[openssl] new upstream version fixing CVE-2012-2110
Tomáš Mráz
tmraz at fedoraproject.org
Fri Apr 20 10:24:44 UTC 2012
commit e8c18345a4ed5b547db1ffbe7d83b0a6212f157d
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Apr 20 12:24:39 2012 +0200
new upstream version fixing CVE-2012-2110
.gitignore | 1 +
openssl-1.0.0-beta4-algo-doc.patch | 113 ----
openssl-1.0.1-backport.patch | 226 -------
openssl-1.0.1-beta3-s390xbuild.patch | 26 -
openssl-1.0.1a-algo-doc.patch | 77 +++
openssl-1.0.1a-backport.patch | 41 ++
...1-beta3-fips.patch => openssl-1.0.1a-fips.patch | 682 ++++++++++----------
openssl.spec | 16 +-
sources | 2 +-
9 files changed, 471 insertions(+), 713 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 2e5ab5d..9a30642 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1-beta2-usa.tar.xz
/openssl-1.0.1-beta3-usa.tar.xz
/openssl-1.0.1-usa.tar.xz
+/openssl-1.0.1a-usa.tar.xz
diff --git a/openssl-1.0.1a-algo-doc.patch b/openssl-1.0.1a-algo-doc.patch
new file mode 100644
index 0000000..c4aaa89
--- /dev/null
+++ b/openssl-1.0.1a-algo-doc.patch
@@ -0,0 +1,77 @@
+diff -up openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod
+--- openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc 2012-04-11 00:28:22.000000000 +0200
++++ openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod 2012-04-20 09:14:01.865167011 +0200
+@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
+
+ EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+ B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
++function. B<type> will typically be supplied by a function such as EVP_sha1().
+ If B<impl> is NULL then the default implementation of digest B<type> is used.
+
+ EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+@@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
+ EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
+ size in bytes.
+
+-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
++EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
++EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
+ EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+ corresponding EVP_MD structures.
+
+diff -up openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod
+--- openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200
++++ openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod 2012-04-20 09:10:59.114736465 +0200
+@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
++ const EVP_CIPHER *EVP_des_ede3(void);
++ const EVP_CIPHER *EVP_des_ede3_ecb(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
++ const EVP_CIPHER *EVP_des_ede3_ofb(void);
++ const EVP_CIPHER *EVP_des_ede3_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_ecb(void);
++ const EVP_CIPHER *EVP_aes_128_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_cfb1(void);
++ const EVP_CIPHER *EVP_aes_128_cfb8(void);
++ const EVP_CIPHER *EVP_aes_128_cfb128(void);
++ const EVP_CIPHER *EVP_aes_128_ofb(void);
++ const EVP_CIPHER *EVP_aes_192_ecb(void);
++ const EVP_CIPHER *EVP_aes_192_cbc(void);
++ const EVP_CIPHER *EVP_aes_192_cfb1(void);
++ const EVP_CIPHER *EVP_aes_192_cfb8(void);
++ const EVP_CIPHER *EVP_aes_192_cfb128(void);
++ const EVP_CIPHER *EVP_aes_192_ofb(void);
++ const EVP_CIPHER *EVP_aes_256_ecb(void);
++ const EVP_CIPHER *EVP_aes_256_cbc(void);
++ const EVP_CIPHER *EVP_aes_256_cfb1(void);
++ const EVP_CIPHER *EVP_aes_256_cfb8(void);
++ const EVP_CIPHER *EVP_aes_256_cfb128(void);
++ const EVP_CIPHER *EVP_aes_256_ofb(void);
++
+ =head1 DESCRIPTION
+
+ The EVP cipher routines are a high level interface to certain
+@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
+
+ DESX algorithm in CBC mode.
+
++=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
++
++AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
++
++AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
++
++AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
+ =item EVP_rc4(void)
+
+ RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
diff --git a/openssl-1.0.1a-backport.patch b/openssl-1.0.1a-backport.patch
new file mode 100644
index 0000000..b2cd769
--- /dev/null
+++ b/openssl-1.0.1a-backport.patch
@@ -0,0 +1,41 @@
+diff -up openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c.backport openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c
+--- openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c.backport 2012-04-18 19:51:33.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c 2012-04-20 09:20:29.411861130 +0200
+@@ -121,6 +121,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
+ md5_off = MD5_CBLOCK-key->md.num,
+ blocks;
+ unsigned int l;
++ extern unsigned int OPENSSL_ia32cap_P[];
+ #endif
+ size_t plen = key->payload_length;
+
+@@ -132,7 +133,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
+ /* cipher has to "fall behind" */
+ if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
+
+- if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) {
++ if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) &&
++ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
+ MD5_Update(&key->md,in,md5_off);
+ RC4(&key->ks,rc4_off,in,out);
+
+@@ -172,7 +174,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHE
+ if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK;
+ else rc4_off += MD5_CBLOCK;
+
+- if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) {
++ if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) &&
++ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
+ RC4(&key->ks,rc4_off,in,out);
+ MD5_Update(&key->md,out,md5_off);
+
+@@ -289,8 +292,6 @@ static EVP_CIPHER r4_hmac_md5_cipher=
+
+ const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+ {
+- extern unsigned int OPENSSL_ia32cap_P[];
+- /* RC4_CHAR flag ------------vvvvv */
+- return(OPENSSL_ia32cap_P[0]&(1<<20) ? NULL : &r4_hmac_md5_cipher);
++ return(&r4_hmac_md5_cipher);
+ }
+ #endif
diff --git a/openssl-1.0.1-beta3-fips.patch b/openssl-1.0.1a-fips.patch
similarity index 95%
rename from openssl-1.0.1-beta3-fips.patch
rename to openssl-1.0.1a-fips.patch
index f2bb340..8754495 100644
--- a/openssl-1.0.1-beta3-fips.patch
+++ b/openssl-1.0.1a-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1-beta3/apps/pkcs12.c.fips openssl-1.0.1-beta3/apps/pkcs12.c
---- openssl-1.0.1-beta3/apps/pkcs12.c.fips 2011-03-13 19:20:23.000000000 +0100
-+++ openssl-1.0.1-beta3/apps/pkcs12.c 2012-02-29 10:33:02.773294716 +0100
+diff -up openssl-1.0.1a/apps/pkcs12.c.fips openssl-1.0.1a/apps/pkcs12.c
+--- openssl-1.0.1a/apps/pkcs12.c.fips 2011-03-13 19:20:23.000000000 +0100
++++ openssl-1.0.1a/apps/pkcs12.c 2012-04-20 09:07:06.229784948 +0200
@@ -67,6 +67,9 @@
#include <openssl/err.h>
#include <openssl/pem.h>
@@ -23,9 +23,9 @@ diff -up openssl-1.0.1-beta3/apps/pkcs12.c.fips openssl-1.0.1-beta3/apps/pkcs12.
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-diff -up openssl-1.0.1-beta3/apps/speed.c.fips openssl-1.0.1-beta3/apps/speed.c
---- openssl-1.0.1-beta3/apps/speed.c.fips 2012-01-11 22:49:16.000000000 +0100
-+++ openssl-1.0.1-beta3/apps/speed.c 2012-02-29 10:33:02.774294724 +0100
+diff -up openssl-1.0.1a/apps/speed.c.fips openssl-1.0.1a/apps/speed.c
+--- openssl-1.0.1a/apps/speed.c.fips 2012-01-11 22:49:16.000000000 +0100
++++ openssl-1.0.1a/apps/speed.c 2012-04-20 09:07:06.230784969 +0200
@@ -195,7 +195,6 @@
#ifdef OPENSSL_DOING_MAKEDEPEND
#undef AES_set_encrypt_key
@@ -123,9 +123,9 @@ diff -up openssl-1.0.1-beta3/apps/speed.c.fips openssl-1.0.1-beta3/apps/speed.c
#endif
#ifndef OPENSSL_NO_RSA
memset(rsa_c,0,sizeof(rsa_c));
-diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
---- openssl-1.0.1-beta3/Configure.fips 2012-02-29 10:33:02.738294416 +0100
-+++ openssl-1.0.1-beta3/Configure 2012-02-29 10:33:02.775294732 +0100
+diff -up openssl-1.0.1a/Configure.fips openssl-1.0.1a/Configure
+--- openssl-1.0.1a/Configure.fips 2012-04-20 09:07:06.190784111 +0200
++++ openssl-1.0.1a/Configure 2012-04-20 09:07:06.232785011 +0200
@@ -993,11 +993,6 @@ if (defined($disabled{"md5"}) || defined
$disabled{"ssl2"} = "forced";
}
@@ -138,7 +138,7 @@ diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
# RSAX ENGINE sets default non-FIPS RSA method.
if ($fips)
{
-@@ -1478,7 +1473,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
+@@ -1472,7 +1467,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
@@ -146,7 +146,7 @@ diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
-@@ -1665,9 +1659,12 @@ while (<IN>)
+@@ -1659,9 +1653,12 @@ while (<IN>)
s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
@@ -160,9 +160,9 @@ diff -up openssl-1.0.1-beta3/Configure.fips openssl-1.0.1-beta3/Configure
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.1-beta3/crypto/aes/aes_misc.c.fips openssl-1.0.1-beta3/crypto/aes/aes_misc.c
---- openssl-1.0.1-beta3/crypto/aes/aes_misc.c.fips 2011-06-05 19:36:33.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/aes/aes_misc.c 2012-02-29 10:33:02.776294741 +0100
+diff -up openssl-1.0.1a/crypto/aes/aes_misc.c.fips openssl-1.0.1a/crypto/aes/aes_misc.c
+--- openssl-1.0.1a/crypto/aes/aes_misc.c.fips 2011-06-05 19:36:33.000000000 +0200
++++ openssl-1.0.1a/crypto/aes/aes_misc.c 2012-04-20 09:07:06.232785011 +0200
@@ -69,17 +69,11 @@ const char *AES_options(void) {
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
@@ -181,9 +181,9 @@ diff -up openssl-1.0.1-beta3/crypto/aes/aes_misc.c.fips openssl-1.0.1-beta3/cryp
-#endif
return private_AES_set_decrypt_key(userKey, bits, key);
}
-diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/cmac/cmac.c
---- openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips 2011-06-12 17:07:25.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/cmac/cmac.c 2012-02-29 10:33:02.776294741 +0100
+diff -up openssl-1.0.1a/crypto/cmac/cmac.c.fips openssl-1.0.1a/crypto/cmac/cmac.c
+--- openssl-1.0.1a/crypto/cmac/cmac.c.fips 2012-04-11 17:11:16.000000000 +0200
++++ openssl-1.0.1a/crypto/cmac/cmac.c 2012-04-20 09:07:06.233785033 +0200
@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
@@ -210,7 +210,7 @@ diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/
}
#endif
/* All zeros means restart */
-@@ -214,10 +202,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
+@@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
{
const unsigned char *data = in;
size_t bl;
@@ -221,7 +221,7 @@ diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/
if (ctx->nlast_block == -1)
return 0;
if (dlen == 0)
-@@ -259,10 +243,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
+@@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
{
int i, bl, lb;
@@ -232,9 +232,9 @@ diff -up openssl-1.0.1-beta3/crypto/cmac/cmac.c.fips openssl-1.0.1-beta3/crypto/
if (ctx->nlast_block == -1)
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-diff -up openssl-1.0.1-beta3/crypto/crypto.h.fips openssl-1.0.1-beta3/crypto/crypto.h
---- openssl-1.0.1-beta3/crypto/crypto.h.fips 2012-02-29 10:33:02.538292696 +0100
-+++ openssl-1.0.1-beta3/crypto/crypto.h 2012-02-29 10:33:02.777294750 +0100
+diff -up openssl-1.0.1a/crypto/crypto.h.fips openssl-1.0.1a/crypto/crypto.h
+--- openssl-1.0.1a/crypto/crypto.h.fips 2012-04-20 09:07:05.959779159 +0200
++++ openssl-1.0.1a/crypto/crypto.h 2012-04-20 09:07:06.233785033 +0200
@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
void OPENSSL_init(void);
@@ -280,9 +280,9 @@ diff -up openssl-1.0.1-beta3/crypto/crypto.h.fips openssl-1.0.1-beta3/crypto/cry
/* Error codes for the CRYPTO functions. */
/* Function codes. */
-diff -up openssl-1.0.1-beta3/crypto/des/des.h.fips openssl-1.0.1-beta3/crypto/des/des.h
---- openssl-1.0.1-beta3/crypto/des/des.h.fips 2012-02-29 10:33:02.605293272 +0100
-+++ openssl-1.0.1-beta3/crypto/des/des.h 2012-02-29 10:33:02.777294750 +0100
+diff -up openssl-1.0.1a/crypto/des/des.h.fips openssl-1.0.1a/crypto/des/des.h
+--- openssl-1.0.1a/crypto/des/des.h.fips 2012-04-20 09:07:06.030780681 +0200
++++ openssl-1.0.1a/crypto/des/des.h 2012-04-20 09:07:06.234785055 +0200
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
@@ -293,9 +293,9 @@ diff -up openssl-1.0.1-beta3/crypto/des/des.h.fips openssl-1.0.1-beta3/crypto/de
void DES_string_to_key(const char *str,DES_cblock *key);
void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-diff -up openssl-1.0.1-beta3/crypto/des/set_key.c.fips openssl-1.0.1-beta3/crypto/des/set_key.c
---- openssl-1.0.1-beta3/crypto/des/set_key.c.fips 2011-06-01 18:54:04.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/des/set_key.c 2012-02-29 10:33:02.777294750 +0100
+diff -up openssl-1.0.1a/crypto/des/set_key.c.fips openssl-1.0.1a/crypto/des/set_key.c
+--- openssl-1.0.1a/crypto/des/set_key.c.fips 2011-06-01 18:54:04.000000000 +0200
++++ openssl-1.0.1a/crypto/des/set_key.c 2012-04-20 09:07:06.234785055 +0200
@@ -337,13 +337,6 @@ int DES_set_key_checked(const_DES_cblock
}
@@ -310,9 +310,9 @@ diff -up openssl-1.0.1-beta3/crypto/des/set_key.c.fips openssl-1.0.1-beta3/crypt
{
static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
register DES_LONG c,d,t,s,t2;
-diff -up openssl-1.0.1-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.1-beta3/crypto/dh/dh_gen.c
---- openssl-1.0.1-beta3/crypto/dh/dh_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dh/dh_gen.c 2012-02-29 10:33:02.778294759 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh_gen.c.fips openssl-1.0.1a/crypto/dh/dh_gen.c
+--- openssl-1.0.1a/crypto/dh/dh_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
++++ openssl-1.0.1a/crypto/dh/dh_gen.c 2012-04-20 09:07:06.235785077 +0200
@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
#endif
if(ret->meth->generate_params)
@@ -346,9 +346,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.1-beta3/crypto/
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
-diff -up openssl-1.0.1-beta3/crypto/dh/dh.h.fips openssl-1.0.1-beta3/crypto/dh/dh.h
---- openssl-1.0.1-beta3/crypto/dh/dh.h.fips 2012-02-29 10:33:02.483292223 +0100
-+++ openssl-1.0.1-beta3/crypto/dh/dh.h 2012-02-29 10:33:02.778294759 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh.h.fips openssl-1.0.1a/crypto/dh/dh.h
+--- openssl-1.0.1a/crypto/dh/dh.h.fips 2012-04-20 09:07:05.898777852 +0200
++++ openssl-1.0.1a/crypto/dh/dh.h 2012-04-20 09:07:06.235785077 +0200
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -358,9 +358,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh.h.fips openssl-1.0.1-beta3/crypto/dh/d
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
* implementation now uses constant time
-diff -up openssl-1.0.1-beta3/crypto/dh/dh_key.c.fips openssl-1.0.1-beta3/crypto/dh/dh_key.c
---- openssl-1.0.1-beta3/crypto/dh/dh_key.c.fips 2011-11-14 15:16:09.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/dh/dh_key.c 2012-02-29 10:33:02.779294768 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh_key.c.fips openssl-1.0.1a/crypto/dh/dh_key.c
+--- openssl-1.0.1a/crypto/dh/dh_key.c.fips 2011-11-14 15:16:09.000000000 +0100
++++ openssl-1.0.1a/crypto/dh/dh_key.c 2012-04-20 09:07:06.235785077 +0200
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -419,9 +419,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh_key.c.fips openssl-1.0.1-beta3/crypto/
dh->flags |= DH_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.1-beta3/crypto/dh/dh_lib.c.fips openssl-1.0.1-beta3/crypto/dh/dh_lib.c
---- openssl-1.0.1-beta3/crypto/dh/dh_lib.c.fips 2011-06-20 21:41:11.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dh/dh_lib.c 2012-02-29 10:33:02.779294768 +0100
+diff -up openssl-1.0.1a/crypto/dh/dh_lib.c.fips openssl-1.0.1a/crypto/dh/dh_lib.c
+--- openssl-1.0.1a/crypto/dh/dh_lib.c.fips 2011-06-20 21:41:11.000000000 +0200
++++ openssl-1.0.1a/crypto/dh/dh_lib.c 2012-04-20 09:07:06.236785099 +0200
@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
{
if(!default_DH_method)
@@ -437,9 +437,9 @@ diff -up openssl-1.0.1-beta3/crypto/dh/dh_lib.c.fips openssl-1.0.1-beta3/crypto/
}
return default_DH_method;
}
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_err.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_err.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_err.c.fips 2011-10-10 01:13:49.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_err.c 2012-02-29 10:33:02.779294768 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_err.c.fips openssl-1.0.1a/crypto/dsa/dsa_err.c
+--- openssl-1.0.1a/crypto/dsa/dsa_err.c.fips 2011-10-10 01:13:49.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_err.c 2012-04-20 09:07:06.236785099 +0200
@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -458,9 +458,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_err.c.fips openssl-1.0.1-beta3/crypt
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c 2012-02-29 10:33:02.780294777 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_gen.c.fips openssl-1.0.1a/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1a/crypto/dsa/dsa_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_gen.c 2012-04-20 09:07:06.237785120 +0200
@@ -85,6 +85,14 @@
#include <openssl/fips.h>
#endif
@@ -867,9 +867,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.1-beta3/crypt
}
if (mont != NULL) BN_MONT_CTX_free(mont);
return ok;
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa.h.fips openssl-1.0.1-beta3/crypto/dsa/dsa.h
---- openssl-1.0.1-beta3/crypto/dsa/dsa.h.fips 2012-02-29 10:33:02.310290735 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa.h 2012-02-29 10:33:02.780294777 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa.h.fips openssl-1.0.1a/crypto/dsa/dsa.h
+--- openssl-1.0.1a/crypto/dsa/dsa.h.fips 2012-04-20 09:07:05.710773820 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa.h 2012-04-20 09:07:06.238785141 +0200
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
@@ -930,9 +930,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa.h.fips openssl-1.0.1-beta3/crypto/ds
#define DSA_R_PARAMETER_ENCODING_ERROR 105
#ifdef __cplusplus
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_key.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_key.c.fips 2011-06-09 17:21:46.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_key.c 2012-02-29 10:33:02.781294786 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_key.c.fips openssl-1.0.1a/crypto/dsa/dsa_key.c
+--- openssl-1.0.1a/crypto/dsa/dsa_key.c.fips 2011-06-09 17:21:46.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_key.c 2012-04-20 09:07:06.238785141 +0200
@@ -66,6 +66,24 @@
#ifdef OPENSSL_FIPS
@@ -1000,9 +1000,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.1-beta3/crypt
ok=1;
err:
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c.fips 2011-11-14 15:16:09.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c 2012-02-29 10:33:02.781294786 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_lib.c.fips openssl-1.0.1a/crypto/dsa/dsa_lib.c
+--- openssl-1.0.1a/crypto/dsa/dsa_lib.c.fips 2011-11-14 15:16:09.000000000 +0100
++++ openssl-1.0.1a/crypto/dsa/dsa_lib.c 2012-04-20 09:07:06.239785162 +0200
@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
{
if(!default_DSA_method)
@@ -1018,18 +1018,18 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_lib.c.fips openssl-1.0.1-beta3/crypt
}
return default_DSA_method;
}
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h.fips openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h
---- openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h.fips 2012-02-29 10:33:02.313290762 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_locl.h 2012-02-29 10:33:02.781294786 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_locl.h.fips openssl-1.0.1a/crypto/dsa/dsa_locl.h
+--- openssl-1.0.1a/crypto/dsa/dsa_locl.h.fips 2012-04-20 09:07:05.714773906 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_locl.h 2012-04-20 09:07:06.239785162 +0200
@@ -56,5 +56,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c.fips 2011-02-01 13:53:47.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c 2012-02-29 10:33:02.782294795 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1a/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.1a/crypto/dsa/dsa_ossl.c.fips 2011-02-01 13:53:47.000000000 +0100
++++ openssl-1.0.1a/crypto/dsa/dsa_ossl.c 2012-04-20 09:07:06.239785162 +0200
@@ -65,6 +65,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -1103,9 +1103,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1-beta3/cryp
dsa->flags|=DSA_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c
---- openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c.fips 2011-06-20 22:05:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c 2012-02-29 10:33:02.782294795 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1a/crypto/dsa/dsa_pmeth.c
+--- openssl-1.0.1a/crypto/dsa/dsa_pmeth.c.fips 2011-06-20 22:05:13.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsa_pmeth.c 2012-04-20 09:07:06.240785183 +0200
@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
if (!dsa)
return 0;
@@ -1115,9 +1115,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1-beta3/cry
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
else
-diff -up openssl-1.0.1-beta3/crypto/dsa/dsatest.c.fips openssl-1.0.1-beta3/crypto/dsa/dsatest.c
---- openssl-1.0.1-beta3/crypto/dsa/dsatest.c.fips 2008-08-06 17:54:11.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/dsa/dsatest.c 2012-02-29 10:33:02.782294795 +0100
+diff -up openssl-1.0.1a/crypto/dsa/dsatest.c.fips openssl-1.0.1a/crypto/dsa/dsatest.c
+--- openssl-1.0.1a/crypto/dsa/dsatest.c.fips 2008-08-06 17:54:11.000000000 +0200
++++ openssl-1.0.1a/crypto/dsa/dsatest.c 2012-04-20 09:07:06.240785183 +0200
@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -1202,9 +1202,9 @@ diff -up openssl-1.0.1-beta3/crypto/dsa/dsatest.c.fips openssl-1.0.1-beta3/crypt
goto end;
}
if (h != 2)
-diff -up openssl-1.0.1-beta3/crypto/engine/eng_all.c.fips openssl-1.0.1-beta3/crypto/engine/eng_all.c
---- openssl-1.0.1-beta3/crypto/engine/eng_all.c.fips 2011-08-10 20:53:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/engine/eng_all.c 2012-02-29 10:33:02.783294803 +0100
+diff -up openssl-1.0.1a/crypto/engine/eng_all.c.fips openssl-1.0.1a/crypto/engine/eng_all.c
+--- openssl-1.0.1a/crypto/engine/eng_all.c.fips 2011-08-10 20:53:13.000000000 +0200
++++ openssl-1.0.1a/crypto/engine/eng_all.c 2012-04-20 09:07:06.241785205 +0200
@@ -58,11 +58,25 @@
#include "cryptlib.h"
@@ -1231,9 +1231,9 @@ diff -up openssl-1.0.1-beta3/crypto/engine/eng_all.c.fips openssl-1.0.1-beta3/cr
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
-diff -up openssl-1.0.1-beta3/crypto/err/err_all.c.fips openssl-1.0.1-beta3/crypto/err/err_all.c
---- openssl-1.0.1-beta3/crypto/err/err_all.c.fips 2011-06-21 18:58:10.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/err/err_all.c 2012-02-29 10:33:02.783294803 +0100
+diff -up openssl-1.0.1a/crypto/err/err_all.c.fips openssl-1.0.1a/crypto/err/err_all.c
+--- openssl-1.0.1a/crypto/err/err_all.c.fips 2011-06-21 18:58:10.000000000 +0200
++++ openssl-1.0.1a/crypto/err/err_all.c 2012-04-20 09:07:06.241785205 +0200
@@ -96,6 +96,9 @@
#include <openssl/ocsp.h>
#include <openssl/err.h>
@@ -1254,9 +1254,9 @@ diff -up openssl-1.0.1-beta3/crypto/err/err_all.c.fips openssl-1.0.1-beta3/crypt
#ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/c_allc.c.fips openssl-1.0.1-beta3/crypto/evp/c_allc.c
---- openssl-1.0.1-beta3/crypto/evp/c_allc.c.fips 2011-11-14 22:13:35.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/c_allc.c 2012-02-29 10:33:02.783294803 +0100
+diff -up openssl-1.0.1a/crypto/evp/c_allc.c.fips openssl-1.0.1a/crypto/evp/c_allc.c
+--- openssl-1.0.1a/crypto/evp/c_allc.c.fips 2011-11-14 22:13:35.000000000 +0100
++++ openssl-1.0.1a/crypto/evp/c_allc.c 2012-04-20 09:07:06.242785227 +0200
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
@@ -1330,9 +1330,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/c_allc.c.fips openssl-1.0.1-beta3/crypto
+ }
+#endif
}
-diff -up openssl-1.0.1-beta3/crypto/evp/c_alld.c.fips openssl-1.0.1-beta3/crypto/evp/c_alld.c
---- openssl-1.0.1-beta3/crypto/evp/c_alld.c.fips 2009-07-08 10:50:53.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/c_alld.c 2012-02-29 10:33:02.784294811 +0100
+diff -up openssl-1.0.1a/crypto/evp/c_alld.c.fips openssl-1.0.1a/crypto/evp/c_alld.c
+--- openssl-1.0.1a/crypto/evp/c_alld.c.fips 2009-07-08 10:50:53.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/c_alld.c 2012-04-20 09:07:06.242785227 +0200
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
@@ -1378,9 +1378,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/c_alld.c.fips openssl-1.0.1-beta3/crypto
+ }
+#endif
}
-diff -up openssl-1.0.1-beta3/crypto/evp/digest.c.fips openssl-1.0.1-beta3/crypto/evp/digest.c
---- openssl-1.0.1-beta3/crypto/evp/digest.c.fips 2011-05-29 17:55:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/digest.c 2012-02-29 10:33:02.784294811 +0100
+diff -up openssl-1.0.1a/crypto/evp/digest.c.fips openssl-1.0.1a/crypto/evp/digest.c
+--- openssl-1.0.1a/crypto/evp/digest.c.fips 2011-05-29 17:55:13.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/digest.c 2012-04-20 09:07:06.243785249 +0200
@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
return EVP_DigestInit_ex(ctx, type, NULL);
}
@@ -1529,9 +1529,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/digest.c.fips openssl-1.0.1-beta3/crypto
memset(ctx,'\0',sizeof *ctx);
return 1;
-diff -up openssl-1.0.1-beta3/crypto/evp/e_aes.c.fips openssl-1.0.1-beta3/crypto/evp/e_aes.c
---- openssl-1.0.1-beta3/crypto/evp/e_aes.c.fips 2011-11-15 13:19:56.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/e_aes.c 2012-02-29 10:33:02.785294819 +0100
+diff -up openssl-1.0.1a/crypto/evp/e_aes.c.fips openssl-1.0.1a/crypto/evp/e_aes.c
+--- openssl-1.0.1a/crypto/evp/e_aes.c.fips 2011-11-15 13:19:56.000000000 +0100
++++ openssl-1.0.1a/crypto/evp/e_aes.c 2012-04-20 09:07:06.243785249 +0200
@@ -56,7 +56,6 @@
#include <assert.h>
#include <openssl/aes.h>
@@ -1563,9 +1563,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/e_aes.c.fips openssl-1.0.1-beta3/crypto/
#endif
-#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/e_des3.c.fips openssl-1.0.1-beta3/crypto/evp/e_des3.c
---- openssl-1.0.1-beta3/crypto/evp/e_des3.c.fips 2011-05-29 01:01:26.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/e_des3.c 2012-02-29 10:33:02.785294819 +0100
+diff -up openssl-1.0.1a/crypto/evp/e_des3.c.fips openssl-1.0.1a/crypto/evp/e_des3.c
+--- openssl-1.0.1a/crypto/evp/e_des3.c.fips 2011-05-29 01:01:26.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/e_des3.c 2012-04-20 09:07:06.244785270 +0200
@@ -65,8 +65,6 @@
#include <openssl/des.h>
#include <openssl/rand.h>
@@ -1624,9 +1624,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/e_des3.c.fips openssl-1.0.1-beta3/crypto
}
#endif
-#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/e_null.c.fips openssl-1.0.1-beta3/crypto/evp/e_null.c
---- openssl-1.0.1-beta3/crypto/evp/e_null.c.fips 2011-06-20 22:00:10.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/e_null.c 2012-02-29 10:33:02.785294819 +0100
+diff -up openssl-1.0.1a/crypto/evp/e_null.c.fips openssl-1.0.1a/crypto/evp/e_null.c
+--- openssl-1.0.1a/crypto/evp/e_null.c.fips 2011-06-20 22:00:10.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/e_null.c 2012-04-20 09:07:06.244785270 +0200
@@ -61,8 +61,6 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -1650,9 +1650,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/e_null.c.fips openssl-1.0.1-beta3/crypto
return 1;
}
-#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypto/evp/evp_enc.c
---- openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips 2012-02-10 17:54:56.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/evp_enc.c 2012-02-29 10:33:02.786294827 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp_enc.c.fips openssl-1.0.1a/crypto/evp/evp_enc.c
+--- openssl-1.0.1a/crypto/evp/evp_enc.c.fips 2012-04-19 00:41:50.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/evp_enc.c 2012-04-20 09:08:03.696017043 +0200
@@ -69,17 +69,58 @@
#endif
#include "evp_locl.h"
@@ -1731,17 +1731,18 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
-@@ -169,9 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
ctx->engine = NULL;
#endif
-#ifdef OPENSSL_FIPS
-- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+- if (FIPS_mode())
+- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
-@@ -196,7 +242,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -197,7 +242,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
return 0;
}
}
@@ -1749,17 +1750,18 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
}
else if(!ctx->cipher)
{
-@@ -206,9 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -207,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
-#ifdef OPENSSL_FIPS
-- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+- if (FIPS_mode())
+- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
-@@ -248,6 +290,22 @@ skip_to_init:
+@@ -250,6 +290,22 @@ skip_to_init:
}
}
@@ -1782,7 +1784,7 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
}
-@@ -255,7 +313,6 @@ skip_to_init:
+@@ -257,7 +313,6 @@ skip_to_init:
ctx->final_used=0;
ctx->block_mask=ctx->cipher->block_size-1;
return 1;
@@ -1790,7 +1792,7 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
}
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
+@@ -570,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
{
@@ -1798,7 +1800,7 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
if (c->cipher != NULL)
{
if(c->cipher->cleanup && !c->cipher->cleanup(c))
-@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
+@@ -581,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
}
if (c->cipher_data)
OPENSSL_free(c->cipher_data);
@@ -1815,9 +1817,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.1-beta3/crypt
memset(c,0,sizeof(EVP_CIPHER_CTX));
return 1;
}
-diff -up openssl-1.0.1-beta3/crypto/evp/evp.h.fips openssl-1.0.1-beta3/crypto/evp/evp.h
---- openssl-1.0.1-beta3/crypto/evp/evp.h.fips 2012-02-29 10:33:02.567292944 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/evp.h 2012-02-29 10:33:02.787294835 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp.h.fips openssl-1.0.1a/crypto/evp/evp.h
+--- openssl-1.0.1a/crypto/evp/evp.h.fips 2012-04-20 09:07:05.990779824 +0200
++++ openssl-1.0.1a/crypto/evp/evp.h 2012-04-20 09:07:06.246785312 +0200
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
@@ -1870,9 +1872,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp.h.fips openssl-1.0.1-beta3/crypto/ev
/* Cipher handles any and all padding logic as well
* as finalisation.
*/
-diff -up openssl-1.0.1-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.1-beta3/crypto/evp/evp_lib.c
---- openssl-1.0.1-beta3/crypto/evp/evp_lib.c.fips 2011-05-29 04:32:05.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/evp_lib.c 2012-02-29 10:33:02.787294835 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp_lib.c.fips openssl-1.0.1a/crypto/evp/evp_lib.c
+--- openssl-1.0.1a/crypto/evp/evp_lib.c.fips 2011-05-29 04:32:05.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/evp_lib.c 2012-04-20 09:07:06.246785312 +0200
@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
@@ -1883,9 +1885,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.1-beta3/crypt
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
-diff -up openssl-1.0.1-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.1-beta3/crypto/evp/evp_locl.h
---- openssl-1.0.1-beta3/crypto/evp/evp_locl.h.fips 2012-02-29 10:33:02.558292867 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/evp_locl.h 2012-02-29 10:33:02.787294835 +0100
+diff -up openssl-1.0.1a/crypto/evp/evp_locl.h.fips openssl-1.0.1a/crypto/evp/evp_locl.h
+--- openssl-1.0.1a/crypto/evp/evp_locl.h.fips 2012-04-20 09:07:05.980779609 +0200
++++ openssl-1.0.1a/crypto/evp/evp_locl.h 2012-04-20 09:07:06.247785333 +0200
@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
@@ -1920,9 +1922,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.1-beta3/cryp
#define Camellia_set_key private_Camellia_set_key
#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/Makefile.fips openssl-1.0.1-beta3/crypto/evp/Makefile
---- openssl-1.0.1-beta3/crypto/evp/Makefile.fips 2011-12-27 15:38:27.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/evp/Makefile 2012-02-29 10:33:02.788294844 +0100
+diff -up openssl-1.0.1a/crypto/evp/Makefile.fips openssl-1.0.1a/crypto/evp/Makefile
+--- openssl-1.0.1a/crypto/evp/Makefile.fips 2011-12-27 15:38:27.000000000 +0100
++++ openssl-1.0.1a/crypto/evp/Makefile 2012-04-20 09:07:06.248785354 +0200
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -2738,9 +2740,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/Makefile.fips openssl-1.0.1-beta3/crypto
pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
pmeth_lib.o: ../../include/openssl/objects.h
pmeth_lib.o: ../../include/openssl/opensslconf.h
-diff -up openssl-1.0.1-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.1-beta3/crypto/evp/m_dss1.c
---- openssl-1.0.1-beta3/crypto/evp/m_dss1.c.fips 2011-06-01 17:11:00.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_dss1.c 2012-02-29 10:33:02.788294844 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_dss1.c.fips openssl-1.0.1a/crypto/evp/m_dss1.c
+--- openssl-1.0.1a/crypto/evp/m_dss1.c.fips 2011-06-01 17:11:00.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_dss1.c 2012-04-20 09:07:06.249785376 +0200
@@ -68,8 +68,6 @@
#include <openssl/dsa.h>
#endif
@@ -2764,9 +2766,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.1-beta3/crypto
}
#endif
-#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/m_dss.c.fips openssl-1.0.1-beta3/crypto/evp/m_dss.c
---- openssl-1.0.1-beta3/crypto/evp/m_dss.c.fips 2011-06-01 17:11:00.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_dss.c 2012-02-29 10:33:02.788294844 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_dss.c.fips openssl-1.0.1a/crypto/evp/m_dss.c
+--- openssl-1.0.1a/crypto/evp/m_dss.c.fips 2011-06-01 17:11:00.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_dss.c 2012-04-20 09:07:06.249785376 +0200
@@ -66,7 +66,6 @@
#endif
@@ -2789,9 +2791,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_dss.c.fips openssl-1.0.1-beta3/crypto/
}
#endif
-#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/m_md2.c.fips openssl-1.0.1-beta3/crypto/evp/m_md2.c
---- openssl-1.0.1-beta3/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_md2.c 2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_md2.c.fips openssl-1.0.1a/crypto/evp/m_md2.c
+--- openssl-1.0.1a/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_md2.c 2012-04-20 09:07:06.249785376 +0200
@@ -68,6 +68,7 @@
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
@@ -2800,9 +2802,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_md2.c.fips openssl-1.0.1-beta3/crypto/
static int init(EVP_MD_CTX *ctx)
{ return MD2_Init(ctx->md_data); }
-diff -up openssl-1.0.1-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.1-beta3/crypto/evp/m_sha1.c
---- openssl-1.0.1-beta3/crypto/evp/m_sha1.c.fips 2011-05-29 01:01:26.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/m_sha1.c 2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/m_sha1.c.fips openssl-1.0.1a/crypto/evp/m_sha1.c
+--- openssl-1.0.1a/crypto/evp/m_sha1.c.fips 2011-05-29 01:01:26.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/m_sha1.c 2012-04-20 09:07:06.250785398 +0200
@@ -59,8 +59,6 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -2867,9 +2869,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.1-beta3/crypto
#endif /* ifndef OPENSSL_NO_SHA512 */
-#endif
-diff -up openssl-1.0.1-beta3/crypto/evp/p_sign.c.fips openssl-1.0.1-beta3/crypto/evp/p_sign.c
---- openssl-1.0.1-beta3/crypto/evp/p_sign.c.fips 2011-06-09 18:02:39.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/p_sign.c 2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/p_sign.c.fips openssl-1.0.1a/crypto/evp/p_sign.c
+--- openssl-1.0.1a/crypto/evp/p_sign.c.fips 2011-06-09 18:02:39.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/p_sign.c 2012-04-20 09:07:06.250785398 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2901,9 +2903,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/p_sign.c.fips openssl-1.0.1-beta3/crypto
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
-diff -up openssl-1.0.1-beta3/crypto/evp/p_verify.c.fips openssl-1.0.1-beta3/crypto/evp/p_verify.c
---- openssl-1.0.1-beta3/crypto/evp/p_verify.c.fips 2011-06-09 18:02:39.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/evp/p_verify.c 2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/evp/p_verify.c.fips openssl-1.0.1a/crypto/evp/p_verify.c
+--- openssl-1.0.1a/crypto/evp/p_verify.c.fips 2011-06-09 18:02:39.000000000 +0200
++++ openssl-1.0.1a/crypto/evp/p_verify.c 2012-04-20 09:07:06.250785398 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2935,9 +2937,9 @@ diff -up openssl-1.0.1-beta3/crypto/evp/p_verify.c.fips openssl-1.0.1-beta3/cryp
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
EVP_PKEY_CTX_free(pkctx);
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c.fips 2012-02-29 10:33:02.789294853 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c 2012-02-29 10:33:02.789294853 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c.fips 2012-04-20 09:07:06.251785420 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_aesavs.c 2012-04-20 09:07:06.251785420 +0200
@@ -0,0 +1,939 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -3878,9 +3880,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1-b
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c.fips 2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c 2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c.fips 2012-04-20 09:07:06.252785442 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_cmactest.c 2012-04-20 09:07:06.252785442 +0200
@@ -0,0 +1,517 @@
+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4399,9 +4401,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c.fips 2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c 2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c.fips 2012-04-20 09:07:06.252785442 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_desmovs.c 2012-04-20 09:07:06.252785442 +0200
@@ -0,0 +1,702 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -5105,9 +5107,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1-
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c.fips 2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c 2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c.fips 2012-04-20 09:07:06.253785463 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_dhvs.c 2012-04-20 09:07:06.253785463 +0200
@@ -0,0 +1,292 @@
+/* fips/dh/fips_dhvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5401,9 +5403,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1-bet
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c.fips 2012-02-29 10:33:02.790294862 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c 2012-02-29 10:33:02.790294862 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c.fips 2012-04-20 09:07:06.253785463 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_drbgvs.c 2012-04-20 09:07:06.253785463 +0200
@@ -0,0 +1,416 @@
+/* fips/rand/fips_drbgvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5821,9 +5823,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1-b
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c.fips 2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c 2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c.fips 2012-04-20 09:07:06.254785484 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_dssvs.c 2012-04-20 09:07:06.254785484 +0200
@@ -0,0 +1,537 @@
+#include <openssl/opensslconf.h>
+
@@ -6362,9 +6364,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1-be
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c.fips 2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c 2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c.fips 2012-04-20 09:07:06.254785484 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_gcmtest.c 2012-04-20 09:07:06.254785484 +0200
@@ -0,0 +1,571 @@
+/* fips/aes/fips_gcmtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6937,9 +6939,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1-
+}
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c.fips 2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c 2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c.fips 2012-04-20 09:07:06.255785505 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rngvs.c 2012-04-20 09:07:06.255785505 +0200
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
@@ -7171,9 +7173,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1-be
+ return 0;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c.fips 2012-02-29 10:33:02.791294871 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c 2012-02-29 10:33:02.791294871 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c.fips 2012-04-20 09:07:06.255785505 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rsagtest.c 2012-04-20 09:07:06.255785505 +0200
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7565,9 +7567,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c.fips 2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c 2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c.fips 2012-04-20 09:07:06.256785526 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rsastest.c 2012-04-20 09:07:06.256785526 +0200
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7939,9 +7941,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c.fips 2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c 2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c.fips 2012-04-20 09:07:06.256785526 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_rsavtest.c 2012-04-20 09:07:06.256785526 +0200
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -8320,9 +8322,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c.fips 2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c 2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c.fips 2012-04-20 09:07:06.257785547 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_shatest.c 2012-04-20 09:07:06.257785547 +0200
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -8712,9 +8714,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1-
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h
---- openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h.fips 2012-02-29 10:33:02.792294880 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h 2012-02-29 10:33:02.792294880 +0100
+diff -up openssl-1.0.1a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1a/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.1a/crypto/fips/cavs/fips_utl.h.fips 2012-04-20 09:07:06.257785547 +0200
++++ openssl-1.0.1a/crypto/fips/cavs/fips_utl.h 2012-04-20 09:07:06.257785547 +0200
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -9059,9 +9061,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1-beta
+#endif
+ }
+
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c.fips 2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c 2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_aes_selftest.c.fips 2012-04-20 09:07:06.258785569 +0200
++++ openssl-1.0.1a/crypto/fips/fips_aes_selftest.c 2012-04-20 09:07:06.258785569 +0200
@@ -0,0 +1,359 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9422,9 +9424,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1-
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips.c.fips openssl-1.0.1-beta3/crypto/fips/fips.c
---- openssl-1.0.1-beta3/crypto/fips/fips.c.fips 2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips.c 2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips.c.fips openssl-1.0.1a/crypto/fips/fips.c
+--- openssl-1.0.1a/crypto/fips/fips.c.fips 2012-04-20 09:07:06.258785569 +0200
++++ openssl-1.0.1a/crypto/fips/fips.c 2012-04-20 09:07:06.258785569 +0200
@@ -0,0 +1,489 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9915,9 +9917,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips.c.fips openssl-1.0.1-beta3/crypto/
+
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c.fips 2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c 2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c.fips 2012-04-20 09:07:06.259785591 +0200
++++ openssl-1.0.1a/crypto/fips/fips_cmac_selftest.c 2012-04-20 09:07:06.259785591 +0200
@@ -0,0 +1,161 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -10080,9 +10082,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1
+ return rv;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c.fips 2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c 2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_des_selftest.c.fips 2012-04-20 09:07:06.259785591 +0200
++++ openssl-1.0.1a/crypto/fips/fips_des_selftest.c 2012-04-20 09:07:06.259785591 +0200
@@ -0,0 +1,147 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10231,9 +10233,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1-
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c.fips 2012-02-29 10:33:02.793294889 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c 2012-02-29 10:33:02.793294889 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c.fips 2012-04-20 09:07:06.260785613 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_ctr.c 2012-04-20 09:07:06.260785613 +0200
@@ -0,0 +1,436 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10671,9 +10673,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1-beta
+
+ return 1;
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c.fips 2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c 2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_hash.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_hash.c.fips 2012-04-20 09:07:06.260785613 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_hash.c 2012-04-20 09:07:06.261785635 +0200
@@ -0,0 +1,378 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -11053,9 +11055,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1-bet
+
+ return 1;
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips 2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c 2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c.fips 2012-04-20 09:07:06.261785635 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_hmac.c 2012-04-20 09:07:06.261785635 +0200
@@ -0,0 +1,281 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -11338,9 +11340,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1-bet
+
+ return 1;
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips 2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c 2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_lib.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_lib.c.fips 2012-04-20 09:07:06.262785656 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_lib.c 2012-04-20 09:07:06.262785656 +0200
@@ -0,0 +1,578 @@
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
@@ -11920,9 +11922,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1-beta
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c.fips 2012-02-29 10:33:02.794294898 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c 2012-02-29 10:33:02.794294898 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_rand.c.fips 2012-04-20 09:07:06.263785677 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_rand.c 2012-04-20 09:07:06.263785677 +0200
@@ -0,0 +1,172 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -12096,9 +12098,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1-bet
+ return &rand_drbg_meth;
+ }
+
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c.fips 2012-02-29 10:33:02.795294907 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c 2012-02-29 10:33:02.795294907 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c.fips 2012-04-20 09:07:06.264785698 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_selftest.c 2012-04-20 09:07:06.264785698 +0200
@@ -0,0 +1,862 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -12962,9 +12964,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1
+ return rv;
+ }
+
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h.fips 2012-02-29 10:33:02.796294915 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h 2012-02-29 10:33:02.796294915 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h.fips 2012-04-20 09:07:06.266785740 +0200
++++ openssl-1.0.1a/crypto/fips/fips_drbg_selftest.h 2012-04-20 09:07:06.266785740 +0200
@@ -0,0 +1,2335 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15301,9 +15303,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1
+ 0xc2,0xd6,0xfd,0xa5
+ };
+
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c.fips 2012-02-29 10:33:02.796294915 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c 2012-02-29 10:33:02.796294915 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c.fips 2012-04-20 09:07:06.267785762 +0200
++++ openssl-1.0.1a/crypto/fips/fips_dsa_selftest.c 2012-04-20 09:07:06.267785762 +0200
@@ -0,0 +1,193 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15498,9 +15500,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1-
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_enc.c.fips openssl-1.0.1-beta3/crypto/fips/fips_enc.c
---- openssl-1.0.1-beta3/crypto/fips/fips_enc.c.fips 2012-02-29 10:33:02.796294915 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_enc.c 2012-02-29 10:33:02.796294915 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_enc.c.fips openssl-1.0.1a/crypto/fips/fips_enc.c
+--- openssl-1.0.1a/crypto/fips/fips_enc.c.fips 2012-04-20 09:07:06.267785762 +0200
++++ openssl-1.0.1a/crypto/fips/fips_enc.c 2012-04-20 09:07:06.267785762 +0200
@@ -0,0 +1,191 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -15693,9 +15695,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_enc.c.fips openssl-1.0.1-beta3/cry
+ }
+ }
+
-diff -up openssl-1.0.1-beta3/crypto/fips/fips.h.fips openssl-1.0.1-beta3/crypto/fips/fips.h
---- openssl-1.0.1-beta3/crypto/fips/fips.h.fips 2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips.h 2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips.h.fips openssl-1.0.1a/crypto/fips/fips.h
+--- openssl-1.0.1a/crypto/fips/fips.h.fips 2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips.h 2012-04-20 09:07:06.268785784 +0200
@@ -0,0 +1,279 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -15976,9 +15978,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips.h.fips openssl-1.0.1-beta3/crypto/
+}
+#endif
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c.fips 2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c 2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c.fips 2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips_hmac_selftest.c 2012-04-20 09:07:06.268785784 +0200
@@ -0,0 +1,137 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -16117,9 +16119,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1
+ return 1;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_locl.h.fips openssl-1.0.1-beta3/crypto/fips/fips_locl.h
---- openssl-1.0.1-beta3/crypto/fips/fips_locl.h.fips 2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_locl.h 2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_locl.h.fips openssl-1.0.1a/crypto/fips/fips_locl.h
+--- openssl-1.0.1a/crypto/fips/fips_locl.h.fips 2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips_locl.h 2012-04-20 09:07:06.268785784 +0200
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -16192,9 +16194,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_locl.h.fips openssl-1.0.1-beta3/cr
+}
+#endif
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_md.c.fips openssl-1.0.1-beta3/crypto/fips/fips_md.c
---- openssl-1.0.1-beta3/crypto/fips/fips_md.c.fips 2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_md.c 2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_md.c.fips openssl-1.0.1a/crypto/fips/fips_md.c
+--- openssl-1.0.1a/crypto/fips/fips_md.c.fips 2012-04-20 09:07:06.268785784 +0200
++++ openssl-1.0.1a/crypto/fips/fips_md.c 2012-04-20 09:07:06.268785784 +0200
@@ -0,0 +1,145 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -16341,9 +16343,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_md.c.fips openssl-1.0.1-beta3/cryp
+ return NULL;
+ }
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_post.c.fips openssl-1.0.1-beta3/crypto/fips/fips_post.c
---- openssl-1.0.1-beta3/crypto/fips/fips_post.c.fips 2012-02-29 10:33:02.797294923 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_post.c 2012-02-29 10:33:02.797294923 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_post.c.fips openssl-1.0.1a/crypto/fips/fips_post.c
+--- openssl-1.0.1a/crypto/fips/fips_post.c.fips 2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_post.c 2012-04-20 09:07:06.269785806 +0200
@@ -0,0 +1,205 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -16550,9 +16552,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_post.c.fips openssl-1.0.1-beta3/cr
+ return 1;
+ }
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rand.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rand.c.fips 2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand.c 2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand.c.fips openssl-1.0.1a/crypto/fips/fips_rand.c
+--- openssl-1.0.1a/crypto/fips/fips_rand.c.fips 2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand.c 2012-04-20 09:07:06.269785806 +0200
@@ -0,0 +1,457 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -17011,9 +17013,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.c.fips openssl-1.0.1-beta3/cr
+}
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.h.fips openssl-1.0.1-beta3/crypto/fips/fips_rand.h
---- openssl-1.0.1-beta3/crypto/fips/fips_rand.h.fips 2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand.h 2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand.h.fips openssl-1.0.1a/crypto/fips/fips_rand.h
+--- openssl-1.0.1a/crypto/fips/fips_rand.h.fips 2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand.h 2012-04-20 09:07:06.269785806 +0200
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -17160,9 +17162,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand.h.fips openssl-1.0.1-beta3/cr
+#endif
+#endif
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h.fips 2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h 2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1a/crypto/fips/fips_rand_lcl.h
+--- openssl-1.0.1a/crypto/fips/fips_rand_lcl.h.fips 2012-04-20 09:07:06.269785806 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand_lcl.h 2012-04-20 09:07:06.269785806 +0200
@@ -0,0 +1,219 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -17383,9 +17385,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1-beta
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c.fips 2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c 2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1a/crypto/fips/fips_rand_lib.c
+--- openssl-1.0.1a/crypto/fips/fips_rand_lib.c.fips 2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand_lib.c 2012-04-20 09:07:06.270785828 +0200
@@ -0,0 +1,191 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -17578,9 +17580,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1-beta
+ }
+ return 0;
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c.fips 2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c 2012-02-29 10:33:02.798294931 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_rand_selftest.c.fips 2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rand_selftest.c 2012-04-20 09:07:06.270785828 +0200
@@ -0,0 +1,183 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -17765,9 +17767,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_randtest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_randtest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_randtest.c.fips 2012-02-29 10:33:02.798294931 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_randtest.c 2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_randtest.c.fips openssl-1.0.1a/crypto/fips/fips_randtest.c
+--- openssl-1.0.1a/crypto/fips/fips_randtest.c.fips 2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_randtest.c 2012-04-20 09:07:06.270785828 +0200
@@ -0,0 +1,250 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -18019,9 +18021,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_randtest.c.fips openssl-1.0.1-beta
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c.fips 2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c 2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c.fips 2012-04-20 09:07:06.270785828 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rsa_selftest.c 2012-04-20 09:07:06.270785828 +0200
@@ -0,0 +1,444 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -18467,9 +18469,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1-
+ }
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c.fips 2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c 2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c.fips 2012-04-20 09:07:06.271785849 +0200
++++ openssl-1.0.1a/crypto/fips/fips_rsa_x931g.c 2012-04-20 09:07:06.271785849 +0200
@@ -0,0 +1,282 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -18753,9 +18755,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1-bet
+ return 0;
+
+ }
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c.fips 2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c 2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1a/crypto/fips/fips_sha_selftest.c
+--- openssl-1.0.1a/crypto/fips/fips_sha_selftest.c.fips 2012-04-20 09:07:06.271785849 +0200
++++ openssl-1.0.1a/crypto/fips/fips_sha_selftest.c 2012-04-20 09:07:06.271785849 +0200
@@ -0,0 +1,140 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18897,9 +18899,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1-
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c.fips 2012-02-29 10:33:02.799294939 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c 2012-02-29 10:33:02.799294939 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c.fips 2012-04-20 09:07:06.271785849 +0200
++++ openssl-1.0.1a/crypto/fips/fips_standalone_hmac.c 2012-04-20 09:07:06.271785849 +0200
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -19081,9 +19083,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0
+ }
+
+
-diff -up openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c.fips openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c
---- openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c.fips 2012-02-29 10:33:02.800294947 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c 2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/fips/fips_test_suite.c.fips openssl-1.0.1a/crypto/fips/fips_test_suite.c
+--- openssl-1.0.1a/crypto/fips/fips_test_suite.c.fips 2012-04-20 09:07:06.272785870 +0200
++++ openssl-1.0.1a/crypto/fips/fips_test_suite.c 2012-04-20 09:07:06.272785870 +0200
@@ -0,0 +1,588 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -19673,9 +19675,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_test_suite.c.fips openssl-1.0.1-be
+ }
+
+#endif
-diff -up openssl-1.0.1-beta3/crypto/fips/Makefile.fips openssl-1.0.1-beta3/crypto/fips/Makefile
---- openssl-1.0.1-beta3/crypto/fips/Makefile.fips 2012-02-29 10:33:02.800294947 +0100
-+++ openssl-1.0.1-beta3/crypto/fips/Makefile 2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/fips/Makefile.fips openssl-1.0.1a/crypto/fips/Makefile
+--- openssl-1.0.1a/crypto/fips/Makefile.fips 2012-04-20 09:07:06.272785870 +0200
++++ openssl-1.0.1a/crypto/fips/Makefile 2012-04-20 09:07:06.272785870 +0200
@@ -0,0 +1,340 @@
+#
+# OpenSSL/crypto/fips/Makefile
@@ -20017,9 +20019,9 @@ diff -up openssl-1.0.1-beta3/crypto/fips/Makefile.fips openssl-1.0.1-beta3/crypt
+fips_sha_selftest.o: ../../include/openssl/safestack.h
+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
-diff -up openssl-1.0.1-beta3/crypto/hmac/hmac.c.fips openssl-1.0.1-beta3/crypto/hmac/hmac.c
---- openssl-1.0.1-beta3/crypto/hmac/hmac.c.fips 2011-06-12 17:07:26.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/hmac/hmac.c 2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/hmac/hmac.c.fips openssl-1.0.1a/crypto/hmac/hmac.c
+--- openssl-1.0.1a/crypto/hmac/hmac.c.fips 2011-06-12 17:07:26.000000000 +0200
++++ openssl-1.0.1a/crypto/hmac/hmac.c 2012-04-20 09:07:06.273785891 +0200
@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
return 0;
@@ -20082,9 +20084,9 @@ diff -up openssl-1.0.1-beta3/crypto/hmac/hmac.c.fips openssl-1.0.1-beta3/crypto/
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
-diff -up openssl-1.0.1-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.1-beta3/crypto/md2/md2_dgst.c
---- openssl-1.0.1-beta3/crypto/md2/md2_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/md2/md2_dgst.c 2012-02-29 10:33:02.800294947 +0100
+diff -up openssl-1.0.1a/crypto/md2/md2_dgst.c.fips openssl-1.0.1a/crypto/md2/md2_dgst.c
+--- openssl-1.0.1a/crypto/md2/md2_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
++++ openssl-1.0.1a/crypto/md2/md2_dgst.c 2012-04-20 09:07:06.274785912 +0200
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
@@ -20106,9 +20108,9 @@ diff -up openssl-1.0.1-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.1-beta3/cryp
{
c->num=0;
memset(c->state,0,sizeof c->state);
-diff -up openssl-1.0.1-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.1-beta3/crypto/md4/md4_dgst.c
---- openssl-1.0.1-beta3/crypto/md4/md4_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/md4/md4_dgst.c 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/md4/md4_dgst.c.fips openssl-1.0.1a/crypto/md4/md4_dgst.c
+--- openssl-1.0.1a/crypto/md4/md4_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
++++ openssl-1.0.1a/crypto/md4/md4_dgst.c 2012-04-20 09:07:06.274785912 +0200
@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -20118,9 +20120,9 @@ diff -up openssl-1.0.1-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.1-beta3/cryp
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.1-beta3/crypto/md5/md5_dgst.c
---- openssl-1.0.1-beta3/crypto/md5/md5_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/md5/md5_dgst.c 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/md5/md5_dgst.c.fips openssl-1.0.1a/crypto/md5/md5_dgst.c
+--- openssl-1.0.1a/crypto/md5/md5_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
++++ openssl-1.0.1a/crypto/md5/md5_dgst.c 2012-04-20 09:07:06.274785912 +0200
@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -20130,9 +20132,9 @@ diff -up openssl-1.0.1-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.1-beta3/cryp
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1a/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1a/crypto/mdc2/mdc2dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
++++ openssl-1.0.1a/crypto/mdc2/mdc2dgst.c 2012-04-20 09:07:06.275785934 +0200
@@ -76,7 +76,7 @@
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
@@ -20142,9 +20144,9 @@ diff -up openssl-1.0.1-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1-beta3/cry
{
c->num=0;
c->pad_type=1;
-diff -up openssl-1.0.1-beta3/crypto/o_init.c.fips openssl-1.0.1-beta3/crypto/o_init.c
---- openssl-1.0.1-beta3/crypto/o_init.c.fips 2011-05-26 16:19:19.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/o_init.c 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/o_init.c.fips openssl-1.0.1a/crypto/o_init.c
+--- openssl-1.0.1a/crypto/o_init.c.fips 2011-05-26 16:19:19.000000000 +0200
++++ openssl-1.0.1a/crypto/o_init.c 2012-04-20 09:07:06.275785934 +0200
@@ -55,28 +55,63 @@
#include <e_os.h>
#include <openssl/err.h>
@@ -20213,9 +20215,9 @@ diff -up openssl-1.0.1-beta3/crypto/o_init.c.fips openssl-1.0.1-beta3/crypto/o_i
+ {
+ OPENSSL_init_library();
+ }
-diff -up openssl-1.0.1-beta3/crypto/opensslconf.h.in.fips openssl-1.0.1-beta3/crypto/opensslconf.h.in
---- openssl-1.0.1-beta3/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/opensslconf.h.in 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/opensslconf.h.in.fips openssl-1.0.1a/crypto/opensslconf.h.in
+--- openssl-1.0.1a/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
++++ openssl-1.0.1a/crypto/opensslconf.h.in 2012-04-20 09:07:06.276785956 +0200
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
@@ -20237,9 +20239,9 @@ diff -up openssl-1.0.1-beta3/crypto/opensslconf.h.in.fips openssl-1.0.1-beta3/cr
/* Generate 80386 code? */
#undef I386_ONLY
-diff -up openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c
---- openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1a/crypto/pkcs12/p12_crt.c
+--- openssl-1.0.1a/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
++++ openssl-1.0.1a/crypto/pkcs12/p12_crt.c 2012-04-20 09:07:06.277785978 +0200
@@ -59,6 +59,10 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -20266,9 +20268,9 @@ diff -up openssl-1.0.1-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1-beta3/cr
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
-diff -up openssl-1.0.1-beta3/crypto/rand/md_rand.c.fips openssl-1.0.1-beta3/crypto/rand/md_rand.c
---- openssl-1.0.1-beta3/crypto/rand/md_rand.c.fips 2011-01-26 15:55:23.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rand/md_rand.c 2012-02-29 10:33:02.801294956 +0100
+diff -up openssl-1.0.1a/crypto/rand/md_rand.c.fips openssl-1.0.1a/crypto/rand/md_rand.c
+--- openssl-1.0.1a/crypto/rand/md_rand.c.fips 2011-01-26 15:55:23.000000000 +0100
++++ openssl-1.0.1a/crypto/rand/md_rand.c 2012-04-20 09:07:06.277785978 +0200
@@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
@@ -20281,9 +20283,9 @@ diff -up openssl-1.0.1-beta3/crypto/rand/md_rand.c.fips openssl-1.0.1-beta3/cryp
{
RAND_poll();
initialized = 1;
-diff -up openssl-1.0.1-beta3/crypto/rand/rand.h.fips openssl-1.0.1-beta3/crypto/rand/rand.h
---- openssl-1.0.1-beta3/crypto/rand/rand.h.fips 2012-02-29 10:33:02.283290504 +0100
-+++ openssl-1.0.1-beta3/crypto/rand/rand.h 2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rand/rand.h.fips openssl-1.0.1a/crypto/rand/rand.h
+--- openssl-1.0.1a/crypto/rand/rand.h.fips 2012-04-20 09:07:05.681773198 +0200
++++ openssl-1.0.1a/crypto/rand/rand.h 2012-04-20 09:07:06.278785999 +0200
@@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -20322,9 +20324,9 @@ diff -up openssl-1.0.1-beta3/crypto/rand/rand.h.fips openssl-1.0.1-beta3/crypto/
#ifdef __cplusplus
}
-diff -up openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c 2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1a/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.1a/crypto/ripemd/rmd_dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
++++ openssl-1.0.1a/crypto/ripemd/rmd_dgst.c 2012-04-20 09:07:06.278785999 +0200
@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
# endif
@@ -20334,9 +20336,9 @@ diff -up openssl-1.0.1-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1-beta3/c
{
memset (c,0,sizeof(*c));
c->A=RIPEMD160_A;
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c.fips 2011-06-02 20:22:42.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c 2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1a/crypto/rsa/rsa_crpt.c
+--- openssl-1.0.1a/crypto/rsa/rsa_crpt.c.fips 2011-06-02 20:22:42.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_crpt.c 2012-04-20 09:07:06.279786020 +0200
@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
RSA *rsa, int padding)
{
@@ -20363,9 +20365,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1-beta3/cryp
return -1;
}
#endif
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c.fips 2011-10-19 16:58:59.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c 2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_eay.c.fips openssl-1.0.1a/crypto/rsa/rsa_eay.c
+--- openssl-1.0.1a/crypto/rsa/rsa_eay.c.fips 2011-10-19 16:58:59.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_eay.c 2012-04-20 09:07:06.279786020 +0200
@@ -114,6 +114,10 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -20512,9 +20514,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.1-beta3/crypt
rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
return(1);
}
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_err.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_err.c.fips 2011-10-10 01:13:50.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_err.c 2012-02-29 10:33:02.802294965 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_err.c.fips openssl-1.0.1a/crypto/rsa/rsa_err.c
+--- openssl-1.0.1a/crypto/rsa/rsa_err.c.fips 2011-10-10 01:13:50.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_err.c 2012-04-20 09:07:06.280786041 +0200
@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
@@ -20524,9 +20526,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.1-beta3/crypt
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c.fips 2011-06-09 15:18:07.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c 2012-02-29 10:33:02.803294974 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_gen.c.fips openssl-1.0.1a/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1a/crypto/rsa/rsa_gen.c.fips 2011-06-09 15:18:07.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_gen.c 2012-04-20 09:07:06.281786062 +0200
@@ -69,6 +69,78 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
@@ -20668,9 +20670,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.1-beta3/crypt
ok=1;
err:
if (ok == -1)
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa.h.fips openssl-1.0.1-beta3/crypto/rsa/rsa.h
---- openssl-1.0.1-beta3/crypto/rsa/rsa.h.fips 2012-02-29 10:33:02.577293030 +0100
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa.h 2012-02-29 10:33:02.803294974 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa.h.fips openssl-1.0.1a/crypto/rsa/rsa.h
+--- openssl-1.0.1a/crypto/rsa/rsa.h.fips 2012-04-20 09:07:06.000780038 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa.h 2012-04-20 09:07:06.281786062 +0200
@@ -164,6 +164,8 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
@@ -20755,9 +20757,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa.h.fips openssl-1.0.1-beta3/crypto/rs
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c.fips 2011-06-20 21:41:13.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c 2012-02-29 10:33:02.803294974 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_lib.c.fips openssl-1.0.1a/crypto/rsa/rsa_lib.c
+--- openssl-1.0.1a/crypto/rsa/rsa_lib.c.fips 2011-06-20 21:41:13.000000000 +0200
++++ openssl-1.0.1a/crypto/rsa/rsa_lib.c 2012-04-20 09:07:06.282786083 +0200
@@ -84,6 +84,13 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -20833,9 +20835,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.1-beta3/crypt
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
{
#ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c.fips 2012-02-15 15:14:01.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c 2012-02-29 10:34:56.290320046 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1a/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1a/crypto/rsa/rsa_pmeth.c.fips 2012-02-15 15:14:01.000000000 +0100
++++ openssl-1.0.1a/crypto/rsa/rsa_pmeth.c 2012-04-20 09:07:06.282786083 +0200
@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
RSA_R_INVALID_DIGEST_LENGTH);
return -1;
@@ -20879,9 +20881,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1-beta3/cry
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
-diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c
---- openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c.fips 2012-02-15 15:00:09.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c 2012-02-29 10:37:54.916857424 +0100
+diff -up openssl-1.0.1a/crypto/rsa/rsa_sign.c.fips openssl-1.0.1a/crypto/rsa/rsa_sign.c
+--- openssl-1.0.1a/crypto/rsa/rsa_sign.c.fips 2012-02-15 15:00:09.000000000 +0100
++++ openssl-1.0.1a/crypto/rsa/rsa_sign.c 2012-04-20 09:07:06.283786105 +0200
@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
i2d_X509_SIG(&sig,&p);
s=tmps;
@@ -20913,9 +20915,9 @@ diff -up openssl-1.0.1-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.1-beta3/cryp
if (i <= 0) goto err;
/* Oddball MDC2 case: signature can be OCTET STRING.
-diff -up openssl-1.0.1-beta3/crypto/sha/sha256.c.fips openssl-1.0.1-beta3/crypto/sha/sha256.c
---- openssl-1.0.1-beta3/crypto/sha/sha256.c.fips 2011-06-01 15:39:44.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/sha/sha256.c 2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha256.c.fips openssl-1.0.1a/crypto/sha/sha256.c
+--- openssl-1.0.1a/crypto/sha/sha256.c.fips 2011-06-01 15:39:44.000000000 +0200
++++ openssl-1.0.1a/crypto/sha/sha256.c 2012-04-20 09:07:06.283786105 +0200
@@ -12,12 +12,19 @@
#include <openssl/crypto.h>
@@ -20946,9 +20948,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha256.c.fips openssl-1.0.1-beta3/crypto
memset (c,0,sizeof(*c));
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
-diff -up openssl-1.0.1-beta3/crypto/sha/sha512.c.fips openssl-1.0.1-beta3/crypto/sha/sha512.c
---- openssl-1.0.1-beta3/crypto/sha/sha512.c.fips 2011-11-14 21:58:01.000000000 +0100
-+++ openssl-1.0.1-beta3/crypto/sha/sha512.c 2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha512.c.fips openssl-1.0.1a/crypto/sha/sha512.c
+--- openssl-1.0.1a/crypto/sha/sha512.c.fips 2011-11-14 21:58:01.000000000 +0100
++++ openssl-1.0.1a/crypto/sha/sha512.c 2012-04-20 09:07:06.284786127 +0200
@@ -5,6 +5,10 @@
* ====================================================================
*/
@@ -20980,9 +20982,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha512.c.fips openssl-1.0.1-beta3/crypto
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.1-beta3/crypto/sha/sha.h.fips openssl-1.0.1-beta3/crypto/sha/sha.h
---- openssl-1.0.1-beta3/crypto/sha/sha.h.fips 2012-02-29 10:33:02.108288997 +0100
-+++ openssl-1.0.1-beta3/crypto/sha/sha.h 2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha.h.fips openssl-1.0.1a/crypto/sha/sha.h
+--- openssl-1.0.1a/crypto/sha/sha.h.fips 2012-04-20 09:07:05.493769168 +0200
++++ openssl-1.0.1a/crypto/sha/sha.h 2012-04-20 09:07:06.285786149 +0200
@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
void SHA_Transform(SHA_CTX *c, const unsigned char *data);
#endif
@@ -21015,9 +21017,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha.h.fips openssl-1.0.1-beta3/crypto/sh
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.1-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.1-beta3/crypto/sha/sha_locl.h
---- openssl-1.0.1-beta3/crypto/sha/sha_locl.h.fips 2012-02-29 10:33:02.114289051 +0100
-+++ openssl-1.0.1-beta3/crypto/sha/sha_locl.h 2012-02-29 10:33:02.804294983 +0100
+diff -up openssl-1.0.1a/crypto/sha/sha_locl.h.fips openssl-1.0.1a/crypto/sha/sha_locl.h
+--- openssl-1.0.1a/crypto/sha/sha_locl.h.fips 2012-04-20 09:07:05.499769296 +0200
++++ openssl-1.0.1a/crypto/sha/sha_locl.h 2012-04-20 09:07:06.285786149 +0200
@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
#define INIT_DATA_h4 0xc3d2e1f0UL
@@ -21034,9 +21036,9 @@ diff -up openssl-1.0.1-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.1-beta3/cryp
memset (c,0,sizeof(*c));
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
-diff -up openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c
---- openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c.fips 2011-06-01 15:39:45.000000000 +0200
-+++ openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c 2012-02-29 10:33:02.805294992 +0100
+diff -up openssl-1.0.1a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1a/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.1a/crypto/whrlpool/wp_dgst.c.fips 2011-06-01 15:39:45.000000000 +0200
++++ openssl-1.0.1a/crypto/whrlpool/wp_dgst.c 2012-04-20 09:07:06.286786171 +0200
@@ -55,7 +55,7 @@
#include <openssl/crypto.h>
#include <string.h>
@@ -21046,9 +21048,9 @@ diff -up openssl-1.0.1-beta3/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1-beta3/
{
memset (c,0,sizeof(*c));
return(1);
-diff -up openssl-1.0.1-beta3/Makefile.org.fips openssl-1.0.1-beta3/Makefile.org
---- openssl-1.0.1-beta3/Makefile.org.fips 2012-02-29 10:33:02.746294484 +0100
-+++ openssl-1.0.1-beta3/Makefile.org 2012-02-29 10:33:02.805294992 +0100
+diff -up openssl-1.0.1a/Makefile.org.fips openssl-1.0.1a/Makefile.org
+--- openssl-1.0.1a/Makefile.org.fips 2012-04-20 09:07:06.199784304 +0200
++++ openssl-1.0.1a/Makefile.org 2012-04-20 09:07:06.286786171 +0200
@@ -136,6 +136,9 @@ FIPSCANLIB=
BASEADDR=
@@ -21076,9 +21078,9 @@ diff -up openssl-1.0.1-beta3/Makefile.org.fips openssl-1.0.1-beta3/Makefile.org
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.1-beta3/ssl/ssl_algs.c.fips openssl-1.0.1-beta3/ssl/ssl_algs.c
---- openssl-1.0.1-beta3/ssl/ssl_algs.c.fips 2012-01-15 14:42:50.000000000 +0100
-+++ openssl-1.0.1-beta3/ssl/ssl_algs.c 2012-02-29 10:33:02.805294992 +0100
+diff -up openssl-1.0.1a/ssl/ssl_algs.c.fips openssl-1.0.1a/ssl/ssl_algs.c
+--- openssl-1.0.1a/ssl/ssl_algs.c.fips 2012-01-15 14:42:50.000000000 +0100
++++ openssl-1.0.1a/ssl/ssl_algs.c 2012-04-20 09:07:06.287786192 +0200
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
diff --git a/openssl.spec b/openssl.spec
index d821b7e..7893312 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -20,8 +20,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.1
-Release: 3%{?dist}
+Version: 1.0.1a
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -43,7 +43,6 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch
# Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch
-Patch24: openssl-1.0.1-beta3-s390xbuild.patch
# Functionality changes
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
@@ -51,10 +50,10 @@ Patch35: openssl-0.9.8j-version-add-engines.patch
Patch36: openssl-1.0.0e-doc-noeof.patch
Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
Patch39: openssl-1.0.1-beta2-ipv6-apps.patch
-Patch40: openssl-1.0.1-beta3-fips.patch
+Patch40: openssl-1.0.1a-fips.patch
Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
-Patch49: openssl-1.0.0-beta4-algo-doc.patch
+Patch49: openssl-1.0.1a-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
Patch51: openssl-1.0.1-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch
@@ -65,7 +64,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch
Patch66: openssl-1.0.1-pkgconfig-krb5.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
-Patch82: openssl-1.0.1-backport.patch
+Patch82: openssl-1.0.1a-backport.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -142,7 +141,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch7 -p1 -b .timezone
%patch23 -p1 -b .default-paths
-%patch24 -p1 -b .s390xbuild
%patch33 -p1 -b .ca-dir
%patch34 -p1 -b .x509
@@ -165,6 +163,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .backport
+
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -419,6 +418,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Fri Apr 20 2012 Tomas Mraz <tmraz at redhat.com> 1.0.1a-1
+- new upstream version fixing CVE-2012-2110
+
* Wed Apr 11 2012 Tomas Mraz <tmraz at redhat.com> 1.0.1-3
- add Kerberos 5 libraries to pkgconfig for static linking (#807050)
diff --git a/sources b/sources
index 39eb7fd..1eb7727 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7df6ebc8dfe463b7af7ce4c4b86341e2 openssl-1.0.1-usa.tar.xz
+21a3b8bee1fdb7e60ca2e4aa50529f81 openssl-1.0.1a-usa.tar.xz
More information about the scm-commits
mailing list