp_li return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.0/crypto/evp/m_sha1.c.fips openssl-1.1.0/crypto/evp/m_sha1.c ---- openssl-1.1.0/crypto/evp/m_sha1.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/evp/m_sha1.c 2016-09-08 11:37:38.737459985 +0200 +diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha1.c +--- openssl-1.1.0c/crypto/evp/m_sha1.c.fips 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/evp/m_sha1.c 2016-11-11 13:31:51.330603649 +0100 @@ -89,7 +89,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1303,9 +1303,9 @@ diff -up openssl-1.1.0/crypto/evp/m_sha1.c.fips openssl-1.1.0/crypto/evp/m_sha1. init512, update512, final512, -diff -up openssl-1.1.0/crypto/fips/build.info.fips openssl-1.1.0/crypto/fips/build.info ---- openssl-1.1.0/crypto/fips/build.info.fips 2016-09-08 11:37:38.737459985 +0200 -+++ openssl-1.1.0/crypto/fips/build.info 2016-09-08 15:27:19.021089108 +0200 +diff -up openssl-1.1.0c/crypto/fips/build.info.fips openssl-1.1.0c/crypto/fips/build.info +--- openssl-1.1.0c/crypto/fips/build.info.fips 2016-11-11 13:31:51.331603672 +0100 ++++ openssl-1.1.0c/crypto/fips/build.info 2016-11-11 13:31:51.331603672 +0100 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1322,9 +1322,9 @@ diff -up openssl-1.1.0/crypto/fips/build.info.fips openssl-1.1.0/crypto/fips/bui +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.0/crypto/fips/fips_aes_selftest.c.fips 2016-09-08 11:37:38.738460007 +0200 -+++ openssl-1.1.0/crypto/fips/fips_aes_selftest.c 2016-09-08 11:37:38.738460007 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_aes_selftest.c.fips 2016-11-11 13:31:51.331603672 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_aes_selftest.c 2016-11-11 13:31:51.331603672 +0100 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1698,9 +1698,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0/crypto +} + +#endif -diff -up openssl-1.1.0/crypto/fips/fips.c.fips openssl-1.1.0/crypto/fips/fips.c ---- openssl-1.1.0/crypto/fips/fips.c.fips 2016-09-08 11:37:38.738460007 +0200 -+++ openssl-1.1.0/crypto/fips/fips.c 2016-09-08 11:37:38.738460007 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips.c.fips openssl-1.1.0c/crypto/fips/fips.c +--- openssl-1.1.0c/crypto/fips/fips.c.fips 2016-11-11 13:31:51.331603672 +0100 ++++ openssl-1.1.0c/crypto/fips/fips.c 2016-11-11 13:31:51.331603672 +0100 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2228,9 +2228,9 @@ diff -up openssl-1.1.0/crypto/fips/fips.c.fips openssl-1.1.0/crypto/fips/fips.c +} + +#endif -diff -up openssl-1.1.0/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.0/crypto/fips/fips_cmac_selftest.c.fips 2016-09-08 11:37:38.738460007 +0200 -+++ openssl-1.1.0/crypto/fips/fips_cmac_selftest.c 2016-09-08 11:37:38.738460007 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c.fips 2016-11-11 13:31:51.331603672 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c 2016-11-11 13:31:51.331603672 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2388,9 +2388,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0/crypt + return rv; +} +#endif -diff -up openssl-1.1.0/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0/crypto/fips/fips_des_selftest.c ---- openssl-1.1.0/crypto/fips/fips_des_selftest.c.fips 2016-09-08 11:37:38.738460007 +0200 -+++ openssl-1.1.0/crypto/fips/fips_des_selftest.c 2016-09-08 11:37:38.738460007 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_des_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_des_selftest.c.fips 2016-11-11 13:31:51.331603672 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_des_selftest.c 2016-11-11 13:31:51.331603672 +0100 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2525,9 +2525,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0/crypto + return ret; +} +#endif -diff -up openssl-1.1.0/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.0/crypto/fips/fips_dh_selftest.c.fips 2016-09-08 11:37:38.738460007 +0200 -+++ openssl-1.1.0/crypto/fips/fips_dh_selftest.c 2016-09-08 11:37:38.738460007 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_dh_selftest.c.fips 2016-11-11 13:31:51.332603695 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_dh_selftest.c 2016-11-11 13:31:51.331603672 +0100 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2709,9 +2709,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0/crypto/ + return ret; +} +#endif -diff -up openssl-1.1.0/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.0/crypto/fips/fips_drbg_ctr.c.fips 2016-09-08 11:37:38.738460007 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_ctr.c 2016-09-08 11:37:38.738460007 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c.fips 2016-11-11 13:31:51.332603695 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c 2016-11-11 13:31:51.332603695 +0100 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3128,9 +3128,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0/crypto/fip + + return 1; +} -diff -up openssl-1.1.0/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.0/crypto/fips/fips_drbg_hash.c.fips 2016-09-08 11:37:38.739460029 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_hash.c 2016-09-08 11:37:38.739460029 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.0c/crypto/fips/fips_drbg_hash.c.fips 2016-11-11 13:31:51.334603741 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_hash.c 2016-11-11 13:31:51.334603741 +0100 @@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3493,9 +3493,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0/crypto/fi + + return 1; +} -diff -up openssl-1.1.0/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.0/crypto/fips/fips_drbg_hmac.c.fips 2016-09-08 11:37:38.739460029 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_hmac.c 2016-09-08 11:37:38.739460029 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c.fips 2016-11-11 13:31:51.334603741 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c 2016-11-11 13:31:51.334603741 +0100 @@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3769,9 +3769,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0/crypto/fi + + return 1; +} -diff -up openssl-1.1.0/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.0/crypto/fips/fips_drbg_lib.c.fips 2016-09-08 11:37:38.739460029 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_lib.c 2016-09-08 11:37:38.739460029 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.0c/crypto/fips/fips_drbg_lib.c.fips 2016-11-11 13:31:51.334603741 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_lib.c 2016-11-11 13:31:51.334603741 +0100 @@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4328,9 +4328,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0/crypto/fip + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.1.0/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.0/crypto/fips/fips_drbg_rand.c.fips 2016-09-08 11:37:38.739460029 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_rand.c 2016-09-08 11:37:38.739460029 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.0c/crypto/fips/fips_drbg_rand.c.fips 2016-11-11 13:31:51.335603764 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-11-11 13:31:51.335603764 +0100 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4515,9 +4515,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0/crypto/fi +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.0/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.0/crypto/fips/fips_drbg_selftest.c.fips 2016-09-08 11:37:38.740460052 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_selftest.c 2016-09-08 11:37:38.740460052 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c.fips 2016-11-11 13:31:51.335603764 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c 2016-11-11 13:31:51.335603764 +0100 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5347,9 +5347,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0/crypt + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.0/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.0/crypto/fips/fips_drbg_selftest.h.fips 2016-09-08 11:37:38.740460052 +0200 -+++ openssl-1.1.0/crypto/fips/fips_drbg_selftest.h 2016-09-08 11:37:38.740460052 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h.fips 2016-11-11 13:31:51.372604610 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h 2016-11-11 13:31:51.372604610 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7142,9 +7142,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0/crypt + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.0/crypto/fips/fips_dsa_selftest.c.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_dsa_selftest.c 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c.fips 2016-11-11 13:31:51.372604610 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c 2016-11-11 13:31:51.372604610 +0100 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7341,9 +7341,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0/crypto + return ret; +} +#endif -diff -up openssl-1.1.0/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.0/crypto/fips/fips_ecdh_selftest.c.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_ecdh_selftest.c 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7587,9 +7587,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0/crypt +} + +#endif -diff -up openssl-1.1.0/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.0/crypto/fips/fips_ecdsa_selftest.c.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_ecdsa_selftest.c 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7757,9 +7757,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0/cryp +} + +#endif -diff -up openssl-1.1.0/crypto/fips/fips_enc.c.fips openssl-1.1.0/crypto/fips/fips_enc.c ---- openssl-1.1.0/crypto/fips/fips_enc.c.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_enc.c 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_enc.c.fips openssl-1.1.0c/crypto/fips/fips_enc.c +--- openssl-1.1.0c/crypto/fips/fips_enc.c.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_enc.c 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7950,9 +7950,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_enc.c.fips openssl-1.1.0/crypto/fips/fip + + } +} -diff -up openssl-1.1.0/crypto/fips/fips_err.h.fips openssl-1.1.0/crypto/fips/fips_err.h ---- openssl-1.1.0/crypto/fips/fips_err.h.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_err.h 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_err.h.fips openssl-1.1.0c/crypto/fips/fips_err.h +--- openssl-1.1.0c/crypto/fips/fips_err.h.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_err.h 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8150,9 +8150,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_err.h.fips openssl-1.1.0/crypto/fips/fip +#endif + return 1; +} -diff -up openssl-1.1.0/crypto/fips/fips_ers.c.fips openssl-1.1.0/crypto/fips/fips_ers.c ---- openssl-1.1.0/crypto/fips/fips_ers.c.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_ers.c 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_ers.c.fips openssl-1.1.0c/crypto/fips/fips_ers.c +--- openssl-1.1.0c/crypto/fips/fips_ers.c.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_ers.c 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,7 @@ +#include + @@ -8161,9 +8161,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_ers.c.fips openssl-1.1.0/crypto/fips/fip +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.0/crypto/fips/fips_hmac_selftest.c.fips 2016-09-08 11:37:38.741460074 +0200 -+++ openssl-1.1.0/crypto/fips/fips_hmac_selftest.c 2016-09-08 11:37:38.741460074 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8299,9 +8299,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0/crypt + return 1; +} +#endif -diff -up openssl-1.1.0/crypto/fips/fips_locl.h.fips openssl-1.1.0/crypto/fips/fips_locl.h ---- openssl-1.1.0/crypto/fips/fips_locl.h.fips 2016-09-08 11:37:38.742460096 +0200 -+++ openssl-1.1.0/crypto/fips/fips_locl.h 2016-09-08 11:37:38.742460096 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_locl.h.fips openssl-1.1.0c/crypto/fips/fips_locl.h +--- openssl-1.1.0c/crypto/fips/fips_locl.h.fips 2016-11-11 13:31:51.373604633 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_locl.h 2016-11-11 13:31:51.373604633 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8374,9 +8374,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_locl.h.fips openssl-1.1.0/crypto/fips/fi +} +# endif +#endif -diff -up openssl-1.1.0/crypto/fips/fips_md.c.fips openssl-1.1.0/crypto/fips/fips_md.c ---- openssl-1.1.0/crypto/fips/fips_md.c.fips 2016-09-08 11:37:38.742460096 +0200 -+++ openssl-1.1.0/crypto/fips/fips_md.c 2016-09-08 11:37:38.742460096 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_md.c.fips openssl-1.1.0c/crypto/fips/fips_md.c +--- openssl-1.1.0c/crypto/fips/fips_md.c.fips 2016-11-11 13:31:51.374604656 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_md.c 2016-11-11 13:31:51.374604656 +0100 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8522,9 +8522,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_md.c.fips openssl-1.1.0/crypto/fips/fips + return NULL; + } +} -diff -up openssl-1.1.0/crypto/fips/fips_post.c.fips openssl-1.1.0/crypto/fips/fips_post.c ---- openssl-1.1.0/crypto/fips/fips_post.c.fips 2016-09-08 11:37:38.742460096 +0200 -+++ openssl-1.1.0/crypto/fips/fips_post.c 2016-09-08 11:37:38.742460096 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_post.c.fips openssl-1.1.0c/crypto/fips/fips_post.c +--- openssl-1.1.0c/crypto/fips/fips_post.c.fips 2016-11-11 13:31:51.374604656 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_post.c 2016-11-11 13:31:51.374604656 +0100 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8748,9 +8748,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_post.c.fips openssl-1.1.0/crypto/fips/fi + return 1; +} +#endif -diff -up openssl-1.1.0/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.0/crypto/fips/fips_rand_lcl.h.fips 2016-09-08 11:37:38.742460096 +0200 -+++ openssl-1.1.0/crypto/fips/fips_rand_lcl.h 2016-09-08 11:37:38.742460096 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0c/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.0c/crypto/fips/fips_rand_lcl.h.fips 2016-11-11 13:31:51.374604656 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_rand_lcl.h 2016-11-11 13:31:51.374604656 +0100 @@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8961,9 +8961,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0/crypto/fip +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.0/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0/crypto/fips/fips_rand_lib.c ---- openssl-1.1.0/crypto/fips/fips_rand_lib.c.fips 2016-09-08 11:37:38.742460096 +0200 -+++ openssl-1.1.0/crypto/fips/fips_rand_lib.c 2016-09-08 11:37:38.742460096 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0c/crypto/fips/fips_rand_lib.c +--- openssl-1.1.0c/crypto/fips/fips_rand_lib.c.fips 2016-11-11 13:31:51.374604656 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_rand_lib.c 2016-11-11 13:31:51.374604656 +0100 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9199,9 +9199,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0/crypto/fip +# endif +} + -diff -up openssl-1.1.0/crypto/fips/fips_randtest.c.fips openssl-1.1.0/crypto/fips/fips_randtest.c ---- openssl-1.1.0/crypto/fips/fips_randtest.c.fips 2016-09-08 11:37:38.742460096 +0200 -+++ openssl-1.1.0/crypto/fips/fips_randtest.c 2016-09-08 11:37:38.742460096 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_randtest.c.fips openssl-1.1.0c/crypto/fips/fips_randtest.c +--- openssl-1.1.0c/crypto/fips/fips_randtest.c.fips 2016-11-11 13:31:51.374604656 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_randtest.c 2016-11-11 13:31:51.374604656 +0100 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -9450,9 +9450,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_randtest.c.fips openssl-1.1.0/crypto/fip +} + +#endif -diff -up openssl-1.1.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.0/crypto/fips/fips_rsa_selftest.c.fips 2016-09-08 11:37:38.743460119 +0200 -+++ openssl-1.1.0/crypto/fips/fips_rsa_selftest.c 2016-09-08 11:37:38.743460119 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c.fips 2016-11-11 13:31:51.375604679 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c 2016-11-11 13:31:51.375604679 +0100 @@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10032,9 +10032,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0/crypto +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.0/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.0/crypto/fips/fips_sha_selftest.c.fips 2016-09-08 11:37:38.743460119 +0200 -+++ openssl-1.1.0/crypto/fips/fips_sha_selftest.c 2016-09-08 11:37:38.743460119 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.0c/crypto/fips/fips_sha_selftest.c.fips 2016-11-11 13:31:51.375604679 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_sha_selftest.c 2016-11-11 13:31:51.375604679 +0100 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10174,9 +10174,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0/crypto +} + +#endif -diff -up openssl-1.1.0/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.0/crypto/fips/fips_standalone_hmac.c.fips 2016-09-08 11:37:38.743460119 +0200 -+++ openssl-1.1.0/crypto/fips/fips_standalone_hmac.c 2016-09-08 15:55:30.847857354 +0200 +diff -up openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c.fips 2016-11-11 13:31:51.375604679 +0100 ++++ openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c 2016-11-11 13:31:51.375604679 +0100 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10305,9 +10305,9 @@ diff -up openssl-1.1.0/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0/cry +#endif + return 0; +} -diff -up openssl-1.1.0/crypto/hmac/hmac.c.fips openssl-1.1.0/crypto/hmac/hmac.c ---- openssl-1.1.0/crypto/hmac/hmac.c.fips 2016-08-25 17:29:20.000000000 +0200 -+++ openssl-1.1.0/crypto/hmac/hmac.c 2016-09-08 11:37:38.743460119 +0200 +diff -up openssl-1.1.0c/crypto/hmac/hmac.c.fips openssl-1.1.0c/crypto/hmac/hmac.c +--- openssl-1.1.0c/crypto/hmac/hmac.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/hmac/hmac.c 2016-11-11 13:31:51.375604679 +0100 @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } @@ -10322,9 +10322,9 @@ diff -up openssl-1.1.0/crypto/hmac/hmac.c.fips openssl-1.1.0/crypto/hmac/hmac.c reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.1.0/crypto/include/internal/fips_int.h.fips openssl-1.1.0/crypto/include/internal/fips_int.h ---- openssl-1.1.0/crypto/include/internal/fips_int.h.fips 2016-09-08 11:37:38.743460119 +0200 -+++ openssl-1.1.0/crypto/include/internal/fips_int.h 2016-09-08 11:37:38.743460119 +0200 +diff -up openssl-1.1.0c/crypto/include/internal/fips_int.h.fips openssl-1.1.0c/crypto/include/internal/fips_int.h +--- openssl-1.1.0c/crypto/include/internal/fips_int.h.fips 2016-11-11 13:31:51.375604679 +0100 ++++ openssl-1.1.0c/crypto/include/internal/fips_int.h 2016-11-11 13:31:51.375604679 +0100 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10427,9 +10427,9 @@ diff -up openssl-1.1.0/crypto/include/internal/fips_int.h.fips openssl-1.1.0/cry +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.0/crypto/o_fips.c.fips openssl-1.1.0/crypto/o_fips.c ---- openssl-1.1.0/crypto/o_fips.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/o_fips.c 2016-09-08 11:37:38.743460119 +0200 +diff -up openssl-1.1.0c/crypto/o_fips.c.fips openssl-1.1.0c/crypto/o_fips.c +--- openssl-1.1.0c/crypto/o_fips.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/o_fips.c 2016-11-11 13:31:51.375604679 +0100 @@ -9,7 +9,10 @@ #include "internal/cryptlib.h" @@ -10458,9 +10458,9 @@ diff -up openssl-1.1.0/crypto/o_fips.c.fips openssl-1.1.0/crypto/o_fips.c #else if (r == 0) return 1; -diff -up openssl-1.1.0/crypto/o_init.c.fips openssl-1.1.0/crypto/o_init.c ---- openssl-1.1.0/crypto/o_init.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/o_init.c 2016-09-08 11:37:38.744460141 +0200 +diff -up openssl-1.1.0c/crypto/o_init.c.fips openssl-1.1.0c/crypto/o_init.c +--- openssl-1.1.0c/crypto/o_init.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/o_init.c 2016-11-11 13:31:51.375604679 +0100 @@ -7,11 +7,50 @@ * https://www.openssl.org/source/license.html */ @@ -10547,10 +10547,10 @@ diff -up openssl-1.1.0/crypto/o_init.c.fips openssl-1.1.0/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.1.0/crypto/rand/md_rand.c.fips openssl-1.1.0/crypto/rand/md_rand.c ---- openssl-1.1.0/crypto/rand/md_rand.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rand/md_rand.c 2016-09-08 11:37:38.744460141 +0200 -@@ -359,7 +359,7 @@ static int rand_bytes(unsigned char *buf +diff -up openssl-1.1.0c/crypto/rand/md_rand.c.fips openssl-1.1.0c/crypto/rand/md_rand.c +--- openssl-1.1.0c/crypto/rand/md_rand.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-11-11 13:31:51.376604702 +0100 +@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; @@ -10559,9 +10559,9 @@ diff -up openssl-1.1.0/crypto/rand/md_rand.c.fips openssl-1.1.0/crypto/rand/md_r RAND_poll(); initialized = 1; } -diff -up openssl-1.1.0/crypto/rand/rand_err.c.fips openssl-1.1.0/crypto/rand/rand_err.c ---- openssl-1.1.0/crypto/rand/rand_err.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rand/rand_err.c 2016-09-08 11:37:38.744460141 +0200 +diff -up openssl-1.1.0c/crypto/rand/rand_err.c.fips openssl-1.1.0c/crypto/rand/rand_err.c +--- openssl-1.1.0c/crypto/rand/rand_err.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rand/rand_err.c 2016-11-11 13:31:51.376604702 +0100 @@ -20,10 +20,13 @@ static ERR_STRING_DATA RAND_str_functs[] = { @@ -10576,9 +10576,9 @@ diff -up openssl-1.1.0/crypto/rand/rand_err.c.fips openssl-1.1.0/crypto/rand/ran {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; -diff -up openssl-1.1.0/crypto/rand/rand_lcl.h.fips openssl-1.1.0/crypto/rand/rand_lcl.h ---- openssl-1.1.0/crypto/rand/rand_lcl.h.fips 2016-09-08 11:37:38.600456920 +0200 -+++ openssl-1.1.0/crypto/rand/rand_lcl.h 2016-09-08 11:37:38.744460141 +0200 +diff -up openssl-1.1.0c/crypto/rand/rand_lcl.h.fips openssl-1.1.0c/crypto/rand/rand_lcl.h +--- openssl-1.1.0c/crypto/rand/rand_lcl.h.fips 2016-11-11 13:31:51.174600079 +0100 ++++ openssl-1.1.0c/crypto/rand/rand_lcl.h 2016-11-11 13:31:51.376604702 +0100 @@ -10,7 +10,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -10588,9 +10588,9 @@ diff -up openssl-1.1.0/crypto/rand/rand_lcl.h.fips openssl-1.1.0/crypto/rand/ran # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # define USE_SHA1_RAND -diff -up openssl-1.1.0/crypto/rand/rand_lib.c.fips openssl-1.1.0/crypto/rand/rand_lib.c ---- openssl-1.1.0/crypto/rand/rand_lib.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rand/rand_lib.c 2016-09-08 11:37:38.744460141 +0200 +diff -up openssl-1.1.0c/crypto/rand/rand_lib.c.fips openssl-1.1.0c/crypto/rand/rand_lib.c +--- openssl-1.1.0c/crypto/rand/rand_lib.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-11-11 13:31:51.376604702 +0100 @@ -18,6 +18,8 @@ #ifdef OPENSSL_FIPS # include @@ -10728,9 +10728,9 @@ diff -up openssl-1.1.0/crypto/rand/rand_lib.c.fips openssl-1.1.0/crypto/rand/ran +} + +#endif -diff -up openssl-1.1.0/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0/crypto/rsa/rsa_crpt.c ---- openssl-1.1.0/crypto/rsa/rsa_crpt.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rsa/rsa_crpt.c 2016-09-08 11:37:38.744460141 +0200 +diff -up openssl-1.1.0c/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0c/crypto/rsa/rsa_crpt.c +--- openssl-1.1.0c/crypto/rsa/rsa_crpt.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rsa/rsa_crpt.c 2016-11-11 13:31:51.376604702 +0100 @@ -28,24 +28,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10784,18 +10784,18 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0/crypto/rsa/rsa_c return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.1.0/crypto/rsa/rsa_err.c.fips openssl-1.1.0/crypto/rsa/rsa_err.c ---- openssl-1.1.0/crypto/rsa/rsa_err.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rsa/rsa_err.c 2016-09-08 11:37:38.744460141 +0200 -@@ -20,6 +20,7 @@ - +diff -up openssl-1.1.0c/crypto/rsa/rsa_err.c.fips openssl-1.1.0c/crypto/rsa/rsa_err.c +--- openssl-1.1.0c/crypto/rsa/rsa_err.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rsa/rsa_err.c 2016-11-11 13:33:14.071497190 +0100 +@@ -21,6 +21,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, + {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, + {ERR_FUNC(RSA_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"}, {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, -@@ -31,6 +32,7 @@ static ERR_STRING_DATA RSA_str_functs[] +@@ -32,6 +33,7 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, @@ -10803,7 +10803,7 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_err.c.fips openssl-1.1.0/crypto/rsa/rsa_er {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, -@@ -74,8 +76,14 @@ static ERR_STRING_DATA RSA_str_functs[] +@@ -75,8 +77,14 @@ static ERR_STRING_DATA RSA_str_functs[] {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, @@ -10818,7 +10818,7 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_err.c.fips openssl-1.1.0/crypto/rsa/rsa_er {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), -@@ -133,10 +141,13 @@ static ERR_STRING_DATA RSA_str_reasons[] +@@ -134,10 +142,13 @@ static ERR_STRING_DATA RSA_str_reasons[] {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, @@ -10832,9 +10832,9 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_err.c.fips openssl-1.1.0/crypto/rsa/rsa_er {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -diff -up openssl-1.1.0/crypto/rsa/rsa_gen.c.fips openssl-1.1.0/crypto/rsa/rsa_gen.c ---- openssl-1.1.0/crypto/rsa/rsa_gen.c.fips 2016-09-08 11:37:38.730459828 +0200 -+++ openssl-1.1.0/crypto/rsa/rsa_gen.c 2016-09-08 11:37:38.745460164 +0200 +diff -up openssl-1.1.0c/crypto/rsa/rsa_gen.c.fips openssl-1.1.0c/crypto/rsa/rsa_gen.c +--- openssl-1.1.0c/crypto/rsa/rsa_gen.c.fips 2016-11-11 13:31:51.320603420 +0100 ++++ openssl-1.1.0c/crypto/rsa/rsa_gen.c 2016-11-11 13:31:51.377604725 +0100 @@ -18,6 +18,75 @@ #include "internal/cryptlib.h" #include @@ -11213,9 +11213,9 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_gen.c.fips openssl-1.1.0/crypto/rsa/rsa_ge ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0/crypto/rsa/rsa_lib.c.fips openssl-1.1.0/crypto/rsa/rsa_lib.c ---- openssl-1.1.0/crypto/rsa/rsa_lib.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rsa/rsa_lib.c 2016-09-08 11:37:38.745460164 +0200 +diff -up openssl-1.1.0c/crypto/rsa/rsa_lib.c.fips openssl-1.1.0c/crypto/rsa/rsa_lib.c +--- openssl-1.1.0c/crypto/rsa/rsa_lib.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rsa/rsa_lib.c 2016-11-11 13:31:51.377604725 +0100 @@ -26,6 +26,12 @@ RSA *RSA_new(void) void RSA_set_default_method(const RSA_METHOD *meth) @@ -11271,9 +11271,9 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_lib.c.fips openssl-1.1.0/crypto/rsa/rsa_li if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.0/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0/crypto/rsa/rsa_ossl.c ---- openssl-1.1.0/crypto/rsa/rsa_ossl.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rsa/rsa_ossl.c 2016-09-08 11:37:38.745460164 +0200 +diff -up openssl-1.1.0c/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0c/crypto/rsa/rsa_ossl.c +--- openssl-1.1.0c/crypto/rsa/rsa_ossl.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/rsa/rsa_ossl.c 2016-11-11 13:31:51.377604725 +0100 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -11377,13 +11377,13 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0/crypto/rsa/rsa_o if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.0/crypto/rsa/rsa_sign.c.fips openssl-1.1.0/crypto/rsa/rsa_sign.c ---- openssl-1.1.0/crypto/rsa/rsa_sign.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/rsa/rsa_sign.c 2016-09-08 11:37:38.745460164 +0200 -@@ -29,6 +29,13 @@ int RSA_sign(int type, const unsigned ch - const unsigned char *s = NULL; - X509_ALGOR algor; - ASN1_OCTET_STRING digest; +diff -up openssl-1.1.0c/crypto/rsa/rsa_sign.c.fips openssl-1.1.0c/crypto/rsa/rsa_sign.c +--- openssl-1.1.0c/crypto/rsa/rsa_sign.c.fips 2016-11-11 13:31:51.377604725 +0100 ++++ openssl-1.1.0c/crypto/rsa/rsa_sign.c 2016-11-11 13:37:08.746867781 +0100 +@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch + unsigned char *tmps = NULL; + const unsigned char *encoded = NULL; + +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) + && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { @@ -11394,21 +11394,21 @@ diff -up openssl-1.1.0/crypto/rsa/rsa_sign.c.fips openssl-1.1.0/crypto/rsa/rsa_s if (rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } -@@ -77,7 +84,10 @@ int RSA_sign(int type, const unsigned ch - i2d_X509_SIG(&sig, &p); - s = tmps; +@@ -100,8 +107,9 @@ int RSA_sign(int type, const unsigned ch + RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + goto err; } -- i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); +- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, +- RSA_PKCS1_PADDING); + /* NB: call underlying method directly to avoid FIPS blocking */ -+ i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i, s, sigret, rsa, -+ RSA_PKCS1_PADDING) : -+ 0; - if (i <= 0) - ret = 0; - else -diff -up openssl-1.1.0/crypto/sha/sha_locl.h.fips openssl-1.1.0/crypto/sha/sha_locl.h ---- openssl-1.1.0/crypto/sha/sha_locl.h.fips 2016-09-08 11:37:38.540455578 +0200 -+++ openssl-1.1.0/crypto/sha/sha_locl.h 2016-09-08 11:37:38.745460164 +0200 ++ encrypt_len = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(encoded_len, encoded, sigret, rsa, ++ RSA_PKCS1_PADDING) : 0; + if (encrypt_len <= 0) + goto err; + +diff -up openssl-1.1.0c/crypto/sha/sha_locl.h.fips openssl-1.1.0c/crypto/sha/sha_locl.h +--- openssl-1.1.0c/crypto/sha/sha_locl.h.fips 2016-11-11 13:31:51.112598660 +0100 ++++ openssl-1.1.0c/crypto/sha/sha_locl.h 2016-11-11 13:31:51.377604725 +0100 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -11419,9 +11419,9 @@ diff -up openssl-1.1.0/crypto/sha/sha_locl.h.fips openssl-1.1.0/crypto/sha/sha_l memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.0/crypto/sha/sha256.c.fips openssl-1.1.0/crypto/sha/sha256.c ---- openssl-1.1.0/crypto/sha/sha256.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/sha/sha256.c 2016-09-08 11:37:38.745460164 +0200 +diff -up openssl-1.1.0c/crypto/sha/sha256.c.fips openssl-1.1.0c/crypto/sha/sha256.c +--- openssl-1.1.0c/crypto/sha/sha256.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/sha/sha256.c 2016-11-11 13:31:51.377604725 +0100 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -11442,9 +11442,9 @@ diff -up openssl-1.1.0/crypto/sha/sha256.c.fips openssl-1.1.0/crypto/sha/sha256. memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.0/crypto/sha/sha512.c.fips openssl-1.1.0/crypto/sha/sha512.c ---- openssl-1.1.0/crypto/sha/sha512.c.fips 2016-08-25 17:29:21.000000000 +0200 -+++ openssl-1.1.0/crypto/sha/sha512.c 2016-09-08 11:37:38.745460164 +0200 +diff -up openssl-1.1.0c/crypto/sha/sha512.c.fips openssl-1.1.0c/crypto/sha/sha512.c +--- openssl-1.1.0c/crypto/sha/sha512.c.fips 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/crypto/sha/sha512.c 2016-11-11 13:31:51.378604748 +0100 @@ -62,6 +62,9 @@ int SHA384_Init(SHA512_CTX *c) @@ -11465,9 +11465,9 @@ diff -up openssl-1.1.0/crypto/sha/sha512.c.fips openssl-1.1.0/crypto/sha/sha512. c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod.fips 2016-09-26 11:46:06.000000000 +0200 -+++ openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod 2016-11-04 12:03:51.544906058 +0100 +diff -up openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod +--- openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod 2016-11-11 13:31:51.378604748 +0100 @@ -29,8 +29,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -11481,9 +11481,9 @@ diff -up openssl-1.1.0b/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.0/include/openssl/crypto.h.fips openssl-1.1.0/include/openssl/crypto.h ---- openssl-1.1.0/include/openssl/crypto.h.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/include/openssl/crypto.h 2016-09-08 11:37:38.746460186 +0200 +diff -up openssl-1.1.0c/include/openssl/crypto.h.fips openssl-1.1.0c/include/openssl/crypto.h +--- openssl-1.1.0c/include/openssl/crypto.h.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/crypto.h 2016-11-11 13:31:51.378604748 +0100 @@ -332,6 +332,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -11496,9 +11496,9 @@ diff -up openssl-1.1.0/include/openssl/crypto.h.fips openssl-1.1.0/include/opens void OPENSSL_init(void); struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -diff -up openssl-1.1.0/include/openssl/dh.h.fips openssl-1.1.0/include/openssl/dh.h ---- openssl-1.1.0/include/openssl/dh.h.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/include/openssl/dh.h 2016-09-08 11:37:38.746460186 +0200 +diff -up openssl-1.1.0c/include/openssl/dh.h.fips openssl-1.1.0c/include/openssl/dh.h +--- openssl-1.1.0c/include/openssl/dh.h.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/dh.h 2016-11-11 13:31:51.378604748 +0100 @@ -30,6 +30,7 @@ extern "C" { # endif @@ -11530,9 +11530,9 @@ diff -up openssl-1.1.0/include/openssl/dh.h.fips openssl-1.1.0/include/openssl/d # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.0b/include/openssl/dsa.h.fips openssl-1.1.0b/include/openssl/dsa.h ---- openssl-1.1.0b/include/openssl/dsa.h.fips 2016-09-26 11:46:07.000000000 +0200 -+++ openssl-1.1.0b/include/openssl/dsa.h 2016-11-04 15:34:25.224751847 +0100 +diff -up openssl-1.1.0c/include/openssl/dsa.h.fips openssl-1.1.0c/include/openssl/dsa.h +--- openssl-1.1.0c/include/openssl/dsa.h.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/dsa.h 2016-11-11 13:31:51.378604748 +0100 @@ -36,6 +36,7 @@ extern "C" { # endif @@ -11578,9 +11578,9 @@ diff -up openssl-1.1.0b/include/openssl/dsa.h.fips openssl-1.1.0b/include/openss # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 -diff -up openssl-1.1.0/include/openssl/evp.h.fips openssl-1.1.0/include/openssl/evp.h ---- openssl-1.1.0/include/openssl/evp.h.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/include/openssl/evp.h 2016-09-08 11:37:38.746460186 +0200 +diff -up openssl-1.1.0c/include/openssl/evp.h.fips openssl-1.1.0c/include/openssl/evp.h +--- openssl-1.1.0c/include/openssl/evp.h.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/evp.h 2016-11-11 13:31:51.378604748 +0100 @@ -1456,6 +1456,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AESNI_INIT_KEY 165 # define EVP_F_AES_INIT_KEY 133 @@ -11605,9 +11605,9 @@ diff -up openssl-1.1.0/include/openssl/evp.h.fips openssl-1.1.0/include/openssl/ # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.0b/include/openssl/fips.h.fips openssl-1.1.0b/include/openssl/fips.h ---- openssl-1.1.0b/include/openssl/fips.h.fips 2016-10-11 10:19:52.091719206 +0200 -+++ openssl-1.1.0b/include/openssl/fips.h 2016-11-04 11:22:26.548391059 +0100 +diff -up openssl-1.1.0c/include/openssl/fips.h.fips openssl-1.1.0c/include/openssl/fips.h +--- openssl-1.1.0c/include/openssl/fips.h.fips 2016-11-11 13:31:51.379604771 +0100 ++++ openssl-1.1.0c/include/openssl/fips.h 2016-11-11 13:31:51.379604771 +0100 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11795,9 +11795,9 @@ diff -up openssl-1.1.0b/include/openssl/fips.h.fips openssl-1.1.0b/include/opens +} +# endif +#endif -diff -up openssl-1.1.0/include/openssl/fips_rand.h.fips openssl-1.1.0/include/openssl/fips_rand.h ---- openssl-1.1.0/include/openssl/fips_rand.h.fips 2016-09-08 11:37:38.746460186 +0200 -+++ openssl-1.1.0/include/openssl/fips_rand.h 2016-09-08 11:37:38.746460186 +0200 +diff -up openssl-1.1.0c/include/openssl/fips_rand.h.fips openssl-1.1.0c/include/openssl/fips_rand.h +--- openssl-1.1.0c/include/openssl/fips_rand.h.fips 2016-11-11 13:31:51.379604771 +0100 ++++ openssl-1.1.0c/include/openssl/fips_rand.h 2016-11-11 13:31:51.379604771 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11944,9 +11944,9 @@ diff -up openssl-1.1.0/include/openssl/fips_rand.h.fips openssl-1.1.0/include/op +# endif +# endif +#endif -diff -up openssl-1.1.0/include/openssl/opensslconf.h.in.fips openssl-1.1.0/include/openssl/opensslconf.h.in ---- openssl-1.1.0/include/openssl/opensslconf.h.in.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/include/openssl/opensslconf.h.in 2016-09-08 11:37:38.747460209 +0200 +diff -up openssl-1.1.0c/include/openssl/opensslconf.h.in.fips openssl-1.1.0c/include/openssl/opensslconf.h.in +--- openssl-1.1.0c/include/openssl/opensslconf.h.in.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/opensslconf.h.in 2016-11-11 13:31:51.379604771 +0100 @@ -136,6 +136,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11959,9 +11959,9 @@ diff -up openssl-1.1.0/include/openssl/opensslconf.h.in.fips openssl-1.1.0/inclu #ifdef __cplusplus } #endif -diff -up openssl-1.1.0/include/openssl/rand.h.fips openssl-1.1.0/include/openssl/rand.h ---- openssl-1.1.0/include/openssl/rand.h.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/include/openssl/rand.h 2016-09-08 11:37:38.747460209 +0200 +diff -up openssl-1.1.0c/include/openssl/rand.h.fips openssl-1.1.0c/include/openssl/rand.h +--- openssl-1.1.0c/include/openssl/rand.h.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/rand.h 2016-11-11 13:31:51.379604771 +0100 @@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) #endif @@ -11986,18 +11986,18 @@ diff -up openssl-1.1.0/include/openssl/rand.h.fips openssl-1.1.0/include/openssl # define RAND_R_PRNG_NOT_SEEDED 100 # ifdef __cplusplus -diff -up openssl-1.1.0/include/openssl/rsa.h.fips openssl-1.1.0/include/openssl/rsa.h ---- openssl-1.1.0/include/openssl/rsa.h.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/include/openssl/rsa.h 2016-09-08 11:37:38.747460209 +0200 -@@ -462,6 +462,7 @@ int ERR_load_RSA_strings(void); - +diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openssl/rsa.h +--- openssl-1.1.0c/include/openssl/rsa.h.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/include/openssl/rsa.h 2016-11-11 13:38:20.076500173 +0100 +@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); /* Function codes. */ # define RSA_F_CHECK_PADDING_MD 140 + # define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206 # define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_OLD_RSA_PRIV_DECODE 147 # define RSA_F_PKEY_RSA_CTRL 143 -@@ -473,6 +474,7 @@ int ERR_load_RSA_strings(void); +@@ -474,6 +475,7 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_CHECK_KEY 123 # define RSA_F_RSA_CHECK_KEY_EX 160 # define RSA_F_RSA_CMS_DECRYPT 159 @@ -12005,7 +12005,7 @@ diff -up openssl-1.1.0/include/openssl/rsa.h.fips openssl-1.1.0/include/openssl/ # define RSA_F_RSA_ITEM_VERIFY 148 # define RSA_F_RSA_METH_DUP 161 # define RSA_F_RSA_METH_NEW 162 -@@ -507,9 +509,15 @@ int ERR_load_RSA_strings(void); +@@ -508,9 +510,15 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_PRINT 115 # define RSA_F_RSA_PRINT_FP 116 # define RSA_F_RSA_PRIV_ENCODE 138 @@ -12021,7 +12021,7 @@ diff -up openssl-1.1.0/include/openssl/rsa.h.fips openssl-1.1.0/include/openssl/ # define RSA_F_RSA_SIGN 117 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 # define RSA_F_RSA_VERIFY 119 -@@ -556,9 +564,11 @@ int ERR_load_RSA_strings(void); +@@ -557,9 +565,11 @@ int ERR_load_RSA_strings(void); # define RSA_R_LAST_OCTET_INVALID 134 # define RSA_R_MODULUS_TOO_LARGE 105 # define RSA_R_NO_PUBLIC_EXPONENT 140 @@ -12033,9 +12033,9 @@ diff -up openssl-1.1.0/include/openssl/rsa.h.fips openssl-1.1.0/include/openssl/ # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.1.0/ssl/ssl_init.c.fips openssl-1.1.0/ssl/ssl_init.c ---- openssl-1.1.0/ssl/ssl_init.c.fips 2016-08-25 17:29:22.000000000 +0200 -+++ openssl-1.1.0/ssl/ssl_init.c 2016-09-08 15:56:42.309456657 +0200 +diff -up openssl-1.1.0c/ssl/ssl_init.c.fips openssl-1.1.0c/ssl/ssl_init.c +--- openssl-1.1.0c/ssl/ssl_init.c.fips 2016-11-10 15:03:46.000000000 +0100 ++++ openssl-1.1.0c/ssl/ssl_init.c 2016-11-11 13:31:51.379604771 +0100 @@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -12079,9 +12079,9 @@ diff -up openssl-1.1.0/ssl/ssl_init.c.fips openssl-1.1.0/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.0/test/dsatest.c.fips openssl-1.1.0/test/dsatest.c ---- openssl-1.1.0/test/dsatest.c.fips 2016-08-25 17:29:23.000000000 +0200 -+++ openssl-1.1.0/test/dsatest.c 2016-09-08 11:37:38.747460209 +0200 +diff -up openssl-1.1.0c/test/dsatest.c.fips openssl-1.1.0c/test/dsatest.c +--- openssl-1.1.0c/test/dsatest.c.fips 2016-11-10 15:03:47.000000000 +0100 ++++ openssl-1.1.0c/test/dsatest.c 2016-11-11 13:31:51.380604793 +0100 @@ -32,41 +32,42 @@ int main(int argc, char *argv[]) static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -12170,9 +12170,9 @@ diff -up openssl-1.1.0/test/dsatest.c.fips openssl-1.1.0/test/dsatest.c goto end; } if (h != 2) { -diff -up openssl-1.1.0/util/mkdef.pl.fips openssl-1.1.0/util/mkdef.pl ---- openssl-1.1.0/util/mkdef.pl.fips 2016-08-25 17:29:23.000000000 +0200 -+++ openssl-1.1.0/util/mkdef.pl 2016-09-08 11:37:38.748460231 +0200 +diff -up openssl-1.1.0c/util/mkdef.pl.fips openssl-1.1.0c/util/mkdef.pl +--- openssl-1.1.0c/util/mkdef.pl.fips 2016-11-10 15:03:47.000000000 +0100 ++++ openssl-1.1.0c/util/mkdef.pl 2016-11-11 13:31:51.380604793 +0100 @@ -307,6 +307,8 @@ $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; $crypto.=" include/openssl/ct.h"; diff --git a/openssl-1.1.0-no-rpath.patch b/openssl-1.1.0-no-rpath.patch deleted file mode 100644 index 92b0e85..0000000 --- a/openssl-1.1.0-no-rpath.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.1.0-pre5/Makefile.shared.no-rpath openssl-1.1.0-pre5/Makefile.shared ---- openssl-1.1.0-pre5/Makefile.shared.no-rpath 2016-07-18 14:41:53.081002002 +0200 -+++ openssl-1.1.0-pre5/Makefile.shared 2016-07-18 14:43:08.790467584 +0200 -@@ -175,7 +175,7 @@ DO_GNU_SO=\ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - $(DO_GNU_SO_COMMON) --DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/openssl.spec b/openssl.spec index 15bcdf2..65128c5 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,8 +21,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.0b -Release: 4%{?dist} +Version: 1.1.0c +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -41,7 +41,6 @@ Source13: ectest.c Patch1: openssl-1.1.0-build.patch Patch2: openssl-1.1.0-defaults.patch Patch3: openssl-1.1.0-no-html.patch -Patch5: openssl-1.1.0-no-rpath.patch # Bug fixes Patch21: openssl-1.1.0-issuer-hash.patch Patch22: openssl-1.1.0-algo-doc.patch @@ -60,7 +59,6 @@ Patch40: openssl-1.1.0-disable-ssl3.patch Patch41: openssl-1.1.0-system-cipherlist.patch Patch42: openssl-1.1.0-fips.patch Patch43: openssl-1.1.0-afalg-eventfd2.patch -Patch44: openssl-1.1.0-afalg-endian.patch # Backported fixes including security fixes License: OpenSSL @@ -142,7 +140,6 @@ cp %{SOURCE13} test/ %patch1 -p1 -b .build %{?_rawbuild} %patch2 -p1 -b .defaults %patch3 -p1 -b .no-html %{?_rawbuild} -%patch5 -p1 -b .no-rpath %patch21 -p1 -b .issuer-hash %patch22 -p1 -b .algo-doc @@ -161,7 +158,6 @@ cp %{SOURCE13} test/ %patch41 -p1 -b .system-cipherlist %patch42 -p1 -b .fips %patch43 -p1 -b .eventfd2 -%patch44 -p1 -b .endian %build # Figure out which flags we want to use. @@ -261,6 +257,10 @@ patch -p1 -R < %{PATCH31} LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH +crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac +ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac +crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac +ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY make test @@ -425,6 +425,9 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Fri Nov 11 2016 Tomáš Mráz 1.1.0c-1 +- update to upstream version 1.1.0c + * Fri Nov 4 2016 Tomáš Mráz 1.1.0b-4 - use a random seed if the supplied one did not generate valid parameters in dsa_builtin_paramgen2() diff --git a/sources b/sources index 9ea76bb..f9d378f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ec4eac4d86e5f9b5dd723bc0702f7954 openssl-1.1.0b-hobbled.tar.xz +1292a3e2bafa419cd61212cfd5e34d02 openssl-1.1.0c-hobbled.tar.xz