The package rpms/compat-openssl10.git has added or updated architecture specific content
in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/compat-openssl10.git/commit/?id=2....
Change:
-%ifarch riscv64
Thanks.
Full change:
============
commit 20b065d97b6c20cbe4762a4711fb3e9e0dc32a07
Author: Gwyn Ciesla <gwync(a)protonmail.com>
Date: Wed Sep 16 14:32:42 2020 -0500
Retired due to security issues and general obsolescence
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 0c6f505..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-.build*.log
-clog
-000*.patch
-*.src.rpm
-*.tar.xz
diff --git a/CVE-2018-0732.patch b/CVE-2018-0732.patch
deleted file mode 100644
index 1ac02f3..0000000
--- a/CVE-2018-0732.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- openssl-1.0.2o/crypto/dh/dh_key.c~ 2019-09-10 13:06:55.000000000 -0500
-+++ openssl-1.0.2o/crypto/dh/dh_key.c 2019-09-10 13:07:57.930725903 -0500
-@@ -133,10 +133,15 @@
- int ok = 0;
- int generate_new_key = 0;
- unsigned l;
-- BN_CTX *ctx;
-+ BN_CTX *ctx = NULL;
- BN_MONT_CTX *mont = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+ return 0;
-+ }
-+
- #ifdef OPENSSL_FIPS
- if (FIPS_mode()
- && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
diff --git a/CVE-2018-0734.patch b/CVE-2018-0734.patch
deleted file mode 100644
index 4474e64..0000000
--- a/CVE-2018-0734.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 43e6a58d4991a451daf4891ff05a48735df871ac Mon Sep 17 00:00:00 2001
-From: Pauli <paul.dale(a)oracle.com>
-Date: Mon, 29 Oct 2018 08:24:22 +1000
-Subject: [PATCH] Merge DSA reallocation timing fix CVE-2018-0734.
-
-Reviewed-by: Richard Levitte <levitte(a)openssl.org>
-(Merged from
https://github.com/openssl/openssl/pull/7513)
----
- crypto/dsa/dsa_ossl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index 2dcfedeeee7..100e2692681 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- goto err;
-
- /* Preallocate space */
-- q_bits = BN_num_bits(dsa->q);
-+ q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16;
- if (!BN_set_bit(&k, q_bits)
- || !BN_set_bit(&l, q_bits)
- || !BN_set_bit(&m, q_bits))
diff --git a/CVE-2018-0737.patch b/CVE-2018-0737.patch
deleted file mode 100644
index 162dc3d..0000000
--- a/CVE-2018-0737.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
-From: Billy Brumley <bbrumley(a)gmail.com>
-Date: Wed, 11 Apr 2018 10:10:58 +0300
-Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
- both get called with BN_FLG_CONSTTIME flag set.
-
-CVE-2018-0737
-
-Reviewed-by: Rich Salz <rsalz(a)openssl.org>
-Reviewed-by: Matt Caswell <matt(a)openssl.org>
-(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
----
- crypto/rsa/rsa_gen.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index 9ca5dfefb70..42b89a8dfaa 100644
---- a/crypto/rsa/rsa_gen.c
-+++ b/crypto/rsa/rsa_gen.c
-@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
- if (BN_copy(rsa->e, e_value) == NULL)
- goto err;
-
-+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
- BN_set_flags(r2, BN_FLG_CONSTTIME);
- /* generate p and q */
- for (;;) {
diff --git a/CVE-2019-1552.patch b/CVE-2019-1552.patch
deleted file mode 100644
index cb8eca9..0000000
--- a/CVE-2019-1552.patch
+++ /dev/null
@@ -1,187 +0,0 @@
-From d333ebaf9c77332754a9d5e111e2f53e1de54fdd Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte(a)openssl.org>
-Date: Thu, 25 Jul 2019 12:21:33 +0200
-Subject: [PATCH] Document issue with default installation paths on diverse
- Windows targets
-
-For all config targets (except VMS, because it has a completely different
-set of scripts), '/usr/local/ssl' is the default prefix for installation
-of programs and libraries, as well as the path for OpenSSL run-time
-configuration.
-
-For programs built to run in a Windows environment, this default is
-unsafe, and the user should set a different prefix. This has been hinted
-at in some documentation but not all, and the danger of leaving the
-default as is hasn't been documented at all.
-
-This change documents the issue as a caveat lector, and all configuration
-examples now include an example --prefix.
-
-CVE-2019-1552
-
-Reviewed-by: Matt Caswell <matt(a)openssl.org>
-(Merged from
https://github.com/openssl/openssl/pull/9456)
----
- CHANGES | 7 ++++++-
- INSTALL.DJGPP | 14 ++++++++++++--
- INSTALL.W32 | 24 +++++++++++++++++++++---
- INSTALL.W64 | 12 ++++++++++--
- INSTALL.WCE | 13 ++++++++++++-
- 5 files changed, 61 insertions(+), 9 deletions(-)
-
-diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP
-index 1047ec90a57..ecbf4934e91 100644
---- a/INSTALL.DJGPP
-+++ b/INSTALL.DJGPP
-@@ -33,8 +33,18 @@
- running in a DOS box under Windows. If so, just close the BASH
- shell, go back to Windows, and restart BASH. Then run "make" again.
-
-- RUN-TIME CAVEAT LECTOR
-- --------------
-+ CAVEAT LECTOR
-+ -------------
-+
-+ ### Default install and config paths
-+
-+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
-+ suitable for Unix, but not for Windows, where this usually is a world
-+ writable directory and therefore accessible for change by untrusted users.
-+ It is therefore recommended to set your own --prefix or --openssldir to
-+ some location that is not world writeable (see the example above)
-+
-+ ### Entropy
-
- Quoting FAQ:
-
-diff --git a/INSTALL.W32 b/INSTALL.W32
-index bd10187c322..b97a3d0c7a3 100644
---- a/INSTALL.W32
-+++ b/INSTALL.W32
-@@ -34,6 +34,17 @@
- get it all to work. See the trouble shooting section later on for if (when?)
- it goes wrong.
-
-+ CAVEAT LECTOR
-+ -------------
-+
-+ ### Default install and config paths
-+
-+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
-+ suitable for Unix, but not for Windows, where this usually is a world
-+ writable directory and therefore accessible for change by untrusted users.
-+ It is therefore recommended to set your own --prefix or --openssldir to
-+ some location that is not world writeable (see the example above)
-+
- Visual C++
- ----------
-
-@@ -104,7 +115,7 @@
- ---------------------
-
- * Configure for building with Borland Builder:
-- > perl Configure BC-32
-+ > perl Configure BC-32 --prefix=c:\some\openssl\dir
-
- * Create the appropriate makefile
- > ms\do_nasm
-@@ -196,7 +207,7 @@
-
- * Compile OpenSSL:
-
-- $ ./config
-+ $ ./config --prefix=c:/some/openssl/dir
- [...]
- $ make
- [...]
-@@ -206,7 +217,11 @@
- and openssl.exe application in apps directory.
-
- It is also possible to cross-compile it on Linux by configuring
-- with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
-+ like this:
-+
-+ $ ./Configure --cross-compile-prefix=i386-mingw32- \
-+ --prefix=c:/some/openssl/dir mingw ...
-+
- 'make test' is naturally not applicable then.
-
- libcrypto.a and libssl.a are the static libraries. To use the DLLs,
-@@ -240,6 +255,9 @@
- $ copy /b out32dll\libeay32.dll c:\openssl\bin
- $ copy /b out32dll\openssl.exe c:\openssl\bin
-
-+ ("c:\openssl" should be whatever you specified to --prefix when
-+ configuring the build)
-+
- Of course, you can choose another device than c:. C: is used here
- because that's usually the first (and often only) harddisk device.
- Note: in the modssl INSTALL.Win32, p: is used rather than c:.
-diff --git a/INSTALL.W64 b/INSTALL.W64
-index 9fa7a192056..3f5bf80f865 100644
---- a/INSTALL.W64
-+++ b/INSTALL.W64
-@@ -30,6 +30,14 @@
- Neither of these is actually big deal and hardly encountered
- in real-life applications.
-
-+ ### Default install and config paths
-+
-+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
-+ suitable for Unix, but not for Windows, where this usually is a world
-+ writable directory and therefore accessible for change by untrusted users.
-+ It is therefore recommended to set your own --prefix or --openssldir to
-+ some location that is not world writeable (see the example above)
-+
- Compiling procedure
- -------------------
-
-@@ -43,7 +51,7 @@
-
- To build for Win64/x64:
-
-- > perl Configure VC-WIN64A
-+ > perl Configure VC-WIN64A --prefix=c:\some\openssl\dir
- > ms\do_win64a
- > nmake -f ms\ntdll.mak
- > cd out32dll
-@@ -51,7 +59,7 @@
-
- To build for Win64/IA64:
-
-- > perl Configure VC-WIN64I
-+ > perl Configure VC-WIN64I --prefix=c:\some\openssl\dir
- > ms\do_win64i
- > nmake -f ms\ntdll.mak
- > cd out32dll
-diff --git a/INSTALL.WCE b/INSTALL.WCE
-index d78c61afa88..490685d70fa 100644
---- a/INSTALL.WCE
-+++ b/INSTALL.WCE
-@@ -35,6 +35,17 @@
- redirects IO to active sync link, while PortSDK - to NT-like console
- driver on the handheld itself.
-
-+ CAVEAT LECTOR
-+ -------------
-+
-+ ### Default install and config paths
-+
-+ ./Configure defaults to '/usr/local/ssl' as installation top. This is
-+ suitable for Unix, but not for Windows, where this usually is a world
-+ writable directory and therefore accessible for change by untrusted users.
-+ It is therefore recommended to set your own --prefix or --openssldir to
-+ some location that is not world writeable (see the example above)
-+
- Building
- --------
-
-@@ -61,7 +72,7 @@
-
- Next you should run Configure:
-
-- > perl Configure VC-CE
-+ > perl Configure VC-CE --prefix=c:\some\openssl\dir
-
- Next you need to build the Makefiles:
-
diff --git a/CVE-2019-1559.patch b/CVE-2019-1559.patch
deleted file mode 100644
index f1b7ed8..0000000
--- a/CVE-2019-1559.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt(a)openssl.org>
-Date: Fri, 14 Dec 2018 07:28:30 +0000
-Subject: [PATCH] Go into the error state if a fatal alert is sent or received
-
-If an application calls SSL_shutdown after a fatal alert has occured and
-then behaves different based on error codes from that function then the
-application may be vulnerable to a padding oracle.
-
-CVE-2019-1559
-
-Reviewed-by: Richard Levitte <levitte(a)openssl.org>
----
- ssl/d1_pkt.c | 1 +
- ssl/s3_pkt.c | 10 +++++++---
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
-index 23aa9dbce48..c7fe97727bf 100644
---- a/ssl/d1_pkt.c
-+++ b/ssl/d1_pkt.c
-@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len,
int peek)
- ERR_add_error_data(2, "SSL alert number ", tmp);
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->session_ctx, s->session);
-+ s->state = SSL_ST_ERR;
- return (0);
- } else {
- al = SSL_AD_ILLEGAL_PARAMETER;
-diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index 6527df8ce22..830b7237a2f 100644
---- a/ssl/s3_pkt.c
-+++ b/ssl/s3_pkt.c
-@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len,
int peek)
- ERR_add_error_data(2, "SSL alert number ", tmp);
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->session_ctx, s->session);
-+ s->state = SSL_ST_ERR;
- return (0);
- } else {
- al = SSL_AD_ILLEGAL_PARAMETER;
-@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
- * protocol_version alerts */
- if (desc < 0)
- return -1;
-- /* If a fatal one, remove from cache */
-- if ((level == 2) && (s->session != NULL))
-- SSL_CTX_remove_session(s->session_ctx, s->session);
-+ /* If a fatal one, remove from cache and go into the error state */
-+ if (level == SSL3_AL_FATAL) {
-+ if (s->session != NULL)
-+ SSL_CTX_remove_session(s->session_ctx, s->session);
-+ s->state = SSL_ST_ERR;
-+ }
-
- s->s3->alert_dispatch = 1;
- s->s3->send_alert[0] = level;
diff --git a/Makefile.certificate b/Makefile.certificate
deleted file mode 100644
index cc88c52..0000000
--- a/Makefile.certificate
+++ /dev/null
@@ -1,82 +0,0 @@
-UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
-DAYS=365
-KEYLEN=2048
-TYPE=rsa:$(KEYLEN)
-EXTRA_FLAGS=
-ifdef SERIAL
- EXTRA_FLAGS+=-set_serial $(SERIAL)
-endif
-
-.PHONY: usage
-.SUFFIXES: .key .csr .crt .pem
-.PRECIOUS: %.key %.csr %.crt %.pem
-
-usage:
- @echo "This makefile allows you to create:"
- @echo " o public/private key pairs"
- @echo " o SSL certificate signing requests (CSRs)"
- @echo " o self-signed SSL test certificates"
- @echo
- @echo "To create a key pair, run \"make SOMETHING.key\"."
- @echo "To create a CSR, run \"make SOMETHING.csr\"."
- @echo "To create a test certificate, run \"make SOMETHING.crt\"."
- @echo "To create a key and a test certificate in one file, run \"make
SOMETHING.pem\"."
- @echo
- @echo "To create a key for use with Apache, run \"make genkey\"."
- @echo "To create a CSR for use with Apache, run \"make certreq\"."
- @echo "To create a test certificate for use with Apache, run \"make
testcert\"."
- @echo
- @echo "To create a test certificate with serial number other than random, add
SERIAL=num"
- @echo "You can also specify key length with KEYLEN=n and expiration in days with
DAYS=n"
- @echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
- @echo
- @echo Examples:
- @echo " make server.key"
- @echo " make server.csr"
- @echo " make server.crt"
- @echo " make stunnel.pem"
- @echo " make genkey"
- @echo " make certreq"
- @echo " make testcert"
- @echo " make server.crt SERIAL=1"
- @echo " make stunnel.pem EXTRA_FLAGS=-sha384"
- @echo " make testcert DAYS=600"
-
-%.pem:
- umask 77 ; \
- PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- /usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS)
-out $$PEM2 $(EXTRA_FLAGS) ; \
- cat $$PEM1 > $@ ; \
- echo "" >> $@ ; \
- cat $$PEM2 >> $@ ; \
- $(RM) $$PEM1 $$PEM2
-
-%.key:
- umask 77 ; \
- /usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
-
-%.csr: %.key
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $^ -out $@
-
-%.crt: %.key
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
-
-TLSROOT=/etc/pki/tls
-KEY=$(TLSROOT)/private/localhost.key
-CSR=$(TLSROOT)/certs/localhost.csr
-CRT=$(TLSROOT)/certs/localhost.crt
-
-genkey: $(KEY)
-certreq: $(CSR)
-testcert: $(CRT)
-
-$(CSR): $(KEY)
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
-
-$(CRT): $(KEY)
- umask 77 ; \
- /usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT)
$(EXTRA_FLAGS)
diff --git a/README.FIPS b/README.FIPS
deleted file mode 100644
index 74a80b9..0000000
--- a/README.FIPS
+++ /dev/null
@@ -1,75 +0,0 @@
-User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
-=================================================================
-
-This package contains libraries which comprise the FIPS 140-2
-Red Hat Enterprise Linux - OPENSSL Module.
-
-The module files
-================
-/usr/lib[64]/libcrypto.so.1.0.1e
-/usr/lib[64]/libssl.so.1.0.1e
-/usr/lib[64]/.libcrypto.so.1.0.1e.hmac
-/usr/lib[64]/.libssl.so.1.0.1e.hmac
-
-Dependencies
-============
-
-The approved mode of operation requires kernel with /dev/urandom RNG running
-with properties as defined in the security policy of the module. This is
-provided by kernel packages with validated Red Hat Enterprise Linux - IPSec
-Crytographic Module.
-
-Installation
-============
-
-The RPM package of the module can be installed by standard tools recommended
-for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
-rpm, RHN remote management tool).
-
-For proper operation of the in-module integrity verification the prelink has to
-be disabled. This can be done with setting PRELINKING=no in the
-/etc/sysconfig/prelink configuration file. If the libraries were already
-prelinked the prelink should be undone on all the system files with the
-'prelink -u -a' command.
-
-Usage and API
-=============
-
-The module respects kernel command line FIPS setting. If the kernel command
-line contains option fips=1 the module will initialize in the FIPS approved
-mode of operation automatically. To allow for the automatic initialization the
-application using the module has to call one of the following API calls:
-
-- void OPENSSL_init_library(void) - this will do only a basic initialization
-of the library and does initialization of the FIPS approved mode without setting
-up EVP API with supported algorithms.
-
-- void OPENSSL_add_all_algorithms(void) - this API function calls
-OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API
-in the approved mode
-
-- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also
-adds algorithms which are necessary for TLS protocol support and initializes
-the SSL library.
-
-To explicitely put the library to the approved mode the application can call
-the following function:
-
-- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch
-the library from the non-approved to the approved mode. If any of the selftests
-and integrity verification tests fail, the library is put into the error state
-and 0 is returned. If they succeed the return value is 1.
-
-To query the module whether it is in the approved mode or not:
-
-- int FIPS_mode(void) - returns 1 if the module is in the approved mode,
-0 otherwise.
-
-To query whether the module is in the error state:
-
-- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
-state, 0 otherwise.
-
-To zeroize the FIPS RNG key and internal state the application calls:
-
-- void RAND_cleanup(void)
diff --git a/README.legacy-settings b/README.legacy-settings
deleted file mode 100644
index cf7068e..0000000
--- a/README.legacy-settings
+++ /dev/null
@@ -1,53 +0,0 @@
-Guide for legacy support enablement
-===================================
-
-To improve security provided by use of OpenSSL especially in context of
-TLS connections we regularly review and deprecate algorithms and algorithm
-settings which are no longer viewed as secure.
-
-For some of these deprecated algorithms we provide a way for the
-system administrator to reenable them.
-
-Deprecated algorithms, protocols and settings in OpenSSL
-========================================================
-
-Previous Red Hat Enterprise Linux 7 update releases:
-
-* SSL2 protocol disabled by default.
-* Minimum DH group size accepted by SSL/TLS client 768 bits.
-* Verification of certificates and signatures using MD5 hash
- disabled.
-
-Red Hat Enterprise Linux 7.4:
-
-* SSL2 protocol support completely disabled (cannot be re-enabled).
-* All SSL/TLS export ciphers disabled.
-* All SSL/TLS ciphersuites with keys smaller than 128 bits disabled.
-* Minimum DH group size accepted by SSL/TLS client 1024 bits.
-* Disabled support for verification of certificates and signatures
- using MD2, MD4, MD5, and SHA0 hashes.
-
-Legacy support enablement
-=========================
-
-The OpenSSL now supports /etc/pki/tls/legacy-settings configuration file
-which can be created by the system administrator which contains lines with
-simple Key Value pairs.
-
-The library recognizes the following possible configuration settings in
-that file:
-
-LegacySigningMDs md2 md5
-MinimumDHBits 512
-
-The LegacySigningMDs option allows reenabling support for verification of
-signatures with the specified hash algorithms. These can be any combination
-of md2, md4, md5 and sha. (sha represents SHA0 algorithm, not SHA1.) Any
-unrecognized algorithms are ignored.
-
-The MinimumDHBits option allows setting of the minimum bit size of DH group
-accepted by SSL/TLS client. It can be any value between 512 and 10000.
-
-If the configuration file is not present the built-in defaults (that is the
-secure defaults) are used. Any unrecognized lines (with other parameter
-names or comments) are ignored.
diff --git a/compat-openssl10.spec b/compat-openssl10.spec
deleted file mode 100644
index 1555cbb..0000000
--- a/compat-openssl10.spec
+++ /dev/null
@@ -1,506 +0,0 @@
-# For the curious:
-# 0.9.5a soversion = 0
-# 0.9.6 soversion = 1
-# 0.9.6a soversion = 2
-# 0.9.6c soversion = 3
-# 0.9.7a soversion = 4
-# 0.9.7ef soversion = 5
-# 0.9.8ab soversion = 6
-# 0.9.8g soversion = 7
-# 0.9.8jk + EAP-FAST soversion = 8
-# 1.0.0 soversion = 10
-%global soversion 10
-# Number of threads to spawn when testing some threading fixes.
-%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
-
-# Arches on which we need to prevent arch conflicts on opensslconf.h, must
-# also be handled in opensslconf-new.h.
-%global multilib_arches %{ix86} ia64 %{mips} ppc %{power64} s390 s390x sparcv9 sparc64
x86_64
-
-%global _performance_build 1
-
-Summary: Compatibility version of the OpenSSL library
-Name: compat-openssl10
-Version: 1.0.2o
-Release: 12%{?dist}
-Epoch: 1
-# We have to remove certain patented algorithms from the openssl source
-# tarball with the hobble-openssl script which is included below.
-# The original openssl upstream tarball cannot be shipped in the .src.rpm.
-Source: openssl-%{version}-hobbled.tar.xz
-Source1: hobble-openssl
-Source2: Makefile.certificate
-Source5: README.legacy-settings
-Source6: make-dummy-cert
-Source7: renew-dummy-cert
-Source8: openssl-thread-test.c
-Source9: opensslconf-new.h
-Source10: opensslconf-new-warning.h
-Source11: README.FIPS
-Source12: ec_curve.c
-Source13: ectest.c
-# Build changes
-Patch1: openssl-1.0.2e-rpmbuild.patch
-Patch2: openssl-1.0.2a-defaults.patch
-Patch4: openssl-1.0.2i-enginesdir.patch
-Patch5: openssl-1.0.2a-no-rpath.patch
-Patch6: openssl-1.0.2o-test-use-localhost.patch
-Patch7: openssl-1.0.0-timezone.patch
-Patch8: openssl-1.0.1c-perlfind.patch
-Patch9: openssl-1.0.1c-aliasing.patch
-Patch10: openssl-1.0.2o-conf-10.patch
-# Bug fixes
-Patch23: openssl-1.0.2c-default-paths.patch
-Patch24: openssl-1.0.2a-issuer-hash.patch
-# Functionality changes
-Patch33: openssl-1.0.0-beta4-ca-dir.patch
-Patch34: openssl-1.0.2a-x509.patch
-Patch35: openssl-1.0.2a-version-add-engines.patch
-Patch39: openssl-1.0.2o-ipv6-apps.patch
-Patch40: openssl-1.0.2o-fips.patch
-Patch45: openssl-1.0.2a-env-zlib.patch
-Patch47: openssl-1.0.2a-readme-warning.patch
-Patch49: openssl-1.0.1i-algo-doc.patch
-Patch50: openssl-1.0.2a-dtls1-abi.patch
-Patch51: openssl-1.0.2a-version.patch
-Patch56: openssl-1.0.2a-rsa-x931.patch
-Patch58: openssl-1.0.2a-fips-md5-allow.patch
-Patch60: openssl-1.0.2a-apps-dgst.patch
-Patch63: openssl-1.0.2a-xmpp-starttls.patch
-Patch65: openssl-1.0.2i-chil-fixes.patch
-Patch66: openssl-1.0.2h-pkgconfig.patch
-Patch68: openssl-1.0.2m-secure-getenv.patch
-Patch70: openssl-1.0.2a-fips-ec.patch
-Patch71: openssl-1.0.2m-manfix.patch
-Patch72: openssl-1.0.2a-fips-ctor.patch
-Patch73: openssl-1.0.2c-ecc-suiteb.patch
-Patch74: openssl-1.0.2j-deprecate-algos.patch
-Patch75: openssl-1.0.2a-compat-symbols.patch
-Patch76: openssl-1.0.2o-new-fips-reqs.patch
-Patch77: openssl-1.0.2j-downgrade-strength.patch
-Patch78: openssl-1.0.2o-cc-reqs.patch
-Patch90: openssl-1.0.2i-enc-fail.patch
-Patch92: openssl-1.0.2o-system-cipherlist.patch
-Patch93: openssl-1.0.2g-disable-sslv2v3.patch
-Patch94: openssl-1.0.2d-secp256k1.patch
-Patch95: openssl-1.0.2e-remove-nistp224.patch
-Patch96: openssl-1.0.2e-speed-doc.patch
-Patch97: openssl-1.0.2j-nokrb5-abi.patch
-Patch98: openssl-1.0.2k-long-hello.patch
-Patch99: openssl-1.0.2k-fips-randlock.patch
-# Backported fixes including security fixes
-Patch80: openssl-1.0.2o-wrap-pad.patch
-Patch81: openssl-1.0.2a-padlock64.patch
-Patch82: openssl-1.0.2m-trusted-first-doc.patch
-Patch83: CVE-2018-0737.patch
-Patch84: CVE-2018-0732.patch
-Patch85: CVE-2018-0734.patch
-Patch86: CVE-2019-1552.patch
-Patch87: CVE-2019-1559.patch
-Patch88: openssl-symver.patch
-
-License: OpenSSL
-URL:
http://www.openssl.org/
-BuildRequires: gcc
-BuildRequires: coreutils, perl-interpreter, perl-generators, sed, zlib-devel,
/usr/bin/cmp
-BuildRequires: perl-File-Find-Rule, perl-File-Compare
-BuildRequires: lksctp-tools-devel
-BuildRequires: /usr/bin/rename
-BuildRequires: /usr/bin/pod2man
-BuildRequires: perl-FileHandle
-Requires: coreutils, make
-Requires: crypto-policies
-Conflicts: openssl < 1:1.1.0, openssl-libs < 1:1.1.0
-
-%description
-The OpenSSL toolkit provides support for secure communications between
-machines. This version of OpenSSL package contains only the libraries
-and is provided for compatibility with previous releases and software
-that does not support compilation with OpenSSL-1.1.
-
-
-%package devel
-Summary: Files for development of applications which have to use OpenSSL-1.0.2
-Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
-Requires: zlib-devel%{?_isa}
-Requires: pkgconfig
-# The devel subpackage intentionally conflicts with main openssl-devel
-# as simultaneous use of both openssl package cannot be encouraged.
-# Making the packages non-conflicting would also require further
-# changes in the dependent packages.
-Conflicts: openssl-devel
-
-%description devel
-The OpenSSL toolkit provides support for secure communications between
-machines. This version of OpenSSL package contains only the libraries
-and is provided for compatibility with previous releases and software
-that does not support compilation with OpenSSL-1.1. This package
-contains include files needed to develop applications which
-support various cryptographic algorithms and protocols.
-
-%prep
-%setup -q -n openssl-%{version}
-
-# The hobble_openssl is called here redundantly, just to be sure.
-# The tarball has already the sources removed.
-%{SOURCE1} > /dev/null
-
-cp %{SOURCE12} %{SOURCE13} crypto/ec/
-
-%patch1 -p1 -b .rpmbuild
-%patch2 -p1 -b .defaults
-%patch4 -p1 -b .enginesdir %{?_rawbuild}
-%patch5 -p1 -b .no-rpath
-%patch6 -p1 -b .use-localhost
-%patch7 -p1 -b .timezone
-%patch8 -p1 -b .perlfind %{?_rawbuild}
-%patch9 -p1 -b .aliasing
-%patch10 -p1 -b .conf-10
-
-%patch23 -p1 -b .default-paths
-%patch24 -p1 -b .issuer-hash
-
-%patch33 -p1 -b .ca-dir
-%patch34 -p1 -b .x509
-%patch35 -p1 -b .version-add-engines
-%patch39 -p1 -b .ipv6-apps
-%patch40 -p1 -b .fips
-%patch45 -p1 -b .env-zlib
-%patch47 -p1 -b .warning
-%patch49 -p1 -b .algo-doc
-%patch50 -p1 -b .dtls1-abi
-%patch51 -p1 -b .version
-%patch56 -p1 -b .x931
-%patch58 -p1 -b .md5-allow
-%patch60 -p1 -b .dgst
-%patch63 -p1 -b .starttls
-%patch65 -p1 -b .chil
-%patch66 -p1 -b .pkgconfig
-%patch68 -p1 -b .secure-getenv
-%patch70 -p1 -b .fips-ec
-%patch71 -p1 -b .manfix
-%patch72 -p1 -b .fips-ctor
-%patch73 -p1 -b .suiteb
-%patch74 -p1 -b .deprecate-algos
-%patch75 -p1 -b .compat
-%patch76 -p1 -b .fips-reqs
-%patch77 -p1 -b .strength
-%patch78 -p1 -b .cc-reqs
-%patch90 -p1 -b .enc-fail
-%patch92 -p1 -b .system
-%patch93 -p1 -b .v2v3
-%patch94 -p1 -b .secp256k1
-%patch95 -p1 -b .nistp224
-%patch96 -p1 -b .speed-doc
-%patch97 -p1 -b .nokrb5-abi
-%patch98 -p1 -b .long-hello
-%patch99 -p1 -b .randlock
-
-%patch80 -p1 -b .wrap
-%patch81 -p1 -b .padlock64
-%patch82 -p1 -b .trusted-first
-%patch83 -p1 -b .CVE-2018-0737
-%patch84 -p1 -b .CVE-2018-0732
-%patch85 -p1 -b .CVE-2018-0734
-%patch86 -p1 -b .CVE-2019-1552
-%patch87 -p1 -b .CVE-2019-1559
-%patch88 -p1 -b .symver
-
-sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER
"%{version}"/' crypto/opensslv.h
-
-# Modify the various perl scripts to reference perl in the right location.
-perl util/perlpath.pl `dirname %{__perl}`
-
-# Generate a table with the compile settings for my perusal.
-touch Makefile
-make TABLE PERL=%{__perl}
-
-cp apps/openssl.cnf apps/openssl10.cnf
-
-%build
-# Figure out which flags we want to use.
-# default
-sslarch=%{_os}-%{_target_cpu}
-%ifarch %ix86
-sslarch=linux-elf
-if ! echo %{_target} | grep -q i686 ; then
- sslflags="no-asm 386"
-fi
-%endif
-%ifarch x86_64
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch sparcv9
-sslarch=linux-sparcv9
-sslflags=no-asm
-%endif
-%ifarch sparc64
-sslarch=linux64-sparcv9
-sslflags=no-asm
-%endif
-%ifarch alpha alphaev56 alphaev6 alphaev67
-sslarch=linux-alpha-gcc
-%endif
-%ifarch s390 sh3eb sh4eb
-sslarch="linux-generic32 -DB_ENDIAN"
-%endif
-%ifarch s390x
-sslarch="linux64-s390x"
-%endif
-%ifarch %{arm}
-sslarch=linux-armv4
-%endif
-%ifarch aarch64
-sslarch=linux-aarch64
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch sh3 sh4
-sslarch=linux-generic32
-%endif
-%ifarch ppc64 ppc64p7
-sslarch=linux-ppc64
-%endif
-%ifarch ppc64le
-sslarch="linux-ppc64le"
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch mips mipsel
-sslarch="linux-mips32 -mips32r2"
-%endif
-%ifarch mips64 mips64el
-sslarch="linux64-mips64 -mips64r2"
-%endif
-%ifarch mips64el
-sslflags=enable-ec_nistp_64_gcc_128
-%endif
-%ifarch riscv64
-sslarch=linux-generic64
-%endif
-
-# ia64, x86_64, ppc are OK by default
-# Configure the build tree. Override OpenSSL defaults with known-good defaults
-# usable on all platforms. The Configure script already knows to use -fPIC and
-# RPM_OPT_FLAGS, so we can skip specifiying them here.
-./Configure \
- --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
- --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
- zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \
- enable-cms enable-md2 enable-rc5 \
- no-mdc2 no-ec2m no-gost no-srp no-krb5 \
- --enginesdir=%{_libdir}/openssl/engines \
- shared ${sslarch} %{?!nofips:fips}
-
-# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
-# marked as not requiring an executable stack.
-# Also add -DPURIFY to make using valgrind with openssl easier as we do not
-# want to depend on the uninitialized memory as a source of entropy anyway.
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack
-Wa,--generate-missing-build-notes=yes -DPURIFY"
-make depend
-make all
-
-# Generate hashes for the included certs.
-make rehash
-
-# Overwrite FIPS README and copy README.legacy-settings
-cp -f %{SOURCE5} %{SOURCE11} .
-
-# Clean up the .pc files
-for i in libcrypto.pc libssl.pc openssl.pc ; do
- sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
-done
-
-%check
-# Verify that what was compiled actually works.
-
-# We must revert patch33 before tests otherwise they will fail
-patch -p1 -R < %{PATCH33}
-cp apps/openssl.cnf apps/openssl10.cnf
-
-LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
-export LD_LIBRARY_PATH
-OPENSSL_ENABLE_MD5_VERIFY=
-export OPENSSL_ENABLE_MD5_VERIFY
-make -C test apps tests
-%{__cc} -o openssl-thread-test \
- -I./include \
- $RPM_OPT_FLAGS \
- %{SOURCE8} \
- -L. \
- -lssl -lcrypto \
- -lpthread -lz -ldl
-./openssl-thread-test --threads %{thread_test_threads}
-
-# Add generation of HMAC checksum of the final stripped library
-%define __spec_install_post \
- %{?__debug_package:%{__debug_install_post}} \
- %{__arch_install_post} \
- %{__os_install_post} \
- crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version}
>$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
- ln -sf .libcrypto.so.%{version}.hmac
$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
- crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version}
>$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
- ln -sf .libssl.so.%{version}.hmac
$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
-%{nil}
-
-%define __provides_exclude_from %{_libdir}/openssl
-
-%install
-[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-# Install OpenSSL.
-install -d
$RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
-make INSTALL_PREFIX=$RPM_BUILD_ROOT install
-make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
-mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
-mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
-rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
-rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
-for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
- chmod 755 ${lib}
- ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib}
.%{version}`.%{soversion}
-done
-
-# Delete static library
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.a || :
-
-# Rename man pages so that they don't conflict with other system man pages.
-pushd $RPM_BUILD_ROOT%{_mandir}
-for manpage in man*/* ; do
- if [ -L ${manpage} ]; then
- TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
- ln -snf ${TARGET}ssl ${manpage}ssl
- rm -f ${manpage}
- else
- mv ${manpage} ${manpage}ssl
- fi
-done
-popd
-
-# Delete non-devel man pages in the compat package
-rm -rf $RPM_BUILD_ROOT%{_mandir}/man[157]*
-
-# Delete configuration files
-rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/pki/*
-
-# Remove binaries
-rm -rf $RPM_BUILD_ROOT/%{_bindir}
-
-# Remove engines
-rm -rf $RPM_BUILD_ROOT/%{_libdir}/openssl
-
-# Install compat config file
-install -m 644 apps/openssl10.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/openssl10.cnf
-
-%files
-%license LICENSE
-%doc FAQ NEWS README
-%doc README.FIPS
-%doc README.legacy-settings
-
-%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
-%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
-%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
-%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion}
-%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
-%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
-
-%dir %{_sysconfdir}/pki
-%attr(0644,root,root) %{_sysconfdir}/pki/openssl10.cnf
-
-%files devel
-%doc doc/c-indentation.el doc/openssl.txt CHANGES
-%{_prefix}/include/openssl
-%attr(0755,root,root) %{_libdir}/*.so
-%attr(0644,root,root) %{_mandir}/man3*/*
-%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
-
-%ldconfig_scriptlets
-
-%changelog
-* Fri Sep 04 2020 Jeff Law <law(a)redhat.com> - 1:1.0.2o-12
-- Use symver attribute rather than asms for symbol versioning
-- Re-enable LTO
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2o-11
-- Second attempt - Rebuilt for
-
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2o-10
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2o-9
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Tue Sep 10 2019 Miro Hrončok <mhroncok(a)redhat.com> - 1:1.0.2o-8
-- Restore the devel package on Fedora 31 and 32 (#1673419)
-
-* Tue Sep 10 2019 Gwyn Ciesla <gwync(a)protonmail.com> - 1:1.0.2o-7
-- Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2o-6
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 8 2019 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2o-5
-- Keep the compat-openssl10-devel for Fedora 30
-- Generate missing build notes for assembler sources
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2o-4
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Aug 3 2018 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2o-3
-- provide and use compat openssl10.cnf as the non-compat one is incompatible
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2o-2
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Apr 5 2018 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2o-1
-- minor upstream release 1.0.2o fixing security issues
-
-* Sun Mar 11 2018 Stefan O'Rear <sorear2(a)gmail.com> 1:1.0.2n-4
-- Add flags for riscv64.
-
-* Fri Feb 23 2018 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2n-3
-- apply RPM_LD_FLAGS properly (#1548117)
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2n-2
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jan 18 2018 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2n-1
-- minor upstream release 1.0.2n fixing security issues
-
-* Mon Nov 13 2017 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2m-1
-- minor upstream release 1.0.2m fixing security issues
-- fix locking of RNG in FIPS mode for some obscure use-cases
-
-* Mon Aug 21 2017 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2j-9
-- add missing ldconfig call to post script
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2j-8
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2j-7
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.0.2j-6
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Oct 20 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2j-5
-- fix -devel subpackage conflict with man-pages package (#1387175)
-
-* Fri Oct 14 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2j-4
-- correct wrong Requires in -devel subpackage
-
-* Fri Oct 14 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2j-3
-- add back -devel subpackage as a stop-gap measure for software
- that cannot be ported to new API easily
-
-* Fri Oct 7 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2j-2
-- removed Buildroot and clean section
-- added Conflicts with old openssl
-
-* Thu Oct 6 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2j-1
-- updated to 1.0.2j and modified Summary
-
-* Thu Oct 6 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2i-3
-- renamed to compat-openssl10, additional cleanups
-
-* Fri Sep 23 2016 Tomáš Mráz <tmraz(a)redhat.com> 1.0.2i-2
-- compat package created
diff --git a/dead.package b/dead.package
new file mode 100644
index 0000000..a2f9361
--- /dev/null
+++ b/dead.package
@@ -0,0 +1 @@
+Retired due to security issues and general obsolescence
diff --git a/ec_curve.c b/ec_curve.c
deleted file mode 100644
index ea3a479..0000000
--- a/ec_curve.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/* crypto/ec/ec_curve.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core(a)openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay(a)cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh(a)cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <string.h>
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-typedef struct {
- int field_type, /* either NID_X9_62_prime_field or
- * NID_X9_62_characteristic_two_field */
- seed_len, param_len;
- unsigned int cofactor; /* promoted to BN_ULONG */
-} EC_CURVE_DATA;
-
-/* the nist prime curves */
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 48 * 6];
-} _EC_NIST_PRIME_384 = {
- {
- NID_X9_62_prime_field, 20, 48, 1
- },
- {
- /* seed */
- 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
- 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- /* a */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
- /* b */
- 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
- 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
- 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
- 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
- /* x */
- 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
- 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
- 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
- 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
- /* y */
- 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
- 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
- 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
- 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
- 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 66 * 6];
-} _EC_NIST_PRIME_521 = {
- {
- NID_X9_62_prime_field, 20, 66, 1
- },
- {
- /* seed */
- 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
- 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
- /* p */
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- /* a */
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- /* b */
- 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
- 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
- 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
- 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
- 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
- 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
- /* x */
- 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
- 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
- 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
- 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
- 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
- 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
- /* y */
- 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
- 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
- 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
- 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
- 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
- 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
- /* order */
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
- 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
- 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
- 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
- }
-};
-
-static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 32 * 6];
-} _EC_X9_62_PRIME_256V1 = {
- {
- NID_X9_62_prime_field, 20, 32, 1
- },
- {
- /* seed */
- 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
- 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
- /* p */
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- /* a */
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- /* b */
- 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
- 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
- 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
- /* x */
- 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
- 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
- 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
- /* y */
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
- 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
- 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- /* order */
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
- 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
- }
-};
-
-typedef struct _ec_list_element_st {
- int nid;
- const EC_CURVE_DATA *data;
- const EC_METHOD *(*meth) (void);
- const char *comment;
-} ec_list_element;
-
-static const ec_list_element curve_list[] = {
- /* prime field curves */
- /* secg curves */
- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
- "NIST/SECG curve over a 384 bit prime field"},
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
- "NIST/SECG curve over a 521 bit prime field"},
-#else
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
- "NIST/SECG curve over a 521 bit prime field"},
-#endif
- /* X9.62 curves */
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
-#if defined(ECP_NISTZ256_ASM)
- EC_GFp_nistz256_method,
-#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
- EC_GFp_nistp256_method,
-#else
- 0,
-#endif
- "X9.62/SECG curve over a 256 bit prime field"},
-};
-
-#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
-
-static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
-{
- EC_GROUP *group = NULL;
- EC_POINT *P = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
- NULL;
- int ok = 0;
- int seed_len, param_len;
- const EC_METHOD *meth;
- const EC_CURVE_DATA *data;
- const unsigned char *params;
-
- if ((ctx = BN_CTX_new()) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- data = curve.data;
- seed_len = data->seed_len;
- param_len = data->param_len;
- params = (const unsigned char *)(data + 1); /* skip header */
- params += seed_len; /* skip seed */
-
- if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL))
- || !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL))
- || !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
-
- if (curve.meth != 0) {
- meth = curve.meth();
- if (((group = EC_GROUP_new(meth)) == NULL) ||
- (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- } else if (data->field_type == NID_X9_62_prime_field) {
- if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
-#ifndef OPENSSL_NO_EC2M
- else { /* field_type ==
- * NID_X9_62_characteristic_two_field */
-
- if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
-#endif
-
- if ((P = EC_POINT_new(group)) == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
-
- if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
- || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
- if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
- || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
- if (!EC_GROUP_set_generator(group, P, order, x)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- if (seed_len) {
- if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
- ok = 1;
- err:
- if (!ok) {
- EC_GROUP_free(group);
- group = NULL;
- }
- if (P)
- EC_POINT_free(P);
- if (ctx)
- BN_CTX_free(ctx);
- if (p)
- BN_free(p);
- if (a)
- BN_free(a);
- if (b)
- BN_free(b);
- if (order)
- BN_free(order);
- if (x)
- BN_free(x);
- if (y)
- BN_free(y);
- return group;
-}
-
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
-{
- size_t i;
- EC_GROUP *ret = NULL;
-
- if (nid <= 0)
- return NULL;
-
- for (i = 0; i < curve_list_length; i++)
- if (curve_list[i].nid == nid) {
- ret = ec_group_new_from_data(curve_list[i]);
- break;
- }
-
- if (ret == NULL) {
- ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
- return NULL;
- }
-
- EC_GROUP_set_curve_name(ret, nid);
-
- return ret;
-}
-
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
-{
- size_t i, min;
-
- if (r == NULL || nitems == 0)
- return curve_list_length;
-
- min = nitems < curve_list_length ? nitems : curve_list_length;
-
- for (i = 0; i < min; i++) {
- r[i].nid = curve_list[i].nid;
- r[i].comment = curve_list[i].comment;
- }
-
- return curve_list_length;
-}
-
-/* Functions to translate between common NIST curve names and NIDs */
-
-typedef struct {
- const char *name; /* NIST Name of curve */
- int nid; /* Curve NID */
-} EC_NIST_NAME;
-
-static EC_NIST_NAME nist_curves[] = {
- {"B-163", NID_sect163r2},
- {"B-233", NID_sect233r1},
- {"B-283", NID_sect283r1},
- {"B-409", NID_sect409r1},
- {"B-571", NID_sect571r1},
- {"K-163", NID_sect163k1},
- {"K-233", NID_sect233k1},
- {"K-283", NID_sect283k1},
- {"K-409", NID_sect409k1},
- {"K-571", NID_sect571k1},
- {"P-192", NID_X9_62_prime192v1},
- {"P-224", NID_secp224r1},
- {"P-256", NID_X9_62_prime256v1},
- {"P-384", NID_secp384r1},
- {"P-521", NID_secp521r1}
-};
-
-const char *EC_curve_nid2nist(int nid)
-{
- size_t i;
- for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) {
- if (nist_curves[i].nid == nid)
- return nist_curves[i].name;
- }
- return NULL;
-}
-
-int EC_curve_nist2nid(const char *name)
-{
- size_t i;
- for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) {
- if (!strcmp(nist_curves[i].name, name))
- return nist_curves[i].nid;
- }
- return NID_undef;
-}
diff --git a/ectest.c b/ectest.c
deleted file mode 100644
index 701e706..0000000
--- a/ectest.c
+++ /dev/null
@@ -1,994 +0,0 @@
-/* crypto/ec/ectest.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core(a)openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay(a)cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh(a)cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef FLAT_INC
-# include "e_os.h"
-#else
-# include "../e_os.h"
-#endif
-#include <string.h>
-#include <time.h>
-
-#ifdef OPENSSL_NO_EC
-int main(int argc, char *argv[])
-{
- puts("Elliptic curves are disabled.");
- return 0;
-}
-#else
-
-# include <openssl/ec.h>
-# ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/obj_mac.h>
-# include <openssl/objects.h>
-# include <openssl/rand.h>
-# include <openssl/bn.h>
-# include <openssl/opensslconf.h>
-
-# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
-/* suppress "too big too optimize" warning */
-# pragma warning(disable:4959)
-# endif
-
-# define ABORT do { \
- fflush(stdout); \
- fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
- ERR_print_errors_fp(stderr); \
- EXIT(1); \
-} while (0)
-
-# define TIMING_BASE_PT 0
-# define TIMING_RAND_PT 1
-# define TIMING_SIMUL 2
-
-# if 0
-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
-{
- clock_t clck;
- int i, j;
- BIGNUM *s;
- BIGNUM *r[10], *r0[10];
- EC_POINT *P;
-
- s = BN_new();
- if (s == NULL)
- ABORT;
-
- fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
- if (!EC_GROUP_get_order(group, s, ctx))
- ABORT;
- fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
- fflush(stdout);
-
- P = EC_POINT_new(group);
- if (P == NULL)
- ABORT;
- EC_POINT_copy(P, EC_GROUP_get0_generator(group));
-
- for (i = 0; i < 10; i++) {
- if ((r[i] = BN_new()) == NULL)
- ABORT;
- if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
- ABORT;
- if (type != TIMING_BASE_PT) {
- if ((r0[i] = BN_new()) == NULL)
- ABORT;
- if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
- ABORT;
- }
- }
-
- clck = clock();
- for (i = 0; i < 10; i++) {
- for (j = 0; j < 10; j++) {
- if (!EC_POINT_mul
- (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
- (type != TIMING_BASE_PT) ? P : NULL,
- (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
- ABORT;
- }
- }
- clck = clock() - clck;
-
- fprintf(stdout, "\n");
-
-# ifdef CLOCKS_PER_SEC
- /*
- * "To determine the time in seconds, the value returned by the clock
- * function should be divided by the value of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899
- */
-# define UNIT "s"
-# else
- /*
- * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
- * NeXTstep/OpenStep
- */
-# define UNIT "units"
-# define CLOCKS_PER_SEC 1
-# endif
-
- if (type == TIMING_BASE_PT) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
- "base point multiplications", (double)clck / CLOCKS_PER_SEC);
- } else if (type == TIMING_RAND_PT) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
- "random point multiplications",
- (double)clck / CLOCKS_PER_SEC);
- } else if (type == TIMING_SIMUL) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
- "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
- }
- fprintf(stdout, "average: %.4f " UNIT "\n",
- (double)clck / (CLOCKS_PER_SEC * i * j));
-
- EC_POINT_free(P);
- BN_free(s);
- for (i = 0; i < 10; i++) {
- BN_free(r[i]);
- if (type != TIMING_BASE_PT)
- BN_free(r0[i]);
- }
-}
-# endif
-
-/* test multiplication with group order, long and negative scalars */
-static void group_order_tests(EC_GROUP *group)
-{
- BIGNUM *n1, *n2, *order;
- EC_POINT *P = EC_POINT_new(group);
- EC_POINT *Q = EC_POINT_new(group);
- BN_CTX *ctx = BN_CTX_new();
- int i;
-
- n1 = BN_new();
- n2 = BN_new();
- order = BN_new();
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, order, ctx))
- ABORT;
- if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, Q))
- ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
- if (!EC_GROUP_precompute_mult(group, ctx))
- ABORT;
- if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, Q))
- ABORT;
- fprintf(stdout, " ok\n");
- fprintf(stdout, "long/negative scalar tests ");
- for (i = 1; i <= 2; i++) {
- const BIGNUM *scalars[6];
- const EC_POINT *points[6];
-
- fprintf(stdout, i == 1 ?
- "allowing precomputation ... " :
- "without precomputation ... ");
- if (!BN_set_word(n1, i))
- ABORT;
- /*
- * If i == 1, P will be the predefined generator for which
- * EC_GROUP_precompute_mult has set up precomputation.
- */
- if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
- ABORT;
-
- if (!BN_one(n1))
- ABORT;
- /* n1 = 1 - order */
- if (!BN_sub(n1, n1, order))
- ABORT;
- if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
- ABORT;
- if (0 != EC_POINT_cmp(group, Q, P, ctx))
- ABORT;
-
- /* n2 = 1 + order */
- if (!BN_add(n2, order, BN_value_one()))
- ABORT;
- if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
- ABORT;
- if (0 != EC_POINT_cmp(group, Q, P, ctx))
- ABORT;
-
- /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
- if (!BN_mul(n2, n1, n2, ctx))
- ABORT;
- if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
- ABORT;
- if (0 != EC_POINT_cmp(group, Q, P, ctx))
- ABORT;
-
- /* n2 = order^2 - 1 */
- BN_set_negative(n2, 0);
- if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
- ABORT;
- /* Add P to verify the result. */
- if (!EC_POINT_add(group, Q, Q, P, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, Q))
- ABORT;
-
- /* Exercise EC_POINTs_mul, including corner cases. */
- if (EC_POINT_is_at_infinity(group, P))
- ABORT;
- scalars[0] = n1;
- points[0] = Q; /* => infinity */
- scalars[1] = n2;
- points[1] = P; /* => -P */
- scalars[2] = n1;
- points[2] = Q; /* => infinity */
- scalars[3] = n2;
- points[3] = Q; /* => infinity */
- scalars[4] = n1;
- points[4] = P; /* => P */
- scalars[5] = n2;
- points[5] = Q; /* => infinity */
- if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, P))
- ABORT;
- }
- fprintf(stdout, "ok\n");
-
- EC_POINT_free(P);
- EC_POINT_free(Q);
- BN_free(n1);
- BN_free(n2);
- BN_free(order);
- BN_CTX_free(ctx);
-}
-
-static void prime_field_tests(void)
-{
- BN_CTX *ctx = NULL;
- BIGNUM *p, *a, *b;
- EC_GROUP *group;
- EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
- NULL, *P_384 = NULL, *P_521 = NULL;
- EC_POINT *P, *Q, *R;
- BIGNUM *x, *y, *z;
- unsigned char buf[100];
- size_t i, len;
- int k;
-
-# if 1 /* optional */
- ctx = BN_CTX_new();
- if (!ctx)
- ABORT;
-# endif
-
- p = BN_new();
- a = BN_new();
- b = BN_new();
- if (!p || !a || !b)
- ABORT;
-
- group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
- * EC_GROUP_new_curve_GFp so
- * that the library gets to
- * choose the EC_METHOD */
- if (!group)
- ABORT;
-
- P = EC_POINT_new(group);
- Q = EC_POINT_new(group);
- R = EC_POINT_new(group);
- if (!P || !Q || !R)
- ABORT;
-
- x = BN_new();
- y = BN_new();
- z = BN_new();
- if (!x || !y || !z)
- ABORT;
-
- /* Curve P-256 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn
- (&p,
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
- ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- ABORT;
- if (!BN_hex2bn
- (&a,
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
- ABORT;
- if (!BN_hex2bn
- (&b,
- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
- ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
- ABORT;
-
- if (!BN_hex2bn
- (&x,
- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
- ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
- ABORT;
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
- ABORT;
- if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
- "84F3B9CAC2FC632551"))
- ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
- ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
- ABORT;
- fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn
- (&z,
- "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
- ABORT;
- if (0 != BN_cmp(y, z))
- ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 256)
- ABORT;
- fprintf(stdout, " ok\n");
-
- group_order_tests(group);
-
- if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
- ABORT;
- if (!EC_GROUP_copy(P_256, group))
- ABORT;
-
- /* Curve P-384 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
- ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- ABORT;
- if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
- ABORT;
- if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
- "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
- ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
- ABORT;
-
- if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
- "9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
- ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
- ABORT;
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
- ABORT;
- if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
- ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
- ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
- ABORT;
- fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
- "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
- ABORT;
- if (0 != BN_cmp(y, z))
- ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 384)
- ABORT;
- fprintf(stdout, " ok\n");
-
- group_order_tests(group);
-
- if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
- ABORT;
- if (!EC_GROUP_copy(P_384, group))
- ABORT;
-
- /* Curve P-521 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
- ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- ABORT;
- if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
- ABORT;
- if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
- "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
- "DF883D2C34F1EF451FD46B503F00"))
- ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
- ABORT;
-
- if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
- "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
- "3C1856A429BF97E7E31C2E5BD66"))
- ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
- ABORT;
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
- ABORT;
- if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
- "C9B8899C47AEBB6FB71E91386409"))
- ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
- ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
- ABORT;
- fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
- "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
- "7086A272C24088BE94769FD16650"))
- ABORT;
- if (0 != BN_cmp(y, z))
- ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 521)
- ABORT;
- fprintf(stdout, " ok\n");
-
- group_order_tests(group);
-
- if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
- ABORT;
- if (!EC_GROUP_copy(P_521, group))
- ABORT;
-
- /* more tests using the last curve */
-
- if (!EC_POINT_copy(Q, P))
- ABORT;
- if (EC_POINT_is_at_infinity(group, Q))
- ABORT;
- if (!EC_POINT_dbl(group, P, P, ctx))
- ABORT;
- if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
- ABORT;
- if (!EC_POINT_invert(group, Q, ctx))
- ABORT; /* P = -2Q */
-
- if (!EC_POINT_add(group, R, P, Q, ctx))
- ABORT;
- if (!EC_POINT_add(group, R, R, Q, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, R))
- ABORT; /* R = P + 2Q */
-
- {
- const EC_POINT *points[4];
- const BIGNUM *scalars[4];
- BIGNUM scalar3;
-
- if (EC_POINT_is_at_infinity(group, Q))
- ABORT;
- points[0] = Q;
- points[1] = Q;
- points[2] = Q;
- points[3] = Q;
-
- if (!EC_GROUP_get_order(group, z, ctx))
- ABORT;
- if (!BN_add(y, z, BN_value_one()))
- ABORT;
- if (BN_is_odd(y))
- ABORT;
- if (!BN_rshift1(y, y))
- ABORT;
- scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
- scalars[1] = y;
-
- fprintf(stdout, "combined multiplication ...");
- fflush(stdout);
-
- /* z is still the group order */
- if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
- ABORT;
- if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
- ABORT;
- if (0 != EC_POINT_cmp(group, P, R, ctx))
- ABORT;
- if (0 != EC_POINT_cmp(group, R, Q, ctx))
- ABORT;
-
- fprintf(stdout, ".");
- fflush(stdout);
-
- if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
- ABORT;
- if (!BN_add(z, z, y))
- ABORT;
- BN_set_negative(z, 1);
- scalars[0] = y;
- scalars[1] = z; /* z = -(order + y) */
-
- if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, P))
- ABORT;
-
- fprintf(stdout, ".");
- fflush(stdout);
-
- if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
- ABORT;
- if (!BN_add(z, x, y))
- ABORT;
- BN_set_negative(z, 1);
- scalars[0] = x;
- scalars[1] = y;
- scalars[2] = z; /* z = -(x+y) */
-
- BN_init(&scalar3);
- BN_zero(&scalar3);
- scalars[3] = &scalar3;
-
- if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
- ABORT;
- if (!EC_POINT_is_at_infinity(group, P))
- ABORT;
-
- fprintf(stdout, " ok\n\n");
-
- BN_free(&scalar3);
- }
-
-# if 0
- timings(P_256, TIMING_BASE_PT, ctx);
- timings(P_256, TIMING_RAND_PT, ctx);
- timings(P_256, TIMING_SIMUL, ctx);
- timings(P_384, TIMING_BASE_PT, ctx);
- timings(P_384, TIMING_RAND_PT, ctx);
- timings(P_384, TIMING_SIMUL, ctx);
- timings(P_521, TIMING_BASE_PT, ctx);
- timings(P_521, TIMING_RAND_PT, ctx);
- timings(P_521, TIMING_SIMUL, ctx);
-# endif
-
- if (ctx)
- BN_CTX_free(ctx);
- BN_free(p);
- BN_free(a);
- BN_free(b);
- EC_GROUP_free(group);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(R);
- BN_free(x);
- BN_free(y);
- BN_free(z);
-
- if (P_160)
- EC_GROUP_free(P_160);
- if (P_192)
- EC_GROUP_free(P_192);
- if (P_224)
- EC_GROUP_free(P_224);
- if (P_256)
- EC_GROUP_free(P_256);
- if (P_384)
- EC_GROUP_free(P_384);
- if (P_521)
- EC_GROUP_free(P_521);
-
-}
-
-
-static void internal_curve_test(void)
-{
- EC_builtin_curve *curves = NULL;
- size_t crv_len = 0, n = 0;
- int ok = 1;
-
- crv_len = EC_get_builtin_curves(NULL, 0);
-
- curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
- if (curves == NULL)
- return;
-
- if (!EC_get_builtin_curves(curves, crv_len)) {
- OPENSSL_free(curves);
- return;
- }
-
- fprintf(stdout, "testing internal curves: ");
-
- for (n = 0; n < crv_len; n++) {
- EC_GROUP *group = NULL;
- int nid = curves[n].nid;
- if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
- ok = 0;
- fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
- " curve %s\n", OBJ_nid2sn(nid));
- /* try next curve */
- continue;
- }
- if (!EC_GROUP_check(group, NULL)) {
- ok = 0;
- fprintf(stdout, "\nEC_GROUP_check() failed with"
- " curve %s\n", OBJ_nid2sn(nid));
- EC_GROUP_free(group);
- /* try the next curve */
- continue;
- }
- fprintf(stdout, ".");
- fflush(stdout);
- EC_GROUP_free(group);
- }
- if (ok)
- fprintf(stdout, " ok\n\n");
- else {
- fprintf(stdout, " failed\n\n");
- ABORT;
- }
- OPENSSL_free(curves);
- return;
-}
-
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/*
- * nistp_test_params contains magic numbers for testing our optimized
- * implementations of several NIST curves with characteristic > 3.
- */
-struct nistp_test_params {
- const EC_METHOD *(*meth) ();
- int degree;
- /*
- * Qx, Qy and D are taken from
- *
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
- * Otherwise, values are standard curve parameters from FIPS 180-3
- */
- const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
-};
-
-static const struct nistp_test_params nistp_tests_params[] = {
- {
- /* P-256 */
- EC_GFp_nistp256_method,
- 256,
- /* p */
- "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
- /* a */
- "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
- /* b */
- "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
- /* Qx */
- "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
- /* Qy */
- "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
- /* Gx */
- "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
- /* Gy */
- "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
- /* order */
- "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
- /* d */
- "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
- },
- {
- /* P-521 */
- EC_GFp_nistp521_method,
- 521,
- /* p */
-
"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
- /* a */
-
"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
- /* b */
-
"051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
- /* Qx */
-
"0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
- /* Qy */
-
"0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
- /* Gx */
-
"c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
- /* Gy */
-
"11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
- /* order */
-
"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
- /* d */
-
"0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
- },
-};
-
-static void nistp_single_test(const struct nistp_test_params *test)
-{
- BN_CTX *ctx;
- BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
- EC_GROUP *NISTP;
- EC_POINT *G, *P, *Q, *Q_CHECK;
-
- fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n",
- test->degree);
- ctx = BN_CTX_new();
- p = BN_new();
- a = BN_new();
- b = BN_new();
- x = BN_new();
- y = BN_new();
- m = BN_new();
- n = BN_new();
- order = BN_new();
-
- NISTP = EC_GROUP_new(test->meth());
- if (!NISTP)
- ABORT;
- if (!BN_hex2bn(&p, test->p))
- ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
- ABORT;
- if (!BN_hex2bn(&a, test->a))
- ABORT;
- if (!BN_hex2bn(&b, test->b))
- ABORT;
- if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
- ABORT;
- G = EC_POINT_new(NISTP);
- P = EC_POINT_new(NISTP);
- Q = EC_POINT_new(NISTP);
- Q_CHECK = EC_POINT_new(NISTP);
- if (!BN_hex2bn(&x, test->Qx))
- ABORT;
- if (!BN_hex2bn(&y, test->Qy))
- ABORT;
- if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
- ABORT;
- if (!BN_hex2bn(&x, test->Gx))
- ABORT;
- if (!BN_hex2bn(&y, test->Gy))
- ABORT;
- if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
- ABORT;
- if (!BN_hex2bn(&order, test->order))
- ABORT;
- if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
- ABORT;
-
- fprintf(stdout, "verify degree ... ");
- if (EC_GROUP_get_degree(NISTP) != test->degree)
- ABORT;
- fprintf(stdout, "ok\n");
-
- fprintf(stdout, "NIST test vectors ... ");
- if (!BN_hex2bn(&n, test->d))
- ABORT;
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
-
- /* set generator to P = 2*G, where G is the standard generator */
- if (!EC_POINT_dbl(NISTP, P, G, ctx))
- ABORT;
- if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
- ABORT;
- /* set the scalar to m=n/2, where n is the NIST test scalar */
- if (!BN_rshift(m, n, 1))
- ABORT;
-
- /* test the non-standard generator */
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
-
- /*
- * We have not performed precomputation so have_precompute mult should be
- * false
- */
- if (EC_GROUP_have_precompute_mult(NISTP))
- ABORT;
-
- /* now repeat all tests with precomputation */
- if (!EC_GROUP_precompute_mult(NISTP, ctx))
- ABORT;
- if (!EC_GROUP_have_precompute_mult(NISTP))
- ABORT;
-
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
-
- /* reset generator */
- if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
- ABORT;
- /* fixed point multiplication */
- EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
- /* random point multiplication */
- EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
- if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
- ABORT;
-
- fprintf(stdout, "ok\n");
- group_order_tests(NISTP);
-# if 0
- timings(NISTP, TIMING_BASE_PT, ctx);
- timings(NISTP, TIMING_RAND_PT, ctx);
-# endif
- EC_GROUP_free(NISTP);
- EC_POINT_free(G);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(Q_CHECK);
- BN_free(n);
- BN_free(m);
- BN_free(p);
- BN_free(a);
- BN_free(b);
- BN_free(x);
- BN_free(y);
- BN_free(order);
- BN_CTX_free(ctx);
-}
-
-static void nistp_tests()
-{
- unsigned i;
-
- for (i = 0;
- i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params);
- i++) {
- nistp_single_test(&nistp_tests_params[i]);
- }
-}
-# endif
-
-static const char rnd_seed[] =
- "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-{
-
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
- && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"),
"off")))) {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- } else {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- ERR_load_crypto_strings();
-
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
-
- prime_field_tests();
- puts("");
-# ifndef OPENSSL_NO_EC2M
- char2_field_tests();
-# endif
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- nistp_tests();
-# endif
- /* test the internal curves */
- internal_curve_test();
-
-# ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-# endif
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_thread_state(NULL);
- CRYPTO_mem_leaks_fp(stderr);
-
- return 0;
-}
-#endif
diff --git a/hobble-openssl b/hobble-openssl
deleted file mode 100755
index 8750ad6..0000000
--- a/hobble-openssl
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-
-# Quit out if anything fails.
-set -e
-
-# Clean out patent-or-otherwise-encumbered code.
-# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
-# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
-# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
-# EC: ????????? ??/??/2020
-# SRP: ????????? ??/??/20??
-
-# Remove assembler portions of IDEA, MDC2, and RC5.
-# (find crypto/rc5/asm -type f | xargs -r rm -fv)
-
-# SRP.
-for a in srp; do
- for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f`
; do
- echo Destroying $c
- > $c
- done
-done
-
-for c in `find crypto/bn -name "*gf2m.c"`; do
- echo Destroying $c
- > $c
-done
-
-for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o
-name "ecp_nistp22?.c" -o -name "ectest.c"`; do
- echo Destroying $c
- > $c
-done
-
-for h in `find crypto ssl apps test -name "*.h"` ; do
- echo Removing SRP and EC2M references from $h
- cat $h | \
- awk 'BEGIN {ech=1;} \
- /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
- /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
- /^#[ \t]*if/ {if(ech < 1) ech--;} \
- {if(ech>0) {;print $0};} \
- /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
- mv $h.hobbled $h
-done
-
-# Make the makefiles happy.
-# touch crypto/rc5/asm/rc5-586.pl
diff --git a/make-dummy-cert b/make-dummy-cert
deleted file mode 100755
index f5f0453..0000000
--- a/make-dummy-cert
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-umask 077
-
-answers() {
- echo --
- echo SomeState
- echo SomeCity
- echo SomeOrganization
- echo SomeOrganizationalUnit
- echo localhost.localdomain
- echo root(a)localhost.localdomain
-}
-
-if [ $# -eq 0 ] ; then
- echo $"Usage: `basename $0` filename [...]"
- exit 0
-fi
-
-for target in $@ ; do
- PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
- PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
- trap "rm -f $PEM1 $PEM2" SIGINT
- answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365
-out $PEM2 2> /dev/null
- cat $PEM1 > ${target}
- echo "" >> ${target}
- cat $PEM2 >> ${target}
- rm -f $PEM1 $PEM2
-done
diff --git a/openssl-1.0.0-beta4-ca-dir.patch b/openssl-1.0.0-beta4-ca-dir.patch
deleted file mode 100644
index 751cabd..0000000
--- a/openssl-1.0.0-beta4-ca-dir.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in
---- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir 2006-04-28 02:30:49.000000000 +0200
-+++ openssl-1.0.0-beta4/apps/CA.pl.in 2009-11-12 12:33:13.000000000 +0100
-@@ -53,7 +53,7 @@ $VERIFY="$openssl verify";
- $X509="$openssl x509";
- $PKCS12="$openssl pkcs12";
-
--$CATOP="./demoCA";
-+$CATOP="/etc/pki/CA";
- $CAKEY="cakey.pem";
- $CAREQ="careq.pem";
- $CACERT="cacert.pem";
-diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh
---- openssl-1.0.0-beta4/apps/CA.sh.ca-dir 2009-10-15 19:27:47.000000000 +0200
-+++ openssl-1.0.0-beta4/apps/CA.sh 2009-11-12 12:35:14.000000000 +0100
-@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify"
- X509="$OPENSSL x509"
- PKCS12="openssl pkcs12"
-
--if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
-+if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi
- CAKEY=./cakey.pem
- CAREQ=./careq.pem
- CACERT=./cacert.pem
-diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir
openssl-1.0.0-beta4/apps/openssl.cnf
---- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir 2009-11-12 12:33:13.000000000 +0100
-+++ openssl-1.0.0-beta4/apps/openssl.cnf 2009-11-12 12:33:13.000000000 +0100
-@@ -39,7 +39,7 @@ default_ca = CA_default # The default c
- ####################################################################
- [ CA_default ]
-
--dir = ./demoCA # Where everything is kept
-+dir = /etc/pki/CA # Where everything is kept
- certs = $dir/certs # Where the issued certs are kept
- crl_dir = $dir/crl # Where the issued crl are kept
- database = $dir/index.txt # database index file.
diff --git a/openssl-1.0.0-timezone.patch b/openssl-1.0.0-timezone.patch
deleted file mode 100644
index b1d6682..0000000
--- a/openssl-1.0.0-timezone.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up openssl-1.0.0/Makefile.org.timezone
openssl-1.0.0/Makefile.org
---- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200
-+++
openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200
-@@ -609,7 +609,7 @@ install_docs:
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
-- sh -c "$$pod2man \
-+ sh -c "TZ=UTC $$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-@@ -626,7 +626,7 @@ install_docs:
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
-- sh -c "$$pod2man \
-+ sh -c "TZ=UTC $$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
diff --git a/openssl-1.0.1c-aliasing.patch b/openssl-1.0.1c-aliasing.patch
deleted file mode 100644
index 582418c..0000000
--- a/openssl-1.0.1c-aliasing.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.0.1c/crypto/modes/Makefile.aliasing
openssl-1.0.1c/crypto/modes/Makefile
---- openssl-1.0.1c/crypto/modes/Makefile.aliasing 2011-08-12 00:36:17.000000000 +0200
-+++ openssl-1.0.1c/crypto/modes/Makefile 2012-07-13 11:32:10.767829077 +0200
-@@ -12,7 +12,7 @@ AR= ar r
-
- MODES_ASM_OBJ=
-
--CFLAGS= $(INCLUDES) $(CFLAG)
-+CFLAGS= $(INCLUDES) $(CFLAG) -fno-strict-aliasing
- ASFLAGS= $(INCLUDES) $(ASFLAG)
- AFLAGS= $(ASFLAGS)
-
diff --git a/openssl-1.0.1c-perlfind.patch b/openssl-1.0.1c-perlfind.patch
deleted file mode 100644
index 956afd6..0000000
--- a/openssl-1.0.1c-perlfind.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl
---- openssl-1.0.1c/util/perlpath.pl.perlfind 2012-07-11 22:57:33.000000000 +0200
-+++ openssl-1.0.1c/util/perlpath.pl 2012-07-12 00:31:12.102156275 +0200
-@@ -4,10 +4,10 @@
- # line in all scripts that rely on perl.
- #
-
--require "find.pl";
-+use File::Find;
-
- $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
--&find(".");
-+find(\&wanted, ".");
-
- sub wanted
- {
diff --git a/openssl-1.0.1i-algo-doc.patch b/openssl-1.0.1i-algo-doc.patch
deleted file mode 100644
index a19877d..0000000
--- a/openssl-1.0.1i-algo-doc.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-diff -up openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc
openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod
---- openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc 2014-08-06 23:10:56.000000000
+0200
-+++ openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod 2014-08-07 11:18:01.290773970 +0200
-@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
-
- EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
- B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling
this
--function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
-+function. B<type> will typically be supplied by a function such as EVP_sha1().
- If B<impl> is NULL then the default implementation of digest B<type> is
used.
-
- EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-@@ -164,7 +164,8 @@ corresponding OBJECT IDENTIFIER or NID_u
- EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
- EVP_MD_CTX_block_size() return the digest or block size in bytes.
-
--EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
- EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
- corresponding EVP_MD structures.
-
-diff -up openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc
openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod
---- openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc 2014-08-06 23:10:56.000000000
+0200
-+++ openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod 2014-08-07 10:55:25.100638252 +0200
-@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
- int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-+ const EVP_CIPHER *EVP_des_ede3(void);
-+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
-+ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
-+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
-+ const EVP_CIPHER *EVP_aes_128_ecb(void);
-+ const EVP_CIPHER *EVP_aes_128_cbc(void);
-+ const EVP_CIPHER *EVP_aes_128_cfb1(void);
-+ const EVP_CIPHER *EVP_aes_128_cfb8(void);
-+ const EVP_CIPHER *EVP_aes_128_cfb128(void);
-+ const EVP_CIPHER *EVP_aes_128_ofb(void);
-+ const EVP_CIPHER *EVP_aes_192_ecb(void);
-+ const EVP_CIPHER *EVP_aes_192_cbc(void);
-+ const EVP_CIPHER *EVP_aes_192_cfb1(void);
-+ const EVP_CIPHER *EVP_aes_192_cfb8(void);
-+ const EVP_CIPHER *EVP_aes_192_cfb128(void);
-+ const EVP_CIPHER *EVP_aes_192_ofb(void);
-+ const EVP_CIPHER *EVP_aes_256_ecb(void);
-+ const EVP_CIPHER *EVP_aes_256_cbc(void);
-+ const EVP_CIPHER *EVP_aes_256_cfb1(void);
-+ const EVP_CIPHER *EVP_aes_256_cfb8(void);
-+ const EVP_CIPHER *EVP_aes_256_cfb128(void);
-+ const EVP_CIPHER *EVP_aes_256_ofb(void);
-+
- =head1 DESCRIPTION
-
- The EVP cipher routines are a high level interface to certain
-@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
-
- DESX algorithm in CBC mode.
-
-+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void),
EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
-+
-+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
-+
-+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void),
EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
-+
-+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
-+
-+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void),
EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
-+
-+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
-+
- =item EVP_rc4(void)
-
- RC4 stream cipher. This is a variable key length cipher with default key length 128
bits.
diff --git a/openssl-1.0.2a-apps-dgst.patch b/openssl-1.0.2a-apps-dgst.patch
deleted file mode 100644
index 2bb8327..0000000
--- a/openssl-1.0.2a-apps-dgst.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-diff -up openssl-1.0.2a/apps/ca.c.dgst openssl-1.0.2a/apps/ca.c
---- openssl-1.0.2a/apps/ca.c.dgst 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/apps/ca.c 2015-04-21 17:01:38.841551616 +0200
-@@ -157,7 +157,7 @@ static const char *ca_usage[] = {
- " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
- " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides
-days)\n",
- " -days arg - number of days to certify the certificate for\n",
-- " -md arg - md to use, one of md2, md5, sha or sha1\n",
-+ " -md arg - md to use, see openssl dgst -h for list\n",
- " -policy arg - The CA 'policy' to support\n",
- " -keyfile arg - private key file\n",
- " -keyform arg - private key file format (PEM or ENGINE)\n",
-diff -up openssl-1.0.2a/apps/enc.c.dgst openssl-1.0.2a/apps/enc.c
---- openssl-1.0.2a/apps/enc.c.dgst 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/apps/enc.c 2015-04-21 17:01:38.841551616 +0200
-@@ -294,7 +294,7 @@ int MAIN(int argc, char **argv)
- "%-14s the next argument is the md to use to create a
key\n",
- "-md");
- BIO_printf(bio_err,
-- "%-14s from a passphrase. One of md2, md5, sha or
sha1\n",
-+ "%-14s from a passphrase. See openssl dgst -h for
list.\n",
- "");
- BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
- "-S");
-diff -up openssl-1.0.2a/apps/req.c.dgst openssl-1.0.2a/apps/req.c
---- openssl-1.0.2a/apps/req.c.dgst 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/apps/req.c 2015-04-21 17:01:38.842551640 +0200
-@@ -414,7 +414,7 @@ int MAIN(int argc, char **argv)
- " -newkey ec:file generate a new EC key, parameters taken from
CA in 'file'\n");
- #endif
- BIO_printf(bio_err,
-- " -[digest] Digest to sign with (md5, sha1, md2, mdc2,
md4)\n");
-+ " -[digest] Digest to sign with (see openssl dgst -h for
list)\n");
- BIO_printf(bio_err, " -config file request template file.\n");
- BIO_printf(bio_err,
- " -subj arg set or modify request subject\n");
-diff -up openssl-1.0.2a/apps/ts.c.dgst openssl-1.0.2a/apps/ts.c
---- openssl-1.0.2a/apps/ts.c.dgst 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/apps/ts.c 2015-04-21 17:01:38.842551640 +0200
-@@ -337,7 +337,7 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err, "usage:\n"
- "ts -query [-rand file%cfile%c...] [-config configfile] "
- "[-data file_to_hash] [-digest digest_bytes]"
-- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
-+ "[-<hashalg>] "
- "[-policy object_id] [-no_nonce] [-cert] "
- "[-in request.tsq] [-out request.tsq] [-text]\n",
- LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-diff -up openssl-1.0.2a/apps/x509.c.dgst openssl-1.0.2a/apps/x509.c
---- openssl-1.0.2a/apps/x509.c.dgst 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/apps/x509.c 2015-04-21 17:01:38.842551640 +0200
-@@ -141,7 +141,7 @@ static const char *x509_usage[] = {
- " -set_serial - serial number to use\n",
- " -text - print the certificate in text form\n",
- " -C - print out C code forms\n",
-- " -md2/-md5/-sha1/-mdc2 - digest to use\n",
-+ " -<dgst> - digest to use, see openssl dgst -h output for
list\n",
- " -extfile - configuration file with X509V3 extensions to add\n",
- " -extensions - section from config file with X509V3 extensions to
add\n",
- " -clrext - delete extensions before signing and input
certificate\n",
-diff -up openssl-1.0.2a/doc/apps/ca.pod.dgst openssl-1.0.2a/doc/apps/ca.pod
---- openssl-1.0.2a/doc/apps/ca.pod.dgst 2015-01-20 13:33:36.000000000 +0100
-+++ openssl-1.0.2a/doc/apps/ca.pod 2015-04-21 17:01:38.842551640 +0200
-@@ -168,7 +168,8 @@ the number of days to certify the certif
- =item B<-md alg>
-
- the message digest to use. Possible values include md5, sha1 and mdc2.
--This option also applies to CRLs.
-+For full list of digests see openssl dgst -h output. This option also
-+applies to CRLs.
-
- =item B<-policy arg>
-
-diff -up openssl-1.0.2a/doc/apps/ocsp.pod.dgst openssl-1.0.2a/doc/apps/ocsp.pod
---- openssl-1.0.2a/doc/apps/ocsp.pod.dgst 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/doc/apps/ocsp.pod 2015-04-21 17:01:38.842551640 +0200
-@@ -219,7 +219,8 @@ check is not performed.
- =item B<-md5|-sha1|-sha256|-ripemod160|...>
-
- this option sets digest algorithm to use for certificate identification
--in the OCSP request. By default SHA-1 is used.
-+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
-+the list of available algorithms.
-
- =back
-
-diff -up openssl-1.0.2a/doc/apps/req.pod.dgst openssl-1.0.2a/doc/apps/req.pod
---- openssl-1.0.2a/doc/apps/req.pod.dgst 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/doc/apps/req.pod 2015-04-21 17:01:38.843551664 +0200
-@@ -201,7 +201,8 @@ will not be encrypted.
-
- this specifies the message digest to sign the request with (such as
- B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
--the configuration file.
-+the configuration file. For full list of possible digests see openssl
-+dgst -h output.
-
- Some public key algorithms may override this choice. For instance, DSA
- signatures always use SHA1, GOST R 34.10 signatures always use
-diff -up openssl-1.0.2a/doc/apps/x509.pod.dgst openssl-1.0.2a/doc/apps/x509.pod
---- openssl-1.0.2a/doc/apps/x509.pod.dgst 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/doc/apps/x509.pod 2015-04-21 17:01:38.843551664 +0200
-@@ -107,6 +107,7 @@ the digest to use. This affects any sign
- digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options.
If not
- specified then SHA1 is used. If the key being used to sign with is a DSA key
- then this option has no effect: SHA1 is always used with DSA keys.
-+For full list of digests see openssl dgst -h output.
-
- =item B<-engine id>
-
diff --git a/openssl-1.0.2a-compat-symbols.patch b/openssl-1.0.2a-compat-symbols.patch
deleted file mode 100644
index 1e0993e..0000000
--- a/openssl-1.0.2a-compat-symbols.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff -up openssl-1.0.2a/crypto/dsa/dsa_key.c.compat openssl-1.0.2a/crypto/dsa/dsa_key.c
---- openssl-1.0.2a/crypto/dsa/dsa_key.c.compat 2015-04-09 18:21:11.687977858 +0200
-+++ openssl-1.0.2a/crypto/dsa/dsa_key.c 2015-04-09 18:21:07.869889659 +0200
-@@ -68,6 +68,11 @@
- # include <openssl/fips.h>
- # include <openssl/evp.h>
-
-+/* just a compatibility symbol - no-op */
-+void FIPS_corrupt_dsa_keygen(void)
-+{
-+}
-+
- static int fips_check_dsa(DSA *dsa)
- {
- EVP_PKEY *pk;
-diff -up openssl-1.0.2a/crypto/engine/eng_all.c.compat
openssl-1.0.2a/crypto/engine/eng_all.c
---- openssl-1.0.2a/crypto/engine/eng_all.c.compat 2015-04-09 18:21:11.688977881 +0200
-+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-09 18:21:09.159919459 +0200
-@@ -63,6 +63,11 @@
- # include <openssl/fips.h>
- #endif
-
-+/* just backwards compatibility symbol - no-op */
-+void ENGINE_load_aesni(void)
-+{
-+}
-+
- void ENGINE_load_builtin_engines(void)
- {
- /* Some ENGINEs need this */
-diff -up openssl-1.0.2a/crypto/fips/fips.c.compat openssl-1.0.2a/crypto/fips/fips.c
---- openssl-1.0.2a/crypto/fips/fips.c.compat 2015-04-09 18:21:11.689977904 +0200
-+++ openssl-1.0.2a/crypto/fips/fips.c 2015-04-09 18:21:09.925937154 +0200
-@@ -113,6 +113,12 @@ int FIPS_module_mode(void)
- return ret;
- }
-
-+/* just a compat symbol - return NULL */
-+const void *FIPS_rand_check(void)
-+{
-+ return NULL;
-+}
-+
- int FIPS_selftest_failed(void)
- {
- int ret = 0;
diff --git a/openssl-1.0.2a-defaults.patch b/openssl-1.0.2a-defaults.patch
deleted file mode 100644
index 315a9b0..0000000
--- a/openssl-1.0.2a-defaults.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-diff -up openssl-1.0.2a/apps/openssl.cnf.defaults openssl-1.0.2a/apps/openssl.cnf
---- openssl-1.0.2a/apps/openssl.cnf.defaults 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/apps/openssl.cnf 2015-04-20 14:37:10.112271850 +0200
-@@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate fi
-
- default_days = 365 # how long to certify for
- default_crl_days= 30 # how long before next CRL
--default_md = default # use public key default MD
-+default_md = sha256 # use SHA-256 by default
- preserve = no # keep passed DN ordering
-
- # A few difference way of specifying how similar the request should look
-@@ -104,6 +104,7 @@ emailAddress = optional
- ####################################################################
- [ req ]
- default_bits = 2048
-+default_md = sha256
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
-@@ -126,17 +127,18 @@ string_mask = utf8only
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
--countryName_default = AU
-+countryName_default = XX
- countryName_min = 2
- countryName_max = 2
-
- stateOrProvinceName = State or Province Name (full name)
--stateOrProvinceName_default = Some-State
-+#stateOrProvinceName_default = Default Province
-
- localityName = Locality Name (eg, city)
-+localityName_default = Default City
-
- 0.organizationName = Organization Name (eg, company)
--0.organizationName_default = Internet Widgits Pty Ltd
-+0.organizationName_default = Default Company Ltd
-
- # we can do this but it is not needed normally :-)
- #1.organizationName = Second Organization Name (eg, company)
-@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
- organizationalUnitName = Organizational Unit Name (eg, section)
- #organizationalUnitName_default =
-
--commonName = Common Name (e.g. server FQDN or YOUR name)
-+commonName = Common Name (eg, your name or your server\'s hostname)
- commonName_max = 64
-
- emailAddress = Email Address
-@@ -339,7 +341,7 @@ signer_key = $dir/private/tsakey.pem # T
- default_policy = tsa_policy1 # Policy if request did not specify it
- # (optional)
- other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
--digests = md5, sha1 # Acceptable message digests (mandatory)
-+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
- accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
- clock_precision_digits = 0 # number of digits after dot. (optional)
- ordering = yes # Is ordering defined for timestamps?
diff --git a/openssl-1.0.2a-dtls1-abi.patch b/openssl-1.0.2a-dtls1-abi.patch
deleted file mode 100644
index a6a79d7..0000000
--- a/openssl-1.0.2a-dtls1-abi.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -up openssl-1.0.2a/ssl/dtls1.h.dtls1-abi openssl-1.0.2a/ssl/dtls1.h
---- openssl-1.0.2a/ssl/dtls1.h.dtls1-abi 2015-04-21 10:49:57.984781143 +0200
-+++ openssl-1.0.2a/ssl/dtls1.h 2015-04-21 16:41:37.835164264 +0200
-@@ -214,9 +214,6 @@ typedef struct dtls1_state_st {
- * loss.
- */
- record_pqueue buffered_app_data;
-- /* Is set when listening for new connections with dtls1_listen() */
-- unsigned int listen;
-- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
- unsigned int mtu; /* max DTLS packet size */
- struct hm_header_st w_msg_hdr;
- struct hm_header_st r_msg_hdr;
-@@ -241,6 +238,9 @@ typedef struct dtls1_state_st {
- * Cleared after the message has been processed.
- */
- unsigned int change_cipher_spec_ok;
-+ /* Is set when listening for new connections with dtls1_listen() */
-+ unsigned int listen;
-+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
- # ifndef OPENSSL_NO_SCTP
- /* used when SSL_ST_XX_FLUSH is entered */
- int next_state;
diff --git a/openssl-1.0.2a-env-zlib.patch b/openssl-1.0.2a-env-zlib.patch
deleted file mode 100644
index 328079b..0000000
--- a/openssl-1.0.2a-env-zlib.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff -up openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib
openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod
---- openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib 2015-04-09
18:17:20.509637597 +0200
-+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-09
18:17:14.767504953 +0200
-@@ -47,6 +47,13 @@ Once the identities of the compression m
- been standardized, the compression API will most likely be changed. Using
- it in the current state is not recommended.
-
-+It is also not recommended to use compression if data transfered contain
-+untrusted parts that can be manipulated by an attacker as he could then
-+get information about the encrypted data. See the CRIME attack. For
-+that reason the default loading of the zlib compression method is
-+disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
-+is present during the library initialization.
-+
- =head1 RETURN VALUES
-
- SSL_COMP_add_compression_method() may return the following values:
-diff -up openssl-1.0.2a/ssl/ssl_ciph.c.env-zlib openssl-1.0.2a/ssl/ssl_ciph.c
---- openssl-1.0.2a/ssl/ssl_ciph.c.env-zlib 2015-04-09 18:17:20.510637620 +0200
-+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-09 18:17:20.264631937 +0200
-@@ -140,6 +140,8 @@
- * OTHERWISE.
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <openssl/objects.h>
- #ifndef OPENSSL_NO_COMP
-@@ -450,7 +452,8 @@ static void load_builtin_compressions(vo
-
- MemCheck_off();
- ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-- if (ssl_comp_methods != NULL) {
-+ if (ssl_comp_methods != NULL
-+ && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL) {
- comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- if (comp != NULL) {
- comp->method = COMP_zlib();
diff --git a/openssl-1.0.2a-fips-ctor.patch b/openssl-1.0.2a-fips-ctor.patch
deleted file mode 100644
index 65f652c..0000000
--- a/openssl-1.0.2a-fips-ctor.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-diff -up openssl-1.0.2a/crypto/fips/fips.c.fips-ctor openssl-1.0.2a/crypto/fips/fips.c
---- openssl-1.0.2a/crypto/fips/fips.c.fips-ctor 2015-04-21 17:42:18.702765856 +0200
-+++ openssl-1.0.2a/crypto/fips/fips.c 2015-04-21 17:42:18.742766794 +0200
-@@ -60,6 +60,8 @@
- #include <dlfcn.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <unistd.h>
-+#include <errno.h>
- #include "fips_locl.h"
-
- #ifdef OPENSSL_FIPS
-@@ -201,7 +203,9 @@ static char *bin2hex(void *buf, size_t l
- }
-
- # define HMAC_PREFIX "."
--# define HMAC_SUFFIX ".hmac"
-+# ifndef HMAC_SUFFIX
-+# define HMAC_SUFFIX ".hmac"
-+# endif
- # define READ_BUFFER_LENGTH 16384
-
- static char *make_hmac_path(const char *origpath)
-@@ -279,20 +283,14 @@ static int compute_file_hmac(const char
- return rv;
- }
-
--static int FIPSCHECK_verify(const char *libname, const char *symbolname)
-+static int FIPSCHECK_verify(const char *path)
- {
-- char path[PATH_MAX + 1];
-- int rv;
-+ int rv = 0;
- FILE *hf;
- char *hmacpath, *p;
- char *hmac = NULL;
- size_t n;
-
-- rv = get_library_path(libname, symbolname, path, sizeof(path));
--
-- if (rv < 0)
-- return 0;
--
- hmacpath = make_hmac_path(path);
- if (hmacpath == NULL)
- return 0;
-@@ -343,6 +341,51 @@ static int FIPSCHECK_verify(const char *
- return 1;
- }
-
-+static int verify_checksums(void)
-+{
-+ int rv;
-+ char path[PATH_MAX + 1];
-+ char *p;
-+
-+ /* we need to avoid dlopening libssl, assume both libcrypto and libssl
-+ are in the same directory */
-+
-+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER,
-+ "FIPS_mode_set", path, sizeof(path));
-+ if (rv < 0)
-+ return 0;
-+
-+ rv = FIPSCHECK_verify(path);
-+ if (!rv)
-+ return 0;
-+
-+ /* replace libcrypto with libssl */
-+ while ((p = strstr(path, "libcrypto.so")) != NULL) {
-+ p = stpcpy(p, "libssl");
-+ memmove(p, p + 3, strlen(p + 2));
-+ }
-+
-+ rv = FIPSCHECK_verify(path);
-+ if (!rv)
-+ return 0;
-+ return 1;
-+}
-+
-+# ifndef FIPS_MODULE_PATH
-+# define FIPS_MODULE_PATH "/etc/system-fips"
-+# endif
-+
-+int FIPS_module_installed(void)
-+{
-+ int rv;
-+ rv = access(FIPS_MODULE_PATH, F_OK);
-+ if (rv < 0 && errno != ENOENT)
-+ rv = 0;
-+
-+ /* Installed == true */
-+ return !rv;
-+}
-+
- int FIPS_module_mode_set(int onoff, const char *auth)
- {
- int ret = 0;
-@@ -380,17 +423,7 @@ int FIPS_module_mode_set(int onoff, cons
- }
- # endif
-
-- if (!FIPSCHECK_verify
-- ("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set"))
{
-- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
-- fips_selftest_fail = 1;
-- ret = 0;
-- goto end;
-- }
--
-- if (!FIPSCHECK_verify
-- ("libssl.so." SHLIB_VERSION_NUMBER, "SSL_CTX_new")) {
-+ if (!verify_checksums()) {
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
- fips_selftest_fail = 1;
-diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-ctor openssl-1.0.2a/crypto/fips/fips.h
---- openssl-1.0.2a/crypto/fips/fips.h.fips-ctor 2015-04-21 17:42:18.739766724 +0200
-+++ openssl-1.0.2a/crypto/fips/fips.h 2015-04-21 17:42:18.743766818 +0200
-@@ -74,6 +74,7 @@ extern "C" {
-
- int FIPS_module_mode_set(int onoff, const char *auth);
- int FIPS_module_mode(void);
-+ int FIPS_module_installed(void);
- const void *FIPS_rand_check(void);
- int FIPS_selftest(void);
- int FIPS_selftest_failed(void);
-diff -up openssl-1.0.2a/crypto/o_init.c.fips-ctor openssl-1.0.2a/crypto/o_init.c
---- openssl-1.0.2a/crypto/o_init.c.fips-ctor 2015-04-21 17:42:18.732766559 +0200
-+++ openssl-1.0.2a/crypto/o_init.c 2015-04-21 17:45:02.662613173 +0200
-@@ -74,6 +74,9 @@ static void init_fips_mode(void)
- char buf[2] = "0";
- int fd;
-
-+ /* Ensure the selftests always run */
-+ FIPS_mode_set(1);
-+
- if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
- buf[0] = '1';
- } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
-@@ -85,8 +88,12 @@ static void init_fips_mode(void)
- * otherwise..
- */
-
-- if (buf[0] == '1') {
-- FIPS_mode_set(1);
-+ if (buf[0] != '1') {
-+ /* drop down to non-FIPS mode if it is not requested */
-+ FIPS_mode_set(0);
-+ } else {
-+ /* abort if selftest failed */
-+ FIPS_selftest_check();
- }
- }
- #endif
-@@ -96,13 +103,16 @@ static void init_fips_mode(void)
- * sets FIPS callbacks
- */
-
--void OPENSSL_init_library(void)
-+void __attribute__ ((constructor)) OPENSSL_init_library(void)
- {
- static int done = 0;
- if (done)
- return;
- done = 1;
- #ifdef OPENSSL_FIPS
-+ if (!FIPS_module_installed()) {
-+ return;
-+ }
- RAND_init_fips();
- init_fips_mode();
- if (!FIPS_mode()) {
diff --git a/openssl-1.0.2a-fips-ec.patch b/openssl-1.0.2a-fips-ec.patch
deleted file mode 100644
index e42f4a1..0000000
--- a/openssl-1.0.2a-fips-ec.patch
+++ /dev/null
@@ -1,1929 +0,0 @@
-diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec
openssl-1.0.2a/crypto/ecdh/ecdhtest.c
---- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
- goto err;
-
- /* NIST PRIME CURVES TESTS */
-+# if 0
- if (!test_ecdh_curve
- (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
- goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
- goto err;
-+# endif
- if (!test_ecdh_curve
- (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
- goto err;
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
- goto err;
- # endif
-+# if 0
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
- goto err;
--
-+# endif
- ret = 0;
-
- err:
-diff -up openssl-1.0.2a/crypto/ecdh/ech_lib.c.fips-ec
openssl-1.0.2a/crypto/ecdh/ech_lib.c
---- openssl-1.0.2a/crypto/ecdh/ech_lib.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdh/ech_lib.c 2015-04-22 19:00:19.721884512 +0200
-@@ -93,14 +93,7 @@ void ECDH_set_default_method(const ECDH_
- const ECDH_METHOD *ECDH_get_default_method(void)
- {
- if (!default_ECDH_method) {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_ecdh_openssl();
-- else
-- return ECDH_OpenSSL();
--#else
- default_ECDH_method = ECDH_OpenSSL();
--#endif
- }
- return default_ECDH_method;
- }
-diff -up openssl-1.0.2a/crypto/ecdh/ech_ossl.c.fips-ec
openssl-1.0.2a/crypto/ecdh/ech_ossl.c
---- openssl-1.0.2a/crypto/ecdh/ech_ossl.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdh/ech_ossl.c 2015-04-22 19:00:19.722884536 +0200
-@@ -78,6 +78,10 @@
- #include <openssl/obj_mac.h>
- #include <openssl/bn.h>
-
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+
- static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
- EC_KEY *ecdh,
- void *(*KDF) (const void *in, size_t inlen,
-@@ -90,7 +94,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
- NULL, /* init */
- NULL, /* finish */
- #endif
-- 0, /* flags */
-+ ECDH_FLAG_FIPS_METHOD, /* flags */
- NULL /* app_data */
- };
-
-@@ -119,6 +123,13 @@ static int ecdh_compute_key(void *out, s
- size_t buflen, len;
- unsigned char *buf = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+#endif
-+
- if (outlen > INT_MAX) {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,
- * anyway */
-diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec
openssl-1.0.2a/crypto/ecdsa/ecdsatest.c
---- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200
-@@ -138,11 +138,14 @@ int restore_rand(void)
- }
-
- static int fbytes_counter = 0;
--static const char *numbers[8] = {
-+static const char *numbers[10] = {
-+ "651056770906015076056810763456358567190100156695615665659",
- "651056770906015076056810763456358567190100156695615665659",
- "6140507067065001063065065565667405560006161556565665656654",
- "8763001015071075675010661307616710783570106710677817767166"
- "71676178726717",
-+ "8763001015071075675010661307616710783570106710677817767166"
-+ "71676178726717",
- "7000000175690566466555057817571571075705015757757057795755"
- "55657156756655",
- "1275552191113212300012030439187146164646146646466749494799",
-@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num)
- int ret;
- BIGNUM *tmp = NULL;
-
-- if (fbytes_counter >= 8)
-+ if (fbytes_counter >= 10)
- return 0;
- tmp = BN_new();
- if (!tmp)
-@@ -532,8 +535,10 @@ int main(void)
- RAND_seed(rnd_seed, sizeof(rnd_seed));
-
- /* the tests */
-+# if 0
- if (!x9_62_tests(out))
- goto err;
-+# endif
- if (!test_builtin(out))
- goto err;
-
-diff -up openssl-1.0.2a/crypto/ecdsa/ecs_lib.c.fips-ec
openssl-1.0.2a/crypto/ecdsa/ecs_lib.c
---- openssl-1.0.2a/crypto/ecdsa/ecs_lib.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdsa/ecs_lib.c 2015-04-22 19:00:19.722884536 +0200
-@@ -80,14 +80,7 @@ void ECDSA_set_default_method(const ECDS
- const ECDSA_METHOD *ECDSA_get_default_method(void)
- {
- if (!default_ECDSA_method) {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_ecdsa_openssl();
-- else
-- return ECDSA_OpenSSL();
--#else
- default_ECDSA_method = ECDSA_OpenSSL();
--#endif
- }
- return default_ECDSA_method;
- }
-diff -up openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c.fips-ec
openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c
---- openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c 2015-04-22 19:00:19.722884536 +0200
-@@ -60,6 +60,9 @@
- #include <openssl/err.h>
- #include <openssl/obj_mac.h>
- #include <openssl/bn.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
- const BIGNUM *, const BIGNUM *,
-@@ -78,7 +81,7 @@ static ECDSA_METHOD openssl_ecdsa_meth =
- NULL, /* init */
- NULL, /* finish */
- #endif
-- 0, /* flags */
-+ ECDSA_FLAG_FIPS_METHOD, /* flags */
- NULL /* app_data */
- };
-
-@@ -245,6 +248,13 @@ static ECDSA_SIG *ecdsa_do_sign(const un
- ECDSA_DATA *ecdsa;
- const BIGNUM *priv_key;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_ECDSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return NULL;
-+ }
-+#endif
-+
- ecdsa = ecdsa_check(eckey);
- group = EC_KEY_get0_group(eckey);
- priv_key = EC_KEY_get0_private_key(eckey);
-@@ -358,6 +368,13 @@ static int ecdsa_do_verify(const unsigne
- const EC_GROUP *group;
- const EC_POINT *pub_key;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_ECDSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+#endif
-+
- /* check input values */
- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
- (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.0.2a/crypto/ec/ec_cvt.c.fips-ec openssl-1.0.2a/crypto/ec/ec_cvt.c
---- openssl-1.0.2a/crypto/ec/ec_cvt.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/ec/ec_cvt.c 2015-04-22 19:01:08.703040756 +0200
-@@ -82,10 +82,6 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const B
- const EC_METHOD *meth;
- EC_GROUP *ret;
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_ec_group_new_curve_gfp(p, a, b, ctx);
--#endif
- #if defined(OPENSSL_BN_ASM_MONT)
- /*
- * This might appear controversial, but the fact is that generic
-@@ -160,10 +156,6 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const
- const EC_METHOD *meth;
- EC_GROUP *ret;
-
--# ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_ec_group_new_curve_gf2m(p, a, b, ctx);
--# endif
- meth = EC_GF2m_simple_method();
-
- ret = EC_GROUP_new(meth);
-diff -up openssl-1.0.2a/crypto/ec/ec_key.c.fips-ec openssl-1.0.2a/crypto/ec/ec_key.c
---- openssl-1.0.2a/crypto/ec/ec_key.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ec/ec_key.c 2015-04-22 19:00:19.722884536 +0200
-@@ -64,9 +64,6 @@
- #include <string.h>
- #include "ec_lcl.h"
- #include <openssl/err.h>
--#ifdef OPENSSL_FIPS
--# include <openssl/fips.h>
--#endif
-
- EC_KEY *EC_KEY_new(void)
- {
-@@ -227,6 +224,38 @@ int EC_KEY_up_ref(EC_KEY *r)
- return ((i > 1) ? 1 : 0);
- }
-
-+#ifdef OPENSSL_FIPS
-+
-+# include <openssl/evp.h>
-+# include <openssl/fips.h>
-+# include <openssl/fips_rand.h>
-+
-+static int fips_check_ec(EC_KEY *key)
-+{
-+ EVP_PKEY *pk;
-+ unsigned char tbs[] = "ECDSA Pairwise Check Data";
-+ int ret = 0;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_EC_KEY(pk, key);
-+
-+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
-+ ret = 1;
-+
-+ err:
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED);
-+ fips_set_selftest_fail();
-+ }
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ return ret;
-+}
-+
-+#endif
-+
- int EC_KEY_generate_key(EC_KEY *eckey)
- {
- int ok = 0;
-@@ -235,8 +264,10 @@ int EC_KEY_generate_key(EC_KEY *eckey)
- EC_POINT *pub_key = NULL;
-
- #ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_ec_key_generate_key(eckey);
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
- #endif
-
- if (!eckey || !eckey->group) {
-@@ -277,6 +308,14 @@ int EC_KEY_generate_key(EC_KEY *eckey)
- eckey->priv_key = priv_key;
- eckey->pub_key = pub_key;
-
-+#ifdef OPENSSL_FIPS
-+ if (!fips_check_ec(eckey)) {
-+ eckey->priv_key = NULL;
-+ eckey->pub_key = NULL;
-+ goto err;
-+ }
-+#endif
-+
- ok = 1;
-
- err:
-@@ -408,10 +447,12 @@ int EC_KEY_set_public_key_affine_coordin
- goto err;
- }
- /*
-- * Check if retrieved coordinates match originals: if not values are out
-- * of range.
-+ * Check if retrieved coordinates match originals and are less
-+ * than field order: if not values are out of range.
- */
-- if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
-+ if (BN_cmp(x, tx) || BN_cmp(y, ty)
-+ || (BN_cmp(x, &key->group->field) >= 0)
-+ || (BN_cmp(y, &key->group->field) >= 0)) {
- ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
- EC_R_COORDINATES_OUT_OF_RANGE);
- goto err;
-diff -up openssl-1.0.2a/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_mont.c
---- openssl-1.0.2a/crypto/ec/ecp_mont.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ec/ecp_mont.c 2015-04-22 19:00:19.722884536 +0200
-@@ -63,10 +63,6 @@
-
- #include <openssl/err.h>
-
--#ifdef OPENSSL_FIPS
--# include <openssl/fips.h>
--#endif
--
- #include "ec_lcl.h"
-
- const EC_METHOD *EC_GFp_mont_method(void)
-@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void
- ec_GFp_mont_field_set_to_one
- };
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return fips_ec_gfp_mont_method();
--#endif
--
- return &ret;
- }
-
-diff -up openssl-1.0.2a/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_nist.c
---- openssl-1.0.2a/crypto/ec/ecp_nist.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ec/ecp_nist.c 2015-04-22 19:00:19.723884560 +0200
-@@ -67,10 +67,6 @@
- #include <openssl/obj_mac.h>
- #include "ec_lcl.h"
-
--#ifdef OPENSSL_FIPS
--# include <openssl/fips.h>
--#endif
--
- const EC_METHOD *EC_GFp_nist_method(void)
- {
- static const EC_METHOD ret = {
-@@ -113,11 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
- 0 /* field_set_to_one */
- };
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return fips_ec_gfp_nist_method();
--#endif
--
- return &ret;
- }
-
-diff -up openssl-1.0.2a/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_smpl.c
---- openssl-1.0.2a/crypto/ec/ecp_smpl.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ec/ecp_smpl.c 2015-04-22 19:00:19.723884560 +0200
-@@ -66,10 +66,6 @@
- #include <openssl/err.h>
- #include <openssl/symhacks.h>
-
--#ifdef OPENSSL_FIPS
--# include <openssl/fips.h>
--#endif
--
- #include "ec_lcl.h"
-
- const EC_METHOD *EC_GFp_simple_method(void)
-@@ -114,11 +110,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
- 0 /* field_set_to_one */
- };
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return fips_ec_gfp_simple_method();
--#endif
--
- return &ret;
- }
-
-@@ -187,6 +178,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
- return 0;
- }
-
-+ if (BN_num_bits(p) < 256) {
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+ return 0;
-+ }
-+
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
-diff -up openssl-1.0.2a/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.2a/crypto/evp/m_ecdsa.c
---- openssl-1.0.2a/crypto/evp/m_ecdsa.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/evp/m_ecdsa.c 2015-04-22 19:00:19.723884560 +0200
-@@ -136,7 +136,7 @@ static const EVP_MD ecdsa_md = {
- NID_ecdsa_with_SHA1,
- NID_ecdsa_with_SHA1,
- SHA_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_DIGEST,
-+ EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS,
- init,
- update,
- final,
-diff -up openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c.fips-ec
openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c
---- openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2015-04-22 19:00:19.723884560
+0200
-+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c 2015-04-22 19:00:19.723884560 +0200
-@@ -0,0 +1,456 @@
-+/* fips/ecdh/fips_ecdhvs.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+#include <openssl/opensslconf.h>
-+
-+#ifndef OPENSSL_FIPS
-+# include <stdio.h>
-+
-+int main(int argc, char **argv)
-+{
-+ printf("No FIPS ECDH support\n");
-+ return (0);
-+}
-+#else
-+
-+# include <openssl/crypto.h>
-+# include <openssl/bn.h>
-+# include <openssl/ecdh.h>
-+# include <openssl/fips.h>
-+# include <openssl/err.h>
-+# include <openssl/evp.h>
-+# include <string.h>
-+# include <ctype.h>
-+
-+# include "fips_utl.h"
-+
-+static const EVP_MD *eparse_md(char *line)
-+{
-+ char *p;
-+ if (line[0] != '[' || line[1] != 'E')
-+ return NULL;
-+ p = strchr(line, '-');
-+ if (!p)
-+ return NULL;
-+ line = p + 1;
-+ p = strchr(line, ']');
-+ if (!p)
-+ return NULL;
-+ *p = 0;
-+ p = line;
-+ while (isspace(*p))
-+ p++;
-+ if (!strcmp(p, "SHA1"))
-+ return EVP_sha1();
-+ else if (!strcmp(p, "SHA224"))
-+ return EVP_sha224();
-+ else if (!strcmp(p, "SHA256"))
-+ return EVP_sha256();
-+ else if (!strcmp(p, "SHA384"))
-+ return EVP_sha384();
-+ else if (!strcmp(p, "SHA512"))
-+ return EVP_sha512();
-+ else
-+ return NULL;
-+}
-+
-+static int lookup_curve2(char *cname)
-+{
-+ char *p;
-+ p = strchr(cname, ']');
-+ if (!p) {
-+ fprintf(stderr, "Parse error: missing ]\n");
-+ return NID_undef;
-+ }
-+ *p = 0;
-+
-+ if (!strcmp(cname, "B-163"))
-+ return NID_sect163r2;
-+ if (!strcmp(cname, "B-233"))
-+ return NID_sect233r1;
-+ if (!strcmp(cname, "B-283"))
-+ return NID_sect283r1;
-+ if (!strcmp(cname, "B-409"))
-+ return NID_sect409r1;
-+ if (!strcmp(cname, "B-571"))
-+ return NID_sect571r1;
-+ if (!strcmp(cname, "K-163"))
-+ return NID_sect163k1;
-+ if (!strcmp(cname, "K-233"))
-+ return NID_sect233k1;
-+ if (!strcmp(cname, "K-283"))
-+ return NID_sect283k1;
-+ if (!strcmp(cname, "K-409"))
-+ return NID_sect409k1;
-+ if (!strcmp(cname, "K-571"))
-+ return NID_sect571k1;
-+ if (!strcmp(cname, "P-192"))
-+ return NID_X9_62_prime192v1;
-+ if (!strcmp(cname, "P-224"))
-+ return NID_secp224r1;
-+ if (!strcmp(cname, "P-256"))
-+ return NID_X9_62_prime256v1;
-+ if (!strcmp(cname, "P-384"))
-+ return NID_secp384r1;
-+ if (!strcmp(cname, "P-521"))
-+ return NID_secp521r1;
-+
-+ fprintf(stderr, "Unknown Curve name %s\n", cname);
-+ return NID_undef;
-+}
-+
-+static int lookup_curve(char *cname)
-+{
-+ char *p;
-+ p = strchr(cname, ':');
-+ if (!p) {
-+ fprintf(stderr, "Parse error: missing :\n");
-+ return NID_undef;
-+ }
-+ cname = p + 1;
-+ while (isspace(*cname))
-+ cname++;
-+ return lookup_curve2(cname);
-+}
-+
-+static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
-+{
-+ EC_POINT *peer;
-+ int rv;
-+ BN_CTX *c;
-+ peer = EC_POINT_new(group);
-+ if (!peer)
-+ return NULL;
-+ c = BN_CTX_new();
-+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-+ == NID_X9_62_prime_field)
-+ rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
-+ else
-+# ifdef OPENSSL_NO_EC2M
-+ {
-+ fprintf(stderr, "ERROR: GF2m not supported\n");
-+ exit(1);
-+ }
-+# else
-+ rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
-+# endif
-+
-+ BN_CTX_free(c);
-+ if (rv)
-+ return peer;
-+ EC_POINT_free(peer);
-+ return NULL;
-+}
-+
-+static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
-+{
-+ const EC_POINT *pt;
-+ const EC_GROUP *grp;
-+ const EC_METHOD *meth;
-+ int rv;
-+ BIGNUM *tx, *ty;
-+ const BIGNUM *d = NULL;
-+ BN_CTX *ctx;
-+ ctx = BN_CTX_new();
-+ if (!ctx)
-+ return 0;
-+ tx = BN_CTX_get(ctx);
-+ ty = BN_CTX_get(ctx);
-+ if (!tx || !ty)
-+ return 0;
-+ grp = EC_KEY_get0_group(key);
-+ pt = EC_KEY_get0_public_key(key);
-+ if (exout)
-+ d = EC_KEY_get0_private_key(key);
-+ meth = EC_GROUP_method_of(grp);
-+ if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
-+ rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
-+ else
-+# ifdef OPENSSL_NO_EC2M
-+ {
-+ fprintf(stderr, "ERROR: GF2m not supported\n");
-+ exit(1);
-+ }
-+# else
-+ rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
-+# endif
-+
-+ if (add_e) {
-+ do_bn_print_name(out, "QeIUTx", tx);
-+ do_bn_print_name(out, "QeIUTy", ty);
-+ if (d)
-+ do_bn_print_name(out, "QeIUTd", d);
-+ } else {
-+ do_bn_print_name(out, "QIUTx", tx);
-+ do_bn_print_name(out, "QIUTy", ty);
-+ if (d)
-+ do_bn_print_name(out, "QIUTd", d);
-+ }
-+
-+ BN_CTX_free(ctx);
-+
-+ return rv;
-+
-+}
-+
-+static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
-+ BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
-+ BIGNUM *cy, const EVP_MD *md,
-+ unsigned char *rhash, size_t rhashlen)
-+{
-+ EC_KEY *ec = NULL;
-+ EC_POINT *peerkey = NULL;
-+ unsigned char *Z;
-+ unsigned char chash[EVP_MAX_MD_SIZE];
-+ int Zlen;
-+ ec = EC_KEY_new();
-+ EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
-+ EC_KEY_set_group(ec, group);
-+ peerkey = make_peer(group, cx, cy);
-+ if (rhash == NULL) {
-+ if (md)
-+ rhashlen = M_EVP_MD_size(md);
-+ EC_KEY_generate_key(ec);
-+ ec_print_key(out, ec, md ? 1 : 0, exout);
-+ } else {
-+ EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
-+ EC_KEY_set_private_key(ec, id);
-+ }
-+ Zlen = (EC_GROUP_get_degree(group) + 7) / 8;
-+ Z = OPENSSL_malloc(Zlen);
-+ if (!Z)
-+ exit(1);
-+ ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
-+ if (md) {
-+ if (exout)
-+ OutputValue("Z", Z, Zlen, out, 0);
-+ FIPS_digest(Z, Zlen, chash, NULL, md);
-+ OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen,
out, 0);
-+ if (rhash) {
-+ fprintf(out, "Result = %s\n",
-+ memcmp(chash, rhash, rhashlen) ? "F" : "P");
-+ }
-+ } else
-+ OutputValue("ZIUT", Z, Zlen, out, 0);
-+ OPENSSL_cleanse(Z, Zlen);
-+ OPENSSL_free(Z);
-+ EC_KEY_free(ec);
-+ EC_POINT_free(peerkey);
-+}
-+
-+# ifdef FIPS_ALGVS
-+int fips_ecdhvs_main(int argc, char **argv)
-+# else
-+int main(int argc, char **argv)
-+# endif
-+{
-+ char **args = argv + 1;
-+ int argn = argc - 1;
-+ FILE *in, *out;
-+ char buf[2048], lbuf[2048];
-+ unsigned char *rhash = NULL;
-+ long rhashlen;
-+ BIGNUM *cx = NULL, *cy = NULL;
-+ BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
-+ const EVP_MD *md = NULL;
-+ EC_GROUP *group = NULL;
-+ char *keyword = NULL, *value = NULL;
-+ int do_verify = -1, exout = 0;
-+ int rv = 1;
-+
-+ int curve_nids[5] = { 0, 0, 0, 0, 0 };
-+ int param_set = -1;
-+
-+ fips_algtest_init();
-+
-+ if (argn && !strcmp(*args, "ecdhver")) {
-+ do_verify = 1;
-+ args++;
-+ argn--;
-+ } else if (argn && !strcmp(*args, "ecdhgen")) {
-+ do_verify = 0;
-+ args++;
-+ argn--;
-+ }
-+
-+ if (argn && !strcmp(*args, "-exout")) {
-+ exout = 1;
-+ args++;
-+ argn--;
-+ }
-+
-+ if (do_verify == -1) {
-+ fprintf(stderr, "%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",
-+ argv[0]);
-+ exit(1);
-+ }
-+
-+ if (argn == 2) {
-+ in = fopen(*args, "r");
-+ if (!in) {
-+ fprintf(stderr, "Error opening input file\n");
-+ exit(1);
-+ }
-+ out = fopen(args[1], "w");
-+ if (!out) {
-+ fprintf(stderr, "Error opening output file\n");
-+ exit(1);
-+ }
-+ } else if (argn == 0) {
-+ in = stdin;
-+ out = stdout;
-+ } else {
-+ fprintf(stderr, "%s [dhver|dhgen|] [-exout] (infile outfile)\n",
-+ argv[0]);
-+ exit(1);
-+ }
-+
-+ while (fgets(buf, sizeof(buf), in) != NULL) {
-+ fputs(buf, out);
-+ if (buf[0] == '[' && buf[1] == 'E') {
-+ int c = buf[2];
-+ if (c < 'A' || c > 'E')
-+ goto parse_error;
-+ param_set = c - 'A';
-+ /* If just [E?] then initial paramset */
-+ if (buf[3] == ']')
-+ continue;
-+ if (group)
-+ EC_GROUP_free(group);
-+ group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
-+ }
-+ if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6)) {
-+ int nid;
-+ if (param_set == -1)
-+ goto parse_error;
-+ nid = lookup_curve(buf);
-+ if (nid == NID_undef)
-+ goto parse_error;
-+ curve_nids[param_set] = nid;
-+ }
-+
-+ if (strlen(buf) > 4 && buf[0] == '[' && buf[2] ==
'-') {
-+ int nid = lookup_curve2(buf + 1);
-+ if (nid == NID_undef)
-+ goto parse_error;
-+ if (group)
-+ EC_GROUP_free(group);
-+ group = EC_GROUP_new_by_curve_name(nid);
-+ if (!group) {
-+ fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
-+ return 1;
-+ }
-+ }
-+
-+ if (strlen(buf) > 6 && !strncmp(buf, "[E", 2)) {
-+ md = eparse_md(buf);
-+ if (md == NULL)
-+ goto parse_error;
-+ continue;
-+ }
-+ if (!parse_line(&keyword, &value, lbuf, buf))
-+ continue;
-+ if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword,
"QCAVSx")) {
-+ if (!do_hex2bn(&cx, value))
-+ goto parse_error;
-+ } else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword,
"QCAVSy")) {
-+ if (!do_hex2bn(&cy, value))
-+ goto parse_error;
-+ if (do_verify == 0)
-+ ec_output_Zhash(out, exout, group,
-+ NULL, NULL, NULL,
-+ cx, cy, md, rhash, rhashlen);
-+ } else if (!strcmp(keyword, "deIUT")) {
-+ if (!do_hex2bn(&id, value))
-+ goto parse_error;
-+ } else if (!strcmp(keyword, "QeIUTx")) {
-+ if (!do_hex2bn(&ix, value))
-+ goto parse_error;
-+ } else if (!strcmp(keyword, "QeIUTy")) {
-+ if (!do_hex2bn(&iy, value))
-+ goto parse_error;
-+ } else if (!strcmp(keyword, "CAVSHashZZ")) {
-+ if (!md)
-+ goto parse_error;
-+ rhash = hex2bin_m(value, &rhashlen);
-+ if (!rhash || rhashlen != M_EVP_MD_size(md))
-+ goto parse_error;
-+ ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
-+ md, rhash, rhashlen);
-+ }
-+ }
-+ rv = 0;
-+ parse_error:
-+ if (id)
-+ BN_free(id);
-+ if (ix)
-+ BN_free(ix);
-+ if (iy)
-+ BN_free(iy);
-+ if (cx)
-+ BN_free(cx);
-+ if (cy)
-+ BN_free(cy);
-+ if (group)
-+ EC_GROUP_free(group);
-+ if (in && in != stdin)
-+ fclose(in);
-+ if (out && out != stdout)
-+ fclose(out);
-+ if (rv)
-+ fprintf(stderr, "Error Parsing request file\n");
-+ return rv;
-+}
-+
-+#endif
-diff -up openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c.fips-ec
openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c
---- openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2015-04-22 19:00:19.723884560
+0200
-+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c 2015-04-22 19:00:19.723884560 +0200
-@@ -0,0 +1,486 @@
-+/* fips/ecdsa/fips_ecdsavs.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+#include <openssl/opensslconf.h>
-+#include <stdio.h>
-+
-+#ifndef OPENSSL_FIPS
-+
-+int main(int argc, char **argv)
-+{
-+ printf("No FIPS ECDSA support\n");
-+ return (0);
-+}
-+#else
-+
-+# include <string.h>
-+# include <ctype.h>
-+# include <openssl/err.h>
-+# include <openssl/bn.h>
-+# include <openssl/ecdsa.h>
-+# include <openssl/evp.h>
-+# include "fips_utl.h"
-+
-+# include <openssl/objects.h>
-+
-+static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
-+{
-+ char *cname, *p;
-+ /* Copy buffer as we will change it */
-+ strcpy(curve_name, in);
-+ cname = curve_name + 1;
-+ p = strchr(cname, ']');
-+ if (!p) {
-+ fprintf(stderr, "Parse error: missing ]\n");
-+ return NID_undef;
-+ }
-+ *p = 0;
-+ p = strchr(cname, ',');
-+ if (p) {
-+ if (!pmd) {
-+ fprintf(stderr, "Parse error: unexpected digest\n");
-+ return NID_undef;
-+ }
-+ *p = 0;
-+ p++;
-+
-+ if (!strcmp(p, "SHA-1"))
-+ *pmd = EVP_sha1();
-+ else if (!strcmp(p, "SHA-224"))
-+ *pmd = EVP_sha224();
-+ else if (!strcmp(p, "SHA-256"))
-+ *pmd = EVP_sha256();
-+ else if (!strcmp(p, "SHA-384"))
-+ *pmd = EVP_sha384();
-+ else if (!strcmp(p, "SHA-512"))
-+ *pmd = EVP_sha512();
-+ else {
-+ fprintf(stderr, "Unknown digest %s\n", p);
-+ return NID_undef;
-+ }
-+ } else if (pmd)
-+ *pmd = EVP_sha1();
-+
-+ if (!strcmp(cname, "B-163"))
-+ return NID_sect163r2;
-+ if (!strcmp(cname, "B-233"))
-+ return NID_sect233r1;
-+ if (!strcmp(cname, "B-283"))
-+ return NID_sect283r1;
-+ if (!strcmp(cname, "B-409"))
-+ return NID_sect409r1;
-+ if (!strcmp(cname, "B-571"))
-+ return NID_sect571r1;
-+ if (!strcmp(cname, "K-163"))
-+ return NID_sect163k1;
-+ if (!strcmp(cname, "K-233"))
-+ return NID_sect233k1;
-+ if (!strcmp(cname, "K-283"))
-+ return NID_sect283k1;
-+ if (!strcmp(cname, "K-409"))
-+ return NID_sect409k1;
-+ if (!strcmp(cname, "K-571"))
-+ return NID_sect571k1;
-+ if (!strcmp(cname, "P-192"))
-+ return NID_X9_62_prime192v1;
-+ if (!strcmp(cname, "P-224"))
-+ return NID_secp224r1;
-+ if (!strcmp(cname, "P-256"))
-+ return NID_X9_62_prime256v1;
-+ if (!strcmp(cname, "P-384"))
-+ return NID_secp384r1;
-+ if (!strcmp(cname, "P-521"))
-+ return NID_secp521r1;
-+
-+ fprintf(stderr, "Unknown Curve name %s\n", cname);
-+ return NID_undef;
-+}
-+
-+static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
-+{
-+ const EC_POINT *pt;
-+ const EC_GROUP *grp;
-+ const EC_METHOD *meth;
-+ int rv;
-+ BN_CTX *ctx;
-+ ctx = BN_CTX_new();
-+ if (!ctx)
-+ return 0;
-+ grp = EC_KEY_get0_group(key);
-+ pt = EC_KEY_get0_public_key(key);
-+ meth = EC_GROUP_method_of(grp);
-+ if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
-+ rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
-+ else
-+# ifdef OPENSSL_NO_EC2M
-+ {
-+ fprintf(stderr, "ERROR: GF2m not supported\n");
-+ exit(1);
-+ }
-+# else
-+ rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
-+# endif
-+
-+ BN_CTX_free(ctx);
-+
-+ return rv;
-+
-+}
-+
-+static int KeyPair(FILE *in, FILE *out)
-+{
-+ char buf[2048], lbuf[2048];
-+ char *keyword, *value;
-+ int curve_nid = NID_undef;
-+ int i, count;
-+ BIGNUM *Qx = NULL, *Qy = NULL;
-+ const BIGNUM *d = NULL;
-+ EC_KEY *key = NULL;
-+ Qx = BN_new();
-+ Qy = BN_new();
-+ while (fgets(buf, sizeof buf, in) != NULL) {
-+ if (*buf == '[' && buf[2] == '-') {
-+ if (buf[2] == '-')
-+ curve_nid = elookup_curve(buf, lbuf, NULL);
-+ fputs(buf, out);
-+ continue;
-+ }
-+ if (!parse_line(&keyword, &value, lbuf, buf)) {
-+ fputs(buf, out);
-+ continue;
-+ }
-+ if (!strcmp(keyword, "N")) {
-+ count = atoi(value);
-+
-+ for (i = 0; i < count; i++) {
-+
-+ key = EC_KEY_new_by_curve_name(curve_nid);
-+ if (!EC_KEY_generate_key(key)) {
-+ fprintf(stderr, "Error generating key\n");
-+ return 0;
-+ }
-+
-+ if (!ec_get_pubkey(key, Qx, Qy)) {
-+ fprintf(stderr, "Error getting public key\n");
-+ return 0;
-+ }
-+
-+ d = EC_KEY_get0_private_key(key);
-+
-+ do_bn_print_name(out, "d", d);
-+ do_bn_print_name(out, "Qx", Qx);
-+ do_bn_print_name(out, "Qy", Qy);
-+ fputs(RESP_EOL, out);
-+ EC_KEY_free(key);
-+
-+ }
-+
-+ }
-+
-+ }
-+ BN_free(Qx);
-+ BN_free(Qy);
-+ return 1;
-+}
-+
-+static int PKV(FILE *in, FILE *out)
-+{
-+
-+ char buf[2048], lbuf[2048];
-+ char *keyword, *value;
-+ int curve_nid = NID_undef;
-+ BIGNUM *Qx = NULL, *Qy = NULL;
-+ EC_KEY *key = NULL;
-+ while (fgets(buf, sizeof buf, in) != NULL) {
-+ fputs(buf, out);
-+ if (*buf == '[' && buf[2] == '-') {
-+ curve_nid = elookup_curve(buf, lbuf, NULL);
-+ if (curve_nid == NID_undef)
-+ return 0;
-+
-+ }
-+ if (!parse_line(&keyword, &value, lbuf, buf))
-+ continue;
-+ if (!strcmp(keyword, "Qx")) {
-+ if (!do_hex2bn(&Qx, value)) {
-+ fprintf(stderr, "Invalid Qx value\n");
-+ return 0;
-+ }
-+ }
-+ if (!strcmp(keyword, "Qy")) {
-+ int rv;
-+ if (!do_hex2bn(&Qy, value)) {
-+ fprintf(stderr, "Invalid Qy value\n");
-+ return 0;
-+ }
-+ key = EC_KEY_new_by_curve_name(curve_nid);
-+ no_err = 1;
-+ rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
-+ no_err = 0;
-+ EC_KEY_free(key);
-+ fprintf(out, "Result = %s" RESP_EOL, rv ? "P" :
"F");
-+ }
-+
-+ }
-+ BN_free(Qx);
-+ BN_free(Qy);
-+ return 1;
-+}
-+
-+static int SigGen(FILE *in, FILE *out)
-+{
-+ char buf[2048], lbuf[2048];
-+ char *keyword, *value;
-+ unsigned char *msg;
-+ int curve_nid = NID_undef;
-+ long mlen;
-+ BIGNUM *Qx = NULL, *Qy = NULL;
-+ EC_KEY *key = NULL;
-+ ECDSA_SIG *sig = NULL;
-+ const EVP_MD *digest = NULL;
-+ Qx = BN_new();
-+ Qy = BN_new();
-+ while (fgets(buf, sizeof buf, in) != NULL) {
-+ fputs(buf, out);
-+ if (*buf == '[') {
-+ curve_nid = elookup_curve(buf, lbuf, &digest);
-+ if (curve_nid == NID_undef)
-+ return 0;
-+ }
-+ if (!parse_line(&keyword, &value, lbuf, buf))
-+ continue;
-+ if (!strcmp(keyword, "Msg")) {
-+ msg = hex2bin_m(value, &mlen);
-+ if (!msg) {
-+ fprintf(stderr, "Invalid Message\n");
-+ return 0;
-+ }
-+
-+ key = EC_KEY_new_by_curve_name(curve_nid);
-+ if (!EC_KEY_generate_key(key)) {
-+ fprintf(stderr, "Error generating key\n");
-+ return 0;
-+ }
-+
-+ if (!ec_get_pubkey(key, Qx, Qy)) {
-+ fprintf(stderr, "Error getting public key\n");
-+ return 0;
-+ }
-+
-+ sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
-+
-+ if (!sig) {
-+ fprintf(stderr, "Error signing message\n");
-+ return 0;
-+ }
-+
-+ do_bn_print_name(out, "Qx", Qx);
-+ do_bn_print_name(out, "Qy", Qy);
-+ do_bn_print_name(out, "R", sig->r);
-+ do_bn_print_name(out, "S", sig->s);
-+
-+ EC_KEY_free(key);
-+ OPENSSL_free(msg);
-+ FIPS_ecdsa_sig_free(sig);
-+
-+ }
-+
-+ }
-+ BN_free(Qx);
-+ BN_free(Qy);
-+ return 1;
-+}
-+
-+static int SigVer(FILE *in, FILE *out)
-+{
-+ char buf[2048], lbuf[2048];
-+ char *keyword, *value;
-+ unsigned char *msg = NULL;
-+ int curve_nid = NID_undef;
-+ long mlen;
-+ BIGNUM *Qx = NULL, *Qy = NULL;
-+ EC_KEY *key = NULL;
-+ ECDSA_SIG sg, *sig = &sg;
-+ const EVP_MD *digest = NULL;
-+ sig->r = NULL;
-+ sig->s = NULL;
-+ while (fgets(buf, sizeof buf, in) != NULL) {
-+ fputs(buf, out);
-+ if (*buf == '[') {
-+ curve_nid = elookup_curve(buf, lbuf, &digest);
-+ if (curve_nid == NID_undef)
-+ return 0;
-+ }
-+ if (!parse_line(&keyword, &value, lbuf, buf))
-+ continue;
-+ if (!strcmp(keyword, "Msg")) {
-+ msg = hex2bin_m(value, &mlen);
-+ if (!msg) {
-+ fprintf(stderr, "Invalid Message\n");
-+ return 0;
-+ }
-+ }
-+
-+ if (!strcmp(keyword, "Qx")) {
-+ if (!do_hex2bn(&Qx, value)) {
-+ fprintf(stderr, "Invalid Qx value\n");
-+ return 0;
-+ }
-+ }
-+ if (!strcmp(keyword, "Qy")) {
-+ if (!do_hex2bn(&Qy, value)) {
-+ fprintf(stderr, "Invalid Qy value\n");
-+ return 0;
-+ }
-+ }
-+ if (!strcmp(keyword, "R")) {
-+ if (!do_hex2bn(&sig->r, value)) {
-+ fprintf(stderr, "Invalid R value\n");
-+ return 0;
-+ }
-+ }
-+ if (!strcmp(keyword, "S")) {
-+ int rv;
-+ if (!do_hex2bn(&sig->s, value)) {
-+ fprintf(stderr, "Invalid S value\n");
-+ return 0;
-+ }
-+ key = EC_KEY_new_by_curve_name(curve_nid);
-+ rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
-+
-+ if (rv != 1) {
-+ fprintf(stderr, "Error setting public key\n");
-+ return 0;
-+ }
-+
-+ no_err = 1;
-+ rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
-+ EC_KEY_free(key);
-+ if (msg)
-+ OPENSSL_free(msg);
-+ no_err = 0;
-+
-+ fprintf(out, "Result = %s" RESP_EOL, rv ? "P" :
"F");
-+ }
-+
-+ }
-+ if (sig->r)
-+ BN_free(sig->r);
-+ if (sig->s)
-+ BN_free(sig->s);
-+ if (Qx)
-+ BN_free(Qx);
-+ if (Qy)
-+ BN_free(Qy);
-+ return 1;
-+}
-+
-+# ifdef FIPS_ALGVS
-+int fips_ecdsavs_main(int argc, char **argv)
-+# else
-+int main(int argc, char **argv)
-+# endif
-+{
-+ FILE *in = NULL, *out = NULL;
-+ const char *cmd = argv[1];
-+ int rv = 0;
-+ fips_algtest_init();
-+
-+ if (argc == 4) {
-+ in = fopen(argv[2], "r");
-+ if (!in) {
-+ fprintf(stderr, "Error opening input file\n");
-+ exit(1);
-+ }
-+ out = fopen(argv[3], "w");
-+ if (!out) {
-+ fprintf(stderr, "Error opening output file\n");
-+ exit(1);
-+ }
-+ } else if (argc == 2) {
-+ in = stdin;
-+ out = stdout;
-+ }
-+
-+ if (!cmd) {
-+ fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
-+ return 1;
-+ }
-+ if (!strcmp(cmd, "KeyPair"))
-+ rv = KeyPair(in, out);
-+ else if (!strcmp(cmd, "PKV"))
-+ rv = PKV(in, out);
-+ else if (!strcmp(cmd, "SigVer"))
-+ rv = SigVer(in, out);
-+ else if (!strcmp(cmd, "SigGen"))
-+ rv = SigGen(in, out);
-+ else {
-+ fprintf(stderr, "Unknown command %s\n", cmd);
-+ return 1;
-+ }
-+
-+ if (argc == 4) {
-+ fclose(in);
-+ fclose(out);
-+ }
-+
-+ if (rv <= 0) {
-+ fprintf(stderr, "Error running %s\n", cmd);
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+#endif
-diff -up openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c.fips-ec
openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c.fips-ec 2015-04-22 19:00:19.724884583
+0200
-+++ openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c 2015-04-22 19:00:19.724884583 +0200
-@@ -0,0 +1,242 @@
-+/* fips/ecdh/fips_ecdh_selftest.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project 2011.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/ec.h>
-+#include <openssl/ecdh.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+# include "fips_locl.h"
-+
-+static const unsigned char p256_qcavsx[] = {
-+ 0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62,
-+ 0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13,
-+ 0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50
-+};
-+
-+static const unsigned char p256_qcavsy[] = {
-+ 0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f,
-+ 0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf,
-+ 0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e
-+};
-+
-+static const unsigned char p256_qiutx[] = {
-+ 0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c,
-+ 0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1,
-+ 0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f
-+};
-+
-+static const unsigned char p256_qiuty[] = {
-+ 0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae,
-+ 0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75,
-+ 0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8
-+};
-+
-+static const unsigned char p256_qiutd[] = {
-+ 0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3,
-+ 0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc,
-+ 0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8
-+};
-+
-+static const unsigned char p256_ziut[] = {
-+ 0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a,
-+ 0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77,
-+ 0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f
-+};
-+
-+typedef struct {
-+ int curve;
-+ const unsigned char *x1;
-+ size_t x1len;
-+ const unsigned char *y1;
-+ size_t y1len;
-+ const unsigned char *d1;
-+ size_t d1len;
-+ const unsigned char *x2;
-+ size_t x2len;
-+ const unsigned char *y2;
-+ size_t y2len;
-+ const unsigned char *z;
-+ size_t zlen;
-+} ECDH_SELFTEST_DATA;
-+
-+# define make_ecdh_test(nid, pr) { nid, \
-+ pr##_qiutx, sizeof(pr##_qiutx), \
-+ pr##_qiuty, sizeof(pr##_qiuty), \
-+ pr##_qiutd, sizeof(pr##_qiutd), \
-+ pr##_qcavsx, sizeof(pr##_qcavsx), \
-+ pr##_qcavsy, sizeof(pr##_qcavsy), \
-+ pr##_ziut, sizeof(pr##_ziut) }
-+
-+static ECDH_SELFTEST_DATA test_ecdh_data[] = {
-+ make_ecdh_test(NID_X9_62_prime256v1, p256),
-+};
-+
-+int FIPS_selftest_ecdh(void)
-+{
-+ EC_KEY *ec1 = NULL, *ec2 = NULL;
-+ const EC_POINT *ecp = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *d = NULL;
-+ unsigned char *ztmp = NULL;
-+ int rv = 1;
-+ size_t i;
-+
-+ for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) {
-+ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
-+ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
-+ continue;
-+ ztmp = OPENSSL_malloc(ecd->zlen);
-+
-+ x = BN_bin2bn(ecd->x1, ecd->x1len, x);
-+ y = BN_bin2bn(ecd->y1, ecd->y1len, y);
-+ d = BN_bin2bn(ecd->d1, ecd->d1len, d);
-+
-+ if (!x || !y || !d || !ztmp) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ ec1 = EC_KEY_new_by_curve_name(ecd->curve);
-+ if (!ec1) {
-+ rv = -1;
-+ goto err;
-+ }
-+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-+
-+ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!EC_KEY_set_private_key(ec1, d)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ x = BN_bin2bn(ecd->x2, ecd->x2len, x);
-+ y = BN_bin2bn(ecd->y2, ecd->y2len, y);
-+
-+ if (!x || !y) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ ec2 = EC_KEY_new_by_curve_name(ecd->curve);
-+ if (!ec2) {
-+ rv = -1;
-+ goto err;
-+ }
-+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-+
-+ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ ecp = EC_KEY_get0_public_key(ec2);
-+ if (!ecp) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
-+ ztmp[0] ^= 0x1;
-+
-+ if (memcmp(ztmp, ecd->z, ecd->zlen)) {
-+ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
-+ rv = 0;
-+ } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
-+ goto err;
-+
-+ EC_KEY_free(ec1);
-+ ec1 = NULL;
-+ EC_KEY_free(ec2);
-+ ec2 = NULL;
-+ OPENSSL_free(ztmp);
-+ ztmp = NULL;
-+ }
-+
-+ err:
-+
-+ if (x)
-+ BN_clear_free(x);
-+ if (y)
-+ BN_clear_free(y);
-+ if (d)
-+ BN_clear_free(d);
-+ if (ec1)
-+ EC_KEY_free(ec1);
-+ if (ec2)
-+ EC_KEY_free(ec2);
-+ if (ztmp)
-+ OPENSSL_free(ztmp);
-+
-+ return rv;
-+
-+}
-+
-+#endif
-diff -up openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c.fips-ec
openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2015-04-22
19:00:19.724884583 +0200
-+++ openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c 2015-04-22 19:00:19.724884583 +0200
-@@ -0,0 +1,165 @@
-+/* fips/ecdsa/fips_ecdsa_selftest.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project 2011.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/ec.h>
-+#include <openssl/ecdsa.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const char P_256_name[] = "ECDSA P-256";
-+
-+static const unsigned char P_256_d[] = {
-+ 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f,
-+ 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87,
-+ 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64
-+};
-+
-+static const unsigned char P_256_qx[] = {
-+ 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e,
-+ 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31,
-+ 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07
-+};
-+
-+static const unsigned char P_256_qy[] = {
-+ 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b,
-+ 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e,
-+ 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb
-+};
-+
-+typedef struct {
-+ int curve;
-+ const char *name;
-+ const unsigned char *x;
-+ size_t xlen;
-+ const unsigned char *y;
-+ size_t ylen;
-+ const unsigned char *d;
-+ size_t dlen;
-+} EC_SELFTEST_DATA;
-+
-+# define make_ecdsa_test(nid, pr) { nid, pr##_name, \
-+ pr##_qx, sizeof(pr##_qx), \
-+ pr##_qy, sizeof(pr##_qy), \
-+ pr##_d, sizeof(pr##_d)}
-+
-+static EC_SELFTEST_DATA test_ec_data[] = {
-+ make_ecdsa_test(NID_X9_62_prime256v1, P_256),
-+};
-+
-+int FIPS_selftest_ecdsa()
-+{
-+ EC_KEY *ec = NULL;
-+ BIGNUM *x = NULL, *y = NULL, *d = NULL;
-+ EVP_PKEY *pk = NULL;
-+ int rv = 0;
-+ size_t i;
-+
-+ for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) {
-+ EC_SELFTEST_DATA *ecd = test_ec_data + i;
-+
-+ x = BN_bin2bn(ecd->x, ecd->xlen, x);
-+ y = BN_bin2bn(ecd->y, ecd->ylen, y);
-+ d = BN_bin2bn(ecd->d, ecd->dlen, d);
-+
-+ if (!x || !y || !d)
-+ goto err;
-+
-+ ec = EC_KEY_new_by_curve_name(ecd->curve);
-+ if (!ec)
-+ goto err;
-+
-+ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
-+ goto err;
-+
-+ if (!EC_KEY_set_private_key(ec, d))
-+ goto err;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_assign_EC_KEY(pk, ec);
-+
-+ if (!fips_pkey_signature_test(pk, NULL, 0,
-+ NULL, 0, EVP_sha256(), 0, ecd->name))
-+ goto err;
-+ }
-+
-+ rv = 1;
-+
-+ err:
-+
-+ if (x)
-+ BN_clear_free(x);
-+ if (y)
-+ BN_clear_free(y);
-+ if (d)
-+ BN_clear_free(d);
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ else if (ec)
-+ EC_KEY_free(ec);
-+
-+ return rv;
-+
-+}
-+
-+#endif
-diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-ec openssl-1.0.2a/crypto/fips/fips.h
---- openssl-1.0.2a/crypto/fips/fips.h.fips-ec 2015-04-22 19:00:19.688883733 +0200
-+++ openssl-1.0.2a/crypto/fips/fips.h 2015-04-22 19:00:19.724884583 +0200
-@@ -93,6 +93,8 @@ extern "C" {
- void FIPS_corrupt_dsa(void);
- void FIPS_corrupt_dsa_keygen(void);
- int FIPS_selftest_dsa(void);
-+ int FIPS_selftest_ecdsa(void);
-+ int FIPS_selftest_ecdh(void);
- void FIPS_corrupt_rng(void);
- void FIPS_rng_stick(void);
- void FIPS_x931_stick(int onoff);
-diff -up openssl-1.0.2a/crypto/fips/fips_post.c.fips-ec
openssl-1.0.2a/crypto/fips/fips_post.c
---- openssl-1.0.2a/crypto/fips/fips_post.c.fips-ec 2015-04-22 19:00:19.688883733 +0200
-+++ openssl-1.0.2a/crypto/fips/fips_post.c 2015-04-22 19:00:19.724884583 +0200
-@@ -95,8 +95,12 @@ int FIPS_selftest(void)
- rv = 0;
- if (!FIPS_selftest_rsa())
- rv = 0;
-+ if (!FIPS_selftest_ecdsa())
-+ rv = 0;
- if (!FIPS_selftest_dsa())
- rv = 0;
-+ if (!FIPS_selftest_ecdh())
-+ rv = 0;
- return rv;
- }
-
-diff -up openssl-1.0.2a/crypto/fips/Makefile.fips-ec openssl-1.0.2a/crypto/fips/Makefile
---- openssl-1.0.2a/crypto/fips/Makefile.fips-ec 2015-04-22 19:00:19.691883805 +0200
-+++ openssl-1.0.2a/crypto/fips/Makefile 2015-04-22 19:00:19.724884583 +0200
-@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
- fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
- fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
- fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-- fips_cmac_selftest.c fips_enc.c fips_md.c
-+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c
fips_md.c
-
- LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o
\
- fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
- fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
- fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
-- fips_cmac_selftest.o fips_enc.o fips_md.o
-+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o
fips_md.o
-
- LIBCRYPTO=-L.. -lcrypto
-
-@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens
- fips_aes_selftest.o: ../../include/openssl/safestack.h
- fips_aes_selftest.o: ../../include/openssl/stack.h
- fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
-+fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_cmac_selftest.o: ../../include/openssl/cmac.h
-+fips_cmac_selftest.o: ../../include/openssl/crypto.h
-+fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_cmac_selftest.o: ../../include/openssl/lhash.h
-+fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
-+fips_cmac_selftest.o: ../../include/openssl/objects.h
-+fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
-+fips_cmac_selftest.o: ../../include/openssl/opensslv.h
-+fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_cmac_selftest.o: ../../include/openssl/safestack.h
-+fips_cmac_selftest.o: ../../include/openssl/stack.h
-+fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
-+fips_cmac_selftest.o: fips_locl.h
- fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
- fips_des_selftest.o: ../../include/openssl/crypto.h
- fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens
- fips_dsa_selftest.o: ../../include/openssl/stack.h
- fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
- fips_dsa_selftest.o: fips_locl.h
-+fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-+fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-+fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
-+fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_ecdh_selftest.o: ../../include/openssl/lhash.h
-+fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
-+fips_ecdh_selftest.o: ../../include/openssl/objects.h
-+fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
-+fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
-+fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_ecdh_selftest.o: ../../include/openssl/safestack.h
-+fips_ecdh_selftest.o: ../../include/openssl/stack.h
-+fips_ecdh_selftest.o: ../../include/openssl/symhacks.h fips_ecdh_selftest.c
-+fips_ecdh_selftest.o: fips_locl.h
-+fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_ecdsa_selftest.o: ../../include/openssl/bn.h
-+fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
-+fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-+fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
-+fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_ecdsa_selftest.o: ../../include/openssl/fips.h
-+fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
-+fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
-+fips_ecdsa_selftest.o: ../../include/openssl/objects.h
-+fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
-+fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
-+fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
-+fips_ecdsa_selftest.o: ../../include/openssl/stack.h
-+fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
-+fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-+fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-+fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+fips_enc.o: ../../include/openssl/opensslconf.h
-+fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-+fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
- fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
- fips_hmac_selftest.o: ../../include/openssl/crypto.h
- fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open
- fips_hmac_selftest.o: ../../include/openssl/safestack.h
- fips_hmac_selftest.o: ../../include/openssl/stack.h
- fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
-+fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-+fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-+fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-+fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-+fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+fips_md.o: fips_md.c
- fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
- fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
- fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-diff -up openssl-1.0.2a/version.map.fips-ec openssl-1.0.2a/version.map
---- openssl-1.0.2a/version.map.fips-ec 2015-04-22 19:00:19.704884111 +0200
-+++ openssl-1.0.2a/version.map 2015-04-22 19:00:19.724884583 +0200
-@@ -6,6 +6,10 @@ OPENSSL_1.0.1 {
- _original*;
- _current*;
- };
-+OPENSSL_1.0.1_EC {
-+ global:
-+ EC*;
-+};
- OPENSSL_1.0.2 {
- global:
- SSLeay;
diff --git a/openssl-1.0.2a-fips-md5-allow.patch b/openssl-1.0.2a-fips-md5-allow.patch
deleted file mode 100644
index 825417f..0000000
--- a/openssl-1.0.2a-fips-md5-allow.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up openssl-1.0.2a/crypto/md5/md5_dgst.c.md5-allow
openssl-1.0.2a/crypto/md5/md5_dgst.c
---- openssl-1.0.2a/crypto/md5/md5_dgst.c.md5-allow 2015-04-09 18:18:36.505393113 +0200
-+++ openssl-1.0.2a/crypto/md5/md5_dgst.c 2015-04-09 18:18:32.408298469 +0200
-@@ -72,7 +72,16 @@ const char MD5_version[] = "MD5" OPENSSL
- #define INIT_DATA_C (unsigned long)0x98badcfeL
- #define INIT_DATA_D (unsigned long)0x10325476L
-
--nonfips_md_init(MD5)
-+int MD5_Init(MD5_CTX *c)
-+#ifdef OPENSSL_FIPS
-+{
-+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW")
== NULL)
-+ OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");
-+ return private_MD5_Init(c);
-+}
-+
-+int private_MD5_Init(MD5_CTX *c)
-+#endif
- {
- memset(c, 0, sizeof(*c));
- c->A = INIT_DATA_A;
diff --git a/openssl-1.0.2a-issuer-hash.patch b/openssl-1.0.2a-issuer-hash.patch
deleted file mode 100644
index a439d14..0000000
--- a/openssl-1.0.2a-issuer-hash.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up openssl-1.0.1k/crypto/x509/x509_cmp.c.issuer-hash
openssl-1.0.1k/crypto/x509/x509_cmp.c
---- openssl-1.0.1k/crypto/x509/x509_cmp.c.issuer-hash 2015-04-09 18:16:03.349855193
+0200
-+++ openssl-1.0.1k/crypto/x509/x509_cmp.c 2015-04-09 18:16:00.616792058 +0200
-@@ -86,6 +86,7 @@ unsigned long X509_issuer_and_serial_has
- char *f;
-
- EVP_MD_CTX_init(&ctx);
-+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
- if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
- goto err;
diff --git a/openssl-1.0.2a-no-rpath.patch b/openssl-1.0.2a-no-rpath.patch
deleted file mode 100644
index 4aafefd..0000000
--- a/openssl-1.0.2a-no-rpath.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.0.2a/Makefile.shared.no-rpath openssl-1.0.2a/Makefile.shared
---- openssl-1.0.2a/Makefile.shared.no-rpath 2015-04-09 18:14:39.647921663 +0200
-+++ openssl-1.0.2a/Makefile.shared 2015-04-09 18:14:34.423800985 +0200
-@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic
-Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
- #This is rather special. It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/openssl-1.0.2a-padlock64.patch b/openssl-1.0.2a-padlock64.patch
deleted file mode 100644
index 19d3958..0000000
--- a/openssl-1.0.2a-padlock64.patch
+++ /dev/null
@@ -1,198 +0,0 @@
-diff -up openssl-1.0.2a/engines/e_padlock.c.padlock64 openssl-1.0.2a/engines/e_padlock.c
---- openssl-1.0.2a/engines/e_padlock.c.padlock64 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/engines/e_padlock.c 2015-04-22 16:23:44.105617468 +0200
-@@ -101,7 +101,10 @@
- */
- # undef COMPILE_HW_PADLOCK
- # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
--# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
-+# if (defined(__GNUC__) && __GNUC__>=2 && \
-+ (defined(__i386__) || defined(__i386) || \
-+ defined(__x86_64__) || defined(__x86_64)) \
-+ ) || \
- (defined(_MSC_VER) && defined(_M_IX86))
- # define COMPILE_HW_PADLOCK
- # endif
-@@ -140,7 +143,7 @@ void ENGINE_load_padlock(void)
- # endif
- # elif defined(__GNUC__)
- # ifndef alloca
--# define alloca(s) __builtin_alloca(s)
-+# define alloca(s) __builtin_alloca((s))
- # endif
- # endif
-
-@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_da
- * =======================================================
- */
- # if defined(__GNUC__) && __GNUC__>=2
-+# if defined(__i386__) || defined(__i386)
- /*
- * As for excessive "push %ebx"/"pop %ebx" found all over.
- * When generating position-independent code GCC won't let
-@@ -379,22 +383,6 @@ static int padlock_available(void)
- return padlock_use_ace + padlock_use_rng;
- }
-
--# ifndef OPENSSL_NO_AES
--# ifndef AES_ASM
--/* Our own htonl()/ntohl() */
--static inline void padlock_bswapl(AES_KEY *ks)
--{
-- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
-- unsigned int *key = ks->rd_key;
--
-- while (i--) {
-- asm volatile ("bswapl %0":"+r" (*key));
-- key++;
-- }
--}
--# endif
--# endif
--
- /*
- * Force key reload from memory to the CPU microcode. Loading EFLAGS from the
- * stack clears EFLAGS[30] which does the trick.
-@@ -404,7 +392,7 @@ static inline void padlock_reload_key(vo
- asm volatile ("pushfl; popfl");
- }
-
--# ifndef OPENSSL_NO_AES
-+# ifndef OPENSSL_NO_AES
- /*
- * This is heuristic key context tracing. At first one
- * believes that one should use atomic swap instructions,
-@@ -448,6 +436,101 @@ static inline void *name(size_t cnt,
- : "edx", "cc", "memory"); \
- return iv; \
- }
-+# endif
-+
-+# elif defined(__x86_64__) || defined(__x86_64)
-+
-+/* Load supported features of the CPU to see if
-+ the PadLock is available. */
-+static int padlock_available(void)
-+{
-+ char vendor_string[16];
-+ unsigned int eax, edx;
-+
-+ /* Are we running on the Centaur (VIA) CPU? */
-+ eax = 0x00000000;
-+ vendor_string[12] = 0;
-+ asm volatile ("cpuid\n"
-+ "movl %%ebx,(%1)\n"
-+ "movl %%edx,4(%1)\n"
-+ "movl %%ecx,8(%1)\n":"+a"
(eax):"r"(vendor_string):"rbx",
-+ "rcx", "rdx");
-+ if (strcmp(vendor_string, "CentaurHauls") != 0)
-+ return 0;
-+
-+ /* Check for Centaur Extended Feature Flags presence */
-+ eax = 0xC0000000;
-+ asm volatile ("cpuid":"+a" (eax)::"rbx",
"rcx", "rdx");
-+ if (eax < 0xC0000001)
-+ return 0;
-+
-+ /* Read the Centaur Extended Feature Flags */
-+ eax = 0xC0000001;
-+ asm volatile ("cpuid":"+a" (eax),
"=d"(edx)::"rbx", "rcx");
-+
-+ /* Fill up some flags */
-+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
-+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
-+
-+ return padlock_use_ace + padlock_use_rng;
-+}
-+
-+/* Force key reload from memory to the CPU microcode.
-+ Loading EFLAGS from the stack clears EFLAGS[30]
-+ which does the trick. */
-+static inline void padlock_reload_key(void)
-+{
-+ asm volatile ("pushfq; popfq");
-+}
-+
-+# ifndef OPENSSL_NO_AES
-+/*
-+ * This is heuristic key context tracing. At first one
-+ * believes that one should use atomic swap instructions,
-+ * but it's not actually necessary. Point is that if
-+ * padlock_saved_context was changed by another thread
-+ * after we've read it and before we compare it with cdata,
-+ * our key *shall* be reloaded upon thread context switch
-+ * and we are therefore set in either case...
-+ */
-+static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
-+{
-+ asm volatile ("pushfq\n"
-+ " btl $30,(%%rsp)\n"
-+ " jnc 1f\n"
-+ " cmpq %2,%1\n"
-+ " je 1f\n"
-+ " popfq\n"
-+ " subq $8,%%rsp\n"
-+ "1: addq $8,%%rsp\n"
-+ " movq %2,%0":"+m"
(padlock_saved_context)
-+ :"r"(padlock_saved_context),
"r"(cdata):"cc");
-+}
-+
-+/* Template for padlock_xcrypt_* modes */
-+/* BIG FAT WARNING:
-+ * The offsets used with 'leal' instructions
-+ * describe items of the 'padlock_cipher_data'
-+ * structure.
-+ */
-+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
-+static inline void *name(size_t cnt, \
-+ struct padlock_cipher_data *cdata, \
-+ void *out, const void *inp) \
-+{ void *iv; \
-+ asm volatile ( "leaq 16(%0),%%rdx\n" \
-+ " leaq 32(%0),%%rbx\n" \
-+ rep_xcrypt "\n" \
-+ : "=a"(iv), "=c"(cnt), "=D"(out),
"=S"(inp) \
-+ : "0"(cdata), "1"(cnt), "2"(out),
"3"(inp) \
-+ : "rbx", "rdx", "cc", "memory");
\
-+ return iv; \
-+}
-+# endif
-+
-+# endif /* cpu */
-+
-+# ifndef OPENSSL_NO_AES
-
- /* Generate all functions with appropriate opcodes */
- /* rep xcryptecb */
-@@ -458,6 +541,20 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, "
- PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
- /* rep xcryptofb */
- PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
-+
-+# ifndef AES_ASM
-+/* Our own htonl()/ntohl() */
-+static inline void padlock_bswapl(AES_KEY *ks)
-+{
-+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
-+ unsigned int *key = ks->rd_key;
-+
-+ while (i--) {
-+ asm volatile ("bswapl %0":"+r" (*key));
-+ key++;
-+ }
-+}
-+# endif
- # endif
- /* The RNG call itself */
- static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
-@@ -485,8 +582,8 @@ static inline unsigned int padlock_xstor
- static inline unsigned char *padlock_memcpy(void *dst, const void *src,
- size_t n)
- {
-- long *d = dst;
-- const long *s = src;
-+ size_t *d = dst;
-+ const size_t *s = src;
-
- n /= sizeof(*d);
- do {
diff --git a/openssl-1.0.2a-readme-warning.patch b/openssl-1.0.2a-readme-warning.patch
deleted file mode 100644
index 7069989..0000000
--- a/openssl-1.0.2a-readme-warning.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-diff -up openssl-1.0.2a/README.warning openssl-1.0.2a/README
---- openssl-1.0.2a/README.warning 2015-03-20 16:00:47.000000000 +0100
-+++ openssl-1.0.2a/README 2015-03-21 09:06:11.000000000 +0100
-@@ -5,6 +5,46 @@
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
- All rights reserved.
-
-+ WARNING
-+ -------
-+
-+ This version of OpenSSL is built in a way that supports operation in
-+ the so called FIPS mode. Note though that the library as we build it
-+ is not FIPS 140-2 validated and the FIPS mode is present for testing
-+ purposes only.
-+
-+ This version also contains a few differences from the upstream code
-+ some of which are:
-+ * The FIPS validation support is significantly different from the
-+ upstream FIPS support. For example the FIPS integrity verification
-+ check is implemented differently as the FIPS module is built inside
-+ the shared library. The HMAC-SHA256 checksums of the whole shared
-+ libraries are verified. Also note that the FIPS integrity
-+ verification check requires that the libcrypto and libssl shared
-+ library files are unmodified which means that it will fail if these
-+ files are changed for example by prelink.
-+ * If the file /etc/system-fips is present the integrity verification
-+ and selftests of the crypto algorithms are run inside the library
-+ constructor code.
-+ * With the /etc/system-fips present the module respects the kernel
-+ FIPS flag /proc/sys/crypto/fips and tries to initialize the FIPS mode
-+ if it is set to 1 aborting if the FIPS mode could not be initialized.
-+ With the /etc/system-fips present it is also possible to force the
-+ OpenSSL library to FIPS mode especially for debugging purposes by
-+ setting the environment variable OPENSSL_FORCE_FIPS_MODE.
-+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
-+ will not automatically load the built in compression method ZLIB
-+ when initialized. Applications can still explicitely ask for ZLIB
-+ compression method.
-+ * The library was patched so the certificates, CRLs and other objects
-+ signed with use of MD5 fail verification as the MD5 is too insecure
-+ to be used for signatures. If the environment variable
-+ OPENSSL_ENABLE_MD5_VERIFY is set, the verification can proceed
-+ normally.
-+ * If the OPENSSL_ENFORCE_MODULUS_BITS environment variable is set,
-+ the library will not allow generation of DSA and RSA keys with
-+ other lengths than specified in the FIPS 186-4 standard.
-+
- DESCRIPTION
- -----------
-
diff --git a/openssl-1.0.2a-rsa-x931.patch b/openssl-1.0.2a-rsa-x931.patch
deleted file mode 100644
index 4de716a..0000000
--- a/openssl-1.0.2a-rsa-x931.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff -up openssl-1.0.2a/apps/genrsa.c.x931 openssl-1.0.2a/apps/genrsa.c
---- openssl-1.0.2a/apps/genrsa.c.x931 2015-04-09 18:18:24.132107287 +0200
-+++ openssl-1.0.2a/apps/genrsa.c 2015-04-09 18:18:18.852985339 +0200
-@@ -97,6 +97,7 @@ int MAIN(int argc, char **argv)
- int ret = 1;
- int i, num = DEFBITS;
- long l;
-+ int use_x931 = 0;
- const EVP_CIPHER *enc = NULL;
- unsigned long f4 = RSA_F4;
- char *outfile = NULL;
-@@ -139,6 +140,8 @@ int MAIN(int argc, char **argv)
- f4 = 3;
- else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4")
== 0)
- f4 = RSA_F4;
-+ else if (strcmp(*argv, "-x931") == 0)
-+ use_x931 = 1;
- # ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv, "-engine") == 0) {
- if (--argc < 1)
-@@ -278,7 +281,13 @@ int MAIN(int argc, char **argv)
- if (!rsa)
- goto err;
-
-- if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
-+ if (use_x931) {
-+ if (!BN_set_word(bn, f4))
-+ goto err;
-+ if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb))
-+ goto err;
-+ } else if (!BN_set_word(bn, f4)
-+ || !RSA_generate_key_ex(rsa, num, bn, &cb))
- goto err;
-
- app_RAND_write_file(NULL, bio_err);
diff --git a/openssl-1.0.2a-version-add-engines.patch
b/openssl-1.0.2a-version-add-engines.patch
deleted file mode 100644
index b7936b3..0000000
--- a/openssl-1.0.2a-version-add-engines.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-diff -up openssl-1.0.2a/apps/version.c.version-add-engines openssl-1.0.2a/apps/version.c
---- openssl-1.0.2a/apps/version.c.version-add-engines 2015-04-09 18:16:42.345756005
+0200
-+++ openssl-1.0.2a/apps/version.c 2015-04-09 18:16:36.573622667 +0200
-@@ -131,6 +131,7 @@
- #ifndef OPENSSL_NO_BF
- # include <openssl/blowfish.h>
- #endif
-+#include <openssl/engine.h>
-
- #undef PROG
- #define PROG version_main
-@@ -140,7 +141,8 @@ int MAIN(int, char **);
- int MAIN(int argc, char **argv)
- {
- int i, ret = 0;
-- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
-+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir =
-+ 0, engines = 0;
-
- apps_startup();
-
-@@ -164,7 +166,7 @@ int MAIN(int argc, char **argv)
- else if (strcmp(argv[i], "-d") == 0)
- dir = 1;
- else if (strcmp(argv[i], "-a") == 0)
-- date = version = cflags = options = platform = dir = 1;
-+ date = version = cflags = options = platform = dir = engines = 1;
- else {
- BIO_printf(bio_err, "usage:version -[avbofpd]\n");
- ret = 1;
-@@ -208,6 +210,16 @@ int MAIN(int argc, char **argv)
- printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
- if (dir)
- printf("%s\n", SSLeay_version(SSLEAY_DIR));
-+ if (engines) {
-+ ENGINE *e;
-+ printf("engines: ");
-+ e = ENGINE_get_first();
-+ while (e) {
-+ printf("%s ", ENGINE_get_id(e));
-+ e = ENGINE_get_next(e);
-+ }
-+ printf("\n");
-+ }
- end:
- apps_shutdown();
- OPENSSL_EXIT(ret);
diff --git a/openssl-1.0.2a-version.patch b/openssl-1.0.2a-version.patch
deleted file mode 100644
index 25dfff5..0000000
--- a/openssl-1.0.2a-version.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-diff -up openssl-1.0.2a/crypto/cversion.c.version openssl-1.0.2a/crypto/cversion.c
---- openssl-1.0.2a/crypto/cversion.c.version 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/cversion.c 2015-04-21 16:48:56.285535316 +0200
-@@ -62,7 +62,7 @@
- # include "buildinf.h"
- #endif
-
--const char *SSLeay_version(int t)
-+const char *_current_SSLeay_version(int t)
- {
- if (t == SSLEAY_VERSION)
- return OPENSSL_VERSION_TEXT;
-@@ -101,7 +101,40 @@ const char *SSLeay_version(int t)
- return ("not available");
- }
-
--unsigned long SSLeay(void)
-+const char *_original_SSLeay_version(int t)
-+{
-+ if (t == SSLEAY_VERSION)
-+ return "OpenSSL 1.0.0-fips 29 Mar 2010";
-+ else
-+ return _current_SSLeay_version(t);
-+}
-+
-+const char *_original101_SSLeay_version(int t)
-+{
-+ if (t == SSLEAY_VERSION)
-+ return "OpenSSL 1.0.1e-fips 11 Feb 2013";
-+ else
-+ return _current_SSLeay_version(t);
-+}
-+
-+unsigned long _original_SSLeay(void)
-+{
-+ return (0x10000003L);
-+}
-+
-+unsigned long _original101_SSLeay(void)
-+{
-+ return (0x1000105fL);
-+}
-+
-+unsigned long _current_SSLeay(void)
- {
- return (SSLEAY_VERSION_NUMBER);
- }
-+
-+__asm__(".symver _original_SSLeay,SSLeay@");
-+__asm__(".symver _original_SSLeay_version,SSLeay_version@");
-+__asm__(".symver _original101_SSLeay,SSLeay(a)OPENSSL_1.0.1");
-+__asm__(".symver _original101_SSLeay_version,SSLeay_version(a)OPENSSL_1.0.1");
-+__asm__(".symver _current_SSLeay,SSLeay@(a)OPENSSL_1.0.2");
-+__asm__(".symver _current_SSLeay_version,SSLeay_version@(a)OPENSSL_1.0.2");
-diff -up openssl-1.0.2a/Makefile.shared.version openssl-1.0.2a/Makefile.shared
---- openssl-1.0.2a/Makefile.shared.version 2015-04-21 16:43:02.624170648 +0200
-+++ openssl-1.0.2a/Makefile.shared 2015-04-21 16:43:02.676171879 +0200
-@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic
-Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic
-Wl,--default-symver,--version-script=version.map
-Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
- DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
-diff -up openssl-1.0.2a/version.map.version openssl-1.0.2a/version.map
---- openssl-1.0.2a/version.map.version 2015-04-21 16:43:02.676171879 +0200
-+++ openssl-1.0.2a/version.map 2015-04-21 16:51:49.621630589 +0200
-@@ -0,0 +1,13 @@
-+OPENSSL_1.0.1 {
-+ global:
-+ SSLeay;
-+ SSLeay_version;
-+ local:
-+ _original*;
-+ _current*;
-+};
-+OPENSSL_1.0.2 {
-+ global:
-+ SSLeay;
-+ SSLeay_version;
-+} OPENSSL_1.0.1;
diff --git a/openssl-1.0.2a-x509.patch b/openssl-1.0.2a-x509.patch
deleted file mode 100644
index 7c96a57..0000000
--- a/openssl-1.0.2a-x509.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -up openssl-1.0.2a/crypto/x509/by_file.c.x509 openssl-1.0.2a/crypto/x509/by_file.c
---- openssl-1.0.2a/crypto/x509/by_file.c.x509 2015-04-09 18:16:29.365456157 +0200
-+++ openssl-1.0.2a/crypto/x509/by_file.c 2015-04-09 18:16:26.398387618 +0200
-@@ -152,9 +152,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx
- }
- }
- i = X509_STORE_add_cert(ctx->store_ctx, x);
-- if (!i)
-- goto err;
-- count++;
-+ /* ignore any problems with current certificate
-+ and continue with the next one */
-+ if (i)
-+ count++;
-+ else
-+ ERR_clear_error();
- X509_free(x);
- x = NULL;
- }
-@@ -167,7 +170,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx
- }
- i = X509_STORE_add_cert(ctx->store_ctx, x);
- if (!i)
-- goto err;
-+ ERR_clear_error();
- ret = i;
- } else {
- X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
diff --git a/openssl-1.0.2a-xmpp-starttls.patch b/openssl-1.0.2a-xmpp-starttls.patch
deleted file mode 100644
index d2c3bcd..0000000
--- a/openssl-1.0.2a-xmpp-starttls.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -up openssl-1.0.2a/apps/s_client.c.starttls openssl-1.0.2a/apps/s_client.c
---- openssl-1.0.2a/apps/s_client.c.starttls 2015-04-22 18:23:12.964387157 +0200
-+++ openssl-1.0.2a/apps/s_client.c 2015-04-22 18:23:56.496414820 +0200
-@@ -134,7 +134,8 @@
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
--
-+/* for strcasestr */
-+#define _GNU_SOURCE
- #include <assert.h>
- #include <ctype.h>
- #include <stdio.h>
-@@ -1626,8 +1627,11 @@ int MAIN(int argc, char **argv)
- "xmlns='jabber:client' to='%s'
version='1.0'>", host);
- seen = BIO_read(sbio, mbuf, BUFSIZZ);
- mbuf[seen] = 0;
-- while (!strstr
-- (mbuf, "<starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
-+ while (!strcasestr
-+ (mbuf, "<starttls
xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
-+ && !strcasestr(mbuf,
-+ "<starttls
xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
-+ {
- if (strstr(mbuf, "/stream:features>"))
- goto shut;
- seen = BIO_read(sbio, mbuf, BUFSIZZ);
diff --git a/openssl-1.0.2c-default-paths.patch b/openssl-1.0.2c-default-paths.patch
deleted file mode 100644
index aa607be..0000000
--- a/openssl-1.0.2c-default-paths.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff -up openssl-1.0.2c/apps/s_server.c.default-paths openssl-1.0.2c/apps/s_server.c
---- openssl-1.0.2c/apps/s_server.c.default-paths 2015-06-12 16:51:21.000000000 +0200
-+++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:24:17.747446515 +0200
-@@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[])
- }
- #endif
-
-- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-- (!SSL_CTX_set_default_verify_paths(ctx))) {
-- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
-- ERR_print_errors(bio_err);
-- /* goto end; */
-+ if (CAfile == NULL && CApath == NULL) {
-+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
-+ ERR_print_errors(bio_err);
-+ }
-+ } else {
-+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
-+ ERR_print_errors(bio_err);
-+ }
- }
-+
- if (vpm)
- SSL_CTX_set1_param(ctx, vpm);
-
-@@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[])
- else
- SSL_CTX_sess_set_cache_size(ctx2, 128);
-
-- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
-- (!SSL_CTX_set_default_verify_paths(ctx2))) {
-+ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) {
-+ ERR_print_errors(bio_err);
-+ }
-+ if (!SSL_CTX_set_default_verify_paths(ctx2)) {
- ERR_print_errors(bio_err);
- }
- if (vpm)
-diff -up openssl-1.0.2c/apps/s_time.c.default-paths openssl-1.0.2c/apps/s_time.c
---- openssl-1.0.2c/apps/s_time.c.default-paths 2015-06-12 16:51:21.000000000 +0200
-+++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:24:17.747446515 +0200
-@@ -381,13 +381,14 @@ int MAIN(int argc, char **argv)
-
- SSL_load_error_strings();
-
-- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
-- (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
-- /*
-- * BIO_printf(bio_err,"error setting default verify locations\n");
-- */
-- ERR_print_errors(bio_err);
-- /* goto end; */
-+ if (CAfile == NULL && CApath == NULL) {
-+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) {
-+ ERR_print_errors(bio_err);
-+ }
-+ } else {
-+ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) {
-+ ERR_print_errors(bio_err);
-+ }
- }
-
- if (tm_cipher == NULL)
diff --git a/openssl-1.0.2c-ecc-suiteb.patch b/openssl-1.0.2c-ecc-suiteb.patch
deleted file mode 100644
index dfcae76..0000000
--- a/openssl-1.0.2c-ecc-suiteb.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-diff -up openssl-1.0.2c/apps/speed.c.suiteb openssl-1.0.2c/apps/speed.c
---- openssl-1.0.2c/apps/speed.c.suiteb 2015-06-15 17:37:06.285083685 +0200
-+++ openssl-1.0.2c/apps/speed.c 2015-06-15 17:37:06.335084836 +0200
-@@ -996,78 +996,26 @@ int MAIN(int argc, char **argv)
- } else
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- if (strcmp(*argv, "ecdsap160") == 0)
-- ecdsa_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdsap192") == 0)
-- ecdsa_doit[R_EC_P192] = 2;
-- else if (strcmp(*argv, "ecdsap224") == 0)
-- ecdsa_doit[R_EC_P224] = 2;
-- else if (strcmp(*argv, "ecdsap256") == 0)
-+ if (strcmp(*argv, "ecdsap256") == 0)
- ecdsa_doit[R_EC_P256] = 2;
- else if (strcmp(*argv, "ecdsap384") == 0)
- ecdsa_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdsap521") == 0)
- ecdsa_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdsak163") == 0)
-- ecdsa_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdsak233") == 0)
-- ecdsa_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdsak283") == 0)
-- ecdsa_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdsak409") == 0)
-- ecdsa_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdsak571") == 0)
-- ecdsa_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdsab163") == 0)
-- ecdsa_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdsab233") == 0)
-- ecdsa_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdsab283") == 0)
-- ecdsa_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdsab409") == 0)
-- ecdsa_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdsab571") == 0)
-- ecdsa_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdsa") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P256; i <= R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- } else
- # endif
- # ifndef OPENSSL_NO_ECDH
-- if (strcmp(*argv, "ecdhp160") == 0)
-- ecdh_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdhp192") == 0)
-- ecdh_doit[R_EC_P192] = 2;
-- else if (strcmp(*argv, "ecdhp224") == 0)
-- ecdh_doit[R_EC_P224] = 2;
-- else if (strcmp(*argv, "ecdhp256") == 0)
-+ if (strcmp(*argv, "ecdhp256") == 0)
- ecdh_doit[R_EC_P256] = 2;
- else if (strcmp(*argv, "ecdhp384") == 0)
- ecdh_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdhp521") == 0)
- ecdh_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdhk163") == 0)
-- ecdh_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdhk233") == 0)
-- ecdh_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdhk283") == 0)
-- ecdh_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdhk409") == 0)
-- ecdh_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdhk571") == 0)
-- ecdh_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdhb163") == 0)
-- ecdh_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdhb233") == 0)
-- ecdh_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdhb283") == 0)
-- ecdh_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdhb409") == 0)
-- ecdh_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdhb571") == 0)
-- ecdh_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdh") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P256; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- } else
- # endif
-@@ -1156,21 +1104,11 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-- "ecdsap256 ecdsap384 ecdsap521\n");
-- BIO_printf(bio_err,
-- "ecdsak163 ecdsak233 ecdsak283 ecdsak409
ecdsak571\n");
-- BIO_printf(bio_err,
-- "ecdsab163 ecdsab233 ecdsab283 ecdsab409
ecdsab571\n");
-+ BIO_printf(bio_err, "ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err, "ecdsa\n");
- # endif
- # ifndef OPENSSL_NO_ECDH
-- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
-- "ecdhp256 ecdhp384 ecdhp521\n");
-- BIO_printf(bio_err,
-- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
-- BIO_printf(bio_err,
-- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
-+ BIO_printf(bio_err, "ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err, "ecdh\n");
- # endif
-
-@@ -1255,11 +1193,11 @@ int MAIN(int argc, char **argv)
- if (!FIPS_mode() || i != R_DSA_512)
- dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P256; i <= R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- # endif
- # ifndef OPENSSL_NO_ECDH
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P256; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- # endif
- }
-diff -up openssl-1.0.2c/ssl/t1_lib.c.suiteb openssl-1.0.2c/ssl/t1_lib.c
---- openssl-1.0.2c/ssl/t1_lib.c.suiteb 2015-06-12 16:51:27.000000000 +0200
-+++ openssl-1.0.2c/ssl/t1_lib.c 2015-06-15 17:44:03.578681271 +0200
-@@ -268,11 +268,7 @@ static const unsigned char eccurves_auto
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
-- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
- 0, 14, /* sect571r1 (14) */
-@@ -289,11 +285,7 @@ static const unsigned char eccurves_all[
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
-- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
- 0, 14, /* sect571r1 (14) */
-@@ -307,13 +299,6 @@ static const unsigned char eccurves_all[
- * Remaining curves disabled by default but still permitted if set
- * via an explicit callback or parameters.
- */
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
-@@ -348,29 +333,21 @@ static const unsigned char fips_curves_d
- 0, 9, /* sect283k1 (9) */
- 0, 10, /* sect283r1 (10) */
- # endif
-- 0, 22, /* secp256k1 (22) */
- 0, 23, /* secp256r1 (23) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
- 0, 7, /* sect233r1 (7) */
- # endif
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
- # ifndef OPENSSL_NO_EC2M
- 0, 4, /* sect193r1 (4) */
- 0, 5, /* sect193r2 (5) */
- # endif
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
- # ifndef OPENSSL_NO_EC2M
- 0, 1, /* sect163k1 (1) */
- 0, 2, /* sect163r1 (2) */
- 0, 3, /* sect163r2 (3) */
- # endif
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- };
- # endif
-
diff --git a/openssl-1.0.2d-secp256k1.patch b/openssl-1.0.2d-secp256k1.patch
deleted file mode 100644
index 4c94133..0000000
--- a/openssl-1.0.2d-secp256k1.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-diff -up openssl-1.0.2d/crypto/ec/ec_curve.c.secp256k1
openssl-1.0.2d/crypto/ec/ec_curve.c
---- openssl-1.0.2d/crypto/ec/ec_curve.c.secp256k1 2015-08-12 14:55:15.203415420 -0400
-+++ openssl-1.0.2d/crypto/ec/ec_curve.c 2015-08-12 15:07:12.659113262 -0400
-@@ -86,6 +86,42 @@ typedef struct {
- unsigned int cofactor; /* promoted to BN_ULONG */
- } EC_CURVE_DATA;
-
-+static const struct {
-+ EC_CURVE_DATA h;
-+ unsigned char data[0 + 32 * 6];
-+} _EC_SECG_PRIME_256K1 = {
-+ {
-+ NID_X9_62_prime_field, 0, 32, 1
-+ },
-+ {
-+ /* no seed */
-+ /* p */
-+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+ 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
-+ /* a */
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ /* b */
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
-+ /* x */
-+ 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
-+ 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
-+ 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
-+ /* y */
-+ 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
-+ 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
-+ 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
-+ /* order */
-+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-+ 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
-+ 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
-+ }
-+};
-+
- /* the nist prime curves */
- static const struct {
- EC_CURVE_DATA h;
-@@ -235,6 +271,8 @@ typedef struct _ec_list_element_st {
- static const ec_list_element curve_list[] = {
- /* prime field curves */
- /* secg curves */
-+ {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
-+ "SECG curve over a 256 bit prime field"},
- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
- "NIST/SECG curve over a 384 bit prime field"},
-diff -up openssl-1.0.2d/ssl/t1_lib.c.secp256k1 openssl-1.0.2d/ssl/t1_lib.c
---- openssl-1.0.2d/ssl/t1_lib.c.secp256k1 2015-08-12 15:04:42.876925441 -0400
-+++ openssl-1.0.2d/ssl/t1_lib.c 2015-08-12 15:04:47.837699822 -0400
-@@ -269,6 +269,7 @@ static const unsigned char eccurves_auto
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
- 0, 24, /* secp384r1 (24) */
-+ 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
- 0, 14, /* sect571r1 (14) */
-@@ -286,6 +287,7 @@ static const unsigned char eccurves_all[
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
- 0, 24, /* secp384r1 (24) */
-+ 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
- 0, 14, /* sect571r1 (14) */
-@@ -333,6 +335,7 @@ static const unsigned char fips_curves_d
- 0, 9, /* sect283k1 (9) */
- 0, 10, /* sect283r1 (10) */
- # endif
-+ 0, 22, /* secp256k1 (22) */
- 0, 23, /* secp256r1 (23) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
diff --git a/openssl-1.0.2e-remove-nistp224.patch b/openssl-1.0.2e-remove-nistp224.patch
deleted file mode 100644
index 22b99c1..0000000
--- a/openssl-1.0.2e-remove-nistp224.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -up openssl-1.0.2e/crypto/ec/ec.h.nistp224 openssl-1.0.2e/crypto/ec/ec.h
---- openssl-1.0.2e/crypto/ec/ec.h.nistp224 2015-12-04 14:00:57.000000000 +0100
-+++ openssl-1.0.2e/crypto/ec/ec.h 2015-12-08 15:51:37.046747916 +0100
-@@ -149,11 +149,6 @@ const EC_METHOD *EC_GFp_mont_method(void
- const EC_METHOD *EC_GFp_nist_method(void);
-
- # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
--/** Returns 64-bit optimized methods for nistp224
-- * \return EC_METHOD object
-- */
--const EC_METHOD *EC_GFp_nistp224_method(void);
--
- /** Returns 64-bit optimized methods for nistp256
- * \return EC_METHOD object
- */
diff --git a/openssl-1.0.2e-rpmbuild.patch b/openssl-1.0.2e-rpmbuild.patch
deleted file mode 100644
index 0b4bc18..0000000
--- a/openssl-1.0.2e-rpmbuild.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-diff -up openssl-1.0.2e/Configure.rpmbuild openssl-1.0.2e/Configure
---- openssl-1.0.2e/Configure.rpmbuild 2015-12-03 15:04:23.000000000 +0100
-+++ openssl-1.0.2e/Configure 2015-12-04 13:20:22.996835604 +0100
-@@ -365,8 +365,8 @@ my %table=(
- ####
- # *-generic* is endian-neutral target, but ./config is free to
- # throw in -D[BL]_ENDIAN, whichever appropriate...
--"linux-generic32","gcc:-O3 -fomit-frame-pointer
-Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG
RC4_CHAR RC4_CHUNK DES_RISC1
DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT
DES_UNROLL
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc", "gcc:-DB_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:BN_LLONG RC4_CHAR RC4_CHUNK
DES_RISC1
DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-
- #######################################################################
- # Note that -march is not among compiler options in below linux-armv4
-@@ -395,31 +395,31 @@ my %table=(
- #
- # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
- #
--"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR
RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG
RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4", "gcc:-Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT
DES_UNROLL
BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-aarch64","gcc:-DL_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR
RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- # Configure script adds minimally required -march for assembly support,
- # if no -march was specified at command line. mips32 and mips64 below
- # refer to contemporary MIPS Architecture specifications, MIPS32 and
- # MIPS64, rather than to kernel bitness.
--"linux-mips32", "gcc:-mabi=32 -O3 -Wall
-DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-mips64", "gcc:-mabi=n32 -O3 -Wall
-DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
--"linux64-mips64", "gcc:-mabi=64 -O3 -Wall
-DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-mips32", "gcc:-mabi=32 -Wall \$(RPM_OPT_FLAGS)
-DBN_DIV3W::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT
DES_UNROLL
BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-mips64", "gcc:-mabi=n32 -Wall \$(RPM_OPT_FLAGS)
-DBN_DIV3W::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT
DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::32",
-+"linux64-mips64", "gcc:-mabi=64 -Wall \$(RPM_OPT_FLAGS)
-DBN_DIV3W::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK
DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### IA-32 targets...
- "linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl
-no_cpprt:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer
-Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486
-Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
--"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG
RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1
DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
--"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1
DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
--"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic64","gcc:-Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR
RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR
RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR
RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux-ia64", "gcc:-DL_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK
DES_UNROLL
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl
-no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK
DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra
$clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG
RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG
-DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings
-Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl
-no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
--"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT
DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR
RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
- # /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -437,12 +437,12 @@ my %table=(
- #### SPARC Linux setups
- # Ray Miller <ray.miller(a)computing-services.oxford.ac.uk> has patiently
- # assisted with debugging of following two configs.
--"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall
-DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)
-DBN_DIV2W::-D_REENTRANT::\$(RPM_LD_FLAGS) -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # it's a real mess with -mcpu=ultrasparc option under Linux, but
- # -Wa,-Av8plus should do the trick no matter what.
--"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3
-fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG
RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -Wall
\$(RPM_OPT_FLAGS) -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:\$(RPM_LD_FLAGS)
-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # GCC 3.1 is a requirement
--"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3
-fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK
DES_INT DES_PTR DES_RISC1 DES_UNROLL
BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -Wall
\$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:\$(RPM_LD_FLAGS) -ldl:BN_LLONG RC4_CHAR
RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64
\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### Alpha Linux with GNU C and Compaq C setups
- # Special notes:
- # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -1767,7 +1767,7 @@ while (<IN>)
- elsif ($shared_extension ne "" && $shared_extension =~
/^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
-- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER)
.s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~
/^\.[^\.]*\.[^\.]*\.dylib$/)
- {
-diff -up openssl-1.0.2e/Makefile.org.rpmbuild
openssl-1.0.2e/Makefile.org
---- openssl-1.0.2e/Makefile.org.rpmbuild 2015-12-03 15:04:23.000000000 +0100
-+++
openssl-1.0.2e/Makefile.org 2015-12-04 13:18:44.913538616 +0100
-@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
- SHLIB_MAJOR=
- SHLIB_MINOR=
- SHLIB_EXT=
-+SHLIB_SONAMEVER=10
- PLATFORM=dist
- OPTIONS=
- CONFIGURE_ARGS=
-@@ -341,10 +342,9 @@ clean-shared:
- link-shared:
- @ set -e; for i in $(SHLIBDIRS); do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- symlink.$(SHLIB_TARGET); \
-- libs="$$libs -l$$i"; \
- done
-
- build-shared: do_$(SHLIB_TARGET) link-shared
-@@ -355,7 +355,7 @@ do_$(SHLIB_TARGET):
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
diff --git a/openssl-1.0.2e-speed-doc.patch b/openssl-1.0.2e-speed-doc.patch
deleted file mode 100644
index 8e3d95b..0000000
--- a/openssl-1.0.2e-speed-doc.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-diff -up openssl-1.0.2e/apps/speed.c.speed-doc openssl-1.0.2e/apps/speed.c
---- openssl-1.0.2e/apps/speed.c.speed-doc 2015-12-04 14:00:58.000000000 +0100
-+++ openssl-1.0.2e/apps/speed.c 2016-01-15 14:15:56.482343557 +0100
-@@ -648,10 +648,6 @@ int MAIN(int argc, char **argv)
- # endif
- int multiblock = 0;
-
--# ifndef TIMES
-- usertime = -1;
--# endif
--
- apps_startup();
- memset(results, 0, sizeof(results));
- # ifndef OPENSSL_NO_DSA
-@@ -1145,10 +1141,8 @@ int MAIN(int argc, char **argv)
-
- BIO_printf(bio_err, "\n");
- BIO_printf(bio_err, "Available options:\n");
--# if defined(TIMES) || defined(USE_TOD)
- BIO_printf(bio_err, "-elapsed "
- "measure time in real time instead of CPU user
time.\n");
--# endif
- # ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,
- "-engine e "
-diff -up openssl-1.0.2e/doc/apps/speed.pod.speed-doc openssl-1.0.2e/doc/apps/speed.pod
---- openssl-1.0.2e/doc/apps/speed.pod.speed-doc 2015-12-03 14:42:07.000000000 +0100
-+++ openssl-1.0.2e/doc/apps/speed.pod 2016-01-15 14:05:23.044222376 +0100
-@@ -8,6 +8,9 @@ speed - test library performance
-
- B<openssl speed>
- [B<-engine id>]
-+[B<-elapsed>]
-+[B<-evp algo>]
-+[B<-decrypt>]
- [B<md2>]
- [B<mdc2>]
- [B<md5>]
-@@ -49,6 +52,19 @@ to attempt to obtain a functional refere
- thus initialising it if needed. The engine will then be set as the default
- for all available algorithms.
-
-+=item B<-elapsed>
-+
-+Measure time in real time instead of CPU time. It can be useful when testing
-+speed of hardware engines.
-+
-+=item B<-evp algo>
-+
-+Use the specified cipher or message digest algorithm via the EVP interface.
-+
-+=item B<-decrypt>
-+
-+Time the decryption instead of encryption. Affects only the EVP testing.
-+
- =item B<[zero or more test algorithms]>
-
- If any options are given, B<speed> tests those algorithms, otherwise all of
diff --git a/openssl-1.0.2g-disable-sslv2v3.patch b/openssl-1.0.2g-disable-sslv2v3.patch
deleted file mode 100644
index 06f5132..0000000
--- a/openssl-1.0.2g-disable-sslv2v3.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
---- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
-+++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
-@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
- /*
-- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
-- * explicitly clear this option via either of SSL_CTX_clear_options() or
-+ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have
to
-+ * explicitly clear these options via either of SSL_CTX_clear_options() or
- * SSL_clear_options().
- */
-- ret->options |= SSL_OP_NO_SSLv2;
-+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-
- return (ret);
- err:
diff --git a/openssl-1.0.2h-pkgconfig.patch b/openssl-1.0.2h-pkgconfig.patch
deleted file mode 100644
index f810157..0000000
--- a/openssl-1.0.2h-pkgconfig.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -up openssl-1.0.2h/Makefile.org.pkgconfig
openssl-1.0.2h/Makefile.org
---- openssl-1.0.2h/Makefile.org.pkgconfig 2016-05-03 18:06:45.869834730 +0200
-+++
openssl-1.0.2h/Makefile.org 2016-06-27 12:04:15.444245018 +0200
-@@ -377,7 +377,7 @@ libcrypto.pc: Makefile
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto'; \
- echo 'Libs.private: $(EX_LIBS)'; \
-- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-+ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
-
- libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
-@@ -388,9 +388,9 @@ libssl.pc: Makefile
- echo 'Name: OpenSSL-libssl'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
-- echo 'Requires.private: libcrypto'; \
-+ echo 'Requires: libcrypto'; \
- echo 'Libs: -L$${libdir} -lssl'; \
-- echo 'Libs.private: $(EX_LIBS)'; \
-+ echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
- openssl.pc: Makefile
diff --git a/openssl-1.0.2i-chil-fixes.patch b/openssl-1.0.2i-chil-fixes.patch
deleted file mode 100644
index c7f1820..0000000
--- a/openssl-1.0.2i-chil-fixes.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -up openssl-1.0.2i/engines/e_chil.c.chil openssl-1.0.2i/engines/e_chil.c
---- openssl-1.0.2i/engines/e_chil.c.chil 2016-09-22 12:23:06.000000000 +0200
-+++ openssl-1.0.2i/engines/e_chil.c 2016-09-22 13:49:32.532017102 +0200
-@@ -1274,6 +1274,11 @@ static int hwcrhk_insert_card(const char
- UI *ui;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
-+ /* Despite what the documentation says prompt_info can be
-+ * an empty string.
-+ */
-+ if (prompt_info && !*prompt_info)
-+ prompt_info = NULL;
-
- if (cactx) {
- if (cactx->ui_method)
diff --git a/openssl-1.0.2i-enc-fail.patch b/openssl-1.0.2i-enc-fail.patch
deleted file mode 100644
index 819a3fc..0000000
--- a/openssl-1.0.2i-enc-fail.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -up openssl-1.0.2i/crypto/evp/bio_enc.c.enc-fail
openssl-1.0.2i/crypto/evp/bio_enc.c
---- openssl-1.0.2i/crypto/evp/bio_enc.c.enc-fail 2016-09-22 12:23:06.000000000 +0200
-+++ openssl-1.0.2i/crypto/evp/bio_enc.c 2016-09-22 13:58:24.592381002 +0200
-@@ -307,8 +307,9 @@ static long enc_ctrl(BIO *b, int cmd, lo
- case BIO_CTRL_RESET:
- ctx->ok = 1;
- ctx->finished = 0;
-- EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
-- ctx->cipher.encrypt);
-+ if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
-+ ctx->cipher.encrypt))
-+ ctx->ok = 0;
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
- break;
- case BIO_CTRL_EOF: /* More to read */
-@@ -430,7 +431,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI
-
- b->init = 1;
- ctx = (BIO_ENC_CTX *)b->ptr;
-- EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
-+ if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
-+ ctx->ok = 0;
-
- if (b->callback != NULL)
- b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
diff --git a/openssl-1.0.2i-enginesdir.patch b/openssl-1.0.2i-enginesdir.patch
deleted file mode 100644
index 862ef1b..0000000
--- a/openssl-1.0.2i-enginesdir.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-diff --git a/Configure b/Configure
-index c39f71a..7f3d905 100755
---- a/Configure
-+++ b/Configure
-@@ -727,6 +727,7 @@ my $idx_multilib = $idx++;
- my $prefix="";
- my $libdir="";
- my $openssldir="";
-+my $enginesdir="";
- my $exe_ext="";
- my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
- my $cross_compile_prefix="";
-@@ -956,6 +957,10 @@ PROCESS_ARGS:
- {
- $openssldir=$1;
- }
-+ elsif (/^--enginesdir=(.*)$/)
-+ {
-+ $enginesdir=$1;
-+ }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
-@@ -1207,7 +1212,7 @@ chop $prefix if $prefix =~ /.\/$/;
-
- $openssldir=$prefix . "/ssl" if $openssldir eq "";
- $openssldir=$prefix . "/" . $openssldir if $openssldir !~
/(^\/|^[a-zA-Z]:[\\\/])/;
--
-+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
-
- print "IsMK1MF=$IsMK1MF\n";
-
-@@ -1709,6 +1714,7 @@ while (<IN>)
- s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
- s/^MULTILIB=.*$/MULTILIB=$multilib/;
- s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
-+ s/^ENGINESDIR=.*$/ENGINESDIR=$enginesdir/;
- s/^LIBDIR=.*$/LIBDIR=$libdir/;
- s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
- s/^PLATFORM=.*$/PLATFORM=$target/;
-@@ -1915,7 +1921,7 @@ while (<IN>)
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
-- my $foo = "$prefix/$libdir/engines";
-+ my $foo = "$enginesdir";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
-diff --git
a/Makefile.org b/Makefile.org
-index 2377f50..fe8d54c 100644
----
a/Makefile.org
-+++
b/Makefile.org
-@@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl
-
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-+ENGINESDIR=$${libdir}/engines
-
- # NO_IDEA - Define to build without the IDEA algorithm
- # NO_RC4 - Define to build without the RC4 algorithm
-@@ -368,7 +369,7 @@ libcrypto.pc: Makefile
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
-- echo 'enginesdir=$${libdir}/engines'; \
-+ echo 'enginesdir=$(ENGINESDIR)'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
-diff --git a/engines/Makefile b/engines/Makefile
-index 2058ff4..a2c407b 100644
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -124,7 +124,7 @@ install:
- esac; \
- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new;
\
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
diff --git a/openssl-1.0.2j-deprecate-algos.patch b/openssl-1.0.2j-deprecate-algos.patch
deleted file mode 100644
index cbfb2e9..0000000
--- a/openssl-1.0.2j-deprecate-algos.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-diff -up openssl-1.0.2j/crypto/asn1/a_verify.c.deprecate-algos
openssl-1.0.2j/crypto/asn1/a_verify.c
---- openssl-1.0.2j/crypto/asn1/a_verify.c.deprecate-algos 2016-09-26 11:49:07.000000000
+0200
-+++ openssl-1.0.2j/crypto/asn1/a_verify.c 2017-01-09 16:47:11.666994197 +0100
-@@ -56,6 +56,9 @@
- * [including the GNU Public Licence.]
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
-+
- #include <stdio.h>
- #include <time.h>
-
-@@ -133,6 +136,30 @@ int ASN1_verify(i2d_of_void *i2d, X509_A
-
- #endif
-
-+static int legacy_mds[] = { NID_md5, NID_sha, NID_md4, NID_md2, 0 };
-+extern int private_ossl_allowed_legacy_mds[];
-+
-+static int is_md_legacy_disallowed(int mdnid)
-+{
-+ int i;
-+
-+ if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY")
!= NULL)
-+ return 0;
-+
-+ for (i = 0; legacy_mds[i] != 0; ++i) {
-+ if (mdnid == legacy_mds[i]) {
-+ int j;
-+
-+ for (j = 0; private_ossl_allowed_legacy_mds[j] != 0; ++j) {
-+ if (mdnid == private_ossl_allowed_legacy_mds[j])
-+ return 0;
-+ }
-+ return 1;
-+ }
-+ }
-+ return 0;
-+}
-+
- int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
- ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
- {
-@@ -174,6 +201,10 @@ int ASN1_item_verify(const ASN1_ITEM *it
- if (ret != 2)
- goto err;
- ret = -1;
-+ } else if (is_md_legacy_disallowed(mdnid)) {
-+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-+ goto err;
- } else {
- const EVP_MD *type;
- type = EVP_get_digestbynid(mdnid);
-diff -up openssl-1.0.2j/crypto/o_init.c.deprecate-algos openssl-1.0.2j/crypto/o_init.c
---- openssl-1.0.2j/crypto/o_init.c.deprecate-algos 2017-01-05 17:49:00.000000000 +0100
-+++ openssl-1.0.2j/crypto/o_init.c 2017-01-09 16:52:29.018298611 +0100
-@@ -64,11 +64,21 @@
- # include <unistd.h>
- # include <errno.h>
- # include <stdlib.h>
-+# include <stdio.h>
-+# include <string.h>
-+# include <strings.h>
-+# include <ctype.h>
- # include <openssl/fips.h>
- # include <openssl/rand.h>
-+# include <openssl/dh.h>
-+# include <openssl/objects.h>
-
- # define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
-
-+# define LEGACY_SETTINGS_FILE "/etc/pki/tls/legacy-settings"
-+
-+# define NUM_MAX_LEGACY_MDS 8
-+
- static void init_fips_mode(void)
- {
- char buf[2] = "0";
-@@ -98,6 +108,115 @@ static void init_fips_mode(void)
- }
- #endif
-
-+int private_ossl_allowed_legacy_mds[NUM_MAX_LEGACY_MDS + 1]; /* zero terminated */
-+
-+int private_ossl_minimum_dh_bits;
-+
-+static void parse_legacy_mds(char *p)
-+{
-+ int idx = 0;
-+ char *e = p;
-+
-+ while (p[0] != '\0') {
-+ while (e[0] != '\0' && !isspace(e[0]) && e[0] !=
',') {
-+ ++e;
-+ }
-+ if (e[0] != '\0') {
-+ e[0] = '\0';
-+ ++e;
-+ }
-+
-+ if (strcasecmp(p, "md5") == 0) {
-+ private_ossl_allowed_legacy_mds[idx++] = NID_md5;
-+ } else if (strcasecmp(p, "md4") == 0) {
-+ private_ossl_allowed_legacy_mds[idx++] = NID_md4;
-+ } else if (strcasecmp(p, "sha") == 0) {
-+ private_ossl_allowed_legacy_mds[idx++] = NID_sha;
-+ } else if (strcasecmp(p, "md2") == 0) {
-+ private_ossl_allowed_legacy_mds[idx++] = NID_md2;
-+ }
-+
-+ if (idx >=
-+ sizeof(private_ossl_allowed_legacy_mds) /
-+ sizeof(private_ossl_allowed_legacy_mds[0])) {
-+ break;
-+ }
-+
-+ while (e[0] == ',' || isspace(e[0])) {
-+ ++e;
-+ }
-+
-+ p = e;
-+ }
-+}
-+
-+static void parse_minimum_dh_bits(char *p)
-+{
-+ private_ossl_minimum_dh_bits = strtol(p, NULL, 10);
-+ if (private_ossl_minimum_dh_bits < 512
-+ || private_ossl_minimum_dh_bits > OPENSSL_DH_MAX_MODULUS_BITS) {
-+ /* use default */
-+ private_ossl_minimum_dh_bits = 0;
-+ }
-+}
-+
-+static void load_legacy_settings(void)
-+{
-+ FILE *f;
-+ char *line = NULL;
-+ size_t len = 0;
-+
-+ if ((f = fopen(LEGACY_SETTINGS_FILE, "r")) == NULL) {
-+ return;
-+ }
-+
-+ while (getline(&line, &len, f) > 0) {
-+ char *p = line, *e, *val;
-+
-+ /* skip initial whitespace */
-+ while (isspace(p[0])) {
-+ ++p;
-+ }
-+
-+ e = p;
-+
-+ while (e[0] != '\0' && !isspace(e[0])) {
-+ ++e;
-+ }
-+
-+ /* terminate name, skip whitespace between name and value */
-+ if (e[0] != '\0') {
-+ e[0] = '\0';
-+ ++e;
-+ while (isspace(e[0])) {
-+ ++e;
-+ }
-+ }
-+
-+ val = e;
-+
-+ e = e + strlen(val);
-+
-+ /* trim terminating whitespace */
-+ while (e > val) {
-+ --e;
-+ if (isspace(e[0])) {
-+ e[0] = '\0';
-+ } else {
-+ break;
-+ }
-+ }
-+
-+ if (strcasecmp(p, "LegacySigningMDs") == 0) {
-+ parse_legacy_mds(val);
-+ } else if (strcasecmp(line, "MinimumDHBits") == 0) {
-+ parse_minimum_dh_bits(val);
-+ }
-+ /* simply skip other unrecognized lines */
-+ }
-+ (void)fclose(f);
-+}
-+
- /*
- * Perform any essential OpenSSL initialization operations. Currently only
- * sets FIPS callbacks
-@@ -109,6 +228,7 @@ void __attribute__ ((constructor)) OPENS
- if (done)
- return;
- done = 1;
-+ load_legacy_settings();
- #ifdef OPENSSL_FIPS
- if (!FIPS_module_installed()) {
- return;
-diff -up openssl-1.0.2j/ssl/s3_clnt.c.deprecate-algos openssl-1.0.2j/ssl/s3_clnt.c
---- openssl-1.0.2j/ssl/s3_clnt.c.deprecate-algos 2016-09-26 11:49:07.000000000 +0200
-+++ openssl-1.0.2j/ssl/s3_clnt.c 2017-01-09 17:01:19.428506961 +0100
-@@ -3478,6 +3478,8 @@ int ssl3_send_client_certificate(SSL *s)
-
- #define has_bits(i,m) (((i)&(m)) == (m))
-
-+extern int private_ossl_minimum_dh_bits;
-+
- int ssl3_check_cert_and_algorithm(SSL *s)
- {
- int i, idx;
-@@ -3608,8 +3610,7 @@ int ssl3_check_cert_and_algorithm(SSL *s
- DH_free(dh_srvr);
- }
-
-- if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size <
1024)
-- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size <
512)) {
-+ if (dh_size < (private_ossl_minimum_dh_bits ? private_ossl_minimum_dh_bits :
1024)) {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
- goto f_err;
- }
diff --git a/openssl-1.0.2j-downgrade-strength.patch
b/openssl-1.0.2j-downgrade-strength.patch
deleted file mode 100644
index 6e9e387..0000000
--- a/openssl-1.0.2j-downgrade-strength.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-diff -up openssl-1.0.2j/ssl/s3_lib.c.downgrade-strength openssl-1.0.2j/ssl/s3_lib.c
---- openssl-1.0.2j/ssl/s3_lib.c.downgrade-strength 2017-01-05 17:23:21.091203023 +0100
-+++ openssl-1.0.2j/ssl/s3_lib.c 2017-01-05 17:36:37.250194225 +0100
-@@ -227,7 +227,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -243,7 +243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
- #endif
-@@ -575,7 +575,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -730,7 +730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -746,7 +746,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -796,7 +796,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -812,7 +812,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -1429,7 +1429,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
- #endif
-@@ -1714,7 +1714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -2106,7 +2106,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -2186,7 +2186,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -2266,7 +2266,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -2346,7 +2346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
-@@ -2426,7 +2426,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-- 128,
-+ 112,
- 128,
- },
-
diff --git a/openssl-1.0.2j-nokrb5-abi.patch b/openssl-1.0.2j-nokrb5-abi.patch
deleted file mode 100644
index a3bba70..0000000
--- a/openssl-1.0.2j-nokrb5-abi.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff -up openssl-1.0.2j/ssl/ssl.h.nokrb5-abi openssl-1.0.2j/ssl/ssl.h
---- openssl-1.0.2j/ssl/ssl.h.nokrb5-abi 2016-10-07 11:33:36.000000000 +0200
-+++ openssl-1.0.2j/ssl/ssl.h 2016-10-14 13:26:29.767624676 +0200
-@@ -521,6 +521,9 @@ struct ssl_session_st {
- # ifndef OPENSSL_NO_KRB5
- unsigned int krb5_client_princ_len;
- unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-+# else
-+ unsigned int unused_krb5_client_princ_len;
-+ unsigned char unused_krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
- # endif /* OPENSSL_NO_KRB5 */
- # ifndef OPENSSL_NO_PSK
- char *psk_identity_hint;
-@@ -1521,6 +1524,8 @@ struct ssl_st {
- # ifndef OPENSSL_NO_KRB5
- /* Kerberos 5 context */
- KSSL_CTX *kssl_ctx;
-+# else
-+ void *unused_kssl_ctx;
- # endif /* OPENSSL_NO_KRB5 */
- # ifndef OPENSSL_NO_PSK
- unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
diff --git a/openssl-1.0.2k-fips-randlock.patch b/openssl-1.0.2k-fips-randlock.patch
deleted file mode 100644
index 8b08ef4..0000000
--- a/openssl-1.0.2k-fips-randlock.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-diff -up openssl-1.0.2k/crypto/fips/fips_drbg_lib.c.fips-randlock
openssl-1.0.2k/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.2k/crypto/fips/fips_drbg_lib.c.fips-randlock 2017-03-09
17:59:26.249231181 +0100
-+++ openssl-1.0.2k/crypto/fips/fips_drbg_lib.c 2017-11-16 09:16:06.188098078 +0100
-@@ -338,6 +338,12 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
- return drbg_reseed(dctx, adin, adinlen, 1);
- }
-
-+void FIPS_drbg_set_reseed(DRBG_CTX *dctx)
-+{
-+ if (dctx->status == DRBG_STATUS_READY)
-+ dctx->reseed_counter = dctx->reseed_interval;
-+}
-+
- static int fips_drbg_check(DRBG_CTX *dctx)
- {
- if (dctx->xflags & DRBG_FLAG_TEST)
-diff -up openssl-1.0.2k/crypto/fips/fips_rand.h.fips-randlock
openssl-1.0.2k/crypto/fips/fips_rand.h
---- openssl-1.0.2k/crypto/fips/fips_rand.h.fips-randlock 2017-03-09 17:59:26.252231250
+0100
-+++ openssl-1.0.2k/crypto/fips/fips_rand.h 2017-11-07 10:06:40.241450151 +0100
-@@ -86,6 +86,7 @@ extern "C" {
- const unsigned char *pers, size_t perslen);
- int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin,
- size_t adinlen);
-+ void FIPS_drbg_set_reseed(DRBG_CTX *dctx);
- int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
- int prediction_resistance,
- const unsigned char *adin, size_t adinlen);
-diff -up openssl-1.0.2k/crypto/rand/md_rand.c.fips-randlock
openssl-1.0.2k/crypto/rand/md_rand.c
---- openssl-1.0.2k/crypto/rand/md_rand.c.fips-randlock 2017-03-09 17:59:26.255231320
+0100
-+++ openssl-1.0.2k/crypto/rand/md_rand.c 2017-12-06 09:20:23.615879425 +0100
-@@ -391,10 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
- crypto_lock_rand = 1;
-
-- /* always poll for external entropy in FIPS mode, drbg provides the
-- * expansion
-+ /* always poll for external entropy in FIPS mode, if run as seed
-+ * source, drbg provides the expansion
- */
-- if (!initialized || FIPS_module_mode()) {
-+ if (!initialized || (!lock && FIPS_module_mode())) {
- RAND_poll();
- initialized = 1;
- }
-diff -up openssl-1.0.2k/crypto/rand/rand_lib.c.fips-randlock
openssl-1.0.2k/crypto/rand/rand_lib.c
---- openssl-1.0.2k/crypto/rand/rand_lib.c.fips-randlock 2017-03-09 17:59:26.292232183
+0100
-+++ openssl-1.0.2k/crypto/rand/rand_lib.c 2017-11-07 10:20:08.050403861 +0100
-@@ -238,7 +238,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
- RAND_SSLeay()->add(in, inlen, entropy);
- if (FIPS_rand_status()) {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-- FIPS_drbg_reseed(ctx, NULL, 0);
-+ FIPS_drbg_set_reseed(ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
- return 1;
-@@ -249,7 +249,7 @@ static int drbg_rand_seed(DRBG_CTX *ctx,
- RAND_SSLeay()->seed(in, inlen);
- if (FIPS_rand_status()) {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-- FIPS_drbg_reseed(ctx, NULL, 0);
-+ FIPS_drbg_set_reseed(ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
- return 1;
diff --git a/openssl-1.0.2k-long-hello.patch b/openssl-1.0.2k-long-hello.patch
deleted file mode 100644
index 358b027..0000000
--- a/openssl-1.0.2k-long-hello.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-diff -up openssl-1.0.2k/ssl/s3_srvr.c.long-hello openssl-1.0.2k/ssl/s3_srvr.c
---- openssl-1.0.2k/ssl/s3_srvr.c.long-hello 2017-03-09 17:59:26.000000000 +0100
-+++ openssl-1.0.2k/ssl/s3_srvr.c 2017-03-30 09:11:35.639338753 +0200
-@@ -899,6 +899,23 @@ int ssl3_send_hello_request(SSL *s)
- return ssl_do_write(s);
- }
-
-+/*
-+ * Maximum size (excluding the Handshake header) of a ClientHello message,
-+ * calculated as follows:
-+ *
-+ * 2 + # client_version
-+ * 32 + # only valid length for random
-+ * 1 + # length of session_id
-+ * 32 + # maximum size for session_id
-+ * 2 + # length of cipher suites
-+ * 2^16-2 + # maximum length of cipher suites array
-+ * 1 + # length of compression_methods
-+ * 2^8-1 + # maximum length of compression methods
-+ * 2 + # length of extensions
-+ * 2^16-1 # maximum length of extensions
-+ */
-+#define CLIENT_HELLO_MAX_LENGTH 131396
-+
- int ssl3_get_client_hello(SSL *s)
- {
- int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0;
-@@ -930,7 +947,7 @@ int ssl3_get_client_hello(SSL *s)
- SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
- SSL3_MT_CLIENT_HELLO,
-- SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-+ CLIENT_HELLO_MAX_LENGTH, &ok);
-
- if (!ok)
- return ((int)n);
diff --git a/openssl-1.0.2m-manfix.patch b/openssl-1.0.2m-manfix.patch
deleted file mode 100644
index fdcaccb..0000000
--- a/openssl-1.0.2m-manfix.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-diff -up openssl-1.0.2m/doc/apps/ec.pod.manfix openssl-1.0.2m/doc/apps/ec.pod
---- openssl-1.0.2m/doc/apps/ec.pod.manfix 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/ec.pod 2017-11-13 09:06:06.372591988 +0100
-@@ -94,10 +94,6 @@ prints out the public, private key compo
-
- this option prevents output of the encoded version of the key.
-
--=item B<-modulus>
--
--this option prints out the value of the public key component of the key.
--
- =item B<-pubin>
-
- by default a private key is read from the input file: with this option a
-diff -up openssl-1.0.2m/doc/apps/openssl.pod.manfix openssl-1.0.2m/doc/apps/openssl.pod
---- openssl-1.0.2m/doc/apps/openssl.pod.manfix 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/openssl.pod 2017-11-13 09:06:06.372591988 +0100
-@@ -163,7 +163,7 @@ Create or examine a netscape certificate
-
- Online Certificate Status Protocol utility.
-
--=item L<B<passwd>|passwd(1)>
-+=item L<B<passwd>|sslpasswd(1)>
-
- Generation of hashed passwords.
-
-@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
-
- Public key algorithm cryptographic operation utility.
-
--=item L<B<rand>|rand(1)>
-+=item L<B<rand>|sslrand(1)>
-
- Generate pseudo-random bytes.
-
-@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
- L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>,
L<dsaparam(1)|dsaparam(1)>,
- L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
- L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
--L<passwd(1)|passwd(1)>,
-+L<sslpasswd(1)|sslpasswd(1)>,
- L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
--L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
-+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
- L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
- L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
- L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
-diff -up openssl-1.0.2m/doc/apps/s_client.pod.manfix
openssl-1.0.2m/doc/apps/s_client.pod
---- openssl-1.0.2m/doc/apps/s_client.pod.manfix 2017-11-13 09:06:06.346591381 +0100
-+++ openssl-1.0.2m/doc/apps/s_client.pod 2017-11-13 09:07:05.273965939 +0100
-@@ -36,6 +36,9 @@ B<openssl> B<s_client>
- [B<-ssl2>]
- [B<-ssl3>]
- [B<-tls1>]
-+[B<-tls1_1>]
-+[B<-tls1_2>]
-+[B<-dtls1>]
- [B<-no_ssl2>]
- [B<-no_ssl3>]
- [B<-no_tls1>]
-@@ -208,7 +211,7 @@ given as a hexadecimal number without le
- 1a2b3c4d.
- This option must be provided in order to use a PSK cipher.
-
--=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>,
B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>,
B<-no_tls1_1>, B<-no_tls1_2>
-+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>,
B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>,
B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- These options require or disable the use of the specified SSL or TLS protocols.
- By default the initial handshake uses a I<version-flexible> method which will
-diff -up openssl-1.0.2m/doc/apps/s_server.pod.manfix
openssl-1.0.2m/doc/apps/s_server.pod
---- openssl-1.0.2m/doc/apps/s_server.pod.manfix 2017-11-13 09:06:06.346591381 +0100
-+++ openssl-1.0.2m/doc/apps/s_server.pod 2017-11-13 09:07:24.481413978 +0100
-@@ -47,6 +47,8 @@ B<openssl> B<s_server>
- [B<-ssl2>]
- [B<-ssl3>]
- [B<-tls1>]
-+[B<-tls1_1>]
-+[B<-tls1_2>]
- [B<-no_ssl2>]
- [B<-no_ssl3>]
- [B<-no_tls1>]
-@@ -224,7 +226,7 @@ given as a hexadecimal number without le
- 1a2b3c4d.
- This option must be provided in order to use a PSK cipher.
-
--=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>,
B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>,
B<-no_tls1_1>, B<-no_tls1_2>
-+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>,
B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>,
B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- These options require or disable the use of the specified SSL or TLS protocols.
- By default the initial handshake uses a I<version-flexible> method which will
diff --git a/openssl-1.0.2m-secure-getenv.patch b/openssl-1.0.2m-secure-getenv.patch
deleted file mode 100644
index 56749f0..0000000
--- a/openssl-1.0.2m-secure-getenv.patch
+++ /dev/null
@@ -1,241 +0,0 @@
-diff -up openssl-1.0.2m/crypto/conf/conf_api.c.secure-getenv
openssl-1.0.2m/crypto/conf/conf_api.c
---- openssl-1.0.2m/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:32:57.000000000
+0100
-+++ openssl-1.0.2m/crypto/conf/conf_api.c 2017-11-13 09:04:24.456214656 +0100
-@@ -63,6 +63,8 @@
- # define NDEBUG
- #endif
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <assert.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -141,7 +143,7 @@ char *_CONF_get_string(const CONF *conf,
- if (v != NULL)
- return (v->value);
- if (strcmp(section, "ENV") == 0) {
-- p = getenv(name);
-+ p = secure_getenv(name);
- if (p != NULL)
- return (p);
- }
-@@ -154,7 +156,7 @@ char *_CONF_get_string(const CONF *conf,
- else
- return (NULL);
- } else
-- return (getenv(name));
-+ return (secure_getenv(name));
- }
-
- #if 0 /* There's no way to provide error checking
-diff -up openssl-1.0.2m/crypto/conf/conf_mod.c.secure-getenv
openssl-1.0.2m/crypto/conf/conf_mod.c
---- openssl-1.0.2m/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:32:57.000000000
+0100
-+++ openssl-1.0.2m/crypto/conf/conf_mod.c 2017-11-13 09:04:24.456214656 +0100
-@@ -57,6 +57,8 @@
- *
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <ctype.h>
- #include <openssl/crypto.h>
-@@ -530,7 +532,7 @@ char *CONF_get1_default_config_file(void
- char *file;
- int len;
-
-- file = getenv("OPENSSL_CONF");
-+ file = secure_getenv("OPENSSL_CONF");
- if (file)
- return BUF_strdup(file);
-
-diff -up openssl-1.0.2m/crypto/engine/eng_list.c.secure-getenv
openssl-1.0.2m/crypto/engine/eng_list.c
---- openssl-1.0.2m/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:32:58.000000000
+0100
-+++ openssl-1.0.2m/crypto/engine/eng_list.c 2017-11-13 09:04:24.456214656 +0100
-@@ -62,6 +62,8 @@
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include "eng_int.h"
-
- /*
-@@ -369,10 +371,10 @@ ENGINE *ENGINE_by_id(const char *id)
- */
- if (strcmp(id, "dynamic")) {
- # ifdef OPENSSL_SYS_VMS
-- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
-+ if (OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) ==
0)
- load_dir = "SSLROOT:[ENGINES]";
- # else
-- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
-+ if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0)
- load_dir = ENGINESDIR;
- # endif
- iterator = ENGINE_by_id("dynamic");
-diff -up openssl-1.0.2m/crypto/md5/md5_dgst.c.secure-getenv
openssl-1.0.2m/crypto/md5/md5_dgst.c
---- openssl-1.0.2m/crypto/md5/md5_dgst.c.secure-getenv 2017-11-13 09:04:24.446214423
+0100
-+++ openssl-1.0.2m/crypto/md5/md5_dgst.c 2017-11-13 09:04:24.456214656 +0100
-@@ -56,6 +56,8 @@
- * [including the GNU Public Licence.]
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include "md5_locl.h"
- #include <openssl/opensslv.h>
-@@ -75,7 +77,8 @@ const char MD5_version[] = "MD5" OPENSSL
- int MD5_Init(MD5_CTX *c)
- #ifdef OPENSSL_FIPS
- {
-- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW")
== NULL)
-+ if (FIPS_mode()
-+ && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") ==
NULL)
- OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");
- return private_MD5_Init(c);
- }
-diff -up openssl-1.0.2m/crypto/o_init.c.secure-getenv openssl-1.0.2m/crypto/o_init.c
---- openssl-1.0.2m/crypto/o_init.c.secure-getenv 2017-11-13 09:04:24.431214072 +0100
-+++ openssl-1.0.2m/crypto/o_init.c 2017-11-13 09:04:24.456214656 +0100
-@@ -53,6 +53,8 @@
- *
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <e_os.h>
- #include <openssl/err.h>
- #ifdef OPENSSL_FIPS
-@@ -72,7 +74,7 @@ static void init_fips_mode(void)
- char buf[2] = "0";
- int fd;
-
-- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
-+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
- buf[0] = '1';
- } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
- while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
-diff -up openssl-1.0.2m/crypto/rand/randfile.c.secure-getenv
openssl-1.0.2m/crypto/rand/randfile.c
---- openssl-1.0.2m/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:32:58.000000000
+0100
-+++ openssl-1.0.2m/crypto/rand/randfile.c 2017-11-13 09:04:24.457214679 +0100
-@@ -55,6 +55,8 @@
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-+/* for secure_getenv */
-+#define _GNU_SOURCE
-
- #include <errno.h>
- #include <stdio.h>
-@@ -327,14 +329,12 @@ const char *RAND_file_name(char *buf, si
- struct stat sb;
- #endif
-
-- if (OPENSSL_issetugid() == 0)
-- s = getenv("RANDFILE");
-+ s = secure_getenv("RANDFILE");
- if (s != NULL && *s && strlen(s) + 1 < size) {
- if (BUF_strlcpy(buf, s, size) >= size)
- return NULL;
- } else {
-- if (OPENSSL_issetugid() == 0)
-- s = getenv("HOME");
-+ s = secure_getenv("HOME");
- #ifdef DEFAULT_HOME
- if (s == NULL) {
- s = DEFAULT_HOME;
-diff -up openssl-1.0.2m/crypto/x509/by_dir.c.secure-getenv
openssl-1.0.2m/crypto/x509/by_dir.c
---- openssl-1.0.2m/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:32:58.000000000
+0100
-+++ openssl-1.0.2m/crypto/x509/by_dir.c 2017-11-13 09:04:24.457214679 +0100
-@@ -56,6 +56,8 @@
- * [including the GNU Public Licence.]
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <time.h>
- #include <errno.h>
-@@ -128,7 +130,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
- switch (cmd) {
- case X509_L_ADD_DIR:
- if (argl == X509_FILETYPE_DEFAULT) {
-- dir = (char *)getenv(X509_get_default_cert_dir_env());
-+ dir = (char *)secure_getenv(X509_get_default_cert_dir_env());
- if (dir)
- ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
- else
-diff -up openssl-1.0.2m/crypto/x509/by_file.c.secure-getenv
openssl-1.0.2m/crypto/x509/by_file.c
---- openssl-1.0.2m/crypto/x509/by_file.c.secure-getenv 2017-11-13 09:04:24.405213466
+0100
-+++ openssl-1.0.2m/crypto/x509/by_file.c 2017-11-13 09:05:04.115139752 +0100
-@@ -56,6 +56,8 @@
- * [including the GNU Public Licence.]
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <time.h>
- #include <errno.h>
-@@ -97,7 +99,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
- switch (cmd) {
- case X509_L_FILE_LOAD:
- if (argl == X509_FILETYPE_DEFAULT) {
-- file = getenv(X509_get_default_cert_file_env());
-+ file = secure_getenv(X509_get_default_cert_file_env());
- if (file)
- ok = (X509_load_cert_crl_file(ctx, file,
- X509_FILETYPE_PEM) != 0);
-diff -up openssl-1.0.2m/crypto/x509/x509_vfy.c.secure-getenv
openssl-1.0.2m/crypto/x509/x509_vfy.c
---- openssl-1.0.2m/crypto/x509/x509_vfy.c.secure-getenv 2017-11-02 15:32:58.000000000
+0100
-+++ openssl-1.0.2m/crypto/x509/x509_vfy.c 2017-11-13 09:04:24.458214702 +0100
-@@ -56,6 +56,8 @@
- * [including the GNU Public Licence.]
- */
-
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <time.h>
- #include <errno.h>
-@@ -620,7 +622,7 @@ static int check_chain_extensions(X509_S
- * A hack to keep people who don't want to modify their software
- * happy
- */
-- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-+ if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
- allow_proxy_certs = 1;
- purpose = ctx->param->purpose;
- }
-diff -up openssl-1.0.2m/engines/ccgost/gost_ctl.c.secure-getenv
openssl-1.0.2m/engines/ccgost/gost_ctl.c
---- openssl-1.0.2m/engines/ccgost/gost_ctl.c.secure-getenv 2017-11-02 15:32:58.000000000
+0100
-+++ openssl-1.0.2m/engines/ccgost/gost_ctl.c 2017-11-13 09:04:24.458214702 +0100
-@@ -6,6 +6,8 @@
- * Implementation of control commands for GOST engine *
- * OpenSSL 0.9.9 libraries required *
- **********************************************************************/
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdlib.h>
- #include <string.h>
- #include <openssl/crypto.h>
-@@ -64,7 +66,7 @@ const char *get_gost_engine_param(int pa
- if (gost_params[param] != NULL) {
- return gost_params[param];
- }
-- tmp = getenv(gost_envnames[param]);
-+ tmp = secure_getenv(gost_envnames[param]);
- if (tmp) {
- if (gost_params[param])
- OPENSSL_free(gost_params[param]);
-@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
- const char *tmp;
- if (param < 0 || param > GOST_PARAM_MAX)
- return 0;
-- tmp = getenv(gost_envnames[param]);
-+ tmp = secure_getenv(gost_envnames[param]);
- /*
- * if there is value in the environment, use it, else -passed string *
- */
diff --git a/openssl-1.0.2m-trusted-first-doc.patch
b/openssl-1.0.2m-trusted-first-doc.patch
deleted file mode 100644
index 4459cd2..0000000
--- a/openssl-1.0.2m-trusted-first-doc.patch
+++ /dev/null
@@ -1,286 +0,0 @@
-diff -up openssl-1.0.2m/apps/cms.c.trusted-first openssl-1.0.2m/apps/cms.c
---- openssl-1.0.2m/apps/cms.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
-+++ openssl-1.0.2m/apps/cms.c 2017-11-13 09:08:18.613672265 +0100
-@@ -644,6 +644,8 @@ int MAIN(int argc, char **argv)
- "-CApath dir trusted certificates directory\n");
- BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf(bio_err,
-+ "-trusted_first use trusted certificates first when building the
trust chain\n");
-+ BIO_printf(bio_err,
- "-no_alt_chains only ever use the first certificate chain
found\n");
- BIO_printf(bio_err,
- "-crl_check check revocation status of signer's
certificate using CRLs\n");
-diff -up openssl-1.0.2m/apps/ocsp.c.trusted-first openssl-1.0.2m/apps/ocsp.c
---- openssl-1.0.2m/apps/ocsp.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
-+++ openssl-1.0.2m/apps/ocsp.c 2017-11-13 09:08:18.613672265 +0100
-@@ -537,6 +537,8 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err,
- "-CAfile file trusted certificates file\n");
- BIO_printf(bio_err,
-+ "-trusted_first use trusted certificates first when
building the trust chain\n");
-+ BIO_printf(bio_err,
- "-no_alt_chains only ever use the first certificate chain
found\n");
- BIO_printf(bio_err,
- "-VAfile file validator certificates file\n");
-diff -up openssl-1.0.2m/apps/s_client.c.trusted-first openssl-1.0.2m/apps/s_client.c
---- openssl-1.0.2m/apps/s_client.c.trusted-first 2017-11-13 09:08:18.571671320 +0100
-+++ openssl-1.0.2m/apps/s_client.c 2017-11-13 09:08:18.613672265 +0100
-@@ -334,6 +334,8 @@ static void sc_usage(void)
- BIO_printf(bio_err, " -CApath arg - PEM format directory of
CA's\n");
- BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err,
-+ " -trusted_first - Use trusted CA's first when building the
trust chain\n");
-+ BIO_printf(bio_err,
- " -no_alt_chains - only ever use the first certificate chain
found\n");
- BIO_printf(bio_err,
- " -reconnect - Drop and re-make the connection with the same
Session-ID\n");
-diff -up openssl-1.0.2m/apps/smime.c.trusted-first openssl-1.0.2m/apps/smime.c
---- openssl-1.0.2m/apps/smime.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
-+++ openssl-1.0.2m/apps/smime.c 2017-11-13 09:08:18.614672288 +0100
-@@ -440,6 +440,8 @@ int MAIN(int argc, char **argv)
- "-CApath dir trusted certificates directory\n");
- BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf(bio_err,
-+ "-trusted_first use trusted certificates first when building the
trust chain\n");
-+ BIO_printf(bio_err,
- "-no_alt_chains only ever use the first certificate chain
found\n");
- BIO_printf(bio_err,
- "-crl_check check revocation status of signer's
certificate using CRLs\n");
-diff -up openssl-1.0.2m/apps/s_server.c.trusted-first openssl-1.0.2m/apps/s_server.c
---- openssl-1.0.2m/apps/s_server.c.trusted-first 2017-11-13 09:08:18.560671072 +0100
-+++ openssl-1.0.2m/apps/s_server.c 2017-11-13 09:08:18.614672288 +0100
-@@ -572,6 +572,8 @@ static void sv_usage(void)
- BIO_printf(bio_err, " -CApath arg - PEM format directory of
CA's\n");
- BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err,
-+ " -trusted_first - Use trusted CA's first when building the
trust chain\n");
-+ BIO_printf(bio_err,
- " -no_alt_chains - only ever use the first certificate chain
found\n");
- BIO_printf(bio_err,
- " -nocert - Don't use any certificates
(Anon-DH)\n");
-diff -up openssl-1.0.2m/apps/s_time.c.trusted-first openssl-1.0.2m/apps/s_time.c
---- openssl-1.0.2m/apps/s_time.c.trusted-first 2017-11-13 09:08:18.526670306 +0100
-+++ openssl-1.0.2m/apps/s_time.c 2017-11-13 09:08:18.614672288 +0100
-@@ -182,6 +182,7 @@ static void s_time_usage(void)
- file if not specified by this option\n\
- -CApath arg - PEM format directory of CA's\n\
- -CAfile arg - PEM format file of CA's\n\
-+-trusted_first - Use trusted CA's first when building the trust chain\n\
- -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
-
- printf("usage: s_time <args>\n\n");
-diff -up openssl-1.0.2m/apps/ts.c.trusted-first openssl-1.0.2m/apps/ts.c
---- openssl-1.0.2m/apps/ts.c.trusted-first 2017-11-13 09:08:18.569671275 +0100
-+++ openssl-1.0.2m/apps/ts.c 2017-11-13 09:08:18.614672288 +0100
-@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv)
- "ts -verify [-data file_to_hash] [-digest digest_bytes] "
- "[-queryfile request.tsq] "
- "-in response.tsr [-token_in] "
-- "-CApath ca_path -CAfile ca_file.pem "
-+ "-CApath ca_path -CAfile ca_file.pem -trusted_first"
- "-untrusted cert_file.pem\n");
- cleanup:
- /* Clean up. */
-diff -up openssl-1.0.2m/apps/verify.c.trusted-first openssl-1.0.2m/apps/verify.c
---- openssl-1.0.2m/apps/verify.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
-+++ openssl-1.0.2m/apps/verify.c 2017-11-13 09:08:18.615672310 +0100
-@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
- usage:
- if (ret == 1) {
- BIO_printf(bio_err,
-- "usage: verify [-verbose] [-CApath path] [-CAfile file]
[-purpose purpose] [-crl_check]");
-+ "usage: verify [-verbose] [-CApath path] [-CAfile file]
[-trusted_first] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
- #ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err, " [-engine e]");
-diff -up openssl-1.0.2m/doc/apps/cms.pod.trusted-first openssl-1.0.2m/doc/apps/cms.pod
---- openssl-1.0.2m/doc/apps/cms.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/cms.pod 2017-11-13 09:08:18.615672310 +0100
-@@ -36,6 +36,7 @@ B<openssl> B<cms>
- [B<-print>]
- [B<-CAfile file>]
- [B<-CApath dir>]
-+[B<-trusted_first>]
- [B<-no_alt_chains>]
- [B<-md digest>]
- [B<-[cipher]>]
-@@ -249,6 +250,12 @@ B<-verify>. This directory must be a sta
- is a hash of each subject name (using B<x509 -hash>) should be linked
- to each certificate.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before untrusted certificates
-+from the message when building the trust chain to verify certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-md digest>
-
- digest algorithm to use when signing or resigning. If not present then the
-diff -up openssl-1.0.2m/doc/apps/ocsp.pod.trusted-first openssl-1.0.2m/doc/apps/ocsp.pod
---- openssl-1.0.2m/doc/apps/ocsp.pod.trusted-first 2017-11-13 09:08:18.569671275 +0100
-+++ openssl-1.0.2m/doc/apps/ocsp.pod 2017-11-13 09:08:18.615672310 +0100
-@@ -31,6 +31,7 @@ B<openssl> B<ocsp>
- [B<-path>]
- [B<-CApath dir>]
- [B<-CAfile file>]
-+[B<-trusted_first>]
- [B<-no_alt_chains>]
- [B<-VAfile file>]
- [B<-validity_period n>]
-@@ -154,6 +155,13 @@ connection timeout to the OCSP responder
- file or pathname containing trusted CA certificates. These are used to verify
- the signature on the OCSP response.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory over certificates provided
-+in the response or residing in other certificates file when building the trust
-+chain to verify responder certificate.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-no_alt_chains>
-
- See L<B<verify>|verify(1)> manual page for details.
-diff -up openssl-1.0.2m/doc/apps/s_client.pod.trusted-first
openssl-1.0.2m/doc/apps/s_client.pod
---- openssl-1.0.2m/doc/apps/s_client.pod.trusted-first 2017-11-13 09:08:18.582671567
+0100
-+++ openssl-1.0.2m/doc/apps/s_client.pod 2017-11-13 09:08:18.615672310 +0100
-@@ -20,6 +20,7 @@ B<openssl> B<s_client>
- [B<-pass arg>]
- [B<-CApath directory>]
- [B<-CAfile filename>]
-+[B<-trusted_first>]
- [B<-no_alt_chains>]
- [B<-reconnect>]
- [B<-pause>]
-@@ -129,7 +130,7 @@ also used when building the client certi
- A file containing trusted certificates to use during server authentication
- and to use when attempting to build the client certificate chain.
-
--=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all,
-policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
-+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all,
-policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first
-no_alt_chains>
-
- Set various certificate chain valiadition option. See the
- L<B<verify>|verify(1)> manual page for details.
-diff -up openssl-1.0.2m/doc/apps/smime.pod.trusted-first
openssl-1.0.2m/doc/apps/smime.pod
---- openssl-1.0.2m/doc/apps/smime.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/smime.pod 2017-11-13 09:08:18.615672310 +0100
-@@ -16,6 +16,9 @@ B<openssl> B<smime>
- [B<-pk7out>]
- [B<-[cipher]>]
- [B<-in file>]
-+[B<-CAfile file>]
-+[B<-CApath dir>]
-+[B<-trusted_first>]
- [B<-no_alt_chains>]
- [B<-certfile file>]
- [B<-signer file>]
-@@ -151,6 +154,12 @@ B<-verify>. This directory must be a sta
- is a hash of each subject name (using B<x509 -hash>) should be linked
- to each certificate.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory over certificates provided
-+in the message when building the trust chain to verify a certificate.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-md digest>
-
- digest algorithm to use when signing or resigning. If not present then the
-diff -up openssl-1.0.2m/doc/apps/s_server.pod.trusted-first
openssl-1.0.2m/doc/apps/s_server.pod
---- openssl-1.0.2m/doc/apps/s_server.pod.trusted-first 2017-11-13 09:08:18.583671590
+0100
-+++ openssl-1.0.2m/doc/apps/s_server.pod 2017-11-13 09:09:04.706710088 +0100
-@@ -34,6 +34,7 @@ B<openssl> B<s_server>
- [B<-state>]
- [B<-CApath directory>]
- [B<-CAfile filename>]
-+[B<-trusted_first>]
- [B<-no_alt_chains>]
- [B<-nocert>]
- [B<-client_sigalgs sigalglist>]
-@@ -183,6 +184,12 @@ and to use when attempting to build the
- is also used in the list of acceptable client CAs passed to the client when
- a certificate is requested.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before other certificates
-+when building the trust chain to verify client certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-no_alt_chains>
-
- See the L<B<verify>|verify(1)> manual page for details.
-diff -up openssl-1.0.2m/doc/apps/s_time.pod.trusted-first
openssl-1.0.2m/doc/apps/s_time.pod
---- openssl-1.0.2m/doc/apps/s_time.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/s_time.pod 2017-11-13 09:08:18.616672333 +0100
-@@ -15,6 +15,7 @@ B<openssl> B<s_time>
- [B<-key filename>]
- [B<-CApath directory>]
- [B<-CAfile filename>]
-+[B<-trusted_first>]
- [B<-reuse>]
- [B<-new>]
- [B<-verify depth>]
-@@ -77,6 +78,12 @@ also used when building the client certi
- A file containing trusted certificates to use during server authentication
- and to use when attempting to build the client certificate chain.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory over the certificates provided
-+by the server when building the trust chain to verify server certificate.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-new>
-
- performs the timing test using a new session ID for each connection.
-diff -up openssl-1.0.2m/doc/apps/ts.pod.trusted-first openssl-1.0.2m/doc/apps/ts.pod
---- openssl-1.0.2m/doc/apps/ts.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/ts.pod 2017-11-13 09:08:18.616672333 +0100
-@@ -47,6 +47,7 @@ B<-verify>
- [B<-token_in>]
- [B<-CApath> trusted_cert_path]
- [B<-CAfile> trusted_certs.pem]
-+[B<-trusted_first>]
- [B<-untrusted> cert_file.pem]
-
- =head1 DESCRIPTION
-@@ -325,6 +326,12 @@ L<verify(1)|verify(1)> for additional de
- or B<-CApath> must be specified.
- (Optional)
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before other certificates
-+when building the trust chain to verify certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-untrusted> cert_file.pem
-
- Set of additional untrusted certificates in PEM format which may be
-diff -up openssl-1.0.2m/doc/apps/verify.pod.trusted-first
openssl-1.0.2m/doc/apps/verify.pod
---- openssl-1.0.2m/doc/apps/verify.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
-+++ openssl-1.0.2m/doc/apps/verify.pod 2017-11-13 09:08:18.616672333 +0100
-@@ -10,6 +10,7 @@ verify - Utility to verify certificates.
- B<openssl> B<verify>
- [B<-CApath directory>]
- [B<-CAfile file>]
-+[B<-trusted_first>]
- [B<-purpose purpose>]
- [B<-policy arg>]
- [B<-ignore_critical>]
-@@ -87,6 +88,12 @@ If a valid CRL cannot be found an error
- A file of untrusted certificates. The file should contain multiple certificates
- in PEM format concatenated together.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before the certificates in the untrusted
-+file when building the trust chain to verify certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-purpose purpose>
-
- The intended use for the certificate. If this option is not specified,
diff --git a/openssl-1.0.2o-cc-reqs.patch b/openssl-1.0.2o-cc-reqs.patch
deleted file mode 100644
index e67237f..0000000
--- a/openssl-1.0.2o-cc-reqs.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -up openssl-1.0.2o/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.2o/crypto/rsa/rsa_gen.c
---- openssl-1.0.2o/crypto/rsa/rsa_gen.c.cc-reqs 2018-04-05 17:48:48.180527469 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_gen.c 2018-04-05 17:57:41.740893045 +0200
-@@ -506,6 +506,12 @@ static int rsa_builtin_keygen(RSA *rsa,
- if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
- goto err;
-
-+ /* prepare minimum p and q difference */
-+ if (!BN_one(r3))
-+ goto err;
-+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
-+ goto err;
-+
- if (BN_copy(rsa->e, e_value) == NULL)
- goto err;
-
-@@ -538,7 +544,9 @@ static int rsa_builtin_keygen(RSA *rsa,
- do {
- if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
- goto err;
-- } while (BN_cmp(rsa->p, rsa->q) == 0);
-+ if (!BN_sub(r2, rsa->q, rsa->p))
-+ goto err;
-+ } while (BN_ucmp(r2, r3) <= 0);
- if (!BN_sub(r2, rsa->q, BN_value_one()))
- goto err;
- ERR_set_mark();
diff --git a/openssl-1.0.2o-conf-10.patch b/openssl-1.0.2o-conf-10.patch
deleted file mode 100644
index 0cb8eaf..0000000
--- a/openssl-1.0.2o-conf-10.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-diff -up openssl-1.0.2o/e_os.h.conf-10 openssl-1.0.2o/e_os.h
---- openssl-1.0.2o/e_os.h.conf-10 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/e_os.h 2018-08-03 10:56:59.138382466 +0200
-@@ -370,7 +370,7 @@ extern FILE *_imp___iob;
- # ifndef R_OK
- # define R_OK 4
- # endif
--# define OPENSSL_CONF "openssl.cnf"
-+# define OPENSSL_CONF "openssl10.cnf"
- # define SSLEAY_CONF OPENSSL_CONF
- # define NUL_DEV "nul"
- # define RFILE ".rnd"
-@@ -403,7 +403,7 @@ extern FILE *_imp___iob;
- # else
- # include <unixlib.h>
- # endif
--# define OPENSSL_CONF "openssl.cnf"
-+# define OPENSSL_CONF "openssl10.cnf"
- # define SSLEAY_CONF OPENSSL_CONF
- # define RFILE ".rnd"
- # define LIST_SEPARATOR_CHAR ','
-@@ -453,7 +453,7 @@ extern int kbhit(void);
- # define _kbhit kbhit
- # define _O_TEXT O_TEXT
- # define _O_BINARY O_BINARY
--# define OPENSSL_CONF "openssl.cnf"
-+# define OPENSSL_CONF "openssl10.cnf"
- # define SSLEAY_CONF OPENSSL_CONF
- # define RFILE ".rnd"
- # define LIST_SEPARATOR_CHAR ';'
-@@ -487,7 +487,7 @@ typedef unsigned long clock_t;
- # include <fcntl.h>
- # endif
-
--# define OPENSSL_CONF "openssl.cnf"
-+# define OPENSSL_CONF "openssl10.cnf"
- # define SSLEAY_CONF OPENSSL_CONF
- # define RFILE ".rnd"
- # define LIST_SEPARATOR_CHAR ':'
diff --git a/openssl-1.0.2o-fips.patch b/openssl-1.0.2o-fips.patch
deleted file mode 100644
index fc84060..0000000
--- a/openssl-1.0.2o-fips.patch
+++ /dev/null
@@ -1,13723 +0,0 @@
-diff -up openssl-1.0.2o/apps/speed.c.fips openssl-1.0.2o/apps/speed.c
---- openssl-1.0.2o/apps/speed.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/apps/speed.c 2018-04-05 16:17:11.932265580 +0200
-@@ -197,7 +197,6 @@
- # ifdef OPENSSL_DOING_MAKEDEPEND
- # undef AES_set_encrypt_key
- # undef AES_set_decrypt_key
--# undef DES_set_key_unchecked
- # endif
- # define BF_set_key private_BF_set_key
- # define CAST_set_key private_CAST_set_key
-@@ -205,7 +204,6 @@
- # define SEED_set_key private_SEED_set_key
- # define RC2_set_key private_RC2_set_key
- # define RC4_set_key private_RC4_set_key
--# define DES_set_key_unchecked private_DES_set_key_unchecked
- # define AES_set_encrypt_key private_AES_set_encrypt_key
- # define AES_set_decrypt_key private_AES_set_decrypt_key
- # define Camellia_set_key private_Camellia_set_key
-@@ -975,7 +973,12 @@ int MAIN(int argc, char **argv)
- # endif
- # ifndef OPENSSL_NO_RSA
- if (strcmp(*argv, "rsa") == 0) {
-- rsa_doit[R_RSA_512] = 1;
-+# ifdef OPENSSL_FIPS
-+ if (!FIPS_mode())
-+# endif
-+ {
-+ rsa_doit[R_RSA_512] = 1;
-+ }
- rsa_doit[R_RSA_1024] = 1;
- rsa_doit[R_RSA_2048] = 1;
- rsa_doit[R_RSA_4096] = 1;
-@@ -983,7 +986,12 @@ int MAIN(int argc, char **argv)
- # endif
- # ifndef OPENSSL_NO_DSA
- if (strcmp(*argv, "dsa") == 0) {
-- dsa_doit[R_DSA_512] = 1;
-+# ifdef OPENSSL_FIPS
-+ if (!FIPS_mode())
-+# endif
-+ {
-+ dsa_doit[R_DSA_512] = 1;
-+ }
- dsa_doit[R_DSA_1024] = 1;
- dsa_doit[R_DSA_2048] = 1;
- } else
-@@ -1234,13 +1242,19 @@ int MAIN(int argc, char **argv)
-
- if (j == 0) {
- for (i = 0; i < ALGOR_NUM; i++) {
-- if (i != D_EVP)
-+ if (i != D_EVP &&
-+ (!FIPS_mode() || (i != D_WHIRLPOOL &&
-+ i != D_MD2 && i != D_MD4 &&
-+ i != D_MD5 && i != D_MDC2 &&
-+ i != D_RMD160)))
- doit[i] = 1;
- }
- for (i = 0; i < RSA_NUM; i++)
-- rsa_doit[i] = 1;
-+ if (!FIPS_mode() || i != R_RSA_512)
-+ rsa_doit[i] = 1;
- for (i = 0; i < DSA_NUM; i++)
-- dsa_doit[i] = 1;
-+ if (!FIPS_mode() || i != R_DSA_512)
-+ dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
- for (i = 0; i < EC_NUM; i++)
- ecdsa_doit[i] = 1;
-@@ -1300,30 +1314,46 @@ int MAIN(int argc, char **argv)
- AES_set_encrypt_key(key32, 256, &aes_ks3);
- # endif
- # ifndef OPENSSL_NO_CAMELLIA
-- Camellia_set_key(key16, 128, &camellia_ks1);
-- Camellia_set_key(ckey24, 192, &camellia_ks2);
-- Camellia_set_key(ckey32, 256, &camellia_ks3);
-+ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) {
-+ Camellia_set_key(key16, 128, &camellia_ks1);
-+ Camellia_set_key(ckey24, 192, &camellia_ks2);
-+ Camellia_set_key(ckey32, 256, &camellia_ks3);
-+ }
- # endif
- # ifndef OPENSSL_NO_IDEA
-- idea_set_encrypt_key(key16, &idea_ks);
-+ if (doit[D_CBC_IDEA]) {
-+ idea_set_encrypt_key(key16, &idea_ks);
-+ }
- # endif
- # ifndef OPENSSL_NO_SEED
-- SEED_set_key(key16, &seed_ks);
-+ if (doit[D_CBC_SEED]) {
-+ SEED_set_key(key16, &seed_ks);
-+ }
- # endif
- # ifndef OPENSSL_NO_RC4
-- RC4_set_key(&rc4_ks, 16, key16);
-+ if (doit[D_RC4]) {
-+ RC4_set_key(&rc4_ks, 16, key16);
-+ }
- # endif
- # ifndef OPENSSL_NO_RC2
-- RC2_set_key(&rc2_ks, 16, key16, 128);
-+ if (doit[D_CBC_RC2]) {
-+ RC2_set_key(&rc2_ks, 16, key16, 128);
-+ }
- # endif
- # ifndef OPENSSL_NO_RC5
-- RC5_32_set_key(&rc5_ks, 16, key16, 12);
-+ if (doit[D_CBC_RC5]) {
-+ RC5_32_set_key(&rc5_ks, 16, key16, 12);
-+ }
- # endif
- # ifndef OPENSSL_NO_BF
-- BF_set_key(&bf_ks, 16, key16);
-+ if (doit[D_CBC_BF]) {
-+ BF_set_key(&bf_ks, 16, key16);
-+ }
- # endif
- # ifndef OPENSSL_NO_CAST
-- CAST_set_key(&cast_ks, 16, key16);
-+ if (doit[D_CBC_CAST]) {
-+ CAST_set_key(&cast_ks, 16, key16);
-+ }
- # endif
- # ifndef OPENSSL_NO_RSA
- memset(rsa_c, 0, sizeof(rsa_c));
-@@ -1606,6 +1636,7 @@ int MAIN(int argc, char **argv)
- HMAC_CTX hctx;
-
- HMAC_CTX_init(&hctx);
-+ HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...",
- 16, EVP_md5(), NULL);
-
-diff -up openssl-1.0.2o/Configure.fips openssl-1.0.2o/Configure
---- openssl-1.0.2o/Configure.fips 2018-04-05 16:17:11.909265045 +0200
-+++ openssl-1.0.2o/Configure 2018-04-05 16:17:11.933265603 +0200
-@@ -1069,11 +1069,6 @@ if (defined($disabled{"md5"}) || defined
- $disabled{"ssl2"} = "forced";
- }
-
--if ($fips && $fipslibdir eq "")
-- {
-- $fipslibdir = $fipsdir . "/lib/";
-- }
--
- # RSAX ENGINE sets default non-FIPS RSA method.
- if ($fips)
- {
-@@ -1558,7 +1553,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
- if ($fips)
- {
- $openssl_other_defines.="#define OPENSSL_FIPS\n";
-- $cflags .= " -I\$(FIPSDIR)/include";
- }
-
- $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
-@@ -1777,9 +1771,12 @@ while (<IN>)
-
- s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
- s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
-- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
- s/^BASEADDR=.*/BASEADDR=$baseaddr/;
-
-+ if ($fips)
-+ {
-+ s/^FIPS=.*/FIPS=yes/;
-+ }
- s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
- s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
- s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.2o/crypto/aes/aes_misc.c.fips openssl-1.0.2o/crypto/aes/aes_misc.c
---- openssl-1.0.2o/crypto/aes/aes_misc.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/aes/aes_misc.c 2018-04-05 16:17:11.933265603 +0200
-@@ -70,17 +70,11 @@ const char *AES_options(void)
- int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key)
- {
--#ifdef OPENSSL_FIPS
-- fips_cipher_abort(AES);
--#endif
- return private_AES_set_encrypt_key(userKey, bits, key);
- }
-
- int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key)
- {
--#ifdef OPENSSL_FIPS
-- fips_cipher_abort(AES);
--#endif
- return private_AES_set_decrypt_key(userKey, bits, key);
- }
-diff -up openssl-1.0.2o/crypto/cmac/cmac.c.fips openssl-1.0.2o/crypto/cmac/cmac.c
---- openssl-1.0.2o/crypto/cmac/cmac.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/cmac/cmac.c 2018-04-05 16:17:11.933265603 +0200
-@@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void)
-
- void CMAC_CTX_cleanup(CMAC_CTX *ctx)
- {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !ctx->cctx.engine) {
-- FIPS_cmac_ctx_cleanup(ctx);
-- return;
-- }
--#endif
- EVP_CIPHER_CTX_cleanup(&ctx->cctx);
- OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
- OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
-@@ -160,20 +154,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void
- EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
- return 0;
- }
--
-- /* Switch to FIPS cipher implementation if possible */
-- if (cipher != NULL) {
-- const EVP_CIPHER *fcipher;
-- fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
-- if (fcipher != NULL)
-- cipher = fcipher;
-- }
-- /*
-- * Other algorithm blocking will be done in FIPS_cmac_init, via
-- * FIPS_cipherinit().
-- */
-- if (!impl && !ctx->cctx.engine)
-- return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
- }
- #endif
- /* All zeros means restart */
-@@ -219,10 +199,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
- {
- const unsigned char *data = in;
- size_t bl;
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !ctx->cctx.engine)
-- return FIPS_cmac_update(ctx, in, dlen);
--#endif
- if (ctx->nlast_block == -1)
- return 0;
- if (dlen == 0)
-@@ -262,10 +238,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
- int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
- {
- int i, bl, lb;
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !ctx->cctx.engine)
-- return FIPS_cmac_final(ctx, out, poutlen);
--#endif
- if (ctx->nlast_block == -1)
- return 0;
- bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-diff -up openssl-1.0.2o/crypto/cryptlib.c.fips openssl-1.0.2o/crypto/cryptlib.c
---- openssl-1.0.2o/crypto/cryptlib.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/cryptlib.c 2018-04-05 16:17:11.933265603 +0200
-@@ -469,18 +469,11 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_
- }
- }
-
--#ifdef OPENSSL_FIPS
--extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *));
--#endif
--
- int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
- {
- if (threadid_callback)
- return 0;
- threadid_callback = func;
--#ifdef OPENSSL_FIPS
-- FIPS_crypto_threadid_set_callback(func);
--#endif
- return 1;
- }
-
-diff -up openssl-1.0.2o/crypto/crypto.h.fips openssl-1.0.2o/crypto/crypto.h
---- openssl-1.0.2o/crypto/crypto.h.fips 2018-04-05 16:17:11.722260696 +0200
-+++ openssl-1.0.2o/crypto/crypto.h 2018-04-05 16:17:11.933265603 +0200
-@@ -600,24 +600,29 @@ int FIPS_mode_set(int r);
- void OPENSSL_init(void);
-
- # define fips_md_init(alg) fips_md_init_ctx(alg, alg)
-+# define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg)
-+# define fips_md_init_ctx(alg, cx) \
-+ int alg##_Init(cx##_CTX *c)
-
- # ifdef OPENSSL_FIPS
--# define fips_md_init_ctx(alg, cx) \
-+# define nonfips_md_init_ctx(alg, cx) \
- int alg##_Init(cx##_CTX *c) \
- { \
- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-- "Low level API call to digest " #alg " forbidden in FIPS
mode!"); \
-+ "Digest " #alg " forbidden in FIPS mode!"); \
- return private_##alg##_Init(c); \
- } \
- int private_##alg##_Init(cx##_CTX *c)
-
- # define fips_cipher_abort(alg) \
- if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-- "Low level API call to cipher " #alg " forbidden in FIPS
mode!")
-+ "Cipher " #alg " forbidden in FIPS mode!")
-+
-+/* die if FIPS selftest failed */
-+void FIPS_selftest_check(void);
-
- # else
--# define fips_md_init_ctx(alg, cx) \
-- int alg##_Init(cx##_CTX *c)
-+# define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx)
- # define fips_cipher_abort(alg) while(0)
- # endif
-
-@@ -637,6 +642,9 @@ int CRYPTO_memcmp(const volatile void *a
- */
- void ERR_load_CRYPTO_strings(void);
-
-+# define OPENSSL_HAVE_INIT 1
-+void OPENSSL_init_library(void);
-+
- /* Error codes for the CRYPTO functions. */
-
- /* Function codes. */
-diff -up openssl-1.0.2o/crypto/des/des.h.fips openssl-1.0.2o/crypto/des/des.h
---- openssl-1.0.2o/crypto/des/des.h.fips 2018-04-05 16:17:11.775261929 +0200
-+++ openssl-1.0.2o/crypto/des/des.h 2018-04-05 16:17:11.933265603 +0200
-@@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D
- int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
- int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
- void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
--# ifdef OPENSSL_FIPS
--void private_DES_set_key_unchecked(const_DES_cblock *key,
-- DES_key_schedule *schedule);
--# endif
- void DES_string_to_key(const char *str, DES_cblock *key);
- void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
- void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-diff -up openssl-1.0.2o/crypto/des/set_key.c.fips openssl-1.0.2o/crypto/des/set_key.c
---- openssl-1.0.2o/crypto/des/set_key.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/des/set_key.c 2018-04-05 16:17:11.933265603 +0200
-@@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock
- }
-
- void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
--#ifdef OPENSSL_FIPS
--{
-- fips_cipher_abort(DES);
-- private_DES_set_key_unchecked(key, schedule);
--}
--
--void private_DES_set_key_unchecked(const_DES_cblock *key,
-- DES_key_schedule *schedule)
--#endif
- {
- static const int shifts2[16] =
- { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
-diff -up openssl-1.0.2o/crypto/dh/dh_gen.c.fips openssl-1.0.2o/crypto/dh/dh_gen.c
---- openssl-1.0.2o/crypto/dh/dh_gen.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dh/dh_gen.c 2018-04-05 16:17:11.934265627 +0200
-@@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i
- #endif
- if (ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb);
--#endif
- return dh_builtin_genparams(ret, prime_len, generator, cb);
- }
-
-@@ -126,6 +122,18 @@ static int dh_builtin_genparams(DH *ret,
- int g, ok = -1;
- BN_CTX *ctx = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
-+ goto err;
-+ }
-+#endif
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
-diff -up openssl-1.0.2o/crypto/dh/dh.h.fips openssl-1.0.2o/crypto/dh/dh.h
---- openssl-1.0.2o/crypto/dh/dh.h.fips 2018-04-05 16:17:11.677259649 +0200
-+++ openssl-1.0.2o/crypto/dh/dh.h 2018-04-05 16:17:11.934265627 +0200
-@@ -77,6 +77,8 @@
- # define OPENSSL_DH_MAX_MODULUS_BITS 10000
- # endif
-
-+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-+
- # define DH_FLAG_CACHE_MONT_P 0x01
-
- /*
-diff -up openssl-1.0.2o/crypto/dh/dh_key.c.fips openssl-1.0.2o/crypto/dh/dh_key.c
---- openssl-1.0.2o/crypto/dh/dh_key.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dh/dh_key.c 2018-04-05 16:17:11.934265627 +0200
-@@ -61,6 +61,9 @@
- #include <openssl/bn.h>
- #include <openssl/rand.h>
- #include <openssl/dh.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- static int generate_key(DH *dh);
- static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-@@ -97,7 +100,7 @@ int DH_compute_key(unsigned char *key, c
- int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- int rv, pad;
-- rv = dh->meth->compute_key(key, pub_key, dh);
-+ rv = DH_compute_key(key, pub_key, dh);
- if (rv <= 0)
- return rv;
- pad = BN_num_bytes(dh->p) - rv;
-@@ -115,7 +118,7 @@ static DH_METHOD dh_ossl = {
- dh_bn_mod_exp,
- dh_init,
- dh_finish,
-- 0,
-+ DH_FLAG_FIPS_METHOD,
- NULL,
- NULL
- };
-@@ -134,6 +137,14 @@ static int generate_key(DH *dh)
- BN_MONT_CTX *mont = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()
-+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
-+ return 0;
-+ }
-+#endif
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
-@@ -217,6 +228,13 @@ static int compute_key(unsigned char *ke
- DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()
-+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-+ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
-+ goto err;
-+ }
-+#endif
-
- ctx = BN_CTX_new();
- if (ctx == NULL)
-@@ -279,6 +297,9 @@ static int dh_bn_mod_exp(const DH *dh, B
-
- static int dh_init(DH *dh)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- dh->flags |= DH_FLAG_CACHE_MONT_P;
- return (1);
- }
-diff -up openssl-1.0.2o/crypto/dh/dh_lib.c.fips openssl-1.0.2o/crypto/dh/dh_lib.c
---- openssl-1.0.2o/crypto/dh/dh_lib.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dh/dh_lib.c 2018-04-05 16:17:11.934265627 +0200
-@@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH
- const DH_METHOD *DH_get_default_method(void)
- {
- if (!default_DH_method) {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_dh_openssl();
-- else
-- return DH_OpenSSL();
--#else
- default_DH_method = DH_OpenSSL();
--#endif
- }
- return default_DH_method;
- }
-diff -up openssl-1.0.2o/crypto/dsa/dsa_err.c.fips openssl-1.0.2o/crypto/dsa/dsa_err.c
---- openssl-1.0.2o/crypto/dsa/dsa_err.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_err.c 2018-04-05 16:17:11.934265627 +0200
-@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]
- {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
- {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
- {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-+ {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"},
-+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
- {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
- {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
- {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-@@ -109,6 +111,8 @@ static ERR_STRING_DATA DSA_str_reasons[]
- {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
- {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
- {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
-+ {ERR_REASON(DSA_R_KEY_SIZE_INVALID), "key size invalid"},
-+ {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
- {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
- {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
- {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
-diff -up openssl-1.0.2o/crypto/dsa/dsa_gen.c.fips openssl-1.0.2o/crypto/dsa/dsa_gen.c
---- openssl-1.0.2o/crypto/dsa/dsa_gen.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_gen.c 2018-04-05 16:17:11.934265627 +0200
-@@ -91,6 +91,16 @@
- # include <openssl/fips.h>
- # endif
-
-+# ifndef OPENSSL_FIPS
-+static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
-+ const EVP_MD *evpmd, unsigned char *seed,
-+ int seed_len, BIGNUM **p_ret, BIGNUM **q_ret,
-+ int *counter_ret, BN_GENCB *cb);
-+static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
-+ BIGNUM **g_ret, unsigned long *h_ret,
-+ BN_GENCB *cb);
-+# endif
-+
- int DSA_generate_parameters_ex(DSA *ret, int bits,
- const unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret,
-@@ -106,83 +116,146 @@ int DSA_generate_parameters_ex(DSA *ret,
- if (ret->meth->dsa_paramgen)
- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, cb);
--# ifdef OPENSSL_FIPS
-- else if (FIPS_mode()) {
-- return FIPS_dsa_generate_parameters_ex(ret, bits,
-- seed_in, seed_len,
-- counter_ret, h_ret, cb);
-- }
--# endif
- else {
- const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
- size_t qbits = EVP_MD_size(evpmd) * 8;
-
- return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-- seed_in, seed_len, NULL, counter_ret,
-+ seed_in, seed_len, counter_ret,
- h_ret, cb);
- }
- }
-
-+# ifdef OPENSSL_FIPS
-+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-+ const EVP_MD *evpmd,
-+ const unsigned char *seed_in, size_t seed_len,
-+ int *counter_ret, unsigned long *h_ret,
-+ BN_GENCB *cb)
-+{
-+ return dsa_builtin_paramgen(ret, bits, qbits,
-+ evpmd, seed_in, seed_len,
-+ counter_ret, h_ret, cb);
-+}
-+# endif
-+
- int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
- const EVP_MD *evpmd, const unsigned char *seed_in,
-- size_t seed_len, unsigned char *seed_out,
-+ size_t seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
- {
- int ok = 0;
- unsigned char seed[SHA256_DIGEST_LENGTH];
-+ BIGNUM *g = NULL, *q = NULL, *p = NULL;
-+ size_t qsize = qbits >> 3;
-+ BN_CTX *ctx = NULL;
-+
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ goto err;
-+ }
-+
-+ if (FIPS_module_mode() &&
-+ (bits != 1024 || qbits != 160) &&
-+ (bits != 2048 || qbits != 224) &&
-+ (bits != 2048 || qbits != 256) && (bits != 3072 || qbits != 256)) {
-+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
-+ goto err;
-+ }
-+# endif
-+ if (seed_len && (seed_len < (size_t)qsize))
-+ seed_in = NULL; /* seed buffer too small -- ignore */
-+ if (seed_len > sizeof(seed))
-+ seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-+ * but our internal buffers are restricted to 256
bits*/
-+ if (seed_in != NULL)
-+ memcpy(seed, seed_in, seed_len);
-+ else
-+ seed_len = 0;
-+
-+ if ((ctx = BN_CTX_new()) == NULL)
-+ goto err;
-+
-+ BN_CTX_start(ctx);
-+
-+ if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd,
-+ seed, seed_len, &p, &q, counter_ret, cb))
-+ goto err;
-+
-+ if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb))
-+ goto err;
-+
-+ ok = 1;
-+ err:
-+ if (ok) {
-+ if (ret->p) {
-+ BN_free(ret->p);
-+ ret->p = NULL;
-+ }
-+ if (ret->q) {
-+ BN_free(ret->q);
-+ ret->q = NULL;
-+ }
-+ if (ret->g) {
-+ BN_free(ret->g);
-+ ret->g = NULL;
-+ }
-+ ret->p = BN_dup(p);
-+ ret->q = BN_dup(q);
-+ ret->g = BN_dup(g);
-+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
-+ ok = 0;
-+ }
-+ if (ctx) {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ }
-+ return ok;
-+}
-+
-+# ifndef OPENSSL_FIPS
-+static
-+# endif
-+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
-+ const EVP_MD *evpmd, unsigned char *seed,
-+ int seed_len, BIGNUM **p_ret, BIGNUM **q_ret,
-+ int *counter_ret, BN_GENCB *cb)
-+{
-+ int ok = 0;
- unsigned char md[SHA256_DIGEST_LENGTH];
-- unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
-+ unsigned char buf[SHA256_DIGEST_LENGTH];
- BIGNUM *r0, *W, *X, *c, *test;
-- BIGNUM *g = NULL, *q = NULL, *p = NULL;
-- BN_MONT_CTX *mont = NULL;
-- int i, k, n = 0, m = 0, qsize = qbits >> 3;
-+ BIGNUM *q = NULL, *p = NULL;
-+ int i, k, b, n = 0, m = 0, qsize = qbits >> 3;
- int counter = 0;
- int r = 0;
-- BN_CTX *ctx = NULL;
-- unsigned int h = 2;
-
- if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
- qsize != SHA256_DIGEST_LENGTH)
- /* invalid q size */
- return 0;
-
-- if (evpmd == NULL)
-- /* use SHA1 as default */
-+ if (evpmd == NULL) {
-+ if (qbits <= 160)
- evpmd = EVP_sha1();
-+ else if (qbits <= 224)
-+ evpmd = EVP_sha224();
-+ else
-+ evpmd = EVP_sha256();
-+ }
-
- if (bits < 512)
- bits = 512;
-
- bits = (bits + 63) / 64 * 64;
-
-- /*
-- * NB: seed_len == 0 is special case: copy generated seed to seed_in if
-- * it is not NULL.
-- */
-- if (seed_len && (seed_len < (size_t)qsize))
-- seed_in = NULL; /* seed buffer too small -- ignore */
-- if (seed_len > (size_t)qsize)
-- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger
-- * SEED, but our internal buffers are
-- * restricted to 160 bits */
-- if (seed_in != NULL)
-- memcpy(seed, seed_in, seed_len);
--
-- if ((mont = BN_MONT_CTX_new()) == NULL)
-- goto err;
--
-- if ((ctx = BN_CTX_new()) == NULL)
-- goto err;
--
-- BN_CTX_start(ctx);
--
- r0 = BN_CTX_get(ctx);
-- g = BN_CTX_get(ctx);
- W = BN_CTX_get(ctx);
-- q = BN_CTX_get(ctx);
-+ *q_ret = q = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- c = BN_CTX_get(ctx);
-- p = BN_CTX_get(ctx);
-+ *p_ret = p = BN_CTX_get(ctx);
- test = BN_CTX_get(ctx);
-
- if (test == NULL)
-@@ -191,15 +264,20 @@ int dsa_builtin_paramgen(DSA *ret, size_
- if (!BN_lshift(test, BN_value_one(), bits - 1))
- goto err;
-
-+ /* step 3 n = \lceil bits / qbits \rceil - 1 */
-+ n = (bits + qbits - 1) / qbits - 1;
-+ /* step 4 b = bits - 1 - n * qbits */
-+ b = bits - 1 - n * qbits;
-+
- for (;;) {
- for (;;) { /* find q */
- int seed_is_random;
-
-- /* step 1 */
-+ /* step 5 generate seed */
- if (!BN_GENCB_call(cb, 0, m++))
- goto err;
-
-- if (!seed_len || !seed_in) {
-+ if (!seed_len) {
- if (RAND_bytes(seed, qsize) <= 0)
- goto err;
- seed_is_random = 1;
-@@ -209,29 +287,18 @@ int dsa_builtin_paramgen(DSA *ret, size_
- * be bad */
- }
- memcpy(buf, seed, qsize);
-- memcpy(buf2, seed, qsize);
-- /* precompute "SEED + 1" for step 7: */
-- for (i = qsize - 1; i >= 0; i--) {
-- buf[i]++;
-- if (buf[i] != 0)
-- break;
-- }
-
-- /* step 2 */
-+ /* step 6 U = hash(seed) */
- if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
- goto err;
-- if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
-- goto err;
-- for (i = 0; i < qsize; i++)
-- md[i] ^= buf2[i];
-
-- /* step 3 */
-+ /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */
- md[0] |= 0x80;
- md[qsize - 1] |= 0x01;
- if (!BN_bin2bn(md, qsize, q))
- goto err;
-
-- /* step 4 */
-+ /* step 8 test for prime (64 round of Rabin-Miller) */
- r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- seed_is_random, cb);
- if (r > 0)
-@@ -239,8 +306,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
- if (r != 0)
- goto err;
-
-- /* do a callback call */
-- /* step 5 */
- }
-
- if (!BN_GENCB_call(cb, 2, 0))
-@@ -248,19 +313,16 @@ int dsa_builtin_paramgen(DSA *ret, size_
- if (!BN_GENCB_call(cb, 3, 0))
- goto err;
-
-- /* step 6 */
-+ /* step 11 */
- counter = 0;
-- /* "offset = 2" */
--
-- n = (bits - 1) / 160;
-+ /* "offset = 1" */
-
- for (;;) {
- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
- goto err;
-
-- /* step 7 */
-+ /* step 11.1, 11.2 obtain W */
- BN_zero(W);
-- /* now 'buf' contains "SEED + offset - 1" */
- for (k = 0; k <= n; k++) {
- /*
- * obtain "SEED + offset + k" by incrementing:
-@@ -274,36 +336,37 @@ int dsa_builtin_paramgen(DSA *ret, size_
- if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
- goto err;
-
-- /* step 8 */
- if (!BN_bin2bn(md, qsize, r0))
- goto err;
-- if (!BN_lshift(r0, r0, (qsize << 3) * k))
-+ if (k == n)
-+ BN_mask_bits(r0, b);
-+ if (!BN_lshift(r0, r0, qbits * k))
- goto err;
- if (!BN_add(W, W, r0))
- goto err;
- }
-
-- /* more of step 8 */
-- if (!BN_mask_bits(W, bits - 1))
-- goto err;
-+ /* step 11.3 X = W + 2^(L-1) */
- if (!BN_copy(X, W))
- goto err;
- if (!BN_add(X, X, test))
- goto err;
-
-- /* step 9 */
-+ /* step 11.4 c = X mod 2*q */
- if (!BN_lshift1(r0, q))
- goto err;
- if (!BN_mod(c, X, r0, ctx))
- goto err;
-+
-+ /* step 11.5 p = X - (c - 1) */
- if (!BN_sub(r0, c, BN_value_one()))
- goto err;
- if (!BN_sub(p, X, r0))
- goto err;
-
-- /* step 10 */
-+ /* step 11.6 */
- if (BN_cmp(p, test) >= 0) {
-- /* step 11 */
-+ /* step 11.7 */
- r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
- if (r > 0)
- goto end; /* found it */
-@@ -311,12 +374,12 @@ int dsa_builtin_paramgen(DSA *ret, size_
- goto err;
- }
-
-- /* step 13 */
-+ /* step 11.9 */
- counter++;
- /* "offset = offset + n + 1" */
-
-- /* step 14 */
-- if (counter >= 4096)
-+ /* step 12 */
-+ if (counter >= 4 * bits)
- break;
- }
- }
-@@ -324,7 +387,33 @@ int dsa_builtin_paramgen(DSA *ret, size_
- if (!BN_GENCB_call(cb, 2, 1))
- goto err;
-
-- /* We now need to generate g */
-+ ok = 1;
-+ err:
-+ if (ok) {
-+ if (counter_ret != NULL)
-+ *counter_ret = counter;
-+ }
-+ return ok;
-+}
-+
-+# ifndef OPENSSL_FIPS
-+static
-+# endif
-+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
-+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb)
-+{
-+ int ok = 0;
-+ BIGNUM *r0, *test, *g = NULL;
-+ BN_MONT_CTX *mont;
-+ unsigned int h = 2;
-+
-+ if ((mont = BN_MONT_CTX_new()) == NULL)
-+ goto err;
-+
-+ r0 = BN_CTX_get(ctx);
-+ *g_ret = g = BN_CTX_get(ctx);
-+ test = BN_CTX_get(ctx);
-+
- /* Set r0=(p-1)/q */
- if (!BN_sub(test, p, BN_value_one()))
- goto err;
-@@ -353,46 +442,14 @@ int dsa_builtin_paramgen(DSA *ret, size_
- ok = 1;
- err:
- if (ok) {
-- if (ret->p)
-- BN_free(ret->p);
-- if (ret->q)
-- BN_free(ret->q);
-- if (ret->g)
-- BN_free(ret->g);
-- ret->p = BN_dup(p);
-- ret->q = BN_dup(q);
-- ret->g = BN_dup(g);
-- if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
-- ok = 0;
-- goto err;
-- }
-- if (counter_ret != NULL)
-- *counter_ret = counter;
- if (h_ret != NULL)
- *h_ret = h;
-- if (seed_out)
-- memcpy(seed_out, seed, qsize);
-- }
-- if (ctx) {
-- BN_CTX_end(ctx);
-- BN_CTX_free(ctx);
- }
- if (mont != NULL)
- BN_MONT_CTX_free(mont);
- return ok;
- }
-
--# ifdef OPENSSL_FIPS
--# undef fips_dsa_builtin_paramgen2
--extern int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-- const EVP_MD *evpmd,
-- const unsigned char *seed_in,
-- size_t seed_len, int idx,
-- unsigned char *seed_out,
-- int *counter_ret, unsigned long *h_ret,
-- BN_GENCB *cb);
--# endif
--
- /*
- * This is a parameter generation algorithm for the DSA2 algorithm as
- * described in FIPS 186-3.
-@@ -418,14 +475,6 @@ int dsa_builtin_paramgen2(DSA *ret, size
- EVP_MD_CTX mctx;
- unsigned int h = 2;
-
--# ifdef OPENSSL_FIPS
--
-- if (FIPS_mode())
-- return fips_dsa_builtin_paramgen2(ret, L, N, evpmd,
-- seed_in, seed_len, idx,
-- seed_out, counter_ret, h_ret, cb);
--# endif
--
- EVP_MD_CTX_init(&mctx);
-
- if (evpmd == NULL) {
-diff -up openssl-1.0.2o/crypto/dsa/dsa.h.fips openssl-1.0.2o/crypto/dsa/dsa.h
---- openssl-1.0.2o/crypto/dsa/dsa.h.fips 2018-04-05 16:17:11.519255974 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa.h 2018-04-05 16:17:11.934265627 +0200
-@@ -88,6 +88,8 @@
- # define OPENSSL_DSA_MAX_MODULUS_BITS 10000
- # endif
-
-+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-+
- # define DSA_FLAG_CACHE_MONT_P 0x01
- /*
- * new with 0.9.7h; the built-in DSA implementation now uses constant time
-@@ -265,6 +267,20 @@ int DSA_print_fp(FILE *bp, const DSA *x,
- DH *DSA_dup_DH(const DSA *r);
- # endif
-
-+# ifdef OPENSSL_FIPS
-+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-+ const EVP_MD *evpmd,
-+ const unsigned char *seed_in,
-+ size_t seed_len, int *counter_ret,
-+ unsigned long *h_ret, BN_GENCB *cb);
-+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
-+ const EVP_MD *evpmd, unsigned char *seed,
-+ int seed_len, BIGNUM **p_ret, BIGNUM **q_ret,
-+ int *counter_ret, BN_GENCB *cb);
-+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, BIGNUM **g_ret,
-+ unsigned long *h_ret, BN_GENCB *cb);
-+# endif
-+
- # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-@@ -287,11 +303,14 @@ void ERR_load_DSA_strings(void);
- # define DSA_F_DO_DSA_PRINT 104
- # define DSA_F_DSAPARAMS_PRINT 100
- # define DSA_F_DSAPARAMS_PRINT_FP 101
--# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
-+# define DSA_F_DSA_BUILTIN_KEYGEN 124
-+# define DSA_F_DSA_BUILTIN_PARAMGEN 123
-+# define DSA_F_DSA_BUILTIN_PARAMGEN2 226
- # define DSA_F_DSA_DO_SIGN 112
- # define DSA_F_DSA_DO_VERIFY 113
--# define DSA_F_DSA_GENERATE_KEY 124
--# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123
-+# define DSA_F_DSA_GENERATE_KEY 126
-+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 127
-+# define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125
- # define DSA_F_DSA_NEW_METHOD 103
- # define DSA_F_DSA_PARAM_DECODE 119
- # define DSA_F_DSA_PRINT_FP 105
-@@ -317,12 +336,16 @@ void ERR_load_DSA_strings(void);
- # define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
- # define DSA_R_DECODE_ERROR 104
- # define DSA_R_INVALID_DIGEST_TYPE 106
--# define DSA_R_INVALID_PARAMETERS 112
-+# define DSA_R_INVALID_PARAMETERS 212
-+# define DSA_R_KEY_SIZE_INVALID 113
-+# define DSA_R_KEY_SIZE_TOO_SMALL 110
- # define DSA_R_MISSING_PARAMETERS 101
- # define DSA_R_MODULUS_TOO_LARGE 103
--# define DSA_R_NEED_NEW_SETUP_VALUES 110
-+# define DSA_R_NEED_NEW_SETUP_VALUES 112
- # define DSA_R_NON_FIPS_DSA_METHOD 111
-+# define DSA_R_NON_FIPS_METHOD 111
- # define DSA_R_NO_PARAMETERS_SET 107
-+# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112
- # define DSA_R_PARAMETER_ENCODING_ERROR 105
- # define DSA_R_Q_NOT_PRIME 113
-
-diff -up openssl-1.0.2o/crypto/dsa/dsa_key.c.fips openssl-1.0.2o/crypto/dsa/dsa_key.c
---- openssl-1.0.2o/crypto/dsa/dsa_key.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_key.c 2018-04-05 16:17:11.935265650 +0200
-@@ -66,6 +66,34 @@
-
- # ifdef OPENSSL_FIPS
- # include <openssl/fips.h>
-+# include <openssl/evp.h>
-+
-+static int fips_check_dsa(DSA *dsa)
-+{
-+ EVP_PKEY *pk;
-+ unsigned char tbs[] = "DSA Pairwise Check Data";
-+ int ret = 0;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_DSA(pk, dsa);
-+
-+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
-+ ret = 1;
-+
-+ err:
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED);
-+ fips_set_selftest_fail();
-+ }
-+
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+
-+ return ret;
-+}
-+
- # endif
-
- static int dsa_builtin_keygen(DSA *dsa);
-@@ -81,10 +109,6 @@ int DSA_generate_key(DSA *dsa)
- # endif
- if (dsa->meth->dsa_keygen)
- return dsa->meth->dsa_keygen(dsa);
--# ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_dsa_generate_key(dsa);
--# endif
- return dsa_builtin_keygen(dsa);
- }
-
-@@ -94,6 +118,14 @@ static int dsa_builtin_keygen(DSA *dsa)
- BN_CTX *ctx = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
-+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
-+ goto err;
-+ }
-+# endif
-+
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
-
-@@ -131,6 +163,13 @@ static int dsa_builtin_keygen(DSA *dsa)
-
- dsa->priv_key = priv_key;
- dsa->pub_key = pub_key;
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !fips_check_dsa(dsa)) {
-+ dsa->pub_key = NULL;
-+ dsa->priv_key = NULL;
-+ goto err;
-+ }
-+# endif
- ok = 1;
-
- err:
-diff -up openssl-1.0.2o/crypto/dsa/dsa_lib.c.fips openssl-1.0.2o/crypto/dsa/dsa_lib.c
---- openssl-1.0.2o/crypto/dsa/dsa_lib.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_lib.c 2018-04-05 16:17:11.935265650 +0200
-@@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME
- const DSA_METHOD *DSA_get_default_method(void)
- {
- if (!default_DSA_method) {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_dsa_openssl();
-- else
-- return DSA_OpenSSL();
--#else
- default_DSA_method = DSA_OpenSSL();
--#endif
- }
- return default_DSA_method;
- }
-diff -up openssl-1.0.2o/crypto/dsa/dsa_locl.h.fips openssl-1.0.2o/crypto/dsa/dsa_locl.h
---- openssl-1.0.2o/crypto/dsa/dsa_locl.h.fips 2018-04-05 16:17:11.523256067 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_locl.h 2018-04-05 16:17:11.935265650 +0200
-@@ -56,7 +56,7 @@
-
- int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
- const EVP_MD *evpmd, const unsigned char *seed_in,
-- size_t seed_len, unsigned char *seed_out,
-+ size_t seed_len,
- int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb);
-
-diff -up openssl-1.0.2o/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2o/crypto/dsa/dsa_ossl.c
---- openssl-1.0.2o/crypto/dsa/dsa_ossl.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_ossl.c 2018-04-05 16:17:11.935265650 +0200
-@@ -65,6 +65,9 @@
- #include <openssl/dsa.h>
- #include <openssl/rand.h>
- #include <openssl/asn1.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-@@ -83,7 +86,7 @@ static DSA_METHOD openssl_dsa_meth = {
- NULL, /* dsa_bn_mod_exp, */
- dsa_init,
- dsa_finish,
-- 0,
-+ DSA_FLAG_FIPS_METHOD,
- NULL,
- NULL,
- NULL
-@@ -140,6 +143,19 @@ static DSA_SIG *dsa_do_sign(const unsign
- DSA_SIG *ret = NULL;
- int noredo = 0;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return NULL;
-+ }
-+
-+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
-+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
-+ return NULL;
-+ }
-+#endif
-+
- BN_init(&m);
- BN_init(&xr);
-
-@@ -347,6 +363,18 @@ static int dsa_do_verify(const unsigned
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
- return -1;
- }
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_DSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+
-+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
-+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+#endif
-
- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
-@@ -427,6 +455,9 @@ static int dsa_do_verify(const unsigned
-
- static int dsa_init(DSA *dsa)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- dsa->flags |= DSA_FLAG_CACHE_MONT_P;
- return (1);
- }
-diff -up openssl-1.0.2o/crypto/dsa/dsa_pmeth.c.fips
openssl-1.0.2o/crypto/dsa/dsa_pmeth.c
---- openssl-1.0.2o/crypto/dsa/dsa_pmeth.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_pmeth.c 2018-04-05 16:17:11.935265650 +0200
-@@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
- if (!dsa)
- return 0;
- ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-- NULL, 0, NULL, NULL, NULL, pcb);
-+ NULL, 0, NULL, NULL, pcb);
- if (ret)
- EVP_PKEY_assign_DSA(pkey, dsa);
- else
-diff -up openssl-1.0.2o/crypto/dsa/dsatest.c.fips openssl-1.0.2o/crypto/dsa/dsatest.c
---- openssl-1.0.2o/crypto/dsa/dsatest.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsatest.c 2018-04-05 16:17:11.935265650 +0200
-@@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int
- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
- */
- static unsigned char seed[20] = {
-- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
-- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
-+ 0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62,
-+ 0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3,
- };
-
- static unsigned char out_p[] = {
-- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
-- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
-- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
-- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
-- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
-- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
-- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
-- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
-+ 0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E,
-+ 0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99,
-+ 0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD,
-+ 0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB,
-+ 0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18,
-+ 0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B,
-+ 0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E,
-+ 0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD,
-+ 0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93,
-+ 0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D,
-+ 0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F,
- };
-
- static unsigned char out_q[] = {
-- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
-- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
-- 0xda, 0xce, 0x91, 0x5f,
-+ 0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B,
-+ 0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87,
- };
-
- static unsigned char out_g[] = {
-- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
-- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
-- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
-- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
-- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
-- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
-- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
-- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
-+ 0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C,
-+ 0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE,
-+ 0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36,
-+ 0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13,
-+ 0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C,
-+ 0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D,
-+ 0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9,
-+ 0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F,
-+ 0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E,
-+ 0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41,
-+ 0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29,
- };
-
- static const unsigned char str1[] = "12345678901234567890";
-@@ -162,7 +167,7 @@ int main(int argc, char **argv)
- BIO_printf(bio_err, "test generation of DSA parameters\n");
-
- BN_GENCB_set(&cb, dsa_cb, bio_err);
-- if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
-+ if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
- seed, 20,
- &counter,
- &h, &cb))
-@@ -176,8 +181,8 @@ int main(int argc, char **argv)
- BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
-
- DSA_print(bio_err, dsa, 0);
-- if (counter != 105) {
-- BIO_printf(bio_err, "counter should be 105\n");
-+ if (counter != 239) {
-+ BIO_printf(bio_err, "counter should be 239\n");
- goto end;
- }
- if (h != 2) {
-diff -up openssl-1.0.2o/crypto/engine/eng_all.c.fips
openssl-1.0.2o/crypto/engine/eng_all.c
---- openssl-1.0.2o/crypto/engine/eng_all.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/engine/eng_all.c 2018-04-05 16:17:11.935265650 +0200
-@@ -59,11 +59,25 @@
-
- #include "cryptlib.h"
- #include "eng_int.h"
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- void ENGINE_load_builtin_engines(void)
- {
- /* Some ENGINEs need this */
- OPENSSL_cpuid_setup();
-+#ifdef OPENSSL_FIPS
-+ OPENSSL_init_library();
-+ if (FIPS_mode()) {
-+ /* We allow loading dynamic engine as a third party
-+ engine might be FIPS validated.
-+ User is disallowed to load non-validated engines
-+ by security policy. */
-+ ENGINE_load_dynamic();
-+ return;
-+ }
-+#endif
- #if 0
- /*
- * There's no longer any need for an "openssl" ENGINE unless, one day,
it
-diff -up openssl-1.0.2o/crypto/evp/c_allc.c.fips openssl-1.0.2o/crypto/evp/c_allc.c
---- openssl-1.0.2o/crypto/evp/c_allc.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/c_allc.c 2018-04-05 16:17:11.936265673 +0200
-@@ -65,6 +65,10 @@
- void OpenSSL_add_all_ciphers(void)
- {
-
-+#ifdef OPENSSL_FIPS
-+ OPENSSL_init_library();
-+ if (!FIPS_mode()) {
-+#endif
- #ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cfb());
- EVP_add_cipher(EVP_des_cfb1());
-@@ -238,4 +242,64 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
- EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
- #endif
-+#ifdef OPENSSL_FIPS
-+ } else {
-+# ifndef OPENSSL_NO_DES
-+ EVP_add_cipher(EVP_des_ede_cfb());
-+ EVP_add_cipher(EVP_des_ede3_cfb());
-+
-+ EVP_add_cipher(EVP_des_ede_ofb());
-+ EVP_add_cipher(EVP_des_ede3_ofb());
-+
-+ EVP_add_cipher(EVP_des_ede_cbc());
-+ EVP_add_cipher(EVP_des_ede3_cbc());
-+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
-+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
-+
-+ EVP_add_cipher(EVP_des_ede());
-+ EVP_add_cipher(EVP_des_ede3());
-+# endif
-+
-+# ifndef OPENSSL_NO_AES
-+ EVP_add_cipher(EVP_aes_128_ecb());
-+ EVP_add_cipher(EVP_aes_128_cbc());
-+ EVP_add_cipher(EVP_aes_128_cfb());
-+ EVP_add_cipher(EVP_aes_128_cfb1());
-+ EVP_add_cipher(EVP_aes_128_cfb8());
-+ EVP_add_cipher(EVP_aes_128_ofb());
-+ EVP_add_cipher(EVP_aes_128_ctr());
-+ EVP_add_cipher(EVP_aes_128_gcm());
-+ EVP_add_cipher(EVP_aes_128_xts());
-+ EVP_add_cipher(EVP_aes_128_ccm());
-+ EVP_add_cipher(EVP_aes_128_wrap());
-+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
-+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
-+ EVP_add_cipher(EVP_aes_192_ecb());
-+ EVP_add_cipher(EVP_aes_192_cbc());
-+ EVP_add_cipher(EVP_aes_192_cfb());
-+ EVP_add_cipher(EVP_aes_192_cfb1());
-+ EVP_add_cipher(EVP_aes_192_cfb8());
-+ EVP_add_cipher(EVP_aes_192_ofb());
-+ EVP_add_cipher(EVP_aes_192_ctr());
-+ EVP_add_cipher(EVP_aes_192_gcm());
-+ EVP_add_cipher(EVP_aes_192_ccm());
-+ EVP_add_cipher(EVP_aes_192_wrap());
-+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
-+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
-+ EVP_add_cipher(EVP_aes_256_ecb());
-+ EVP_add_cipher(EVP_aes_256_cbc());
-+ EVP_add_cipher(EVP_aes_256_cfb());
-+ EVP_add_cipher(EVP_aes_256_cfb1());
-+ EVP_add_cipher(EVP_aes_256_cfb8());
-+ EVP_add_cipher(EVP_aes_256_ofb());
-+ EVP_add_cipher(EVP_aes_256_ctr());
-+ EVP_add_cipher(EVP_aes_256_gcm());
-+ EVP_add_cipher(EVP_aes_256_xts());
-+ EVP_add_cipher(EVP_aes_256_ccm());
-+ EVP_add_cipher(EVP_aes_256_wrap());
-+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
-+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-+# endif
-+ }
-+#endif
- }
-diff -up openssl-1.0.2o/crypto/evp/c_alld.c.fips openssl-1.0.2o/crypto/evp/c_alld.c
---- openssl-1.0.2o/crypto/evp/c_alld.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/c_alld.c 2018-04-05 16:17:11.936265673 +0200
-@@ -64,51 +64,81 @@
-
- void OpenSSL_add_all_digests(void)
- {
-+#ifdef OPENSSL_FIPS
-+ OPENSSL_init_library();
-+ if (!FIPS_mode()) {
-+#endif
- #ifndef OPENSSL_NO_MD4
-- EVP_add_digest(EVP_md4());
-+ EVP_add_digest(EVP_md4());
- #endif
- #ifndef OPENSSL_NO_MD5
-- EVP_add_digest(EVP_md5());
-- EVP_add_digest_alias(SN_md5, "ssl2-md5");
-- EVP_add_digest_alias(SN_md5, "ssl3-md5");
-+ EVP_add_digest(EVP_md5());
-+ EVP_add_digest_alias(SN_md5, "ssl2-md5");
-+ EVP_add_digest_alias(SN_md5, "ssl3-md5");
- #endif
- #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-- EVP_add_digest(EVP_sha());
-+ EVP_add_digest(EVP_sha());
- # ifndef OPENSSL_NO_DSA
-- EVP_add_digest(EVP_dss());
-+ EVP_add_digest(EVP_dss());
- # endif
- #endif
- #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-- EVP_add_digest(EVP_sha1());
-- EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-- EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-+ EVP_add_digest(EVP_sha1());
-+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
- # ifndef OPENSSL_NO_DSA
-- EVP_add_digest(EVP_dss1());
-- EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-- EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-- EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-+ EVP_add_digest(EVP_dss1());
-+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- EVP_add_digest(EVP_ecdsa());
-+ EVP_add_digest(EVP_ecdsa());
- # endif
- #endif
- #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-- EVP_add_digest(EVP_mdc2());
-+ EVP_add_digest(EVP_mdc2());
- #endif
- #ifndef OPENSSL_NO_RIPEMD
-- EVP_add_digest(EVP_ripemd160());
-- EVP_add_digest_alias(SN_ripemd160, "ripemd");
-- EVP_add_digest_alias(SN_ripemd160, "rmd160");
-+ EVP_add_digest(EVP_ripemd160());
-+ EVP_add_digest_alias(SN_ripemd160, "ripemd");
-+ EVP_add_digest_alias(SN_ripemd160, "rmd160");
- #endif
- #ifndef OPENSSL_NO_SHA256
-- EVP_add_digest(EVP_sha224());
-- EVP_add_digest(EVP_sha256());
-+ EVP_add_digest(EVP_sha224());
-+ EVP_add_digest(EVP_sha256());
- #endif
- #ifndef OPENSSL_NO_SHA512
-- EVP_add_digest(EVP_sha384());
-- EVP_add_digest(EVP_sha512());
-+ EVP_add_digest(EVP_sha384());
-+ EVP_add_digest(EVP_sha512());
- #endif
- #ifndef OPENSSL_NO_WHIRLPOOL
-- EVP_add_digest(EVP_whirlpool());
-+ EVP_add_digest(EVP_whirlpool());
-+#endif
-+#ifdef OPENSSL_FIPS
-+ } else {
-+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-+ EVP_add_digest(EVP_sha1());
-+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-+# ifndef OPENSSL_NO_DSA
-+ EVP_add_digest(EVP_dss1());
-+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-+# endif
-+# ifndef OPENSSL_NO_ECDSA
-+ EVP_add_digest(EVP_ecdsa());
-+# endif
-+# endif
-+# ifndef OPENSSL_NO_SHA256
-+ EVP_add_digest(EVP_sha224());
-+ EVP_add_digest(EVP_sha256());
-+# endif
-+# ifndef OPENSSL_NO_SHA512
-+ EVP_add_digest(EVP_sha384());
-+ EVP_add_digest(EVP_sha512());
-+# endif
-+ }
- #endif
- }
-diff -up openssl-1.0.2o/crypto/evp/digest.c.fips openssl-1.0.2o/crypto/evp/digest.c
---- openssl-1.0.2o/crypto/evp/digest.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/digest.c 2018-04-05 16:18:41.784355417 +0200
-@@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
- return EVP_DigestInit_ex(ctx, type, NULL);
- }
-
-+#ifdef OPENSSL_FIPS
-+
-+/* The purpose of these is to trap programs that attempt to use non FIPS
-+ * algorithms in FIPS mode and ignore the errors.
-+ */
-+
-+static int bad_init(EVP_MD_CTX *ctx)
-+{
-+ FIPS_ERROR_IGNORED("Digest init");
-+ return 0;
-+}
-+
-+static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-+{
-+ FIPS_ERROR_IGNORED("Digest update");
-+ return 0;
-+}
-+
-+static int bad_final(EVP_MD_CTX *ctx, unsigned char *md)
-+{
-+ FIPS_ERROR_IGNORED("Digest Final");
-+ return 0;
-+}
-+
-+static const EVP_MD bad_md = {
-+ 0,
-+ 0,
-+ 0,
-+ 0,
-+ bad_init,
-+ bad_update,
-+ bad_final,
-+ NULL,
-+ NULL,
-+ NULL,
-+ 0,
-+ {0, 0, 0, 0},
-+};
-+
-+#endif
-+
- int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
- {
- EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
- #ifdef OPENSSL_FIPS
-- /* If FIPS mode switch to approved implementation if possible */
-- if (FIPS_mode()) {
-- const EVP_MD *fipsmd;
-- if (type) {
-- fipsmd = evp_get_fips_md(type);
-- if (fipsmd)
-- type = fipsmd;
-- }
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
-+ ctx->digest = &bad_md;
-+ return 0;
- }
- #endif
- #ifndef OPENSSL_NO_ENGINE
-@@ -212,6 +249,16 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- }
- #endif
- if (ctx->digest != type) {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (!(type->flags & EVP_MD_FLAG_FIPS)
-+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
-+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-+ ctx->digest = &bad_md;
-+ return 0;
-+ }
-+ }
-+#endif
- if (ctx->digest && ctx->digest->ctx_size) {
- OPENSSL_free(ctx->md_data);
- ctx->md_data = NULL;
-@@ -238,23 +285,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
- }
- if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
- return 1;
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode()) {
-- if (FIPS_digestinit(ctx, type))
-- return 1;
-- OPENSSL_free(ctx->md_data);
-- ctx->md_data = NULL;
-- return 0;
-- }
--#endif
- return ctx->digest->init(ctx);
- }
-
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
- {
- #ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_digestupdate(ctx, data, count);
-+ FIPS_selftest_check();
- #endif
- return ctx->update(ctx, data, count);
- }
-@@ -272,11 +309,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
- {
- int ret;
-+
- #ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_digestfinal(ctx, md, size);
-+ FIPS_selftest_check();
- #endif
--
- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
- ret = ctx->digest->final(ctx, md);
- if (size != NULL)
-@@ -375,7 +411,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
- /* This call frees resources associated with the context */
- int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
- {
--#ifndef OPENSSL_FIPS
- /*
- * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
- * sometimes only copies of the context are ever finalised.
-@@ -388,7 +423,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
- OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
- OPENSSL_free(ctx->md_data);
- }
--#endif
- if (ctx->pctx)
- EVP_PKEY_CTX_free(ctx->pctx);
- #ifndef OPENSSL_NO_ENGINE
-@@ -399,9 +433,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
- */
- ENGINE_finish(ctx->engine);
- #endif
--#ifdef OPENSSL_FIPS
-- FIPS_md_ctx_cleanup(ctx);
--#endif
- memset(ctx, '\0', sizeof(*ctx));
-
- return 1;
-diff -up openssl-1.0.2o/crypto/evp/e_aes.c.fips openssl-1.0.2o/crypto/evp/e_aes.c
---- openssl-1.0.2o/crypto/evp/e_aes.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/e_aes.c 2018-04-05 16:17:11.936265673 +0200
-@@ -60,9 +60,6 @@
- # include "modes_lcl.h"
- # include <openssl/rand.h>
-
--# undef EVP_CIPH_FLAG_FIPS
--# define EVP_CIPH_FLAG_FIPS 0
--
- typedef struct {
- union {
- double align;
-@@ -1163,6 +1160,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
- case EVP_CTRL_GCM_SET_IVLEN:
- if (arg <= 0)
- return 0;
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_module_mode() && !(c->flags &
EVP_CIPH_FLAG_NON_FIPS_ALLOW)
-+ && arg < 12)
-+ return 0;
-+# endif
- /* Allocate memory for IV if needed */
- if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
- if (gctx->iv != c->iv)
-@@ -1736,6 +1738,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
- return 0;
- if (!out || !in || len < AES_BLOCK_SIZE)
- return 0;
-+# ifdef OPENSSL_FIPS
-+ /* Requirement of SP800-38E */
-+ if (FIPS_module_mode() && !(ctx->flags &
EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
-+ (len > (1UL << 20) * 16)) {
-+ EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
-+ return 0;
-+ }
-+# endif
- if (xctx->stream)
- (*xctx->stream) (in, out, len,
- xctx->xts.key1, xctx->xts.key2, ctx->iv);
-diff -up openssl-1.0.2o/crypto/evp/e_des3.c.fips openssl-1.0.2o/crypto/evp/e_des3.c
---- openssl-1.0.2o/crypto/evp/e_des3.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/e_des3.c 2018-04-05 16:17:11.936265673 +0200
-@@ -65,10 +65,6 @@
- # include <openssl/des.h>
- # include <openssl/rand.h>
-
--/* Block use of implementations in FIPS mode */
--# undef EVP_CIPH_FLAG_FIPS
--# define EVP_CIPH_FLAG_FIPS 0
--
- typedef struct {
- union {
- double align;
-diff -up openssl-1.0.2o/crypto/evp/e_null.c.fips openssl-1.0.2o/crypto/evp/e_null.c
---- openssl-1.0.2o/crypto/evp/e_null.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/e_null.c 2018-04-05 16:17:11.936265673 +0200
-@@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c
- static const EVP_CIPHER n_cipher = {
- NID_undef,
- 1, 0, 0,
-- 0,
-+ EVP_CIPH_FLAG_FIPS,
- null_init_key,
- null_cipher,
- NULL,
-diff -up openssl-1.0.2o/crypto/evp/evp_enc.c.fips openssl-1.0.2o/crypto/evp/evp_enc.c
---- openssl-1.0.2o/crypto/evp/evp_enc.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/evp_enc.c 2018-04-05 16:17:11.937265696 +0200
-@@ -69,16 +69,73 @@
- #endif
- #include "evp_locl.h"
-
--#ifdef OPENSSL_FIPS
--# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
--#else
--# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
--#endif
-+#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-
- const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
-
-+#ifdef OPENSSL_FIPS
-+
-+/* The purpose of these is to trap programs that attempt to use non FIPS
-+ * algorithms in FIPS mode and ignore the errors.
-+ */
-+
-+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+ const unsigned char *iv, int enc)
-+{
-+ FIPS_ERROR_IGNORED("Cipher init");
-+ return 0;
-+}
-+
-+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, unsigned int inl)
-+{
-+ FIPS_ERROR_IGNORED("Cipher update");
-+ return 0;
-+}
-+
-+/* NB: no cleanup because it is allowed after failed init */
-+
-+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-+{
-+ FIPS_ERROR_IGNORED("Cipher set_asn1");
-+ return 0;
-+}
-+
-+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-+{
-+ FIPS_ERROR_IGNORED("Cipher get_asn1");
-+ return 0;
-+}
-+
-+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-+{
-+ FIPS_ERROR_IGNORED("Cipher ctrl");
-+ return 0;
-+}
-+
-+static const EVP_CIPHER bad_cipher = {
-+ 0,
-+ 0,
-+ 0,
-+ 0,
-+ 0,
-+ bad_init,
-+ bad_do_cipher,
-+ NULL,
-+ 0,
-+ bad_set_asn1,
-+ bad_get_asn1,
-+ bad_ctrl,
-+ NULL
-+};
-+
-+#endif
-+
- void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
- /* ctx->cipher=NULL; */
- }
-@@ -110,6 +167,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- enc = 1;
- ctx->encrypt = enc;
- }
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
-+ ctx->cipher = &bad_cipher;
-+ return 0;
-+ }
-+#endif
- #ifndef OPENSSL_NO_ENGINE
- /*
- * Whether it's nice or not, "Inits" can be used on
"Final"'d contexts so
-@@ -168,16 +232,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- ctx->engine = NULL;
- #endif
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode()) {
-- const EVP_CIPHER *fcipher = NULL;
-- if (cipher)
-- fcipher = evp_get_fips_cipher(cipher);
-- if (fcipher)
-- cipher = fcipher;
-- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-- }
--#endif
- ctx->cipher = cipher;
- if (ctx->cipher->ctx_size) {
- ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
-@@ -206,10 +260,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- #ifndef OPENSSL_NO_ENGINE
- skip_to_init:
- #endif
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
--#endif
- /* we assume block size is a power of 2 in *cryptUpdate */
- OPENSSL_assert(ctx->cipher->block_size == 1
- || ctx->cipher->block_size == 8
-@@ -255,6 +305,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
- break;
- }
- }
-+#ifdef OPENSSL_FIPS
-+ /* After 'key' is set no further parameters changes are permissible.
-+ * So only check for non FIPS enabling at this point.
-+ */
-+ if (key && FIPS_mode()) {
-+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
-+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
-+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-+ ctx->cipher = &bad_cipher;
-+ return 0;
-+ }
-+ }
-+#endif
-
- if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
- if (!ctx->cipher->init(ctx, key, iv, enc))
-@@ -556,7 +619,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
-
- int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
- {
--#ifndef OPENSSL_FIPS
- if (c->cipher != NULL) {
- if (c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
-@@ -566,7 +628,6 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
- }
- if (c->cipher_data)
- OPENSSL_free(c->cipher_data);
--#endif
- #ifndef OPENSSL_NO_ENGINE
- if (c->engine)
- /*
-@@ -575,9 +636,6 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
- */
- ENGINE_finish(c->engine);
- #endif
--#ifdef OPENSSL_FIPS
-- FIPS_cipher_ctx_cleanup(c);
--#endif
- memset(c, 0, sizeof(EVP_CIPHER_CTX));
- return 1;
- }
-diff -up openssl-1.0.2o/crypto/evp/evp.h.fips openssl-1.0.2o/crypto/evp/evp.h
---- openssl-1.0.2o/crypto/evp/evp.h.fips 2018-04-05 16:17:11.743261184 +0200
-+++ openssl-1.0.2o/crypto/evp/evp.h 2018-04-05 16:17:11.937265696 +0200
-@@ -122,6 +122,10 @@
- extern "C" {
- #endif
-
-+# ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# endif
-+
- /*
- * Type needs to be a bit field Sub-type needs to be for variations on the
- * method, as in, can it do arbitrary encryption....
-@@ -285,11 +289,6 @@ struct env_md_ctx_st {
- * cleaned */
- # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data
- * in EVP_MD_CTX_cleanup */
--/*
-- * FIPS and pad options are ignored in 1.0.0, definitions are here so we
-- * don't accidentally reuse the values for other purposes.
-- */
--
- # define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS
- * digest in FIPS mode */
-
-@@ -302,6 +301,10 @@ struct env_md_ctx_st {
- # define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */
- # define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */
- # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */
-+# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
-+ ((ctx->flags>>16) &0xFFFF) /* seed length */
-+# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */
-+# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */
-
- # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */
-
-@@ -363,15 +366,15 @@ struct evp_cipher_st {
- /* cipher handles random key generation */
- # define EVP_CIPH_RAND_KEY 0x200
- /* cipher has its own additional copying logic */
--# define EVP_CIPH_CUSTOM_COPY 0x400
-+# define EVP_CIPH_CUSTOM_COPY 0x4000
- /* Allow use default ASN1 get/set iv */
- # define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
- /* Buffer length in bits not bytes: CFB1 mode only */
- # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
- /* Note if suitable for use in FIPS mode */
--# define EVP_CIPH_FLAG_FIPS 0x4000
-+# define EVP_CIPH_FLAG_FIPS 0x400
- /* Allow non FIPS cipher in FIPS mode */
--# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
-+# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
- /*
- * Cipher handles any and all padding logic as well as finalisation.
- */
-diff -up openssl-1.0.2o/crypto/evp/evp_lib.c.fips openssl-1.0.2o/crypto/evp/evp_lib.c
---- openssl-1.0.2o/crypto/evp/evp_lib.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/evp_lib.c 2018-04-05 16:17:11.937265696 +0200
-@@ -60,10 +60,6 @@
- #include "cryptlib.h"
- #include <openssl/evp.h>
- #include <openssl/objects.h>
--#ifdef OPENSSL_FIPS
--# include <openssl/fips.h>
--# include "evp_locl.h"
--#endif
-
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
-@@ -224,6 +220,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
- int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
-+#ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+#endif
- return ctx->cipher->do_cipher(ctx, out, in, inl);
- }
-
-@@ -234,22 +233,12 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(
-
- unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
- {
--#ifdef OPENSSL_FIPS
-- const EVP_CIPHER *fcipher;
-- fcipher = evp_get_fips_cipher(cipher);
-- if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS)
-- return cipher->flags | EVP_CIPH_FLAG_FIPS;
--#endif
- return cipher->flags;
- }
-
- unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
- {
--#ifdef OPENSSL_FIPS
-- return EVP_CIPHER_flags(ctx->cipher);
--#else
- return ctx->cipher->flags;
--#endif
- }
-
- void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
-@@ -316,40 +305,8 @@ int EVP_MD_size(const EVP_MD *md)
- return md->md_size;
- }
-
--#ifdef OPENSSL_FIPS
--
--const EVP_MD *evp_get_fips_md(const EVP_MD *md)
--{
-- int nid = EVP_MD_type(md);
-- if (nid == NID_dsa)
-- return FIPS_evp_dss1();
-- else if (nid == NID_dsaWithSHA)
-- return FIPS_evp_dss();
-- else if (nid == NID_ecdsa_with_SHA1)
-- return FIPS_evp_ecdsa();
-- else
-- return FIPS_get_digestbynid(nid);
--}
--
--const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher)
--{
-- int nid = cipher->nid;
-- if (nid == NID_undef)
-- return FIPS_evp_enc_null();
-- else
-- return FIPS_get_cipherbynid(nid);
--}
--
--#endif
--
- unsigned long EVP_MD_flags(const EVP_MD *md)
- {
--#ifdef OPENSSL_FIPS
-- const EVP_MD *fmd;
-- fmd = evp_get_fips_md(md);
-- if (fmd && fmd->flags & EVP_MD_FLAG_FIPS)
-- return md->flags | EVP_MD_FLAG_FIPS;
--#endif
- return md->flags;
- }
-
-diff -up openssl-1.0.2o/crypto/evp/evp_locl.h.fips openssl-1.0.2o/crypto/evp/evp_locl.h
---- openssl-1.0.2o/crypto/evp/evp_locl.h.fips 2018-04-05 16:17:11.736261022 +0200
-+++ openssl-1.0.2o/crypto/evp/evp_locl.h 2018-04-05 16:17:11.937265696 +0200
-@@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
- BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
- BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
- NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-- 0, cipher##_init_key, NULL, \
-- EVP_CIPHER_set_asn1_iv, \
-- EVP_CIPHER_get_asn1_iv, \
-- NULL)
-+ EVP_CIPH_FLAG_DEFAULT_ASN1, \
-+ cipher##_init_key, NULL, NULL, NULL, NULL)
-
- struct evp_pkey_ctx_st {
- /* Method associated with this operation */
-@@ -355,11 +353,6 @@ const EVP_CIPHER *evp_get_fips_cipher(co
- # define MD2_Init private_MD2_Init
- # define MDC2_Init private_MDC2_Init
- # define SHA_Init private_SHA_Init
--# define SHA1_Init private_SHA1_Init
--# define SHA224_Init private_SHA224_Init
--# define SHA256_Init private_SHA256_Init
--# define SHA384_Init private_SHA384_Init
--# define SHA512_Init private_SHA512_Init
-
- # define BF_set_key private_BF_set_key
- # define CAST_set_key private_CAST_set_key
-@@ -367,7 +360,6 @@ const EVP_CIPHER *evp_get_fips_cipher(co
- # define SEED_set_key private_SEED_set_key
- # define RC2_set_key private_RC2_set_key
- # define RC4_set_key private_RC4_set_key
--# define DES_set_key_unchecked private_DES_set_key_unchecked
- # define Camellia_set_key private_Camellia_set_key
-
- #endif
-diff -up openssl-1.0.2o/crypto/evp/m_dss.c.fips openssl-1.0.2o/crypto/evp/m_dss.c
---- openssl-1.0.2o/crypto/evp/m_dss.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/m_dss.c 2018-04-05 16:17:11.937265696 +0200
-@@ -86,7 +86,7 @@ static const EVP_MD dsa_md = {
- NID_dsaWithSHA,
- NID_dsaWithSHA,
- SHA_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_DIGEST,
-+ EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS,
- init,
- update,
- final,
-diff -up openssl-1.0.2o/crypto/evp/m_dss1.c.fips openssl-1.0.2o/crypto/evp/m_dss1.c
---- openssl-1.0.2o/crypto/evp/m_dss1.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/m_dss1.c 2018-04-05 16:17:11.937265696 +0200
-@@ -87,7 +87,7 @@ static const EVP_MD dss1_md = {
- NID_dsa,
- NID_dsaWithSHA1,
- SHA_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_DIGEST,
-+ EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS,
- init,
- update,
- final,
-diff -up openssl-1.0.2o/crypto/evp/m_md2.c.fips openssl-1.0.2o/crypto/evp/m_md2.c
---- openssl-1.0.2o/crypto/evp/m_md2.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/m_md2.c 2018-04-05 16:17:11.937265696 +0200
-@@ -68,6 +68,7 @@
- # ifndef OPENSSL_NO_RSA
- # include <openssl/rsa.h>
- # endif
-+# include "evp_locl.h"
-
- static int init(EVP_MD_CTX *ctx)
- {
-diff -up openssl-1.0.2o/crypto/evp/m_sha1.c.fips openssl-1.0.2o/crypto/evp/m_sha1.c
---- openssl-1.0.2o/crypto/evp/m_sha1.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/m_sha1.c 2018-04-05 16:17:11.938265720 +0200
-@@ -87,7 +87,8 @@ static const EVP_MD sha1_md = {
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT |
-+ EVP_MD_FLAG_FIPS,
- init,
- update,
- final,
-@@ -134,7 +135,8 @@ static const EVP_MD sha224_md = {
- NID_sha224,
- NID_sha224WithRSAEncryption,
- SHA224_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT |
-+ EVP_MD_FLAG_FIPS,
- init224,
- update256,
- final256,
-@@ -154,7 +156,8 @@ static const EVP_MD sha256_md = {
- NID_sha256,
- NID_sha256WithRSAEncryption,
- SHA256_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT |
-+ EVP_MD_FLAG_FIPS,
- init256,
- update256,
- final256,
-@@ -197,7 +200,8 @@ static const EVP_MD sha384_md = {
- NID_sha384,
- NID_sha384WithRSAEncryption,
- SHA384_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT |
-+ EVP_MD_FLAG_FIPS,
- init384,
- update512,
- final512,
-@@ -217,7 +221,8 @@ static const EVP_MD sha512_md = {
- NID_sha512,
- NID_sha512WithRSAEncryption,
- SHA512_DIGEST_LENGTH,
-- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT,
-+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT |
-+ EVP_MD_FLAG_FIPS,
- init512,
- update512,
- final512,
-diff -up openssl-1.0.2o/crypto/evp/p_sign.c.fips openssl-1.0.2o/crypto/evp/p_sign.c
---- openssl-1.0.2o/crypto/evp/p_sign.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/p_sign.c 2018-04-05 16:17:11.938265720 +0200
-@@ -61,6 +61,7 @@
- #include <openssl/evp.h>
- #include <openssl/objects.h>
- #include <openssl/x509.h>
-+#include <openssl/rsa.h>
-
- #ifdef undef
- void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-@@ -101,6 +102,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
- goto err;
- if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
- goto err;
-+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
-+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
-+ goto err;
-+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) {
-+ int saltlen;
-+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <=
-+ 0)
-+ goto err;
-+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
-+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
-+ saltlen = -1;
-+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
-+ saltlen = -2;
-+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
-+ goto err;
-+ }
- if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
- goto err;
- *siglen = sltmp;
-diff -up openssl-1.0.2o/crypto/evp/p_verify.c.fips openssl-1.0.2o/crypto/evp/p_verify.c
---- openssl-1.0.2o/crypto/evp/p_verify.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/p_verify.c 2018-04-05 16:17:11.938265720 +0200
-@@ -61,6 +61,7 @@
- #include <openssl/evp.h>
- #include <openssl/objects.h>
- #include <openssl/x509.h>
-+#include <openssl/rsa.h>
-
- int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
- unsigned int siglen, EVP_PKEY *pkey)
-@@ -87,6 +88,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
- goto err;
- if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
- goto err;
-+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
-+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
-+ goto err;
-+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) {
-+ int saltlen;
-+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <=
-+ 0)
-+ goto err;
-+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
-+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
-+ saltlen = -1;
-+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
-+ saltlen = -2;
-+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
-+ goto err;
-+ }
- i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
- err:
- EVP_PKEY_CTX_free(pkctx);
-diff -up openssl-1.0.2o/crypto/fips/fips_aes_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_aes_selftest.c.fips 2018-04-05 16:17:11.938265720
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_aes_selftest.c 2018-04-05 16:17:11.938265720 +0200
-@@ -0,0 +1,365 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/evp.h>
-+
-+#ifdef OPENSSL_FIPS
-+static const struct {
-+ const unsigned char key[16];
-+ const unsigned char plaintext[16];
-+ const unsigned char ciphertext[16];
-+} tests[] = {
-+ {
-+ {
-+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, {
-+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, {
-+0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30,
-+ 0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A},},};
-+
-+static int corrupt_aes;
-+
-+void FIPS_corrupt_aes()
-+{
-+ corrupt_aes = 1;
-+}
-+
-+int FIPS_selftest_aes()
-+{
-+ int n;
-+ int ret = 0;
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+
-+ for (n = 0; n < 1; ++n) {
-+ unsigned char key[16];
-+
-+ memcpy(key, tests[n].key, sizeof(key));
-+ if (corrupt_aes)
-+ key[0]++;
-+ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
-+ key, NULL,
-+ tests[n].plaintext,
-+ tests[n].ciphertext, 16) <= 0)
-+ goto err;
-+ }
-+ ret = 1;
-+ err:
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ if (ret == 0)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED);
-+ return ret;
-+}
-+
-+/* AES-CCM test data from NIST public test vectors */
-+
-+static const unsigned char ccm_key[] = {
-+ 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
-+ 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
-+};
-+
-+static const unsigned char ccm_nonce[] = {
-+ 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
-+};
-+
-+static const unsigned char ccm_adata[] = {
-+ 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
-+ 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
-+ 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
-+};
-+
-+static const unsigned char ccm_pt[] = {
-+ 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
-+ 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
-+};
-+
-+static const unsigned char ccm_ct[] = {
-+ 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
-+ 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
-+};
-+
-+static const unsigned char ccm_tag[] = {
-+ 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
-+ 0x14, 0xdb, 0x50, 0x6d
-+};
-+
-+int FIPS_selftest_aes_ccm(void)
-+{
-+ int ret = 0;
-+ unsigned char out[128], tag[16];
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+ memset(out, 0, sizeof(out));
-+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
-+ sizeof(ccm_nonce), NULL))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
-+ sizeof(ccm_tag), NULL))
-+ goto err;
-+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
-+ goto err;
-+ if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
-+ goto err;
-+
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
-+ goto err;
-+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
-+ || memcmp(out, ccm_ct, sizeof(ccm_ct)))
-+ goto err;
-+
-+ memset(out, 0, sizeof(out));
-+
-+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
-+ sizeof(ccm_nonce), NULL))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
-+ goto err;
-+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
-+ goto err;
-+ if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
-+ goto err;
-+
-+ if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ } else
-+ return ret;
-+
-+}
-+
-+/* AES-GCM test data from NIST public test vectors */
-+
-+static const unsigned char gcm_key[] = {
-+ 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
-+ 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
-+ 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
-+};
-+
-+static const unsigned char gcm_iv[] = {
-+ 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
-+};
-+
-+static const unsigned char gcm_pt[] = {
-+ 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
-+ 0xcc, 0x2b, 0xf2, 0xa5
-+};
-+
-+static const unsigned char gcm_aad[] = {
-+ 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
-+ 0x7f, 0xec, 0x78, 0xde
-+};
-+
-+static const unsigned char gcm_ct[] = {
-+ 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
-+ 0xb9, 0xf2, 0x17, 0x36
-+};
-+
-+static const unsigned char gcm_tag[] = {
-+ 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
-+ 0x98, 0xf7, 0x7e, 0x0c
-+};
-+
-+int FIPS_selftest_aes_gcm(void)
-+{
-+ int ret = 0;
-+ unsigned char out[128], tag[16];
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+ memset(out, 0, sizeof(out));
-+ memset(tag, 0, sizeof(tag));
-+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
-+ sizeof(gcm_iv), NULL))
-+ goto err;
-+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
-+ goto err;
-+ if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
-+ goto err;
-+
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
-+ goto err;
-+
-+ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
-+ goto err;
-+
-+ memset(out, 0, sizeof(out));
-+
-+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
-+ sizeof(gcm_iv), NULL))
-+ goto err;
-+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
-+ goto err;
-+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
-+ goto err;
-+ if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
-+ goto err;
-+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
-+ goto err;
-+
-+ if (memcmp(out, gcm_pt, 16))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+
-+ if (ret == 0) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ } else
-+ return ret;
-+
-+}
-+
-+static const unsigned char XTS_128_key[] = {
-+ 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, 0x3b, 0x2c, 0x34, 0x38,
-+ 0x76, 0x08, 0x17, 0x62, 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
-+ 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
-+};
-+
-+static const unsigned char XTS_128_i[] = {
-+ 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, 0x6e, 0x4b, 0x92, 0x01,
-+ 0x3e, 0x76, 0x8a, 0xd5
-+};
-+
-+static const unsigned char XTS_128_pt[] = {
-+ 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, 0x6f, 0xb3, 0x50, 0x39,
-+ 0x07, 0x90, 0x31, 0x1c
-+};
-+
-+static const unsigned char XTS_128_ct[] = {
-+ 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, 0x82, 0x50, 0x81, 0xd5,
-+ 0xbe, 0x47, 0x1c, 0x63
-+};
-+
-+static const unsigned char XTS_256_key[] = {
-+ 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, 0x48, 0x01, 0xe4, 0x2f,
-+ 0x4b, 0x09, 0x47, 0x14, 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
-+ 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, 0xd6, 0xe1, 0x3f, 0xfd,
-+ 0xf2, 0x41, 0x8d, 0x8d, 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
-+ 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, 0x31, 0x8e, 0xea, 0x39,
-+ 0x2c, 0xf4, 0x1b, 0x08
-+};
-+
-+static const unsigned char XTS_256_i[] = {
-+ 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, 0xf0, 0x42, 0x8e, 0x84,
-+ 0xa9, 0xf8, 0x75, 0x64
-+};
-+
-+static const unsigned char XTS_256_pt[] = {
-+ 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, 0xac, 0xc6, 0x47, 0xe8,
-+ 0x10, 0xbb, 0xc3, 0x64, 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
-+ 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
-+};
-+
-+static const unsigned char XTS_256_ct[] = {
-+ 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, 0x0b, 0x37, 0xf9, 0x34,
-+ 0xd4, 0x6a, 0x9b, 0x13, 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
-+ 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
-+};
-+
-+int FIPS_selftest_aes_xts()
-+{
-+ int ret = 1;
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+
-+ if (fips_cipher_test(&ctx, EVP_aes_128_xts(),
-+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
-+ sizeof(XTS_128_pt)) <= 0)
-+ ret = 0;
-+
-+ if (fips_cipher_test(&ctx, EVP_aes_256_xts(),
-+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
-+ sizeof(XTS_256_pt)) <= 0)
-+ ret = 0;
-+
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ if (ret == 0)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS, FIPS_R_SELFTEST_FAILED);
-+ return ret;
-+}
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips.c.fips openssl-1.0.2o/crypto/fips/fips.c
---- openssl-1.0.2o/crypto/fips/fips.c.fips 2018-04-05 16:17:11.938265720 +0200
-+++ openssl-1.0.2o/crypto/fips/fips.c 2018-04-05 16:17:11.938265720 +0200
-@@ -0,0 +1,483 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#define _GNU_SOURCE
-+
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include <openssl/err.h>
-+#include <openssl/bio.h>
-+#include <openssl/hmac.h>
-+#include <openssl/rsa.h>
-+#include <string.h>
-+#include <limits.h>
-+#include <dlfcn.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+# include <openssl/fips.h>
-+
-+# ifndef PATH_MAX
-+# define PATH_MAX 1024
-+# endif
-+
-+static int fips_selftest_fail = 0;
-+static int fips_mode = 0;
-+static int fips_started = 0;
-+
-+static int fips_is_owning_thread(void);
-+static int fips_set_owning_thread(void);
-+static int fips_clear_owning_thread(void);
-+
-+# define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
-+# define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
-+# define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
-+# define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
-+
-+static void fips_set_mode(int onoff)
-+{
-+ int owning_thread = fips_is_owning_thread();
-+
-+ if (fips_started) {
-+ if (!owning_thread)
-+ fips_w_lock();
-+ fips_mode = onoff;
-+ if (!owning_thread)
-+ fips_w_unlock();
-+ }
-+}
-+
-+int FIPS_module_mode(void)
-+{
-+ int ret = 0;
-+ int owning_thread = fips_is_owning_thread();
-+
-+ if (fips_started) {
-+ if (!owning_thread)
-+ fips_r_lock();
-+ ret = fips_mode;
-+ if (!owning_thread)
-+ fips_r_unlock();
-+ }
-+ return ret;
-+}
-+
-+int FIPS_selftest_failed(void)
-+{
-+ int ret = 0;
-+ if (fips_started) {
-+ int owning_thread = fips_is_owning_thread();
-+
-+ if (!owning_thread)
-+ fips_r_lock();
-+ ret = fips_selftest_fail;
-+ if (!owning_thread)
-+ fips_r_unlock();
-+ }
-+ return ret;
-+}
-+
-+/* Selftest failure fatal exit routine. This will be called
-+ * during *any* cryptographic operation. It has the minimum
-+ * overhead possible to avoid too big a performance hit.
-+ */
-+
-+void FIPS_selftest_check(void)
-+{
-+ if (fips_selftest_fail) {
-+ OpenSSLDie(__FILE__, __LINE__, "FATAL FIPS SELFTEST FAILURE");
-+ }
-+}
-+
-+void fips_set_selftest_fail(void)
-+{
-+ fips_selftest_fail = 1;
-+}
-+
-+/* we implement what libfipscheck does ourselves */
-+
-+static int
-+get_library_path(const char *libname, const char *symbolname, char *path,
-+ size_t pathlen)
-+{
-+ Dl_info info;
-+ void *dl, *sym;
-+ int rv = -1;
-+
-+ dl = dlopen(libname, RTLD_LAZY);
-+ if (dl == NULL) {
-+ return -1;
-+ }
-+
-+ sym = dlsym(dl, symbolname);
-+
-+ if (sym != NULL && dladdr(sym, &info)) {
-+ strncpy(path, info.dli_fname, pathlen - 1);
-+ path[pathlen - 1] = '\0';
-+ rv = 0;
-+ }
-+
-+ dlclose(dl);
-+
-+ return rv;
-+}
-+
-+static const char conv[] = "0123456789abcdef";
-+
-+static char *bin2hex(void *buf, size_t len)
-+{
-+ char *hex, *p;
-+ unsigned char *src = buf;
-+
-+ hex = malloc(len * 2 + 1);
-+ if (hex == NULL)
-+ return NULL;
-+
-+ p = hex;
-+
-+ while (len > 0) {
-+ unsigned c;
-+
-+ c = *src;
-+ src++;
-+
-+ *p = conv[c >> 4];
-+ ++p;
-+ *p = conv[c & 0x0f];
-+ ++p;
-+ --len;
-+ }
-+ *p = '\0';
-+ return hex;
-+}
-+
-+# define HMAC_PREFIX "."
-+# define HMAC_SUFFIX ".hmac"
-+# define READ_BUFFER_LENGTH 16384
-+
-+static char *make_hmac_path(const char *origpath)
-+{
-+ char *path, *p;
-+ const char *fn;
-+
-+ path =
-+ malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
-+ if (path == NULL) {
-+ return NULL;
-+ }
-+
-+ fn = strrchr(origpath, '/');
-+ if (fn == NULL) {
-+ fn = origpath;
-+ } else {
-+ ++fn;
-+ }
-+
-+ strncpy(path, origpath, fn - origpath);
-+ p = path + (fn - origpath);
-+ p = stpcpy(p, HMAC_PREFIX);
-+ p = stpcpy(p, fn);
-+ p = stpcpy(p, HMAC_SUFFIX);
-+
-+ return path;
-+}
-+
-+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
-+
-+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
-+{
-+ FILE *f = NULL;
-+ int rv = -1;
-+ unsigned char rbuf[READ_BUFFER_LENGTH];
-+ size_t len;
-+ unsigned int hlen;
-+ HMAC_CTX c;
-+
-+ HMAC_CTX_init(&c);
-+
-+ f = fopen(path, "r");
-+
-+ if (f == NULL) {
-+ goto end;
-+ }
-+
-+ HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256());
-+
-+ while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
-+ HMAC_Update(&c, rbuf, len);
-+ }
-+
-+ len = sizeof(rbuf);
-+ /* reuse rbuf for hmac */
-+ HMAC_Final(&c, rbuf, &hlen);
-+
-+ *buf = malloc(hlen);
-+ if (*buf == NULL) {
-+ goto end;
-+ }
-+
-+ *hmaclen = hlen;
-+
-+ memcpy(*buf, rbuf, hlen);
-+
-+ rv = 0;
-+ end:
-+ HMAC_CTX_cleanup(&c);
-+
-+ if (f)
-+ fclose(f);
-+
-+ return rv;
-+}
-+
-+static int FIPSCHECK_verify(const char *libname, const char *symbolname)
-+{
-+ char path[PATH_MAX + 1];
-+ int rv;
-+ FILE *hf;
-+ char *hmacpath, *p;
-+ char *hmac = NULL;
-+ size_t n;
-+
-+ rv = get_library_path(libname, symbolname, path, sizeof(path));
-+
-+ if (rv < 0)
-+ return 0;
-+
-+ hmacpath = make_hmac_path(path);
-+ if (hmacpath == NULL)
-+ return 0;
-+
-+ hf = fopen(hmacpath, "r");
-+ if (hf == NULL) {
-+ free(hmacpath);
-+ return 0;
-+ }
-+
-+ if (getline(&hmac, &n, hf) > 0) {
-+ void *buf;
-+ size_t hmaclen;
-+ char *hex;
-+
-+ if ((p = strchr(hmac, '\n')) != NULL)
-+ *p = '\0';
-+
-+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
-+ rv = -4;
-+ goto end;
-+ }
-+
-+ if ((hex = bin2hex(buf, hmaclen)) == NULL) {
-+ free(buf);
-+ rv = -5;
-+ goto end;
-+ }
-+
-+ if (strcmp(hex, hmac) != 0) {
-+ rv = -1;
-+ }
-+ free(buf);
-+ free(hex);
-+ } else {
-+ rv = -1;
-+ }
-+
-+ end:
-+ free(hmac);
-+ free(hmacpath);
-+ fclose(hf);
-+
-+ if (rv < 0)
-+ return 0;
-+
-+ /* check successful */
-+ return 1;
-+}
-+
-+int FIPS_module_mode_set(int onoff, const char *auth)
-+{
-+ int ret = 0;
-+
-+ fips_w_lock();
-+ fips_started = 1;
-+ fips_set_owning_thread();
-+
-+ if (onoff) {
-+
-+ fips_selftest_fail = 0;
-+
-+ /* Don't go into FIPS mode twice, just so we can do automagic
-+ seeding */
-+ if (FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_FIPS_MODE_ALREADY_SET);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+# ifdef OPENSSL_IA32_SSE2
-+ {
-+ extern unsigned int OPENSSL_ia32cap_P[2];
-+ if ((OPENSSL_ia32cap_P[0] & (1 << 25 | 1 << 26)) !=
-+ (1 << 25 | 1 << 26)) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_UNSUPPORTED_PLATFORM);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+ OPENSSL_ia32cap_P[0] |= (1 << 28); /* set "shared cache"
*/
-+ OPENSSL_ia32cap_P[1] &= ~(1 << (60 - 32)); /* clear AVX
*/
-+ }
-+# endif
-+
-+ if (!FIPSCHECK_verify
-+ ("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set"))
{
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+
-+ if (!FIPSCHECK_verify
-+ ("libssl.so." SHLIB_VERSION_NUMBER, "SSL_CTX_new")) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+
-+ if (FIPS_selftest())
-+ fips_set_mode(onoff);
-+ else {
-+ fips_selftest_fail = 1;
-+ ret = 0;
-+ goto end;
-+ }
-+ ret = 1;
-+ goto end;
-+ }
-+ fips_set_mode(0);
-+ fips_selftest_fail = 0;
-+ ret = 1;
-+ end:
-+ fips_clear_owning_thread();
-+ fips_w_unlock();
-+ return ret;
-+}
-+
-+static CRYPTO_THREADID fips_thread;
-+static int fips_thread_set = 0;
-+
-+static int fips_is_owning_thread(void)
-+{
-+ int ret = 0;
-+
-+ if (fips_started) {
-+ CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
-+ if (fips_thread_set) {
-+ CRYPTO_THREADID cur;
-+ CRYPTO_THREADID_current(&cur);
-+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
-+ ret = 1;
-+ }
-+ CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
-+ }
-+ return ret;
-+}
-+
-+int fips_set_owning_thread(void)
-+{
-+ int ret = 0;
-+
-+ if (fips_started) {
-+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
-+ if (!fips_thread_set) {
-+ CRYPTO_THREADID_current(&fips_thread);
-+ ret = 1;
-+ fips_thread_set = 1;
-+ }
-+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
-+ }
-+ return ret;
-+}
-+
-+int fips_clear_owning_thread(void)
-+{
-+ int ret = 0;
-+
-+ if (fips_started) {
-+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
-+ if (fips_thread_set) {
-+ CRYPTO_THREADID cur;
-+ CRYPTO_THREADID_current(&cur);
-+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
-+ fips_thread_set = 0;
-+ }
-+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
-+ }
-+ return ret;
-+}
-+
-+# if 0
-+/* The purpose of this is to ensure the error code exists and the function
-+ * name is to keep the error checking script quiet
-+ */
-+void hash_final(void)
-+{
-+ FIPSerr(FIPS_F_HASH_FINAL, FIPS_R_NON_FIPS_METHOD);
-+}
-+# endif
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_cmac_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_cmac_selftest.c.fips 2018-04-05 16:17:11.938265720
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_cmac_selftest.c 2018-04-05 16:17:11.938265720 +0200
-@@ -0,0 +1,156 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include <openssl/cmac.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+typedef struct {
-+ int nid;
-+ const unsigned char key[EVP_MAX_KEY_LENGTH];
-+ size_t keysize;
-+ const unsigned char msg[64];
-+ size_t msgsize;
-+ const unsigned char mac[32];
-+ size_t macsize;
-+} CMAC_KAT;
-+
-+/* from
http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
-+static const CMAC_KAT vector[] = {
-+ {NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
-+ {0x77, 0xa7, 0x7f, 0xaf, 0x29, 0x0c, 0x1f, 0xa3,
-+ 0x0c, 0x68, 0x3d, 0xf1, 0x6b, 0xa7, 0xa7, 0x7b,}, 128,
-+ {0x02, 0x06, 0x83, 0xe1, 0xf0, 0x39, 0x2f, 0x4c,
-+ 0xac, 0x54, 0x31, 0x8b, 0x60, 0x29, 0x25, 0x9e,
-+ 0x9c, 0x55, 0x3d, 0xbc, 0x4b, 0x6a, 0xd9, 0x98,
-+ 0xe6, 0x4d, 0x58, 0xe4, 0xe7, 0xdc, 0x2e, 0x13,}, 256,
-+ {0xfb, 0xfe, 0xa4, 0x1b,}, 32},
-+ {NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
-+ {0x7b, 0x32, 0x39, 0x13, 0x69, 0xaa, 0x4c, 0xa9,
-+ 0x75, 0x58, 0x09, 0x5b, 0xe3, 0xc3, 0xec, 0x86,
-+ 0x2b, 0xd0, 0x57, 0xce, 0xf1, 0xe3, 0x2d, 0x62,}, 192,
-+ {0x0}, 0,
-+ {0xe4, 0xd9, 0x34, 0x0b, 0x03, 0xe6, 0x7d, 0xef,
-+ 0xd4, 0x96, 0x9c, 0xc1, 0xed, 0x37, 0x35, 0xe6,}, 128,
-+ },
-+ {NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
-+ {0x0b, 0x12, 0x2a, 0xc8, 0xf3, 0x4e, 0xd1, 0xfe,
-+ 0x08, 0x2a, 0x36, 0x25, 0xd1, 0x57, 0x56, 0x14,
-+ 0x54, 0x16, 0x7a, 0xc1, 0x45, 0xa1, 0x0b, 0xbf,
-+ 0x77, 0xc6, 0xa7, 0x05, 0x96, 0xd5, 0x74, 0xf1,}, 256,
-+ {0x49, 0x8b, 0x53, 0xfd, 0xec, 0x87, 0xed, 0xcb,
-+ 0xf0, 0x70, 0x97, 0xdc, 0xcd, 0xe9, 0x3a, 0x08,
-+ 0x4b, 0xad, 0x75, 0x01, 0xa2, 0x24, 0xe3, 0x88,
-+ 0xdf, 0x34, 0x9c, 0xe1, 0x89, 0x59, 0xfe, 0x84,
-+ 0x85, 0xf8, 0xad, 0x15, 0x37, 0xf0, 0xd8, 0x96,
-+ 0xea, 0x73, 0xbe, 0xdc, 0x72, 0x14, 0x71, 0x3f,}, 384,
-+ {0xf6, 0x2c, 0x46, 0x32, 0x9b,}, 40,
-+ },
-+ {NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
-+ {0x89, 0xbc, 0xd9, 0x52, 0xa8, 0xc8, 0xab, 0x37,
-+ 0x1a, 0xf4, 0x8a, 0xc7, 0xd0, 0x70, 0x85, 0xd5,
-+ 0xef, 0xf7, 0x02, 0xe6, 0xd6, 0x2c, 0xdc, 0x23,}, 192,
-+ {0xfa, 0x62, 0x0c, 0x1b, 0xbe, 0x97, 0x31, 0x9e,
-+ 0x9a, 0x0c, 0xf0, 0x49, 0x21, 0x21, 0xf7, 0xa2,
-+ 0x0e, 0xb0, 0x8a, 0x6a, 0x70, 0x9d, 0xcb, 0xd0,
-+ 0x0a, 0xaf, 0x38, 0xe4, 0xf9, 0x9e, 0x75, 0x4e,}, 256,
-+ {0x8f, 0x49, 0xa1, 0xb7, 0xd6, 0xaa, 0x22, 0x58,}, 64,
-+ },
-+};
-+
-+int FIPS_selftest_cmac()
-+{
-+ size_t n, outlen;
-+ unsigned char out[32];
-+ const EVP_CIPHER *cipher;
-+ CMAC_CTX *ctx = CMAC_CTX_new();
-+ const CMAC_KAT *t;
-+ int rv = 1;
-+
-+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
-+ cipher = FIPS_get_cipherbynid(t->nid);
-+ if (!cipher) {
-+ rv = -1;
-+ goto err;
-+ }
-+ if (!CMAC_Init(ctx, t->key, t->keysize / 8, cipher, 0)) {
-+ rv = -1;
-+ goto err;
-+ }
-+ if (!CMAC_Update(ctx, t->msg, t->msgsize / 8)) {
-+ rv = -1;
-+ goto err;
-+ }
-+
-+ if (!CMAC_Final(ctx, out, &outlen)) {
-+ rv = -1;
-+ goto err;
-+ }
-+ CMAC_CTX_cleanup(ctx);
-+
-+ if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8))
{
-+ rv = 0;
-+ }
-+ }
-+
-+ err:
-+ CMAC_CTX_free(ctx);
-+
-+ if (rv == -1) {
-+ rv = 0;
-+ }
-+ if (!rv)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC, FIPS_R_SELFTEST_FAILED);
-+
-+ return rv;
-+}
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_des_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_des_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_des_selftest.c.fips 2018-04-05 16:17:11.939265743
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_des_selftest.c 2018-04-05 16:17:11.938265720 +0200
-@@ -0,0 +1,138 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/evp.h>
-+#include <openssl/opensslconf.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const struct {
-+ const unsigned char key[16];
-+ const unsigned char plaintext[8];
-+ const unsigned char ciphertext[8];
-+} tests2[] = {
-+ {
-+ {
-+ 0x7c, 0x4f, 0x6e, 0xf7, 0xa2, 0x04, 0x16, 0xec,
-+ 0x0b, 0x6b, 0x7c, 0x9e, 0x5e, 0x19, 0xa7, 0xc4}, {
-+ 0x06, 0xa7, 0xd8, 0x79, 0xaa, 0xce, 0x69, 0xef}, {
-+ 0x4c, 0x11, 0x17, 0x55, 0xbf, 0xc4, 0x4e, 0xfd}
-+ }, {
-+ {
-+ 0x5d, 0x9e, 0x01, 0xd3, 0x25, 0xc7, 0x3e, 0x34,
-+ 0x01, 0x16, 0x7c, 0x85, 0x23, 0xdf, 0xe0, 0x68}, {
-+ 0x9c, 0x50, 0x09, 0x0f, 0x5e, 0x7d, 0x69, 0x7e}, {
-+ 0xd2, 0x0b, 0x18, 0xdf, 0xd9, 0x0d, 0x9e, 0xff},}
-+};
-+
-+static const struct {
-+ const unsigned char key[24];
-+ const unsigned char plaintext[8];
-+ const unsigned char ciphertext[8];
-+} tests3[] = {
-+ {
-+ {
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
-+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}, {
-+ 0x8f, 0x8f, 0xbf, 0x9b, 0x5d, 0x48, 0xb4, 0x1c}, {
-+ 0x59, 0x8c, 0xe5, 0xd3, 0x6c, 0xa2, 0xea, 0x1b},}, {
-+ {
-+ 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFE,
-+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
-+ 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, {
-+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, {
-+0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86},},};
-+
-+static int corrupt_des;
-+
-+void FIPS_corrupt_des()
-+{
-+ corrupt_des = 1;
-+}
-+
-+int FIPS_selftest_des()
-+{
-+ int n, ret = 0;
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
-+ for (n = 0; n < 2; ++n) {
-+ unsigned char plaintext[8];
-+
-+ memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
-+ if (corrupt_des)
-+ plaintext[0]++;
-+ if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
-+ tests2[n].key, NULL,
-+ plaintext, tests2[n].ciphertext, 8))
-+ goto err;
-+ }
-+
-+ /* Encrypt/decrypt with 3DES and compare to known answers */
-+ for (n = 0; n < 2; ++n) {
-+ if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
-+ tests3[n].key, NULL,
-+ tests3[n].plaintext, tests3[n].ciphertext, 8))
-+ goto err;
-+ }
-+ ret = 1;
-+ err:
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ if (ret == 0)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED);
-+
-+ return ret;
-+}
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_ctr.c.fips
openssl-1.0.2o/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.2o/crypto/fips/fips_drbg_ctr.c.fips 2018-04-05 16:17:11.939265743 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_ctr.c 2018-04-05 16:17:11.939265743 +0200
-@@ -0,0 +1,415 @@
-+/* fips/rand/fips_drbg_ctr.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+static void inc_128(DRBG_CTR_CTX * cctx)
-+{
-+ int i;
-+ unsigned char c;
-+ unsigned char *p = cctx->V + 15;
-+ for (i = 0; i < 16; i++) {
-+ c = *p;
-+ c++;
-+ *p = c;
-+ if (c)
-+ return;
-+ p--;
-+ }
-+}
-+
-+static void ctr_XOR(DRBG_CTR_CTX * cctx, const unsigned char *in,
-+ size_t inlen)
-+{
-+ size_t i, n;
-+ /* Any zero padding will have no effect on the result as we
-+ * are XORing. So just process however much input we have.
-+ */
-+
-+ if (!in || !inlen)
-+ return;
-+
-+ if (inlen < cctx->keylen)
-+ n = inlen;
-+ else
-+ n = cctx->keylen;
-+
-+ for (i = 0; i < n; i++)
-+ cctx->K[i] ^= in[i];
-+ if (inlen <= cctx->keylen)
-+ return;
-+
-+ n = inlen - cctx->keylen;
-+ /* Should never happen */
-+ if (n > 16)
-+ n = 16;
-+ for (i = 0; i < 16; i++)
-+ cctx->V[i] ^= in[i + cctx->keylen];
-+}
-+
-+/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
-+
-+static void ctr_BCC_block(DRBG_CTR_CTX * cctx, unsigned char *out,
-+ const unsigned char *in)
-+{
-+ int i;
-+ for (i = 0; i < 16; i++)
-+ out[i] ^= in[i];
-+ AES_encrypt(out, out, &cctx->df_ks);
-+#if 0
-+ fprintf(stderr, "BCC in+out\n");
-+ BIO_dump_fp(stderr, in, 16);
-+ BIO_dump_fp(stderr, out, 16);
-+#endif
-+}
-+
-+/* Handle several BCC operations for as much data as we need for K and X */
-+static void ctr_BCC_blocks(DRBG_CTR_CTX * cctx, const unsigned char *in)
-+{
-+ ctr_BCC_block(cctx, cctx->KX, in);
-+ ctr_BCC_block(cctx, cctx->KX + 16, in);
-+ if (cctx->keylen != 16)
-+ ctr_BCC_block(cctx, cctx->KX + 32, in);
-+}
-+
-+/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
-+ * see 10.4.2 stage 7.
-+ */
-+static void ctr_BCC_init(DRBG_CTR_CTX * cctx)
-+{
-+ memset(cctx->KX, 0, 48);
-+ memset(cctx->bltmp, 0, 16);
-+ ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
-+ cctx->bltmp[3] = 1;
-+ ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
-+ if (cctx->keylen != 16) {
-+ cctx->bltmp[3] = 2;
-+ ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
-+ }
-+}
-+
-+/* Process several blocks into BCC algorithm, some possibly partial */
-+static void ctr_BCC_update(DRBG_CTR_CTX * cctx,
-+ const unsigned char *in, size_t inlen)
-+{
-+ if (!in || !inlen)
-+ return;
-+ /* If we have partial block handle it first */
-+ if (cctx->bltmp_pos) {
-+ size_t left = 16 - cctx->bltmp_pos;
-+ /* If we now have a complete block process it */
-+ if (inlen >= left) {
-+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
-+ ctr_BCC_blocks(cctx, cctx->bltmp);
-+ cctx->bltmp_pos = 0;
-+ inlen -= left;
-+ in += left;
-+ }
-+ }
-+ /* Process zero or more complete blocks */
-+ while (inlen >= 16) {
-+ ctr_BCC_blocks(cctx, in);
-+ in += 16;
-+ inlen -= 16;
-+ }
-+ /* Copy any remaining partial block to the temporary buffer */
-+ if (inlen > 0) {
-+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
-+ cctx->bltmp_pos += inlen;
-+ }
-+}
-+
-+static void ctr_BCC_final(DRBG_CTR_CTX * cctx)
-+{
-+ if (cctx->bltmp_pos) {
-+ memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
-+ ctr_BCC_blocks(cctx, cctx->bltmp);
-+ }
-+}
-+
-+static void ctr_df(DRBG_CTR_CTX * cctx,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *in3, size_t in3len)
-+{
-+ size_t inlen;
-+ unsigned char *p = cctx->bltmp;
-+ static unsigned char c80 = 0x80;
-+
-+ ctr_BCC_init(cctx);
-+ if (!in1)
-+ in1len = 0;
-+ if (!in2)
-+ in2len = 0;
-+ if (!in3)
-+ in3len = 0;
-+ inlen = in1len + in2len + in3len;
-+ /* Initialise L||N in temporary block */
-+ *p++ = (inlen >> 24) & 0xff;
-+ *p++ = (inlen >> 16) & 0xff;
-+ *p++ = (inlen >> 8) & 0xff;
-+ *p++ = inlen & 0xff;
-+ /* NB keylen is at most 32 bytes */
-+ *p++ = 0;
-+ *p++ = 0;
-+ *p++ = 0;
-+ *p = (unsigned char)((cctx->keylen + 16) & 0xff);
-+ cctx->bltmp_pos = 8;
-+ ctr_BCC_update(cctx, in1, in1len);
-+ ctr_BCC_update(cctx, in2, in2len);
-+ ctr_BCC_update(cctx, in3, in3len);
-+ ctr_BCC_update(cctx, &c80, 1);
-+ ctr_BCC_final(cctx);
-+ /* Set up key K */
-+ AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
-+ /* X follows key K */
-+ AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
-+ AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
-+ if (cctx->keylen != 16)
-+ AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
-+#if 0
-+ fprintf(stderr, "Output of ctr_df:\n");
-+ BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
-+#endif
-+}
-+
-+/* NB the no-df Update in SP800-90 specifies a constant input length
-+ * of seedlen, however other uses of this algorithm pad the input with
-+ * zeroes if necessary and have up to two parameters XORed together,
-+ * handle both cases in this function instead.
-+ */
-+
-+static void ctr_Update(DRBG_CTX *dctx,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *nonce, size_t noncelen)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+ /* ks is already setup for correct key */
-+ inc_128(cctx);
-+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
-+ /* If keylen longer than 128 bits need extra encrypt */
-+ if (cctx->keylen != 16) {
-+ inc_128(cctx);
-+ AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
-+ }
-+ inc_128(cctx);
-+ AES_encrypt(cctx->V, cctx->V, &cctx->ks);
-+ /* If 192 bit key part of V is on end of K */
-+ if (cctx->keylen == 24) {
-+ memcpy(cctx->V + 8, cctx->V, 8);
-+ memcpy(cctx->V, cctx->K + 24, 8);
-+ }
-+
-+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
-+ /* If no input reuse existing derived value */
-+ if (in1 || nonce || in2)
-+ ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
-+ /* If this a reuse input in1len != 0 */
-+ if (in1len)
-+ ctr_XOR(cctx, cctx->KX, dctx->seedlen);
-+ } else {
-+ ctr_XOR(cctx, in1, in1len);
-+ ctr_XOR(cctx, in2, in2len);
-+ }
-+
-+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
-+#if 0
-+ fprintf(stderr, "K+V after update is:\n");
-+ BIO_dump_fp(stderr, cctx->K, cctx->keylen);
-+ BIO_dump_fp(stderr, cctx->V, 16);
-+#endif
-+}
-+
-+static int drbg_ctr_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *nonce, size_t noncelen,
-+ const unsigned char *pers, size_t perslen)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+ memset(cctx->K, 0, sizeof(cctx->K));
-+ memset(cctx->V, 0, sizeof(cctx->V));
-+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
-+ ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
-+ return 1;
-+}
-+
-+static int drbg_ctr_reseed(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
-+ return 1;
-+}
-+
-+static int drbg_ctr_generate(DRBG_CTX *dctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+ if (adin && adinlen) {
-+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
-+ /* This means we reuse derived value */
-+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
-+ adin = NULL;
-+ adinlen = 1;
-+ }
-+ } else
-+ adinlen = 0;
-+
-+ for (;;) {
-+ inc_128(cctx);
-+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) {
-+ AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
-+ dctx->lb_valid = 1;
-+ continue;
-+ }
-+ if (outlen < 16) {
-+ /* Use K as temp space as it will be updated */
-+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
-+ if (!fips_drbg_cprng_test(dctx, cctx->K))
-+ return 0;
-+ memcpy(out, cctx->K, outlen);
-+ break;
-+ }
-+ AES_encrypt(cctx->V, out, &cctx->ks);
-+ if (!fips_drbg_cprng_test(dctx, out))
-+ return 0;
-+ out += 16;
-+ outlen -= 16;
-+ if (outlen == 0)
-+ break;
-+ }
-+
-+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
-+
-+ return 1;
-+
-+}
-+
-+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
-+{
-+ memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
-+ return 1;
-+}
-+
-+int fips_drbg_ctr_init(DRBG_CTX *dctx)
-+{
-+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-+
-+ size_t keylen;
-+
-+ switch (dctx->type) {
-+ case NID_aes_128_ctr:
-+ keylen = 16;
-+ break;
-+
-+ case NID_aes_192_ctr:
-+ keylen = 24;
-+ break;
-+
-+ case NID_aes_256_ctr:
-+ keylen = 32;
-+ break;
-+
-+ default:
-+ return -2;
-+ }
-+
-+ dctx->instantiate = drbg_ctr_instantiate;
-+ dctx->reseed = drbg_ctr_reseed;
-+ dctx->generate = drbg_ctr_generate;
-+ dctx->uninstantiate = drbg_ctr_uninstantiate;
-+
-+ cctx->keylen = keylen;
-+ dctx->strength = keylen * 8;
-+ dctx->blocklength = 16;
-+ dctx->seedlen = keylen + 16;
-+
-+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
-+ /* df initialisation */
-+ static unsigned char df_key[32] = {
-+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-+ };
-+ /* Set key schedule for df_key */
-+ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
-+
-+ dctx->min_entropy = cctx->keylen;
-+ dctx->max_entropy = DRBG_MAX_LENGTH;
-+ dctx->min_nonce = dctx->min_entropy / 2;
-+ dctx->max_nonce = DRBG_MAX_LENGTH;
-+ dctx->max_pers = DRBG_MAX_LENGTH;
-+ dctx->max_adin = DRBG_MAX_LENGTH;
-+ } else {
-+ dctx->min_entropy = dctx->seedlen;
-+ dctx->max_entropy = dctx->seedlen;
-+ /* Nonce not used */
-+ dctx->min_nonce = 0;
-+ dctx->max_nonce = 0;
-+ dctx->max_pers = dctx->seedlen;
-+ dctx->max_adin = dctx->seedlen;
-+ }
-+
-+ dctx->max_request = 1 << 16;
-+ dctx->reseed_interval = 1 << 24;
-+
-+ return 1;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_hash.c.fips
openssl-1.0.2o/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.2o/crypto/fips/fips_drbg_hash.c.fips 2018-04-05 16:17:11.939265743 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_hash.c 2018-04-05 16:17:11.939265743 +0200
-@@ -0,0 +1,358 @@
-+/* fips/rand/fips_drbg_hash.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+/* This is Hash_df from SP 800-90 10.4.1 */
-+
-+static int hash_df(DRBG_CTX *dctx, unsigned char *out,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *in3, size_t in3len,
-+ const unsigned char *in4, size_t in4len)
-+{
-+ EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
-+ unsigned char *vtmp = dctx->d.hash.vtmp;
-+ unsigned char tmp[6];
-+ /* Standard only ever needs seedlen bytes which is always less than
-+ * maximum permitted so no need to check length.
-+ */
-+ size_t outlen = dctx->seedlen;
-+ tmp[0] = 1;
-+ tmp[1] = ((outlen * 8) >> 24) & 0xff;
-+ tmp[2] = ((outlen * 8) >> 16) & 0xff;
-+ tmp[3] = ((outlen * 8) >> 8) & 0xff;
-+ tmp[4] = (outlen * 8) & 0xff;
-+ if (!in1) {
-+ tmp[5] = (unsigned char)in1len;
-+ in1 = tmp + 5;
-+ in1len = 1;
-+ }
-+ for (;;) {
-+ if (!FIPS_digestinit(mctx, dctx->d.hash.md))
-+ return 0;
-+ if (!FIPS_digestupdate(mctx, tmp, 5))
-+ return 0;
-+ if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
-+ return 0;
-+ if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
-+ return 0;
-+ if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
-+ return 0;
-+ if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
-+ return 0;
-+ if (outlen < dctx->blocklength) {
-+ if (!FIPS_digestfinal(mctx, vtmp, NULL))
-+ return 0;
-+ memcpy(out, vtmp, outlen);
-+ OPENSSL_cleanse(vtmp, dctx->blocklength);
-+ return 1;
-+ } else if (!FIPS_digestfinal(mctx, out, NULL))
-+ return 0;
-+
-+ outlen -= dctx->blocklength;
-+ if (outlen == 0)
-+ return 1;
-+ tmp[0]++;
-+ out += dctx->blocklength;
-+ }
-+}
-+
-+/* Add an unsigned buffer to the buf value, storing the result in buf. For
-+ * this algorithm the length of input never exceeds the seed length.
-+ */
-+
-+static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
-+ unsigned char *in, size_t inlen)
-+{
-+ size_t i = inlen;
-+ const unsigned char *q;
-+ unsigned char c, *p;
-+ p = buf + dctx->seedlen;
-+ q = in + inlen;
-+
-+ OPENSSL_assert(i <= dctx->seedlen);
-+
-+ /* Special case: zero length, just increment buffer */
-+ if (i)
-+ c = 0;
-+ else
-+ c = 1;
-+
-+ while (i) {
-+ int r;
-+ p--;
-+ q--;
-+ r = *p + *q + c;
-+ /* Carry */
-+ if (r > 0xff)
-+ c = 1;
-+ else
-+ c = 0;
-+ *p = r & 0xff;
-+ i--;
-+ }
-+
-+ i = dctx->seedlen - inlen;
-+
-+ /* If not adding whole buffer handle final carries */
-+ if (c && i) {
-+ do {
-+ p--;
-+ c = *p;
-+ c++;
-+ *p = c;
-+ if (c)
-+ return;
-+ } while (i--);
-+ }
-+}
-+
-+/* Finalise and add hash to V */
-+
-+static int ctx_add_md(DRBG_CTX *dctx)
-+{
-+ if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
-+ return 0;
-+ ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
-+ return 1;
-+}
-+
-+static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ if (outlen == 0)
-+ return 1;
-+ memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
-+ for (;;) {
-+ FIPS_digestinit(&hctx->mctx, hctx->md);
-+ FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
-+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) {
-+ FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
-+ dctx->lb_valid = 1;
-+ } else if (outlen < dctx->blocklength) {
-+ FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
-+ if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
-+ return 0;
-+ memcpy(out, hctx->vtmp, outlen);
-+ return 1;
-+ } else {
-+ FIPS_digestfinal(&hctx->mctx, out, NULL);
-+ if (!fips_drbg_cprng_test(dctx, out))
-+ return 0;
-+ outlen -= dctx->blocklength;
-+ if (outlen == 0)
-+ return 1;
-+ out += dctx->blocklength;
-+ }
-+ ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
-+ }
-+}
-+
-+static int drbg_hash_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *nonce, size_t nonce_len,
-+ const unsigned char *pstr, size_t pstr_len)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ if (!hash_df(dctx, hctx->V,
-+ ent, ent_len, nonce, nonce_len, pstr, pstr_len, NULL, 0))
-+ return 0;
-+ if (!hash_df(dctx, hctx->C,
-+ NULL, 0, hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
-+ return 0;
-+
-+#ifdef HASH_DRBG_TRACE
-+ fprintf(stderr, "V+C after instantiate:\n");
-+ hexprint(stderr, hctx->V, dctx->seedlen);
-+ hexprint(stderr, hctx->C, dctx->seedlen);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hash_reseed(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ /* V about to be updated so use C as output instead */
-+ if (!hash_df(dctx, hctx->C,
-+ NULL, 1, hctx->V, dctx->seedlen,
-+ ent, ent_len, adin, adin_len))
-+ return 0;
-+ memcpy(hctx->V, hctx->C, dctx->seedlen);
-+ if (!hash_df(dctx, hctx->C, NULL, 0,
-+ hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
-+ return 0;
-+#ifdef HASH_DRBG_TRACE
-+ fprintf(stderr, "V+C after reseed:\n");
-+ hexprint(stderr, hctx->V, dctx->seedlen);
-+ hexprint(stderr, hctx->C, dctx->seedlen);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hash_generate(DRBG_CTX *dctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ EVP_MD_CTX *mctx = &hctx->mctx;
-+ unsigned char tmp[4];
-+ if (adin && adin_len) {
-+ tmp[0] = 2;
-+ if (!FIPS_digestinit(mctx, hctx->md))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, tmp, 1))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, adin, adin_len))
-+ return 0;
-+ if (!ctx_add_md(dctx))
-+ return 0;
-+ }
-+ if (!hash_gen(dctx, out, outlen))
-+ return 0;
-+
-+ tmp[0] = 3;
-+ if (!FIPS_digestinit(mctx, hctx->md))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, tmp, 1))
-+ return 0;
-+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
-+ return 0;
-+
-+ if (!ctx_add_md(dctx))
-+ return 0;
-+
-+ ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
-+
-+ tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
-+ tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
-+ tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
-+ tmp[3] = dctx->reseed_counter & 0xff;
-+ ctx_add_buf(dctx, hctx->V, tmp, 4);
-+#ifdef HASH_DRBG_TRACE
-+ fprintf(stderr, "V+C after generate:\n");
-+ hexprint(stderr, hctx->V, dctx->seedlen);
-+ hexprint(stderr, hctx->C, dctx->seedlen);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
-+{
-+ EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
-+ OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
-+ return 1;
-+}
-+
-+int fips_drbg_hash_init(DRBG_CTX *dctx)
-+{
-+ const EVP_MD *md;
-+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
-+ md = FIPS_get_digestbynid(dctx->type);
-+ if (!md)
-+ return -2;
-+ switch (dctx->type) {
-+ case NID_sha1:
-+ dctx->strength = 128;
-+ break;
-+
-+ case NID_sha224:
-+ dctx->strength = 192;
-+ break;
-+
-+ default:
-+ dctx->strength = 256;
-+ break;
-+ }
-+
-+ dctx->instantiate = drbg_hash_instantiate;
-+ dctx->reseed = drbg_hash_reseed;
-+ dctx->generate = drbg_hash_generate;
-+ dctx->uninstantiate = drbg_hash_uninstantiate;
-+
-+ dctx->d.hash.md = md;
-+ EVP_MD_CTX_init(&hctx->mctx);
-+
-+ /* These are taken from SP 800-90 10.1 table 2 */
-+
-+ dctx->blocklength = M_EVP_MD_size(md);
-+ if (dctx->blocklength > 32)
-+ dctx->seedlen = 111;
-+ else
-+ dctx->seedlen = 55;
-+
-+ dctx->min_entropy = dctx->strength / 8;
-+ dctx->max_entropy = DRBG_MAX_LENGTH;
-+
-+ dctx->min_nonce = dctx->min_entropy / 2;
-+ dctx->max_nonce = DRBG_MAX_LENGTH;
-+
-+ dctx->max_pers = DRBG_MAX_LENGTH;
-+ dctx->max_adin = DRBG_MAX_LENGTH;
-+
-+ dctx->max_request = 1 << 16;
-+ dctx->reseed_interval = 1 << 24;
-+
-+ return 1;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_hmac.c.fips
openssl-1.0.2o/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.2o/crypto/fips/fips_drbg_hmac.c.fips 2018-04-05 16:17:11.939265743 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_hmac.c 2018-04-05 16:17:11.939265743 +0200
-@@ -0,0 +1,270 @@
-+/* fips/rand/fips_drbg_hmac.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/evp.h>
-+#include <openssl/hmac.h>
-+#include <openssl/aes.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+static int drbg_hmac_update(DRBG_CTX *dctx,
-+ const unsigned char *in1, size_t in1len,
-+ const unsigned char *in2, size_t in2len,
-+ const unsigned char *in3, size_t in3len)
-+{
-+ static unsigned char c0 = 0, c1 = 1;
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ HMAC_CTX *hctx = &hmac->hctx;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+ if (!HMAC_Update(hctx, &c0, 1))
-+ return 0;
-+ if (in1len && !HMAC_Update(hctx, in1, in1len))
-+ return 0;
-+ if (in2len && !HMAC_Update(hctx, in2, in2len))
-+ return 0;
-+ if (in3len && !HMAC_Update(hctx, in3, in3len))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->K, NULL))
-+ return 0;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->V, NULL))
-+ return 0;
-+
-+ if (!in1len && !in2len && !in3len)
-+ return 1;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+ if (!HMAC_Update(hctx, &c1, 1))
-+ return 0;
-+ if (in1len && !HMAC_Update(hctx, in1, in1len))
-+ return 0;
-+ if (in2len && !HMAC_Update(hctx, in2, in2len))
-+ return 0;
-+ if (in3len && !HMAC_Update(hctx, in3, in3len))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->K, NULL))
-+ return 0;
-+
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
-+ return 0;
-+
-+ if (!HMAC_Final(hctx, hmac->V, NULL))
-+ return 0;
-+
-+ return 1;
-+
-+}
-+
-+static int drbg_hmac_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *nonce, size_t nonce_len,
-+ const unsigned char *pstr, size_t pstr_len)
-+{
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ memset(hmac->K, 0, dctx->blocklength);
-+ memset(hmac->V, 1, dctx->blocklength);
-+ if (!drbg_hmac_update(dctx,
-+ ent, ent_len, nonce, nonce_len, pstr, pstr_len))
-+ return 0;
-+
-+#ifdef HMAC_DRBG_TRACE
-+ fprintf(stderr, "K+V after instantiate:\n");
-+ hexprint(stderr, hmac->K, hmac->blocklength);
-+ hexprint(stderr, hmac->V, hmac->blocklength);
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hmac_reseed(DRBG_CTX *dctx,
-+ const unsigned char *ent, size_t ent_len,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ if (!drbg_hmac_update(dctx, ent, ent_len, adin, adin_len, NULL, 0))
-+ return 0;
-+
-+#ifdef HMAC_DRBG_TRACE
-+ {
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ fprintf(stderr, "K+V after reseed:\n");
-+ hexprint(stderr, hmac->K, hmac->blocklength);
-+ hexprint(stderr, hmac->V, hmac->blocklength);
-+ }
-+#endif
-+ return 1;
-+}
-+
-+static int drbg_hmac_generate(DRBG_CTX *dctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adin_len)
-+{
-+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
-+ HMAC_CTX *hctx = &hmac->hctx;
-+ const unsigned char *Vtmp = hmac->V;
-+ if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
-+ return 0;
-+ for (;;) {
-+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
-+ return 0;
-+ if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
-+ return 0;
-+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) {
-+ if (!HMAC_Final(hctx, dctx->lb, NULL))
-+ return 0;
-+ dctx->lb_valid = 1;
-+ Vtmp = dctx->lb;
-+ continue;
-+ } else if (outlen > dctx->blocklength) {
-+ if (!HMAC_Final(hctx, out, NULL))
-+ return 0;
-+ if (!fips_drbg_cprng_test(dctx, out))
-+ return 0;
-+ Vtmp = out;
-+ } else {
-+ if (!HMAC_Final(hctx, hmac->V, NULL))
-+ return 0;
-+ if (!fips_drbg_cprng_test(dctx, hmac->V))
-+ return 0;
-+ memcpy(out, hmac->V, outlen);
-+ break;
-+ }
-+ out += dctx->blocklength;
-+ outlen -= dctx->blocklength;
-+ }
-+ if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
-+ return 0;
-+
-+ return 1;
-+}
-+
-+static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
-+{
-+ HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
-+ OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
-+ return 1;
-+}
-+
-+int fips_drbg_hmac_init(DRBG_CTX *dctx)
-+{
-+ const EVP_MD *md = NULL;
-+ DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
-+ dctx->strength = 256;
-+ switch (dctx->type) {
-+ case NID_hmacWithSHA1:
-+ md = EVP_sha1();
-+ dctx->strength = 128;
-+ break;
-+
-+ case NID_hmacWithSHA224:
-+ md = EVP_sha224();
-+ dctx->strength = 192;
-+ break;
-+
-+ case NID_hmacWithSHA256:
-+ md = EVP_sha256();
-+ break;
-+
-+ case NID_hmacWithSHA384:
-+ md = EVP_sha384();
-+ break;
-+
-+ case NID_hmacWithSHA512:
-+ md = EVP_sha512();
-+ break;
-+
-+ default:
-+ dctx->strength = 0;
-+ return -2;
-+ }
-+ dctx->instantiate = drbg_hmac_instantiate;
-+ dctx->reseed = drbg_hmac_reseed;
-+ dctx->generate = drbg_hmac_generate;
-+ dctx->uninstantiate = drbg_hmac_uninstantiate;
-+ HMAC_CTX_init(&hctx->hctx);
-+ hctx->md = md;
-+ dctx->blocklength = M_EVP_MD_size(md);
-+ dctx->seedlen = M_EVP_MD_size(md);
-+
-+ dctx->min_entropy = dctx->strength / 8;
-+ dctx->max_entropy = DRBG_MAX_LENGTH;
-+
-+ dctx->min_nonce = dctx->min_entropy / 2;
-+ dctx->max_nonce = DRBG_MAX_LENGTH;
-+
-+ dctx->max_pers = DRBG_MAX_LENGTH;
-+ dctx->max_adin = DRBG_MAX_LENGTH;
-+
-+ dctx->max_request = 1 << 16;
-+ dctx->reseed_interval = 1 << 24;
-+
-+ return 1;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_lib.c.fips
openssl-1.0.2o/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.2o/crypto/fips/fips_drbg_lib.c.fips 2018-04-05 16:17:11.939265743 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_lib.c 2018-04-05 16:17:11.939265743 +0200
-@@ -0,0 +1,553 @@
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_locl.h"
-+#include "fips_rand_lcl.h"
-+
-+/* Support framework for SP800-90 DRBGs */
-+
-+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
-+{
-+ int rv;
-+ memset(dctx, 0, sizeof(DRBG_CTX));
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ dctx->xflags = flags;
-+ dctx->type = type;
-+
-+ dctx->iflags = 0;
-+ dctx->entropy_blocklen = 0;
-+ dctx->health_check_cnt = 0;
-+ dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
-+
-+ rv = fips_drbg_hash_init(dctx);
-+
-+ if (rv == -2)
-+ rv = fips_drbg_ctr_init(dctx);
-+ if (rv == -2)
-+ rv = fips_drbg_hmac_init(dctx);
-+
-+ if (rv <= 0) {
-+ if (rv == -2)
-+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
-+ else
-+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
-+ }
-+
-+ /* If not in test mode run selftests on DRBG of the same type */
-+
-+ if (!(dctx->xflags & DRBG_FLAG_TEST)) {
-+ if (!FIPS_drbg_health_check(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
-+ return 0;
-+ }
-+ }
-+
-+ return rv;
-+}
-+
-+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
-+{
-+ DRBG_CTX *dctx;
-+ dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
-+ if (!dctx) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
-+ if (type == 0) {
-+ memset(dctx, 0, sizeof(DRBG_CTX));
-+ dctx->type = 0;
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ return dctx;
-+ }
-+
-+ if (FIPS_drbg_init(dctx, type, flags) <= 0) {
-+ OPENSSL_free(dctx);
-+ return NULL;
-+ }
-+
-+ return dctx;
-+}
-+
-+void FIPS_drbg_free(DRBG_CTX *dctx)
-+{
-+ if (dctx->uninstantiate)
-+ dctx->uninstantiate(dctx);
-+ /* Don't free up default DRBG */
-+ if (dctx == FIPS_get_default_drbg()) {
-+ memset(dctx, 0, sizeof(DRBG_CTX));
-+ dctx->type = 0;
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ } else {
-+ OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
-+ OPENSSL_free(dctx);
-+ }
-+}
-+
-+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len)
-+{
-+ unsigned char *tout, *p;
-+ size_t bl = dctx->entropy_blocklen, rv;
-+ if (!dctx->get_entropy)
-+ return 0;
-+ if (dctx->xflags & DRBG_FLAG_TEST || !bl)
-+ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
-+ rv = dctx->get_entropy(dctx, &tout, entropy + bl,
-+ min_len + bl, max_len + bl);
-+ if (tout == NULL)
-+ return 0;
-+ *pout = tout + bl;
-+ if (rv < (min_len + bl) || (rv % bl))
-+ return 0;
-+ /* Compare consecutive blocks for continuous PRNG test */
-+ for (p = tout; p < tout + rv - bl; p += bl) {
-+ if (!memcmp(p, p + bl, bl)) {
-+ FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
-+ return 0;
-+ }
-+ }
-+ rv -= bl;
-+ if (rv > max_len)
-+ return max_len;
-+ return rv;
-+}
-+
-+static void fips_cleanup_entropy(DRBG_CTX *dctx,
-+ unsigned char *out, size_t olen)
-+{
-+ size_t bl;
-+ if (dctx->xflags & DRBG_FLAG_TEST)
-+ bl = 0;
-+ else
-+ bl = dctx->entropy_blocklen;
-+ /* Call cleanup with original arguments */
-+ dctx->cleanup_entropy(dctx, out - bl, olen + bl);
-+}
-+
-+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *pers, size_t perslen)
-+{
-+ size_t entlen = 0, noncelen = 0;
-+ unsigned char *nonce = NULL, *entropy = NULL;
-+
-+#if 0
-+ /* Put here so error script picks them up */
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
-+ FIPS_R_PERSONALISATION_STRING_TOO_LONG);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
-+#endif
-+
-+ int r = 0;
-+
-+ if (perslen > dctx->max_pers) {
-+ r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
-+ goto end;
-+ }
-+
-+ if (!dctx->instantiate) {
-+ r = FIPS_R_DRBG_NOT_INITIALISED;
-+ goto end;
-+ }
-+
-+ if (dctx->status != DRBG_STATUS_UNINITIALISED) {
-+ if (dctx->status == DRBG_STATUS_ERROR)
-+ r = FIPS_R_IN_ERROR_STATE;
-+ else
-+ r = FIPS_R_ALREADY_INSTANTIATED;
-+ goto end;
-+ }
-+
-+ dctx->status = DRBG_STATUS_ERROR;
-+
-+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
-+ dctx->min_entropy, dctx->max_entropy);
-+
-+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
-+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
-+ goto end;
-+ }
-+
-+ if (dctx->max_nonce > 0 && dctx->get_nonce) {
-+ noncelen = dctx->get_nonce(dctx, &nonce,
-+ dctx->strength / 2,
-+ dctx->min_nonce, dctx->max_nonce);
-+
-+ if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) {
-+ r = FIPS_R_ERROR_RETRIEVING_NONCE;
-+ goto end;
-+ }
-+
-+ }
-+
-+ if (!dctx->instantiate(dctx,
-+ entropy, entlen, nonce, noncelen, pers, perslen)) {
-+ r = FIPS_R_ERROR_INSTANTIATING_DRBG;
-+ goto end;
-+ }
-+
-+ dctx->status = DRBG_STATUS_READY;
-+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
-+ dctx->reseed_counter = 1;
-+
-+ end:
-+
-+ if (entropy && dctx->cleanup_entropy)
-+ fips_cleanup_entropy(dctx, entropy, entlen);
-+
-+ if (nonce && dctx->cleanup_nonce)
-+ dctx->cleanup_nonce(dctx, nonce, noncelen);
-+
-+ if (dctx->status == DRBG_STATUS_READY)
-+ return 1;
-+
-+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
-+
-+ return 0;
-+
-+}
-+
-+static int drbg_reseed(DRBG_CTX *dctx,
-+ const unsigned char *adin, size_t adinlen, int hcheck)
-+{
-+ unsigned char *entropy = NULL;
-+ size_t entlen = 0;
-+ int r = 0;
-+
-+#if 0
-+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
-+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
-+#endif
-+ if (dctx->status != DRBG_STATUS_READY
-+ && dctx->status != DRBG_STATUS_RESEED) {
-+ if (dctx->status == DRBG_STATUS_ERROR)
-+ r = FIPS_R_IN_ERROR_STATE;
-+ else if (dctx->status == DRBG_STATUS_UNINITIALISED)
-+ r = FIPS_R_NOT_INSTANTIATED;
-+ goto end;
-+ }
-+
-+ if (!adin)
-+ adinlen = 0;
-+ else if (adinlen > dctx->max_adin) {
-+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
-+ goto end;
-+ }
-+
-+ dctx->status = DRBG_STATUS_ERROR;
-+ /* Peform health check on all reseed operations if not a prediction
-+ * resistance request and not in test mode.
-+ */
-+ if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST)) {
-+ if (!FIPS_drbg_health_check(dctx)) {
-+ r = FIPS_R_SELFTEST_FAILURE;
-+ goto end;
-+ }
-+ }
-+
-+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
-+ dctx->min_entropy, dctx->max_entropy);
-+
-+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
-+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
-+ goto end;
-+ }
-+
-+ if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
-+ goto end;
-+
-+ dctx->status = DRBG_STATUS_READY;
-+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
-+ dctx->reseed_counter = 1;
-+ end:
-+
-+ if (entropy && dctx->cleanup_entropy)
-+ fips_cleanup_entropy(dctx, entropy, entlen);
-+
-+ if (dctx->status == DRBG_STATUS_READY)
-+ return 1;
-+
-+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_DRBG_RESEED, r);
-+
-+ return 0;
-+}
-+
-+int FIPS_drbg_reseed(DRBG_CTX *dctx,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ return drbg_reseed(dctx, adin, adinlen, 1);
-+}
-+
-+static int fips_drbg_check(DRBG_CTX *dctx)
-+{
-+ if (dctx->xflags & DRBG_FLAG_TEST)
-+ return 1;
-+ dctx->health_check_cnt++;
-+ if (dctx->health_check_cnt >= dctx->health_check_interval) {
-+ if (!FIPS_drbg_health_check(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+
-+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-+ int prediction_resistance,
-+ const unsigned char *adin, size_t adinlen)
-+{
-+ int r = 0;
-+
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if (!fips_drbg_check(dctx))
-+ return 0;
-+
-+ if (dctx->status != DRBG_STATUS_READY
-+ && dctx->status != DRBG_STATUS_RESEED) {
-+ if (dctx->status == DRBG_STATUS_ERROR)
-+ r = FIPS_R_IN_ERROR_STATE;
-+ else if (dctx->status == DRBG_STATUS_UNINITIALISED)
-+ r = FIPS_R_NOT_INSTANTIATED;
-+ goto end;
-+ }
-+
-+ if (outlen > dctx->max_request) {
-+ r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
-+ return 0;
-+ }
-+
-+ if (adinlen > dctx->max_adin) {
-+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
-+ goto end;
-+ }
-+
-+ if (dctx->iflags & DRBG_CUSTOM_RESEED)
-+ dctx->generate(dctx, NULL, outlen, NULL, 0);
-+ else if (dctx->reseed_counter >= dctx->reseed_interval)
-+ dctx->status = DRBG_STATUS_RESEED;
-+
-+ if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) {
-+ /* If prediction resistance request don't do health check */
-+ int hcheck = prediction_resistance ? 0 : 1;
-+
-+ if (!drbg_reseed(dctx, adin, adinlen, hcheck)) {
-+ r = FIPS_R_RESEED_ERROR;
-+ goto end;
-+ }
-+ adin = NULL;
-+ adinlen = 0;
-+ }
-+
-+ if (!dctx->generate(dctx, out, outlen, adin, adinlen)) {
-+ r = FIPS_R_GENERATE_ERROR;
-+ dctx->status = DRBG_STATUS_ERROR;
-+ goto end;
-+ }
-+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) {
-+ if (dctx->reseed_counter >= dctx->reseed_interval)
-+ dctx->status = DRBG_STATUS_RESEED;
-+ else
-+ dctx->reseed_counter++;
-+ }
-+
-+ end:
-+ if (r) {
-+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
-+{
-+ int rv;
-+ if (!dctx->uninstantiate)
-+ rv = 1;
-+ else
-+ rv = dctx->uninstantiate(dctx);
-+ /* Although we'd like to cleanse here we can't because we have to
-+ * test the uninstantiate really zeroes the data.
-+ */
-+ memset(&dctx->d, 0, sizeof(dctx->d));
-+ dctx->status = DRBG_STATUS_UNINITIALISED;
-+ /* If method has problems uninstantiating, return error */
-+ return rv;
-+}
-+
-+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_entropy) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy,
-+ size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_entropy) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ size_t entropy_blocklen,
-+ size_t (*get_nonce) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy, size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_nonce) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen))
-+{
-+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
-+ return 0;
-+ dctx->entropy_blocklen = entropy_blocklen;
-+ dctx->get_entropy = get_entropy;
-+ dctx->cleanup_entropy = cleanup_entropy;
-+ dctx->get_nonce = get_nonce;
-+ dctx->cleanup_nonce = cleanup_nonce;
-+ return 1;
-+}
-+
-+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_adin) (DRBG_CTX *ctx,
-+ unsigned char **pout),
-+ void (*cleanup_adin) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ int (*rand_seed_cb) (DRBG_CTX *ctx,
-+ const void *buf,
-+ int num),
-+ int (*rand_add_cb) (DRBG_CTX *ctx,
-+ const void *buf, int num,
-+ double entropy))
-+{
-+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
-+ return 0;
-+ dctx->get_adin = get_adin;
-+ dctx->cleanup_adin = cleanup_adin;
-+ dctx->rand_seed_cb = rand_seed_cb;
-+ dctx->rand_add_cb = rand_add_cb;
-+ return 1;
-+}
-+
-+void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
-+{
-+ return dctx->app_data;
-+}
-+
-+void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
-+{
-+ dctx->app_data = app_data;
-+}
-+
-+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
-+{
-+ return dctx->blocklength;
-+}
-+
-+int FIPS_drbg_get_strength(DRBG_CTX *dctx)
-+{
-+ return dctx->strength;
-+}
-+
-+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
-+{
-+ dctx->health_check_interval = interval;
-+}
-+
-+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
-+{
-+ dctx->reseed_interval = interval;
-+}
-+
-+static int drbg_stick = 0;
-+
-+void FIPS_drbg_stick(int onoff)
-+{
-+ drbg_stick = onoff;
-+}
-+
-+/* Continuous DRBG utility function */
-+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
-+{
-+ /* No CPRNG in test mode */
-+ if (dctx->xflags & DRBG_FLAG_TEST)
-+ return 1;
-+ /* Check block is valid: should never happen */
-+ if (dctx->lb_valid == 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
-+ fips_set_selftest_fail();
-+ return 0;
-+ }
-+ if (drbg_stick)
-+ memcpy(dctx->lb, out, dctx->blocklength);
-+ /* Check against last block: fail if match */
-+ if (!memcmp(dctx->lb, out, dctx->blocklength)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
-+ fips_set_selftest_fail();
-+ return 0;
-+ }
-+ /* Save last block for next comparison */
-+ memcpy(dctx->lb, out, dctx->blocklength);
-+ return 1;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_rand.c.fips
openssl-1.0.2o/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.2o/crypto/fips/fips_drbg_rand.c.fips 2018-04-05 16:17:11.939265743 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_rand.c 2018-04-05 16:17:11.939265743 +0200
-@@ -0,0 +1,164 @@
-+/* fips/rand/fips_drbg_rand.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+
-+/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
-+
-+/* Since we only have one global PRNG used at any time in OpenSSL use a global
-+ * variable to store context.
-+ */
-+
-+static DRBG_CTX ossl_dctx;
-+
-+DRBG_CTX *FIPS_get_default_drbg(void)
-+{
-+ return &ossl_dctx;
-+}
-+
-+static int fips_drbg_bytes(unsigned char *out, int count)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ int rv = 0;
-+ unsigned char *adin = NULL;
-+ size_t adinlen = 0;
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ do {
-+ size_t rcnt;
-+ if (count > (int)dctx->max_request)
-+ rcnt = dctx->max_request;
-+ else
-+ rcnt = count;
-+ if (dctx->get_adin) {
-+ adinlen = dctx->get_adin(dctx, &adin);
-+ if (adinlen && !adin) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_BYTES,
-+ FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
-+ goto err;
-+ }
-+ }
-+ rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
-+ if (adin) {
-+ if (dctx->cleanup_adin)
-+ dctx->cleanup_adin(dctx, adin, adinlen);
-+ adin = NULL;
-+ }
-+ if (!rv)
-+ goto err;
-+ out += rcnt;
-+ count -= rcnt;
-+ }
-+ while (count);
-+ rv = 1;
-+ err:
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ return rv;
-+}
-+
-+static int fips_drbg_pseudo(unsigned char *out, int count)
-+{
-+ if (fips_drbg_bytes(out, count) <= 0)
-+ return -1;
-+ return 1;
-+}
-+
-+static int fips_drbg_status(void)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ int rv;
-+ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
-+ return rv;
-+}
-+
-+static void fips_drbg_cleanup(void)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ FIPS_drbg_uninstantiate(dctx);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+}
-+
-+static int fips_drbg_seed(const void *seed, int seedlen)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ if (dctx->rand_seed_cb)
-+ return dctx->rand_seed_cb(dctx, seed, seedlen);
-+ return 1;
-+}
-+
-+static int fips_drbg_add(const void *seed, int seedlen, double add_entropy)
-+{
-+ DRBG_CTX *dctx = &ossl_dctx;
-+ if (dctx->rand_add_cb)
-+ return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
-+ return 1;
-+}
-+
-+static const RAND_METHOD rand_drbg_meth = {
-+ fips_drbg_seed,
-+ fips_drbg_bytes,
-+ fips_drbg_cleanup,
-+ fips_drbg_add,
-+ fips_drbg_pseudo,
-+ fips_drbg_status
-+};
-+
-+const RAND_METHOD *FIPS_drbg_method(void)
-+{
-+ return &rand_drbg_meth;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_drbg_selftest.c.fips 2018-04-05 16:17:11.940265766
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_selftest.c 2018-04-05 16:17:11.940265766 +0200
-@@ -0,0 +1,827 @@
-+/* fips/rand/fips_drbg_selftest.c */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_rand_lcl.h"
-+#include "fips_locl.h"
-+
-+#include "fips_drbg_selftest.h"
-+
-+typedef struct {
-+ int post;
-+ int nid;
-+ unsigned int flags;
-+
-+ /* KAT data for no PR */
-+ const unsigned char *ent;
-+ size_t entlen;
-+ const unsigned char *nonce;
-+ size_t noncelen;
-+ const unsigned char *pers;
-+ size_t perslen;
-+ const unsigned char *adin;
-+ size_t adinlen;
-+ const unsigned char *entreseed;
-+ size_t entreseedlen;
-+ const unsigned char *adinreseed;
-+ size_t adinreseedlen;
-+ const unsigned char *adin2;
-+ size_t adin2len;
-+ const unsigned char *kat;
-+ size_t katlen;
-+ const unsigned char *kat2;
-+ size_t kat2len;
-+
-+ /* KAT data for PR */
-+ const unsigned char *ent_pr;
-+ size_t entlen_pr;
-+ const unsigned char *nonce_pr;
-+ size_t noncelen_pr;
-+ const unsigned char *pers_pr;
-+ size_t perslen_pr;
-+ const unsigned char *adin_pr;
-+ size_t adinlen_pr;
-+ const unsigned char *entpr_pr;
-+ size_t entprlen_pr;
-+ const unsigned char *ading_pr;
-+ size_t adinglen_pr;
-+ const unsigned char *entg_pr;
-+ size_t entglen_pr;
-+ const unsigned char *kat_pr;
-+ size_t katlen_pr;
-+ const unsigned char *kat2_pr;
-+ size_t kat2len_pr;
-+
-+} DRBG_SELFTEST_DATA;
-+
-+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
-+ pr##_entropyinput, sizeof(pr##_entropyinput), \
-+ pr##_nonce, sizeof(pr##_nonce), \
-+ pr##_personalizationstring, sizeof(pr##_personalizationstring), \
-+ pr##_additionalinput, sizeof(pr##_additionalinput), \
-+ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
-+ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
-+ pr##_additionalinput2, sizeof(pr##_additionalinput2), \
-+ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
-+ pr##_returnedbits, sizeof(pr##_returnedbits), \
-+ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
-+ pr##_pr_nonce, sizeof(pr##_pr_nonce), \
-+ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
-+ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
-+ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
-+ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
-+ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
-+ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
-+ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
-+ }
-+
-+#define make_drbg_test_data_df(nid, pr, p) \
-+ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
-+
-+#define make_drbg_test_data_ec(curve, md, pr, p) \
-+ make_drbg_test_data((curve << 16) | md , 0, pr, p)
-+
-+static DRBG_SELFTEST_DATA drbg_test[] = {
-+ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
-+ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
-+ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
-+ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
-+ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
-+ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
-+ make_drbg_test_data(NID_sha1, 0, sha1, 0),
-+ make_drbg_test_data(NID_sha224, 0, sha224, 0),
-+ make_drbg_test_data(NID_sha256, 0, sha256, 1),
-+ make_drbg_test_data(NID_sha384, 0, sha384, 0),
-+ make_drbg_test_data(NID_sha512, 0, sha512, 0),
-+ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
-+ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
-+ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
-+ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
-+ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
-+ {0, 0, 0}
-+};
-+
-+typedef struct {
-+ const unsigned char *ent;
-+ size_t entlen;
-+ int entcnt;
-+ const unsigned char *nonce;
-+ size_t noncelen;
-+ int noncecnt;
-+} TEST_ENT;
-+
-+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len)
-+{
-+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
-+ *pout = (unsigned char *)t->ent;
-+ t->entcnt++;
-+ return t->entlen;
-+}
-+
-+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len)
-+{
-+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
-+ *pout = (unsigned char *)t->nonce;
-+ t->noncecnt++;
-+ return t->noncelen;
-+}
-+
-+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td,
-+ int quick)
-+{
-+ TEST_ENT t;
-+ int rv = 0;
-+ size_t adinlen;
-+ unsigned char randout[1024];
-+
-+ /* Initial test without PR */
-+
-+ /* Instantiate DRBG with test entropy, nonce and personalisation
-+ * string.
-+ */
-+
-+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
-+ return 0;
-+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
-+ return 0;
-+
-+ FIPS_drbg_set_app_data(dctx, &t);
-+
-+ t.ent = td->ent;
-+ t.entlen = td->entlen;
-+ t.nonce = td->nonce;
-+ t.noncelen = td->noncelen;
-+ t.entcnt = 0;
-+ t.noncecnt = 0;
-+
-+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
-+ goto err;
-+
-+ /* Note for CTR without DF some additional input values
-+ * ignore bytes after the keylength: so reduce adinlen
-+ * to half to ensure invalid data is fed in.
-+ */
-+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
-+ adinlen = td->adinlen / 2;
-+ else
-+ adinlen = td->adinlen;
-+
-+ /* Generate with no PR and verify output matches expected data */
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, td->adin, adinlen))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat, td->katlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
-+ goto err2;
-+ }
-+ /* If abbreviated POST end of test */
-+ if (quick) {
-+ rv = 1;
-+ goto err;
-+ }
-+ /* Reseed DRBG with test entropy and additional input */
-+ t.ent = td->entreseed;
-+ t.entlen = td->entreseedlen;
-+
-+ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
-+ goto err;
-+
-+ /* Generate with no PR and verify output matches expected data */
-+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
-+ td->adin2, td->adin2len))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat2, td->kat2len)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
-+ goto err2;
-+ }
-+
-+ FIPS_drbg_uninstantiate(dctx);
-+
-+ /* Now test with PR */
-+
-+ /* Instantiate DRBG with test entropy, nonce and personalisation
-+ * string.
-+ */
-+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
-+ return 0;
-+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
-+ return 0;
-+
-+ FIPS_drbg_set_app_data(dctx, &t);
-+
-+ t.ent = td->ent_pr;
-+ t.entlen = td->entlen_pr;
-+ t.nonce = td->nonce_pr;
-+ t.noncelen = td->noncelen_pr;
-+ t.entcnt = 0;
-+ t.noncecnt = 0;
-+
-+ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
-+ goto err;
-+
-+ /* Now generate with PR: we need to supply entropy as this will
-+ * perform a reseed operation. Check output matches expected value.
-+ */
-+
-+ t.ent = td->entpr_pr;
-+ t.entlen = td->entprlen_pr;
-+
-+ /* Note for CTR without DF some additional input values
-+ * ignore bytes after the keylength: so reduce adinlen
-+ * to half to ensure invalid data is fed in.
-+ */
-+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
-+ adinlen = td->adinlen_pr / 2;
-+ else
-+ adinlen = td->adinlen_pr;
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
-+ td->adin_pr, adinlen))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat_pr, td->katlen_pr)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
-+ goto err2;
-+ }
-+
-+ /* Now generate again with PR: supply new entropy again.
-+ * Check output matches expected value.
-+ */
-+
-+ t.ent = td->entg_pr;
-+ t.entlen = td->entglen_pr;
-+
-+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
-+ td->ading_pr, td->adinglen_pr))
-+ goto err;
-+
-+ if (memcmp(randout, td->kat2_pr, td->kat2len_pr)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
-+ goto err2;
-+ }
-+ /* All OK, test complete */
-+ rv = 1;
-+
-+ err:
-+ if (rv == 0)
-+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
-+ err2:
-+ FIPS_drbg_uninstantiate(dctx);
-+
-+ return rv;
-+
-+}
-+
-+/* Initialise a DRBG based on selftest data */
-+
-+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, TEST_ENT * t)
-+{
-+
-+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
-+ return 0;
-+
-+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
-+ return 0;
-+
-+ FIPS_drbg_set_app_data(dctx, t);
-+
-+ t->ent = td->ent;
-+ t->entlen = td->entlen;
-+ t->nonce = td->nonce;
-+ t->noncelen = td->noncelen;
-+ t->entcnt = 0;
-+ t->noncecnt = 0;
-+ return 1;
-+}
-+
-+/* Initialise and instantiate DRBG based on selftest data */
-+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td,
-+ TEST_ENT * t)
-+{
-+ if (!do_drbg_init(dctx, td, t))
-+ return 0;
-+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
-+ return 0;
-+
-+ return 1;
-+}
-+
-+/* This function performs extensive error checking as required by SP800-90.
-+ * Induce several failure modes and check an error condition is set.
-+ * This function along with fips_drbg_single_kat peforms the health checking
-+ * operation.
-+ */
-+
-+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td)
-+{
-+ unsigned char randout[1024];
-+ TEST_ENT t;
-+ size_t i;
-+ unsigned int reseed_counter_tmp;
-+ unsigned char *p = (unsigned char *)dctx;
-+
-+ /* Initialise DRBG */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ /* Don't report induced errors */
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ /* Personalisation string tests */
-+
-+ /* Test detection of too large personlisation string */
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Entropy source tests */
-+
-+ /* Test entropy source failure detecion: i.e. returns no data */
-+
-+ t.entlen = 0;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Try to generate output from uninstantiated DRBG */
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_GENERATE_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ /* Test insufficient entropy */
-+
-+ t.entlen = dctx->min_entropy - 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Test too much entropy */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.entlen = dctx->max_entropy + 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Nonce tests */
-+
-+ /* Test too small nonce */
-+
-+ if (dctx->min_nonce) {
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.noncelen = dctx->min_nonce - 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_NONCE_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ }
-+
-+ /* Test too large nonce */
-+
-+ if (dctx->max_nonce) {
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.noncelen = dctx->max_nonce + 1;
-+
-+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_NONCE_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ }
-+
-+ /* Instantiate with valid data. */
-+ if (!do_drbg_instantiate(dctx, td, &t))
-+ goto err;
-+
-+ /* Check generation is now OK */
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ /* Request too much data for one request */
-+ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Try too large additional input */
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, dctx->max_adin + 1)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Check prediction resistance request fails if entropy source
-+ * failure.
-+ */
-+
-+ t.entlen = 0;
-+
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Instantiate again with valid data */
-+
-+ if (!do_drbg_instantiate(dctx, td, &t))
-+ goto err;
-+ /* Test reseed counter works */
-+ /* Save initial reseed counter */
-+ reseed_counter_tmp = dctx->reseed_counter;
-+ /* Set reseed counter to beyond interval */
-+ dctx->reseed_counter = dctx->reseed_interval;
-+
-+ /* Generate output and check entropy has been requested for reseed */
-+ t.entcnt = 0;
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen))
-+ goto err;
-+ if (t.entcnt != 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
-+ goto err;
-+ }
-+ /* Check reseed counter has been reset */
-+ if (dctx->reseed_counter != reseed_counter_tmp + 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Check prediction resistance request fails if entropy source
-+ * failure.
-+ */
-+
-+ t.entlen = 0;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
-+ td->adin, td->adinlen)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ if (!do_drbg_instantiate(dctx, td, &t))
-+ goto err;
-+ /* Test reseed counter works */
-+ /* Save initial reseed counter */
-+ reseed_counter_tmp = dctx->reseed_counter;
-+ /* Set reseed counter to beyond interval */
-+ dctx->reseed_counter = dctx->reseed_interval;
-+
-+ /* Generate output and check entropy has been requested for reseed */
-+ t.entcnt = 0;
-+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
-+ td->adin, td->adinlen))
-+ goto err;
-+ if (t.entcnt != 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
-+ goto err;
-+ }
-+ /* Check reseed counter has been reset */
-+ if (dctx->reseed_counter != reseed_counter_tmp + 1) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
-+ goto err;
-+ }
-+
-+ dctx->iflags &= ~DRBG_FLAG_NOERR;
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Explicit reseed tests */
-+
-+ /* Test explicit reseed with too large additional input */
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ /* Test explicit reseed with entropy source failure */
-+
-+ t.entlen = 0;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Test explicit reseed with too much entropy */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.entlen = dctx->max_entropy + 1;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ /* Test explicit reseed with too little entropy */
-+
-+ if (!do_drbg_init(dctx, td, &t))
-+ goto err;
-+
-+ dctx->iflags |= DRBG_FLAG_NOERR;
-+
-+ t.entlen = dctx->min_entropy - 1;
-+
-+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_ENTROPY_ERROR_UNDETECTED);
-+ goto err;
-+ }
-+
-+ if (!FIPS_drbg_uninstantiate(dctx)) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
-+ goto err;
-+ }
-+
-+ p = (unsigned char *)&dctx->d;
-+ /* Standard says we have to check uninstantiate really zeroes
-+ * the data...
-+ */
-+ for (i = 0; i < sizeof(dctx->d); i++) {
-+ if (*p != 0) {
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
-+ FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
-+ goto err;
-+ }
-+ p++;
-+ }
-+
-+ return 1;
-+
-+ err:
-+ /* A real error as opposed to an induced one: underlying function will
-+ * indicate the error.
-+ */
-+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
-+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
-+ FIPS_drbg_uninstantiate(dctx);
-+ return 0;
-+
-+}
-+
-+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
-+{
-+ DRBG_SELFTEST_DATA *td;
-+ flags |= DRBG_FLAG_TEST;
-+ for (td = drbg_test; td->nid != 0; td++) {
-+ if (td->nid == nid && td->flags == flags) {
-+ if (!fips_drbg_single_kat(dctx, td, 0))
-+ return 0;
-+ return fips_drbg_error_check(dctx, td);
-+ }
-+ }
-+ return 0;
-+}
-+
-+int FIPS_drbg_health_check(DRBG_CTX *dctx)
-+{
-+ int rv;
-+ DRBG_CTX *tctx = NULL;
-+ tctx = FIPS_drbg_new(0, 0);
-+ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
-+ if (!tctx)
-+ return 0;
-+ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
-+ if (tctx)
-+ FIPS_drbg_free(tctx);
-+ if (rv)
-+ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
-+ else
-+ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
-+ if (!rv)
-+ dctx->status = DRBG_STATUS_ERROR;
-+ else
-+ dctx->health_check_cnt = 0;
-+ return rv;
-+}
-+
-+int FIPS_selftest_drbg(void)
-+{
-+ DRBG_CTX *dctx;
-+ DRBG_SELFTEST_DATA *td;
-+ int rv = 1;
-+ dctx = FIPS_drbg_new(0, 0);
-+ if (!dctx)
-+ return 0;
-+ for (td = drbg_test; td->nid != 0; td++) {
-+ if (td->post != 1)
-+ continue;
-+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 1;
-+ if (!fips_drbg_single_kat(dctx, td, 1)) {
-+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
-+ rv = 0;
-+ continue;
-+ }
-+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 0;
-+ }
-+ FIPS_drbg_free(dctx);
-+ return rv;
-+}
-+
-+int FIPS_selftest_drbg_all(void)
-+{
-+ DRBG_CTX *dctx;
-+ DRBG_SELFTEST_DATA *td;
-+ int rv = 1;
-+ dctx = FIPS_drbg_new(0, 0);
-+ if (!dctx)
-+ return 0;
-+ for (td = drbg_test; td->nid != 0; td++) {
-+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 1;
-+ if (!fips_drbg_single_kat(dctx, td, 0)) {
-+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
-+ rv = 0;
-+ continue;
-+ }
-+ if (!fips_drbg_error_check(dctx, td)) {
-+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
-+ rv = 0;
-+ continue;
-+ }
-+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
-+ return 0;
-+ }
-+ FIPS_drbg_free(dctx);
-+ return rv;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_drbg_selftest.h.fips
openssl-1.0.2o/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.2o/crypto/fips/fips_drbg_selftest.h.fips 2018-04-05 16:17:11.940265766
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_drbg_selftest.h 2018-04-05 16:17:11.940265766 +0200
-@@ -0,0 +1,1791 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ *
openssl-core.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+/* Selftest and health check data for the SP800-90 DRBG */
-+
-+#define __fips_constseg
-+
-+/* AES-128 use df PR */
-+__fips_constseg static const unsigned char aes_128_use_df_pr_entropyinput[] = {
-+ 0x61, 0x52, 0x7c, 0xe3, 0x23, 0x7d, 0x0a, 0x07, 0x10, 0x0c, 0x50, 0x33,
-+ 0xc8, 0xdb, 0xff, 0x12
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_pr_nonce[] = {
-+ 0x51, 0x0d, 0x85, 0x77, 0xed, 0x22, 0x97, 0x28
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_personalizationstring[] = {
-+ 0x59, 0x9f, 0xbb, 0xcd, 0xd5, 0x25, 0x69, 0xb5, 0xcb, 0xb5, 0x03, 0xfe,
-+ 0xd7, 0xd7, 0x01, 0x67
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_additionalinput[] = {
-+ 0xef, 0x88, 0x76, 0x01, 0xaf, 0x3c, 0xfe, 0x8b, 0xaf, 0x26, 0x06, 0x9e,
-+ 0x9a, 0x47, 0x08, 0x76
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_entropyinputpr[] = {
-+ 0xe2, 0x76, 0xf9, 0xf6, 0x3a, 0xba, 0x10, 0x9f, 0xbf, 0x47, 0x0e, 0x51,
-+ 0x09, 0xfb, 0xa3, 0xb6
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_int_returnedbits[] = {
-+ 0xd4, 0x98, 0x8a, 0x46, 0x80, 0x4c, 0xdb, 0xa3, 0x59, 0x02, 0x57, 0x52,
-+ 0x66, 0x1c, 0xea, 0x5b
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_additionalinput2[] = {
-+ 0x88, 0x8c, 0x91, 0xd6, 0xbe, 0x56, 0x6e, 0x08, 0x9a, 0x62, 0x2b, 0x11,
-+ 0x3f, 0x5e, 0x31, 0x06
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = {
-+ 0xc0, 0x5c, 0x6b, 0x98, 0x01, 0x0d, 0x58, 0x18, 0x51, 0x18, 0x96, 0xae,
-+ 0xa7, 0xe3, 0xa8, 0x67
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_pr_returnedbits[] = {
-+ 0xcf, 0x01, 0xac, 0x22, 0x31, 0x06, 0x8e, 0xfc, 0xce, 0x56, 0xea, 0x24,
-+ 0x0f, 0x38, 0x43, 0xc6
-+};
-+
-+/* AES-128 use df No PR */
-+__fips_constseg static const unsigned char aes_128_use_df_entropyinput[] = {
-+ 0x1f, 0x8e, 0x34, 0x82, 0x0c, 0xb7, 0xbe, 0xc5, 0x01, 0x3e, 0xd0, 0xa3,
-+ 0x9d, 0x7d, 0x1c, 0x9b
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_nonce[] = {
-+ 0xd5, 0x4d, 0xbd, 0x4a, 0x93, 0x7f, 0xb8, 0x96
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_personalizationstring[] = {
-+ 0xab, 0xd6, 0x3f, 0x04, 0xfe, 0x27, 0x6b, 0x2d, 0xd7, 0xc3, 0x1c, 0xf3,
-+ 0x38, 0x66, 0xba, 0x1b
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_additionalinput[] = {
-+ 0xfe, 0xf4, 0x09, 0xa8, 0xb7, 0x73, 0x27, 0x9c, 0x5f, 0xa7, 0xea, 0x46,
-+ 0xb5, 0xe2, 0xb2, 0x41
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_int_returnedbits[] = {
-+ 0x42, 0xe4, 0x4e, 0x7b, 0x27, 0xdd, 0xcb, 0xbc, 0x0a, 0xcf, 0xa6, 0x67,
-+ 0xe7, 0x57, 0x11, 0xb4
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_entropyinputreseed[] = {
-+ 0x14, 0x26, 0x69, 0xd9, 0xf3, 0x65, 0x03, 0xd6, 0x6b, 0xb9, 0x44, 0x0b,
-+ 0xc7, 0xc4, 0x9e, 0x39
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_use_df_additionalinputreseed[] = {
-+ 0x55, 0x2e, 0x60, 0x9a, 0x05, 0x72, 0x8a, 0xa8, 0xef, 0x22, 0x81, 0x5a,
-+ 0xc8, 0x93, 0xfa, 0x84
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_additionalinput2[] = {
-+ 0x3c, 0x40, 0xc8, 0xc4, 0x16, 0x0c, 0x21, 0xa4, 0x37, 0x2c, 0x8f, 0xa5,
-+ 0x06, 0x0c, 0x15, 0x2c
-+};
-+
-+__fips_constseg static const unsigned char aes_128_use_df_returnedbits[] = {
-+ 0xe1, 0x3e, 0x99, 0x98, 0x86, 0x67, 0x0b, 0x63, 0x7b, 0xbe, 0x3f, 0x88,
-+ 0x46, 0x81, 0xc7, 0x19
-+};
-+
-+/* AES-192 use df PR */
-+__fips_constseg static const unsigned char aes_192_use_df_pr_entropyinput[] = {
-+ 0x2b, 0x4e, 0x8b, 0xe1, 0xf1, 0x34, 0x80, 0x56, 0x81, 0xf9, 0x74, 0xec,
-+ 0x17, 0x44, 0x2a, 0xf1, 0x14, 0xb0, 0xbf, 0x97, 0x39, 0xb7, 0x04, 0x7d
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_pr_nonce[] = {
-+ 0xd6, 0x9d, 0xeb, 0x14, 0x4e, 0x6c, 0x30, 0x1e, 0x39, 0x55, 0x73, 0xd0,
-+ 0xd1, 0x80, 0x78, 0xfa
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_personalizationstring[] = {
-+ 0xfc, 0x43, 0x4a, 0xf8, 0x9a, 0x55, 0xb3, 0x53, 0x83, 0xe2, 0x18, 0x16,
-+ 0x0c, 0xdc, 0xcd, 0x5e, 0x4f, 0xa0, 0x03, 0x01, 0x2b, 0x9f, 0xe4, 0xd5,
-+ 0x7d, 0x49, 0xf0, 0x41, 0x9e, 0x3d, 0x99, 0x04
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_additionalinput[] = {
-+ 0x5e, 0x9f, 0x49, 0x6f, 0x21, 0x8b, 0x1d, 0x32, 0xd5, 0x84, 0x5c, 0xac,
-+ 0xaf, 0xdf, 0xe4, 0x79, 0x9e, 0xaf, 0xa9, 0x82, 0xd0, 0xf8, 0x4f, 0xcb,
-+ 0x69, 0x10, 0x0a, 0x7e, 0x81, 0x57, 0xb5, 0x36
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_entropyinputpr[] = {
-+ 0xd4, 0x81, 0x0c, 0xd7, 0x66, 0x39, 0xec, 0x42, 0x53, 0x87, 0x41, 0xa5,
-+ 0x1e, 0x7d, 0x80, 0x91, 0x8e, 0xbb, 0xed, 0xac, 0x14, 0x02, 0x1a, 0xd5
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_int_returnedbits[] = {
-+ 0xdf, 0x1d, 0x39, 0x45, 0x7c, 0x9b, 0xc6, 0x2b, 0x7d, 0x8c, 0x93, 0xe9,
-+ 0x19, 0x30, 0x6b, 0x67
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_additionalinput2[] = {
-+ 0x00, 0x71, 0x27, 0x4e, 0xd3, 0x14, 0xf1, 0x20, 0x7f, 0x4a, 0x41, 0x32,
-+ 0x2a, 0x97, 0x11, 0x43, 0x8f, 0x4a, 0x15, 0x7b, 0x9b, 0x51, 0x79, 0xda,
-+ 0x49, 0x3d, 0xde, 0xe8, 0xbc, 0x93, 0x91, 0x99
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = {
-+ 0x90, 0xee, 0x76, 0xa1, 0x45, 0x8d, 0xb7, 0x40, 0xb0, 0x11, 0xbf, 0xd0,
-+ 0x65, 0xd7, 0x3c, 0x7c, 0x4f, 0x20, 0x3f, 0x4e, 0x11, 0x9d, 0xb3, 0x5e
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_pr_returnedbits[] = {
-+ 0x24, 0x3b, 0x20, 0xa4, 0x37, 0x66, 0xba, 0x72, 0x39, 0x3f, 0xcf, 0x3c,
-+ 0x7e, 0x1a, 0x2b, 0x83
-+};
-+
-+/* AES-192 use df No PR */
-+__fips_constseg static const unsigned char aes_192_use_df_entropyinput[] = {
-+ 0x8d, 0x74, 0xa4, 0x50, 0x1a, 0x02, 0x68, 0x0c, 0x2a, 0x69, 0xc4, 0x82,
-+ 0x3b, 0xbb, 0xda, 0x0e, 0x7f, 0x77, 0xa3, 0x17, 0x78, 0x57, 0xb2, 0x7b
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_nonce[] = {
-+ 0x75, 0xd5, 0x1f, 0xac, 0xa4, 0x8d, 0x42, 0x78, 0xd7, 0x69, 0x86, 0x9d,
-+ 0x77, 0xd7, 0x41, 0x0e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_personalizationstring[] = {
-+ 0x4e, 0x33, 0x41, 0x3c, 0x9c, 0xc2, 0xd2, 0x53, 0xaf, 0x90, 0xea, 0xcf,
-+ 0x19, 0x50, 0x1e, 0xe6, 0x6f, 0x63, 0xc8, 0x32, 0x22, 0xdc, 0x07, 0x65,
-+ 0x9c, 0xd3, 0xf8, 0x30, 0x9e, 0xed, 0x35, 0x70
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_additionalinput[] = {
-+ 0x5d, 0x8b, 0x8c, 0xc1, 0xdf, 0x0e, 0x02, 0x78, 0xfb, 0x19, 0xb8, 0x69,
-+ 0x78, 0x4e, 0x9c, 0x52, 0xbc, 0xc7, 0x20, 0xc9, 0xe6, 0x5e, 0x77, 0x22,
-+ 0x28, 0x3d, 0x0c, 0x9e, 0x68, 0xa8, 0x45, 0xd7
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_int_returnedbits[] = {
-+ 0xd5, 0xe7, 0x08, 0xc5, 0x19, 0x99, 0xd5, 0x31, 0x03, 0x0a, 0x74, 0xb6,
-+ 0xb7, 0xed, 0xe9, 0xea
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_entropyinputreseed[] = {
-+ 0x9c, 0x26, 0xda, 0xf1, 0xac, 0xd9, 0x5a, 0xd6, 0xa8, 0x65, 0xf5, 0x02,
-+ 0x8f, 0xdc, 0xa2, 0x09, 0x54, 0xa6, 0xe2, 0xa4, 0xde, 0x32, 0xe0, 0x01
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_use_df_additionalinputreseed[] = {
-+ 0x9b, 0x90, 0xb0, 0x3a, 0x0e, 0x3a, 0x80, 0x07, 0x4a, 0xf4, 0xda, 0x76,
-+ 0x28, 0x30, 0x3c, 0xee, 0x54, 0x1b, 0x94, 0x59, 0x51, 0x43, 0x56, 0x77,
-+ 0xaf, 0x88, 0xdd, 0x63, 0x89, 0x47, 0x06, 0x65
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_additionalinput2[] = {
-+ 0x3c, 0x11, 0x64, 0x7a, 0x96, 0xf5, 0xd8, 0xb8, 0xae, 0xd6, 0x70, 0x4e,
-+ 0x16, 0x96, 0xde, 0xe9, 0x62, 0xbc, 0xee, 0x28, 0x2f, 0x26, 0xa6, 0xf0,
-+ 0x56, 0xef, 0xa3, 0xf1, 0x6b, 0xa1, 0xb1, 0x77
-+};
-+
-+__fips_constseg static const unsigned char aes_192_use_df_returnedbits[] = {
-+ 0x0b, 0xe2, 0x56, 0x03, 0x1e, 0xdb, 0x2c, 0x6d, 0x7f, 0x1b, 0x15, 0x58,
-+ 0x1a, 0xf9, 0x13, 0x28
-+};
-+
-+/* AES-256 use df PR */
-+__fips_constseg static const unsigned char aes_256_use_df_pr_entropyinput[] = {
-+ 0x61, 0x68, 0xfc, 0x1a, 0xf0, 0xb5, 0x95, 0x6b, 0x85, 0x09, 0x9b, 0x74,
-+ 0x3f, 0x13, 0x78, 0x49, 0x3b, 0x85, 0xec, 0x93, 0x13, 0x3b, 0xa9, 0x4f,
-+ 0x96, 0xab, 0x2c, 0xe4, 0xc8, 0x8f, 0xdd, 0x6a
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_pr_nonce[] = {
-+ 0xad, 0xd2, 0xbb, 0xba, 0xb7, 0x65, 0x89, 0xc3, 0x21, 0x6c, 0x55, 0x33,
-+ 0x2b, 0x36, 0xff, 0xa4
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_personalizationstring[] = {
-+ 0x6e, 0xca, 0xe7, 0x20, 0x72, 0xd3, 0x84, 0x5a, 0x32, 0xd3, 0x4b, 0x24,
-+ 0x72, 0xc4, 0x63, 0x2b, 0x9d, 0x12, 0x24, 0x0c, 0x23, 0x26, 0x8e, 0x83,
-+ 0x16, 0x37, 0x0b, 0xd1, 0x06, 0x4f, 0x68, 0x6d
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_additionalinput[] = {
-+ 0x7e, 0x08, 0x4a, 0xbb, 0xe3, 0x21, 0x7c, 0xc9, 0x23, 0xd2, 0xf8, 0xb0,
-+ 0x73, 0x98, 0xba, 0x84, 0x74, 0x23, 0xab, 0x06, 0x8a, 0xe2, 0x22, 0xd3,
-+ 0x7b, 0xce, 0x9b, 0xd2, 0x4a, 0x76, 0xb8, 0xde
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_entropyinputpr[] = {
-+ 0x0b, 0x23, 0xaf, 0xdf, 0xf1, 0x62, 0xd7, 0xd3, 0x43, 0x97, 0xf8, 0x77,
-+ 0x04, 0xa8, 0x42, 0x20, 0xbd, 0xf6, 0x0f, 0xc1, 0x17, 0x2f, 0x9f, 0x54,
-+ 0xbb, 0x56, 0x17, 0x86, 0x68, 0x0e, 0xba, 0xa9
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_int_returnedbits[] = {
-+ 0x31, 0x8e, 0xad, 0xaf, 0x40, 0xeb, 0x6b, 0x74, 0x31, 0x46, 0x80, 0xc7,
-+ 0x17, 0xab, 0x3c, 0x7a
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_additionalinput2[] = {
-+ 0x94, 0x6b, 0xc9, 0x9f, 0xab, 0x8d, 0xc5, 0xec, 0x71, 0x88, 0x1d, 0x00,
-+ 0x8c, 0x89, 0x68, 0xe4, 0xc8, 0x07, 0x77, 0x36, 0x17, 0x6d, 0x79, 0x78,
-+ 0xc7, 0x06, 0x4e, 0x99, 0x04, 0x28, 0x29, 0xc3
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = {
-+ 0xbf, 0x6c, 0x59, 0x2a, 0x0d, 0x44, 0x0f, 0xae, 0x9a, 0x5e, 0x03, 0x73,
-+ 0xd8, 0xa6, 0xe1, 0xcf, 0x25, 0x61, 0x38, 0x24, 0x86, 0x9e, 0x53, 0xe8,
-+ 0xa4, 0xdf, 0x56, 0xf4, 0x06, 0x07, 0x9c, 0x0f
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_pr_returnedbits[] = {
-+ 0x22, 0x4a, 0xb4, 0xb8, 0xb6, 0xee, 0x7d, 0xb1, 0x9e, 0xc9, 0xf9, 0xa0,
-+ 0xd9, 0xe2, 0x97, 0x00
-+};
-+
-+/* AES-256 use df No PR */
-+__fips_constseg static const unsigned char aes_256_use_df_entropyinput[] = {
-+ 0xa5, 0x3e, 0x37, 0x10, 0x17, 0x43, 0x91, 0x93, 0x59, 0x1e, 0x47, 0x50,
-+ 0x87, 0xaa, 0xdd, 0xd5, 0xc1, 0xc3, 0x86, 0xcd, 0xca, 0x0d, 0xdb, 0x68,
-+ 0xe0, 0x02, 0xd8, 0x0f, 0xdc, 0x40, 0x1a, 0x47
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_nonce[] = {
-+ 0xa9, 0x4d, 0xa5, 0x5a, 0xfd, 0xc5, 0x0c, 0xe5, 0x1c, 0x9a, 0x3b, 0x8a,
-+ 0x4c, 0x44, 0x84, 0x40
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_personalizationstring[] = {
-+ 0x8b, 0x52, 0xa2, 0x4a, 0x93, 0xc3, 0x4e, 0xa7, 0x1e, 0x1c, 0xa7, 0x05,
-+ 0xeb, 0x82, 0x9b, 0xa6, 0x5d, 0xe4, 0xd4, 0xe0, 0x7f, 0xa3, 0xd8, 0x6b,
-+ 0x37, 0x84, 0x5f, 0xf1, 0xc7, 0xd5, 0xf6, 0xd2
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_additionalinput[] = {
-+ 0x20, 0xf4, 0x22, 0xed, 0xf8, 0x5c, 0xa1, 0x6a, 0x01, 0xcf, 0xbe, 0x5f,
-+ 0x8d, 0x6c, 0x94, 0x7f, 0xae, 0x12, 0xa8, 0x57, 0xdb, 0x2a, 0xa9, 0xbf,
-+ 0xc7, 0xb3, 0x65, 0x81, 0x80, 0x8d, 0x0d, 0x46
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_int_returnedbits[] = {
-+ 0x4e, 0x44, 0xfd, 0xf3, 0x9e, 0x29, 0xa2, 0xb8, 0x0f, 0x5d, 0x6c, 0xe1,
-+ 0x28, 0x0c, 0x3b, 0xc1
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_entropyinputreseed[] = {
-+ 0xdd, 0x40, 0xe5, 0x98, 0x7b, 0x27, 0x16, 0x73, 0x15, 0x68, 0xd2, 0x76,
-+ 0xbf, 0x0c, 0x67, 0x15, 0x75, 0x79, 0x03, 0xd3, 0xde, 0xde, 0x91, 0x46,
-+ 0x42, 0xdd, 0xd4, 0x67, 0xc8, 0x79, 0xc8, 0x1e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_use_df_additionalinputreseed[] = {
-+ 0x7f, 0xd8, 0x1f, 0xbd, 0x2a, 0xb5, 0x1c, 0x11, 0x5d, 0x83, 0x4e, 0x99,
-+ 0xf6, 0x5c, 0xa5, 0x40, 0x20, 0xed, 0x38, 0x8e, 0xd5, 0x9e, 0xe0, 0x75,
-+ 0x93, 0xfe, 0x12, 0x5e, 0x5d, 0x73, 0xfb, 0x75
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_additionalinput2[] = {
-+ 0xcd, 0x2c, 0xff, 0x14, 0x69, 0x3e, 0x4c, 0x9e, 0xfd, 0xfe, 0x26, 0x0d,
-+ 0xe9, 0x86, 0x00, 0x49, 0x30, 0xba, 0xb1, 0xc6, 0x50, 0x57, 0x77, 0x2a,
-+ 0x62, 0x39, 0x2c, 0x3b, 0x74, 0xeb, 0xc9, 0x0d
-+};
-+
-+__fips_constseg static const unsigned char aes_256_use_df_returnedbits[] = {
-+ 0x4f, 0x78, 0xbe, 0xb9, 0x4d, 0x97, 0x8c, 0xe9, 0xd0, 0x97, 0xfe, 0xad,
-+ 0xfa, 0xfd, 0x35, 0x5e
-+};
-+
-+/* AES-128 no df PR */
-+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinput[] = {
-+ 0x9a, 0x25, 0x65, 0x10, 0x67, 0xd5, 0xb6, 0x6b, 0x70, 0xa1, 0xb3, 0xa4,
-+ 0x43, 0x95, 0x80, 0xc0, 0x84, 0x0a, 0x79, 0xb0, 0x88, 0x74, 0xf2, 0xbf,
-+ 0x31, 0x6c, 0x33, 0x38, 0x0b, 0x00, 0xb2, 0x5a
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_pr_nonce[] = {
-+ 0x78, 0x47, 0x6b, 0xf7, 0x90, 0x8e, 0x87, 0xf1
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_personalizationstring[] = {
-+ 0xf7, 0x22, 0x1d, 0x3a, 0xbe, 0x1d, 0xca, 0x32, 0x1b, 0xbd, 0x87, 0x0c,
-+ 0x51, 0x24, 0x19, 0xee, 0xa3, 0x23, 0x09, 0x63, 0x33, 0x3d, 0xa8, 0x0c,
-+ 0x1c, 0xfa, 0x42, 0x89, 0xcc, 0x6f, 0xa0, 0xa8
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_additionalinput[] = {
-+ 0xc9, 0xe0, 0x80, 0xbf, 0x8c, 0x45, 0x58, 0x39, 0xff, 0x00, 0xab, 0x02,
-+ 0x4c, 0x3e, 0x3a, 0x95, 0x9b, 0x80, 0xa8, 0x21, 0x2a, 0xee, 0xba, 0x73,
-+ 0xb1, 0xd9, 0xcf, 0x28, 0xf6, 0x8f, 0x9b, 0x12
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinputpr[] = {
-+ 0x4c, 0xa8, 0xc5, 0xf0, 0x59, 0x9e, 0xa6, 0x8d, 0x26, 0x53, 0xd7, 0x8a,
-+ 0xa9, 0xd8, 0xf7, 0xed, 0xb2, 0xf9, 0x12, 0x42, 0xe1, 0xe5, 0xbd, 0xe7,
-+ 0xe7, 0x1d, 0x74, 0x99, 0x00, 0x9d, 0x31, 0x3e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_int_returnedbits[] = {
-+ 0xe2, 0xac, 0x20, 0xf0, 0x80, 0xe7, 0xbc, 0x7e, 0x9c, 0x7b, 0x65, 0x71,
-+ 0xaf, 0x19, 0x32, 0x16
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_additionalinput2[] = {
-+ 0x32, 0x7f, 0x38, 0x8b, 0x73, 0x0a, 0x78, 0x83, 0xdc, 0x30, 0xbe, 0x9f,
-+ 0x10, 0x1f, 0xf5, 0x1f, 0xca, 0x00, 0xb5, 0x0d, 0xd6, 0x9d, 0x60, 0x83,
-+ 0x51, 0x54, 0x7d, 0x38, 0x23, 0x3a, 0x52, 0x50
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = {
-+ 0x18, 0x61, 0x53, 0x56, 0xed, 0xed, 0xd7, 0x20, 0xfb, 0x71, 0x04, 0x7a,
-+ 0xb2, 0xac, 0xc1, 0x28, 0xcd, 0xf2, 0xc2, 0xfc, 0xaa, 0xb1, 0x06, 0x07,
-+ 0xe9, 0x46, 0x95, 0x02, 0x48, 0x01, 0x78, 0xf9
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_pr_returnedbits[] = {
-+ 0x29, 0xc8, 0x1b, 0x15, 0xb1, 0xd1, 0xc2, 0xf6, 0x71, 0x86, 0x68, 0x33,
-+ 0x57, 0x82, 0x33, 0xaf
-+};
-+
-+/* AES-128 no df No PR */
-+__fips_constseg static const unsigned char aes_128_no_df_entropyinput[] = {
-+ 0xc9, 0xc5, 0x79, 0xbc, 0xe8, 0xc5, 0x19, 0xd8, 0xbc, 0x66, 0x73, 0x67,
-+ 0xf6, 0xd3, 0x72, 0xaa, 0xa6, 0x16, 0xb8, 0x50, 0xb7, 0x47, 0x3a, 0x42,
-+ 0xab, 0xf4, 0x16, 0xb2, 0x96, 0xd2, 0xb6, 0x60
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_nonce[] = {
-+ 0x5f, 0xbf, 0x97, 0x0c, 0x4b, 0xa4, 0x87, 0x13
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_personalizationstring[] = {
-+ 0xce, 0xfb, 0x7b, 0x3f, 0xd4, 0x6b, 0x29, 0x0d, 0x69, 0x06, 0xff, 0xbb,
-+ 0xf2, 0xe5, 0xc6, 0x6c, 0x0a, 0x10, 0xa0, 0xcf, 0x1a, 0x48, 0xc7, 0x8b,
-+ 0x3c, 0x16, 0x88, 0xed, 0x50, 0x13, 0x81, 0xce
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_additionalinput[] = {
-+ 0x4b, 0x22, 0x46, 0x18, 0x02, 0x7b, 0xd2, 0x1b, 0x22, 0x42, 0x7c, 0x37,
-+ 0xd9, 0xf6, 0xe8, 0x9b, 0x12, 0x30, 0x5f, 0xe9, 0x90, 0xe8, 0x08, 0x24,
-+ 0x4f, 0x06, 0x66, 0xdb, 0x19, 0x2b, 0x13, 0x95
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_int_returnedbits[] = {
-+ 0x2e, 0x96, 0x70, 0x64, 0xfa, 0xdf, 0xdf, 0x57, 0xb5, 0x82, 0xee, 0xd6,
-+ 0xed, 0x3e, 0x65, 0xc2
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_entropyinputreseed[] = {
-+ 0x26, 0xc0, 0x72, 0x16, 0x3a, 0x4b, 0xb7, 0x99, 0xd4, 0x07, 0xaf, 0x66,
-+ 0x62, 0x36, 0x96, 0xa4, 0x51, 0x17, 0xfa, 0x07, 0x8b, 0x17, 0x5e, 0xa1,
-+ 0x2f, 0x3c, 0x10, 0xe7, 0x90, 0xd0, 0x46, 0x00
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_128_no_df_additionalinputreseed[] = {
-+ 0x83, 0x39, 0x37, 0x7b, 0x02, 0x06, 0xd2, 0x12, 0x13, 0x8d, 0x8b, 0xf2,
-+ 0xf0, 0xf6, 0x26, 0xeb, 0xa4, 0x22, 0x7b, 0xc2, 0xe7, 0xba, 0x79, 0xe4,
-+ 0x3b, 0x77, 0x5d, 0x4d, 0x47, 0xb2, 0x2d, 0xb4
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_additionalinput2[] = {
-+ 0x0b, 0xb9, 0x67, 0x37, 0xdb, 0x83, 0xdf, 0xca, 0x81, 0x8b, 0xf9, 0x3f,
-+ 0xf1, 0x11, 0x1b, 0x2f, 0xf0, 0x61, 0xa6, 0xdf, 0xba, 0xa3, 0xb1, 0xac,
-+ 0xd3, 0xe6, 0x09, 0xb8, 0x2c, 0x6a, 0x67, 0xd6
-+};
-+
-+__fips_constseg static const unsigned char aes_128_no_df_returnedbits[] = {
-+ 0x1e, 0xa7, 0xa4, 0xe4, 0xe1, 0xa6, 0x7c, 0x69, 0x9a, 0x44, 0x6c, 0x36,
-+ 0x81, 0x37, 0x19, 0xd4
-+};
-+
-+/* AES-192 no df PR */
-+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinput[] = {
-+ 0x9d, 0x2c, 0xd2, 0x55, 0x66, 0xea, 0xe0, 0xbe, 0x18, 0xb7, 0x76, 0xe7,
-+ 0x73, 0x35, 0xd8, 0x1f, 0xad, 0x3a, 0xe3, 0x81, 0x0e, 0x92, 0xd0, 0x61,
-+ 0xc9, 0x12, 0x26, 0xf6, 0x1c, 0xdf, 0xfe, 0x47, 0xaa, 0xfe, 0x7d, 0x5a,
-+ 0x17, 0x1f, 0x8d, 0x9a
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_pr_nonce[] = {
-+ 0x44, 0x82, 0xed, 0xe8, 0x4c, 0x28, 0x5a, 0x14, 0xff, 0x88, 0x8d, 0x19,
-+ 0x61, 0x5c, 0xee, 0x0f
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_personalizationstring[] = {
-+ 0x47, 0xd7, 0x9b, 0x99, 0xaa, 0xcb, 0xe7, 0xd2, 0x57, 0x66, 0x2c, 0xe1,
-+ 0x78, 0xd6, 0x2c, 0xea, 0xa3, 0x23, 0x5f, 0x2a, 0xc1, 0x3a, 0xf0, 0xa4,
-+ 0x20, 0x3b, 0xfa, 0x07, 0xd5, 0x05, 0x02, 0xe4, 0x57, 0x01, 0xb6, 0x10,
-+ 0x57, 0x2e, 0xe7, 0x55
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_additionalinput[] = {
-+ 0x4b, 0x74, 0x0b, 0x40, 0xce, 0x6b, 0xc2, 0x6a, 0x24, 0xb4, 0xf3, 0xad,
-+ 0x7a, 0xa5, 0x7a, 0xa2, 0x15, 0xe2, 0xc8, 0x61, 0x15, 0xc6, 0xb7, 0x85,
-+ 0x69, 0x11, 0xad, 0x7b, 0x14, 0xd2, 0xf6, 0x12, 0xa1, 0x95, 0x5d, 0x3f,
-+ 0xe2, 0xd0, 0x0c, 0x2f
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinputpr[] = {
-+ 0x0c, 0x9c, 0xad, 0x05, 0xee, 0xae, 0x48, 0x23, 0x89, 0x59, 0xa1, 0x94,
-+ 0xd7, 0xd8, 0x75, 0xd5, 0x54, 0x93, 0xc7, 0x4a, 0xd9, 0x26, 0xde, 0xeb,
-+ 0xba, 0xb0, 0x7e, 0x30, 0x1d, 0x5f, 0x69, 0x40, 0x9c, 0x3b, 0x17, 0x58,
-+ 0x1d, 0x30, 0xb3, 0x78
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_int_returnedbits[] = {
-+ 0xf7, 0x93, 0xb0, 0x6d, 0x77, 0x83, 0xd5, 0x38, 0x01, 0xe1, 0x52, 0x40,
-+ 0x7e, 0x3e, 0x0c, 0x26
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_additionalinput2[] = {
-+ 0xbc, 0x4b, 0x37, 0x44, 0x1c, 0xc5, 0x45, 0x5f, 0x8f, 0x51, 0x62, 0x8a,
-+ 0x85, 0x30, 0x1d, 0x7c, 0xe4, 0xcf, 0xf7, 0x44, 0xce, 0x32, 0x3e, 0x57,
-+ 0x95, 0xa4, 0x2a, 0xdf, 0xfd, 0x9e, 0x38, 0x41, 0xb3, 0xf6, 0xc5, 0xee,
-+ 0x0c, 0x4b, 0xee, 0x6e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = {
-+ 0xec, 0xaf, 0xf6, 0x4f, 0xb1, 0xa0, 0x54, 0xb5, 0x5b, 0xe3, 0x46, 0xb0,
-+ 0x76, 0x5a, 0x7c, 0x3f, 0x7b, 0x94, 0x69, 0x21, 0x51, 0x02, 0xe5, 0x9f,
-+ 0x04, 0x59, 0x02, 0x98, 0xc6, 0x43, 0x2c, 0xcc, 0x26, 0x4c, 0x87, 0x6b,
-+ 0x8e, 0x0a, 0x83, 0xdf
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_pr_returnedbits[] = {
-+ 0x74, 0x45, 0xfb, 0x53, 0x84, 0x96, 0xbe, 0xff, 0x15, 0xcc, 0x41, 0x91,
-+ 0xb9, 0xa1, 0x21, 0x68
-+};
-+
-+/* AES-192 no df No PR */
-+__fips_constseg static const unsigned char aes_192_no_df_entropyinput[] = {
-+ 0x3c, 0x7d, 0xb5, 0xe0, 0x54, 0xd9, 0x6e, 0x8c, 0xa9, 0x86, 0xce, 0x4e,
-+ 0x6b, 0xaf, 0xeb, 0x2f, 0xe7, 0x75, 0xe0, 0x8b, 0xa4, 0x3b, 0x07, 0xfe,
-+ 0xbe, 0x33, 0x75, 0x93, 0x80, 0x27, 0xb5, 0x29, 0x47, 0x8b, 0xc7, 0x28,
-+ 0x94, 0xc3, 0x59, 0x63
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_nonce[] = {
-+ 0x43, 0xf1, 0x7d, 0xb8, 0xc3, 0xfe, 0xd0, 0x23, 0x6b, 0xb4, 0x92, 0xdb,
-+ 0x29, 0xfd, 0x45, 0x71
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_personalizationstring[] = {
-+ 0x9f, 0x24, 0x29, 0x99, 0x9e, 0x01, 0xab, 0xe9, 0x19, 0xd8, 0x23, 0x08,
-+ 0xb7, 0xd6, 0x7e, 0x8c, 0xc0, 0x9e, 0x7f, 0x6e, 0x5b, 0x33, 0x20, 0x96,
-+ 0x0b, 0x23, 0x2c, 0xa5, 0x6a, 0xf8, 0x1b, 0x04, 0x26, 0xdb, 0x2e, 0x2b,
-+ 0x3b, 0x88, 0xce, 0x35
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_additionalinput[] = {
-+ 0x94, 0xe9, 0x7c, 0x3d, 0xa7, 0xdb, 0x60, 0x83, 0x1f, 0x98, 0x3f, 0x0b,
-+ 0x88, 0x59, 0x57, 0x51, 0x88, 0x9f, 0x76, 0x49, 0x9f, 0xa6, 0xda, 0x71,
-+ 0x1d, 0x0d, 0x47, 0x16, 0x63, 0xc5, 0x68, 0xe4, 0x5d, 0x39, 0x69, 0xb3,
-+ 0x3e, 0xbe, 0xd4, 0x8e
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_int_returnedbits[] = {
-+ 0xf9, 0xd7, 0xad, 0x69, 0xab, 0x8f, 0x23, 0x56, 0x70, 0x17, 0x4f, 0x2a,
-+ 0x45, 0xe7, 0x4a, 0xc5
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_entropyinputreseed[] = {
-+ 0xa6, 0x71, 0x6a, 0x3d, 0xba, 0xd1, 0xe8, 0x66, 0xa6, 0xef, 0xb2, 0x0e,
-+ 0xa8, 0x9c, 0xaa, 0x4e, 0xaf, 0x17, 0x89, 0x50, 0x00, 0xda, 0xa1, 0xb1,
-+ 0x0b, 0xa4, 0xd9, 0x35, 0x89, 0xc8, 0xe5, 0xb0, 0xd9, 0xb7, 0xc4, 0x33,
-+ 0x9b, 0xcb, 0x7e, 0x75
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_192_no_df_additionalinputreseed[] = {
-+ 0x27, 0x21, 0xfc, 0xc2, 0xbd, 0xf3, 0x3c, 0xce, 0xc3, 0xca, 0xc1, 0x01,
-+ 0xe0, 0xff, 0x93, 0x12, 0x7d, 0x54, 0x42, 0xe3, 0x9f, 0x03, 0xdf, 0x27,
-+ 0x04, 0x07, 0x3c, 0x53, 0x7f, 0xa8, 0x66, 0xc8, 0x97, 0x4b, 0x61, 0x40,
-+ 0x5d, 0x7a, 0x25, 0x79
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_additionalinput2[] = {
-+ 0x2d, 0x8e, 0x16, 0x5d, 0x0b, 0x9f, 0xeb, 0xaa, 0xd6, 0xec, 0x28, 0x71,
-+ 0x7c, 0x0b, 0xc1, 0x1d, 0xd4, 0x44, 0x19, 0x47, 0xfd, 0x1d, 0x7c, 0xe5,
-+ 0xf3, 0x27, 0xe1, 0xb6, 0x72, 0x0a, 0xe0, 0xec, 0x0e, 0xcd, 0xef, 0x1a,
-+ 0x91, 0x6a, 0xe3, 0x5f
-+};
-+
-+__fips_constseg static const unsigned char aes_192_no_df_returnedbits[] = {
-+ 0xe5, 0xda, 0xb8, 0xe0, 0x63, 0x59, 0x5a, 0xcc, 0x3d, 0xdc, 0x9f, 0xe8,
-+ 0x66, 0x67, 0x2c, 0x92
-+};
-+
-+/* AES-256 no df PR */
-+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinput[] = {
-+ 0x15, 0xc7, 0x5d, 0xcb, 0x41, 0x4b, 0x16, 0x01, 0x3a, 0xd1, 0x44, 0xe8,
-+ 0x22, 0x32, 0xc6, 0x9c, 0x3f, 0xe7, 0x43, 0xf5, 0x9a, 0xd3, 0xea, 0xf2,
-+ 0xd7, 0x4e, 0x6e, 0x6a, 0x55, 0x73, 0x40, 0xef, 0x89, 0xad, 0x0d, 0x03,
-+ 0x96, 0x7e, 0x78, 0x81, 0x2f, 0x91, 0x1b, 0x44, 0xb0, 0x02, 0xba, 0x1c
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_pr_nonce[] = {
-+ 0xdc, 0xe4, 0xd4, 0x27, 0x7a, 0x90, 0xd7, 0x99, 0x43, 0xa1, 0x3c, 0x30,
-+ 0xcc, 0x4b, 0xee, 0x2e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_personalizationstring[] = {
-+ 0xe3, 0xe6, 0xb9, 0x11, 0xe4, 0x7a, 0xa4, 0x40, 0x6b, 0xf8, 0x73, 0xf7,
-+ 0x7e, 0xec, 0xc7, 0xb9, 0x97, 0xbf, 0xf8, 0x25, 0x7b, 0xbe, 0x11, 0x9b,
-+ 0x5b, 0x6a, 0x0c, 0x2e, 0x2b, 0x01, 0x51, 0xcd, 0x41, 0x4b, 0x6b, 0xac,
-+ 0x31, 0xa8, 0x0b, 0xf7, 0xe6, 0x59, 0x42, 0xb8, 0x03, 0x0c, 0xf8, 0x06
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_additionalinput[] = {
-+ 0x6a, 0x9f, 0x00, 0x91, 0xae, 0xfe, 0xcf, 0x84, 0x99, 0xce, 0xb1, 0x40,
-+ 0x6d, 0x5d, 0x33, 0x28, 0x84, 0xf4, 0x8c, 0x63, 0x4c, 0x7e, 0xbd, 0x2c,
-+ 0x80, 0x76, 0xee, 0x5a, 0xaa, 0x15, 0x07, 0x31, 0xd8, 0xbb, 0x8c, 0x69,
-+ 0x9d, 0x9d, 0xbc, 0x7e, 0x49, 0xae, 0xec, 0x39, 0x6b, 0xd1, 0x1f, 0x7e
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinputpr[] = {
-+ 0xf3, 0xb9, 0x75, 0x9c, 0xbd, 0x88, 0xea, 0xa2, 0x50, 0xad, 0xd6, 0x16,
-+ 0x1a, 0x12, 0x3c, 0x86, 0x68, 0xaf, 0x6f, 0xbe, 0x19, 0xf2, 0xee, 0xcc,
-+ 0xa5, 0x70, 0x84, 0x53, 0x50, 0xcb, 0x9f, 0x14, 0xa9, 0xe5, 0xee, 0xb9,
-+ 0x48, 0x45, 0x40, 0xe2, 0xc7, 0xc9, 0x9a, 0x74, 0xff, 0x8c, 0x99, 0x1f
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_int_returnedbits[] = {
-+ 0x2e, 0xf2, 0x45, 0x4c, 0x62, 0x2e, 0x0a, 0xb9, 0x6b, 0xa2, 0xfd, 0x56,
-+ 0x79, 0x60, 0x93, 0xcf
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_additionalinput2[] = {
-+ 0xaf, 0x69, 0x20, 0xe9, 0x3b, 0x37, 0x9d, 0x3f, 0xb4, 0x80, 0x02, 0x7a,
-+ 0x25, 0x7d, 0xb8, 0xde, 0x71, 0xc5, 0x06, 0x0c, 0xb4, 0xe2, 0x8f, 0x35,
-+ 0xd8, 0x14, 0x0d, 0x7f, 0x76, 0x63, 0x4e, 0xb5, 0xee, 0xe9, 0x6f, 0x34,
-+ 0xc7, 0x5f, 0x56, 0x14, 0x4a, 0xe8, 0x73, 0x95, 0x5b, 0x1c, 0xb9, 0xcb
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = {
-+ 0xe5, 0xb0, 0x2e, 0x7e, 0x52, 0x30, 0xe3, 0x63, 0x82, 0xb6, 0x44, 0xd3,
-+ 0x25, 0x19, 0x05, 0x24, 0x9a, 0x9f, 0x5f, 0x27, 0x6a, 0x29, 0xab, 0xfa,
-+ 0x07, 0xa2, 0x42, 0x0f, 0xc5, 0xa8, 0x94, 0x7c, 0x17, 0x7b, 0x85, 0x83,
-+ 0x0c, 0x25, 0x0e, 0x63, 0x0b, 0xe9, 0x12, 0x60, 0xcd, 0xef, 0x80, 0x0f
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_pr_returnedbits[] = {
-+ 0x5e, 0xf2, 0x26, 0xef, 0x9f, 0x58, 0x5d, 0xd5, 0x4a, 0x10, 0xfe, 0xa7,
-+ 0x2d, 0x5f, 0x4a, 0x46
-+};
-+
-+/* AES-256 no df No PR */
-+__fips_constseg static const unsigned char aes_256_no_df_entropyinput[] = {
-+ 0xfb, 0xcf, 0x1b, 0x61, 0x16, 0x89, 0x78, 0x23, 0xf5, 0xd8, 0x96, 0xe3,
-+ 0x4e, 0x64, 0x0b, 0x29, 0x9a, 0x3f, 0xf8, 0xa5, 0xed, 0xf2, 0xfe, 0xdb,
-+ 0x16, 0xca, 0x7f, 0x10, 0xfa, 0x5e, 0x18, 0x76, 0x2c, 0x63, 0x5e, 0x96,
-+ 0xcf, 0xb3, 0xd6, 0xfc, 0xaf, 0x99, 0x39, 0x28, 0x9c, 0x61, 0xe8, 0xb3
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_nonce[] = {
-+ 0x12, 0x96, 0xf0, 0x52, 0xf3, 0x8d, 0x81, 0xcf, 0xde, 0x86, 0xf2, 0x99,
-+ 0x43, 0x96, 0xb9, 0xf0
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_personalizationstring[] = {
-+ 0x63, 0x0d, 0x78, 0xf5, 0x90, 0x8e, 0x32, 0x47, 0xb0, 0x4d, 0x37, 0x60,
-+ 0x09, 0x96, 0xbc, 0xbf, 0x97, 0x7a, 0x62, 0x14, 0x45, 0xbd, 0x8d, 0xcc,
-+ 0x69, 0xfb, 0x03, 0xe1, 0x80, 0x1c, 0xc7, 0xe2, 0x2a, 0xf9, 0x37, 0x3f,
-+ 0x66, 0x4d, 0x62, 0xd9, 0x10, 0xe0, 0xad, 0xc8, 0x9a, 0xf0, 0xa8, 0x6d
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_additionalinput[] = {
-+ 0x36, 0xc6, 0x13, 0x60, 0xbb, 0x14, 0xad, 0x22, 0xb0, 0x38, 0xac, 0xa6,
-+ 0x18, 0x16, 0x93, 0x25, 0x86, 0xb7, 0xdc, 0xdc, 0x36, 0x98, 0x2b, 0xf9,
-+ 0x68, 0x33, 0xd3, 0xc6, 0xff, 0xce, 0x8d, 0x15, 0x59, 0x82, 0x76, 0xed,
-+ 0x6f, 0x8d, 0x49, 0x74, 0x2f, 0xda, 0xdc, 0x1f, 0x17, 0xd0, 0xde, 0x17
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_int_returnedbits[] = {
-+ 0x16, 0x2f, 0x8e, 0x3f, 0x21, 0x7a, 0x1c, 0x20, 0x56, 0xd1, 0x92, 0xf6,
-+ 0xd2, 0x25, 0x75, 0x0e
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_entropyinputreseed[] = {
-+ 0x91, 0x79, 0x76, 0xee, 0xe0, 0xcf, 0x9e, 0xc2, 0xd5, 0xd4, 0x23, 0x9b,
-+ 0x12, 0x8c, 0x7e, 0x0a, 0xb7, 0xd2, 0x8b, 0xd6, 0x7c, 0xa3, 0xc6, 0xe5,
-+ 0x0e, 0xaa, 0xc7, 0x6b, 0xae, 0x0d, 0xfa, 0x53, 0x06, 0x79, 0xa1, 0xed,
-+ 0x4d, 0x6a, 0x0e, 0xd8, 0x9d, 0xbe, 0x1b, 0x31, 0x93, 0x7b, 0xec, 0xfb
-+};
-+
-+__fips_constseg
-+ static const unsigned char aes_256_no_df_additionalinputreseed[] = {
-+ 0xd2, 0x46, 0x50, 0x22, 0x10, 0x14, 0x63, 0xf7, 0xea, 0x0f, 0xb9, 0x7e,
-+ 0x0d, 0xe1, 0x94, 0x07, 0xaf, 0x09, 0x44, 0x31, 0xea, 0x64, 0xa4, 0x18,
-+ 0x5b, 0xf9, 0xd8, 0xc2, 0xfa, 0x03, 0x47, 0xc5, 0x39, 0x43, 0xd5, 0x3b,
-+ 0x62, 0x86, 0x64, 0xea, 0x2c, 0x73, 0x8c, 0xae, 0x9d, 0x98, 0x98, 0x29
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_additionalinput2[] = {
-+ 0x8c, 0xab, 0x18, 0xf8, 0xc3, 0xec, 0x18, 0x5c, 0xb3, 0x1e, 0x9d, 0xbe,
-+ 0x3f, 0x03, 0xb4, 0x00, 0x98, 0x9d, 0xae, 0xeb, 0xf4, 0x94, 0xf8, 0x42,
-+ 0x8f, 0xe3, 0x39, 0x07, 0xe1, 0xc9, 0xad, 0x0b, 0x1f, 0xed, 0xc0, 0xba,
-+ 0xf6, 0xd1, 0xec, 0x27, 0x86, 0x7b, 0xd6, 0x55, 0x9b, 0x60, 0xa5, 0xc6
-+};
-+
-+__fips_constseg static const unsigned char aes_256_no_df_returnedbits[] = {
-+ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67,
-+ 0xf6, 0x02, 0x32, 0xe2
-+};
-+
-+/* SHA-1 PR */
-+__fips_constseg static const unsigned char sha1_pr_entropyinput[] = {
-+ 0xd2, 0x36, 0xa5, 0x27, 0x31, 0x73, 0xdd, 0x11, 0x4f, 0x93, 0xbd, 0xe2,
-+ 0x31, 0xa5, 0x91, 0x13
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_nonce[] = {
-+ 0xb5, 0xb3, 0x60, 0xef, 0xf7, 0x63, 0x31, 0xf3
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_personalizationstring[] = {
-+ 0xd4, 0xbb, 0x02, 0x10, 0xb2, 0x71, 0xdb, 0x81, 0xd6, 0xf0, 0x42, 0x60,
-+ 0xda, 0xea, 0x77, 0x52
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_additionalinput[] = {
-+ 0x4d, 0xd2, 0x6c, 0x87, 0xfb, 0x2c, 0x4f, 0xa6, 0x8d, 0x16, 0x63, 0x22,
-+ 0x6a, 0x51, 0xe3, 0xf8
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_entropyinputpr[] = {
-+ 0xc9, 0x83, 0x9e, 0x16, 0xf6, 0x1c, 0x0f, 0xb2, 0xec, 0x60, 0x31, 0xa9,
-+ 0xcb, 0xa9, 0x36, 0x7a
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_int_returnedbits[] = {
-+ 0xa8, 0x13, 0x4f, 0xf4, 0x31, 0x02, 0x44, 0xe3, 0xd3, 0x3d, 0x61, 0x9e,
-+ 0xe5, 0xc6, 0x3e, 0x89, 0xb5, 0x9b, 0x0f, 0x35
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_additionalinput2[] = {
-+ 0xf9, 0xe8, 0xd2, 0x72, 0x13, 0x34, 0x95, 0x6f, 0x15, 0x49, 0x47, 0x99,
-+ 0x16, 0x03, 0x19, 0x47
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_entropyinputpr2[] = {
-+ 0x4e, 0x8c, 0x49, 0x9b, 0x4a, 0x5c, 0x9b, 0x9c, 0x3a, 0xee, 0xfb, 0xd2,
-+ 0xae, 0xcd, 0x8c, 0xc4
-+};
-+
-+__fips_constseg static const unsigned char sha1_pr_returnedbits[] = {
-+ 0x50, 0xb4, 0xb4, 0xcd, 0x68, 0x57, 0xfc, 0x2e, 0xc1, 0x52, 0xcc, 0xf6,
-+ 0x68, 0xa4, 0x81, 0xed, 0x7e, 0xe4, 0x1d, 0x87
-+};
-+
-+/* SHA-1 No PR */
-+__fips_constseg static const unsigned char sha1_entropyinput[] = {
-+ 0xa9, 0x47, 0x1b, 0x29, 0x2d, 0x1c, 0x05, 0xdf, 0x76, 0xd0, 0x62, 0xf9,
-+ 0xe2, 0x7f, 0x4c, 0x7b
-+};
-+
-+__fips_constseg static const unsigned char sha1_nonce[] = {
-+ 0x53, 0x23, 0x24, 0xe3, 0xec, 0x0c, 0x54, 0x14
-+};
-+
-+__fips_constseg static const unsigned char sha1_personalizationstring[] = {
-+ 0x7a, 0x87, 0xa1, 0xac, 0x1c, 0xfd, 0xab, 0xae, 0xf7, 0xd6, 0xfb, 0x76,
-+ 0x28, 0xec, 0x6d, 0xca
-+};
-+
-+__fips_constseg static const unsigned char sha1_additionalinput[] = {
-+ 0xfc, 0x92, 0x35, 0xd6, 0x7e, 0xb7, 0x24, 0x65, 0xfd, 0x12, 0x27, 0x35,
-+ 0xc0, 0x72, 0xca, 0x28
-+};
-+
-+__fips_constseg static const unsigned char sha1_int_returnedbits[] = {
-+ 0x57, 0x88, 0x82, 0xe5, 0x25, 0xa5, 0x2c, 0x4a, 0x06, 0x20, 0x6c, 0x72,
-+ 0x55, 0x61, 0xdd, 0x90, 0x71, 0x9f, 0x95, 0xea
-+};
-+
-+__fips_constseg static const unsigned char sha1_entropyinputreseed[] = {
-+ 0x69, 0xa5, 0x40, 0x62, 0x98, 0x47, 0x56, 0x73, 0x4a, 0x8f, 0x60, 0x96,
-+ 0xd6, 0x99, 0x27, 0xed
-+};
-+
-+__fips_constseg static const unsigned char sha1_additionalinputreseed[] = {
-+ 0xe5, 0x40, 0x4e, 0xbd, 0x50, 0x00, 0xf5, 0x15, 0xa6, 0xee, 0x45, 0xda,
-+ 0x84, 0x3d, 0xd4, 0xc0
-+};
-+
-+__fips_constseg static const unsigned char sha1_additionalinput2[] = {
-+ 0x11, 0x51, 0x14, 0xf0, 0x09, 0x1b, 0x4e, 0x56, 0x0d, 0xe9, 0xf6, 0x1e,
-+ 0x52, 0x65, 0xcd, 0x96
-+};
-+
-+__fips_constseg static const unsigned char sha1_returnedbits[] = {
-+ 0xa1, 0x9c, 0x94, 0x6e, 0x29, 0xe1, 0x33, 0x0d, 0x32, 0xd6, 0xaa, 0xce,
-+ 0x71, 0x3f, 0x52, 0x72, 0x8b, 0x42, 0xa8, 0xd7
-+};
-+
-+/* SHA-224 PR */
-+__fips_constseg static const unsigned char sha224_pr_entropyinput[] = {
-+ 0x12, 0x69, 0x32, 0x4f, 0x83, 0xa6, 0xf5, 0x14, 0xe3, 0x49, 0x3e, 0x75,
-+ 0x3e, 0xde, 0xad, 0xa1, 0x29, 0xc3, 0xf3, 0x19, 0x20, 0xb5, 0x4c, 0xd9
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_nonce[] = {
-+ 0x6a, 0x78, 0xd0, 0xeb, 0xbb, 0x5a, 0xf0, 0xee, 0xe8, 0xc3, 0xba, 0x71
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_personalizationstring[] = {
-+ 0xd5, 0xb8, 0xb6, 0xbc, 0xc1, 0x5b, 0x60, 0x31, 0x3c, 0xf5, 0xe5, 0xc0,
-+ 0x8e, 0x52, 0x7a, 0xbd, 0xea, 0x47, 0xa9, 0x5f, 0x8f, 0xf9, 0x8b, 0xae
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_additionalinput[] = {
-+ 0x1f, 0x55, 0xec, 0xae, 0x16, 0x12, 0x84, 0xba, 0x84, 0x16, 0x19, 0x88,
-+ 0x8e, 0xb8, 0x33, 0x25, 0x54, 0xff, 0xca, 0x79, 0xaf, 0x07, 0x25, 0x50
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_entropyinputpr[] = {
-+ 0x92, 0xa3, 0x32, 0xa8, 0x9a, 0x0a, 0x58, 0x7c, 0x1d, 0x5a, 0x7e, 0xe1,
-+ 0xb2, 0x73, 0xab, 0x0e, 0x16, 0x79, 0x23, 0xd3, 0x29, 0x89, 0x81, 0xe1
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_int_returnedbits[] = {
-+ 0xf3, 0x38, 0x91, 0x40, 0x37, 0x7a, 0x51, 0x72, 0x42, 0x74, 0x78, 0x0a,
-+ 0x69, 0xfd, 0xa6, 0x44, 0x43, 0x45, 0x6c, 0x0c, 0x5a, 0x19, 0xff, 0xf1,
-+ 0x54, 0x60, 0xee, 0x6a
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_additionalinput2[] = {
-+ 0x75, 0xf3, 0x04, 0x25, 0xdd, 0x36, 0xa8, 0x37, 0x46, 0xae, 0x0c, 0x52,
-+ 0x05, 0x79, 0x4c, 0x26, 0xdb, 0xe9, 0x71, 0x16, 0x4c, 0x0a, 0xf2, 0x60
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_entropyinputpr2[] = {
-+ 0xea, 0xc5, 0x03, 0x0a, 0x4f, 0xb0, 0x38, 0x8d, 0x23, 0xd4, 0xc8, 0x77,
-+ 0xe2, 0x6d, 0x9c, 0x0b, 0x44, 0xf7, 0x2d, 0x5b, 0xbf, 0x5d, 0x2a, 0x11
-+};
-+
-+__fips_constseg static const unsigned char sha224_pr_returnedbits[] = {
-+ 0x60, 0x50, 0x2b, 0xe7, 0x86, 0xd8, 0x26, 0x73, 0xe3, 0x1d, 0x95, 0x20,
-+ 0xb3, 0x2c, 0x32, 0x1c, 0xf5, 0xce, 0x57, 0xa6, 0x67, 0x2b, 0xdc, 0x4e,
-+ 0xdd, 0x11, 0x4c, 0xc4
-+};
-+
-+/* SHA-224 No PR */
-+__fips_constseg static const unsigned char sha224_entropyinput[] = {
-+ 0xb2, 0x1c, 0x77, 0x4d, 0xf6, 0xd3, 0xb6, 0x40, 0xb7, 0x30, 0x3e, 0x29,
-+ 0xb0, 0x85, 0x1c, 0xbe, 0x4a, 0xea, 0x6b, 0x5a, 0xb5, 0x8a, 0x97, 0xeb
-+};
-+
-+__fips_constseg static const unsigned char sha224_nonce[] = {
-+ 0x42, 0x02, 0x0a, 0x1c, 0x98, 0x9a, 0x77, 0x9e, 0x9f, 0x80, 0xba, 0xe0
-+};
-+
-+__fips_constseg static const unsigned char sha224_personalizationstring[] = {
-+ 0x98, 0xb8, 0x04, 0x41, 0xfc, 0xc1, 0x5d, 0xc5, 0xe9, 0xb9, 0x08, 0xda,
-+ 0xf9, 0xfa, 0x0d, 0x90, 0xce, 0xdf, 0x1d, 0x10, 0xa9, 0x8d, 0x50, 0x0c
-+};
-+
-+__fips_constseg static const unsigned char sha224_additionalinput[] = {
-+ 0x9a, 0x8d, 0x39, 0x49, 0x42, 0xd5, 0x0b, 0xae, 0xe1, 0xaf, 0xb7, 0x00,
-+ 0x02, 0xfa, 0x96, 0xb1, 0xa5, 0x1d, 0x2d, 0x25, 0x78, 0xee, 0x83, 0x3f
-+};
-+
-+__fips_constseg static const unsigned char sha224_int_returnedbits[] = {
-+ 0xe4, 0xf5, 0x53, 0x79, 0x5a, 0x97, 0x58, 0x06, 0x08, 0xba, 0x7b, 0xfa,
-+ 0xf0, 0x83, 0x05, 0x8c, 0x22, 0xc0, 0xc9, 0xdb, 0x15, 0xe7, 0xde, 0x20,
-+ 0x55, 0x22, 0x9a, 0xad
-+};
-+
-+__fips_constseg static const unsigned char sha224_entropyinputreseed[] = {
-+ 0x67, 0x09, 0x48, 0xaa, 0x07, 0x16, 0x99, 0x89, 0x7f, 0x6d, 0xa0, 0xe5,
-+ 0x8f, 0xdf, 0xbc, 0xdb, 0xfe, 0xe5, 0x6c, 0x7a, 0x95, 0x4a, 0x66, 0x17
-+};
-+
-+__fips_constseg static const unsigned char sha224_additionalinputreseed[] = {
-+ 0x0f, 0x4b, 0x1c, 0x6f, 0xb7, 0xe3, 0x47, 0xe5, 0x5d, 0x7d, 0x38, 0xd6,
-+ 0x28, 0x9b, 0xeb, 0x55, 0x63, 0x09, 0x3e, 0x7c, 0x56, 0xea, 0xf8, 0x19
-+};
-+
-+__fips_constseg static const unsigned char sha224_additionalinput2[] = {
-+ 0x2d, 0x26, 0x7c, 0x37, 0xe4, 0x7a, 0x28, 0x5e, 0x5a, 0x3c, 0xaf, 0x3d,
-+ 0x5a, 0x8e, 0x55, 0xa2, 0x1a, 0x6e, 0xc0, 0xe5, 0xf6, 0x21, 0xd3, 0xf6
-+};
-+
-+__fips_constseg static const unsigned char sha224_returnedbits[] = {
-+ 0x4d, 0x83, 0x35, 0xdf, 0x67, 0xa9, 0xfc, 0x17, 0xda, 0x70, 0xcc, 0x8b,
-+ 0x7f, 0x77, 0xae, 0xa2, 0x5f, 0xb9, 0x7e, 0x74, 0x4c, 0x26, 0xc1, 0x7a,
-+ 0x3b, 0xa7, 0x5c, 0x93
-+};
-+
-+/* SHA-256 PR */
-+__fips_constseg static const unsigned char sha256_pr_entropyinput[] = {
-+ 0xce, 0x49, 0x00, 0x7a, 0x56, 0xe3, 0x67, 0x8f, 0xe1, 0xb6, 0xa7, 0xd4,
-+ 0x4f, 0x08, 0x7a, 0x1b, 0x01, 0xf4, 0xfa, 0x6b, 0xef, 0xb7, 0xe5, 0xeb,
-+ 0x07, 0x3d, 0x11, 0x0d, 0xc8, 0xea, 0x2b, 0xfe
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_nonce[] = {
-+ 0x73, 0x41, 0xc8, 0x92, 0x94, 0xe2, 0xc5, 0x5f, 0x93, 0xfd, 0x39, 0x5d,
-+ 0x2b, 0x91, 0x4d, 0x38
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_personalizationstring[] = {
-+ 0x50, 0x6d, 0x01, 0x01, 0x07, 0x5a, 0x80, 0x35, 0x7a, 0x56, 0x1a, 0x56,
-+ 0x2f, 0x9a, 0x0b, 0x35, 0xb2, 0xb1, 0xc9, 0xe5, 0xca, 0x69, 0x61, 0x48,
-+ 0xff, 0xfb, 0x0f, 0xd9, 0x4b, 0x79, 0x1d, 0xba
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_additionalinput[] = {
-+ 0x20, 0xb8, 0xdf, 0x44, 0x77, 0x5a, 0xb8, 0xd3, 0xbf, 0xf6, 0xcf, 0xac,
-+ 0x5e, 0xa6, 0x96, 0x62, 0x73, 0x44, 0x40, 0x4a, 0x30, 0xfb, 0x38, 0xa5,
-+ 0x7b, 0x0d, 0xe4, 0x0d, 0xc6, 0xe4, 0x9a, 0x1f
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_entropyinputpr[] = {
-+ 0x04, 0xc4, 0x65, 0xf4, 0xd3, 0xbf, 0x83, 0x4b, 0xab, 0xc8, 0x41, 0xa8,
-+ 0xc2, 0xe0, 0x44, 0x63, 0x77, 0x4c, 0x6f, 0x6c, 0x49, 0x46, 0xff, 0x94,
-+ 0x17, 0xea, 0xe6, 0x1a, 0x9d, 0x5e, 0x66, 0x78
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_int_returnedbits[] = {
-+ 0x07, 0x4d, 0xac, 0x9b, 0x86, 0xca, 0x4a, 0xaa, 0x6e, 0x7a, 0x03, 0xa2,
-+ 0x5d, 0x10, 0xea, 0x0b, 0xf9, 0x83, 0xcc, 0xd1, 0xfc, 0xe2, 0x07, 0xc7,
-+ 0x06, 0x34, 0x60, 0x6f, 0x83, 0x94, 0x99, 0x76
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_additionalinput2[] = {
-+ 0x89, 0x4e, 0x45, 0x8c, 0x11, 0xf9, 0xbc, 0x5b, 0xac, 0x74, 0x8b, 0x4b,
-+ 0x5f, 0xf7, 0x19, 0xf3, 0xf5, 0x24, 0x54, 0x14, 0xd1, 0x15, 0xb1, 0x43,
-+ 0x12, 0xa4, 0x5f, 0xd4, 0xec, 0xfc, 0xcd, 0x09
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_entropyinputpr2[] = {
-+ 0x0e, 0xeb, 0x1f, 0xd7, 0xfc, 0xd1, 0x9d, 0xd4, 0x05, 0x36, 0x8b, 0xb2,
-+ 0xfb, 0xe4, 0xf4, 0x51, 0x0c, 0x87, 0x9b, 0x02, 0x44, 0xd5, 0x92, 0x4d,
-+ 0x44, 0xfe, 0x1a, 0x03, 0x43, 0x56, 0xbd, 0x86
-+};
-+
-+__fips_constseg static const unsigned char sha256_pr_returnedbits[] = {
-+ 0x02, 0xaa, 0xb6, 0x1d, 0x7e, 0x2a, 0x40, 0x03, 0x69, 0x2d, 0x49, 0xa3,
-+ 0x41, 0xe7, 0x44, 0x0b, 0xaf, 0x7b, 0x85, 0xe4, 0x5f, 0x53, 0x3b, 0x64,
-+ 0xbc, 0x89, 0xc8, 0x82, 0xd4, 0x78, 0x37, 0xa2
-+};
-+
-+/* SHA-256 No PR */
-+__fips_constseg static const unsigned char sha256_entropyinput[] = {
-+ 0x5b, 0x1b, 0xec, 0x4d, 0xa9, 0x38, 0x74, 0x5a, 0x34, 0x0b, 0x7b, 0xc5,
-+ 0xe5, 0xd7, 0x66, 0x7c, 0xbc, 0x82, 0xb9, 0x0e, 0x2d, 0x1f, 0x92, 0xd7,
-+ 0xc1, 0xbc, 0x67, 0x69, 0xec, 0x6b, 0x03, 0x3c
-+};
-+
-+__fips_constseg static const unsigned char sha256_nonce[] = {
-+ 0xa4, 0x0c, 0xd8, 0x9c, 0x61, 0xd8, 0xc3, 0x54, 0xfe, 0x53, 0xc9, 0xe5,
-+ 0x5d, 0x6f, 0x6d, 0x35
-+};
-+
-+__fips_constseg static const unsigned char sha256_personalizationstring[] = {
-+ 0x22, 0x5e, 0x62, 0x93, 0x42, 0x83, 0x78, 0x24, 0xd8, 0x40, 0x8c, 0xde,
-+ 0x6f, 0xf9, 0xa4, 0x7a, 0xc5, 0xa7, 0x3b, 0x88, 0xa3, 0xee, 0x42, 0x20,
-+ 0xfd, 0x61, 0x56, 0xc6, 0x4c, 0x13, 0x41, 0x9c
-+};
-+
-+__fips_constseg static const unsigned char sha256_additionalinput[] = {
-+ 0xbf, 0x74, 0x5b, 0xf6, 0xc5, 0x64, 0x5e, 0x99, 0x34, 0x8f, 0xbc, 0xa4,
-+ 0xe2, 0xbd, 0xd8, 0x85, 0x26, 0x37, 0xea, 0xba, 0x4f, 0xf2, 0x9a, 0x9a,
-+ 0x66, 0xfc, 0xdf, 0x63, 0x26, 0x26, 0x19, 0x87
-+};
-+
-+__fips_constseg static const unsigned char sha256_int_returnedbits[] = {
-+ 0xb3, 0xc6, 0x07, 0x07, 0xd6, 0x75, 0xf6, 0x2b, 0xd6, 0x21, 0x96, 0xf1,
-+ 0xae, 0xdb, 0x2b, 0xac, 0x25, 0x2a, 0xae, 0xae, 0x41, 0x72, 0x03, 0x5e,
-+ 0xbf, 0xd3, 0x64, 0xbc, 0x59, 0xf9, 0xc0, 0x76
-+};
-+
-+__fips_constseg static const unsigned char sha256_entropyinputreseed[] = {
-+ 0xbf, 0x20, 0x33, 0x56, 0x29, 0xa8, 0x37, 0x04, 0x1f, 0x78, 0x34, 0x3d,
-+ 0x81, 0x2a, 0xc9, 0x86, 0xc6, 0x7a, 0x2f, 0x88, 0x5e, 0xd5, 0xbe, 0x34,
-+ 0x46, 0x20, 0xa4, 0x35, 0xeb, 0xc7, 0xe2, 0x9d
-+};
-+
-+__fips_constseg static const unsigned char sha256_additionalinputreseed[] = {
-+ 0x9b, 0xae, 0x2d, 0x2d, 0x61, 0xa4, 0x89, 0xeb, 0x43, 0x46, 0xa7, 0xda,
-+ 0xef, 0x40, 0xca, 0x4a, 0x99, 0x11, 0x41, 0xdc, 0x5c, 0x94, 0xe9, 0xac,
-+ 0xd4, 0xd0, 0xe6, 0xbd, 0xfb, 0x03, 0x9c, 0xa8
-+};
-+
-+__fips_constseg static const unsigned char sha256_additionalinput2[] = {
-+ 0x23, 0xaa, 0x0c, 0xbd, 0x28, 0x33, 0xe2, 0x51, 0xfc, 0x71, 0xd2, 0x15,
-+ 0x1f, 0x76, 0xfd, 0x0d, 0xe0, 0xb7, 0xb5, 0x84, 0x75, 0x5b, 0xbe, 0xf3,
-+ 0x5c, 0xca, 0xc5, 0x30, 0xf2, 0x75, 0x1f, 0xda
-+};
-+
-+__fips_constseg static const unsigned char sha256_returnedbits[] = {
-+ 0x90, 0x3c, 0xc1, 0x10, 0x8c, 0x12, 0x01, 0xc6, 0xa6, 0x3a, 0x0f, 0x4d,
-+ 0xb6, 0x3a, 0x4f, 0x41, 0x9c, 0x61, 0x75, 0x84, 0xe9, 0x74, 0x75, 0xfd,
-+ 0xfe, 0xf2, 0x1f, 0x43, 0xd8, 0x5e, 0x24, 0xa3
-+};
-+
-+/* SHA-384 PR */
-+__fips_constseg static const unsigned char sha384_pr_entropyinput[] = {
-+ 0x71, 0x9d, 0xb2, 0x5a, 0x71, 0x6d, 0x04, 0xe9, 0x1e, 0xc7, 0x92, 0x24,
-+ 0x6e, 0x12, 0x33, 0xa9, 0x52, 0x64, 0x31, 0xef, 0x71, 0xeb, 0x22, 0x55,
-+ 0x28, 0x97, 0x06, 0x6a, 0xc0, 0x0c, 0xa0, 0x7e
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_nonce[] = {
-+ 0xf5, 0x0d, 0xfa, 0xb0, 0xec, 0x6a, 0x7c, 0xd6, 0xbd, 0x9b, 0x05, 0xfd,
-+ 0x38, 0x3e, 0x2e, 0x56
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_personalizationstring[] = {
-+ 0x74, 0xac, 0x7e, 0x6d, 0xb1, 0xa4, 0xe7, 0x21, 0xd1, 0x1e, 0x6e, 0x96,
-+ 0x6d, 0x4d, 0x53, 0x46, 0x82, 0x96, 0x6e, 0xcf, 0xaa, 0x81, 0x8d, 0x7d,
-+ 0x9e, 0xe1, 0x0f, 0x15, 0xea, 0x41, 0xbf, 0xe3
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_additionalinput[] = {
-+ 0xda, 0x95, 0xd4, 0xd0, 0xb8, 0x11, 0xd3, 0x49, 0x27, 0x5d, 0xa9, 0x39,
-+ 0x68, 0xf3, 0xa8, 0xe9, 0x5d, 0x19, 0x8a, 0x2b, 0x66, 0xe8, 0x69, 0x06,
-+ 0x7c, 0x9e, 0x03, 0xa1, 0x8b, 0x26, 0x2d, 0x6e
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_entropyinputpr[] = {
-+ 0x49, 0xdf, 0x44, 0x00, 0xe4, 0x1c, 0x75, 0x0b, 0x26, 0x5a, 0x59, 0x64,
-+ 0x1f, 0x4e, 0xb1, 0xb2, 0x13, 0xf1, 0x22, 0x4e, 0xb4, 0x6d, 0x9a, 0xcc,
-+ 0xa0, 0x48, 0xe6, 0xcf, 0x1d, 0xd1, 0x92, 0x0d
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_int_returnedbits[] = {
-+ 0xc8, 0x52, 0xae, 0xbf, 0x04, 0x3c, 0x27, 0xb7, 0x78, 0x18, 0xaa, 0x8f,
-+ 0xff, 0xcf, 0xa4, 0xf1, 0xcc, 0xe7, 0x68, 0xfa, 0x22, 0xa2, 0x13, 0x45,
-+ 0xe8, 0xdd, 0x87, 0xe6, 0xf2, 0x6e, 0xdd, 0xc7, 0x52, 0x90, 0x9f, 0x7b,
-+ 0xfa, 0x61, 0x2d, 0x9d, 0x9e, 0xcf, 0x98, 0xac, 0x52, 0x40, 0xce, 0xaf
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_additionalinput2[] = {
-+ 0x61, 0x7c, 0x03, 0x9a, 0x3e, 0x50, 0x57, 0x60, 0xc5, 0x83, 0xc9, 0xb2,
-+ 0xd1, 0x87, 0x85, 0x66, 0x92, 0x5d, 0x84, 0x0e, 0x53, 0xfb, 0x70, 0x03,
-+ 0x72, 0xfd, 0xba, 0xae, 0x9c, 0x8f, 0xf8, 0x18
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_entropyinputpr2[] = {
-+ 0xf8, 0xeb, 0x89, 0xb1, 0x8d, 0x78, 0xbe, 0x21, 0xe0, 0xbb, 0x9d, 0xb7,
-+ 0x95, 0x0e, 0xd9, 0x46, 0x0c, 0x8c, 0xe2, 0x63, 0xb7, 0x9d, 0x67, 0x90,
-+ 0xbd, 0xc7, 0x0b, 0xa5, 0xce, 0xb2, 0x65, 0x81
-+};
-+
-+__fips_constseg static const unsigned char sha384_pr_returnedbits[] = {
-+ 0xe6, 0x9f, 0xfe, 0x68, 0xd6, 0xb5, 0x79, 0xf1, 0x06, 0x5f, 0xa3, 0xbb,
-+ 0x23, 0x85, 0xd8, 0xf0, 0x29, 0x5a, 0x68, 0x9e, 0xf5, 0xf4, 0xa6, 0x12,
-+ 0xe0, 0x9a, 0xe2, 0xac, 0x00, 0x1d, 0x98, 0x26, 0xfc, 0x53, 0x95, 0x53,
-+ 0xe4, 0x3e, 0x17, 0xd5, 0x08, 0x0b, 0x70, 0x3d, 0x67, 0x99, 0xac, 0x66
-+};
-+
-+/* SHA-384 No PR */
-+__fips_constseg static const unsigned char sha384_entropyinput[] = {
-+ 0x07, 0x15, 0x27, 0x2a, 0xaf, 0x74, 0x24, 0x37, 0xbc, 0xd5, 0x14, 0x69,
-+ 0xce, 0x11, 0xff, 0xa2, 0x6b, 0xb8, 0x05, 0x67, 0x34, 0xf8, 0xbd, 0x6d,
-+ 0x6a, 0xcc, 0xcd, 0x60, 0xa3, 0x68, 0xca, 0xf4
-+};
-+
-+__fips_constseg static const unsigned char sha384_nonce[] = {
-+ 0x70, 0x17, 0xc2, 0x5b, 0x5d, 0x22, 0x0b, 0x06, 0x15, 0x54, 0x78, 0x77,
-+ 0x44, 0xaf, 0x2f, 0x09
-+};
-+
-+__fips_constseg static const unsigned char sha384_personalizationstring[] = {
-+ 0x89, 0x39, 0x28, 0xb0, 0x60, 0xeb, 0x3d, 0xdc, 0x55, 0x75, 0x86, 0xeb,
-+ 0xae, 0xa2, 0x8f, 0xbc, 0x1b, 0x75, 0xd4, 0xe1, 0x0f, 0xaa, 0x38, 0xca,
-+ 0x62, 0x8b, 0xcb, 0x2c, 0x26, 0xf6, 0xbc, 0xb1
-+};
-+
-+__fips_constseg static const unsigned char sha384_additionalinput[] = {
-+ 0x30, 0x2b, 0x42, 0x35, 0xef, 0xda, 0x40, 0x55, 0x28, 0xc6, 0x95, 0xfb,
-+ 0x54, 0x01, 0x62, 0xd7, 0x87, 0x14, 0x48, 0x6d, 0x90, 0x4c, 0xa9, 0x02,
-+ 0x54, 0x40, 0x22, 0xc8, 0x66, 0xa5, 0x48, 0x48
-+};
-+
-+__fips_constseg static const unsigned char sha384_int_returnedbits[] = {
-+ 0x82, 0xc4, 0xa1, 0x9c, 0x21, 0xd2, 0xe7, 0xa5, 0xa6, 0xf6, 0x5f, 0x04,
-+ 0x5c, 0xc7, 0x31, 0x9d, 0x8d, 0x59, 0x74, 0x50, 0x19, 0x89, 0x2f, 0x63,
-+ 0xd5, 0xb7, 0x7e, 0xeb, 0x15, 0xe3, 0x70, 0x83, 0xa1, 0x24, 0x59, 0xfa,
-+ 0x2c, 0x56, 0xf6, 0x88, 0x3a, 0x92, 0x93, 0xa1, 0xfb, 0x79, 0xc1, 0x7a
-+};
-+
-+__fips_constseg static const unsigned char sha384_entropyinputreseed[] = {
-+ 0x39, 0xa6, 0xe8, 0x5c, 0x82, 0x17, 0x71, 0x26, 0x57, 0x4f, 0x9f, 0xc2,
-+ 0x55, 0xff, 0x5c, 0x9b, 0x53, 0x1a, 0xd1, 0x5f, 0xbc, 0x62, 0xe4, 0x27,
-+ 0x2d, 0x32, 0xf0, 0xe4, 0x52, 0x8c, 0xc5, 0x0c
-+};
-+
-+__fips_constseg static const unsigned char sha384_additionalinputreseed[] = {
-+ 0x8d, 0xcb, 0x8d, 0xce, 0x08, 0xea, 0x80, 0xe8, 0x9b, 0x61, 0xa8, 0x0f,
-+ 0xaf, 0x49, 0x20, 0x9e, 0x74, 0xcb, 0x57, 0x80, 0x42, 0xb0, 0x84, 0x5e,
-+ 0x30, 0x2a, 0x67, 0x08, 0xf4, 0xe3, 0x40, 0x22
-+};
-+
-+__fips_constseg static const unsigned char sha384_additionalinput2[] = {
-+ 0x7c, 0x8f, 0xc2, 0xae, 0x22, 0x4a, 0xd6, 0xf6, 0x05, 0xa4, 0x7a, 0xea,
-+ 0xbb, 0x25, 0xd0, 0xb7, 0x5a, 0xd6, 0xcf, 0x9d, 0xf3, 0x6c, 0xe2, 0xb2,
-+ 0x4e, 0xb4, 0xbd, 0xf4, 0xe5, 0x40, 0x80, 0x94
-+};
-+
-+__fips_constseg static const unsigned char sha384_returnedbits[] = {
-+ 0x9e, 0x7e, 0xfb, 0x59, 0xbb, 0xaa, 0x3c, 0xf7, 0xe1, 0xf8, 0x76, 0xdd,
-+ 0x63, 0x5f, 0xaf, 0x23, 0xd6, 0x64, 0x61, 0xc0, 0x9a, 0x09, 0x47, 0xc9,
-+ 0x33, 0xdf, 0x6d, 0x55, 0x91, 0x34, 0x79, 0x70, 0xc4, 0x99, 0x6e, 0x54,
-+ 0x09, 0x64, 0x21, 0x1a, 0xbd, 0x1e, 0x80, 0x40, 0x34, 0xad, 0xfa, 0xd7
-+};
-+
-+/* SHA-512 PR */
-+__fips_constseg static const unsigned char sha512_pr_entropyinput[] = {
-+ 0x13, 0xf7, 0x61, 0x75, 0x65, 0x28, 0xa2, 0x59, 0x13, 0x5a, 0x4a, 0x4f,
-+ 0x56, 0x60, 0x8c, 0x53, 0x7d, 0xb0, 0xbd, 0x06, 0x4f, 0xed, 0xcc, 0xd2,
-+ 0xa2, 0xb5, 0xfd, 0x5b, 0x3a, 0xab, 0xec, 0x28
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_nonce[] = {
-+ 0xbe, 0xa3, 0x91, 0x93, 0x1d, 0xc3, 0x31, 0x3a, 0x23, 0x33, 0x50, 0x67,
-+ 0x88, 0xc7, 0xa2, 0xc4
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_personalizationstring[] = {
-+ 0x1f, 0x59, 0x4d, 0x7b, 0xe6, 0x46, 0x91, 0x48, 0xc1, 0x25, 0xfa, 0xff,
-+ 0x89, 0x12, 0x77, 0x35, 0xdf, 0x3e, 0xf4, 0x80, 0x5f, 0xd9, 0xb0, 0x07,
-+ 0x22, 0x41, 0xdd, 0x48, 0x78, 0x6b, 0x77, 0x2b
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_additionalinput[] = {
-+ 0x30, 0xff, 0x63, 0x6f, 0xac, 0xd9, 0x84, 0x39, 0x6f, 0xe4, 0x99, 0xce,
-+ 0x91, 0x7d, 0x7e, 0xc8, 0x58, 0xf2, 0x12, 0xc3, 0xb6, 0xad, 0xda, 0x22,
-+ 0x04, 0xa0, 0xd2, 0x21, 0xfe, 0xf2, 0x95, 0x1d
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_entropyinputpr[] = {
-+ 0x64, 0x54, 0x13, 0xec, 0x4f, 0x77, 0xda, 0xb2, 0x92, 0x2e, 0x52, 0x80,
-+ 0x11, 0x10, 0xc2, 0xf8, 0xe6, 0xa7, 0xcd, 0x4b, 0xfc, 0x32, 0x2e, 0x9e,
-+ 0xeb, 0xbb, 0xb1, 0xbf, 0x15, 0x5c, 0x73, 0x08
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_int_returnedbits[] = {
-+ 0xef, 0x1e, 0xdc, 0x0a, 0xa4, 0x36, 0x91, 0x9c, 0x3d, 0x27, 0x97, 0x50,
-+ 0x8d, 0x36, 0x29, 0x8d, 0xce, 0x6a, 0x0c, 0xf7, 0x21, 0xc0, 0x91, 0xae,
-+ 0x0c, 0x96, 0x72, 0xbd, 0x52, 0x81, 0x58, 0xfc, 0x6d, 0xe5, 0xf7, 0xa5,
-+ 0xfd, 0x5d, 0xa7, 0x58, 0x68, 0xc8, 0x99, 0x58, 0x8e, 0xc8, 0xce, 0x95,
-+ 0x01, 0x7d, 0xff, 0xa4, 0xc8, 0xf7, 0x63, 0xfe, 0x5f, 0x69, 0x83, 0x53,
-+ 0xe2, 0xc6, 0x8b, 0xc3
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_additionalinput2[] = {
-+ 0xe6, 0x9b, 0xc4, 0x88, 0x34, 0xca, 0xea, 0x29, 0x2f, 0x98, 0x05, 0xa4,
-+ 0xd3, 0xc0, 0x7b, 0x11, 0xe8, 0xbb, 0x75, 0xf2, 0xbd, 0x29, 0xb7, 0x40,
-+ 0x25, 0x7f, 0xc1, 0xb7, 0xb1, 0xf1, 0x25, 0x61
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_entropyinputpr2[] = {
-+ 0x23, 0x6d, 0xff, 0xde, 0xfb, 0xd1, 0xba, 0x33, 0x18, 0xe6, 0xbe, 0xb5,
-+ 0x48, 0x77, 0x6d, 0x7f, 0xa7, 0xe1, 0x4d, 0x48, 0x1e, 0x3c, 0xa7, 0x34,
-+ 0x1a, 0xc8, 0x60, 0xdb, 0x8f, 0x99, 0x15, 0x99
-+};
-+
-+__fips_constseg static const unsigned char sha512_pr_returnedbits[] = {
-+ 0x70, 0x27, 0x31, 0xdb, 0x92, 0x70, 0x21, 0xfe, 0x16, 0xb6, 0xc8, 0x51,
-+ 0x34, 0x87, 0x65, 0xd0, 0x4e, 0xfd, 0xfe, 0x68, 0xec, 0xac, 0xdc, 0x93,
-+ 0x41, 0x38, 0x92, 0x90, 0xb4, 0x94, 0xf9, 0x0d, 0xa4, 0xf7, 0x4e, 0x80,
-+ 0x92, 0x67, 0x48, 0x40, 0xa7, 0x08, 0xc7, 0xbc, 0x66, 0x00, 0xfd, 0xf7,
-+ 0x4c, 0x8b, 0x17, 0x6e, 0xd1, 0x8f, 0x9b, 0xf3, 0x6f, 0xf6, 0x34, 0xdd,
-+ 0x67, 0xf7, 0x68, 0xdd
-+};
-+
-+/* SHA-512 No PR */
-+__fips_constseg static const unsigned char sha512_entropyinput[] = {
-+ 0xb6, 0x0b, 0xb7, 0xbc, 0x84, 0x56, 0xf6, 0x12, 0xaf, 0x45, 0x67, 0x17,
-+ 0x7c, 0xd1, 0xb2, 0x78, 0x2b, 0xa0, 0xf2, 0xbe, 0xb6, 0x6d, 0x8b, 0x56,
-+ 0xc6, 0xbc, 0x4d, 0xe1, 0xf7, 0xbe, 0xce, 0xbd
-+};
-+
-+__fips_constseg static const unsigned char sha512_nonce[] = {
-+ 0x9d, 0xed, 0xc0, 0xe5, 0x5a, 0x98, 0x6a, 0xcb, 0x51, 0x7d, 0x76, 0x31,
-+ 0x5a, 0x64, 0xf0, 0xf7
-+};
-+
-+__fips_constseg static const unsigned char sha512_personalizationstring[] = {
-+ 0xc2, 0x6d, 0xa3, 0xc3, 0x06, 0x74, 0xe5, 0x01, 0x5c, 0x10, 0x17, 0xc7,
-+ 0xaf, 0x83, 0x9d, 0x59, 0x8d, 0x2d, 0x29, 0x38, 0xc5, 0x59, 0x70, 0x8b,
-+ 0x46, 0x48, 0x2d, 0xcf, 0x36, 0x7d, 0x59, 0xc0
-+};
-+
-+__fips_constseg static const unsigned char sha512_additionalinput[] = {
-+ 0xec, 0x8c, 0xd4, 0xf7, 0x61, 0x6e, 0x0d, 0x95, 0x79, 0xb7, 0x28, 0xad,
-+ 0x5f, 0x69, 0x74, 0x5f, 0x2d, 0x36, 0x06, 0x8a, 0x6b, 0xac, 0x54, 0x97,
-+ 0xc4, 0xa1, 0x12, 0x85, 0x0a, 0xdf, 0x4b, 0x34
-+};
-+
-+__fips_constseg static const unsigned char sha512_int_returnedbits[] = {
-+ 0x84, 0x2f, 0x1f, 0x68, 0x6a, 0xa3, 0xad, 0x1e, 0xfb, 0xf4, 0x15, 0xbd,
-+ 0xde, 0x38, 0xd4, 0x30, 0x80, 0x51, 0xe9, 0xd3, 0xc7, 0x20, 0x88, 0xe9,
-+ 0xf5, 0xcc, 0xdf, 0x57, 0x5c, 0x47, 0x2f, 0x57, 0x3c, 0x5f, 0x13, 0x56,
-+ 0xcc, 0xc5, 0x4f, 0x84, 0xf8, 0x10, 0x41, 0xd5, 0x7e, 0x58, 0x6e, 0x19,
-+ 0x19, 0x9e, 0xaf, 0xc2, 0x22, 0x58, 0x41, 0x50, 0x79, 0xc2, 0xd8, 0x04,
-+ 0x28, 0xd4, 0x39, 0x9a
-+};
-+
-+__fips_constseg static const unsigned char sha512_entropyinputreseed[] = {
-+ 0xfa, 0x7f, 0x46, 0x51, 0x83, 0x62, 0x98, 0x16, 0x9a, 0x19, 0xa2, 0x49,
-+ 0xa9, 0xe6, 0x4a, 0xd8, 0x85, 0xe7, 0xd4, 0x3b, 0x2c, 0x82, 0xc5, 0x82,
-+ 0xbf, 0x11, 0xf9, 0x9e, 0xbc, 0xd0, 0x01, 0xee
-+};
-+
-+__fips_constseg static const unsigned char sha512_additionalinputreseed[] = {
-+ 0xb9, 0x12, 0xe0, 0x4f, 0xf7, 0xa7, 0xc4, 0xd8, 0xd0, 0x8e, 0x99, 0x29,
-+ 0x7c, 0x9a, 0xe9, 0xcf, 0xc4, 0x6c, 0xf8, 0xc3, 0xa7, 0x41, 0x83, 0xd6,
-+ 0x2e, 0xfa, 0xb8, 0x5e, 0x8e, 0x6b, 0x78, 0x20
-+};
-+
-+__fips_constseg static const unsigned char sha512_additionalinput2[] = {
-+ 0xd7, 0x07, 0x52, 0xb9, 0x83, 0x2c, 0x03, 0x71, 0xee, 0xc9, 0xc0, 0x85,
-+ 0xe1, 0x57, 0xb2, 0xcd, 0x3a, 0xf0, 0xc9, 0x34, 0x24, 0x41, 0x1c, 0x42,
-+ 0x99, 0xb2, 0x84, 0xe9, 0x17, 0xd2, 0x76, 0x92
-+};
-+
-+__fips_constseg static const unsigned char sha512_returnedbits[] = {
-+ 0x36, 0x17, 0x5d, 0x98, 0x2b, 0x65, 0x25, 0x8e, 0xc8, 0x29, 0xdf, 0x27,
-+ 0x05, 0x36, 0x26, 0x12, 0x8a, 0x68, 0x74, 0x27, 0x37, 0xd4, 0x7f, 0x32,
-+ 0xb1, 0x12, 0xd6, 0x85, 0x83, 0xeb, 0x2e, 0xa0, 0xed, 0x4b, 0xb5, 0x7b,
-+ 0x6f, 0x39, 0x3c, 0x71, 0x77, 0x02, 0x12, 0xcc, 0x2c, 0x3a, 0x8e, 0x63,
-+ 0xdf, 0x4a, 0xbd, 0x6f, 0x6e, 0x2e, 0xed, 0x0a, 0x85, 0xa5, 0x2f, 0xa2,
-+ 0x68, 0xde, 0x42, 0xb5
-+};
-+
-+/* HMAC SHA-1 PR */
-+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinput[] = {
-+ 0x26, 0x5f, 0x36, 0x14, 0xff, 0x3d, 0x83, 0xfa, 0x73, 0x5e, 0x75, 0xdc,
-+ 0x2c, 0x18, 0x17, 0x1b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_nonce[] = {
-+ 0xc8, 0xe3, 0x57, 0xa5, 0x7b, 0x74, 0x86, 0x6e
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha1_pr_personalizationstring[] = {
-+ 0x6e, 0xdb, 0x0d, 0xfe, 0x7d, 0xac, 0x79, 0xd0, 0xa5, 0x3a, 0x48, 0x85,
-+ 0x80, 0xe2, 0x7f, 0x2a
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput[] = {
-+ 0x31, 0xcd, 0x5e, 0x43, 0xdc, 0xfb, 0x7a, 0x79, 0xca, 0x88, 0xde, 0x1f,
-+ 0xd7, 0xbb, 0x42, 0x09
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr[] = {
-+ 0x7c, 0x23, 0x95, 0x38, 0x00, 0x95, 0xc1, 0x78, 0x1f, 0x8f, 0xd7, 0x63,
-+ 0x23, 0x87, 0x2a, 0xed
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_int_returnedbits[] = {
-+ 0xbb, 0x34, 0xe7, 0x93, 0xa3, 0x02, 0x2c, 0x4a, 0xd0, 0x89, 0xda, 0x7f,
-+ 0xed, 0xf4, 0x4c, 0xde, 0x17, 0xec, 0xe5, 0x6c
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput2[] = {
-+ 0x49, 0xbc, 0x2d, 0x2c, 0xb7, 0x32, 0xcb, 0x20, 0xdf, 0xf5, 0x77, 0x58,
-+ 0xa0, 0x4b, 0x93, 0x6e
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr2[] = {
-+ 0x3c, 0xaa, 0xb0, 0x21, 0x42, 0xb0, 0xdd, 0x34, 0xf0, 0x16, 0x7f, 0x0c,
-+ 0x0f, 0xff, 0x2e, 0xaf
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_pr_returnedbits[] = {
-+ 0x8e, 0xcb, 0xa3, 0x64, 0xb2, 0xb8, 0x33, 0x6c, 0x64, 0x3b, 0x78, 0x16,
-+ 0x99, 0x35, 0xc8, 0x30, 0xcb, 0x3e, 0xa0, 0xd8
-+};
-+
-+/* HMAC SHA-1 No PR */
-+__fips_constseg static const unsigned char hmac_sha1_entropyinput[] = {
-+ 0x32, 0x9a, 0x2a, 0x87, 0x7b, 0x89, 0x7c, 0xf6, 0xcb, 0x95, 0xd5, 0x40,
-+ 0x17, 0xfe, 0x47, 0x70
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_nonce[] = {
-+ 0x16, 0xd8, 0xe0, 0xc7, 0x52, 0xcf, 0x4a, 0x25
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_personalizationstring[] = {
-+ 0x35, 0x35, 0xa9, 0xa5, 0x40, 0xbe, 0x9b, 0xd1, 0x56, 0xdd, 0x44, 0x00,
-+ 0x72, 0xf7, 0xd3, 0x5e
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_additionalinput[] = {
-+ 0x1b, 0x2c, 0x84, 0x2d, 0x4a, 0x89, 0x8f, 0x69, 0x19, 0xf1, 0xf3, 0xdb,
-+ 0xbb, 0xe3, 0xaa, 0xea
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_int_returnedbits[] = {
-+ 0xcf, 0xfa, 0x7d, 0x72, 0x0f, 0xe6, 0xc7, 0x96, 0xa0, 0x69, 0x31, 0x11,
-+ 0x9b, 0x0b, 0x1a, 0x20, 0x1f, 0x3f, 0xaa, 0xd1
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_entropyinputreseed[] = {
-+ 0x90, 0x75, 0x15, 0x04, 0x95, 0xf1, 0xba, 0x81, 0x0c, 0x37, 0x94, 0x6f,
-+ 0x86, 0x52, 0x6d, 0x9c
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_additionalinputreseed[] = {
-+ 0x5b, 0x40, 0xba, 0x5f, 0x17, 0x70, 0xf0, 0x4b, 0xdf, 0xc9, 0x97, 0x92,
-+ 0x79, 0xc5, 0x82, 0x28
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_additionalinput2[] = {
-+ 0x97, 0xc8, 0x80, 0x90, 0xb3, 0xaa, 0x6e, 0x60, 0xea, 0x83, 0x7a, 0xe3,
-+ 0x8a, 0xca, 0xa4, 0x7f
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha1_returnedbits[] = {
-+ 0x90, 0xbd, 0x05, 0x56, 0x6d, 0xb5, 0x22, 0xd5, 0xb9, 0x5a, 0x29, 0x2d,
-+ 0xe9, 0x0b, 0xe1, 0xac, 0xde, 0x27, 0x0b, 0xb0
-+};
-+
-+/* HMAC SHA-224 PR */
-+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinput[] = {
-+ 0x17, 0x32, 0x2b, 0x2e, 0x6f, 0x1b, 0x9c, 0x6d, 0x31, 0xe0, 0x34, 0x07,
-+ 0xcf, 0xed, 0xf6, 0xb6, 0x5a, 0x76, 0x4c, 0xbc, 0x62, 0x85, 0x01, 0x90
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_nonce[] = {
-+ 0x38, 0xbf, 0x5f, 0x20, 0xb3, 0x68, 0x2f, 0x43, 0x61, 0x05, 0x8f, 0x23
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha224_pr_personalizationstring[] = {
-+ 0xc0, 0xc9, 0x45, 0xac, 0x8d, 0x27, 0x77, 0x08, 0x0b, 0x17, 0x6d, 0xed,
-+ 0xc1, 0x7d, 0xd5, 0x07, 0x9d, 0x6e, 0xf8, 0x23, 0x2a, 0x22, 0x13, 0xbd
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput[] = {
-+ 0xa4, 0x3c, 0xe7, 0x3b, 0xea, 0x19, 0x45, 0x32, 0xc2, 0x83, 0x6d, 0x21,
-+ 0x8a, 0xc0, 0xee, 0x67, 0x45, 0xde, 0x13, 0x7d, 0x9d, 0x61, 0x00, 0x3b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr[] = {
-+ 0x15, 0x05, 0x74, 0x4a, 0x7f, 0x8d, 0x5c, 0x60, 0x16, 0xe5, 0x7b, 0xad,
-+ 0xf5, 0x41, 0x8f, 0x55, 0x60, 0xc4, 0x09, 0xee, 0x1e, 0x11, 0x81, 0xab
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_int_returnedbits[] = {
-+ 0x6f, 0xf5, 0x9a, 0xe2, 0x54, 0x53, 0x30, 0x3d, 0x5a, 0x27, 0x29, 0x38,
-+ 0x27, 0xf2, 0x0d, 0x05, 0xe9, 0x26, 0xcb, 0x16, 0xc3, 0x51, 0x5f, 0x13,
-+ 0x41, 0xfe, 0x99, 0xf2
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput2[] = {
-+ 0x73, 0x81, 0x88, 0x84, 0x8f, 0xed, 0x6f, 0x10, 0x9f, 0x93, 0xbf, 0x17,
-+ 0x35, 0x7c, 0xef, 0xd5, 0x8d, 0x26, 0xa6, 0x7a, 0xe8, 0x09, 0x36, 0x4f
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr2[] = {
-+ 0xe6, 0xcf, 0xcf, 0x7e, 0x12, 0xe5, 0x43, 0xd2, 0x38, 0xd8, 0x24, 0x6f,
-+ 0x5a, 0x37, 0x68, 0xbf, 0x4f, 0xa0, 0xff, 0xd5, 0x61, 0x8a, 0x93, 0xe0
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_pr_returnedbits[] = {
-+ 0xaf, 0xf9, 0xd8, 0x19, 0x91, 0x30, 0x82, 0x6f, 0xa9, 0x1e, 0x9d, 0xd7,
-+ 0xf3, 0x50, 0xe0, 0xc7, 0xd5, 0x64, 0x96, 0x7d, 0x4c, 0x4d, 0x78, 0x03,
-+ 0x6d, 0xd8, 0x9e, 0x72
-+};
-+
-+/* HMAC SHA-224 No PR */
-+__fips_constseg static const unsigned char hmac_sha224_entropyinput[] = {
-+ 0x11, 0x82, 0xfd, 0xd9, 0x42, 0xf4, 0xfa, 0xc8, 0xf2, 0x41, 0xe6, 0x54,
-+ 0x01, 0xae, 0x22, 0x6e, 0xc6, 0xaf, 0xaf, 0xd0, 0xa6, 0xb2, 0xe2, 0x6d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_nonce[] = {
-+ 0xa9, 0x48, 0xd7, 0x92, 0x39, 0x7e, 0x2a, 0xdc, 0x30, 0x1f, 0x0e, 0x2b
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha224_personalizationstring[] = {
-+ 0x11, 0xd5, 0xf4, 0xbd, 0x67, 0x8c, 0x31, 0xcf, 0xa3, 0x3f, 0x1e, 0x6b,
-+ 0xa8, 0x07, 0x02, 0x0b, 0xc8, 0x2e, 0x6c, 0x64, 0x41, 0x5b, 0xc8, 0x37
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_additionalinput[] = {
-+ 0x68, 0x18, 0xc2, 0x06, 0xeb, 0x3e, 0x04, 0x95, 0x44, 0x5e, 0xfb, 0xe6,
-+ 0x41, 0xc1, 0x5c, 0xcc, 0x40, 0x2f, 0xb7, 0xd2, 0x0f, 0xf3, 0x6b, 0xe7
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_int_returnedbits[] = {
-+ 0x7f, 0x45, 0xc7, 0x5d, 0x32, 0xe6, 0x17, 0x60, 0xba, 0xdc, 0xb8, 0x42,
-+ 0x1b, 0x9c, 0xf1, 0xfa, 0x3b, 0x4d, 0x29, 0x54, 0xc6, 0x90, 0xff, 0x5c,
-+ 0xcd, 0xd6, 0xa9, 0xcc
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_entropyinputreseed[] = {
-+ 0xc4, 0x8e, 0x37, 0x95, 0x69, 0x53, 0x28, 0xd7, 0x37, 0xbb, 0x70, 0x95,
-+ 0x1c, 0x07, 0x1d, 0xd9, 0xb7, 0xe6, 0x1b, 0xbb, 0xfe, 0x41, 0xeb, 0xc9
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha224_additionalinputreseed[] = {
-+ 0x53, 0x17, 0xa1, 0x6a, 0xfa, 0x77, 0x47, 0xb0, 0x95, 0x56, 0x9a, 0x20,
-+ 0x57, 0xde, 0x5c, 0x89, 0x9f, 0x7f, 0xe2, 0xde, 0x17, 0x3a, 0x50, 0x23
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_additionalinput2[] = {
-+ 0x3a, 0x32, 0xf9, 0x85, 0x0c, 0xc1, 0xed, 0x76, 0x2d, 0xdf, 0x40, 0xc3,
-+ 0x06, 0x22, 0x66, 0xd4, 0x9a, 0x9a, 0xff, 0x5a, 0x7e, 0x7a, 0xf3, 0x96
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha224_returnedbits[] = {
-+ 0x43, 0xb4, 0x57, 0x5c, 0x38, 0x25, 0x9d, 0xae, 0xec, 0x96, 0xd1, 0x85,
-+ 0x3a, 0x84, 0x8d, 0xfe, 0x68, 0xd5, 0x0e, 0x5c, 0x8f, 0x65, 0xa5, 0x4e,
-+ 0x45, 0x84, 0xa8, 0x94
-+};
-+
-+/* HMAC SHA-256 PR */
-+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinput[] = {
-+ 0x4d, 0xb0, 0x43, 0xd8, 0x34, 0x4b, 0x10, 0x70, 0xb1, 0x8b, 0xed, 0xea,
-+ 0x07, 0x92, 0x9f, 0x6c, 0x79, 0x31, 0xaf, 0x81, 0x29, 0xeb, 0x6e, 0xca,
-+ 0x32, 0x48, 0x28, 0xe7, 0x02, 0x5d, 0xa6, 0xa6
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_nonce[] = {
-+ 0x3a, 0xae, 0x15, 0xa9, 0x99, 0xdc, 0xe4, 0x67, 0x34, 0x3b, 0x70, 0x15,
-+ 0xaa, 0xd3, 0x30, 0x9a
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha256_pr_personalizationstring[] = {
-+ 0x13, 0x1d, 0x24, 0x04, 0xb0, 0x18, 0x81, 0x15, 0x21, 0x51, 0x2a, 0x24,
-+ 0x52, 0x61, 0xbe, 0x64, 0x82, 0x6b, 0x55, 0x2f, 0xe2, 0xf1, 0x40, 0x7d,
-+ 0x71, 0xd8, 0x01, 0x86, 0x15, 0xb7, 0x8b, 0xb5
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput[] = {
-+ 0x8f, 0xa6, 0x54, 0x5f, 0xb1, 0xd0, 0xd8, 0xc3, 0xe7, 0x0c, 0x15, 0xa9,
-+ 0x23, 0x6e, 0xfe, 0xfb, 0x93, 0xf7, 0x3a, 0xbd, 0x59, 0x01, 0xfa, 0x18,
-+ 0x8e, 0xe9, 0x1a, 0xa9, 0x78, 0xfc, 0x79, 0x0b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr[] = {
-+ 0xcf, 0x24, 0xb9, 0xeb, 0xb3, 0xd4, 0xcd, 0x17, 0x37, 0x38, 0x75, 0x79,
-+ 0x15, 0xcb, 0x2d, 0x75, 0x51, 0xf1, 0xcc, 0xaa, 0x32, 0xa4, 0xa7, 0x36,
-+ 0x7c, 0x5c, 0xe4, 0x47, 0xf1, 0x3e, 0x1d, 0xe5
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_int_returnedbits[] = {
-+ 0x52, 0x42, 0xfa, 0xeb, 0x85, 0xe0, 0x30, 0x22, 0x79, 0x00, 0x16, 0xb2,
-+ 0x88, 0x2f, 0x14, 0x6a, 0xb7, 0xfc, 0xb7, 0x53, 0xdc, 0x4a, 0x12, 0xef,
-+ 0x54, 0xd6, 0x33, 0xe9, 0x20, 0xd6, 0xfd, 0x56
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput2[] = {
-+ 0xf4, 0xf6, 0x49, 0xa1, 0x2d, 0x64, 0x2b, 0x30, 0x58, 0xf8, 0xbd, 0xb8,
-+ 0x75, 0xeb, 0xbb, 0x5e, 0x1c, 0x9b, 0x81, 0x6a, 0xda, 0x14, 0x86, 0x6e,
-+ 0xd0, 0xda, 0x18, 0xb7, 0x88, 0xfb, 0x59, 0xf3
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr2[] = {
-+ 0x21, 0xcd, 0x6e, 0x46, 0xad, 0x99, 0x07, 0x17, 0xb4, 0x3d, 0x76, 0x0a,
-+ 0xff, 0x5b, 0x52, 0x50, 0x78, 0xdf, 0x1f, 0x24, 0x06, 0x0d, 0x3f, 0x74,
-+ 0xa9, 0xc9, 0x37, 0xcf, 0xd8, 0x26, 0x25, 0x91
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_pr_returnedbits[] = {
-+ 0xa7, 0xaf, 0x2f, 0x29, 0xe0, 0x3a, 0x72, 0x95, 0x96, 0x1c, 0xa9, 0xf0,
-+ 0x4a, 0x17, 0x4d, 0x66, 0x06, 0x10, 0xbf, 0x39, 0x89, 0x88, 0xb8, 0x91,
-+ 0x37, 0x18, 0x99, 0xcf, 0x8c, 0x53, 0x3b, 0x7e
-+};
-+
-+/* HMAC SHA-256 No PR */
-+__fips_constseg static const unsigned char hmac_sha256_entropyinput[] = {
-+ 0x96, 0xb7, 0x53, 0x22, 0x1e, 0x52, 0x2a, 0x96, 0xb1, 0x15, 0x3c, 0x35,
-+ 0x5a, 0x8b, 0xd3, 0x4a, 0xa6, 0x6c, 0x83, 0x0a, 0x7d, 0xa3, 0x23, 0x3d,
-+ 0x43, 0xa1, 0x07, 0x2c, 0x2d, 0xe3, 0x81, 0xcc
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_nonce[] = {
-+ 0xf1, 0xac, 0x97, 0xcb, 0x5e, 0x06, 0x48, 0xd2, 0x94, 0xbe, 0x15, 0x2e,
-+ 0xc7, 0xfc, 0xc2, 0x01
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha256_personalizationstring[] = {
-+ 0x98, 0xc5, 0x1e, 0x35, 0x5e, 0x89, 0x0d, 0xce, 0x64, 0x6d, 0x18, 0xa7,
-+ 0x5a, 0xc6, 0xf3, 0xe7, 0xd6, 0x9e, 0xc0, 0xea, 0xb7, 0x3a, 0x8d, 0x65,
-+ 0xb8, 0xeb, 0x10, 0xd7, 0x57, 0x18, 0xa0, 0x32
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_additionalinput[] = {
-+ 0x1b, 0x10, 0xaf, 0xac, 0xd0, 0x65, 0x95, 0xad, 0x04, 0xad, 0x03, 0x1c,
-+ 0xe0, 0x40, 0xd6, 0x3e, 0x1c, 0x46, 0x53, 0x39, 0x7c, 0xe2, 0xbc, 0xda,
-+ 0x8c, 0xa2, 0x33, 0xa7, 0x9a, 0x26, 0xd3, 0x27
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_int_returnedbits[] = {
-+ 0xba, 0x61, 0x0e, 0x55, 0xfe, 0x11, 0x8a, 0x9e, 0x0f, 0x80, 0xdf, 0x1d,
-+ 0x03, 0x0a, 0xfe, 0x15, 0x94, 0x28, 0x4b, 0xba, 0xf4, 0x9f, 0x51, 0x25,
-+ 0x88, 0xe5, 0x4e, 0xfb, 0xaf, 0xce, 0x69, 0x90
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_entropyinputreseed[] = {
-+ 0x62, 0x7f, 0x1e, 0x6b, 0xe8, 0x8e, 0xe1, 0x35, 0x7d, 0x9b, 0x4f, 0xc7,
-+ 0xec, 0xc8, 0xac, 0xef, 0x6b, 0x13, 0x9e, 0x05, 0x56, 0xc1, 0x08, 0xf9,
-+ 0x2f, 0x0f, 0x27, 0x9c, 0xd4, 0x15, 0xed, 0x2d
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha256_additionalinputreseed[] = {
-+ 0xc7, 0x76, 0x6e, 0xa9, 0xd2, 0xb2, 0x76, 0x40, 0x82, 0x25, 0x2c, 0xb3,
-+ 0x6f, 0xac, 0xe9, 0x74, 0xef, 0x8f, 0x3c, 0x8e, 0xcd, 0xf1, 0xbf, 0xb3,
-+ 0x49, 0x77, 0x34, 0x88, 0x52, 0x36, 0xe6, 0x2e
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_additionalinput2[] = {
-+ 0x8d, 0xb8, 0x0c, 0xd1, 0xbf, 0x70, 0xf6, 0x19, 0xc3, 0x41, 0x80, 0x9f,
-+ 0xe1, 0xa5, 0xa4, 0x1f, 0x2c, 0x26, 0xb1, 0xe5, 0xd8, 0xeb, 0xbe, 0xf8,
-+ 0xdf, 0x88, 0x6a, 0x89, 0xd6, 0x05, 0xd8, 0x9d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha256_returnedbits[] = {
-+ 0x43, 0x12, 0x2a, 0x2c, 0x40, 0x53, 0x2e, 0x7c, 0x66, 0x34, 0xac, 0xc3,
-+ 0x43, 0xe3, 0xe0, 0x6a, 0xfc, 0xfa, 0xea, 0x87, 0x21, 0x1f, 0xe2, 0x26,
-+ 0xc4, 0xf9, 0x09, 0x9a, 0x0d, 0x6e, 0x7f, 0xe0
-+};
-+
-+/* HMAC SHA-384 PR */
-+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinput[] = {
-+ 0x69, 0x81, 0x98, 0x88, 0x44, 0xf5, 0xd6, 0x2e, 0x00, 0x08, 0x3b, 0xc5,
-+ 0xfb, 0xd7, 0x8e, 0x6f, 0x23, 0xf8, 0x6d, 0x09, 0xd6, 0x85, 0x49, 0xd1,
-+ 0xf8, 0x6d, 0xa4, 0x58, 0x54, 0xfd, 0x88, 0xa9
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_nonce[] = {
-+ 0x6e, 0x38, 0x81, 0xca, 0xb7, 0xe8, 0x6e, 0x66, 0x49, 0x8a, 0xb2, 0x59,
-+ 0xee, 0x16, 0xc9, 0xde
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha384_pr_personalizationstring[] = {
-+ 0xfe, 0x4c, 0xd9, 0xf4, 0x78, 0x3b, 0x08, 0x41, 0x8d, 0x8f, 0x55, 0xc4,
-+ 0x43, 0x56, 0xb6, 0x12, 0x36, 0x6b, 0x30, 0xb7, 0x5e, 0xe1, 0xb9, 0x47,
-+ 0x04, 0xb1, 0x4e, 0xa9, 0x00, 0xa1, 0x52, 0xa1
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput[] = {
-+ 0x89, 0xe9, 0xcc, 0x8f, 0x27, 0x3c, 0x26, 0xd1, 0x95, 0xc8, 0x7d, 0x0f,
-+ 0x5b, 0x1a, 0xf0, 0x78, 0x39, 0x56, 0x6f, 0xa4, 0x23, 0xe7, 0xd1, 0xda,
-+ 0x7c, 0x66, 0x33, 0xa0, 0x90, 0xc9, 0x92, 0x88
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr[] = {
-+ 0xbe, 0x3d, 0x7c, 0x0d, 0xca, 0xda, 0x7c, 0x49, 0xb8, 0x12, 0x36, 0xc0,
-+ 0xdb, 0xad, 0x35, 0xa8, 0xc7, 0x0b, 0x2a, 0x2c, 0x69, 0x6d, 0x25, 0x56,
-+ 0x63, 0x82, 0x11, 0x3e, 0xa7, 0x33, 0x70, 0x72
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_int_returnedbits[] = {
-+ 0x82, 0x3d, 0xe6, 0x54, 0x80, 0x42, 0xf8, 0xba, 0x90, 0x4f, 0x06, 0xa6,
-+ 0xd2, 0x7f, 0xbf, 0x79, 0x7c, 0x12, 0x7d, 0xa6, 0xa2, 0x66, 0xe8, 0xa6,
-+ 0xc0, 0xd6, 0x4a, 0x55, 0xbf, 0xd8, 0x0a, 0xc5, 0xf8, 0x03, 0x88, 0xdd,
-+ 0x8e, 0x87, 0xd1, 0x5a, 0x48, 0x26, 0x72, 0x2a, 0x8e, 0xcf, 0xee, 0xba
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput2[] = {
-+ 0x8f, 0xff, 0xd9, 0x84, 0xbb, 0x85, 0x3a, 0x66, 0xa1, 0x21, 0xce, 0xb2,
-+ 0x3a, 0x3a, 0x17, 0x22, 0x19, 0xae, 0xc7, 0xb6, 0x63, 0x81, 0xd5, 0xff,
-+ 0x0d, 0xc8, 0xe1, 0xaf, 0x57, 0xd2, 0xcb, 0x60
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr2[] = {
-+ 0xd7, 0xfb, 0xc9, 0xe8, 0xe2, 0xf2, 0xaa, 0x4c, 0xb8, 0x51, 0x2f, 0xe1,
-+ 0x22, 0xba, 0xf3, 0xda, 0x0a, 0x19, 0x76, 0x71, 0x57, 0xb2, 0x1d, 0x94,
-+ 0x09, 0x69, 0x6c, 0xd3, 0x97, 0x51, 0x81, 0x87
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_pr_returnedbits[] = {
-+ 0xe6, 0x19, 0x28, 0xa8, 0x21, 0xce, 0x5e, 0xdb, 0x24, 0x79, 0x8c, 0x76,
-+ 0x5d, 0x73, 0xb2, 0xdf, 0xac, 0xef, 0x85, 0xa7, 0x3b, 0x19, 0x09, 0x8b,
-+ 0x7f, 0x98, 0x28, 0xa9, 0x93, 0xd8, 0x7a, 0xad, 0x55, 0x8b, 0x24, 0x9d,
-+ 0xe6, 0x98, 0xfe, 0x47, 0xd5, 0x48, 0xc1, 0x23, 0xd8, 0x1d, 0x62, 0x75
-+};
-+
-+/* HMAC SHA-384 No PR */
-+__fips_constseg static const unsigned char hmac_sha384_entropyinput[] = {
-+ 0xc3, 0x56, 0x2b, 0x1d, 0xc2, 0xbb, 0xa8, 0xf0, 0xae, 0x1b, 0x0d, 0xd3,
-+ 0x5a, 0x6c, 0xda, 0x57, 0x8e, 0xa5, 0x8a, 0x0d, 0x6c, 0x4b, 0x18, 0xb1,
-+ 0x04, 0x3e, 0xb4, 0x99, 0x35, 0xc4, 0xc0, 0x5f
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_nonce[] = {
-+ 0xc5, 0x49, 0x1e, 0x66, 0x27, 0x92, 0xbe, 0xec, 0xb5, 0x1e, 0x4b, 0xb1,
-+ 0x38, 0xe3, 0xeb, 0x62
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha384_personalizationstring[] = {
-+ 0xbe, 0xe7, 0x6b, 0x57, 0xde, 0x88, 0x11, 0x96, 0x9b, 0x6e, 0xea, 0xe5,
-+ 0x63, 0x83, 0x4c, 0xb6, 0x8d, 0x66, 0xaa, 0x1f, 0x8b, 0x54, 0xe7, 0x62,
-+ 0x6d, 0x5a, 0xfc, 0xbf, 0x97, 0xba, 0xcd, 0x77
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_additionalinput[] = {
-+ 0xe5, 0x28, 0x5f, 0x43, 0xf5, 0x83, 0x6e, 0x0a, 0x83, 0x5c, 0xe3, 0x81,
-+ 0x03, 0xf2, 0xf8, 0x78, 0x00, 0x7c, 0x95, 0x87, 0x16, 0xd6, 0x6c, 0x58,
-+ 0x33, 0x6c, 0x53, 0x35, 0x0d, 0x66, 0xe3, 0xce
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_int_returnedbits[] = {
-+ 0xe2, 0x1f, 0xf3, 0xda, 0x0d, 0x19, 0x99, 0x87, 0xc4, 0x90, 0xa2, 0x31,
-+ 0xca, 0x2a, 0x89, 0x58, 0x43, 0x44, 0xb8, 0xde, 0xcf, 0xa4, 0xbe, 0x3b,
-+ 0x53, 0x26, 0x22, 0x31, 0x76, 0x41, 0x22, 0xb5, 0xa8, 0x70, 0x2f, 0x4b,
-+ 0x64, 0x95, 0x4d, 0x48, 0x96, 0x35, 0xe6, 0xbd, 0x3c, 0x34, 0xdb, 0x1b
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_entropyinputreseed[] = {
-+ 0x77, 0x61, 0xba, 0xbc, 0xf2, 0xc1, 0xf3, 0x4b, 0x86, 0x65, 0xfd, 0x48,
-+ 0x0e, 0x3c, 0x02, 0x5e, 0xa2, 0x7a, 0x6b, 0x7c, 0xed, 0x21, 0x5e, 0xf9,
-+ 0xcd, 0xcd, 0x77, 0x07, 0x2b, 0xbe, 0xc5, 0x5c
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha384_additionalinputreseed[] = {
-+ 0x18, 0x24, 0x5f, 0xc6, 0x84, 0xd1, 0x67, 0xc3, 0x9a, 0x11, 0xa5, 0x8c,
-+ 0x07, 0x39, 0x21, 0x83, 0x4d, 0x04, 0xc4, 0x6a, 0x28, 0x19, 0xcf, 0x92,
-+ 0x21, 0xd9, 0x9e, 0x41, 0x72, 0x6c, 0x9e, 0x63
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_additionalinput2[] = {
-+ 0x96, 0x67, 0x41, 0x28, 0x9b, 0xb7, 0x92, 0x8d, 0x64, 0x3b, 0xe4, 0xcf,
-+ 0x7e, 0xaa, 0x1e, 0xb1, 0x4b, 0x1d, 0x09, 0x56, 0x67, 0x9c, 0xc6, 0x6d,
-+ 0x3b, 0xe8, 0x91, 0x9d, 0xe1, 0x8a, 0xb7, 0x32
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha384_returnedbits[] = {
-+ 0xe3, 0x59, 0x61, 0x38, 0x92, 0xec, 0xe2, 0x3c, 0xff, 0xb7, 0xdb, 0x19,
-+ 0x0f, 0x5b, 0x93, 0x68, 0x0d, 0xa4, 0x94, 0x40, 0x72, 0x0b, 0xe0, 0xed,
-+ 0x4d, 0xcd, 0x68, 0xa0, 0x1e, 0xfe, 0x67, 0xb2, 0xfa, 0x21, 0x56, 0x74,
-+ 0xa4, 0xad, 0xcf, 0xb7, 0x60, 0x66, 0x2e, 0x40, 0xde, 0x82, 0xca, 0xfb
-+};
-+
-+/* HMAC SHA-512 PR */
-+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinput[] = {
-+ 0xaa, 0x9e, 0x45, 0x67, 0x0e, 0x00, 0x2a, 0x67, 0x98, 0xd6, 0xda, 0x0b,
-+ 0x0f, 0x17, 0x7e, 0xac, 0xfd, 0x27, 0xc4, 0xca, 0x84, 0xdf, 0xde, 0xba,
-+ 0x85, 0xd9, 0xbe, 0x8f, 0xf3, 0xff, 0x91, 0x4d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_nonce[] = {
-+ 0x8c, 0x49, 0x2f, 0x58, 0x1e, 0x7a, 0xda, 0x4b, 0x7e, 0x8a, 0x30, 0x7b,
-+ 0x86, 0xea, 0xaf, 0xa2
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha512_pr_personalizationstring[] = {
-+ 0x71, 0xe1, 0xbb, 0xad, 0xa7, 0x4b, 0x2e, 0x31, 0x3b, 0x0b, 0xec, 0x24,
-+ 0x99, 0x38, 0xbc, 0xaa, 0x05, 0x4c, 0x46, 0x44, 0xfa, 0xad, 0x8e, 0x02,
-+ 0xc1, 0x7e, 0xad, 0xec, 0x54, 0xa6, 0xd0, 0xad
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput[] = {
-+ 0x3d, 0x6e, 0xa6, 0xa8, 0x29, 0x2a, 0xb2, 0xf5, 0x98, 0x42, 0xe4, 0x92,
-+ 0x78, 0x22, 0x67, 0xfd, 0x1b, 0x15, 0x1e, 0x29, 0xaa, 0x71, 0x3c, 0x3c,
-+ 0xe7, 0x05, 0x20, 0xa9, 0x29, 0xc6, 0x75, 0x71
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr[] = {
-+ 0xab, 0xb9, 0x16, 0xd8, 0x55, 0x35, 0x54, 0xb7, 0x97, 0x3f, 0x94, 0xbc,
-+ 0x2f, 0x7c, 0x70, 0xc7, 0xd0, 0xed, 0xb7, 0x4b, 0xf7, 0xf6, 0x6c, 0x03,
-+ 0x0c, 0xb0, 0x03, 0xd8, 0xbb, 0x71, 0xd9, 0x10
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_int_returnedbits[] = {
-+ 0x8e, 0xd3, 0xfd, 0x52, 0x9e, 0x83, 0x08, 0x49, 0x18, 0x6e, 0x23, 0x56,
-+ 0x5c, 0x45, 0x93, 0x34, 0x05, 0xe2, 0x98, 0x8f, 0x0c, 0xd4, 0x32, 0x0c,
-+ 0xfd, 0xda, 0x5f, 0x92, 0x3a, 0x8c, 0x81, 0xbd, 0xf6, 0x6c, 0x55, 0xfd,
-+ 0xb8, 0x20, 0xce, 0x8d, 0x97, 0x27, 0xe8, 0xe8, 0xe0, 0xb3, 0x85, 0x50,
-+ 0xa2, 0xc2, 0xb2, 0x95, 0x1d, 0x48, 0xd3, 0x7b, 0x4b, 0x78, 0x13, 0x35,
-+ 0x05, 0x17, 0xbe, 0x0d
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput2[] = {
-+ 0xc3, 0xfc, 0x95, 0xaa, 0x69, 0x06, 0xae, 0x59, 0x41, 0xce, 0x26, 0x08,
-+ 0x29, 0x6d, 0x45, 0xda, 0xe8, 0xb3, 0x6c, 0x95, 0x60, 0x0f, 0x70, 0x2c,
-+ 0x10, 0xba, 0x38, 0x8c, 0xcf, 0x29, 0x99, 0xaa
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr2[] = {
-+ 0x3b, 0x9a, 0x25, 0xce, 0xd7, 0xf9, 0x5c, 0xd1, 0x3a, 0x3e, 0xaa, 0x71,
-+ 0x14, 0x3e, 0x19, 0xe8, 0xce, 0xe6, 0xfe, 0x51, 0x84, 0xe9, 0x1b, 0xfe,
-+ 0x3f, 0xa7, 0xf2, 0xfd, 0x76, 0x5f, 0x6a, 0xe7
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_pr_returnedbits[] = {
-+ 0xb7, 0x82, 0xa9, 0x57, 0x81, 0x67, 0x53, 0xb5, 0xa1, 0xe9, 0x3d, 0x35,
-+ 0xf9, 0xe4, 0x97, 0xbe, 0xa6, 0xca, 0xf1, 0x01, 0x13, 0x09, 0xe7, 0x21,
-+ 0xc0, 0xed, 0x93, 0x5d, 0x4b, 0xf4, 0xeb, 0x8d, 0x53, 0x25, 0x8a, 0xc4,
-+ 0xb1, 0x6f, 0x6e, 0x37, 0xcd, 0x2e, 0xac, 0x39, 0xb2, 0xb6, 0x99, 0xa3,
-+ 0x82, 0x00, 0xb0, 0x21, 0xf0, 0xc7, 0x2f, 0x4c, 0x73, 0x92, 0xfd, 0x00,
-+ 0xb6, 0xaf, 0xbc, 0xd3
-+};
-+
-+/* HMAC SHA-512 No PR */
-+__fips_constseg static const unsigned char hmac_sha512_entropyinput[] = {
-+ 0x6e, 0x85, 0xe6, 0x25, 0x96, 0x29, 0xa7, 0x52, 0x5b, 0x60, 0xba, 0xaa,
-+ 0xde, 0xdb, 0x36, 0x0a, 0x51, 0x9a, 0x15, 0xae, 0x6e, 0x18, 0xd3, 0xfe,
-+ 0x39, 0xb9, 0x4a, 0x96, 0xf8, 0x77, 0xcb, 0x95
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_nonce[] = {
-+ 0xe0, 0xa6, 0x5d, 0x08, 0xc3, 0x7c, 0xae, 0x25, 0x2e, 0x80, 0xd1, 0x3e,
-+ 0xd9, 0xaf, 0x43, 0x3c
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha512_personalizationstring[] = {
-+ 0x53, 0x99, 0x52, 0x5f, 0x11, 0xa9, 0x64, 0x66, 0x20, 0x5e, 0x1b, 0x5f,
-+ 0x42, 0xb3, 0xf4, 0xda, 0xed, 0xbb, 0x63, 0xc1, 0x23, 0xaf, 0xd0, 0x01,
-+ 0x90, 0x3b, 0xd0, 0x78, 0xe4, 0x0b, 0xa7, 0x20
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_additionalinput[] = {
-+ 0x85, 0x90, 0x80, 0xd3, 0x98, 0xf1, 0x53, 0x6d, 0x68, 0x15, 0x8f, 0xe5,
-+ 0x60, 0x3f, 0x17, 0x29, 0x55, 0x8d, 0x33, 0xb1, 0x45, 0x64, 0x64, 0x8d,
-+ 0x50, 0x21, 0x89, 0xae, 0xf6, 0xfd, 0x32, 0x73
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_int_returnedbits[] = {
-+ 0x28, 0x56, 0x30, 0x6f, 0xf4, 0xa1, 0x48, 0xe0, 0xc9, 0xf5, 0x75, 0x90,
-+ 0xcc, 0xfb, 0xdf, 0xdf, 0x71, 0x3d, 0x0a, 0x9a, 0x03, 0x65, 0x3b, 0x18,
-+ 0x61, 0xe3, 0xd1, 0xda, 0xcc, 0x4a, 0xfe, 0x55, 0x38, 0xf8, 0x21, 0x6b,
-+ 0xfa, 0x18, 0x01, 0x42, 0x39, 0x2f, 0x99, 0x53, 0x38, 0x15, 0x82, 0x34,
-+ 0xc5, 0x93, 0x92, 0xbc, 0x4d, 0x75, 0x1a, 0x5f, 0x21, 0x27, 0xcc, 0xa1,
-+ 0xb1, 0x57, 0x69, 0xe8
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_entropyinputreseed[] = {
-+ 0x8c, 0x52, 0x7e, 0x77, 0x72, 0x3f, 0xa3, 0x04, 0x97, 0x10, 0x9b, 0x41,
-+ 0xbd, 0xe8, 0xff, 0x89, 0xed, 0x80, 0xe3, 0xbd, 0xaa, 0x12, 0x2d, 0xca,
-+ 0x75, 0x82, 0x36, 0x77, 0x88, 0xcd, 0xa6, 0x73
-+};
-+
-+__fips_constseg
-+ static const unsigned char hmac_sha512_additionalinputreseed[] = {
-+ 0x7e, 0x32, 0xe3, 0x69, 0x69, 0x07, 0x34, 0xa2, 0x16, 0xa2, 0x5d, 0x1a,
-+ 0x10, 0x91, 0xd3, 0xe2, 0x21, 0xa2, 0xa3, 0xdd, 0xcd, 0x0c, 0x09, 0x86,
-+ 0x11, 0xe1, 0x50, 0xff, 0x5c, 0xb7, 0xeb, 0x5c
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_additionalinput2[] = {
-+ 0x7f, 0x78, 0x66, 0xd8, 0xfb, 0x67, 0xcf, 0x8d, 0x8c, 0x08, 0x30, 0xa5,
-+ 0xf8, 0x7d, 0xcf, 0x44, 0x59, 0xce, 0xf8, 0xdf, 0x58, 0xd3, 0x60, 0xcb,
-+ 0xa8, 0x60, 0xb9, 0x07, 0xc4, 0xb1, 0x95, 0x48
-+};
-+
-+__fips_constseg static const unsigned char hmac_sha512_returnedbits[] = {
-+ 0xdf, 0xa7, 0x36, 0xd4, 0xdc, 0x5d, 0x4d, 0x31, 0xad, 0x69, 0x46, 0x9f,
-+ 0xf1, 0x7c, 0xd7, 0x3b, 0x4f, 0x55, 0xf2, 0xd7, 0xb9, 0x9d, 0xad, 0x7a,
-+ 0x79, 0x08, 0x59, 0xa5, 0xdc, 0x74, 0xf5, 0x9b, 0x73, 0xd2, 0x13, 0x25,
-+ 0x0b, 0x81, 0x08, 0x08, 0x25, 0xfb, 0x39, 0xf2, 0xf0, 0xa3, 0xa4, 0x8d,
-+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
-+ 0xc2, 0xd6, 0xfd, 0xa5
-+};
-diff -up openssl-1.0.2o/crypto/fips/fips_dsa_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_dsa_selftest.c.fips 2018-04-05 16:17:11.940265766
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_dsa_selftest.c 2018-04-05 16:17:11.940265766 +0200
-@@ -0,0 +1,192 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/dsa.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const unsigned char dsa_test_2048_p[] = {
-+ 0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08,
-+ 0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62,
-+ 0x3b, 0x7e, 0x4d, 0x04, 0x44, 0x1d, 0xd1, 0xa0, 0x65, 0x86, 0x62, 0x59,
-+ 0x64, 0x93, 0xca, 0x8e, 0x9e, 0x8f, 0xbb, 0x7e, 0x34, 0xaa, 0xdd, 0xb6,
-+ 0x2e, 0x5d, 0x67, 0xb6, 0xd0, 0x9a, 0x6e, 0x61, 0xb7, 0x69, 0xe7, 0xc3,
-+ 0x52, 0xaa, 0x2b, 0x10, 0xe2, 0x0c, 0xa0, 0x63, 0x69, 0x63, 0xb5, 0x52,
-+ 0x3e, 0x86, 0x47, 0x0d, 0xec, 0xbb, 0xed, 0xa0, 0x27, 0xe7, 0x97, 0xe7,
-+ 0xb6, 0x76, 0x35, 0xd4, 0xd4, 0x9c, 0x30, 0x70, 0x0e, 0x74, 0xaf, 0x8a,
-+ 0x0f, 0xf1, 0x56, 0xa8, 0x01, 0xaf, 0x57, 0xa2, 0x6e, 0x70, 0x78, 0xf1,
-+ 0xd8, 0x2f, 0x74, 0x90, 0x8e, 0xcb, 0x6d, 0x07, 0xe7, 0x0b, 0x35, 0x03,
-+ 0xee, 0xd9, 0x4f, 0xa3, 0x2c, 0xf1, 0x7a, 0x7f, 0xc3, 0xd6, 0xcf, 0x40,
-+ 0xdc, 0x7b, 0x00, 0x83, 0x0e, 0x6a, 0x25, 0x66, 0xdc, 0x07, 0x3e, 0x34,
-+ 0x33, 0x12, 0x51, 0x7c, 0x6a, 0xa5, 0x15, 0x2b, 0x4b, 0xfe, 0xcd, 0x2e,
-+ 0x55, 0x1f, 0xee, 0x34, 0x63, 0x18, 0xa1, 0x53, 0x42, 0x3c, 0x99, 0x6b,
-+ 0x0d, 0x5d, 0xcb, 0x91, 0x02, 0xae, 0xdd, 0x38, 0x79, 0x86, 0x16, 0xf1,
-+ 0xf1, 0xe0, 0xd6, 0xc4, 0x03, 0x52, 0x5b, 0x1f, 0x9b, 0x3d, 0x4d, 0xc7,
-+ 0x66, 0xde, 0x2d, 0xfc, 0x4a, 0x56, 0xd7, 0xb8, 0xba, 0x59, 0x63, 0xd6,
-+ 0x0f, 0x3e, 0x16, 0x31, 0x88, 0x70, 0xad, 0x43, 0x69, 0x52, 0xe5, 0x57,
-+ 0x65, 0x37, 0x4e, 0xab, 0x85, 0xe8, 0xec, 0x17, 0xd6, 0xb9, 0xa4, 0x54,
-+ 0x7b, 0x9b, 0x5f, 0x27, 0x52, 0xf3, 0x10, 0x5b, 0xe8, 0x09, 0xb2, 0x3a,
-+ 0x2c, 0x8d, 0x74, 0x69, 0xdb, 0x02, 0xe2, 0x4d, 0x59, 0x23, 0x94, 0xa7,
-+ 0xdb, 0xa0, 0x69, 0xe9
-+};
-+
-+static const unsigned char dsa_test_2048_q[] = {
-+ 0xd2, 0x77, 0x04, 0x4e, 0x50, 0xf5, 0xa4, 0xe3, 0xf5, 0x10, 0xa5, 0x0a,
-+ 0x0b, 0x84, 0xfd, 0xff, 0xbc, 0xa0, 0x47, 0xed, 0x27, 0x60, 0x20, 0x56,
-+ 0x74, 0x41, 0xa0, 0xa5
-+};
-+
-+static const unsigned char dsa_test_2048_g[] = {
-+ 0x13, 0xd7, 0x54, 0xe2, 0x1f, 0xd2, 0x41, 0x65, 0x5d, 0xa8, 0x91, 0xc5,
-+ 0x22, 0xa6, 0x5a, 0x72, 0xa8, 0x9b, 0xdc, 0x64, 0xec, 0x9b, 0x54, 0xa8,
-+ 0x21, 0xed, 0x4a, 0x89, 0x8b, 0x49, 0x0e, 0x0c, 0x4f, 0xcb, 0x72, 0x19,
-+ 0x2a, 0x4a, 0x20, 0xf5, 0x41, 0xf3, 0xf2, 0x92, 0x53, 0x99, 0xf0, 0xba,
-+ 0xec, 0xf9, 0x29, 0xaa, 0xfb, 0xf7, 0x9d, 0xfe, 0x43, 0x32, 0x39, 0x3b,
-+ 0x32, 0xcd, 0x2e, 0x2f, 0xcf, 0x27, 0x2f, 0x32, 0xa6, 0x27, 0x43, 0x4a,
-+ 0x0d, 0xf2, 0x42, 0xb7, 0x5b, 0x41, 0x4d, 0xf3, 0x72, 0x12, 0x1e, 0x53,
-+ 0xa5, 0x53, 0xf2, 0x22, 0xf8, 0x36, 0xb0, 0x00, 0xf0, 0x16, 0x48, 0x5b,
-+ 0x6b, 0xd0, 0x89, 0x84, 0x51, 0x80, 0x1d, 0xcd, 0x8d, 0xe6, 0x4c, 0xd5,
-+ 0x36, 0x56, 0x96, 0xff, 0xc5, 0x32, 0xd5, 0x28, 0xc5, 0x06, 0x62, 0x0a,
-+ 0x94, 0x2a, 0x03, 0x05, 0x04, 0x6d, 0x8f, 0x18, 0x76, 0x34, 0x1f, 0x1e,
-+ 0x57, 0x0b, 0xc3, 0x97, 0x4b, 0xa6, 0xb9, 0xa4, 0x38, 0xe9, 0x70, 0x23,
-+ 0x02, 0xa2, 0xe6, 0xe6, 0x7b, 0xfd, 0x06, 0xd3, 0x2b, 0xc6, 0x79, 0x96,
-+ 0x22, 0x71, 0xd7, 0xb4, 0x0c, 0xd7, 0x2f, 0x38, 0x6e, 0x64, 0xe0, 0xd7,
-+ 0xef, 0x86, 0xca, 0x8c, 0xa5, 0xd1, 0x42, 0x28, 0xdc, 0x2a, 0x4f, 0x16,
-+ 0xe3, 0x18, 0x98, 0x86, 0xb5, 0x99, 0x06, 0x74, 0xf4, 0x20, 0x0f, 0x3a,
-+ 0x4c, 0xf6, 0x5a, 0x3f, 0x0d, 0xdb, 0xa1, 0xfa, 0x67, 0x2d, 0xff, 0x2f,
-+ 0x5e, 0x14, 0x3d, 0x10, 0xe4, 0xe9, 0x7a, 0xe8, 0x4f, 0x6d, 0xa0, 0x95,
-+ 0x35, 0xd5, 0xb9, 0xdf, 0x25, 0x91, 0x81, 0xa7, 0x9b, 0x63, 0xb0, 0x69,
-+ 0xe9, 0x49, 0x97, 0x2b, 0x02, 0xba, 0x36, 0xb3, 0x58, 0x6a, 0xab, 0x7e,
-+ 0x45, 0xf3, 0x22, 0xf8, 0x2e, 0x4e, 0x85, 0xca, 0x3a, 0xb8, 0x55, 0x91,
-+ 0xb3, 0xc2, 0xa9, 0x66
-+};
-+
-+static const unsigned char dsa_test_2048_pub_key[] = {
-+ 0x24, 0x52, 0xf3, 0xcc, 0xbe, 0x9e, 0xd5, 0xca, 0x7d, 0xc7, 0x4c, 0x60,
-+ 0x2b, 0x99, 0x22, 0x6e, 0x8f, 0x2f, 0xab, 0x38, 0xe7, 0xd7, 0xdd, 0xfb,
-+ 0x75, 0x53, 0x9b, 0x17, 0x15, 0x5e, 0x9f, 0xcf, 0xd1, 0xab, 0xa5, 0x64,
-+ 0xeb, 0x85, 0x35, 0xd8, 0x12, 0xc9, 0xc2, 0xdc, 0xf9, 0x72, 0x84, 0x44,
-+ 0x1b, 0xc4, 0x82, 0x24, 0x36, 0x24, 0xc7, 0xf4, 0x57, 0x58, 0x0c, 0x1c,
-+ 0x38, 0xa5, 0x7c, 0x46, 0xc4, 0x57, 0x39, 0x24, 0x70, 0xed, 0xb5, 0x2c,
-+ 0xb5, 0xa6, 0xe0, 0x3f, 0xe6, 0x28, 0x7b, 0xb6, 0xf4, 0x9a, 0x42, 0xa2,
-+ 0x06, 0x5a, 0x05, 0x4f, 0x03, 0x08, 0x39, 0xdf, 0x1f, 0xd3, 0x14, 0x9c,
-+ 0x4c, 0xa0, 0x53, 0x1d, 0xd8, 0xca, 0x8a, 0xaa, 0x9c, 0xc7, 0x33, 0x71,
-+ 0x93, 0x38, 0x73, 0x48, 0x33, 0x61, 0x18, 0x22, 0x45, 0x45, 0xe8, 0x8c,
-+ 0x80, 0xff, 0xd8, 0x76, 0x5d, 0x74, 0x36, 0x03, 0x33, 0xcc, 0xab, 0x99,
-+ 0x72, 0x77, 0x9b, 0x65, 0x25, 0xa6, 0x5b, 0xdd, 0x0d, 0x10, 0xc6, 0x75,
-+ 0xc1, 0x09, 0xbb, 0xd3, 0xe5, 0xbe, 0x4d, 0x72, 0xef, 0x6e, 0xba, 0x6e,
-+ 0x43, 0x8d, 0x52, 0x26, 0x23, 0x7d, 0xb8, 0x88, 0x37, 0x9c, 0x5f, 0xcc,
-+ 0x47, 0xa3, 0x84, 0x7f, 0xf6, 0x37, 0x11, 0xba, 0xed, 0x6d, 0x03, 0xaf,
-+ 0xe8, 0x1e, 0x69, 0x4a, 0x41, 0x3b, 0x68, 0x0b, 0xd3, 0x8a, 0xb4, 0x90,
-+ 0x3f, 0x83, 0x70, 0xa7, 0x07, 0xef, 0x55, 0x1d, 0x49, 0x41, 0x02, 0x6d,
-+ 0x95, 0x79, 0xd6, 0x91, 0xde, 0x8e, 0xda, 0xa1, 0x61, 0x05, 0xeb, 0x9d,
-+ 0xba, 0x3c, 0x2f, 0x4c, 0x1b, 0xec, 0x50, 0x82, 0x75, 0xaa, 0x02, 0x07,
-+ 0xe2, 0x51, 0xb5, 0xec, 0xcb, 0x28, 0x6a, 0x4b, 0x01, 0xd4, 0x49, 0xd3,
-+ 0x0a, 0xcb, 0x67, 0x37, 0x17, 0xa0, 0xd2, 0xfb, 0x3b, 0x50, 0xc8, 0x93,
-+ 0xf7, 0xda, 0xb1, 0x4f
-+};
-+
-+static const unsigned char dsa_test_2048_priv_key[] = {
-+ 0x0c, 0x4b, 0x30, 0x89, 0xd1, 0xb8, 0x62, 0xcb, 0x3c, 0x43, 0x64, 0x91,
-+ 0xf0, 0x91, 0x54, 0x70, 0xc5, 0x27, 0x96, 0xe3, 0xac, 0xbe, 0xe8, 0x00,
-+ 0xec, 0x55, 0xf6, 0xcc
-+};
-+
-+static int corrupt_dsa;
-+
-+void FIPS_corrupt_dsa()
-+{
-+ corrupt_dsa = 1;
-+}
-+
-+int FIPS_selftest_dsa()
-+{
-+ DSA *dsa = NULL;
-+ EVP_PKEY *pk = NULL;
-+ int ret = 0;
-+
-+ dsa = DSA_new();
-+
-+ if (dsa == NULL)
-+ goto err;
-+
-+ fips_load_key_component(dsa, p, dsa_test_2048);
-+ fips_load_key_component(dsa, q, dsa_test_2048);
-+ fips_load_key_component(dsa, g, dsa_test_2048);
-+ fips_load_key_component(dsa, pub_key, dsa_test_2048);
-+ fips_load_key_component(dsa, priv_key, dsa_test_2048);
-+
-+ if (corrupt_dsa)
-+ BN_set_bit(dsa->pub_key, 2047);
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_assign_DSA(pk, dsa);
-+
-+ if (!fips_pkey_signature_test(pk, NULL, 0,
-+ NULL, 0, EVP_sha256(), 0, "DSA SHA256"))
-+ goto err;
-+ ret = 1;
-+
-+ err:
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ else if (dsa)
-+ DSA_free(dsa);
-+ return ret;
-+}
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_enc.c.fips
openssl-1.0.2o/crypto/fips/fips_enc.c
---- openssl-1.0.2o/crypto/fips/fips_enc.c.fips 2018-04-05 16:17:11.940265766 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_enc.c 2018-04-05 16:17:11.940265766 +0200
-@@ -0,0 +1,189 @@
-+/* fipe/evp/fips_enc.c */
-+/* Copyright (C) 1995-1998 Eric Young (eay(a)cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay(a)cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh(a)cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay(a)cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson
(tjh(a)cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/evp.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+
-+const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
-+{
-+ switch (nid) {
-+ case NID_aes_128_cbc:
-+ return EVP_aes_128_cbc();
-+
-+ case NID_aes_128_ccm:
-+ return EVP_aes_128_ccm();
-+
-+ case NID_aes_128_cfb1:
-+ return EVP_aes_128_cfb1();
-+
-+ case NID_aes_128_cfb128:
-+ return EVP_aes_128_cfb128();
-+
-+ case NID_aes_128_cfb8:
-+ return EVP_aes_128_cfb8();
-+
-+ case NID_aes_128_ctr:
-+ return EVP_aes_128_ctr();
-+
-+ case NID_aes_128_ecb:
-+ return EVP_aes_128_ecb();
-+
-+ case NID_aes_128_gcm:
-+ return EVP_aes_128_gcm();
-+
-+ case NID_aes_128_ofb128:
-+ return EVP_aes_128_ofb();
-+
-+ case NID_aes_128_xts:
-+ return EVP_aes_128_xts();
-+
-+ case NID_aes_192_cbc:
-+ return EVP_aes_192_cbc();
-+
-+ case NID_aes_192_ccm:
-+ return EVP_aes_192_ccm();
-+
-+ case NID_aes_192_cfb1:
-+ return EVP_aes_192_cfb1();
-+
-+ case NID_aes_192_cfb128:
-+ return EVP_aes_192_cfb128();
-+
-+ case NID_aes_192_cfb8:
-+ return EVP_aes_192_cfb8();
-+
-+ case NID_aes_192_ctr:
-+ return EVP_aes_192_ctr();
-+
-+ case NID_aes_192_ecb:
-+ return EVP_aes_192_ecb();
-+
-+ case NID_aes_192_gcm:
-+ return EVP_aes_192_gcm();
-+
-+ case NID_aes_192_ofb128:
-+ return EVP_aes_192_ofb();
-+
-+ case NID_aes_256_cbc:
-+ return EVP_aes_256_cbc();
-+
-+ case NID_aes_256_ccm:
-+ return EVP_aes_256_ccm();
-+
-+ case NID_aes_256_cfb1:
-+ return EVP_aes_256_cfb1();
-+
-+ case NID_aes_256_cfb128:
-+ return EVP_aes_256_cfb128();
-+
-+ case NID_aes_256_cfb8:
-+ return EVP_aes_256_cfb8();
-+
-+ case NID_aes_256_ctr:
-+ return EVP_aes_256_ctr();
-+
-+ case NID_aes_256_ecb:
-+ return EVP_aes_256_ecb();
-+
-+ case NID_aes_256_gcm:
-+ return EVP_aes_256_gcm();
-+
-+ case NID_aes_256_ofb128:
-+ return EVP_aes_256_ofb();
-+
-+ case NID_aes_256_xts:
-+ return EVP_aes_256_xts();
-+
-+ case NID_des_ede_ecb:
-+ return EVP_des_ede();
-+
-+ case NID_des_ede3_ecb:
-+ return EVP_des_ede3();
-+
-+ case NID_des_ede3_cbc:
-+ return EVP_des_ede3_cbc();
-+
-+ case NID_des_ede3_cfb1:
-+ return EVP_des_ede3_cfb1();
-+
-+ case NID_des_ede3_cfb64:
-+ return EVP_des_ede3_cfb64();
-+
-+ case NID_des_ede3_cfb8:
-+ return EVP_des_ede3_cfb8();
-+
-+ case NID_des_ede3_ofb64:
-+ return EVP_des_ede3_ofb();
-+
-+ case NID_des_ede_cbc:
-+ return EVP_des_ede_cbc();
-+
-+ case NID_des_ede_cfb64:
-+ return EVP_des_ede_cfb64();
-+
-+ case NID_des_ede_ofb64:
-+ return EVP_des_ede_ofb();
-+
-+ default:
-+ return NULL;
-+
-+ }
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips.h.fips openssl-1.0.2o/crypto/fips/fips.h
---- openssl-1.0.2o/crypto/fips/fips.h.fips 2018-04-05 16:17:11.941265789 +0200
-+++ openssl-1.0.2o/crypto/fips/fips.h 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,278 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <openssl/opensslconf.h>
-+#include <openssl/crypto.h>
-+#include <stdarg.h>
-+
-+#ifndef OPENSSL_FIPS
-+# error FIPS is disabled.
-+#endif
-+
-+#ifdef OPENSSL_FIPS
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+ struct dsa_st;
-+ struct rsa_st;
-+ struct evp_pkey_st;
-+ struct env_md_st;
-+ struct env_md_ctx_st;
-+ struct evp_cipher_st;
-+ struct evp_cipher_ctx_st;
-+ struct dh_method;
-+ struct CMAC_CTX_st;
-+ struct hmac_ctx_st;
-+
-+ int FIPS_module_mode_set(int onoff, const char *auth);
-+ int FIPS_module_mode(void);
-+ const void *FIPS_rand_check(void);
-+ int FIPS_selftest(void);
-+ int FIPS_selftest_failed(void);
-+ void FIPS_corrupt_sha1(void);
-+ int FIPS_selftest_sha1(void);
-+ int FIPS_selftest_sha2(void);
-+ void FIPS_corrupt_aes(void);
-+ int FIPS_selftest_aes_ccm(void);
-+ int FIPS_selftest_aes_gcm(void);
-+ int FIPS_selftest_aes_xts(void);
-+ int FIPS_selftest_aes(void);
-+ void FIPS_corrupt_des(void);
-+ int FIPS_selftest_des(void);
-+ void FIPS_corrupt_rsa(void);
-+ void FIPS_corrupt_rsa_keygen(void);
-+ int FIPS_selftest_rsa(void);
-+ void FIPS_corrupt_dsa(void);
-+ void FIPS_corrupt_dsa_keygen(void);
-+ int FIPS_selftest_dsa(void);
-+ void FIPS_corrupt_rng(void);
-+ void FIPS_rng_stick(void);
-+ void FIPS_x931_stick(int onoff);
-+ void FIPS_drbg_stick(int onoff);
-+ int FIPS_selftest_rng(void);
-+ int FIPS_selftest_x931(void);
-+ int FIPS_selftest_hmac(void);
-+ int FIPS_selftest_drbg(void);
-+ int FIPS_selftest_drbg_all(void);
-+ int FIPS_selftest_cmac(void);
-+
-+ void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
-+
-+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-+ alg " previous FIPS forbidden algorithm error ignored");
-+
-+ int fips_pkey_signature_test(struct evp_pkey_st *pkey,
-+ const unsigned char *tbs, int tbslen,
-+ const unsigned char *kat,
-+ unsigned int katlen,
-+ const struct env_md_st *digest,
-+ unsigned int md_flags, const char *fail_str);
-+
-+ int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
-+ const struct evp_cipher_st *cipher,
-+ const unsigned char *key,
-+ const unsigned char *iv,
-+ const unsigned char *plaintext,
-+ const unsigned char *ciphertext, int len);
-+
-+ void fips_set_selftest_fail(void);
-+
-+ const struct env_md_st *FIPS_get_digestbynid(int nid);
-+
-+ const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
-+
-+/* BEGIN ERROR CODES */
-+/* The following lines are auto generated by the script mkerr.pl. Any changes
-+ * made after this point may be overwritten when the script is next run.
-+ */
-+ void ERR_load_FIPS_strings(void);
-+
-+/* Error codes for the FIPS functions. */
-+
-+/* Function codes. */
-+# define FIPS_F_DH_BUILTIN_GENPARAMS 100
-+# define FIPS_F_DH_INIT 148
-+# define FIPS_F_DRBG_RESEED 162
-+# define FIPS_F_DSA_BUILTIN_PARAMGEN 101
-+# define FIPS_F_DSA_BUILTIN_PARAMGEN2 107
-+# define FIPS_F_DSA_DO_SIGN 102
-+# define FIPS_F_DSA_DO_VERIFY 103
-+# define FIPS_F_ECDH_COMPUTE_KEY 163
-+# define FIPS_F_ECDSA_DO_SIGN 164
-+# define FIPS_F_ECDSA_DO_VERIFY 165
-+# define FIPS_F_EC_KEY_GENERATE_KEY 166
-+# define FIPS_F_EVP_CIPHERINIT_EX 124
-+# define FIPS_F_EVP_DIGESTINIT_EX 125
-+# define FIPS_F_FIPS_CHECK_DSA 104
-+# define FIPS_F_FIPS_CHECK_DSA_PRNG 151
-+# define FIPS_F_FIPS_CHECK_EC 142
-+# define FIPS_F_FIPS_CHECK_EC_PRNG 152
-+# define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
-+# define FIPS_F_FIPS_CHECK_RSA 106
-+# define FIPS_F_FIPS_CHECK_RSA_PRNG 150
-+# define FIPS_F_FIPS_CIPHER 160
-+# define FIPS_F_FIPS_CIPHERINIT 143
-+# define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
-+# define FIPS_F_FIPS_DIGESTFINAL 158
-+# define FIPS_F_FIPS_DIGESTINIT 128
-+# define FIPS_F_FIPS_DIGESTUPDATE 159
-+# define FIPS_F_FIPS_DRBG_BYTES 131
-+# define FIPS_F_FIPS_DRBG_CHECK 146
-+# define FIPS_F_FIPS_DRBG_CPRNG_TEST 132
-+# define FIPS_F_FIPS_DRBG_ERROR_CHECK 136
-+# define FIPS_F_FIPS_DRBG_GENERATE 134
-+# define FIPS_F_FIPS_DRBG_INIT 135
-+# define FIPS_F_FIPS_DRBG_INSTANTIATE 138
-+# define FIPS_F_FIPS_DRBG_NEW 139
-+# define FIPS_F_FIPS_DRBG_RESEED 140
-+# define FIPS_F_FIPS_DRBG_SINGLE_KAT 141
-+# define FIPS_F_FIPS_DSA_CHECK /* unused */ 107
-+# define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
-+# define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
-+# define FIPS_F_FIPS_GET_ENTROPY 147
-+# define FIPS_F_FIPS_MODE_SET /* unused */ 108
-+# define FIPS_F_FIPS_MODULE_MODE_SET 108
-+# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
-+# define FIPS_F_FIPS_RAND_ADD 137
-+# define FIPS_F_FIPS_RAND_BYTES 122
-+# define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167
-+# define FIPS_F_FIPS_RAND_SEED 168
-+# define FIPS_F_FIPS_RAND_SET_METHOD 126
-+# define FIPS_F_FIPS_RAND_STATUS 127
-+# define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
-+# define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
-+# define FIPS_F_FIPS_SELFTEST_AES 110
-+# define FIPS_F_FIPS_SELFTEST_AES_CCM 145
-+# define FIPS_F_FIPS_SELFTEST_AES_GCM 129
-+# define FIPS_F_FIPS_SELFTEST_AES_XTS 144
-+# define FIPS_F_FIPS_SELFTEST_CMAC 130
-+# define FIPS_F_FIPS_SELFTEST_DES 111
-+# define FIPS_F_FIPS_SELFTEST_DSA 112
-+# define FIPS_F_FIPS_SELFTEST_ECDSA 133
-+# define FIPS_F_FIPS_SELFTEST_HMAC 113
-+# define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114
-+# define FIPS_F_FIPS_SELFTEST_SHA1 115
-+# define FIPS_F_FIPS_SELFTEST_X931 114
-+# define FIPS_F_FIPS_SET_PRNG_KEY 153
-+# define FIPS_F_HASH_FINAL 123
-+# define FIPS_F_RSA_BUILTIN_KEYGEN 116
-+# define FIPS_F_RSA_EAY_INIT 149
-+# define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
-+# define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
-+# define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
-+# define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
-+# define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
-+# define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122
-+
-+/* Reason codes. */
-+# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
-+# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125
-+# define FIPS_R_ALREADY_INSTANTIATED 134
-+# define FIPS_R_AUTHENTICATION_FAILURE 151
-+# define FIPS_R_CANNOT_READ_EXE /* unused */ 103
-+# define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104
-+# define FIPS_R_CONTRADICTING_EVIDENCE 114
-+# define FIPS_R_DRBG_NOT_INITIALISED 152
-+# define FIPS_R_DRBG_STUCK 103
-+# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
-+# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
-+# define FIPS_R_ENTROPY_SOURCE_STUCK 142
-+# define FIPS_R_ERROR_INITIALISING_DRBG 115
-+# define FIPS_R_ERROR_INSTANTIATING_DRBG 127
-+# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124
-+# define FIPS_R_ERROR_RETRIEVING_ENTROPY 122
-+# define FIPS_R_ERROR_RETRIEVING_NONCE 140
-+# define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105
-+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
-+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
-+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
-+# define FIPS_R_FIPS_MODE_ALREADY_SET 102
-+# define FIPS_R_FIPS_SELFTEST_FAILED 106
-+# define FIPS_R_FUNCTION_ERROR 116
-+# define FIPS_R_GENERATE_ERROR 137
-+# define FIPS_R_GENERATE_ERROR_UNDETECTED 118
-+# define FIPS_R_INSTANTIATE_ERROR 119
-+# define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
-+# define FIPS_R_INTERNAL_ERROR 121
-+# define FIPS_R_INVALID_KEY_LENGTH 109
-+# define FIPS_R_INVALID_PARAMETERS 144
-+# define FIPS_R_IN_ERROR_STATE 123
-+# define FIPS_R_KEY_TOO_SHORT 108
-+# define FIPS_R_NONCE_ERROR_UNDETECTED 149
-+# define FIPS_R_NON_FIPS_METHOD 100
-+# define FIPS_R_NOPR_TEST1_FAILURE 145
-+# define FIPS_R_NOPR_TEST2_FAILURE 146
-+# define FIPS_R_NOT_INSTANTIATED 126
-+# define FIPS_R_PAIRWISE_TEST_FAILED 107
-+# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
-+# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
-+# define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
-+# define FIPS_R_PR_TEST1_FAILURE 147
-+# define FIPS_R_PR_TEST2_FAILURE 148
-+# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
-+# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
-+# define FIPS_R_RESEED_COUNTER_ERROR 132
-+# define FIPS_R_RESEED_ERROR 133
-+# define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115
-+# define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116
-+# define FIPS_R_SELFTEST_FAILED 101
-+# define FIPS_R_SELFTEST_FAILURE 135
-+# define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
-+# define FIPS_R_TEST_FAILURE 117
-+# define FIPS_R_UNINSTANTIATE_ERROR 141
-+# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
-+# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
-+# define FIPS_R_UNSUPPORTED_PLATFORM 113
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_hmac_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_hmac_selftest.c.fips 2018-04-05 16:17:11.941265789
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_hmac_selftest.c 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,134 @@
-+/* ====================================================================
-+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/hmac.h>
-+
-+#ifdef OPENSSL_FIPS
-+typedef struct {
-+ const EVP_MD *(*alg) (void);
-+ const char *key, *iv;
-+ unsigned char kaval[EVP_MAX_MD_SIZE];
-+} HMAC_KAT;
-+
-+static const HMAC_KAT vector[] = {
-+ {EVP_sha1,
-+ /* from
http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19,
-+ 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c,
-+ 0xc6, 0xc7, 0x5d, 0x24}
-+ },
-+ {EVP_sha224,
-+ /* just keep extending the above... */
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0xdd, 0xef, 0x0a, 0x40, 0xcb, 0x7d, 0x50, 0xfb,
-+ 0x6e, 0xe6, 0xce, 0xa1, 0x20, 0xba, 0x26, 0xaa,
-+ 0x08, 0xf3, 0x07, 0x75, 0x87, 0xb8, 0xad, 0x1b,
-+ 0x8c, 0x8d, 0x12, 0xc7}
-+ },
-+ {EVP_sha256,
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0xb8, 0xf2, 0x0d, 0xb5, 0x41, 0xea, 0x43, 0x09,
-+ 0xca, 0x4e, 0xa9, 0x38, 0x0c, 0xd0, 0xe8, 0x34,
-+ 0xf7, 0x1f, 0xbe, 0x91, 0x74, 0xa2, 0x61, 0x38,
-+ 0x0d, 0xc1, 0x7e, 0xae, 0x6a, 0x34, 0x51, 0xd9}
-+ },
-+ {EVP_sha384,
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0x08, 0xbc, 0xb0, 0xda, 0x49, 0x1e, 0x87, 0xad,
-+ 0x9a, 0x1d, 0x6a, 0xce, 0x23, 0xc5, 0x0b, 0xf6,
-+ 0xb7, 0x18, 0x06, 0xa5, 0x77, 0xcd, 0x49, 0x04,
-+ 0x89, 0xf1, 0xe6, 0x23, 0x44, 0x51, 0x51, 0x9f,
-+ 0x85, 0x56, 0x80, 0x79, 0x0c, 0xbd, 0x4d, 0x50,
-+ 0xa4, 0x5f, 0x29, 0xe3, 0x93, 0xf0, 0xe8, 0x7f}
-+ },
-+ {EVP_sha512,
-+ "0123456789:;<=>?@ABC",
-+ "Sample #2",
-+ {0x80, 0x9d, 0x44, 0x05, 0x7c, 0x5b, 0x95, 0x41,
-+ 0x05, 0xbd, 0x04, 0x13, 0x16, 0xdb, 0x0f, 0xac,
-+ 0x44, 0xd5, 0xa4, 0xd5, 0xd0, 0x89, 0x2b, 0xd0,
-+ 0x4e, 0x86, 0x64, 0x12, 0xc0, 0x90, 0x77, 0x68,
-+ 0xf1, 0x87, 0xb7, 0x7c, 0x4f, 0xae, 0x2c, 0x2f,
-+ 0x21, 0xa5, 0xb5, 0x65, 0x9a, 0x4f, 0x4b, 0xa7,
-+ 0x47, 0x02, 0xa3, 0xde, 0x9b, 0x51, 0xf1, 0x45,
-+ 0xbd, 0x4f, 0x25, 0x27, 0x42, 0x98, 0x99, 0x05}
-+ },
-+};
-+
-+int FIPS_selftest_hmac()
-+{
-+ int n;
-+ unsigned int outlen;
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ const EVP_MD *md;
-+ const HMAC_KAT *t;
-+
-+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
-+ md = (*t->alg) ();
-+ HMAC(md, t->key, strlen(t->key),
-+ (const unsigned char *)t->iv, strlen(t->iv), out, &outlen);
-+
-+ if (memcmp(out, t->kaval, outlen)) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_locl.h.fips
openssl-1.0.2o/crypto/fips/fips_locl.h
---- openssl-1.0.2o/crypto/fips/fips_locl.h.fips 2018-04-05 16:17:11.941265789 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_locl.h 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,71 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#ifdef OPENSSL_FIPS
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+# define FIPS_MAX_CIPHER_TEST_SIZE 32
-+# define fips_load_key_component(key, comp, pre) \
-+ key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
-+ if (!key->comp) \
-+ goto err
-+
-+# define fips_post_started(id, subid, ex) 1
-+# define fips_post_success(id, subid, ex) 1
-+# define fips_post_failed(id, subid, ex) 1
-+# define fips_post_corrupt(id, subid, ex) 1
-+# define fips_post_status() 1
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_md.c.fips openssl-1.0.2o/crypto/fips/fips_md.c
---- openssl-1.0.2o/crypto/fips/fips_md.c.fips 2018-04-05 16:17:11.941265789 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_md.c 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,144 @@
-+/* fips/evp/fips_md.c */
-+/* Copyright (C) 1995-1998 Eric Young (eay(a)cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay(a)cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh(a)cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay(a)cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson
(tjh(a)cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+/* ====================================================================
-+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ *
-+ * This product includes cryptographic software written by Eric Young
-+ * (eay(a)cryptsoft.com). This product includes software written by Tim
-+ * Hudson (tjh(a)cryptsoft.com).
-+ *
-+ */
-+
-+/* Minimal standalone FIPS versions of Digest operations */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/objects.h>
-+#include <openssl/evp.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+
-+const EVP_MD *FIPS_get_digestbynid(int nid)
-+{
-+ switch (nid) {
-+ case NID_sha1:
-+ return EVP_sha1();
-+
-+ case NID_sha224:
-+ return EVP_sha224();
-+
-+ case NID_sha256:
-+ return EVP_sha256();
-+
-+ case NID_sha384:
-+ return EVP_sha384();
-+
-+ case NID_sha512:
-+ return EVP_sha512();
-+
-+ default:
-+ return NULL;
-+ }
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_post.c.fips
openssl-1.0.2o/crypto/fips/fips_post.c
---- openssl-1.0.2o/crypto/fips/fips_post.c.fips 2018-04-05 16:17:11.941265789 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_post.c 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,201 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#define OPENSSL_FIPSAPI
-+
-+#include <openssl/crypto.h>
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include <openssl/err.h>
-+#include <openssl/bio.h>
-+#include <openssl/hmac.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <string.h>
-+#include <limits.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+/* Power on self test (POST) support functions */
-+
-+# include <openssl/fips.h>
-+# include "fips_locl.h"
-+
-+/* Run all selftests */
-+int FIPS_selftest(void)
-+{
-+ int rv = 1;
-+ if (!FIPS_selftest_drbg())
-+ rv = 0;
-+ if (!FIPS_selftest_x931())
-+ rv = 0;
-+ if (!FIPS_selftest_sha1())
-+ rv = 0;
-+ if (!FIPS_selftest_sha2())
-+ rv = 0;
-+ if (!FIPS_selftest_hmac())
-+ rv = 0;
-+ if (!FIPS_selftest_cmac())
-+ rv = 0;
-+ if (!FIPS_selftest_aes())
-+ rv = 0;
-+ if (!FIPS_selftest_aes_ccm())
-+ rv = 0;
-+ if (!FIPS_selftest_aes_gcm())
-+ rv = 0;
-+ if (!FIPS_selftest_aes_xts())
-+ rv = 0;
-+ if (!FIPS_selftest_des())
-+ rv = 0;
-+ if (!FIPS_selftest_rsa())
-+ rv = 0;
-+ if (!FIPS_selftest_dsa())
-+ rv = 0;
-+ return rv;
-+}
-+
-+/* Generalized public key test routine. Signs and verifies the data
-+ * supplied in tbs using mesage digest md and setting option digest
-+ * flags md_flags. If the 'kat' parameter is not NULL it will
-+ * additionally check the signature matches it: a known answer test
-+ * The string "fail_str" is used for identification purposes in case
-+ * of failure. If "pkey" is NULL just perform a message digest check.
-+ */
-+
-+int fips_pkey_signature_test(EVP_PKEY *pkey,
-+ const unsigned char *tbs, int tbslen,
-+ const unsigned char *kat, unsigned int katlen,
-+ const EVP_MD *digest, unsigned int md_flags,
-+ const char *fail_str)
-+{
-+ int ret = 0;
-+ unsigned char sigtmp[256], *sig = sigtmp;
-+ unsigned int siglen;
-+ EVP_MD_CTX mctx;
-+ EVP_MD_CTX_init(&mctx);
-+
-+ if (digest == NULL)
-+ digest = EVP_sha256();
-+
-+ if ((pkey->type == EVP_PKEY_RSA)
-+ && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp))) {
-+ sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
-+ if (!sig) {
-+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE);
-+ return 0;
-+ }
-+ }
-+
-+ if (tbslen == -1)
-+ tbslen = strlen((char *)tbs);
-+
-+ if (md_flags)
-+ EVP_MD_CTX_set_flags(&mctx, md_flags);
-+
-+ if (!EVP_SignInit_ex(&mctx, digest, NULL))
-+ goto error;
-+ if (!EVP_SignUpdate(&mctx, tbs, tbslen))
-+ goto error;
-+ if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
-+ goto error;
-+
-+ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
-+ goto error;
-+
-+ if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
-+ goto error;
-+ if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
-+ goto error;
-+ ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
-+
-+ error:
-+ if (sig != sigtmp)
-+ OPENSSL_free(sig);
-+ EVP_MD_CTX_cleanup(&mctx);
-+ if (ret != 1) {
-+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE);
-+ if (fail_str)
-+ ERR_add_error_data(2, "Type=", fail_str);
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+/* Generalized symmetric cipher test routine. Encrypt data, verify result
-+ * against known answer, decrypt and compare with original plaintext.
-+ */
-+
-+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-+ const unsigned char *key,
-+ const unsigned char *iv,
-+ const unsigned char *plaintext,
-+ const unsigned char *ciphertext, int len)
-+{
-+ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
-+ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
-+
-+ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
-+ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
-+ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
-+
-+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
-+ return 0;
-+ if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
-+ return 0;
-+ if (memcmp(citmp, ciphertext, len))
-+ return 0;
-+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
-+ return 0;
-+ if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
-+ return 0;
-+ if (memcmp(pltmp, plaintext, len))
-+ return 0;
-+ return 1;
-+}
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_rand.c.fips
openssl-1.0.2o/crypto/fips/fips_rand.c
---- openssl-1.0.2o/crypto/fips/fips_rand.c.fips 2018-04-05 16:17:11.941265789 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_rand.c 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,428 @@
-+/* ====================================================================
-+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+/*
-+ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
-+ */
-+#include <openssl/crypto.h>
-+#include "e_os.h"
-+
-+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
-+ be defined and gettimeofday() won't be declared with strict compilers
-+ like DEC C in ANSI C mode. */
-+#ifndef _XOPEN_SOURCE_EXTENDED
-+# define _XOPEN_SOURCE_EXTENDED 1
-+#endif
-+
-+#include <openssl/rand.h>
-+#include <openssl/aes.h>
-+#include <openssl/err.h>
-+#include <openssl/fips_rand.h>
-+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
-+# include <sys/time.h>
-+#endif
-+#if defined(OPENSSL_SYS_VXWORKS)
-+# include <time.h>
-+#endif
-+#include <assert.h>
-+#ifndef OPENSSL_SYS_WIN32
-+# ifdef OPENSSL_UNISTD
-+# include OPENSSL_UNISTD
-+# else
-+# include <unistd.h>
-+# endif
-+#endif
-+#include <string.h>
-+#include <openssl/fips.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+void *OPENSSL_stderr(void);
-+
-+# define AES_BLOCK_LENGTH 16
-+
-+/* AES FIPS PRNG implementation */
-+
-+typedef struct {
-+ int seeded;
-+ int keyed;
-+ int test_mode;
-+ int second;
-+ int error;
-+ unsigned long counter;
-+ AES_KEY ks;
-+ int vpos;
-+ /* Temporary storage for key if it equals seed length */
-+ unsigned char tmp_key[AES_BLOCK_LENGTH];
-+ unsigned char V[AES_BLOCK_LENGTH];
-+ unsigned char DT[AES_BLOCK_LENGTH];
-+ unsigned char last[AES_BLOCK_LENGTH];
-+} FIPS_PRNG_CTX;
-+
-+static FIPS_PRNG_CTX sctx;
-+
-+static int fips_prng_fail = 0;
-+
-+void FIPS_x931_stick(int onoff)
-+{
-+ fips_prng_fail = onoff;
-+}
-+
-+void FIPS_rng_stick(void)
-+{
-+ FIPS_x931_stick(1);
-+}
-+
-+static void fips_rand_prng_reset(FIPS_PRNG_CTX * ctx)
-+{
-+ ctx->seeded = 0;
-+ ctx->keyed = 0;
-+ ctx->test_mode = 0;
-+ ctx->counter = 0;
-+ ctx->second = 0;
-+ ctx->error = 0;
-+ ctx->vpos = 0;
-+ OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
-+ OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
-+}
-+
-+static int fips_set_prng_key(FIPS_PRNG_CTX * ctx,
-+ const unsigned char *key, unsigned int keylen)
-+{
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+ if (keylen != 16 && keylen != 24 && keylen != 32) {
-+ /* error: invalid key size */
-+ return 0;
-+ }
-+ AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
-+ if (keylen == 16) {
-+ memcpy(ctx->tmp_key, key, 16);
-+ ctx->keyed = 2;
-+ } else
-+ ctx->keyed = 1;
-+ ctx->seeded = 0;
-+ ctx->second = 0;
-+ return 1;
-+}
-+
-+static int fips_set_prng_seed(FIPS_PRNG_CTX * ctx,
-+ const unsigned char *seed, unsigned int seedlen)
-+{
-+ unsigned int i;
-+ if (!ctx->keyed)
-+ return 0;
-+ /* In test mode seed is just supplied data */
-+ if (ctx->test_mode) {
-+ if (seedlen != AES_BLOCK_LENGTH)
-+ return 0;
-+ memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
-+ ctx->seeded = 1;
-+ return 1;
-+ }
-+ /* Outside test mode XOR supplied data with existing seed */
-+ for (i = 0; i < seedlen; i++) {
-+ ctx->V[ctx->vpos++] ^= seed[i];
-+ if (ctx->vpos == AES_BLOCK_LENGTH) {
-+ ctx->vpos = 0;
-+ /* Special case if first seed and key length equals
-+ * block size check key and seed do not match.
-+ */
-+ if (ctx->keyed == 2) {
-+ if (!memcmp(ctx->tmp_key, ctx->V, 16)) {
-+ RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
-+ RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
-+ return 0;
-+ }
-+ OPENSSL_cleanse(ctx->tmp_key, 16);
-+ ctx->keyed = 1;
-+ }
-+ ctx->seeded = 1;
-+ }
-+ }
-+ return 1;
-+}
-+
-+static int fips_set_test_mode(FIPS_PRNG_CTX * ctx)
-+{
-+ if (ctx->keyed) {
-+ RANDerr(RAND_F_FIPS_SET_TEST_MODE, RAND_R_PRNG_KEYED);
-+ return 0;
-+ }
-+ ctx->test_mode = 1;
-+ return 1;
-+}
-+
-+int FIPS_x931_test_mode(void)
-+{
-+ return fips_set_test_mode(&sctx);
-+}
-+
-+int FIPS_rand_test_mode(void)
-+{
-+ return fips_set_test_mode(&sctx);
-+}
-+
-+int FIPS_x931_set_dt(unsigned char *dt)
-+{
-+ if (!sctx.test_mode) {
-+ RANDerr(RAND_F_FIPS_X931_SET_DT, RAND_R_NOT_IN_TEST_MODE);
-+ return 0;
-+ }
-+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
-+ return 1;
-+}
-+
-+int FIPS_rand_set_dt(unsigned char *dt)
-+{
-+ if (!sctx.test_mode) {
-+ RANDerr(RAND_F_FIPS_RAND_SET_DT, RAND_R_NOT_IN_TEST_MODE);
-+ return 0;
-+ }
-+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
-+ return 1;
-+}
-+
-+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
-+{
-+# ifdef OPENSSL_SYS_WIN32
-+ FILETIME ft;
-+# elif defined(OPENSSL_SYS_VXWORKS)
-+ struct timespec ts;
-+# else
-+ struct timeval tv;
-+# endif
-+
-+# ifndef GETPID_IS_MEANINGLESS
-+ unsigned long pid;
-+# endif
-+
-+# ifdef OPENSSL_SYS_WIN32
-+ GetSystemTimeAsFileTime(&ft);
-+ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff);
-+ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff);
-+ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff);
-+ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff);
-+ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff);
-+ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff);
-+ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff);
-+ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff);
-+# elif defined(OPENSSL_SYS_VXWORKS)
-+ clock_gettime(CLOCK_REALTIME, &ts);
-+ buf[0] = (unsigned char)(ts.tv_sec & 0xff);
-+ buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff);
-+ buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff);
-+ buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff);
-+ buf[4] = (unsigned char)(ts.tv_nsec & 0xff);
-+ buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff);
-+ buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff);
-+ buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff);
-+# else
-+ gettimeofday(&tv, NULL);
-+ buf[0] = (unsigned char)(tv.tv_sec & 0xff);
-+ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff);
-+ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff);
-+ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff);
-+ buf[4] = (unsigned char)(tv.tv_usec & 0xff);
-+ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff);
-+ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff);
-+ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff);
-+# endif
-+ buf[8] = (unsigned char)(*pctr & 0xff);
-+ buf[9] = (unsigned char)((*pctr >> 8) & 0xff);
-+ buf[10] = (unsigned char)((*pctr >> 16) & 0xff);
-+ buf[11] = (unsigned char)((*pctr >> 24) & 0xff);
-+
-+ (*pctr)++;
-+
-+# ifndef GETPID_IS_MEANINGLESS
-+ pid = (unsigned long)getpid();
-+ buf[12] = (unsigned char)(pid & 0xff);
-+ buf[13] = (unsigned char)((pid >> 8) & 0xff);
-+ buf[14] = (unsigned char)((pid >> 16) & 0xff);
-+ buf[15] = (unsigned char)((pid >> 24) & 0xff);
-+# endif
-+}
-+
-+static int fips_rand(FIPS_PRNG_CTX * ctx,
-+ unsigned char *out, unsigned int outlen)
-+{
-+ unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
-+ unsigned char tmp[AES_BLOCK_LENGTH];
-+ int i;
-+ if (ctx->error) {
-+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_ERROR);
-+ return 0;
-+ }
-+ if (!ctx->keyed) {
-+ RANDerr(RAND_F_FIPS_RAND, RAND_R_NO_KEY_SET);
-+ return 0;
-+ }
-+ if (!ctx->seeded) {
-+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_NOT_SEEDED);
-+ return 0;
-+ }
-+ for (;;) {
-+ if (!ctx->test_mode)
-+ FIPS_get_timevec(ctx->DT, &ctx->counter);
-+ AES_encrypt(ctx->DT, I, &ctx->ks);
-+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
-+ tmp[i] = I[i] ^ ctx->V[i];
-+ AES_encrypt(tmp, R, &ctx->ks);
-+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
-+ tmp[i] = R[i] ^ I[i];
-+ AES_encrypt(tmp, ctx->V, &ctx->ks);
-+ /* Continuous PRNG test */
-+ if (ctx->second) {
-+ if (fips_prng_fail)
-+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
-+ if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH)) {
-+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_STUCK);
-+ ctx->error = 1;
-+ fips_set_selftest_fail();
-+ return 0;
-+ }
-+ }
-+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
-+ if (!ctx->second) {
-+ ctx->second = 1;
-+ if (!ctx->test_mode)
-+ continue;
-+ }
-+
-+ if (outlen <= AES_BLOCK_LENGTH) {
-+ memcpy(out, R, outlen);
-+ break;
-+ }
-+
-+ memcpy(out, R, AES_BLOCK_LENGTH);
-+ out += AES_BLOCK_LENGTH;
-+ outlen -= AES_BLOCK_LENGTH;
-+ }
-+ return 1;
-+}
-+
-+int FIPS_x931_set_key(const unsigned char *key, int keylen)
-+{
-+ int ret;
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ ret = fips_set_prng_key(&sctx, key, keylen);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ return ret;
-+}
-+
-+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
-+{
-+ return FIPS_x931_set_key(key, keylen);
-+}
-+
-+int FIPS_x931_seed(const void *seed, int seedlen)
-+{
-+ int ret;
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ ret = fips_set_prng_seed(&sctx, seed, seedlen);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ return ret;
-+}
-+
-+int FIPS_x931_bytes(unsigned char *out, int count)
-+{
-+ int ret;
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ ret = fips_rand(&sctx, out, count);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ return ret;
-+}
-+
-+int FIPS_x931_status(void)
-+{
-+ int ret;
-+ CRYPTO_r_lock(CRYPTO_LOCK_RAND);
-+ ret = sctx.seeded;
-+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
-+ return ret;
-+}
-+
-+void FIPS_x931_reset(void)
-+{
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ fips_rand_prng_reset(&sctx);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+}
-+
-+static int fips_do_rand_seed(const void *seed, int seedlen)
-+{
-+ FIPS_x931_seed(seed, seedlen);
-+ return 1;
-+}
-+
-+static int fips_do_rand_add(const void *seed, int seedlen, double add_entropy)
-+{
-+ FIPS_x931_seed(seed, seedlen);
-+ return 1;
-+}
-+
-+static const RAND_METHOD rand_x931_meth = {
-+ fips_do_rand_seed,
-+ FIPS_x931_bytes,
-+ FIPS_x931_reset,
-+ fips_do_rand_add,
-+ FIPS_x931_bytes,
-+ FIPS_x931_status
-+};
-+
-+const RAND_METHOD *FIPS_x931_method(void)
-+{
-+ return &rand_x931_meth;
-+}
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_rand.h.fips
openssl-1.0.2o/crypto/fips/fips_rand.h
---- openssl-1.0.2o/crypto/fips/fips_rand.h.fips 2018-04-05 16:17:11.941265789 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_rand.h 2018-04-05 16:17:11.941265789 +0200
-@@ -0,0 +1,163 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#ifndef HEADER_FIPS_RAND_H
-+# define HEADER_FIPS_RAND_H
-+
-+# include <openssl/aes.h>
-+# include <openssl/evp.h>
-+# include <openssl/hmac.h>
-+# include <openssl/rand.h>
-+
-+# ifdef OPENSSL_FIPS
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+ int FIPS_x931_set_key(const unsigned char *key, int keylen);
-+ int FIPS_x931_seed(const void *buf, int num);
-+ int FIPS_x931_bytes(unsigned char *out, int outlen);
-+
-+ int FIPS_x931_test_mode(void);
-+ void FIPS_x931_reset(void);
-+ int FIPS_x931_set_dt(unsigned char *dt);
-+
-+ int FIPS_x931_status(void);
-+
-+ const RAND_METHOD *FIPS_x931_method(void);
-+
-+ typedef struct drbg_ctx_st DRBG_CTX;
-+/* DRBG external flags */
-+/* Flag for CTR mode only: use derivation function ctr_df */
-+# define DRBG_FLAG_CTR_USE_DF 0x1
-+/* PRNG is in test state */
-+# define DRBG_FLAG_TEST 0x2
-+
-+ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
-+ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
-+ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
-+ const unsigned char *pers, size_t perslen);
-+ int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin,
-+ size_t adinlen);
-+ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-+ int prediction_resistance,
-+ const unsigned char *adin, size_t adinlen);
-+
-+ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
-+ void FIPS_drbg_free(DRBG_CTX *dctx);
-+
-+ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_entropy) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy,
-+ size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_entropy) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ size_t entropy_blocklen,
-+ size_t (*get_nonce) (DRBG_CTX *ctx,
-+ unsigned char **pout,
-+ int entropy,
-+ size_t min_len,
-+ size_t max_len),
-+ void (*cleanup_nonce) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen));
-+
-+ int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
-+ size_t (*get_adin) (DRBG_CTX *ctx,
-+ unsigned char
-+ **pout),
-+ void (*cleanup_adin) (DRBG_CTX *ctx,
-+ unsigned char *out,
-+ size_t olen),
-+ int (*rand_seed_cb) (DRBG_CTX *ctx,
-+ const void *buf,
-+ int num),
-+ int (*rand_add_cb) (DRBG_CTX *ctx,
-+ const void *buf,
-+ int num,
-+ double entropy));
-+
-+ void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
-+ void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
-+ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
-+ int FIPS_drbg_get_strength(DRBG_CTX *dctx);
-+ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
-+ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
-+
-+ int FIPS_drbg_health_check(DRBG_CTX *dctx);
-+
-+ DRBG_CTX *FIPS_get_default_drbg(void);
-+ const RAND_METHOD *FIPS_drbg_method(void);
-+
-+ int FIPS_rand_set_method(const RAND_METHOD *meth);
-+ const RAND_METHOD *FIPS_rand_get_method(void);
-+
-+ void FIPS_rand_set_bits(int nbits);
-+
-+ int FIPS_rand_strength(void);
-+
-+/* 1.0.0 compat functions */
-+ int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
-+ int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
-+ int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
-+ int FIPS_rand_test_mode(void);
-+ void FIPS_rand_reset(void);
-+ int FIPS_rand_set_dt(unsigned char *dt);
-+ int FIPS_rand_status(void);
-+ const RAND_METHOD *FIPS_rand_method(void);
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+# endif
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_rand_lcl.h.fips
openssl-1.0.2o/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.2o/crypto/fips/fips_rand_lcl.h.fips 2018-04-05 16:17:11.942265813 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_rand_lcl.h 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,213 @@
-+/* fips/rand/fips_rand_lcl.h */
-+/* Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
-+ * project.
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.OpenSSL.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * licensing(a)OpenSSL.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.OpenSSL.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ * ====================================================================
-+ */
-+
-+typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
-+typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
-+typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
-+
-+/* 888 bits from 10.1 table 2 */
-+#define HASH_PRNG_MAX_SEEDLEN 111
-+
-+struct drbg_hash_ctx_st {
-+ const EVP_MD *md;
-+ EVP_MD_CTX mctx;
-+ unsigned char V[HASH_PRNG_MAX_SEEDLEN];
-+ unsigned char C[HASH_PRNG_MAX_SEEDLEN];
-+ /* Temporary value storage: should always exceed max digest length */
-+ unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
-+};
-+
-+struct drbg_hmac_ctx_st {
-+ const EVP_MD *md;
-+ HMAC_CTX hctx;
-+ unsigned char K[EVP_MAX_MD_SIZE];
-+ unsigned char V[EVP_MAX_MD_SIZE];
-+};
-+
-+struct drbg_ctr_ctx_st {
-+ AES_KEY ks;
-+ size_t keylen;
-+ unsigned char K[32];
-+ unsigned char V[16];
-+ /* Temp variables used by derivation function */
-+ AES_KEY df_ks;
-+ AES_KEY df_kxks;
-+ /* Temporary block storage used by ctr_df */
-+ unsigned char bltmp[16];
-+ size_t bltmp_pos;
-+ unsigned char KX[48];
-+};
-+
-+/* DRBG internal flags */
-+
-+/* Functions shouldn't call err library */
-+#define DRBG_FLAG_NOERR 0x1
-+/* Custom reseed checking */
-+#define DRBG_CUSTOM_RESEED 0x2
-+
-+/* DRBG status values */
-+/* not initialised */
-+#define DRBG_STATUS_UNINITIALISED 0
-+/* ok and ready to generate random bits */
-+#define DRBG_STATUS_READY 1
-+/* reseed required */
-+#define DRBG_STATUS_RESEED 2
-+/* fatal error condition */
-+#define DRBG_STATUS_ERROR 3
-+
-+/* A default maximum length: larger than any reasonable value used in pratice */
-+
-+#define DRBG_MAX_LENGTH 0x7ffffff0
-+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
-+ * so use max digest length.
-+ */
-+#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
-+
-+#define DRBG_HEALTH_INTERVAL (1 << 24)
-+
-+/* DRBG context structure */
-+
-+struct drbg_ctx_st {
-+ /* First types common to all implementations */
-+ /* DRBG type: a NID for the underlying algorithm */
-+ int type;
-+ /* Various external flags */
-+ unsigned int xflags;
-+ /* Various internal use only flags */
-+ unsigned int iflags;
-+ /* Used for periodic health checks */
-+ int health_check_cnt, health_check_interval;
-+
-+ /* The following parameters are setup by mechanism drbg_init() call */
-+ int strength;
-+ size_t blocklength;
-+ size_t max_request;
-+
-+ size_t min_entropy, max_entropy;
-+ size_t min_nonce, max_nonce;
-+ size_t max_pers, max_adin;
-+ unsigned int reseed_counter;
-+ unsigned int reseed_interval;
-+ size_t seedlen;
-+ int status;
-+ /* Application data: typically used by test get_entropy */
-+ void *app_data;
-+ /* Implementation specific structures */
-+ union {
-+ DRBG_HASH_CTX hash;
-+ DRBG_HMAC_CTX hmac;
-+ DRBG_CTR_CTX ctr;
-+ } d;
-+ /* Initialiase PRNG and setup callbacks below */
-+ int (*init) (DRBG_CTX *ctx, int nid, int security, unsigned int flags);
-+ /* Intantiate PRNG */
-+ int (*instantiate) (DRBG_CTX *ctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *nonce, size_t noncelen,
-+ const unsigned char *pers, size_t perslen);
-+ /* reseed */
-+ int (*reseed) (DRBG_CTX *ctx,
-+ const unsigned char *ent, size_t entlen,
-+ const unsigned char *adin, size_t adinlen);
-+ /* generat output */
-+ int (*generate) (DRBG_CTX *ctx,
-+ unsigned char *out, size_t outlen,
-+ const unsigned char *adin, size_t adinlen);
-+ /* uninstantiate */
-+ int (*uninstantiate) (DRBG_CTX *ctx);
-+
-+ /* Entropy source block length */
-+ size_t entropy_blocklen;
-+
-+ /* entropy gathering function */
-+ size_t (*get_entropy) (DRBG_CTX *ctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len);
-+ /* Indicates we have finished with entropy buffer */
-+ void (*cleanup_entropy) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
-+
-+ /* nonce gathering function */
-+ size_t (*get_nonce) (DRBG_CTX *ctx, unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len);
-+ /* Indicates we have finished with nonce buffer */
-+ void (*cleanup_nonce) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
-+
-+ /* Continuous random number test temporary area */
-+ /* Last block */
-+ unsigned char lb[EVP_MAX_MD_SIZE];
-+ /* set if lb is valid */
-+ int lb_valid;
-+
-+ /* Callbacks used when called through RAND interface */
-+ /* Get any additional input for generate */
-+ size_t (*get_adin) (DRBG_CTX *ctx, unsigned char **pout);
-+ void (*cleanup_adin) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
-+ /* Callback for RAND_seed(), RAND_add() */
-+ int (*rand_seed_cb) (DRBG_CTX *ctx, const void *buf, int num);
-+ int (*rand_add_cb) (DRBG_CTX *ctx,
-+ const void *buf, int num, double entropy);
-+};
-+
-+int fips_drbg_ctr_init(DRBG_CTX *dctx);
-+int fips_drbg_hash_init(DRBG_CTX *dctx);
-+int fips_drbg_hmac_init(DRBG_CTX *dctx);
-+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
-+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
-+
-+const struct env_md_st *FIPS_get_digestbynid(int nid);
-+
-+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
-+
-+#define FIPS_digestinit EVP_DigestInit
-+#define FIPS_digestupdate EVP_DigestUpdate
-+#define FIPS_digestfinal EVP_DigestFinal
-+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.0.2o/crypto/fips/fips_rand_lib.c.fips
openssl-1.0.2o/crypto/fips/fips_rand_lib.c
---- openssl-1.0.2o/crypto/fips/fips_rand_lib.c.fips 2018-04-05 16:17:11.942265813 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_rand_lib.c 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,181 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <openssl/crypto.h>
-+#include <openssl/rand.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include <openssl/fips_rand.h>
-+#include "e_os.h"
-+
-+/* FIPS API for PRNG use. Similar to RAND functionality but without
-+ * ENGINE and additional checking for non-FIPS rand methods.
-+ */
-+
-+static const RAND_METHOD *fips_rand_meth = NULL;
-+static int fips_approved_rand_meth = 0;
-+static int fips_rand_bits = 0;
-+
-+/* Allows application to override number of bits and uses non-FIPS methods */
-+void FIPS_rand_set_bits(int nbits)
-+{
-+ fips_rand_bits = nbits;
-+}
-+
-+int FIPS_rand_set_method(const RAND_METHOD *meth)
-+{
-+ if (!fips_rand_bits) {
-+ if (meth == FIPS_drbg_method())
-+ fips_approved_rand_meth = 1;
-+ else if (meth == FIPS_x931_method())
-+ fips_approved_rand_meth = 2;
-+ else {
-+ fips_approved_rand_meth = 0;
-+ if (FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ }
-+ }
-+ fips_rand_meth = meth;
-+ return 1;
-+}
-+
-+const RAND_METHOD *FIPS_rand_get_method(void)
-+{
-+ return fips_rand_meth;
-+}
-+
-+const RAND_METHOD *FIPS_rand_method(void)
-+{
-+ return FIPS_rand_get_method();
-+}
-+
-+void FIPS_rand_reset(void)
-+{
-+ if (fips_rand_meth && fips_rand_meth->cleanup)
-+ fips_rand_meth->cleanup();
-+}
-+
-+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->seed)
-+ fips_rand_meth->seed(buf, num);
-+ return 1;
-+}
-+
-+void FIPS_rand_add(const void *buf, int num, double entropy)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
-+ return;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->add)
-+ fips_rand_meth->add(buf, num, entropy);
-+}
-+
-+int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->bytes)
-+ return fips_rand_meth->bytes(buf, num);
-+ return 0;
-+}
-+
-+int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->pseudorand)
-+ return fips_rand_meth->pseudorand(buf, num);
-+ return -1;
-+}
-+
-+int FIPS_rand_status(void)
-+{
-+ if (!fips_approved_rand_meth && FIPS_module_mode()) {
-+ FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+ if (fips_rand_meth && fips_rand_meth->status)
-+ return fips_rand_meth->status();
-+ return 0;
-+}
-+
-+/* Return instantiated strength of PRNG. For DRBG this is an internal
-+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
-+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
-+ * 256 outside FIPS mode.
-+ */
-+
-+int FIPS_rand_strength(void)
-+{
-+ if (fips_rand_bits)
-+ return fips_rand_bits;
-+ if (fips_approved_rand_meth == 1)
-+ return FIPS_drbg_get_strength(FIPS_get_default_drbg());
-+ else if (fips_approved_rand_meth == 2)
-+ return 80;
-+ else if (fips_approved_rand_meth == 0) {
-+ if (FIPS_module_mode())
-+ return 0;
-+ else
-+ return 256;
-+ }
-+ return 0;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_rand_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_rand_selftest.c.fips 2018-04-05 16:17:11.942265813
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_rand_selftest.c 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,176 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+typedef struct {
-+ unsigned char DT[16];
-+ unsigned char V[16];
-+ unsigned char R[16];
-+} AES_PRNG_TV;
-+
-+/* The following test vectors are taken directly from the RGNVS spec */
-+
-+static unsigned char aes_128_key[16] =
-+ { 0xf3, 0xb1, 0x66, 0x6d, 0x13, 0x60, 0x72, 0x42,
-+ 0xed, 0x06, 0x1c, 0xab, 0xb8, 0xd4, 0x62, 0x02
-+};
-+
-+static AES_PRNG_TV aes_128_tv = {
-+ /* DT */
-+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
-+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xf9},
-+ /* V */
-+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-+ /* R */
-+ {0x59, 0x53, 0x1e, 0xd1, 0x3b, 0xb0, 0xc0, 0x55,
-+ 0x84, 0x79, 0x66, 0x85, 0xc1, 0x2f, 0x76, 0x41}
-+};
-+
-+static unsigned char aes_192_key[24] =
-+ { 0x15, 0xd8, 0x78, 0x0d, 0x62, 0xd3, 0x25, 0x6e,
-+ 0x44, 0x64, 0x10, 0x13, 0x60, 0x2b, 0xa9, 0xbc,
-+ 0x4a, 0xfb, 0xca, 0xeb, 0x4c, 0x8b, 0x99, 0x3b
-+};
-+
-+static AES_PRNG_TV aes_192_tv = {
-+ /* DT */
-+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
-+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4b},
-+ /* V */
-+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-+ /* R */
-+ {0x17, 0x07, 0xd5, 0x28, 0x19, 0x79, 0x1e, 0xef,
-+ 0xa5, 0x0c, 0xbf, 0x25, 0xe5, 0x56, 0xb4, 0x93}
-+};
-+
-+static unsigned char aes_256_key[32] =
-+ { 0x6d, 0x14, 0x06, 0x6c, 0xb6, 0xd8, 0x21, 0x2d,
-+ 0x82, 0x8d, 0xfa, 0xf2, 0x7a, 0x03, 0xb7, 0x9f,
-+ 0x0c, 0xc7, 0x3e, 0xcd, 0x76, 0xeb, 0xee, 0xb5,
-+ 0x21, 0x05, 0x8c, 0x4f, 0x31, 0x7a, 0x80, 0xbb
-+};
-+
-+static AES_PRNG_TV aes_256_tv = {
-+ /* DT */
-+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
-+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x88},
-+ /* V */
-+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
-+ /* R */
-+ {0x35, 0xc7, 0xef, 0xa7, 0x78, 0x4d, 0x29, 0xbc,
-+ 0x82, 0x79, 0x99, 0xfb, 0xd0, 0xb3, 0x3b, 0x72}
-+};
-+
-+void FIPS_corrupt_rng()
-+{
-+ aes_192_tv.V[0]++;
-+}
-+
-+# define fips_x931_test(key, tv) \
-+ do_x931_test(key, sizeof key, &tv)
-+
-+static int do_x931_test(unsigned char *key, int keylen, AES_PRNG_TV * tv)
-+{
-+ unsigned char R[16], V[16];
-+ int rv = 1;
-+ memcpy(V, tv->V, sizeof(V));
-+ if (!FIPS_x931_set_key(key, keylen))
-+ return 0;
-+ if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
-+ return 1;
-+ if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
-+ V[0]++;
-+ FIPS_x931_seed(V, 16);
-+ FIPS_x931_set_dt(tv->DT);
-+ FIPS_x931_bytes(R, 16);
-+ if (memcmp(R, tv->R, 16)) {
-+ fips_post_failed(FIPS_TEST_X931, keylen, NULL);
-+ rv = 0;
-+ } else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
-+ return 0;
-+ return rv;
-+}
-+
-+int FIPS_selftest_x931()
-+{
-+ int rv = 1;
-+ FIPS_x931_reset();
-+ if (!FIPS_x931_test_mode()) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+ if (!fips_x931_test(aes_128_key, aes_128_tv))
-+ rv = 0;
-+ if (!fips_x931_test(aes_192_key, aes_192_tv))
-+ rv = 0;
-+ if (!fips_x931_test(aes_256_key, aes_256_tv))
-+ rv = 0;
-+ FIPS_x931_reset();
-+ if (!rv)
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931, FIPS_R_SELFTEST_FAILED);
-+ return rv;
-+}
-+
-+int FIPS_selftest_rng(void)
-+{
-+ return FIPS_selftest_x931();
-+}
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_randtest.c.fips
openssl-1.0.2o/crypto/fips/fips_randtest.c
---- openssl-1.0.2o/crypto/fips/fips_randtest.c.fips 2018-04-05 16:17:11.942265813 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_randtest.c 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,247 @@
-+/* Copyright (C) 1995-1998 Eric Young (eay(a)cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay(a)cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh(a)cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay(a)cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson
(tjh(a)cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <ctype.h>
-+#include <openssl/rand.h>
-+#include <openssl/fips_rand.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+
-+#include "e_os.h"
-+
-+#ifndef OPENSSL_FIPS
-+int main(int argc, char *argv[])
-+{
-+ printf("No FIPS RAND support\n");
-+ return (0);
-+}
-+
-+#else
-+
-+# include "fips_utl.h"
-+# include <openssl/fips.h>
-+
-+typedef struct {
-+ unsigned char DT[16];
-+ unsigned char V[16];
-+ unsigned char R[16];
-+} AES_PRNG_MCT;
-+
-+static const unsigned char aes_128_mct_key[16] =
-+ { 0x9f, 0x5b, 0x51, 0x20, 0x0b, 0xf3, 0x34, 0xb5,
-+ 0xd8, 0x2b, 0xe8, 0xc3, 0x72, 0x55, 0xc8, 0x48
-+};
-+
-+static const AES_PRNG_MCT aes_128_mct_tv = {
-+ /* DT */
-+ {0x63, 0x76, 0xbb, 0xe5, 0x29, 0x02, 0xba, 0x3b,
-+ 0x67, 0xc9, 0x25, 0xfa, 0x70, 0x1f, 0x11, 0xac},
-+ /* V */
-+ {0x57, 0x2c, 0x8e, 0x76, 0x87, 0x26, 0x47, 0x97,
-+ 0x7e, 0x74, 0xfb, 0xdd, 0xc4, 0x95, 0x01, 0xd1},
-+ /* R */
-+ {0x48, 0xe9, 0xbd, 0x0d, 0x06, 0xee, 0x18, 0xfb,
-+ 0xe4, 0x57, 0x90, 0xd5, 0xc3, 0xfc, 0x9b, 0x73}
-+};
-+
-+static const unsigned char aes_192_mct_key[24] =
-+ { 0xb7, 0x6c, 0x34, 0xd1, 0x09, 0x67, 0xab, 0x73,
-+ 0x4d, 0x5a, 0xd5, 0x34, 0x98, 0x16, 0x0b, 0x91,
-+ 0xbc, 0x35, 0x51, 0x16, 0x6b, 0xae, 0x93, 0x8a
-+};
-+
-+static const AES_PRNG_MCT aes_192_mct_tv = {
-+ /* DT */
-+ {0x84, 0xce, 0x22, 0x7d, 0x91, 0x5a, 0xa3, 0xc9,
-+ 0x84, 0x3c, 0x0a, 0xb3, 0xa9, 0x63, 0x15, 0x52},
-+ /* V */
-+ {0xb6, 0xaf, 0xe6, 0x8f, 0x99, 0x9e, 0x90, 0x64,
-+ 0xdd, 0xc7, 0x7a, 0xc1, 0xbb, 0x90, 0x3a, 0x6d},
-+ /* R */
-+ {0xfc, 0x85, 0x60, 0x9a, 0x29, 0x6f, 0xef, 0x21,
-+ 0xdd, 0x86, 0x20, 0x32, 0x8a, 0x29, 0x6f, 0x47}
-+};
-+
-+static const unsigned char aes_256_mct_key[32] =
-+ { 0x9b, 0x05, 0xc8, 0x68, 0xff, 0x47, 0xf8, 0x3a,
-+ 0xa6, 0x3a, 0xa8, 0xcb, 0x4e, 0x71, 0xb2, 0xe0,
-+ 0xb8, 0x7e, 0xf1, 0x37, 0xb6, 0xb4, 0xf6, 0x6d,
-+ 0x86, 0x32, 0xfc, 0x1f, 0x5e, 0x1d, 0x1e, 0x50
-+};
-+
-+static const AES_PRNG_MCT aes_256_mct_tv = {
-+ /* DT */
-+ {0x31, 0x6e, 0x35, 0x9a, 0xb1, 0x44, 0xf0, 0xee,
-+ 0x62, 0x6d, 0x04, 0x46, 0xe0, 0xa3, 0x92, 0x4c},
-+ /* V */
-+ {0x4f, 0xcd, 0xc1, 0x87, 0x82, 0x1f, 0x4d, 0xa1,
-+ 0x3e, 0x0e, 0x56, 0x44, 0x59, 0xe8, 0x83, 0xca},
-+ /* R */
-+ {0xc8, 0x87, 0xc2, 0x61, 0x5b, 0xd0, 0xb9, 0xe1,
-+ 0xe7, 0xf3, 0x8b, 0xd7, 0x5b, 0xd5, 0xf1, 0x8d}
-+};
-+
-+static void dump(const unsigned char *b, int n)
-+{
-+ while (n-- > 0) {
-+ printf(" %02x", *b++);
-+ }
-+}
-+
-+static void compare(const unsigned char *result,
-+ const unsigned char *expected, int n)
-+{
-+ int i;
-+
-+ for (i = 0; i < n; ++i)
-+ if (result[i] != expected[i]) {
-+ puts("Random test failed, got:");
-+ dump(result, n);
-+ puts("\n expected:");
-+ dump(expected, n);
-+ putchar('\n');
-+ EXIT(1);
-+ }
-+}
-+
-+static void run_test(const unsigned char *key, int keylen,
-+ const AES_PRNG_MCT * tv)
-+{
-+ unsigned char buf[16], dt[16];
-+ int i, j;
-+ FIPS_x931_reset();
-+ FIPS_x931_test_mode();
-+ FIPS_x931_set_key(key, keylen);
-+ FIPS_x931_seed(tv->V, 16);
-+ memcpy(dt, tv->DT, 16);
-+ for (i = 0; i < 10000; i++) {
-+ FIPS_x931_set_dt(dt);
-+ FIPS_x931_bytes(buf, 16);
-+ /* Increment DT */
-+ for (j = 15; j >= 0; j--) {
-+ dt[j]++;
-+ if (dt[j])
-+ break;
-+ }
-+ }
-+
-+ compare(buf, tv->R, 16);
-+}
-+
-+int main()
-+{
-+ run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
-+ printf("FIPS PRNG test 1 done\n");
-+ run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
-+ printf("FIPS PRNG test 2 done\n");
-+ run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
-+ printf("FIPS PRNG test 3 done\n");
-+ return 0;
-+}
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c.fips 2018-04-05 16:17:11.942265813
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,444 @@
-+/* ====================================================================
-+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/rsa.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include <openssl/opensslconf.h>
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const unsigned char n[] =
-+ "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
-+ "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
-+ "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
-+ "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
-+ "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
-+ "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
-+ "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
-+ "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
"\xCB";
-+
-+static int corrupt_rsa;
-+
-+static int setrsakey(RSA *key)
-+{
-+ static const unsigned char e[] = "\x11";
-+
-+ static const unsigned char d[] =
-+ "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
-+ "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
-+ "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
-+ "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
-+ "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
-+ "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
-+ "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
-+ "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
-+ "\xC1";
-+
-+ static const unsigned char p[] =
-+ "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
-+ "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
-+ "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
-+ "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
-+ "\x99";
-+
-+ static const unsigned char q[] =
-+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-+ "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
-+ "\x03";
-+
-+ static const unsigned char dmp1[] =
-+ "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
-+ "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
-+ "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
-+ "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-+
-+ static const unsigned char dmq1[] =
-+ "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
-+ "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
-+ "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
-+ "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
-+
-+ static const unsigned char iqmp[] =
-+ "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
-+ "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
-+ "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
-+ "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
-+ "\xF7";
-+
-+ key->n = BN_bin2bn(n, sizeof(n) - 1, key->n);
-+ if (corrupt_rsa)
-+ BN_set_bit(key->n, 1024);
-+ key->e = BN_bin2bn(e, sizeof(e) - 1, key->e);
-+ key->d = BN_bin2bn(d, sizeof(d) - 1, key->d);
-+ key->p = BN_bin2bn(p, sizeof(p) - 1, key->p);
-+ key->q = BN_bin2bn(q, sizeof(q) - 1, key->q);
-+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, key->dmp1);
-+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, key->dmq1);
-+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, key->iqmp);
-+ return 1;
-+}
-+
-+void FIPS_corrupt_rsa()
-+{
-+ corrupt_rsa = 1;
-+}
-+
-+/* Known Answer Test (KAT) data for the above RSA private key signing
-+ * kat_tbs.
-+ */
-+
-+static const unsigned char kat_tbs[] =
-+ "OpenSSL FIPS 140-2 Public Key RSA KAT";
-+
-+static const unsigned char kat_RSA_PSS_SHA1[] = {
-+ 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
-+ 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
-+ 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
-+ 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
-+ 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
-+ 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
-+ 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
-+ 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
-+ 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
-+ 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
-+ 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
-+};
-+
-+static const unsigned char kat_RSA_PSS_SHA224[] = {
-+ 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
-+ 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
-+ 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
-+ 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
-+ 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
-+ 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
-+ 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
-+ 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
-+ 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
-+ 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
-+ 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
-+};
-+
-+static const unsigned char kat_RSA_PSS_SHA256[] = {
-+ 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
-+ 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
-+ 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
-+ 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
-+ 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
-+ 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
-+ 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
-+ 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
-+ 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
-+ 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
-+ 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
-+};
-+
-+static const unsigned char kat_RSA_PSS_SHA384[] = {
-+ 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
-+ 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
-+ 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
-+ 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
-+ 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
-+ 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
-+ 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
-+ 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
-+ 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
-+ 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
-+ 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
-+};
-+
-+static const unsigned char kat_RSA_PSS_SHA512[] = {
-+ 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
-+ 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
-+ 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
-+ 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
-+ 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
-+ 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
-+ 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
-+ 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
-+ 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
-+ 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
-+ 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
-+};
-+
-+static const unsigned char kat_RSA_SHA1[] = {
-+ 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
-+ 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
-+ 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
-+ 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
-+ 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
-+ 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
-+ 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
-+ 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
-+ 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
-+ 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
-+ 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
-+};
-+
-+static const unsigned char kat_RSA_SHA224[] = {
-+ 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
-+ 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
-+ 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
-+ 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
-+ 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
-+ 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
-+ 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
-+ 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
-+ 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
-+ 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
-+ 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
-+};
-+
-+static const unsigned char kat_RSA_SHA256[] = {
-+ 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
-+ 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
-+ 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
-+ 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
-+ 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
-+ 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
-+ 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
-+ 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
-+ 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
-+ 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
-+ 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
-+};
-+
-+static const unsigned char kat_RSA_SHA384[] = {
-+ 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
-+ 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
-+ 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
-+ 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
-+ 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
-+ 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
-+ 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
-+ 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
-+ 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
-+ 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
-+ 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
-+};
-+
-+static const unsigned char kat_RSA_SHA512[] = {
-+ 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
-+ 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
-+ 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
-+ 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
-+ 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
-+ 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
-+ 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
-+ 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
-+ 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
-+ 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
-+ 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
-+};
-+
-+static const unsigned char kat_RSA_X931_SHA1[] = {
-+ 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
-+ 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
-+ 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
-+ 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
-+ 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
-+ 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
-+ 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
-+ 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
-+ 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
-+ 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
-+ 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
-+};
-+
-+static const unsigned char kat_RSA_X931_SHA256[] = {
-+ 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
-+ 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
-+ 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
-+ 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
-+ 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
-+ 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
-+ 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
-+ 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
-+ 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
-+ 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
-+ 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
-+};
-+
-+static const unsigned char kat_RSA_X931_SHA384[] = {
-+ 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
-+ 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
-+ 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
-+ 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
-+ 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
-+ 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
-+ 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
-+ 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
-+ 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
-+ 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
-+ 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
-+};
-+
-+static const unsigned char kat_RSA_X931_SHA512[] = {
-+ 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
-+ 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
-+ 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
-+ 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
-+ 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
-+ 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
-+ 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
-+ 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
-+ 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
-+ 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
-+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
-+};
-+
-+int FIPS_selftest_rsa()
-+{
-+ int ret = 0;
-+ RSA *key;
-+ EVP_PKEY *pk = NULL;
-+
-+ if ((key = RSA_new()) == NULL)
-+ goto err;
-+ setrsakey(key);
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_assign_RSA(pk, key);
-+
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
-+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
-+ "RSA SHA1 PKCS#1"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
-+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
-+ "RSA SHA224 PKCS#1"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
-+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
-+ "RSA SHA256 PKCS#1"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
-+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
-+ "RSA SHA384 PKCS#1"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
-+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
-+ "RSA SHA512 PKCS#1"))
-+ goto err;
-+
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
-+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
-+ "RSA SHA1 PSS"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_PSS_SHA224,
-+ sizeof(kat_RSA_PSS_SHA224), EVP_sha224(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA224 PSS"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_PSS_SHA256,
-+ sizeof(kat_RSA_PSS_SHA256), EVP_sha256(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA256 PSS"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_PSS_SHA384,
-+ sizeof(kat_RSA_PSS_SHA384), EVP_sha384(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA384 PSS"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_PSS_SHA512,
-+ sizeof(kat_RSA_PSS_SHA512), EVP_sha512(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA512 PSS"))
-+ goto err;
-+
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_X931_SHA1,
-+ sizeof(kat_RSA_X931_SHA1), EVP_sha1(),
-+ EVP_MD_CTX_FLAG_PAD_X931, "RSA SHA1 X931"))
-+ goto err;
-+ /* NB: SHA224 not supported in X9.31 */
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_X931_SHA256,
-+ sizeof(kat_RSA_X931_SHA256), EVP_sha256(),
-+ EVP_MD_CTX_FLAG_PAD_X931,
-+ "RSA SHA256 X931"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_X931_SHA384,
-+ sizeof(kat_RSA_X931_SHA384), EVP_sha384(),
-+ EVP_MD_CTX_FLAG_PAD_X931,
-+ "RSA SHA384 X931"))
-+ goto err;
-+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-+ kat_RSA_X931_SHA512,
-+ sizeof(kat_RSA_X931_SHA512), EVP_sha512(),
-+ EVP_MD_CTX_FLAG_PAD_X931,
-+ "RSA SHA512 X931"))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+ else if (key)
-+ RSA_free(key);
-+ return ret;
-+}
-+
-+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.0.2o/crypto/fips/fips_rsa_x931g.c.fips
openssl-1.0.2o/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.2o/crypto/fips/fips_rsa_x931g.c.fips 2018-04-05 16:17:11.942265813 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_rsa_x931g.c 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,273 @@
-+/* crypto/rsa/rsa_gen.c */
-+/* Copyright (C) 1995-1998 Eric Young (eay(a)cryptsoft.com)
-+ * All rights reserved.
-+ *
-+ * This package is an SSL implementation written
-+ * by Eric Young (eay(a)cryptsoft.com).
-+ * The implementation was written so as to conform with Netscapes SSL.
-+ *
-+ * This library is free for commercial and non-commercial use as long as
-+ * the following conditions are aheared to. The following conditions
-+ * apply to all code found in this distribution, be it the RC4, RSA,
-+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-+ * included with this distribution is covered by the same copyright terms
-+ * except that the holder is Tim Hudson (tjh(a)cryptsoft.com).
-+ *
-+ * Copyright remains Eric Young's, and as such any Copyright notices in
-+ * the code are not to be removed.
-+ * If this package is used in a product, Eric Young should be given attribution
-+ * as the author of the parts of the library used.
-+ * This can be in the form of a textual message at program startup or
-+ * in documentation (online or textual) provided with the package.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. All advertising materials mentioning features or use of this software
-+ * must display the following acknowledgement:
-+ * "This product includes cryptographic software written by
-+ * Eric Young (eay(a)cryptsoft.com)"
-+ * The word 'cryptographic' can be left out if the rouines from the library
-+ * being used are not cryptographic related :-).
-+ * 4. If you include any Windows specific code (or a derivative thereof) from
-+ * the apps directory (application code) you must include an acknowledgement:
-+ * "This product includes software written by Tim Hudson
(tjh(a)cryptsoft.com)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+ * SUCH DAMAGE.
-+ *
-+ * The licence and distribution terms for any publically available version or
-+ * derivative of this code cannot be changed. i.e. this code cannot simply be
-+ * copied and put under another distribution licence
-+ * [including the GNU Public Licence.]
-+ */
-+
-+#include <stdio.h>
-+#include <string.h>
-+#include <time.h>
-+#include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+
-+extern int fips_check_rsa(RSA *rsa);
-+#endif
-+
-+/* X9.31 RSA key derivation and generation */
-+
-+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
-+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
-+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
-+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
-+{
-+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
-+ BN_CTX *ctx = NULL, *ctx2 = NULL;
-+
-+ if (!rsa)
-+ goto err;
-+
-+ ctx = BN_CTX_new();
-+ if (!ctx)
-+ goto err;
-+ BN_CTX_start(ctx);
-+
-+ r0 = BN_CTX_get(ctx);
-+ r1 = BN_CTX_get(ctx);
-+ r2 = BN_CTX_get(ctx);
-+ r3 = BN_CTX_get(ctx);
-+
-+ if (r3 == NULL)
-+ goto err;
-+ if (!rsa->e) {
-+ rsa->e = BN_dup(e);
-+ if (!rsa->e)
-+ goto err;
-+ } else
-+ e = rsa->e;
-+
-+ /* If not all parameters present only calculate what we can.
-+ * This allows test programs to output selective parameters.
-+ */
-+
-+ if (Xp && !rsa->p) {
-+ rsa->p = BN_new();
-+ if (!rsa->p)
-+ goto err;
-+
-+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
-+ Xp, Xp1, Xp2, e, ctx, cb))
-+ goto err;
-+ }
-+
-+ if (Xq && !rsa->q) {
-+ rsa->q = BN_new();
-+ if (!rsa->q)
-+ goto err;
-+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
-+ Xq, Xq1, Xq2, e, ctx, cb))
-+ goto err;
-+ }
-+
-+ if (!rsa->p || !rsa->q) {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ return 2;
-+ }
-+
-+ /* Since both primes are set we can now calculate all remaining
-+ * components.
-+ */
-+
-+ /* calculate n */
-+ rsa->n = BN_new();
-+ if (rsa->n == NULL)
-+ goto err;
-+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
-+ goto err;
-+
-+ /* calculate d */
-+ if (!BN_sub(r1, rsa->p, BN_value_one()))
-+ goto err; /* p-1 */
-+ if (!BN_sub(r2, rsa->q, BN_value_one()))
-+ goto err; /* q-1 */
-+ if (!BN_mul(r0, r1, r2, ctx))
-+ goto err; /* (p-1)(q-1) */
-+
-+ if (!BN_gcd(r3, r1, r2, ctx))
-+ goto err;
-+
-+ if (!BN_div(r0, NULL, r0, r3, ctx))
-+ goto err; /* LCM((p-1)(q-1)) */
-+
-+ ctx2 = BN_CTX_new();
-+ if (!ctx2)
-+ goto err;
-+
-+ rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
-+ if (rsa->d == NULL)
-+ goto err;
-+
-+ /* calculate d mod (p-1) */
-+ rsa->dmp1 = BN_new();
-+ if (rsa->dmp1 == NULL)
-+ goto err;
-+ if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
-+ goto err;
-+
-+ /* calculate d mod (q-1) */
-+ rsa->dmq1 = BN_new();
-+ if (rsa->dmq1 == NULL)
-+ goto err;
-+ if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
-+ goto err;
-+
-+ /* calculate inverse of q mod p */
-+ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
-+
-+ err:
-+ if (ctx) {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ }
-+ if (ctx2)
-+ BN_CTX_free(ctx2);
-+ /* If this is set all calls successful */
-+ if (rsa && rsa->iqmp != NULL)
-+ return 1;
-+
-+ return 0;
-+
-+}
-+
-+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
-+ BN_GENCB *cb)
-+{
-+ int ok = 0;
-+ BIGNUM *Xp = NULL, *Xq = NULL;
-+ BN_CTX *ctx = NULL;
-+
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
&&
-+ (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
-+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_KEY_TOO_SHORT);
-+ return 0;
-+ }
-+
-+ if (bits & 0xff) {
-+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+#endif
-+
-+ ctx = BN_CTX_new();
-+ if (!ctx)
-+ goto error;
-+
-+ BN_CTX_start(ctx);
-+ Xp = BN_CTX_get(ctx);
-+ Xq = BN_CTX_get(ctx);
-+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
-+ goto error;
-+
-+ rsa->p = BN_new();
-+ rsa->q = BN_new();
-+ if (!rsa->p || !rsa->q)
-+ goto error;
-+
-+ /* Generate two primes from Xp, Xq */
-+
-+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
-+ e, ctx, cb))
-+ goto error;
-+
-+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
-+ e, ctx, cb))
-+ goto error;
-+
-+ /* Since rsa->p and rsa->q are valid this call will just derive
-+ * remaining RSA components.
-+ */
-+
-+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
-+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
-+ goto error;
-+
-+#ifdef OPENSSL_FIPS
-+ if (!fips_check_rsa(rsa))
-+ goto error;
-+#endif
-+
-+ ok = 1;
-+
-+ error:
-+ if (ctx) {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ }
-+
-+ if (ok)
-+ return 1;
-+
-+ return 0;
-+
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_sha_selftest.c.fips
openssl-1.0.2o/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_sha_selftest.c.fips 2018-04-05 16:17:11.942265813
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_sha_selftest.c 2018-04-05 16:17:11.942265813 +0200
-@@ -0,0 +1,145 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+#include <openssl/evp.h>
-+#include <openssl/sha.h>
-+
-+#ifdef OPENSSL_FIPS
-+static const char test[][60] = {
-+ "",
-+ "abc",
-+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-+};
-+
-+static const unsigned char ret[][SHA_DIGEST_LENGTH] = {
-+ {0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55,
-+ 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09},
-+ {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e,
-+ 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d},
-+ {0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae,
-+ 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1},
-+};
-+
-+static int corrupt_sha;
-+
-+void FIPS_corrupt_sha1()
-+{
-+ corrupt_sha = 1;
-+}
-+
-+int FIPS_selftest_sha1()
-+{
-+ int n;
-+
-+ for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) {
-+ unsigned char md[SHA_DIGEST_LENGTH];
-+
-+ EVP_Digest(test[n], strlen(test[n]) + corrupt_sha, md, NULL,
-+ EVP_sha1(), NULL);
-+ if (memcmp(md, ret[n], sizeof md)) {
-+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+ }
-+ return 1;
-+}
-+
-+static const unsigned char msg_sha256[] =
-+ { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
-+ 0xfc
-+};
-+
-+static const unsigned char dig_sha256[] =
-+ { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
-+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
-+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
-+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a
-+};
-+
-+static const unsigned char msg_sha512[] =
-+ { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
-+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd
-+};
-+
-+static const unsigned char dig_sha512[] =
-+ { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
-+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
-+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
-+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
-+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
-+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
-+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
-+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43
-+};
-+
-+int FIPS_selftest_sha2(void)
-+{
-+ unsigned char md[SHA512_DIGEST_LENGTH];
-+
-+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
-+ if (memcmp(dig_sha256, md, sizeof(dig_sha256))) {
-+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
-+ if (memcmp(dig_sha512, md, sizeof(dig_sha512))) {
-+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips_standalone_hmac.c.fips
openssl-1.0.2o/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.2o/crypto/fips/fips_standalone_hmac.c.fips 2018-04-05 16:17:11.943265836
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_standalone_hmac.c 2018-04-05 16:17:11.943265836
+0200
-@@ -0,0 +1,268 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <openssl/opensslconf.h>
-+#include <openssl/sha.h>
-+#include <openssl/hmac.h>
-+
-+#ifndef FIPSCANISTER_O
-+int FIPS_selftest_failed()
-+{
-+ return 0;
-+}
-+
-+void FIPS_selftest_check()
-+{
-+}
-+#endif
-+
-+#ifdef OPENSSL_FIPS
-+int bn_mul_mont_fpu64(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-+ const BN_ULONG *np, const BN_ULONG *n0, int num)
-+{
-+ return 0;
-+};
-+
-+int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-+ const BN_ULONG *np, const BN_ULONG *n0, int num)
-+{
-+ return 0;
-+};
-+
-+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
-+ defined(__INTEL__) || \
-+ defined(__x86_64) || defined(__x86_64__) || \
-+ defined(_M_AMD64) || defined(_M_X64)
-+
-+unsigned int OPENSSL_ia32cap_P[4];
-+unsigned long *OPENSSL_ia32cap_loc(void)
-+{
-+ if (sizeof(long) == 4)
-+ /*
-+ * If 32-bit application pulls address of OPENSSL_ia32cap_P[0]
-+ * clear second element to maintain the illusion that vector
-+ * is 32-bit.
-+ */
-+ OPENSSL_ia32cap_P[1] = 0;
-+
-+ OPENSSL_ia32cap_P[2] = 0;
-+
-+ return (unsigned long *)OPENSSL_ia32cap_P;
-+}
-+
-+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) &&
!defined(I386_ONLY)
-+# define OPENSSL_CPUID_SETUP
-+# if defined(_WIN32)
-+typedef unsigned __int64 IA32CAP;
-+# else
-+typedef unsigned long long IA32CAP;
-+# endif
-+void OPENSSL_cpuid_setup(void)
-+{
-+ static int trigger = 0;
-+ IA32CAP OPENSSL_ia32_cpuid(unsigned int *);
-+ IA32CAP vec;
-+ char *env;
-+
-+ if (trigger)
-+ return;
-+
-+ trigger = 1;
-+ if ((env = getenv("OPENSSL_ia32cap"))) {
-+ int off = (env[0] == '~') ? 1 : 0;
-+# if defined(_WIN32)
-+ if (!sscanf(env + off, "%I64i", &vec))
-+ vec = strtoul(env + off, NULL, 0);
-+# else
-+ if (!sscanf(env + off, "%lli", (long long *)&vec))
-+ vec = strtoul(env + off, NULL, 0);
-+# endif
-+ if (off)
-+ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~vec;
-+ else if (env[0] == ':')
-+ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
-+
-+ OPENSSL_ia32cap_P[2] = 0;
-+ if ((env = strchr(env, ':'))) {
-+ unsigned int vecx;
-+ env++;
-+ off = (env[0] == '~') ? 1 : 0;
-+ vecx = strtoul(env + off, NULL, 0);
-+ if (off)
-+ OPENSSL_ia32cap_P[2] &= ~vecx;
-+ else
-+ OPENSSL_ia32cap_P[2] = vecx;
-+ }
-+ } else
-+ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
-+
-+ /*
-+ * |(1<<10) sets a reserved bit to signal that variable
-+ * was initialized already... This is to avoid interference
-+ * with cpuid snippets in ELF .init segment.
-+ */
-+ OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10);
-+ OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32);
-+}
-+# else
-+unsigned int OPENSSL_ia32cap_P[4];
-+# endif
-+
-+# else
-+unsigned long *OPENSSL_ia32cap_loc(void)
-+{
-+ return NULL;
-+}
-+# endif
-+int OPENSSL_NONPIC_relocated = 0;
-+# if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
-+void OPENSSL_cpuid_setup(void)
-+{
-+}
-+# endif
-+
-+static void hmac_init(SHA256_CTX *md_ctx, SHA256_CTX *o_ctx, const char *key)
-+{
-+ size_t len = strlen(key);
-+ int i;
-+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
-+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
-+
-+ if (len > SHA_CBLOCK) {
-+ SHA256_Init(md_ctx);
-+ SHA256_Update(md_ctx, key, len);
-+ SHA256_Final(keymd, md_ctx);
-+ len = SHA256_DIGEST_LENGTH;
-+ } else
-+ memcpy(keymd, key, len);
-+ memset(&keymd[len], '\0', HMAC_MAX_MD_CBLOCK - len);
-+
-+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
-+ pad[i] = 0x36 ^ keymd[i];
-+ SHA256_Init(md_ctx);
-+ SHA256_Update(md_ctx, pad, SHA256_CBLOCK);
-+
-+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
-+ pad[i] = 0x5c ^ keymd[i];
-+ SHA256_Init(o_ctx);
-+ SHA256_Update(o_ctx, pad, SHA256_CBLOCK);
-+}
-+
-+static void hmac_final(unsigned char *md, SHA256_CTX *md_ctx,
-+ SHA256_CTX *o_ctx)
-+{
-+ unsigned char buf[SHA256_DIGEST_LENGTH];
-+
-+ SHA256_Final(buf, md_ctx);
-+ SHA256_Update(o_ctx, buf, sizeof buf);
-+ SHA256_Final(md, o_ctx);
-+}
-+
-+#endif
-+
-+int main(int argc, char **argv)
-+{
-+#ifdef OPENSSL_FIPS
-+ static char key[] = "orboDeJITITejsirpADONivirpUkvarP";
-+ int n, binary = 0;
-+
-+ if (argc < 2) {
-+ fprintf(stderr, "%s [<file>]+\n", argv[0]);
-+ exit(1);
-+ }
-+
-+ n = 1;
-+ if (!strcmp(argv[n], "-binary")) {
-+ n++;
-+ binary = 1; /* emit binary fingerprint... */
-+ }
-+
-+ for (; n < argc; ++n) {
-+ FILE *f = fopen(argv[n], "rb");
-+ SHA256_CTX md_ctx, o_ctx;
-+ unsigned char md[SHA256_DIGEST_LENGTH];
-+ int i;
-+
-+ if (!f) {
-+ perror(argv[n]);
-+ exit(2);
-+ }
-+
-+ hmac_init(&md_ctx, &o_ctx, key);
-+ for (;;) {
-+ char buf[1024];
-+ size_t l = fread(buf, 1, sizeof buf, f);
-+
-+ if (l == 0) {
-+ if (ferror(f)) {
-+ perror(argv[n]);
-+ exit(3);
-+ } else
-+ break;
-+ }
-+ SHA256_Update(&md_ctx, buf, l);
-+ }
-+ hmac_final(md, &md_ctx, &o_ctx);
-+
-+ if (binary) {
-+ fwrite(md, SHA256_DIGEST_LENGTH, 1, stdout);
-+ break; /* ... for single(!) file */
-+ }
-+
-+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
-+ for (i = 0; i < SHA256_DIGEST_LENGTH; ++i)
-+ printf("%02x", md[i]);
-+ printf("\n");
-+ }
-+#endif
-+ return 0;
-+}
-diff -up openssl-1.0.2o/crypto/fips/fips_test_suite.c.fips
openssl-1.0.2o/crypto/fips/fips_test_suite.c
---- openssl-1.0.2o/crypto/fips/fips_test_suite.c.fips 2018-04-05 16:17:11.943265836
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_test_suite.c 2018-04-05 16:17:11.943265836 +0200
-@@ -0,0 +1,639 @@
-+/* ====================================================================
-+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
-+ *
-+ *
-+ * This command is intended as a test driver for the FIPS-140 testing
-+ * lab performing FIPS-140 validation. It demonstrates the use of the
-+ * OpenSSL library ito perform a variety of common cryptographic
-+ * functions. A power-up self test is demonstrated by deliberately
-+ * pointing to an invalid executable hash
-+ *
-+ * Contributed by Steve Marquess.
-+ *
-+ */
-+#include <stdio.h>
-+#include <assert.h>
-+#include <ctype.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <openssl/aes.h>
-+#include <openssl/des.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <openssl/dh.h>
-+#include <openssl/hmac.h>
-+#include <openssl/err.h>
-+
-+#include <openssl/bn.h>
-+#include <openssl/rand.h>
-+#include <openssl/sha.h>
-+
-+#ifndef OPENSSL_FIPS
-+int main(int argc, char *argv[])
-+{
-+ printf("No FIPS support\n");
-+ return (0);
-+}
-+#else
-+
-+# include <openssl/fips.h>
-+# include "fips_utl.h"
-+
-+/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
-+*/
-+static int FIPS_aes_test(void)
-+{
-+ int ret = 0;
-+ unsigned char pltmp[16];
-+ unsigned char citmp[16];
-+ unsigned char key[16] =
-+ { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
-+ unsigned char plaintext[16] = "etaonrishdlcu";
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 1) <= 0)
-+ goto err;
-+ EVP_Cipher(&ctx, citmp, plaintext, 16);
-+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 0) <= 0)
-+ goto err;
-+ EVP_Cipher(&ctx, pltmp, citmp, 16);
-+ if (memcmp(pltmp, plaintext, 16))
-+ goto err;
-+ ret = 1;
-+ err:
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ return ret;
-+}
-+
-+static int FIPS_des3_test(void)
-+{
-+ int ret = 0;
-+ unsigned char pltmp[8];
-+ unsigned char citmp[8];
-+ unsigned char key[] =
-+ { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
-+ 19, 20, 21, 22, 23, 24
-+ };
-+ unsigned char plaintext[] = { 'e', 't', 'a', 'o',
'n', 'r', 'i', 's' };
-+ EVP_CIPHER_CTX ctx;
-+ EVP_CIPHER_CTX_init(&ctx);
-+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0)
-+ goto err;
-+ EVP_Cipher(&ctx, citmp, plaintext, 8);
-+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0)
-+ goto err;
-+ EVP_Cipher(&ctx, pltmp, citmp, 8);
-+ if (memcmp(pltmp, plaintext, 8))
-+ goto err;
-+ ret = 1;
-+ err:
-+ EVP_CIPHER_CTX_cleanup(&ctx);
-+ return ret;
-+}
-+
-+/*
-+ * DSA: generate keys and sign, verify input plaintext.
-+ */
-+static int FIPS_dsa_test(int bad)
-+{
-+ DSA *dsa = NULL;
-+ EVP_PKEY pk;
-+ unsigned char dgst[] = "etaonrishdlc";
-+ unsigned char buf[60];
-+ unsigned int slen;
-+ int r = 0;
-+ EVP_MD_CTX mctx;
-+
-+ ERR_clear_error();
-+ EVP_MD_CTX_init(&mctx);
-+ dsa = DSA_new();
-+ if (!dsa)
-+ goto end;
-+ if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))
-+ goto end;
-+ if (!DSA_generate_key(dsa))
-+ goto end;
-+ if (bad)
-+ BN_add_word(dsa->pub_key, 1);
-+
-+ pk.type = EVP_PKEY_DSA;
-+ pk.pkey.dsa = dsa;
-+
-+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
-+ goto end;
-+ if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
-+ goto end;
-+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
-+ goto end;
-+
-+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
-+ goto end;
-+ if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
-+ goto end;
-+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
-+ end:
-+ EVP_MD_CTX_cleanup(&mctx);
-+ if (dsa)
-+ DSA_free(dsa);
-+ if (r != 1)
-+ return 0;
-+ return 1;
-+}
-+
-+/*
-+ * RSA: generate keys and sign, verify input plaintext.
-+ */
-+static int FIPS_rsa_test(int bad)
-+{
-+ RSA *key;
-+ unsigned char input_ptext[] = "etaonrishdlc";
-+ unsigned char buf[256];
-+ unsigned int slen;
-+ BIGNUM *bn;
-+ EVP_MD_CTX mctx;
-+ EVP_PKEY pk;
-+ int r = 0;
-+
-+ ERR_clear_error();
-+ EVP_MD_CTX_init(&mctx);
-+ key = RSA_new();
-+ bn = BN_new();
-+ if (!key || !bn)
-+ return 0;
-+ BN_set_word(bn, 65537);
-+ if (!RSA_generate_key_ex(key, 1024, bn, NULL))
-+ return 0;
-+ BN_free(bn);
-+ if (bad)
-+ BN_add_word(key->n, 1);
-+
-+ pk.type = EVP_PKEY_RSA;
-+ pk.pkey.rsa = key;
-+
-+ if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
-+ goto end;
-+ if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
-+ goto end;
-+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
-+ goto end;
-+
-+ if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
-+ goto end;
-+ if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
-+ goto end;
-+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
-+ end:
-+ EVP_MD_CTX_cleanup(&mctx);
-+ if (key)
-+ RSA_free(key);
-+ if (r != 1)
-+ return 0;
-+ return 1;
-+}
-+
-+/* SHA1: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_sha1_test()
-+{
-+ unsigned char digest[SHA_DIGEST_LENGTH] =
-+ { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a,
-+0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
-+ unsigned char str[] = "etaonrishd";
-+
-+ unsigned char md[SHA_DIGEST_LENGTH];
-+
-+ ERR_clear_error();
-+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha1(), NULL))
-+ return 0;
-+ if (memcmp(md, digest, sizeof(md)))
-+ return 0;
-+ return 1;
-+}
-+
-+/* SHA256: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_sha256_test()
-+{
-+ unsigned char digest[SHA256_DIGEST_LENGTH] =
-+ { 0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9,
-+0x68, 0xc0, 0xea, 0x40, 0x91,
-+ 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6,
-+ 0x50, 0x4f, 0x47, 0x57
-+ };
-+ unsigned char str[] = "etaonrishd";
-+
-+ unsigned char md[SHA256_DIGEST_LENGTH];
-+
-+ ERR_clear_error();
-+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha256(), NULL))
-+ return 0;
-+ if (memcmp(md, digest, sizeof(md)))
-+ return 0;
-+ return 1;
-+}
-+
-+/* SHA512: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_sha512_test()
-+{
-+ unsigned char digest[SHA512_DIGEST_LENGTH] =
-+ { 0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f,
-+0x94, 0x71, 0x64, 0x28, 0xca,
-+ 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2,
-+ 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
-+ 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f,
-+ 0x24, 0xb1, 0xd9, 0x40, 0x22,
-+ 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6,
-+ 0xeb, 0x2d, 0x42, 0x1d, 0xa3
-+ };
-+ unsigned char str[] = "etaonrishd";
-+
-+ unsigned char md[SHA512_DIGEST_LENGTH];
-+
-+ ERR_clear_error();
-+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha512(), NULL))
-+ return 0;
-+ if (memcmp(md, digest, sizeof(md)))
-+ return 0;
-+ return 1;
-+}
-+
-+/* HMAC-SHA1: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_hmac_sha1_test()
-+{
-+ unsigned char key[] = "etaonrishd";
-+ unsigned char iv[] = "Sample text";
-+ unsigned char kaval[EVP_MAX_MD_SIZE] =
-+ { 0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea,
-+0x56, 0x1b, 0x61, 0x2e, 0x70,
-+ 0xb2, 0xfb, 0xec, 0xc6
-+ };
-+
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ unsigned int outlen;
-+
-+ ERR_clear_error();
-+ if (!HMAC
-+ (EVP_sha1(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, &outlen))
-+ return 0;
-+ if (memcmp(out, kaval, outlen))
-+ return 0;
-+ return 1;
-+}
-+
-+/* HMAC-SHA224: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_hmac_sha224_test()
-+{
-+ unsigned char key[] = "etaonrishd";
-+ unsigned char iv[] = "Sample text";
-+ unsigned char kaval[EVP_MAX_MD_SIZE] =
-+ { 0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe,
-+0x1c, 0xb2, 0xf0, 0x20, 0x35,
-+ 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19
-+ };
-+
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ unsigned int outlen;
-+
-+ ERR_clear_error();
-+ if (!HMAC
-+ (EVP_sha224(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
-+ &outlen))
-+ return 0;
-+ if (memcmp(out, kaval, outlen))
-+ return 0;
-+ return 1;
-+}
-+
-+/* HMAC-SHA256: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_hmac_sha256_test()
-+{
-+ unsigned char key[] = "etaonrishd";
-+ unsigned char iv[] = "Sample text";
-+ unsigned char kaval[EVP_MAX_MD_SIZE] =
-+ { 0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36,
-+0x02, 0xf5, 0x72, 0x33, 0x87,
-+ 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee,
-+ 0x51, 0xff, 0xda, 0x24, 0xf4
-+ };
-+
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ unsigned int outlen;
-+
-+ ERR_clear_error();
-+ if (!HMAC
-+ (EVP_sha256(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
-+ &outlen))
-+ return 0;
-+ if (memcmp(out, kaval, outlen))
-+ return 0;
-+ return 1;
-+}
-+
-+/* HMAC-SHA384: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_hmac_sha384_test()
-+{
-+ unsigned char key[] = "etaonrishd";
-+ unsigned char iv[] = "Sample text";
-+ unsigned char kaval[EVP_MAX_MD_SIZE] =
-+ { 0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08,
-+0x26, 0x99, 0xef, 0x3b, 0x10,
-+ 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b,
-+ 0xac, 0xb0, 0x07, 0x39, 0x08,
-+ 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3,
-+ 0xf3, 0xb8, 0x9b, 0x88, 0x1c
-+ };
-+
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ unsigned int outlen;
-+
-+ ERR_clear_error();
-+ if (!HMAC
-+ (EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
-+ &outlen))
-+ return 0;
-+ if (memcmp(out, kaval, outlen))
-+ return 0;
-+ return 1;
-+}
-+
-+/* HMAC-SHA512: generate hash of known digest value and compare to known
-+ precomputed correct hash
-+*/
-+static int FIPS_hmac_sha512_test()
-+{
-+ unsigned char key[] = "etaonrishd";
-+ unsigned char iv[] = "Sample text";
-+ unsigned char kaval[EVP_MAX_MD_SIZE] =
-+ { 0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3,
-+0x77, 0x59, 0x85, 0xa9, 0xe6,
-+ 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1,
-+ 0xad, 0x7e, 0x24, 0xca, 0xb1,
-+ 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52,
-+ 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
-+ 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96,
-+ 0x3d, 0xa6, 0xd9, 0x2a, 0x53
-+ };
-+
-+ unsigned char out[EVP_MAX_MD_SIZE];
-+ unsigned int outlen;
-+
-+ ERR_clear_error();
-+ if (!HMAC
-+ (EVP_sha512(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
-+ &outlen))
-+ return 0;
-+ if (memcmp(out, kaval, outlen))
-+ return 0;
-+ return 1;
-+}
-+
-+/* DH: generate shared parameters
-+*/
-+static int dh_test()
-+{
-+ DH *dh;
-+ ERR_clear_error();
-+ dh = FIPS_dh_new();
-+ if (!dh)
-+ return 0;
-+ if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
-+ return 0;
-+ FIPS_dh_free(dh);
-+ return 1;
-+}
-+
-+/* Zeroize
-+*/
-+static int Zeroize()
-+{
-+ RSA *key;
-+ BIGNUM *bn;
-+ unsigned char userkey[16] =
-+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f,
-+0x83, 0x02, 0xb1, 0x09, 0x68 };
-+ int i, n;
-+
-+ key = FIPS_rsa_new();
-+ bn = BN_new();
-+ if (!key || !bn)
-+ return 0;
-+ BN_set_word(bn, 65537);
-+ if (!RSA_generate_key_ex(key, 1024, bn, NULL))
-+ return 0;
-+ BN_free(bn);
-+
-+ n = BN_num_bytes(key->d);
-+ printf(" Generated %d byte RSA private key\n", n);
-+ printf("\tBN key before overwriting:\n");
-+ do_bn_print(stdout, key->d);
-+ BN_rand(key->d, n * 8, -1, 0);
-+ printf("\tBN key after overwriting:\n");
-+ do_bn_print(stdout, key->d);
-+
-+ printf("\tchar buffer key before overwriting: \n\t\t");
-+ for (i = 0; i < sizeof(userkey); i++)
-+ printf("%02x", userkey[i]);
-+ printf("\n");
-+ RAND_bytes(userkey, sizeof userkey);
-+ printf("\tchar buffer key after overwriting: \n\t\t");
-+ for (i = 0; i < sizeof(userkey); i++)
-+ printf("%02x", userkey[i]);
-+ printf("\n");
-+
-+ return 1;
-+}
-+
-+static int Error;
-+const char *Fail(const char *msg)
-+{
-+ do_print_errors();
-+ Error++;
-+ return msg;
-+}
-+
-+int main(int argc, char **argv)
-+{
-+
-+ int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
-+ int bad_rsa = 0, bad_dsa = 0;
-+ int do_rng_stick = 0;
-+ int no_exit = 0;
-+
-+ printf("\tFIPS-mode test application\n\n");
-+
-+ /* Load entropy from external file, if any */
-+ RAND_load_file(".rnd", 1024);
-+
-+ if (argv[1]) {
-+ /* Corrupted KAT tests */
-+ if (!strcmp(argv[1], "aes")) {
-+ FIPS_corrupt_aes();
-+ printf("AES encryption/decryption with corrupted KAT...\n");
-+ } else if (!strcmp(argv[1], "des")) {
-+ FIPS_corrupt_des();
-+ printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
-+ } else if (!strcmp(argv[1], "dsa")) {
-+ FIPS_corrupt_dsa();
-+ printf
-+ ("DSA key generation and signature validation with corrupted
KAT...\n");
-+ } else if (!strcmp(argv[1], "rsa")) {
-+ FIPS_corrupt_rsa();
-+ printf
-+ ("RSA key generation and signature validation with corrupted
KAT...\n");
-+ } else if (!strcmp(argv[1], "rsakey")) {
-+ printf
-+ ("RSA key generation and signature validation with corrupted
key...\n");
-+ bad_rsa = 1;
-+ no_exit = 1;
-+ } else if (!strcmp(argv[1], "rsakeygen")) {
-+ do_corrupt_rsa_keygen = 1;
-+ no_exit = 1;
-+ printf
-+ ("RSA key generation and signature validation with corrupted
keygen...\n");
-+ } else if (!strcmp(argv[1], "dsakey")) {
-+ printf
-+ ("DSA key generation and signature validation with corrupted
key...\n");
-+ bad_dsa = 1;
-+ no_exit = 1;
-+ } else if (!strcmp(argv[1], "dsakeygen")) {
-+ do_corrupt_dsa_keygen = 1;
-+ no_exit = 1;
-+ printf
-+ ("DSA key generation and signature validation with corrupted
keygen...\n");
-+ } else if (!strcmp(argv[1], "sha1")) {
-+ FIPS_corrupt_sha1();
-+ printf("SHA-1 hash with corrupted KAT...\n");
-+ } else if (!strcmp(argv[1], "rng")) {
-+ FIPS_corrupt_rng();
-+ } else if (!strcmp(argv[1], "rngstick")) {
-+ do_rng_stick = 1;
-+ no_exit = 1;
-+ printf("RNG test with stuck continuous test...\n");
-+ } else {
-+ printf("Bad argument \"%s\"\n", argv[1]);
-+ exit(1);
-+ }
-+ if (!no_exit) {
-+ if (!FIPS_mode_set(1)) {
-+ do_print_errors();
-+ printf("Power-up self test failed\n");
-+ exit(1);
-+ }
-+ printf("Power-up self test successful\n");
-+ exit(0);
-+ }
-+ }
-+
-+ /* Non-Approved cryptographic operation
-+ */
-+ printf("1. Non-Approved cryptographic operation test...\n");
-+ printf("\ta. Included algorithm (D-H)...");
-+ printf(dh_test()? "successful\n" : Fail("FAILED!\n"));
-+
-+ /* Power-up self test
-+ */
-+ ERR_clear_error();
-+ printf("2. Automatic power-up self test...");
-+ if (!FIPS_mode_set(1)) {
-+ do_print_errors();
-+ printf(Fail("FAILED!\n"));
-+ exit(1);
-+ }
-+ printf("successful\n");
-+ if (do_corrupt_dsa_keygen)
-+ FIPS_corrupt_dsa_keygen();
-+ if (do_corrupt_rsa_keygen)
-+ FIPS_corrupt_rsa_keygen();
-+ if (do_rng_stick)
-+ FIPS_rng_stick();
-+
-+ /* AES encryption/decryption
-+ */
-+ printf("3. AES encryption/decryption...");
-+ printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n"));
-+
-+ /* RSA key generation and encryption/decryption
-+ */
-+ printf("4. RSA key generation and encryption/decryption...");
-+ printf(FIPS_rsa_test(bad_rsa) ? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* DES-CBC encryption/decryption
-+ */
-+ printf("5. DES-ECB encryption/decryption...");
-+ printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n"));
-+
-+ /* DSA key generation and signature validation
-+ */
-+ printf("6. DSA key generation and signature validation...");
-+ printf(FIPS_dsa_test(bad_dsa) ? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* SHA-1 hash
-+ */
-+ printf("7a. SHA-1 hash...");
-+ printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n"));
-+
-+ /* SHA-256 hash
-+ */
-+ printf("7b. SHA-256 hash...");
-+ printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n"));
-+
-+ /* SHA-512 hash
-+ */
-+ printf("7c. SHA-512 hash...");
-+ printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n"));
-+
-+ /* HMAC-SHA-1 hash
-+ */
-+ printf("7d. HMAC-SHA-1 hash...");
-+ printf(FIPS_hmac_sha1_test()? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* HMAC-SHA-224 hash
-+ */
-+ printf("7e. HMAC-SHA-224 hash...");
-+ printf(FIPS_hmac_sha224_test()? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* HMAC-SHA-256 hash
-+ */
-+ printf("7f. HMAC-SHA-256 hash...");
-+ printf(FIPS_hmac_sha256_test()? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* HMAC-SHA-384 hash
-+ */
-+ printf("7g. HMAC-SHA-384 hash...");
-+ printf(FIPS_hmac_sha384_test()? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* HMAC-SHA-512 hash
-+ */
-+ printf("7h. HMAC-SHA-512 hash...");
-+ printf(FIPS_hmac_sha512_test()? "successful\n" :
Fail("FAILED!\n"));
-+
-+ /* Non-Approved cryptographic operation
-+ */
-+ printf("8. Non-Approved cryptographic operation test...\n");
-+ printf("\ta. Included algorithm (D-H)...");
-+ printf(dh_test()? "successful as expected\n"
-+ : Fail("failed INCORRECTLY!\n"));
-+
-+ /* Zeroization
-+ */
-+ printf("9. Zero-ization...\n");
-+ printf(Zeroize()? "\tsuccessful as expected\n"
-+ : Fail("\tfailed INCORRECTLY!\n"));
-+
-+ printf("\nAll tests completed with %d errors\n", Error);
-+ return Error ? 1 : 0;
-+}
-+
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/Makefile.fips openssl-1.0.2o/crypto/fips/Makefile
---- openssl-1.0.2o/crypto/fips/Makefile.fips 2018-04-05 16:17:11.943265836 +0200
-+++ openssl-1.0.2o/crypto/fips/Makefile 2018-04-05 16:17:11.943265836 +0200
-@@ -0,0 +1,341 @@
-+#
-+# OpenSSL/crypto/fips/Makefile
-+#
-+
-+DIR= fips
-+TOP= ../..
-+CC= cc
-+INCLUDES=
-+CFLAG=-g
-+MAKEFILE= Makefile
-+AR= ar r
-+
-+CFLAGS= $(INCLUDES) $(CFLAG)
-+
-+GENERAL=Makefile
-+TEST=fips_test_suite.c fips_randtest.c
-+APPS=
-+
-+PROGRAM= fips_standalone_hmac
-+EXE= $(PROGRAM)$(EXE_EXT)
-+
-+LIB=$(TOP)/libcrypto.a
-+LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c
\
-+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
-+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
-+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-+ fips_cmac_selftest.c fips_enc.c fips_md.c
-+
-+LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o
\
-+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
-+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
-+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
-+ fips_cmac_selftest.o fips_enc.o fips_md.o
-+
-+LIBCRYPTO=-L.. -lcrypto
-+
-+SRC= $(LIBSRC) fips_standalone_hmac.c
-+
-+EXHEADER= fips.h fips_rand.h
-+HEADER= $(EXHEADER)
-+
-+ALL= $(GENERAL) $(SRC) $(HEADER)
-+
-+top:
-+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-+
-+all: lib exe
-+
-+lib: $(LIBOBJ)
-+ $(AR) $(LIB) $(LIBOBJ)
-+ $(RANLIB) $(LIB) || echo Never mind.
-+ @touch lib
-+
-+exe: $(EXE)
-+
-+files:
-+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-+
-+links:
-+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-+
-+install:
-+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
-+ do \
-+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-+ done;
-+
-+tags:
-+ ctags $(SRC)
-+
-+tests:
-+
-+lint:
-+ lint -DLINT $(INCLUDES) $(SRC)>fluff
-+
-+depend:
-+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
-+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-+
-+dclean:
-+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE)
>Makefile.new
-+ mv -f Makefile.new $(MAKEFILE)
-+
-+clean:
-+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-+
-+$(EXE): $(PROGRAM).o
-+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do
FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
-+ for i in $(CPUID_OBJ); do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../$$i" ; done; \
-+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
-+
-+# DO NOT DELETE THIS LINE -- make depend depends on it.
-+
-+fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-+fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-+fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-+fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h
-+fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_aes_selftest.o: ../../include/openssl/crypto.h
-+fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_aes_selftest.o: ../../include/openssl/lhash.h
-+fips_aes_selftest.o: ../../include/openssl/obj_mac.h
-+fips_aes_selftest.o: ../../include/openssl/objects.h
-+fips_aes_selftest.o: ../../include/openssl/opensslconf.h
-+fips_aes_selftest.o: ../../include/openssl/opensslv.h
-+fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_aes_selftest.o: ../../include/openssl/safestack.h
-+fips_aes_selftest.o: ../../include/openssl/stack.h
-+fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
-+fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_des_selftest.o: ../../include/openssl/crypto.h
-+fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_des_selftest.o: ../../include/openssl/lhash.h
-+fips_des_selftest.o: ../../include/openssl/obj_mac.h
-+fips_des_selftest.o: ../../include/openssl/objects.h
-+fips_des_selftest.o: ../../include/openssl/opensslconf.h
-+fips_des_selftest.o: ../../include/openssl/opensslv.h
-+fips_des_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_des_selftest.o: ../../include/openssl/safestack.h
-+fips_des_selftest.o: ../../include/openssl/stack.h
-+fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
-+fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
-+fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-+fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
-+fips_drbg_ctr.o: ../../include/openssl/objects.h
-+fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
-+fips_drbg_ctr.o: ../../include/openssl/opensslv.h
-+fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-+fips_drbg_ctr.o: ../../include/openssl/safestack.h
-+fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
-+fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
-+fips_drbg_hash.o: ../../include/openssl/fips.h
-+fips_drbg_hash.o: ../../include/openssl/fips_rand.h
-+fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
-+fips_drbg_hash.o: ../../include/openssl/objects.h
-+fips_drbg_hash.o: ../../include/openssl/opensslconf.h
-+fips_drbg_hash.o: ../../include/openssl/opensslv.h
-+fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-+fips_drbg_hash.o: ../../include/openssl/safestack.h
-+fips_drbg_hash.o: ../../include/openssl/stack.h
-+fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
-+fips_drbg_hash.o: fips_rand_lcl.h
-+fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
-+fips_drbg_hmac.o: ../../include/openssl/fips.h
-+fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
-+fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
-+fips_drbg_hmac.o: ../../include/openssl/objects.h
-+fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
-+fips_drbg_hmac.o: ../../include/openssl/opensslv.h
-+fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-+fips_drbg_hmac.o: ../../include/openssl/safestack.h
-+fips_drbg_hmac.o: ../../include/openssl/stack.h
-+fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
-+fips_drbg_hmac.o: fips_rand_lcl.h
-+fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-+fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-+fips_drbg_lib.o: ../../include/openssl/objects.h
-+fips_drbg_lib.o: ../../include/openssl/opensslconf.h
-+fips_drbg_lib.o: ../../include/openssl/opensslv.h
-+fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-+fips_drbg_lib.o: ../../include/openssl/safestack.h
-+fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h
-+fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_drbg_rand.o: ../../include/openssl/fips_rand.h
-+fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-+fips_drbg_rand.o: ../../include/openssl/obj_mac.h
-+fips_drbg_rand.o: ../../include/openssl/objects.h
-+fips_drbg_rand.o: ../../include/openssl/opensslconf.h
-+fips_drbg_rand.o: ../../include/openssl/opensslv.h
-+fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-+fips_drbg_rand.o: ../../include/openssl/safestack.h
-+fips_drbg_rand.o: ../../include/openssl/stack.h
-+fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
-+fips_drbg_rand.o: fips_rand_lcl.h
-+fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_drbg_selftest.o: ../../include/openssl/bio.h
-+fips_drbg_selftest.o: ../../include/openssl/crypto.h
-+fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
-+fips_drbg_selftest.o: ../../include/openssl/hmac.h
-+fips_drbg_selftest.o: ../../include/openssl/lhash.h
-+fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
-+fips_drbg_selftest.o: ../../include/openssl/objects.h
-+fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
-+fips_drbg_selftest.o: ../../include/openssl/opensslv.h
-+fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_drbg_selftest.o: ../../include/openssl/rand.h
-+fips_drbg_selftest.o: ../../include/openssl/safestack.h
-+fips_drbg_selftest.o: ../../include/openssl/stack.h
-+fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c
-+fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h
-+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
-+fips_dsa_selftest.o: ../../include/openssl/objects.h
-+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
-+fips_dsa_selftest.o: ../../include/openssl/opensslv.h
-+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_dsa_selftest.o: ../../include/openssl/safestack.h
-+fips_dsa_selftest.o: ../../include/openssl/stack.h
-+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
-+fips_dsa_selftest.o: fips_locl.h
-+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_hmac_selftest.o: ../../include/openssl/crypto.h
-+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_hmac_selftest.o: ../../include/openssl/hmac.h
-+fips_hmac_selftest.o: ../../include/openssl/lhash.h
-+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
-+fips_hmac_selftest.o: ../../include/openssl/objects.h
-+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
-+fips_hmac_selftest.o: ../../include/openssl/opensslv.h
-+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_hmac_selftest.o: ../../include/openssl/safestack.h
-+fips_hmac_selftest.o: ../../include/openssl/stack.h
-+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
-+fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-+fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-+fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-+fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-+fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+fips_post.o: ../../include/openssl/opensslconf.h
-+fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-+fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-+fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c
-+fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
-+fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-+fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-+fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-+fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-+fips_rand.o: ../../include/openssl/opensslconf.h
-+fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-+fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-+fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+fips_rand.o: fips_locl.h fips_rand.c
-+fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
-+fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-+fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-+fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-+fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-+fips_rand_lib.o: ../../include/openssl/obj_mac.h
-+fips_rand_lib.o: ../../include/openssl/objects.h
-+fips_rand_lib.o: ../../include/openssl/opensslconf.h
-+fips_rand_lib.o: ../../include/openssl/opensslv.h
-+fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-+fips_rand_lib.o: ../../include/openssl/safestack.h
-+fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-+fips_rand_lib.o: fips_rand_lib.c
-+fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-+fips_rand_selftest.o: ../../include/openssl/bio.h
-+fips_rand_selftest.o: ../../include/openssl/crypto.h
-+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_rand_selftest.o: ../../include/openssl/fips_rand.h
-+fips_rand_selftest.o: ../../include/openssl/hmac.h
-+fips_rand_selftest.o: ../../include/openssl/lhash.h
-+fips_rand_selftest.o: ../../include/openssl/obj_mac.h
-+fips_rand_selftest.o: ../../include/openssl/objects.h
-+fips_rand_selftest.o: ../../include/openssl/opensslconf.h
-+fips_rand_selftest.o: ../../include/openssl/opensslv.h
-+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_rand_selftest.o: ../../include/openssl/rand.h
-+fips_rand_selftest.o: ../../include/openssl/safestack.h
-+fips_rand_selftest.o: ../../include/openssl/stack.h
-+fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h
-+fips_rand_selftest.o: fips_rand_selftest.c
-+fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-+fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_rsa_selftest.o: ../../include/openssl/lhash.h
-+fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
-+fips_rsa_selftest.o: ../../include/openssl/objects.h
-+fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
-+fips_rsa_selftest.o: ../../include/openssl/opensslv.h
-+fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_rsa_selftest.o: ../../include/openssl/rsa.h
-+fips_rsa_selftest.o: ../../include/openssl/safestack.h
-+fips_rsa_selftest.o: ../../include/openssl/stack.h
-+fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
-+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
-+fips_rsa_x931g.o: ../../include/openssl/opensslv.h
-+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-+fips_rsa_x931g.o: ../../include/openssl/safestack.h
-+fips_rsa_x931g.o: ../../include/openssl/stack.h
-+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
-+fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-+fips_sha_selftest.o: ../../include/openssl/crypto.h
-+fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-+fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-+fips_sha_selftest.o: ../../include/openssl/lhash.h
-+fips_sha_selftest.o: ../../include/openssl/obj_mac.h
-+fips_sha_selftest.o: ../../include/openssl/objects.h
-+fips_sha_selftest.o: ../../include/openssl/opensslconf.h
-+fips_sha_selftest.o: ../../include/openssl/opensslv.h
-+fips_sha_selftest.o: ../../include/openssl/ossl_typ.h
-+fips_sha_selftest.o: ../../include/openssl/safestack.h
-+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
-diff -up openssl-1.0.2o/crypto/hmac/hmac.c.fips openssl-1.0.2o/crypto/hmac/hmac.c
---- openssl-1.0.2o/crypto/hmac/hmac.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/hmac/hmac.c 2018-04-05 16:17:11.943265836 +0200
-@@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
- EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
- return 0;
- }
-- /*
-- * Other algorithm blocking will be done in FIPS_cmac_init, via
-- * FIPS_hmac_init_ex().
-- */
-- if (!impl && !ctx->i_ctx.engine)
-- return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
- }
- #endif
- /* If we are changing MD then we must have a key */
-@@ -111,6 +105,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
- }
-
- if (key != NULL) {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
-+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
-+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
-+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
-+ goto err;
-+#endif
- reset = 1;
- j = EVP_MD_block_size(md);
- OPENSSL_assert(j <= (int)sizeof(ctx->key));
-@@ -164,10 +165,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void
-
- int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
- {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !ctx->i_ctx.engine)
-- return FIPS_hmac_update(ctx, data, len);
--#endif
- if (!ctx->md)
- return 0;
-
-@@ -178,10 +175,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
- {
- unsigned int i;
- unsigned char buf[EVP_MAX_MD_SIZE];
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !ctx->i_ctx.engine)
-- return FIPS_hmac_final(ctx, md, len);
--#endif
-
- if (!ctx->md)
- goto err;
-@@ -225,12 +218,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C
-
- void HMAC_CTX_cleanup(HMAC_CTX *ctx)
- {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !ctx->i_ctx.engine) {
-- FIPS_hmac_ctx_cleanup(ctx);
-- return;
-- }
--#endif
- EVP_MD_CTX_cleanup(&ctx->i_ctx);
- EVP_MD_CTX_cleanup(&ctx->o_ctx);
- EVP_MD_CTX_cleanup(&ctx->md_ctx);
-diff -up openssl-1.0.2o/crypto/mdc2/mdc2dgst.c.fips
openssl-1.0.2o/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.2o/crypto/mdc2/mdc2dgst.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/mdc2/mdc2dgst.c 2018-04-05 16:17:11.943265836 +0200
-@@ -76,7 +76,7 @@
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
- static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
--fips_md_init(MDC2)
-+nonfips_md_init(MDC2)
- {
- c->num = 0;
- c->pad_type = 1;
-diff -up openssl-1.0.2o/crypto/md2/md2_dgst.c.fips openssl-1.0.2o/crypto/md2/md2_dgst.c
---- openssl-1.0.2o/crypto/md2/md2_dgst.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/md2/md2_dgst.c 2018-04-05 16:19:45.932847425 +0200
-@@ -62,6 +62,11 @@
- #include <openssl/md2.h>
- #include <openssl/opensslv.h>
- #include <openssl/crypto.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+
-+#include <openssl/err.h>
-
- const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT;
-
-@@ -119,7 +124,7 @@ const char *MD2_options(void)
- return ("md2(int)");
- }
-
--fips_md_init(MD2)
-+nonfips_md_init(MD2)
- {
- c->num = 0;
- memset(c->state, 0, sizeof(c->state));
-diff -up openssl-1.0.2o/crypto/md4/md4_dgst.c.fips openssl-1.0.2o/crypto/md4/md4_dgst.c
---- openssl-1.0.2o/crypto/md4/md4_dgst.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/md4/md4_dgst.c 2018-04-05 16:17:11.943265836 +0200
-@@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL
- #define INIT_DATA_C (unsigned long)0x98badcfeL
- #define INIT_DATA_D (unsigned long)0x10325476L
-
--fips_md_init(MD4)
-+nonfips_md_init(MD4)
- {
- memset(c, 0, sizeof(*c));
- c->A = INIT_DATA_A;
-diff -up openssl-1.0.2o/crypto/md5/md5_dgst.c.fips openssl-1.0.2o/crypto/md5/md5_dgst.c
---- openssl-1.0.2o/crypto/md5/md5_dgst.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/md5/md5_dgst.c 2018-04-05 16:17:11.944265859 +0200
-@@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL
- #define INIT_DATA_C (unsigned long)0x98badcfeL
- #define INIT_DATA_D (unsigned long)0x10325476L
-
--fips_md_init(MD5)
-+nonfips_md_init(MD5)
- {
- memset(c, 0, sizeof(*c));
- c->A = INIT_DATA_A;
-diff -up openssl-1.0.2o/crypto/o_fips.c.fips openssl-1.0.2o/crypto/o_fips.c
---- openssl-1.0.2o/crypto/o_fips.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/o_fips.c 2018-04-05 16:17:11.944265859 +0200
-@@ -80,6 +80,8 @@ int FIPS_mode_set(int r)
- # ifndef FIPS_AUTH_USER_PASS
- # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
- # endif
-+ if (r && FIPS_module_mode()) /* can be implicitly initialized by
OPENSSL_init() */
-+ return 1;
- if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
- return 0;
- if (r)
-diff -up openssl-1.0.2o/crypto/o_init.c.fips openssl-1.0.2o/crypto/o_init.c
---- openssl-1.0.2o/crypto/o_init.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/o_init.c 2018-04-05 16:21:56.744889932 +0200
-@@ -56,13 +56,37 @@
- #include <e_os.h>
- #include <openssl/err.h>
- #ifdef OPENSSL_FIPS
-+# include <sys/types.h>
-+# include <sys/stat.h>
-+# include <fcntl.h>
-+# include <unistd.h>
-+# include <errno.h>
-+# include <stdlib.h>
- # include <openssl/fips.h>
- # include <openssl/rand.h>
-
--# ifndef OPENSSL_NO_DEPRECATED
--/* the prototype is missing in <openssl/fips.h> */
--void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
--# endif
-+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
-+
-+static void init_fips_mode(void)
-+{
-+ char buf[2] = "0";
-+ int fd;
-+
-+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
-+ buf[0] = '1';
-+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
-+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
-+ close(fd);
-+ }
-+ /* Failure reading the fips mode switch file means just not
-+ * switching into FIPS mode. We would break too many things
-+ * otherwise..
-+ */
-+
-+ if (buf[0] == '1') {
-+ FIPS_mode_set(1);
-+ }
-+}
- #endif
-
- /*
-@@ -70,22 +94,26 @@ void FIPS_crypto_set_id_callback(unsigne
- * sets FIPS callbacks
- */
-
--void OPENSSL_init(void)
-+void OPENSSL_init_library(void)
- {
- static int done = 0;
- if (done)
- return;
- done = 1;
- #ifdef OPENSSL_FIPS
-- FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
--# ifndef OPENSSL_NO_DEPRECATED
-- FIPS_crypto_set_id_callback(CRYPTO_thread_id);
--# endif
-- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-- FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
- RAND_init_fips();
-+ init_fips_mode();
-+ if (!FIPS_mode()) {
-+ /* Clean up prematurely set default rand method */
-+ RAND_set_rand_method(NULL);
-+ }
- #endif
- #if 0
- fprintf(stderr, "Called OPENSSL_init\n");
- #endif
- }
-+
-+void OPENSSL_init(void)
-+{
-+ OPENSSL_init_library();
-+}
-diff -up openssl-1.0.2o/crypto/opensslconf.h.in.fips
openssl-1.0.2o/crypto/opensslconf.h.in
---- openssl-1.0.2o/crypto/opensslconf.h.in.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/opensslconf.h.in 2018-04-05 16:17:11.944265859 +0200
-@@ -1,5 +1,20 @@
- /* crypto/opensslconf.h.in */
-
-+#ifdef OPENSSL_DOING_MAKEDEPEND
-+
-+/* Include any symbols here that have to be explicitly set to enable a feature
-+ * that should be visible to makedepend.
-+ *
-+ * [Our "make depend" doesn't actually look at this, we use actual build
settings
-+ * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
-+ */
-+
-+#ifndef OPENSSL_FIPS
-+#define OPENSSL_FIPS
-+#endif
-+
-+#endif
-+
- /* Generate 80386 code? */
- #undef I386_ONLY
-
-diff -up openssl-1.0.2o/crypto/rand/md_rand.c.fips openssl-1.0.2o/crypto/rand/md_rand.c
---- openssl-1.0.2o/crypto/rand/md_rand.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rand/md_rand.c 2018-04-05 16:17:11.944265859 +0200
-@@ -398,7 +398,10 @@ int ssleay_rand_bytes(unsigned char *buf
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
- crypto_lock_rand = 1;
-
-- if (!initialized) {
-+ /* always poll for external entropy in FIPS mode, drbg provides the
-+ * expansion
-+ */
-+ if (!initialized || FIPS_module_mode()) {
- RAND_poll();
- initialized = 1;
- }
-diff -up openssl-1.0.2o/crypto/rand/rand.h.fips openssl-1.0.2o/crypto/rand/rand.h
---- openssl-1.0.2o/crypto/rand/rand.h.fips 2018-04-05 16:17:11.492255346 +0200
-+++ openssl-1.0.2o/crypto/rand/rand.h 2018-04-05 16:17:11.944265859 +0200
-@@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void);
- /* Error codes for the RAND functions. */
-
- /* Function codes. */
-+# define RAND_F_ENG_RAND_GET_RAND_METHOD 108
-+# define RAND_F_FIPS_RAND 103
-+# define RAND_F_FIPS_RAND_BYTES 102
-+# define RAND_F_FIPS_RAND_SET_DT 106
-+# define RAND_F_FIPS_X931_SET_DT 106
-+# define RAND_F_FIPS_SET_DT 104
-+# define RAND_F_FIPS_SET_PRNG_SEED 107
-+# define RAND_F_FIPS_SET_TEST_MODE 105
- # define RAND_F_RAND_GET_RAND_METHOD 101
--# define RAND_F_RAND_INIT_FIPS 102
-+# define RAND_F_RAND_INIT_FIPS 109
- # define RAND_F_SSLEAY_RAND_BYTES 100
-
- /* Reason codes. */
--# define RAND_R_DUAL_EC_DRBG_DISABLED 104
--# define RAND_R_ERROR_INITIALISING_DRBG 102
--# define RAND_R_ERROR_INSTANTIATING_DRBG 103
--# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
-+# define RAND_R_DUAL_EC_DRBG_DISABLED 114
-+# define RAND_R_ERROR_INITIALISING_DRBG 112
-+# define RAND_R_ERROR_INSTANTIATING_DRBG 113
-+# define RAND_R_NON_FIPS_METHOD 105
-+# define RAND_R_NOT_IN_TEST_MODE 106
-+# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 111
-+# define RAND_R_NO_KEY_SET 107
-+# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
-+# define RAND_R_PRNG_ERROR 108
-+# define RAND_R_PRNG_KEYED 109
-+# define RAND_R_PRNG_NOT_REKEYED 102
-+# define RAND_R_PRNG_NOT_RESEEDED 103
- # define RAND_R_PRNG_NOT_SEEDED 100
-+# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
-+# define RAND_R_PRNG_STUCK 104
-
- #ifdef __cplusplus
- }
-diff -up openssl-1.0.2o/crypto/ripemd/rmd_dgst.c.fips
openssl-1.0.2o/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.2o/crypto/ripemd/rmd_dgst.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/ripemd/rmd_dgst.c 2018-04-05 16:17:11.944265859 +0200
-@@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX *
- void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
- #endif
-
--fips_md_init(RIPEMD160)
-+nonfips_md_init(RIPEMD160)
- {
- memset(c, 0, sizeof(*c));
- c->A = RIPEMD160_A;
-diff -up openssl-1.0.2o/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2o/crypto/rsa/rsa_crpt.c
---- openssl-1.0.2o/crypto/rsa/rsa_crpt.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_crpt.c 2018-04-05 16:17:11.945265883 +0200
-@@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const
- unsigned char *to, RSA *rsa, int padding)
- {
- #ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT,
-+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return -1;
- }
- #endif
-@@ -115,9 +115,9 @@ int RSA_public_decrypt(int flen, const u
- RSA *rsa, int padding)
- {
- #ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
-+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT,
-+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return -1;
- }
- #endif
-diff -up openssl-1.0.2o/crypto/rsa/rsa_eay.c.fips openssl-1.0.2o/crypto/rsa/rsa_eay.c
---- openssl-1.0.2o/crypto/rsa/rsa_eay.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_eay.c 2018-04-05 16:17:11.945265883 +0200
-@@ -114,6 +114,10 @@
- #include <openssl/bn.h>
- #include <openssl/rsa.h>
- #include <openssl/rand.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-
- #ifndef RSA_NULL
-
-@@ -140,7 +144,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth = {
- * if e == 3 */
- RSA_eay_init,
- RSA_eay_finish,
-- 0, /* flags */
-+ RSA_FLAG_FIPS_METHOD, /* flags */
- NULL,
- 0, /* rsa_sign */
- 0, /* rsa_verify */
-@@ -160,6 +164,22 @@ static int RSA_eay_public_encrypt(int fl
- unsigned char *buf = NULL;
- BN_CTX *ctx = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ goto err;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
-+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
-@@ -361,6 +381,22 @@ static int RSA_eay_private_encrypt(int f
- BIGNUM *unblind = NULL;
- BN_BLINDING *blinding = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
-+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
- BN_CTX_start(ctx);
-@@ -497,6 +533,22 @@ static int RSA_eay_private_decrypt(int f
- BIGNUM *unblind = NULL;
- BN_BLINDING *blinding = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ return -1;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
-+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
- BN_CTX_start(ctx);
-@@ -623,6 +675,22 @@ static int RSA_eay_public_decrypt(int fl
- unsigned char *buf = NULL;
- BN_CTX *ctx = NULL;
-
-+# ifdef OPENSSL_FIPS
-+ if (FIPS_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,
-+ FIPS_R_FIPS_SELFTEST_FAILED);
-+ goto err;
-+ }
-+
-+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
-+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-+ return -1;
-+ }
-+ }
-+# endif
-+
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
-@@ -886,6 +954,9 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
-
- static int RSA_eay_init(RSA *rsa)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
- return (1);
- }
-diff -up openssl-1.0.2o/crypto/rsa/rsa_err.c.fips openssl-1.0.2o/crypto/rsa/rsa_err.c
---- openssl-1.0.2o/crypto/rsa/rsa_err.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_err.c 2018-04-05 16:17:11.945265883 +0200
-@@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[]
- {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
- {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
- {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-+ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
-+ {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
- {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
- {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
- "RSA_sign_ASN1_OCTET_STRING"},
-diff -up openssl-1.0.2o/crypto/rsa/rsa_gen.c.fips openssl-1.0.2o/crypto/rsa/rsa_gen.c
---- openssl-1.0.2o/crypto/rsa/rsa_gen.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_gen.c 2018-04-05 16:22:55.764262642 +0200
-@@ -69,8 +69,80 @@
- #include <openssl/rsa.h>
- #ifdef OPENSSL_FIPS
- # include <openssl/fips.h>
--extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
-- BN_GENCB *cb);
-+# include <openssl/err.h>
-+# include <openssl/evp.h>
-+
-+static int fips_rsa_pairwise_fail = 0;
-+
-+void FIPS_corrupt_rsa_keygen(void)
-+{
-+ fips_rsa_pairwise_fail = 1;
-+}
-+
-+int fips_check_rsa(RSA *rsa)
-+{
-+ const unsigned char tbs[] = "RSA Pairwise Check Data";
-+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
-+ int len, ret = 0;
-+ EVP_PKEY *pk;
-+
-+ if ((pk = EVP_PKEY_new()) == NULL)
-+ goto err;
-+
-+ EVP_PKEY_set1_RSA(pk, rsa);
-+
-+ /* Perform pairwise consistency signature test */
-+ if (!fips_pkey_signature_test(pk, tbs, -1,
-+ NULL, 0, EVP_sha1(),
-+ EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
-+ || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
-+ EVP_MD_CTX_FLAG_PAD_X931, NULL)
-+ || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
-+ EVP_MD_CTX_FLAG_PAD_PSS, NULL))
-+ goto err;
-+ /* Now perform pairwise consistency encrypt/decrypt test */
-+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ctbuf)
-+ goto err;
-+
-+ len =
-+ RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa,
-+ RSA_PKCS1_PADDING);
-+ if (len <= 0)
-+ goto err;
-+ /* Check ciphertext doesn't match plaintext */
-+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
-+ goto err;
-+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
-+
-+ if (!ptbuf)
-+ goto err;
-+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len != (sizeof(tbs) - 1))
-+ goto err;
-+ if (memcmp(ptbuf, tbs, len))
-+ goto err;
-+
-+ ret = 1;
-+
-+ if (!ptbuf)
-+ goto err;
-+
-+ err:
-+ if (ret == 0) {
-+ fips_set_selftest_fail();
-+ FIPSerr(FIPS_F_FIPS_CHECK_RSA, FIPS_R_PAIRWISE_TEST_FAILED);
-+ }
-+
-+ if (ctbuf)
-+ OPENSSL_free(ctbuf);
-+ if (ptbuf)
-+ OPENSSL_free(ptbuf);
-+ if (pk)
-+ EVP_PKEY_free(pk);
-+
-+ return ret;
-+}
- #endif
-
- static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-@@ -86,7 +158,7 @@ static int rsa_builtin_keygen(RSA *rsa,
- int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
- #ifdef OPENSSL_FIPS
-- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-+ if (FIPS_module_mode() && !(rsa->meth->flags &
RSA_FLAG_FIPS_METHOD)
- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
- RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
- return 0;
-@@ -94,10 +166,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi
- #endif
- if (rsa->meth->rsa_keygen)
- return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
--#endif
- return rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
-
-@@ -111,6 +179,20 @@ static int rsa_builtin_keygen(RSA *rsa,
- BN_CTX *ctx = NULL;
- unsigned long error = 0;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_module_mode()) {
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
-+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT);
-+ return 0;
-+ }
-+ }
-+#endif
-+
- /*
- * When generating ridiculously small keys, we can get stuck
- * continually regenerating the same prime values.
-@@ -255,6 +337,16 @@ static int rsa_builtin_keygen(RSA *rsa,
- if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
- goto err;
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_module_mode()) {
-+ if (fips_rsa_pairwise_fail)
-+ BN_add_word(rsa->n, 1);
-+
-+ if (!fips_check_rsa(rsa))
-+ goto err;
-+ }
-+#endif
-+
- ok = 1;
- err:
- if (ok == -1) {
-diff -up openssl-1.0.2o/crypto/rsa/rsa.h.fips openssl-1.0.2o/crypto/rsa/rsa.h
---- openssl-1.0.2o/crypto/rsa/rsa.h.fips 2018-04-05 16:17:11.751261370 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa.h 2018-04-05 16:17:11.945265883 +0200
-@@ -168,6 +168,8 @@ struct rsa_st {
- # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
- # endif
-
-+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
-+
- # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
- # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
- # endif
-@@ -329,6 +331,13 @@ RSA *RSA_generate_key(int bits, unsigned
-
- /* New version */
- int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
-+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
-+ const BIGNUM *Xp, const BIGNUM *Xq1,
-+ const BIGNUM *Xq2, const BIGNUM *Xq,
-+ const BIGNUM *e, BN_GENCB *cb);
-+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
-+ BN_GENCB *cb);
-
- int RSA_check_key(const RSA *);
- /* next 4 return -1 on error */
-@@ -538,7 +547,7 @@ void ERR_load_RSA_strings(void);
- # define RSA_F_RSA_ALGOR_TO_MD 157
- # define RSA_F_RSA_BUILTIN_KEYGEN 129
- # define RSA_F_RSA_CHECK_KEY 123
--# define RSA_F_RSA_CMS_DECRYPT 158
-+# define RSA_F_RSA_CMS_DECRYPT 258
- # define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
- # define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
- # define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
-@@ -559,7 +568,7 @@ void ERR_load_RSA_strings(void);
- # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
- # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160
- # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
--# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
-+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158
- # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
- # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
- # define RSA_F_RSA_PADDING_ADD_SSLV23 110
-@@ -573,21 +582,23 @@ void ERR_load_RSA_strings(void);
- # define RSA_F_RSA_PADDING_CHECK_X931 128
- # define RSA_F_RSA_PRINT 115
- # define RSA_F_RSA_PRINT_FP 116
--# define RSA_F_RSA_PRIVATE_DECRYPT 150
--# define RSA_F_RSA_PRIVATE_ENCRYPT 151
-+# define RSA_F_RSA_PRIVATE_DECRYPT 157
-+# define RSA_F_RSA_PRIVATE_ENCRYPT 148
- # define RSA_F_RSA_PRIV_DECODE 137
- # define RSA_F_RSA_PRIV_ENCODE 138
- # define RSA_F_RSA_PSS_TO_CTX 162
--# define RSA_F_RSA_PUBLIC_DECRYPT 152
-+# define RSA_F_RSA_PUBLIC_DECRYPT 149
- # define RSA_F_RSA_PUBLIC_ENCRYPT 153
- # define RSA_F_RSA_PUB_DECODE 139
- # define RSA_F_RSA_SETUP_BLINDING 136
-+# define RSA_F_RSA_SET_DEFAULT_METHOD 150
-+# define RSA_F_RSA_SET_METHOD 151
- # define RSA_F_RSA_SIGN 117
- # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
- # define RSA_F_RSA_VERIFY 119
- # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
- # define RSA_F_RSA_VERIFY_PKCS1_PSS 126
--# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
-+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152
-
- /* Reason codes. */
- # define RSA_R_ALGORITHM_MISMATCH 100
-@@ -620,21 +631,22 @@ void ERR_load_RSA_strings(void);
- # define RSA_R_INVALID_OAEP_PARAMETERS 162
- # define RSA_R_INVALID_PADDING 138
- # define RSA_R_INVALID_PADDING_MODE 141
--# define RSA_R_INVALID_PSS_PARAMETERS 149
-+# define RSA_R_INVALID_PSS_PARAMETERS 157
- # define RSA_R_INVALID_PSS_SALTLEN 146
--# define RSA_R_INVALID_SALT_LENGTH 150
-+# define RSA_R_INVALID_SALT_LENGTH 158
- # define RSA_R_INVALID_TRAILER 139
- # define RSA_R_INVALID_X931_DIGEST 142
- # define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
- # define RSA_R_KEY_SIZE_TOO_SMALL 120
- # define RSA_R_LAST_OCTET_INVALID 134
- # define RSA_R_MODULUS_TOO_LARGE 105
--# define RSA_R_NON_FIPS_RSA_METHOD 157
-+# define RSA_R_NON_FIPS_RSA_METHOD 149
-+# define RSA_R_NON_FIPS_METHOD 149
- # define RSA_R_NO_PUBLIC_EXPONENT 140
- # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
- # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
- # define RSA_R_OAEP_DECODING_ERROR 121
--# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
-+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150
- # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
- # define RSA_R_PADDING_CHECK_FAILED 114
- # define RSA_R_PKCS_DECODING_ERROR 159
-diff -up openssl-1.0.2o/crypto/rsa/rsa_lib.c.fips openssl-1.0.2o/crypto/rsa/rsa_lib.c
---- openssl-1.0.2o/crypto/rsa/rsa_lib.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_lib.c 2018-04-05 16:17:11.945265883 +0200
-@@ -84,23 +84,22 @@ RSA *RSA_new(void)
-
- void RSA_set_default_method(const RSA_METHOD *meth)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
-+ return;
-+ }
-+#endif
- default_RSA_meth = meth;
- }
-
- const RSA_METHOD *RSA_get_default_method(void)
- {
- if (default_RSA_meth == NULL) {
--#ifdef OPENSSL_FIPS
-- if (FIPS_mode())
-- return FIPS_rsa_pkcs1_ssleay();
-- else
-- return RSA_PKCS1_SSLeay();
--#else
--# ifdef RSA_NULL
-+#ifdef RSA_NULL
- default_RSA_meth = RSA_null_method();
--# else
-+#else
- default_RSA_meth = RSA_PKCS1_SSLeay();
--# endif
- #endif
- }
-
-@@ -119,6 +118,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
- * to deal with which ENGINE it comes from.
- */
- const RSA_METHOD *mtmp;
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
-+ return 0;
-+ }
-+#endif
- mtmp = rsa->meth;
- if (mtmp->finish)
- mtmp->finish(rsa);
-@@ -166,6 +171,17 @@ RSA *RSA_new_method(ENGINE *engine)
- }
- }
- #endif
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
-+# ifndef OPENSSL_NO_ENGINE
-+ if (ret->engine)
-+ ENGINE_finish(ret->engine);
-+# endif
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
-+#endif
-
- ret->pad = 0;
- ret->version = 0;
-@@ -184,7 +200,7 @@ RSA *RSA_new_method(ENGINE *engine)
- ret->blinding = NULL;
- ret->mt_blinding = NULL;
- ret->bignum_data = NULL;
-- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-+ ret->flags = ret->meth->flags;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
- #ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
-diff -up openssl-1.0.2o/crypto/rsa/rsa_pmeth.c.fips
openssl-1.0.2o/crypto/rsa/rsa_pmeth.c
---- openssl-1.0.2o/crypto/rsa/rsa_pmeth.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_pmeth.c 2018-04-05 16:17:11.946265906 +0200
-@@ -228,18 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
- RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
- return -1;
- }
--#ifdef OPENSSL_FIPS
-- if (ret > 0) {
-- unsigned int slen;
-- ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
-- rctx->saltlen, mgf1md, sig, &slen);
-- if (ret > 0)
-- *siglen = slen;
-- else
-- *siglen = 0;
-- return ret;
-- }
--#endif
-
- if (EVP_MD_type(md) == NID_mdc2) {
- unsigned int sltmp;
-@@ -357,13 +345,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
- }
- #endif
- if (md != NULL) {
--#ifdef OPENSSL_FIPS
-- if (rv > 0) {
-- return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
-- rctx->saltlen, mgf1md, sig, siglen);
--
-- }
--#endif
- if (rctx->pad_mode == RSA_PKCS1_PADDING)
- return RSA_verify(EVP_MD_type(md), tbs, tbslen,
- sig, siglen, rsa);
-diff -up openssl-1.0.2o/crypto/rsa/rsa_sign.c.fips openssl-1.0.2o/crypto/rsa/rsa_sign.c
---- openssl-1.0.2o/crypto/rsa/rsa_sign.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_sign.c 2018-04-05 16:17:11.946265906 +0200
-@@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch
- i2d_X509_SIG(&sig, &p);
- s = tmps;
- }
-- i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
-+ /* NB: call underlying method directly to avoid FIPS blocking */
-+ i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i, s, sigret,
rsa,
-+ RSA_PKCS1_PADDING) :
-+ 0;
- if (i <= 0)
- ret = 0;
- else
-@@ -188,8 +191,10 @@ int int_rsa_verify(int dtype, const unsi
- }
-
- if ((dtype == NID_md5_sha1) && rm) {
-- i = RSA_public_decrypt((int)siglen,
-- sigbuf, rm, rsa, RSA_PKCS1_PADDING);
-+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,
-+ sigbuf, rm, rsa,
-+ RSA_PKCS1_PADDING)
-+ : 0;
- if (i <= 0)
- return 0;
- *prm_len = i;
-@@ -205,7 +210,11 @@ int int_rsa_verify(int dtype, const unsi
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
- goto err;
- }
-- i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
-+ /* NB: call underlying method directly to avoid FIPS blocking */
-+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,
sigbuf,
-+ s, rsa,
-+ RSA_PKCS1_PADDING) :
-+ 0;
-
- if (i <= 0)
- goto err;
-diff -up openssl-1.0.2o/crypto/sha/sha.h.fips openssl-1.0.2o/crypto/sha/sha.h
---- openssl-1.0.2o/crypto/sha/sha.h.fips 2018-04-05 16:17:11.347251974 +0200
-+++ openssl-1.0.2o/crypto/sha/sha.h 2018-04-05 16:17:11.946265906 +0200
-@@ -105,9 +105,6 @@ typedef struct SHAstate_st {
- } SHA_CTX;
-
- # ifndef OPENSSL_NO_SHA0
--# ifdef OPENSSL_FIPS
--int private_SHA_Init(SHA_CTX *c);
--# endif
- int SHA_Init(SHA_CTX *c);
- int SHA_Update(SHA_CTX *c, const void *data, size_t len);
- int SHA_Final(unsigned char *md, SHA_CTX *c);
-@@ -115,9 +112,6 @@ unsigned char *SHA(const unsigned char *
- void SHA_Transform(SHA_CTX *c, const unsigned char *data);
- # endif
- # ifndef OPENSSL_NO_SHA1
--# ifdef OPENSSL_FIPS
--int private_SHA1_Init(SHA_CTX *c);
--# endif
- int SHA1_Init(SHA_CTX *c);
- int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
- int SHA1_Final(unsigned char *md, SHA_CTX *c);
-@@ -139,10 +133,6 @@ typedef struct SHA256state_st {
- } SHA256_CTX;
-
- # ifndef OPENSSL_NO_SHA256
--# ifdef OPENSSL_FIPS
--int private_SHA224_Init(SHA256_CTX *c);
--int private_SHA256_Init(SHA256_CTX *c);
--# endif
- int SHA224_Init(SHA256_CTX *c);
- int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
- int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-@@ -192,10 +182,6 @@ typedef struct SHA512state_st {
- # endif
-
- # ifndef OPENSSL_NO_SHA512
--# ifdef OPENSSL_FIPS
--int private_SHA384_Init(SHA512_CTX *c);
--int private_SHA512_Init(SHA512_CTX *c);
--# endif
- int SHA384_Init(SHA512_CTX *c);
- int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
- int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.2o/crypto/sha/sha_locl.h.fips openssl-1.0.2o/crypto/sha/sha_locl.h
---- openssl-1.0.2o/crypto/sha/sha_locl.h.fips 2018-04-05 16:17:11.351252067 +0200
-+++ openssl-1.0.2o/crypto/sha/sha_locl.h 2018-04-05 16:17:11.946265906 +0200
-@@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c
- #define INIT_DATA_h4 0xc3d2e1f0UL
-
- #ifdef SHA_0
--fips_md_init(SHA)
-+nonfips_md_init(SHA)
- #else
- fips_md_init_ctx(SHA1, SHA)
- #endif
- {
-+#if defined(SHA_1) && defined(OPENSSL_FIPS)
-+ FIPS_selftest_check();
-+#endif
- memset(c, 0, sizeof(*c));
- c->h0 = INIT_DATA_h0;
- c->h1 = INIT_DATA_h1;
-diff -up openssl-1.0.2o/crypto/sha/sha256.c.fips openssl-1.0.2o/crypto/sha/sha256.c
---- openssl-1.0.2o/crypto/sha/sha256.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/sha/sha256.c 2018-04-05 16:17:11.946265906 +0200
-@@ -12,12 +12,19 @@
-
- # include <openssl/crypto.h>
- # include <openssl/sha.h>
-+# ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+# endif
-+
- # include <openssl/opensslv.h>
-
- const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
-
- fips_md_init_ctx(SHA224, SHA256)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- memset(c, 0, sizeof(*c));
- c->h[0] = 0xc1059ed8UL;
- c->h[1] = 0x367cd507UL;
-@@ -33,6 +40,9 @@ fips_md_init_ctx(SHA224, SHA256)
-
- fips_md_init(SHA256)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- memset(c, 0, sizeof(*c));
- c->h[0] = 0x6a09e667UL;
- c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.0.2o/crypto/sha/sha512.c.fips openssl-1.0.2o/crypto/sha/sha512.c
---- openssl-1.0.2o/crypto/sha/sha512.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/sha/sha512.c 2018-04-05 16:17:11.946265906 +0200
-@@ -5,6 +5,10 @@
- * ====================================================================
- */
- #include <openssl/opensslconf.h>
-+#ifdef OPENSSL_FIPS
-+# include <openssl/fips.h>
-+#endif
-+
- #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
- /*-
- * IMPLEMENTATION NOTES.
-@@ -62,6 +66,9 @@ const char SHA512_version[] = "SHA-512"
-
- fips_md_init_ctx(SHA384, SHA512)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- c->h[0] = U64(0xcbbb9d5dc1059ed8);
- c->h[1] = U64(0x629a292a367cd507);
- c->h[2] = U64(0x9159015a3070dd17);
-@@ -80,6 +87,9 @@ fips_md_init_ctx(SHA384, SHA512)
-
- fips_md_init(SHA512)
- {
-+# ifdef OPENSSL_FIPS
-+ FIPS_selftest_check();
-+# endif
- c->h[0] = U64(0x6a09e667f3bcc908);
- c->h[1] = U64(0xbb67ae8584caa73b);
- c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.2o/crypto/whrlpool/wp_dgst.c.fips
openssl-1.0.2o/crypto/whrlpool/wp_dgst.c
---- openssl-1.0.2o/crypto/whrlpool/wp_dgst.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/whrlpool/wp_dgst.c 2018-04-05 16:17:11.946265906 +0200
-@@ -56,7 +56,7 @@
- #include <openssl/crypto.h>
- #include <string.h>
-
--fips_md_init(WHIRLPOOL)
-+nonfips_md_init(WHIRLPOOL)
- {
- memset(c, 0, sizeof(*c));
- return (1);
-diff -up openssl-1.0.2o/Makefile.org.fips
openssl-1.0.2o/Makefile.org
---- openssl-1.0.2o/Makefile.org.fips 2018-04-05 16:17:11.915265185 +0200
-+++
openssl-1.0.2o/Makefile.org 2018-04-05 16:17:11.947265929 +0200
-@@ -139,6 +139,9 @@ FIPSCANLIB=
-
- BASEADDR=
-
-+# Non-empty if FIPS enabled
-+FIPS=
-+
- DIRS= crypto ssl engines apps test tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-@@ -151,7 +154,7 @@ SDIRS= \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-- cms pqueue ts jpake srp store cmac
-+ cms pqueue ts jpake srp store cmac fips
- # keep in mind that the above list is adjusted by ./Configure
- # according to no-xxx arguments...
-
-@@ -243,6 +246,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)
- FIPSLIBDIR='${FIPSLIBDIR}' \
- FIPSDIR='${FIPSDIR}' \
- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
-+ FIPS="$${FIPS:-$(FIPS)}" \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
- # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
- # which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.2o/ssl/ssl_algs.c.fips openssl-1.0.2o/ssl/ssl_algs.c
---- openssl-1.0.2o/ssl/ssl_algs.c.fips 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/ssl/ssl_algs.c 2018-04-05 16:17:11.947265929 +0200
-@@ -64,6 +64,11 @@
- int SSL_library_init(void)
- {
-
-+#ifdef OPENSSL_FIPS
-+ OPENSSL_init_library();
-+ if (!FIPS_mode()) {
-+#endif
-+
- #ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cbc());
- EVP_add_cipher(EVP_des_ede3_cbc());
-@@ -142,6 +147,48 @@ int SSL_library_init(void)
- EVP_add_digest(EVP_sha());
- EVP_add_digest(EVP_dss());
- #endif
-+#ifdef OPENSSL_FIPS
-+ } else {
-+# ifndef OPENSSL_NO_DES
-+ EVP_add_cipher(EVP_des_ede3_cbc());
-+# endif
-+# ifndef OPENSSL_NO_AES
-+ EVP_add_cipher(EVP_aes_128_cbc());
-+ EVP_add_cipher(EVP_aes_192_cbc());
-+ EVP_add_cipher(EVP_aes_256_cbc());
-+ EVP_add_cipher(EVP_aes_128_gcm());
-+ EVP_add_cipher(EVP_aes_256_gcm());
-+# endif
-+# ifndef OPENSSL_NO_MD5
-+ /* needed even in the FIPS mode for TLS MAC */
-+ EVP_add_digest(EVP_md5());
-+ EVP_add_digest_alias(SN_md5, "ssl2-md5");
-+ EVP_add_digest_alias(SN_md5, "ssl3-md5");
-+# endif
-+# ifndef OPENSSL_NO_SHA
-+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
-+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-+# endif
-+# ifndef OPENSSL_NO_SHA256
-+ EVP_add_digest(EVP_sha224());
-+ EVP_add_digest(EVP_sha256());
-+# endif
-+# ifndef OPENSSL_NO_SHA512
-+ EVP_add_digest(EVP_sha384());
-+ EVP_add_digest(EVP_sha512());
-+# endif
-+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
-+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
-+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
-+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
-+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-+# endif
-+# ifndef OPENSSL_NO_ECDSA
-+ EVP_add_digest(EVP_ecdsa());
-+# endif
-+ }
-+#endif
- #ifndef OPENSSL_NO_COMP
- /*
- * This will initialise the built-in compression algorithms. The value
diff --git a/openssl-1.0.2o-ipv6-apps.patch b/openssl-1.0.2o-ipv6-apps.patch
deleted file mode 100644
index a858c58..0000000
--- a/openssl-1.0.2o-ipv6-apps.patch
+++ /dev/null
@@ -1,525 +0,0 @@
-diff -up openssl-1.0.2o/apps/s_apps.h.ipv6-apps openssl-1.0.2o/apps/s_apps.h
---- openssl-1.0.2o/apps/s_apps.h.ipv6-apps 2018-04-05 16:12:50.408193566 +0200
-+++ openssl-1.0.2o/apps/s_apps.h 2018-04-05 16:12:50.649199144 +0200
-@@ -151,7 +151,7 @@ typedef fd_mask fd_set;
- #define PORT_STR "4433"
- #define PROTOCOL "tcp"
-
--int do_server(int port, int type, int *ret,
-+int do_server(char *port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept);
-@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS
- int ssl_print_curves(BIO *out, SSL *s, int noshared);
- #endif
- int ssl_print_tmp_key(BIO *out, SSL *s);
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, char *port, int type);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-- short *p);
-+int extract_host_port(char *str, char **host_ptr, char **port_ptr);
-
- long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret);
-diff -up openssl-1.0.2o/apps/s_client.c.ipv6-apps openssl-1.0.2o/apps/s_client.c
---- openssl-1.0.2o/apps/s_client.c.ipv6-apps 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/apps/s_client.c 2018-04-05 16:12:50.649199144 +0200
-@@ -668,7 +668,7 @@ int MAIN(int argc, char **argv)
- int cbuf_len, cbuf_off;
- int sbuf_len, sbuf_off;
- fd_set readfds, writefds;
-- short port = PORT;
-+ char *port_str = PORT_STR;
- int full_log = 1;
- char *host = SSL_HOST_NAME;
- char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
-@@ -792,13 +792,11 @@ int MAIN(int argc, char **argv)
- } else if (strcmp(*argv, "-port") == 0) {
- if (--argc < 1)
- goto bad;
-- port = atoi(*(++argv));
-- if (port == 0)
-- goto bad;
-+ port_str = *(++argv);
- } else if (strcmp(*argv, "-connect") == 0) {
- if (--argc < 1)
- goto bad;
-- if (!extract_host_port(*(++argv), &host, NULL, &port))
-+ if (!extract_host_port(*(++argv), &host, &port_str))
- goto bad;
- } else if (strcmp(*argv, "-verify") == 0) {
- verify = SSL_VERIFY_PEER;
-@@ -1449,7 +1447,7 @@ int MAIN(int argc, char **argv)
-
- re_start:
-
-- if (init_client(&s, host, port, socket_type) == 0) {
-+ if (init_client(&s, host, port_str, socket_type) == 0) {
- BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
- SHUTDOWN(s);
- goto end;
-diff -up openssl-1.0.2o/apps/s_server.c.ipv6-apps openssl-1.0.2o/apps/s_server.c
---- openssl-1.0.2o/apps/s_server.c.ipv6-apps 2018-04-05 16:12:50.640198936 +0200
-+++ openssl-1.0.2o/apps/s_server.c 2018-04-05 16:12:50.650199167 +0200
-@@ -1082,7 +1082,7 @@ int MAIN(int argc, char *argv[])
- {
- X509_VERIFY_PARAM *vpm = NULL;
- int badarg = 0;
-- short port = PORT;
-+ char *port_str = PORT_STR;
- char *CApath = NULL, *CAfile = NULL;
- char *chCApath = NULL, *chCAfile = NULL;
- char *vfyCApath = NULL, *vfyCAfile = NULL;
-@@ -1170,7 +1170,8 @@ int MAIN(int argc, char *argv[])
- if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv,
"-accept") == 0)) {
- if (--argc < 1)
- goto bad;
-- if (!extract_port(*(++argv), &port))
-+ port_str = *(++argv);
-+ if (port_str == NULL || *port_str == '\0')
- goto bad;
- } else if (strcmp(*argv, "-naccept") == 0) {
- if (--argc < 1)
-@@ -2064,13 +2065,13 @@ int MAIN(int argc, char *argv[])
- BIO_printf(bio_s_out, "ACCEPT\n");
- (void)BIO_flush(bio_s_out);
- if (rev)
-- do_server(port, socket_type, &accept_socket, rev_body, context,
-+ do_server(port_str, socket_type, &accept_socket, rev_body, context,
- naccept);
- else if (www)
-- do_server(port, socket_type, &accept_socket, www_body, context,
-+ do_server(port_str, socket_type, &accept_socket, www_body, context,
- naccept);
- else
-- do_server(port, socket_type, &accept_socket, sv_body, context,
-+ do_server(port_str, socket_type, &accept_socket, sv_body, context,
- naccept);
- print_stats(bio_s_out, ctx);
- ret = 0;
-diff -up openssl-1.0.2o/apps/s_socket.c.ipv6-apps openssl-1.0.2o/apps/s_socket.c
---- openssl-1.0.2o/apps/s_socket.c.ipv6-apps 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/apps/s_socket.c 2018-04-05 16:15:52.400415779 +0200
-@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha
- static void ssl_sock_cleanup(void);
- # endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port, char *ip, int type);
-+static int init_server(int *sock, char *port, int type);
- static int do_accept(int acc_sock, int *sock, char **host);
- static int host_ip(char *str, unsigned char ip[4]);
-
-@@ -231,65 +229,66 @@ static int ssl_sock_init(void)
- return (1);
- }
-
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, char *port, int type)
- {
-- unsigned char ip[4];
--
-- memset(ip, '\0', sizeof(ip));
-- if (!host_ip(host, &(ip[0])))
-- return 0;
-- return init_client_ip(sock, ip, port, type);
--}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--{
-- unsigned long addr;
-- struct sockaddr_in them;
-- int s, i;
-+ struct addrinfo *res, *res0, hints;
-+ char *failed_call = NULL;
-+ int s;
-+ int e;
-
- if (!ssl_sock_init())
- return (0);
-
-- memset((char *)&them, 0, sizeof(them));
-- them.sin_family = AF_INET;
-- them.sin_port = htons((unsigned short)port);
-- addr = (unsigned long)
-- ((unsigned long)ip[0] << 24L) |
-- ((unsigned long)ip[1] << 16L) |
-- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
-- them.sin_addr.s_addr = htonl(addr);
--
-- if (type == SOCK_STREAM)
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-- else /* ( type == SOCK_DGRAM) */
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
--
-- if (s == INVALID_SOCKET) {
-- perror("socket");
-+ memset(&hints, '\0', sizeof(hints));
-+ hints.ai_socktype = type;
-+ hints.ai_flags = AI_ADDRCONFIG;
-+
-+ e = getaddrinfo(host, port, &hints, &res);
-+ if (e) {
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
-+ if (e == EAI_SYSTEM)
-+ perror("getaddrinfo");
- return (0);
- }
-+
-+ res0 = res;
-+ while (res) {
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-+ if (s == INVALID_SOCKET) {
-+ failed_call = "socket";
-+ goto nextres;
-+ }
- # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-- if (type == SOCK_STREAM) {
-- i = 0;
-- i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
-- if (i < 0) {
-- closesocket(s);
-- perror("keepalive");
-- return (0);
-+ if (type == SOCK_STREAM) {
-+ int i = 0;
-+ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
-+ (char *)&i, sizeof(i));
-+ if (i < 0) {
-+ failed_call = "keepalive";
-+ goto nextres;
-+ }
- }
-- }
- # endif
--
-- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-- closesocket(s);
-- perror("connect");
-- return (0);
-+ if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {
-+ freeaddrinfo(res0);
-+ *sock = s;
-+ return (1);
-+ }
-+
-+ failed_call = "socket";
-+ nextres:
-+ if (s != INVALID_SOCKET)
-+ close(s);
-+ res = res->ai_next;
- }
-- *sock = s;
-- return (1);
-+ freeaddrinfo(res0);
-+ closesocket(s);
-+
-+ perror(failed_call);
-+ return (0);
- }
-
--int do_server(int port, int type, int *ret,
-+int do_server(char *port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept)
-@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r
- }
- }
-
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server(int *sock, char *port, int type)
- {
-- int ret = 0;
-- struct sockaddr_in server;
-- int s = -1;
-+ struct addrinfo *res, *res0 = NULL, hints;
-+ char *failed_call = NULL;
-+ int s = INVALID_SOCKET;
-+ int e;
-
- if (!ssl_sock_init())
- return (0);
-
-- memset((char *)&server, 0, sizeof(server));
-- server.sin_family = AF_INET;
-- server.sin_port = htons((unsigned short)port);
-- if (ip == NULL)
-- server.sin_addr.s_addr = INADDR_ANY;
-- else
--/* Added for T3E, address-of fails on bit field (beckman(a)acl.lanl.gov) */
--# ifndef BIT_FIELD_LIMITS
-- memcpy(&server.sin_addr.s_addr, ip, 4);
--# else
-- memcpy(&server.sin_addr, ip, 4);
--# endif
--
-- if (type == SOCK_STREAM)
-- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-- else /* type == SOCK_DGRAM */
-- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-+ memset(&hints, '\0', sizeof(hints));
-+ hints.ai_family = AF_INET6;
-+ tryipv4:
-+ hints.ai_socktype = type;
-+ hints.ai_flags = AI_PASSIVE;
-+
-+ e = getaddrinfo(NULL, port, &hints, &res);
-+ if (e) {
-+ if (hints.ai_family == AF_INET) {
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
-+ if (e == EAI_SYSTEM)
-+ perror("getaddrinfo");
-+ return (0);
-+ } else
-+ res = NULL;
-+ }
-
-- if (s == INVALID_SOCKET)
-- goto err;
-+ res0 = res;
-+ while (res) {
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-+ if (s == INVALID_SOCKET) {
-+ failed_call = "socket";
-+ goto nextres;
-+ }
-+ if (hints.ai_family == AF_INET6) {
-+ int j = 0;
-+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof(j));
-+ }
- # if defined SOL_SOCKET && defined SO_REUSEADDR
-- {
-- int j = 1;
-- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
-- }
--# endif
-- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
--# ifndef OPENSSL_SYS_WINDOWS
-- perror("bind");
-+ {
-+ int j = 1;
-+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
-+ }
- # endif
-- goto err;
-+
-+ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
-+ failed_call = "bind";
-+ goto nextres;
-+ }
-+ if (type == SOCK_STREAM && listen(s, 128) == -1) {
-+ failed_call = "listen";
-+ goto nextres;
-+ }
-+
-+ *sock = s;
-+ return (1);
-+
-+ nextres:
-+ if (s != INVALID_SOCKET)
-+ close(s);
-+ res = res->ai_next;
- }
-- /* Make it 128 for linux */
-- if (type == SOCK_STREAM && listen(s, 128) == -1)
-- goto err;
-- *sock = s;
-- ret = 1;
-- err:
-- if ((ret == 0) && (s != -1)) {
-- SHUTDOWN(s);
-+ if (res0)
-+ freeaddrinfo(res0);
-+
-+ if (s == INVALID_SOCKET) {
-+ if (hints.ai_family == AF_INET6) {
-+ hints.ai_family = AF_INET;
-+ goto tryipv4;
-+ }
-+ perror("socket");
-+ return (0);
- }
-- return (ret);
--}
-
--static int init_server(int *sock, int port, int type)
--{
-- return (init_server_long(sock, port, NULL, type));
-+ perror(failed_call);
-+ return (0);
- }
-
- static int do_accept(int acc_sock, int *sock, char **host)
- {
-+ static struct sockaddr_storage from;
-+ char buffer[NI_MAXHOST];
- int ret;
-- struct hostent *h1, *h2;
-- static struct sockaddr_in from;
- int len;
- /* struct linger ling; */
-
-@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *
- ling.l_onoff=1;
- ling.l_linger=0;
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
-- if (i < 0) { perror("linger"); return(0); }
-+ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
- i=0;
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-- if (i < 0) { perror("keepalive"); return(0); }
-+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
- */
-
- if (host == NULL)
- goto end;
--# ifndef BIT_FIELD_LIMITS
-- /* I should use WSAAsyncGetHostByName() under windows */
-- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
-- sizeof(from.sin_addr.s_addr), AF_INET);
--# else
-- h1 = gethostbyaddr((char *)&from.sin_addr,
-- sizeof(struct in_addr), AF_INET);
--# endif
-- if (h1 == NULL) {
-- BIO_printf(bio_err, "bad gethostbyaddr\n");
-+
-+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
-+ buffer, sizeof(buffer), NULL, 0, 0)) {
-+ BIO_printf(bio_err, "getnameinfo failed\n");
- *host = NULL;
- /* return(0); */
- } else {
-- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
-+ if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) {
- perror("OPENSSL_malloc");
- closesocket(ret);
- return (0);
- }
-- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
--
-- h2 = GetHostByName(*host);
-- if (h2 == NULL) {
-- BIO_printf(bio_err, "gethostbyname failure\n");
-- closesocket(ret);
-- return (0);
-- }
-- if (h2->h_addrtype != AF_INET) {
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-- closesocket(ret);
-- return (0);
-- }
-+ strcpy(*host, buffer);
- }
- end:
- *sock = ret;
- return (1);
- }
-
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-- short *port_ptr)
-+int extract_host_port(char *str, char **host_ptr, char **port_ptr)
- {
-- char *h, *p;
-+ char *h, *p, *x;
-
-- h = str;
-- p = strchr(str, ':');
-+ x = h = str;
-+ if (*h == '[') {
-+ h++;
-+ p = strchr(h, ']');
-+ if (p == NULL) {
-+ BIO_printf(bio_err, "no ending bracket for IPv6 address\n");
-+ return (0);
-+ }
-+ *(p++) = '\0';
-+ x = p;
-+ }
-+ p = strchr(x, ':');
- if (p == NULL) {
- BIO_printf(bio_err, "no port defined\n");
- return (0);
- }
- *(p++) = '\0';
-
-- if ((ip != NULL) && !host_ip(str, ip))
-- goto err;
- if (host_ptr != NULL)
- *host_ptr = h;
-+ if (port_ptr != NULL)
-+ *port_ptr = p;
-
-- if (!extract_port(p, port_ptr))
-- goto err;
-- return (1);
-- err:
-- return (0);
--}
--
--static int host_ip(char *str, unsigned char ip[4])
--{
-- unsigned int in[4];
-- int i;
--
-- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]),
&(in[3])) ==
-- 4) {
-- for (i = 0; i < 4; i++)
-- if (in[i] > 255) {
-- BIO_printf(bio_err, "invalid IP address\n");
-- goto err;
-- }
-- ip[0] = in[0];
-- ip[1] = in[1];
-- ip[2] = in[2];
-- ip[3] = in[3];
-- } else { /* do a gethostbyname */
-- struct hostent *he;
--
-- if (!ssl_sock_init())
-- return (0);
--
-- he = GetHostByName(str);
-- if (he == NULL) {
-- BIO_printf(bio_err, "gethostbyname failure\n");
-- goto err;
-- }
-- /* cast to short because of win16 winsock definition */
-- if ((short)he->h_addrtype != AF_INET) {
-- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-- return (0);
-- }
-- ip[0] = he->h_addr_list[0][0];
-- ip[1] = he->h_addr_list[0][1];
-- ip[2] = he->h_addr_list[0][2];
-- ip[3] = he->h_addr_list[0][3];
-- }
-- return (1);
-- err:
-- return (0);
--}
--
--int extract_port(char *str, short *port_ptr)
--{
-- int i;
-- struct servent *s;
--
-- i = atoi(str);
-- if (i != 0)
-- *port_ptr = (unsigned short)i;
-- else {
-- s = getservbyname(str, "tcp");
-- if (s == NULL) {
-- BIO_printf(bio_err, "getservbyname failure for %s\n", str);
-- return (0);
-- }
-- *port_ptr = ntohs((unsigned short)s->s_port);
-- }
- return (1);
- }
-
diff --git a/openssl-1.0.2o-new-fips-reqs.patch b/openssl-1.0.2o-new-fips-reqs.patch
deleted file mode 100644
index f78425d..0000000
--- a/openssl-1.0.2o-new-fips-reqs.patch
+++ /dev/null
@@ -1,1417 +0,0 @@
-diff -up openssl-1.0.2o/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2o/crypto/bn/bn_rand.c
---- openssl-1.0.2o/crypto/bn/bn_rand.c.fips-reqs 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/bn/bn_rand.c 2018-04-05 16:25:06.612305989 +0200
-@@ -141,8 +141,11 @@ static int bnrand(int pseudorand, BIGNUM
- }
-
- /* make a random number and set the top and bottom bits */
-- time(&tim);
-- RAND_add(&tim, sizeof(tim), 0.0);
-+ if (!FIPS_mode()) {
-+ /* in FIPS mode the RNG is always properly seeded or the module fails */
-+ time(&tim);
-+ RAND_add(&tim, sizeof(tim), 0.0);
-+ }
-
- /* We ignore the value of pseudorand and always call RAND_bytes */
- if (RAND_bytes(buf, bytes) <= 0)
-diff -up openssl-1.0.2o/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2o/crypto/dh/dh_gen.c
---- openssl-1.0.2o/crypto/dh/dh_gen.c.fips-reqs 2018-04-05 16:25:06.568304965 +0200
-+++ openssl-1.0.2o/crypto/dh/dh_gen.c 2018-04-05 16:25:06.612305989 +0200
-@@ -128,7 +128,7 @@ static int dh_builtin_genparams(DH *ret,
- return 0;
- }
-
-- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
-diff -up openssl-1.0.2o/crypto/dh/dh.h.fips-reqs openssl-1.0.2o/crypto/dh/dh.h
---- openssl-1.0.2o/crypto/dh/dh.h.fips-reqs 2018-04-05 16:25:06.568304965 +0200
-+++ openssl-1.0.2o/crypto/dh/dh.h 2018-04-05 16:25:06.613306012 +0200
-@@ -78,6 +78,7 @@
- # endif
-
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
-
- # define DH_FLAG_CACHE_MONT_P 0x01
-
-diff -up openssl-1.0.2o/crypto/dsa/dsa_gen.c.fips-reqs
openssl-1.0.2o/crypto/dsa/dsa_gen.c
---- openssl-1.0.2o/crypto/dsa/dsa_gen.c.fips-reqs 2018-04-05 16:25:06.569304989 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_gen.c 2018-04-05 16:25:06.613306012 +0200
-@@ -157,9 +157,11 @@ int dsa_builtin_paramgen(DSA *ret, size_
- }
-
- if (FIPS_module_mode() &&
-- (bits != 1024 || qbits != 160) &&
-- (bits != 2048 || qbits != 224) &&
-- (bits != 2048 || qbits != 256) && (bits != 3072 || qbits != 256)) {
-+ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024
-+ || qbits != 160) && (bits != 2048 || qbits != 224) && (bits !=
2048
-+ || qbits !=
-+ 256)
-+ && (bits != 3072 || qbits != 256)) {
- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
- goto err;
- }
-diff -up openssl-1.0.2o/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2o/crypto/dsa/dsa.h
---- openssl-1.0.2o/crypto/dsa/dsa.h.fips-reqs 2018-04-05 16:25:06.569304989 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa.h 2018-04-05 16:25:06.613306012 +0200
-@@ -89,6 +89,7 @@
- # endif
-
- # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN
(getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024)
-
- # define DSA_FLAG_CACHE_MONT_P 0x01
- /*
-@@ -251,9 +252,9 @@ int DSAparams_print_fp(FILE *fp, const D
- int DSA_print_fp(FILE *bp, const DSA *x, int off);
- # endif
-
--# define DSS_prime_checks 50
-+# define DSS_prime_checks 64
- /*
-- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
-+ * Primality test according to FIPS PUB 186-4, Appendix 2.1: 64 rounds of
- * Rabin-Miller
- */
- # define DSA_is_prime(n, callback, cb_arg) \
-diff -up openssl-1.0.2o/crypto/dsa/dsa_key.c.fips-reqs
openssl-1.0.2o/crypto/dsa/dsa_key.c
---- openssl-1.0.2o/crypto/dsa/dsa_key.c.fips-reqs 2018-04-05 16:25:06.610305942 +0200
-+++ openssl-1.0.2o/crypto/dsa/dsa_key.c 2018-04-05 16:25:06.613306012 +0200
-@@ -125,7 +125,7 @@ static int dsa_builtin_keygen(DSA *dsa)
-
- # ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN))
{
- DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
-diff -up openssl-1.0.2o/crypto/evp/e_aes.c.fips-reqs openssl-1.0.2o/crypto/evp/e_aes.c
---- openssl-1.0.2o/crypto/evp/e_aes.c.fips-reqs 2018-04-05 16:25:06.571305035 +0200
-+++ openssl-1.0.2o/crypto/evp/e_aes.c 2018-04-05 16:25:06.614306035 +0200
-@@ -381,6 +381,8 @@ static int aesni_xts_init_key(EVP_CIPHER
-
- if (key) {
- /* key_len is two AES keys */
-+ if (FIPS_module_mode() && memcmp(key, key + ctx->key_len / 2,
ctx->key_len / 2) == 0)
-+ return 0;
- if (enc) {
- aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- xctx->xts.block1 = (block128_f) aesni_encrypt;
-@@ -701,6 +703,9 @@ static int aes_t4_xts_init_key(EVP_CIPHE
-
- if (key) {
- int bits = ctx->key_len * 4;
-+
-+ if (FIPS_module_mode() && memcmp(key, key + ctx->key_len / 2,
ctx->key_len / 2) == 0)
-+ return 0;
- xctx->stream = NULL;
- /* key_len is two AES keys */
- if (enc) {
-@@ -1654,6 +1659,8 @@ static int aes_xts_init_key(EVP_CIPHER_C
-
- if (key)
- do {
-+ if (FIPS_module_mode() && memcmp(key, key + ctx->key_len / 2,
ctx->key_len / 2) == 0)
-+ return 0;
- # ifdef AES_XTS_ASM
- xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
- # else
-diff -up openssl-1.0.2o/crypto/fips/fips.c.fips-reqs openssl-1.0.2o/crypto/fips/fips.c
---- openssl-1.0.2o/crypto/fips/fips.c.fips-reqs 2018-04-05 16:25:06.611305965 +0200
-+++ openssl-1.0.2o/crypto/fips/fips.c 2018-04-05 16:25:06.614306035 +0200
-@@ -424,26 +424,24 @@ int FIPS_module_mode_set(int onoff, cons
- ret = 0;
- goto end;
- }
-- OPENSSL_ia32cap_P[0] |= (1 << 28); /* set "shared cache"
*/
-- OPENSSL_ia32cap_P[1] &= ~(1 << (60 - 32)); /* clear AVX
*/
- }
- # endif
-
-- if (!verify_checksums()) {
-- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
-+ if (!FIPS_selftest()) {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
-- if (FIPS_selftest())
-- fips_set_mode(onoff);
-- else {
-+ if (!verify_checksums()) {
-+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-+
-+ fips_set_mode(onoff);
- ret = 1;
- goto end;
- }
-diff -up openssl-1.0.2o/crypto/fips/fips_dh_selftest.c.fips-reqs
openssl-1.0.2o/crypto/fips/fips_dh_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_dh_selftest.c.fips-reqs 2018-04-05 16:25:06.614306035
+0200
-+++ openssl-1.0.2o/crypto/fips/fips_dh_selftest.c 2018-04-05 16:25:06.614306035 +0200
-@@ -0,0 +1,162 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 2013 Red Hat, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (
http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core(a)openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (
http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/dh.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const unsigned char dh_test_2048_p[] = {
-+ 0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09,
-+ 0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11,
-+ 0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5,
-+ 0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F,
-+ 0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC,
-+ 0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE,
-+ 0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39,
-+ 0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E,
-+ 0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2,
-+ 0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A,
-+ 0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A,
-+ 0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF,
-+ 0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7,
-+ 0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73,
-+ 0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6,
-+ 0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35,
-+ 0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED,
-+ 0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03,
-+ 0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC,
-+ 0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE,
-+ 0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58,
-+ 0x4B, 0xD8, 0x37, 0xEB
-+};
-+
-+static const unsigned char dh_test_2048_g[] = {
-+ 0x02
-+};
-+
-+static const unsigned char dh_test_2048_pub_key[] = {
-+ 0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA,
-+ 0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2,
-+ 0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12,
-+ 0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5,
-+ 0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D,
-+ 0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1,
-+ 0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51,
-+ 0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F,
-+ 0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6,
-+ 0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED,
-+ 0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46,
-+ 0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA,
-+ 0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1,
-+ 0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE,
-+ 0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53,
-+ 0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9,
-+ 0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3,
-+ 0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9,
-+ 0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56,
-+ 0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E,
-+ 0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9,
-+ 0x36, 0x9E, 0xDA, 0xD2
-+};
-+
-+static const unsigned char dh_test_2048_priv_key[] = {
-+ 0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91,
-+ 0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00,
-+ 0xEC, 0x55, 0xF6, 0xCC
-+};
-+
-+int FIPS_selftest_dh()
-+{
-+ DH *dh = NULL;
-+ int ret = 0;
-+ void *pub_key = NULL;
-+ int len;
-+
-+ dh = DH_new();
-+
-+ if (dh == NULL)
-+ goto err;
-+
-+ fips_load_key_component(dh, p, dh_test_2048);
-+ fips_load_key_component(dh, g, dh_test_2048);
-+ /* note that the private key is much shorter than normally used
-+ * but still g ** priv_key > p
-+ */
-+ fips_load_key_component(dh, priv_key, dh_test_2048);
-+
-+ if (DH_generate_key(dh) <= 0)
-+ goto err;
-+
-+ len = BN_num_bytes(dh->pub_key);
-+ if ((pub_key = OPENSSL_malloc(len)) == NULL)
-+ goto err;
-+ BN_bn2bin(dh->pub_key, pub_key);
-+
-+ if (len != sizeof(dh_test_2048_pub_key) ||
-+ memcmp(pub_key, dh_test_2048_pub_key, len) != 0)
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (dh)
-+ DH_free(dh);
-+
-+ OPENSSL_free(pub_key);
-+ return ret;
-+}
-+#endif
-diff -up openssl-1.0.2o/crypto/fips/fips.h.fips-reqs openssl-1.0.2o/crypto/fips/fips.h
---- openssl-1.0.2o/crypto/fips/fips.h.fips-reqs 2018-04-05 16:25:06.604305803 +0200
-+++ openssl-1.0.2o/crypto/fips/fips.h 2018-04-05 16:25:06.614306035 +0200
-@@ -96,6 +96,7 @@ extern "C" {
- int FIPS_selftest_dsa(void);
- int FIPS_selftest_ecdsa(void);
- int FIPS_selftest_ecdh(void);
-+ int FIPS_selftest_dh(void);
- void FIPS_corrupt_rng(void);
- void FIPS_rng_stick(void);
- void FIPS_x931_stick(int onoff);
-diff -up openssl-1.0.2o/crypto/fips/fips_post.c.fips-reqs
openssl-1.0.2o/crypto/fips/fips_post.c
---- openssl-1.0.2o/crypto/fips/fips_post.c.fips-reqs 2018-04-05 16:25:06.601305733 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_post.c 2018-04-05 16:25:06.615306058 +0200
-@@ -99,6 +99,8 @@ int FIPS_selftest(void)
- rv = 0;
- if (!FIPS_selftest_dsa())
- rv = 0;
-+ if (!FIPS_selftest_dh())
-+ rv = 0;
- if (!FIPS_selftest_ecdh())
- rv = 0;
- return rv;
-diff -up openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c.fips-reqs
openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c.fips-reqs 2018-04-05
16:25:06.577305175 +0200
-+++ openssl-1.0.2o/crypto/fips/fips_rsa_selftest.c 2018-04-05 16:25:06.615306058 +0200
-@@ -60,68 +60,107 @@
- #ifdef OPENSSL_FIPS
-
- static const unsigned char n[] =
-- "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
-- "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
-- "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
-- "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
-- "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
-- "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
-- "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
-- "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
"\xCB";
-+ "\x00\xc9\xd5\x6d\x9d\x90\xdb\x43\xd6\x02\xed\x96\x88\x13\x8a"
-+ "\xb2\xbf\x6e\xa1\x06\x10\xb2\x78\x37\xa7\x14\xa8\xff\xdd\x00"
-+ "\xdd\xb4\x93\xa0\x45\xcc\x96\x90\xed\xad\xa9\xdd\xc4\xd6\xca"
-+ "\x0c\xf0\xed\x4f\x72\x5e\x21\x49\x9a\x18\x12\x15\x8f\x90\x5a"
-+ "\xdb\xb6\x33\x99\xa3\xe6\xb4\xf0\xc4\x97\x21\x26\xbb\xe3\xba"
-+ "\xf2\xff\xa0\x72\xda\x89\x63\x8e\x8b\x3e\x08\x9d\x92\x2a\xbe"
-+ "\x16\xe1\x43\x15\xfc\x57\xc7\x1f\x09\x11\x67\x1c\xa9\x96\xd1"
-+ "\x8b\x3e\x80\x93\xc1\x59\xd0\x6d\x39\xf2\xac\x95\xcc\x10\x75"
-+ "\xe9\x31\x24\xd1\x43\xaf\x68\x52\x4b\xe7\x16\xd7\x49\x65\x6f"
-+ "\x26\xc0\x86\xad\xc0\x07\x0a\xc1\xe1\x2f\x87\x85\x86\x3b\xdc"
-+ "\x5a\x99\xbe\xe9\xf9\xb9\xe9\x82\x27\x51\x04\x15\xab\x06\x0e"
-+ "\x76\x5a\x28\x8d\x92\xbd\xc5\xb5\x7b\xa8\xdf\x4e\x47\xa2\xc1"
-+ "\xe7\x52\xbf\x47\xf7\x62\xe0\x3a\x6f\x4d\x6a\x4d\x4e\xd4\xb9"
-+ "\x59\x69\xfa\xb2\x14\xc1\xee\xe6\x2f\x95\xcd\x94\x72\xae\xe4"
-+ "\xdb\x18\x9a\xc4\xcd\x70\xbd\xee\x31\x16\xb7\x49\x65\xac\x40"
-+ "\x19\x0e\xb5\x6d\x83\xf1\x36\xbb\x08\x2f\x2e\x4e\x92\x62\xa4"
-+ "\xff\x50\xdb\x20\x45\xa2\xeb\x16\x7a\xf2\xd5\x28\xc1\xfd\x4e"
"\x03\x71";
-
- static int corrupt_rsa;
-
- static int setrsakey(RSA *key)
- {
-- static const unsigned char e[] = "\x11";
-+ static const unsigned char e[] = "\x01\x00\x01";
-
- static const unsigned char d[] =
-- "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
-- "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
-- "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
-- "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
-- "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
-- "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
-- "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
-- "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
-- "\xC1";
-+ "\x36\x27\x3d\xb1\xf9\x1b\xdb\xa7\xa0\x41\x7f\x12\x23\xac\x23"
-+ "\x29\x99\xd5\x3a\x7b\x60\x67\x41\x07\x63\x53\xb4\xd2\xe7\x58"
-+ "\x95\x0a\xc7\x05\xf3\x4e\xb2\xb4\x12\xd4\x70\xdc\x4f\x85\x06"
-+ "\xd3\xdd\xd8\x63\x27\x3e\x67\x31\x21\x24\x39\x04\xbc\x06\xa4"
-+ "\xcc\xce\x2b\x7a\xfe\x7b\xad\xde\x11\x6e\xa3\xa5\xe6\x04\x53"
-+ "\x0e\xa3\x4e\x2d\xb4\x8f\x31\xbf\xca\x75\x25\x52\x02\x85\xde"
-+ "\x3d\xb2\x72\x43\xb2\x89\x8a\x9a\x34\x41\x26\x3f\x9a\x67\xbe"
-+ "\xa4\x96\x7b\x0e\x75\xba\xa6\x93\xd5\xb8\xd8\xb8\x57\xf2\x4b"
-+ "\x0f\x14\x81\xd1\x57\x4e\xf6\x45\x4c\xa6\x3b\xd0\x70\xca\xd3"
-+ "\x9d\x55\xde\x22\x05\xe7\x8e\x28\x4d\xee\x11\xcf\xb6\x67\x76"
-+ "\x09\xd3\xe3\x3c\x13\xf9\x99\x34\x10\x7b\xec\x81\x38\xf0\xb6"
-+ "\x34\x9c\x9b\x50\x6f\x0b\x91\x81\x4d\x89\x94\x04\x7b\xf0\x3c"
-+ "\xf4\xb1\xb2\x00\x48\x8d\x5a\x8f\x88\x9e\xc5\xab\x3a\x9e\x44"
-+ "\x3f\x54\xe7\xd9\x6e\x47\xaa\xa1\xbd\x40\x46\x31\xf9\xf0\x34"
-+ "\xb6\x04\xe1\x2b\x5b\x73\x86\xdd\x3a\x92\x1b\x71\xc7\x3f\x32"
-+ "\xe5\xc3\xc2\xab\xa1\x7e\xbf\xa4\x52\xa0\xb0\x68\x90\xd1\x20"
-+ "\x12\x79\xe9\xd7\xc9\x40\xba\xf2\x19\xc7\xa5\x00\x92\x86\x0d"
"\x01";
-
- static const unsigned char p[] =
-- "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
-- "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
-- "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
-- "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
-- "\x99";
-+ "\x00\xfc\x5c\x6e\x16\xce\x1f\x03\x7b\xcd\xf7\xb3\x72\xb2\x8f"
-+ "\x16\x72\xb8\x56\xae\xf7\xcd\x67\xd8\x4e\x7d\x07\xaf\xd5\x43"
-+ "\x26\xc3\x35\xbe\x43\x8f\x4e\x2f\x1c\x43\x4e\x6b\xd2\xb2\xec"
-+ "\x52\x6d\x97\x52\x2b\xcc\x5c\x3a\x6b\xf4\x14\xc6\x74\xda\x66"
-+ "\x38\x1c\x7a\x3f\x84\x2f\xe3\xf9\x5a\xb8\x65\x69\x46\x06\xa3"
-+ "\x37\x79\xb2\xa1\x5b\x58\xed\x5e\xa7\x5f\x8c\x65\x66\xbb\xd1"
-+ "\x24\x36\xe6\x37\xa7\x3d\x49\x77\x8a\x8c\x34\xd8\x69\x29\xf3"
-+ "\x4d\x58\x22\xb0\x51\x24\xb6\x40\xa8\x86\x59\x0a\xb7\xba\x5c"
-+ "\x97\xda\x57\xe8\x36\xda\x7a\x9c\xad";
-
- static const unsigned char q[] =
-- "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-- "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-- "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-- "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
-- "\x03";
-+ "\x00\xcc\xbe\x7b\x09\x69\x06\xee\x45\xbf\x88\x47\x38\xa8\xf8"
-+ "\x17\xe5\xb6\xba\x67\x55\xe3\xe8\x05\x8b\xb8\xe2\x53\xd6\x8e"
-+ "\xef\x2c\xe7\x4f\x4a\xf7\x4e\x26\x8d\x85\x0b\x3f\xec\xc3\x1c"
-+ "\xd4\xeb\xec\x6a\xc8\x72\x2a\x25\x7d\xfd\xa6\x77\x96\xf0\x1e"
-+ "\xcd\x28\x57\xf8\x37\x30\x75\x6b\xbd\xd4\x7b\x0c\x87\xc5\x6c"
-+ "\x87\x40\xa5\xbb\x27\x2c\x78\xc9\x74\x5a\x54\x5b\x0b\x30\x6f"
-+ "\x44\x4a\xfa\x71\xe4\x21\x61\x66\xf9\xee\x65\xde\x7c\x04\xd7"
-+ "\xfd\xa9\x15\x5b\x7f\xe2\x7a\xba\x69\x86\x72\xa6\x06\x8d\x9b"
-+ "\x90\x55\x60\x9e\x4c\x5d\xa9\xb6\x55";
-
- static const unsigned char dmp1[] =
-- "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
-- "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
-- "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
-- "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-+ "\x7a\xd6\x12\xd0\x0e\xec\x91\xa9\x85\x8b\xf8\x50\xf0\x11\x2e"
-+ "\x00\x11\x32\x40\x60\x66\x1f\x11\xee\xc2\x75\x27\x65\x4b\x16"
-+ "\x67\x16\x95\xd2\x14\xc3\x1d\xb3\x48\x1f\xb7\xe4\x0b\x2b\x74"
-+ "\xc3\xdb\x50\x27\xf9\x85\x3a\xfa\xa9\x08\x23\xc1\x65\x3d\x34"
-+ "\x3a\xc8\x56\x7a\x65\x45\x36\x6e\xae\x2a\xce\x9f\x43\x43\xd7"
-+ "\x10\xe9\x9e\x18\xf4\xa4\x35\xda\x8a\x6b\xb0\x3f\xdd\x53\xe3"
-+ "\xa8\xc5\x4e\x79\x9d\x1f\x51\x8c\xa2\xca\x66\x3c\x6a\x2a\xff"
-+ "\x8e\xd2\xf3\xb7\xcb\x82\xda\xde\x2c\xe6\xd2\x8c\xb3\xad\xb6"
-+ "\x4c\x95\x55\x76\xbd\xc9\xc8\xd1";
-
- static const unsigned char dmq1[] =
-- "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
-- "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
-- "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
-- "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
-+ "\x00\x83\x23\x1d\xbb\x11\x42\x17\x2b\x25\x5a\x2c\x03\xe6\x75"
-+ "\xc1\x18\xa8\xc9\x0b\x96\xbf\xba\xc4\x92\x91\x80\xa5\x22\x2f"
-+ "\xba\x91\x90\x36\x01\x56\x15\x00\x2c\x74\xa2\x97\xf7\x15\xa1"
-+ "\x49\xdf\x32\x35\xd2\xdd\x0c\x91\xa6\xf8\xe7\xbe\x81\x36\x9b"
-+ "\x03\xdc\x6b\x3b\xd8\x5d\x79\x57\xe0\xe6\x4f\x49\xdf\x4c\x5c"
-+ "\x0e\xe5\x21\x41\x95\xfd\xad\xff\x9a\x3e\xa0\xf9\x0f\x59\x9e"
-+ "\x6a\xa7\x7b\x71\xa7\x24\x9a\x36\x52\xae\x97\x20\xc1\x5e\x78"
-+ "\xd9\x47\x8b\x1e\x67\xf2\xaf\x98\xe6\x2d\xef\x10\xd7\xf1\xab"
-+ "\x49\xee\xe5\x4b\x7e\xae\x1f\x1d\x61";
-
- static const unsigned char iqmp[] =
-- "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
-- "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
-- "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
-- "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
-- "\xF7";
-+ "\x23\x96\xc1\x91\x17\x5e\x0a\x83\xd2\xdc\x7b\x69\xb2\x59\x1d"
-+ "\x33\x58\x52\x3f\x18\xc7\x09\x50\x1c\xb9\xa1\xbb\x4c\xa2\x38"
-+ "\x40\x4c\x9a\x8e\xfe\x9c\x90\x92\xd0\x71\x9f\x89\x99\x50\x91"
-+ "\x1f\x34\x8b\x74\x53\x11\x11\x4a\x70\xe2\xf7\x30\xd8\x8c\x80"
-+ "\xe1\xcc\x9f\xf1\x63\x17\x1a\x7d\x67\x29\x4c\xcb\x4e\x74\x7b"
-+ "\xe0\x3e\x9e\x2f\xf4\x67\x8f\xec\xb9\x5c\x00\x1e\x7e\xa2\x7b"
-+ "\x92\xc9\x6f\x4c\xe4\x0e\xf9\x48\x63\xcd\x50\x22\x5d\xbf\xb6"
-+ "\x9d\x01\x33\x6a\xf4\x50\xbe\x86\x98\x4f\xca\x3f\x3a\xfa\xcf"
-+ "\x07\x40\xc4\xaa\xad\xae\xbe\xbf";
-
- key->n = BN_bin2bn(n, sizeof(n) - 1, key->n);
- if (corrupt_rsa)
-- BN_set_bit(key->n, 1024);
-+ BN_set_bit(key->n, 2048);
- key->e = BN_bin2bn(e, sizeof(e) - 1, key->e);
- key->d = BN_bin2bn(d, sizeof(d) - 1, key->d);
- key->p = BN_bin2bn(p, sizeof(p) - 1, key->p);
-@@ -145,200 +184,292 @@ static const unsigned char kat_tbs[] =
- "OpenSSL FIPS 140-2 Public Key RSA KAT";
-
- static const unsigned char kat_RSA_PSS_SHA1[] = {
-- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
-- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
-- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
-- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
-- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
-- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
-- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
-- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
-- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
-- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
-- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
-+ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3,
-+ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B,
-+ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84,
-+ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B,
-+ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9,
-+ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19,
-+ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98,
-+ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5,
-+ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4,
-+ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A,
-+ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70,
-+ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1,
-+ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C,
-+ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF,
-+ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99,
-+ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45,
-+ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF,
-+ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F,
-+ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01,
-+ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC,
-+ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05,
-+ 0xCE, 0x08, 0x1D, 0x89
- };
-
- static const unsigned char kat_RSA_PSS_SHA224[] = {
-- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
-- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
-- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
-- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
-- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
-- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
-- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
-- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
-- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
-- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
-- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
-+ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA,
-+ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3,
-+ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3,
-+ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3,
-+ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7,
-+ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53,
-+ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A,
-+ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE,
-+ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06,
-+ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08,
-+ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D,
-+ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07,
-+ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70,
-+ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64,
-+ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17,
-+ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69,
-+ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97,
-+ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D,
-+ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5,
-+ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B,
-+ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD,
-+ 0x2D, 0x84, 0x03, 0xB7
- };
-
- static const unsigned char kat_RSA_PSS_SHA256[] = {
-- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
-- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
-- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
-- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
-- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
-- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
-- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
-- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
-- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
-- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
-- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
-+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19,
-+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9,
-+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB,
-+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9,
-+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16,
-+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33,
-+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49,
-+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67,
-+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B,
-+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B,
-+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6,
-+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60,
-+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6,
-+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF,
-+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23,
-+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73,
-+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56,
-+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97,
-+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50,
-+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68,
-+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62,
-+ 0x2B, 0x31, 0xB9, 0x7D
- };
-
- static const unsigned char kat_RSA_PSS_SHA384[] = {
-- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
-- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
-- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
-- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
-- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
-- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
-- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
-- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
-- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
-- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
-- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
-+ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D,
-+ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03,
-+ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27,
-+ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC,
-+ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1,
-+ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6,
-+ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA,
-+ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB,
-+ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3,
-+ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5,
-+ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70,
-+ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E,
-+ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C,
-+ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0,
-+ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62,
-+ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07,
-+ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88,
-+ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7,
-+ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5,
-+ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D,
-+ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF,
-+ 0x90, 0xD2, 0xA6, 0x2B
- };
-
- static const unsigned char kat_RSA_PSS_SHA512[] = {
-- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
-- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
-- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
-- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
-- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
-- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
-- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
-- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
-- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
-- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
-- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
-+ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32,
-+ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06,
-+ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D,
-+ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B,
-+ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D,
-+ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44,
-+ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B,
-+ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D,
-+ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD,
-+ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C,
-+ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1,
-+ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A,
-+ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE,
-+ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D,
-+ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F,
-+ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF,
-+ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F,
-+ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94,
-+ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE,
-+ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A,
-+ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0,
-+ 0x17, 0x2C, 0x13, 0xE0
- };
-
- static const unsigned char kat_RSA_SHA1[] = {
-- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
-- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
-- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
-- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
-- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
-- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
-- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
-- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
-- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
-- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
-- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
-+ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA,
-+ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C,
-+ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE,
-+ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94,
-+ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08,
-+ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC,
-+ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0,
-+ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54,
-+ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F,
-+ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A,
-+ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF,
-+ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD,
-+ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8,
-+ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5,
-+ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F,
-+ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF,
-+ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60,
-+ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9,
-+ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC,
-+ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37,
-+ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF,
-+ 0x27, 0x90, 0xE2, 0x01
- };
-
- static const unsigned char kat_RSA_SHA224[] = {
-- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
-- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
-- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
-- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
-- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
-- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
-- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
-- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
-- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
-- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
-- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
-+ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86,
-+ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8,
-+ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89,
-+ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39,
-+ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3,
-+ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E,
-+ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8,
-+ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4,
-+ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66,
-+ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6,
-+ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC,
-+ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9,
-+ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53,
-+ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA,
-+ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45,
-+ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC,
-+ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33,
-+ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5,
-+ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8,
-+ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83,
-+ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B,
-+ 0xDB, 0x70, 0x00, 0xF6
- };
-
- static const unsigned char kat_RSA_SHA256[] = {
-- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
-- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
-- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
-- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
-- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
-- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
-- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
-- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
-- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
-- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
-- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
-+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9,
-+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF,
-+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F,
-+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06,
-+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF,
-+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2,
-+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8,
-+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5,
-+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE,
-+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6,
-+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D,
-+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42,
-+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4,
-+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E,
-+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A,
-+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91,
-+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB,
-+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65,
-+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E,
-+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B,
-+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D,
-+ 0x47, 0x9D, 0x18, 0xD7
- };
-
- static const unsigned char kat_RSA_SHA384[] = {
-- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
-- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
-- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
-- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
-- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
-- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
-- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
-- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
-- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
-- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
-- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
-+ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00,
-+ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D,
-+ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2,
-+ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B,
-+ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF,
-+ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1,
-+ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C,
-+ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E,
-+ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76,
-+ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4,
-+ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9,
-+ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4,
-+ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56,
-+ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39,
-+ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00,
-+ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F,
-+ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D,
-+ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26,
-+ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9,
-+ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD,
-+ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4,
-+ 0x7E, 0x37, 0x1D, 0x96
- };
-
- static const unsigned char kat_RSA_SHA512[] = {
-- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
-- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
-- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
-- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
-- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
-- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
-- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
-- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
-- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
-- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
-- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
-+ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3,
-+ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F,
-+ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02,
-+ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B,
-+ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3,
-+ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1,
-+ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79,
-+ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1,
-+ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E,
-+ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1,
-+ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED,
-+ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE,
-+ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69,
-+ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2,
-+ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F,
-+ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3,
-+ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B,
-+ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86,
-+ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F,
-+ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A,
-+ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E,
-+ 0x43, 0xA8, 0x34, 0x0A
- };
-
--static const unsigned char kat_RSA_X931_SHA1[] = {
-- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
-- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
-- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
-- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
-- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
-- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
-- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
-- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
-- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
-- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
-- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
--};
-+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext,
-+ int ptlen)
-+{
-+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
-+ int ret = 0;
-+ int len;
-
--static const unsigned char kat_RSA_X931_SHA256[] = {
-- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
-- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
-- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
-- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
-- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
-- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
-- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
-- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
-- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
-- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
-- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
--};
-+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ctbuf)
-+ goto err;
-
--static const unsigned char kat_RSA_X931_SHA384[] = {
-- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
-- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
-- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
-- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
-- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
-- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
-- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
-- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
-- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
-- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
-- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
--};
-+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len <= 0)
-+ goto err;
-+ /* Check ciphertext doesn't match plaintext */
-+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
-+ goto err;
-
--static const unsigned char kat_RSA_X931_SHA512[] = {
-- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
-- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
-- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
-- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
-- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
-- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
-- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
-- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
-- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
-- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
-- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
--};
-+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ptbuf)
-+ goto err;
-+
-+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len != ptlen)
-+ goto err;
-+ if (memcmp(ptbuf, plaintext, len))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (ctbuf)
-+ OPENSSL_free(ctbuf);
-+ if (ptbuf)
-+ OPENSSL_free(ptbuf);
-+ return ret;
-+}
-
- int FIPS_selftest_rsa()
- {
-@@ -352,7 +483,7 @@ int FIPS_selftest_rsa()
- if ((pk = EVP_PKEY_new()) == NULL)
- goto err;
-
-- EVP_PKEY_assign_RSA(pk, key);
-+ EVP_PKEY_set1_RSA(pk, key);
-
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
-@@ -406,29 +537,7 @@ int FIPS_selftest_rsa()
- EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA512 PSS"))
- goto err;
-
-- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-- kat_RSA_X931_SHA1,
-- sizeof(kat_RSA_X931_SHA1), EVP_sha1(),
-- EVP_MD_CTX_FLAG_PAD_X931, "RSA SHA1 X931"))
-- goto err;
-- /* NB: SHA224 not supported in X9.31 */
-- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-- kat_RSA_X931_SHA256,
-- sizeof(kat_RSA_X931_SHA256), EVP_sha256(),
-- EVP_MD_CTX_FLAG_PAD_X931,
-- "RSA SHA256 X931"))
-- goto err;
-- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-- kat_RSA_X931_SHA384,
-- sizeof(kat_RSA_X931_SHA384), EVP_sha384(),
-- EVP_MD_CTX_FLAG_PAD_X931,
-- "RSA SHA384 X931"))
-- goto err;
-- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
-- kat_RSA_X931_SHA512,
-- sizeof(kat_RSA_X931_SHA512), EVP_sha512(),
-- EVP_MD_CTX_FLAG_PAD_X931,
-- "RSA SHA512 X931"))
-+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
- goto err;
-
- ret = 1;
-@@ -436,7 +545,7 @@ int FIPS_selftest_rsa()
- err:
- if (pk)
- EVP_PKEY_free(pk);
-- else if (key)
-+ if (key)
- RSA_free(key);
- return ret;
- }
-diff -up openssl-1.0.2o/crypto/fips/Makefile.fips-reqs
openssl-1.0.2o/crypto/fips/Makefile
---- openssl-1.0.2o/crypto/fips/Makefile.fips-reqs 2018-04-05 16:25:06.601305733 +0200
-+++ openssl-1.0.2o/crypto/fips/Makefile 2018-04-05 16:25:06.615306058 +0200
-@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
- fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
- fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
- fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c
fips_md.c
-+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
\
-+ fips_dh_selftest.c
-
- LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o
\
- fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
- fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
- fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
-- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o
fips_md.o
-+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
\
-+ fips_dh_selftest.o
-
- LIBCRYPTO=-L.. -lcrypto
-
-diff -up openssl-1.0.2o/crypto/rand/rand_lcl.h.fips-reqs
openssl-1.0.2o/crypto/rand/rand_lcl.h
---- openssl-1.0.2o/crypto/rand/rand_lcl.h.fips-reqs 2018-04-05 16:25:06.099294057 +0200
-+++ openssl-1.0.2o/crypto/rand/rand_lcl.h 2018-04-05 16:25:06.615306058 +0200
-@@ -112,7 +112,7 @@
- #ifndef HEADER_RAND_LCL_H
- # define HEADER_RAND_LCL_H
-
--# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
-+# define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */
-
- # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) &&
!defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
- # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-diff -up openssl-1.0.2o/crypto/rand/rand_lib.c.fips-reqs
openssl-1.0.2o/crypto/rand/rand_lib.c
---- openssl-1.0.2o/crypto/rand/rand_lib.c.fips-reqs 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/rand/rand_lib.c 2018-04-05 16:25:06.615306058 +0200
-@@ -236,12 +236,22 @@ static int drbg_rand_add(DRBG_CTX *ctx,
- double entropy)
- {
- RAND_SSLeay()->add(in, inlen, entropy);
-+ if (FIPS_rand_status()) {
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ FIPS_drbg_reseed(ctx, NULL, 0);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ }
- return 1;
- }
-
- static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
- {
- RAND_SSLeay()->seed(in, inlen);
-+ if (FIPS_rand_status()) {
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ FIPS_drbg_reseed(ctx, NULL, 0);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ }
- return 1;
- }
-
-diff -up openssl-1.0.2o/crypto/rsa/rsa_gen.c.fips-reqs
openssl-1.0.2o/crypto/rsa/rsa_gen.c
---- openssl-1.0.2o/crypto/rsa/rsa_gen.c.fips-reqs 2018-04-05 16:25:06.580305244 +0200
-+++ openssl-1.0.2o/crypto/rsa/rsa_gen.c 2018-04-05 16:40:02.239136117 +0200
-@@ -1,5 +1,6 @@
- /* crypto/rsa/rsa_gen.c */
- /* Copyright (C) 1995-1998 Eric Young (eay(a)cryptsoft.com)
-+ * Copyright (C) 2013 Red Hat, Inc.
- * All rights reserved.
- *
- * This package is an SSL implementation written
-@@ -169,6 +170,280 @@ int RSA_generate_key_ex(RSA *rsa, int bi
- return rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
-
-+#ifdef OPENSSL_FIPS
-+static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-+ BN_GENCB *cb)
-+{
-+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
-+ BIGNUM local_r0, local_d, local_p;
-+ BIGNUM *pr0, *d, *p;
-+ BN_CTX *ctx = NULL;
-+ int ok = -1;
-+ int i;
-+ int n = 0;
-+ int test = 0;
-+ int pbits = bits / 2;
-+ unsigned long error = 0;
-+
-+ if (FIPS_selftest_failed()) {
-+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if ((pbits & 0xFF)
-+ || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048
-+ && bits != 3072)) {
-+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+
-+ ctx = BN_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+ BN_CTX_start(ctx);
-+ r0 = BN_CTX_get(ctx);
-+ r1 = BN_CTX_get(ctx);
-+ r2 = BN_CTX_get(ctx);
-+ r3 = BN_CTX_get(ctx);
-+
-+ if (r3 == NULL)
-+ goto err;
-+
-+ /* We need the RSA components non-NULL */
-+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
-+ goto err;
-+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
-+ goto err;
-+
-+ if (!BN_set_word(r0, RSA_F4))
-+ goto err;
-+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) {
-+ ok = 0; /* we set our own err */
-+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE);
-+ goto err;
-+ }
-+
-+ /* prepare approximate minimum p and q */
-+ if (!BN_set_word(r0, 0xB504F334))
-+ goto err;
-+ if (!BN_lshift(r0, r0, pbits - 32))
-+ goto err;
-+
-+ /* prepare minimum p and q difference */
-+ if (!BN_one(r3))
-+ goto err;
-+ if (!BN_lshift(r3, r3, pbits - 100))
-+ goto err;
-+
-+ BN_copy(rsa->e, e_value);
-+
-+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
-+ test = 1;
-+
-+ BN_set_flags(r2, BN_FLG_CONSTTIME);
-+
-+ retry:
-+ /* generate p and q */
-+ for (i = 0; i < 5 * pbits; i++) {
-+ ploop:
-+ if (!test)
-+ if (!BN_rand(rsa->p, pbits, 0, 1))
-+ goto err;
-+ if (BN_cmp(rsa->p, r0) < 0) {
-+ if (test)
-+ goto err;
-+ goto ploop;
-+ }
-+
-+ if (!BN_sub(r2, rsa->p, BN_value_one()))
-+ goto err;
-+ ERR_set_mark();
-+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-+ /* GCD == 1 since inverse exists */
-+ int r;
-+ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
-+ cb);
-+ if (r == -1 || (test && r <= 0))
-+ goto err;
-+ if (r > 0)
-+ break;
-+ } else {
-+ error = ERR_peek_last_error();
-+ if (ERR_GET_LIB(error) == ERR_LIB_BN
-+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-+ /* GCD != 1 */
-+ ERR_pop_to_mark();
-+ } else {
-+ goto err;
-+ }
-+ }
-+
-+ if (!BN_GENCB_call(cb, 2, n++))
-+ goto err;
-+ }
-+
-+ if (!BN_GENCB_call(cb, 3, 0))
-+ goto err;
-+
-+ if (i >= 5 * pbits)
-+ /* prime not found */
-+ goto err;
-+
-+ for (i = 0; i < 5 * pbits; i++) {
-+ qloop:
-+ if (!test)
-+ if (!BN_rand(rsa->q, pbits, 0, 1))
-+ goto err;
-+ if (BN_cmp(rsa->q, r0) < 0) {
-+ if (test)
-+ goto err;
-+ goto qloop;
-+ }
-+ if (!BN_sub(r2, rsa->q, rsa->p))
-+ goto err;
-+ if (BN_ucmp(r2, r3) <= 0) {
-+ if (test)
-+ goto err;
-+ goto qloop;
-+ }
-+
-+ if (!BN_sub(r2, rsa->q, BN_value_one()))
-+ goto err;
-+ ERR_set_mark();
-+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-+ /* GCD == 1 since inverse exists */
-+ int r;
-+ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
-+ cb);
-+ if (r == -1 || (test && r <= 0))
-+ goto err;
-+ if (r > 0)
-+ break;
-+ } else {
-+ error = ERR_peek_last_error();
-+ if (ERR_GET_LIB(error) == ERR_LIB_BN
-+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-+ /* GCD != 1 */
-+ ERR_pop_to_mark();
-+ } else {
-+ goto err;
-+ }
-+ }
-+
-+ if (!BN_GENCB_call(cb, 2, n++))
-+ goto err;
-+ }
-+
-+ if (!BN_GENCB_call(cb, 3, 1))
-+ goto err;
-+
-+ if (i >= 5 * pbits)
-+ /* prime not found */
-+ goto err;
-+
-+ if (test) {
-+ /* do not try to calculate the remaining key values */
-+ BN_clear(rsa->n);
-+ ok = 1;
-+ goto err;
-+ }
-+
-+ if (BN_cmp(rsa->p, rsa->q) < 0) {
-+ tmp = rsa->p;
-+ rsa->p = rsa->q;
-+ rsa->q = tmp;
-+ }
-+
-+ /* calculate n */
-+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
-+ goto err;
-+
-+ /* calculate d */
-+ if (!BN_sub(r1, rsa->p, BN_value_one()))
-+ goto err; /* p-1 */
-+ if (!BN_sub(r2, rsa->q, BN_value_one()))
-+ goto err; /* q-1 */
-+
-+ if (!BN_gcd(r0, r1, r2, ctx))
-+ goto err;
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-+ pr0 = &local_r0;
-+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-+ } else
-+ pr0 = r0;
-+ if (!BN_div(r0, NULL, r1, pr0, ctx))
-+ goto err;
-+ if (!BN_mul(r0, r0, r2, ctx))
-+ goto err; /* lcm(p-1, q-1) */
-+
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-+ pr0 = &local_r0;
-+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-+ } else
-+ pr0 = r0;
-+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
-+ goto err; /* d */
-+
-+ if (BN_num_bits(rsa->d) < pbits)
-+ goto retry; /* d is too small */
-+
-+ /* set up d for correct BN_FLG_CONSTTIME flag */
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-+ d = &local_d;
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-+ } else
-+ d = rsa->d;
-+
-+ /* calculate d mod (p-1) */
-+ if (!BN_mod(rsa->dmp1, d, r1, ctx))
-+ goto err;
-+
-+ /* calculate d mod (q-1) */
-+ if (!BN_mod(rsa->dmq1, d, r2, ctx))
-+ goto err;
-+
-+ /* calculate inverse of q mod p */
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-+ p = &local_p;
-+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-+ } else
-+ p = rsa->p;
-+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
-+ goto err;
-+
-+ if (fips_rsa_pairwise_fail)
-+ BN_add_word(rsa->n, 1);
-+
-+ if (!fips_check_rsa(rsa))
-+ goto err;
-+
-+ ok = 1;
-+ err:
-+ if (ok == -1) {
-+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
-+ ok = 0;
-+ }
-+ if (ctx != NULL) {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ }
-+
-+ return ok;
-+}
-+#endif
-+
- static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
- BN_GENCB *cb)
- {
-@@ -181,15 +456,11 @@ static int rsa_builtin_keygen(RSA *rsa,
-
- #ifdef OPENSSL_FIPS
- if (FIPS_module_mode()) {
-- if (FIPS_selftest_failed()) {
-- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-- return 0;
-- }
--
- if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT);
- return 0;
- }
-+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
- #endif
-
-@@ -337,16 +608,6 @@ static int rsa_builtin_keygen(RSA *rsa,
- if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
- goto err;
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_module_mode()) {
-- if (fips_rsa_pairwise_fail)
-- BN_add_word(rsa->n, 1);
--
-- if (!fips_check_rsa(rsa))
-- goto err;
-- }
--#endif
--
- ok = 1;
- err:
- if (ok == -1) {
-diff -up openssl-1.0.2o/ssl/t1_enc.c.fips-reqs openssl-1.0.2o/ssl/t1_enc.c
---- openssl-1.0.2o/ssl/t1_enc.c.fips-reqs 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/ssl/t1_enc.c 2018-04-05 16:25:06.616306082 +0200
-@@ -292,6 +292,23 @@ static int tls1_PRF(long digest_mask,
- return ret;
- }
-
-+int private_tls1_PRF(long digest_mask,
-+ const void *seed1, int seed1_len,
-+ const void *seed2, int seed2_len,
-+ const void *seed3, int seed3_len,
-+ const void *seed4, int seed4_len,
-+ const void *seed5, int seed5_len,
-+ const unsigned char *sec, int slen,
-+ unsigned char *out1, unsigned char *out2, int olen)
-+{
-+ return tls1_PRF(digest_mask,
-+ seed1, seed1_len,
-+ seed2, seed2_len,
-+ seed3, seed3_len,
-+ seed4, seed4_len,
-+ seed5, seed5_len, sec, slen, out1, out2, olen);
-+}
-+
- static int tls1_generate_key_block(SSL *s, unsigned char *km,
- unsigned char *tmp, int num)
- {
diff --git a/openssl-1.0.2o-system-cipherlist.patch
b/openssl-1.0.2o-system-cipherlist.patch
deleted file mode 100644
index ea893c8..0000000
--- a/openssl-1.0.2o-system-cipherlist.patch
+++ /dev/null
@@ -1,301 +0,0 @@
-diff -up openssl-1.0.2o/Configure.system openssl-1.0.2o/Configure
---- openssl-1.0.2o/Configure.system 2018-08-03 10:57:10.936666776 +0200
-+++ openssl-1.0.2o/Configure 2018-08-03 10:57:10.934666728 +0200
-@@ -11,7 +11,7 @@ use File::Compare;
-
- # see INSTALL for instructions.
-
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...]
[experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx]
[no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso]
[no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]]
[--test-sanity] os/compiler[:flags]\n";
-+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...]
[experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx]
[no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso]
[no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR]
[--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--test-sanity]
os/compiler[:flags]\n";
-
- # Options:
- #
-@@ -36,6 +36,9 @@ my $usage="Usage: Configure [no-<cipher>
- # --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
- # supported values are "MIT" and "Heimdal". A value is required.
- #
-+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
-+# cipher is specified (default).
-+#
- # --test-sanity Make a number of sanity checks on the data in this file.
- # This is a debugging tool for OpenSSL developers.
- #
-@@ -730,6 +733,7 @@ my $prefix="";
- my $libdir="";
- my $openssldir="";
- my $enginesdir="";
-+my $system_ciphers_file="";
- my $exe_ext="";
- my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
- my $cross_compile_prefix="";
-@@ -963,6 +967,10 @@ PROCESS_ARGS:
- {
- $enginesdir=$1;
- }
-+ elsif (/^--system-ciphers-file=(.*)$/)
-+ {
-+ $system_ciphers_file=$1;
-+ }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
-@@ -1120,6 +1128,7 @@ print "Configuring for $target\n";
-
- &usage if (!defined($table{$target}));
-
-+chop $system_ciphers_file if $system_ciphers_file =~ /\/$/;
-
- foreach (sort (keys %disabled))
- {
-@@ -1718,6 +1727,7 @@ while (<IN>)
- s/^MULTILIB=.*$/MULTILIB=$multilib/;
- s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
- s/^ENGINESDIR=.*$/ENGINESDIR=$enginesdir/;
-+ s/^SYSTEM_CIPHERS_FILE=.*$/SYSTEM_CIPHERS_FILE=$system_ciphers_file/;
- s/^LIBDIR=.*$/LIBDIR=$libdir/;
- s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
- s/^PLATFORM=.*$/PLATFORM=$target/;
-@@ -1938,6 +1948,14 @@ while (<IN>)
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
-+ elsif (/^#((define)|(undef))\s+SYSTEM_CIPHERS_FILE/)
-+ {
-+ my $foo = "$system_ciphers_file";
-+ if ($foo ne '') {
-+ $foo =~ s/\\/\\\\/g;
-+ print OUT "#define SYSTEM_CIPHERS_FILE \"$foo\"\n";
-+ }
-+ }
- elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
- { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
- if $export_var_as_fn;
-diff -up openssl-1.0.2o/crypto/opensslconf.h.in.system
openssl-1.0.2o/crypto/opensslconf.h.in
---- openssl-1.0.2o/crypto/opensslconf.h.in.system 2018-08-03 10:57:10.839664439 +0200
-+++ openssl-1.0.2o/crypto/opensslconf.h.in 2018-08-03 10:57:10.883665499 +0200
-@@ -25,6 +25,8 @@
- #endif
- #endif
-
-+#undef SYSTEM_CIPHERS_FILE
-+
- #undef OPENSSL_UNISTD
- #define OPENSSL_UNISTD <unistd.h>
-
-diff -up openssl-1.0.2o/ssl/ssl_ciph.c.system openssl-1.0.2o/ssl/ssl_ciph.c
---- openssl-1.0.2o/ssl/ssl_ciph.c.system 2018-08-03 10:57:10.843664535 +0200
-+++ openssl-1.0.2o/ssl/ssl_ciph.c 2018-08-03 11:29:43.617274708 +0200
-@@ -1467,6 +1467,66 @@ static int check_suiteb_cipher_list(cons
- }
- #endif
-
-+#ifdef SYSTEM_CIPHERS_FILE
-+static char *load_system_str(const char *suffix)
-+{
-+ FILE *fp;
-+ char buf[1024];
-+ char *new_rules;
-+ unsigned len, slen;
-+
-+ fp = fopen(SYSTEM_CIPHERS_FILE, "r");
-+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
-+ /* cannot open or file is empty */
-+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
-+ }
-+ else {
-+ /* we need to skip eventual @SECLEVEL set for OpenSSL-1.1 */
-+ char *seclevel, *eptr;
-+
-+ seclevel = strstr(buf, "@SECLEVEL=");
-+ if (seclevel != NULL) {
-+ eptr = strchr(seclevel, ':');
-+ if (eptr == NULL)
-+ *seclevel = '\0';
-+ else {
-+ len = strlen(eptr);
-+ /* move also the NUL terminator */
-+ memmove(seclevel, eptr + 1, len);
-+ }
-+ }
-+ }
-+
-+ if (fp)
-+ fclose(fp);
-+
-+ slen = strlen(suffix);
-+ len = strlen(buf);
-+
-+ if (buf[len - 1] == '\n') {
-+ len--;
-+ buf[len] = 0;
-+ }
-+ if (buf[len - 1] == '\r') {
-+ len--;
-+ buf[len] = 0;
-+ }
-+
-+ new_rules = OPENSSL_malloc(len + slen + 1);
-+ if (new_rules == 0)
-+ return NULL;
-+
-+ memcpy(new_rules, buf, len);
-+ if (slen > 0) {
-+ memcpy(&new_rules[len], suffix, slen);
-+ len += slen;
-+ }
-+ new_rules[len] = 0;
-+
-+ return new_rules;
-+}
-+#endif
-+
- STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER)
- **cipher_list, STACK_OF(SSL_CIPHER)
- **cipher_list_by_id,
-@@ -1475,19 +1535,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
- unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
- disabled_ssl;
-- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
-+ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list;
- const char *rule_p;
- CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- const SSL_CIPHER **ca_list = NULL;
-+#ifdef SYSTEM_CIPHERS_FILE
-+ char *new_rules = NULL;
-+
-+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) ==
0) {
-+ char *p = rule_str + 14;
-+
-+ new_rules = load_system_str(p);
-+ rule_str = new_rules;
-+ }
-+#endif
-
- /*
- * Return with error if nothing to do.
- */
- if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
-- return NULL;
-+ goto end;
- #ifndef OPENSSL_NO_EC
- if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
-- return NULL;
-+ goto end;
- #endif
-
- /*
-@@ -1511,7 +1581,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
- if (co_list == NULL) {
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-- return (NULL); /* Failure */
-+ goto end;
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1572,8 +1642,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- * in force within each class
- */
- if (!ssl_cipher_strength_sort(&head, &tail)) {
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto end;
- }
-
- /* Now disable everything (maintaining the ordering!) */
-@@ -1591,9 +1660,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
- if (ca_list == NULL) {
-- OPENSSL_free(co_list);
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-- return (NULL); /* Failure */
-+ goto end;
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- disabled_mkey, disabled_auth, disabled_enc,
-@@ -1619,8 +1687,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- OPENSSL_free((void *)ca_list); /* Not needed anymore */
-
- if (!ok) { /* Rule processing failure */
-- OPENSSL_free(co_list);
-- return (NULL);
-+ goto end;
- }
-
- /*
-@@ -1628,8 +1695,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- * if we cannot get one.
- */
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
-- OPENSSL_free(co_list);
-- return (NULL);
-+ goto end;
- }
-
- /*
-@@ -1650,12 +1716,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- #endif
- }
- }
-- OPENSSL_free(co_list); /* Not needed any longer */
-
- tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
- if (tmp_cipher_list == NULL) {
- sk_SSL_CIPHER_free(cipherstack);
-- return NULL;
-+ cipherstack = NULL;
-+ goto end;
- }
- if (*cipher_list != NULL)
- sk_SSL_CIPHER_free(*cipher_list);
-@@ -1667,6 +1733,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
- ssl_cipher_ptr_id_cmp);
-
- sk_SSL_CIPHER_sort(*cipher_list_by_id);
-+
-+ end:
-+ OPENSSL_free(co_list);
-+#ifdef SYSTEM_CIPHERS_FILE
-+ OPENSSL_free(new_rules);
-+#endif
- return (cipherstack);
- }
-
-diff -up openssl-1.0.2o/ssl/ssl.h.system openssl-1.0.2o/ssl/ssl.h
---- openssl-1.0.2o/ssl/ssl.h.system 2018-08-03 10:57:10.724661667 +0200
-+++ openssl-1.0.2o/ssl/ssl.h 2018-08-03 10:57:10.895665788 +0200
-@@ -345,6 +345,11 @@ extern "C" {
- * throwing out anonymous and unencrypted ciphersuites! (The latter are not
- * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
- */
-+# ifdef SYSTEM_CIPHERS_FILE
-+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
-+# else
-+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
-+# endif
-
- /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
- # define SSL_SENT_SHUTDOWN 1
-diff -up openssl-1.0.2o/ssl/ssl_lib.c.system openssl-1.0.2o/ssl/ssl_lib.c
---- openssl-1.0.2o/ssl/ssl_lib.c.system 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/ssl/ssl_lib.c 2018-08-03 10:57:10.887665596 +0200
-@@ -282,7 +282,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
- &(ctx->cipher_list_by_id),
- meth->version ==
- SSL2_VERSION ? "SSLv2" :
-- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
- SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
- SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-@@ -1968,7 +1968,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
- ssl_create_cipher_list(ret->method,
- &ret->cipher_list, &ret->cipher_list_by_id,
- meth->version ==
-- SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST,
-+ SSL2_VERSION ? "SSLv2" :
SSL_SYSTEM_DEFAULT_CIPHER_LIST,
- ret->cert);
- if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
{
- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
diff --git a/openssl-1.0.2o-test-use-localhost.patch
b/openssl-1.0.2o-test-use-localhost.patch
deleted file mode 100644
index 997a0fa..0000000
--- a/openssl-1.0.2o-test-use-localhost.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up openssl-1.0.2o/ssl/ssltest.c.use-localhost openssl-1.0.2o/ssl/ssltest.c
---- openssl-1.0.2o/ssl/ssltest.c.use-localhost 2018-04-05 16:09:54.338118770 +0200
-+++ openssl-1.0.2o/ssl/ssltest.c 2018-04-05 16:11:36.201476198 +0200
-@@ -1859,16 +1859,7 @@ int main(int argc, char *argv[])
-
- #ifndef OPENSSL_NO_KRB5
- if (c_ssl && c_ssl->kssl_ctx) {
-- char localhost[MAXHOSTNAMELEN + 2];
--
-- if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
-- localhost[sizeof(localhost) - 1] = '\0';
-- if (strlen(localhost) == sizeof(localhost) - 1) {
-- BIO_printf(bio_err, "localhost name too long\n");
-- goto end;
-- }
-- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
-- }
-+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost");
- }
- #endif /* OPENSSL_NO_KRB5 */
-
diff --git a/openssl-1.0.2o-wrap-pad.patch b/openssl-1.0.2o-wrap-pad.patch
deleted file mode 100644
index 60b3962..0000000
--- a/openssl-1.0.2o-wrap-pad.patch
+++ /dev/null
@@ -1,534 +0,0 @@
-diff -up openssl-1.0.2o/crypto/evp/c_allc.c.wrap openssl-1.0.2o/crypto/evp/c_allc.c
---- openssl-1.0.2o/crypto/evp/c_allc.c.wrap 2018-04-05 17:58:38.328213250 +0200
-+++ openssl-1.0.2o/crypto/evp/c_allc.c 2018-04-05 17:58:38.407215094 +0200
-@@ -179,6 +179,7 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher(EVP_aes_128_xts());
- EVP_add_cipher(EVP_aes_128_ccm());
- EVP_add_cipher(EVP_aes_128_wrap());
-+ EVP_add_cipher(EVP_aes_128_wrap_pad());
- EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
- EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
- EVP_add_cipher(EVP_aes_192_ecb());
-@@ -191,6 +192,7 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher(EVP_aes_192_gcm());
- EVP_add_cipher(EVP_aes_192_ccm());
- EVP_add_cipher(EVP_aes_192_wrap());
-+ EVP_add_cipher(EVP_aes_192_wrap_pad());
- EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
- EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
- EVP_add_cipher(EVP_aes_256_ecb());
-@@ -204,6 +206,7 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher(EVP_aes_256_xts());
- EVP_add_cipher(EVP_aes_256_ccm());
- EVP_add_cipher(EVP_aes_256_wrap());
-+ EVP_add_cipher(EVP_aes_256_wrap_pad());
- EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
- EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
- # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-@@ -258,6 +261,7 @@ void OpenSSL_add_all_ciphers(void)
-
- EVP_add_cipher(EVP_des_ede());
- EVP_add_cipher(EVP_des_ede3());
-+ EVP_add_cipher(EVP_des_ede3_wrap());
- # endif
-
- # ifndef OPENSSL_NO_AES
-@@ -272,6 +276,7 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher(EVP_aes_128_xts());
- EVP_add_cipher(EVP_aes_128_ccm());
- EVP_add_cipher(EVP_aes_128_wrap());
-+ EVP_add_cipher(EVP_aes_128_wrap_pad());
- EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
- EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
- EVP_add_cipher(EVP_aes_192_ecb());
-@@ -284,6 +289,7 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher(EVP_aes_192_gcm());
- EVP_add_cipher(EVP_aes_192_ccm());
- EVP_add_cipher(EVP_aes_192_wrap());
-+ EVP_add_cipher(EVP_aes_192_wrap_pad());
- EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
- EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
- EVP_add_cipher(EVP_aes_256_ecb());
-@@ -297,6 +303,7 @@ void OpenSSL_add_all_ciphers(void)
- EVP_add_cipher(EVP_aes_256_xts());
- EVP_add_cipher(EVP_aes_256_ccm());
- EVP_add_cipher(EVP_aes_256_wrap());
-+ EVP_add_cipher(EVP_aes_256_wrap_pad());
- EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
- EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
- # endif
-diff -up openssl-1.0.2o/crypto/evp/e_aes.c.wrap openssl-1.0.2o/crypto/evp/e_aes.c
---- openssl-1.0.2o/crypto/evp/e_aes.c.wrap 2018-04-05 17:58:38.379214440 +0200
-+++ openssl-1.0.2o/crypto/evp/e_aes.c 2018-04-05 17:58:38.408215117 +0200
-@@ -1969,7 +1969,7 @@ static int aes_wrap_init_key(EVP_CIPHER_
- wctx->iv = NULL;
- }
- if (iv) {
-- memcpy(ctx->iv, iv, 8);
-+ memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
- wctx->iv = ctx->iv;
- }
- return 1;
-@@ -1980,30 +1980,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
- {
- EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
- size_t rv;
-+ /* AES wrap with padding has IV length of 4, without padding 8 */
-+ int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
-+ /* No final operation so always return zero length */
- if (!in)
- return 0;
-- if (inlen % 8)
-+ /* Input length must always be non-zero */
-+ if (!inlen)
- return -1;
-- if (ctx->encrypt && inlen < 8)
-+ /* If decrypting need at least 16 bytes and multiple of 8 */
-+ if (!ctx->encrypt && (inlen < 16 || inlen & 0x7))
- return -1;
-- if (!ctx->encrypt && inlen < 16)
-+ /* If not padding input must be multiple of 8 */
-+ if (!pad && inlen & 0x7)
- return -1;
- if (!out) {
-- if (ctx->encrypt)
-+ if (ctx->encrypt) {
-+ /* If padding round up to multiple of 8 */
-+ if (pad)
-+ inlen = (inlen + 7) / 8 * 8;
-+ /* 8 byte prefix */
- return inlen + 8;
-- else
-+ } else {
-+ /* If not padding output will be exactly 8 bytes
-+ * smaller than input. If padding it will be at
-+ * least 8 bytes smaller but we don't know how
-+ * much.
-+ */
- return inlen - 8;
- }
-+ }
-+ if (pad) {
- if (ctx->encrypt)
-- rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
-+ rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
-+ out, in, inlen,
- (block128_f) AES_encrypt);
- else
-- rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
-+ rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
-+ out, in, inlen,
- (block128_f) AES_decrypt);
-+ } else {
-+ if (ctx->encrypt)
-+ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
-+ out, in, inlen, (block128_f) AES_encrypt);
-+ else
-+ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
-+ out, in, inlen, (block128_f) AES_decrypt);
-+ }
- return rv ? (int)rv : -1;
- }
-
--#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \
-+# define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \
- | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
- | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-
-@@ -2048,3 +2075,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
- {
- return &aes_256_wrap;
- }
-+
-+static const EVP_CIPHER aes_128_wrap_pad = {
-+ NID_id_aes128_wrap_pad,
-+ 8, 16, 4, WRAP_FLAGS,
-+ aes_wrap_init_key, aes_wrap_cipher,
-+ NULL,
-+ sizeof(EVP_AES_WRAP_CTX),
-+ NULL, NULL, NULL, NULL
-+};
-+
-+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
-+{
-+ return &aes_128_wrap_pad;
-+}
-+
-+static const EVP_CIPHER aes_192_wrap_pad = {
-+ NID_id_aes192_wrap_pad,
-+ 8, 24, 4, WRAP_FLAGS,
-+ aes_wrap_init_key, aes_wrap_cipher,
-+ NULL,
-+ sizeof(EVP_AES_WRAP_CTX),
-+ NULL, NULL, NULL, NULL
-+};
-+
-+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
-+{
-+ return &aes_192_wrap_pad;
-+}
-+
-+static const EVP_CIPHER aes_256_wrap_pad = {
-+ NID_id_aes256_wrap_pad,
-+ 8, 32, 4, WRAP_FLAGS,
-+ aes_wrap_init_key, aes_wrap_cipher,
-+ NULL,
-+ sizeof(EVP_AES_WRAP_CTX),
-+ NULL, NULL, NULL, NULL
-+};
-+
-+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
-+{
-+ return &aes_256_wrap_pad;
-+}
-diff -up openssl-1.0.2o/crypto/evp/e_des3.c.wrap openssl-1.0.2o/crypto/evp/e_des3.c
---- openssl-1.0.2o/crypto/evp/e_des3.c.wrap 2018-04-05 17:58:38.329213274 +0200
-+++ openssl-1.0.2o/crypto/evp/e_des3.c 2018-04-05 17:58:38.408215117 +0200
-@@ -477,7 +477,7 @@ static const EVP_CIPHER des3_wrap = {
- NID_id_smime_alg_CMS3DESwrap,
- 8, 24, 0,
- EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
-- | EVP_CIPH_FLAG_DEFAULT_ASN1,
-+ | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_FIPS,
- des_ede3_init_key, des_ede3_wrap_cipher,
- NULL,
- sizeof(DES_EDE_KEY),
-diff -up openssl-1.0.2o/crypto/evp/evp.h.wrap openssl-1.0.2o/crypto/evp/evp.h
---- openssl-1.0.2o/crypto/evp/evp.h.wrap 2018-04-05 17:58:38.330213297 +0200
-+++ openssl-1.0.2o/crypto/evp/evp.h 2018-04-05 17:58:38.408215117 +0200
-@@ -841,6 +841,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void);
- const EVP_CIPHER *EVP_aes_128_gcm(void);
- const EVP_CIPHER *EVP_aes_128_xts(void);
- const EVP_CIPHER *EVP_aes_128_wrap(void);
-+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
- const EVP_CIPHER *EVP_aes_192_ecb(void);
- const EVP_CIPHER *EVP_aes_192_cbc(void);
- const EVP_CIPHER *EVP_aes_192_cfb1(void);
-@@ -852,6 +853,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void);
- const EVP_CIPHER *EVP_aes_192_ccm(void);
- const EVP_CIPHER *EVP_aes_192_gcm(void);
- const EVP_CIPHER *EVP_aes_192_wrap(void);
-+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
- const EVP_CIPHER *EVP_aes_256_ecb(void);
- const EVP_CIPHER *EVP_aes_256_cbc(void);
- const EVP_CIPHER *EVP_aes_256_cfb1(void);
-@@ -864,6 +866,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void);
- const EVP_CIPHER *EVP_aes_256_gcm(void);
- const EVP_CIPHER *EVP_aes_256_xts(void);
- const EVP_CIPHER *EVP_aes_256_wrap(void);
-+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
- # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
- const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
- const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
-diff -up openssl-1.0.2o/crypto/evp/evptests.txt.wrap
openssl-1.0.2o/crypto/evp/evptests.txt
---- openssl-1.0.2o/crypto/evp/evptests.txt.wrap 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/evp/evptests.txt 2018-04-05 17:58:38.409215140 +0200
-@@ -399,3 +399,7 @@ id-aes256-wrap:000102030405060708090A0B0
-
id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
-
id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
-
id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
-+# AES wrap tests from RFC5649
-+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
-+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f
-+
-diff -up openssl-1.0.2o/crypto/modes/modes.h.wrap openssl-1.0.2o/crypto/modes/modes.h
---- openssl-1.0.2o/crypto/modes/modes.h.wrap 2018-04-05 17:58:37.643197269 +0200
-+++ openssl-1.0.2o/crypto/modes/modes.h 2018-04-05 17:58:38.409215140 +0200
-@@ -157,6 +157,12 @@ size_t CRYPTO_128_unwrap(void *key, cons
- unsigned char *out,
- const unsigned char *in, size_t inlen,
- block128_f block);
-+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
-+ unsigned char *out, const unsigned char *in,
-+ size_t inlen, block128_f block);
-+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
-+ unsigned char *out, const unsigned char *in,
-+ size_t inlen, block128_f block);
-
- #ifdef __cplusplus
- }
-diff -up openssl-1.0.2o/crypto/modes/wrap128.c.wrap
openssl-1.0.2o/crypto/modes/wrap128.c
---- openssl-1.0.2o/crypto/modes/wrap128.c.wrap 2018-03-27 15:54:46.000000000 +0200
-+++ openssl-1.0.2o/crypto/modes/wrap128.c 2018-04-05 17:58:38.409215140 +0200
-@@ -2,6 +2,7 @@
- /*
- * Written by Dr Stephen N Henson (steve(a)openssl.org) for the OpenSSL
- * project.
-+ * Mode with padding contributed by Petr Spacek (pspacek(a)redhat.com).
- */
- /* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
-@@ -52,19 +53,44 @@
- * ====================================================================
- */
-
-+/** Beware!
-+ *
-+ * Following wrapping modes were designed for AES but this implementation
-+ * allows you to use them for any 128 bit block cipher.
-+ */
-+
- #include "cryptlib.h"
- #include <openssl/modes.h>
-
-+/** RFC 3394 section 2.2.3.1 Default Initial Value */
- static const unsigned char default_iv[] = {
- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
- };
-
--/*
-- * Input size limit: lower than maximum of standards but far larger than
-+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
-+static const unsigned char default_aiv[] = {
-+ 0xA6, 0x59, 0x59, 0xA6
-+};
-+
-+/** Input size limit: lower than maximum of standards but far larger than
- * anything that will be used in practice.
- */
- #define CRYPTO128_WRAP_MAX (1UL << 31)
-
-+/** Wrapping according to RFC 3394 section 2.2.1.
-+ *
-+ * @param[in] key Key value.
-+ * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv.
-+ * @param[in] in Plain text as n 64-bit blocks, n >= 2.
-+ * @param[in] inlen Length of in.
-+ * @param[out] out Cipher text. Minimal buffer length = (inlen + 8) bytes.
-+ * Input and output buffers can overlap if block function
-+ * supports that.
-+ * @param[in] block Block processing function.
-+ * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2.
-+ * or if inlen > CRYPTO128_WRAP_MAX.
-+ * Output length if wrapping succeeded.
-+ */
- size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
- unsigned char *out,
- const unsigned char *in, size_t inlen,
-@@ -72,7 +98,7 @@ size_t CRYPTO_128_wrap(void *key, const
- {
- unsigned char *A, B[16], *R;
- size_t i, j, t;
-- if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX))
-+ if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
- return 0;
- A = B;
- t = 1;
-@@ -100,7 +126,23 @@ size_t CRYPTO_128_wrap(void *key, const
- return inlen + 8;
- }
-
--size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
-+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
-+ * IV check (step 3) is responsibility of the caller.
-+ *
-+ * @param[in] key Key value.
-+ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes.
-+ * @param[out] out Plain text without IV.
-+ * Minimal buffer length = (inlen - 8) bytes.
-+ * Input and output buffers can overlap if block function
-+ * supports that.
-+ * @param[in] in Ciphertext text as n 64-bit blocks
-+ * @param[in] inlen Length of in.
-+ * @param[in] block Block processing function.
-+ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
-+ * or if inlen is not multiply of 8.
-+ * Output length otherwise.
-+ */
-+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
- unsigned char *out,
- const unsigned char *in, size_t inlen,
- block128_f block)
-@@ -128,11 +170,190 @@ size_t CRYPTO_128_unwrap(void *key, cons
- memcpy(R, B + 8, 8);
- }
- }
-+ memcpy(iv, A, 8);
-+ return inlen;
-+}
-+
-+/** Unwrapping according to RFC 3394 section 2.2.2 including IV check.
-+ * First block of plain text have to match supplied IV otherwise an error is
-+ * returned.
-+ *
-+ * @param[in] key Key value.
-+ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes.
-+ * @param[out] out Plain text without IV.
-+ * Minimal buffer length = (inlen - 8) bytes.
-+ * Input and output buffers can overlap if block function
-+ * supports that.
-+ * @param[in] in Ciphertext text as n 64-bit blocks
-+ * @param[in] inlen Length of in.
-+ * @param[in] block Block processing function.
-+ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
-+ * or if inlen is not multiply of 8
-+ * or if IV doesn't match expected value.
-+ * Output length otherwise.
-+ */
-+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
-+ unsigned char *out, const unsigned char *in,
-+ size_t inlen, block128_f block)
-+{
-+ size_t ret;
-+ unsigned char got_iv[8];
-+
-+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
-+ if (ret == 0)
-+ return 0;
-+
- if (!iv)
- iv = default_iv;
-- if (memcmp(A, iv, 8)) {
-+ if (CRYPTO_memcmp(got_iv, iv, 8)) {
-+ OPENSSL_cleanse(out, ret);
-+ return 0;
-+ }
-+ return ret;
-+}
-+
-+/** Wrapping according to RFC 5649 section 4.1.
-+ *
-+ * @param[in] key Key value.
-+ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
-+ * @param[out] out Cipher text. Minimal buffer length = (inlen + 15) bytes.
-+ * Input and output buffers can overlap if block function
-+ * supports that.
-+ * @param[in] in Plain text as n 64-bit blocks, n >= 2.
-+ * @param[in] inlen Length of in.
-+ * @param[in] block Block processing function.
-+ * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
-+ * Output length if wrapping succeeded.
-+ */
-+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
-+ unsigned char *out,
-+ const unsigned char *in, size_t inlen,
-+ block128_f block)
-+{
-+ /* n: number of 64-bit blocks in the padded key data */
-+ const size_t blocks_padded = (inlen + 7) / 8;
-+ const size_t padded_len = blocks_padded * 8;
-+ const size_t padding_len = padded_len - inlen;
-+ /* RFC 5649 section 3: Alternative Initial Value */
-+ unsigned char aiv[8];
-+ int ret;
-+
-+ /* Section 1: use 32-bit fixed field for plaintext octet length */
-+ if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)
-+ return 0;
-+
-+ /* Section 3: Alternative Initial Value */
-+ if (!icv)
-+ memcpy(aiv, default_aiv, 4);
-+ else
-+ memcpy(aiv, icv, 4); /* Standard doesn't mention this. */
-+
-+ aiv[4] = (inlen >> 24) & 0xFF;
-+ aiv[5] = (inlen >> 16) & 0xFF;
-+ aiv[6] = (inlen >> 8) & 0xFF;
-+ aiv[7] = inlen & 0xFF;
-+
-+ if (padded_len == 8) {
-+ /* Section 4.1 - special case in step 2:
-+ * If the padded plaintext contains exactly eight octets, then
-+ * prepend the AIV and encrypt the resulting 128-bit block
-+ * using AES in ECB mode. */
-+ memmove(out + 8, in, inlen);
-+ memcpy(out, aiv, 8);
-+ memset(out + 8 + inlen, 0, padding_len);
-+ block(out, out, key);
-+ ret = 16; /* AIV + padded input */
-+ } else {
-+ memmove(out, in, inlen);
-+ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
-+ ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block);
-+ }
-+
-+ return ret;
-+}
-+
-+/** Unwrapping according to RFC 5649 section 4.2.
-+ *
-+ * @param[in] key Key value.
-+ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
-+ * @param[out] out Plain text. Minimal buffer length = inlen bytes.
-+ * Input and output buffers can overlap if block function
-+ * supports that.
-+ * @param[in] in Ciphertext text as n 64-bit blocks
-+ * @param[in] inlen Length of in.
-+ * @param[in] block Block processing function.
-+ * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
-+ * or if inlen is not multiply of 8
-+ * or if IV and message length indicator doesn't match.
-+ * Output length if unwrapping succeeded and IV matches.
-+ */
-+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
-+ unsigned char *out,
-+ const unsigned char *in, size_t inlen,
-+ block128_f block)
-+{
-+ /* n: number of 64-bit blocks in the padded key data */
-+ size_t n = inlen / 8 - 1;
-+ size_t padded_len;
-+ size_t padding_len;
-+ size_t ptext_len;
-+ /* RFC 5649 section 3: Alternative Initial Value */
-+ unsigned char aiv[8];
-+ static unsigned char zeros[8] = { 0x0 };
-+ size_t ret;
-+
-+ /* Section 4.2: Cipher text length has to be (n+1) 64-bit blocks. */
-+ if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
-+ return 0;
-+
-+ memmove(out, in, inlen);
-+ if (inlen == 16) {
-+ /* Section 4.2 - special case in step 1:
-+ * When n=1, the ciphertext contains exactly two 64-bit
-+ * blocks and they are decrypted as a single AES
-+ * block using AES in ECB mode:
-+ * AIV | P[1] = DEC(K, C[0] | C[1])
-+ */
-+ block(out, out, key);
-+ memcpy(aiv, out, 8);
-+ /* Remove AIV */
-+ memmove(out, out + 8, 8);
-+ padded_len = 8;
-+ } else {
-+ padded_len = inlen - 8;
-+ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
-+ if (padded_len != ret) {
- OPENSSL_cleanse(out, inlen);
- return 0;
- }
-- return inlen;
-+ }
-+
-+ /* Section 3: AIV checks: Check that MSB(32,A) = A65959A6.
-+ * Optionally a user-supplied value can be used
-+ * (even if standard doesn't mention this). */
-+ if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4))
-+ || (icv && CRYPTO_memcmp(aiv, icv, 4))) {
-+ OPENSSL_cleanse(out, inlen);
-+ return 0;
-+ }
-+
-+ /* Check that 8*(n-1) < LSB(32,AIV) <= 8*n.
-+ * If so, let ptext_len = LSB(32,AIV). */
-+
-+ ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) |
aiv[7];
-+ if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
-+ OPENSSL_cleanse(out, inlen);
-+ return 0;
-+ }
-+
-+ /* Check that the rightmost padding_len octets of the output data
-+ * are zero. */
-+ padding_len = padded_len - ptext_len;
-+ if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) {
-+ OPENSSL_cleanse(out, inlen);
-+ return 0;
-+ }
-+
-+ /* Section 4.2 step 3: Remove padding */
-+ return ptext_len;
- }
diff --git a/openssl-symver.patch b/openssl-symver.patch
deleted file mode 100644
index c6934c3..0000000
--- a/openssl-symver.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-diff --git a/crypto/cversion.c b/crypto/cversion.c
-index eb49021..005772d 100644
---- a/crypto/cversion.c
-+++ b/crypto/cversion.c
-@@ -62,6 +62,7 @@
- # include "buildinf.h"
- #endif
-
-+__attribute__ ((symver ("SSLeay_version@(a)OPENSSL_1.0.2")))
- const char *_current_SSLeay_version(int t)
- {
- if (t == SSLEAY_VERSION)
-@@ -101,6 +102,7 @@ const char *_current_SSLeay_version(int t)
- return ("not available");
- }
-
-+__attribute__ ((symver ("SSLeay_version@")))
- const char *_original_SSLeay_version(int t)
- {
- if (t == SSLEAY_VERSION)
-@@ -109,6 +111,7 @@ const char *_original_SSLeay_version(int t)
- return _current_SSLeay_version(t);
- }
-
-+__attribute__ ((symver ("SSLeay_version(a)OPENSSL_1.0.1")))
- const char *_original101_SSLeay_version(int t)
- {
- if (t == SSLEAY_VERSION)
-@@ -117,24 +120,21 @@ const char *_original101_SSLeay_version(int t)
- return _current_SSLeay_version(t);
- }
-
-+__attribute__ ((symver ("SSLeay@")))
- unsigned long _original_SSLeay(void)
- {
- return (0x10000003L);
- }
-
-+__attribute__ ((symver ("SSLeay(a)OPENSSL_1.0.1")))
- unsigned long _original101_SSLeay(void)
- {
- return (0x1000105fL);
- }
-
-+__attribute__ ((symver ("SSLeay@(a)OPENSSL_1.0.2")))
- unsigned long _current_SSLeay(void)
- {
- return (SSLEAY_VERSION_NUMBER);
- }
-
--__asm__(".symver _original_SSLeay,SSLeay@");
--__asm__(".symver _original_SSLeay_version,SSLeay_version@");
--__asm__(".symver _original101_SSLeay,SSLeay(a)OPENSSL_1.0.1");
--__asm__(".symver _original101_SSLeay_version,SSLeay_version(a)OPENSSL_1.0.1");
--__asm__(".symver _current_SSLeay,SSLeay@(a)OPENSSL_1.0.2");
--__asm__(".symver _current_SSLeay_version,SSLeay_version@(a)OPENSSL_1.0.2");
diff --git a/openssl-thread-test.c b/openssl-thread-test.c
deleted file mode 100644
index 3b90285..0000000
--- a/openssl-thread-test.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/* Test program to verify that RSA signing is thread-safe in OpenSSL. */
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <pthread.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/md5.h>
-#include <openssl/ssl.h>
-
-/* Just assume we want to do engine stuff if we're using 0.9.6b or
- * higher. This assumption is only valid for versions bundled with RHL. */
-#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
-#include <openssl/engine.h>
-#define USE_ENGINE
-#endif
-
-#define MAX_THREAD_COUNT 10000
-#define ITERATION_COUNT 10
-#define MAIN_COUNT 100
-
-/* OpenSSL requires us to provide thread ID and locking primitives. */
-pthread_mutex_t *mutex_locks = NULL;
-static unsigned long
-thread_id_cb(void)
-{
- return (unsigned long) pthread_self();
-}
-static void
-lock_cb(int mode, int n, const char *file, int line)
-{
- if (mode & CRYPTO_LOCK) {
- pthread_mutex_lock(&mutex_locks[n]);
- } else {
- pthread_mutex_unlock(&mutex_locks[n]);
- }
-}
-
-struct thread_args {
- RSA *rsa;
- int digest_type;
- unsigned char *digest;
- unsigned int digest_len;
- unsigned char *signature;
- unsigned int signature_len;
- pthread_t main_thread;
-};
-
-static int print = 0;
-
-pthread_mutex_t sign_lock = PTHREAD_MUTEX_INITIALIZER;
-static int locked_sign = 0;
-static void SIGN_LOCK() {if (locked_sign) pthread_mutex_lock(&sign_lock);}
-static void SIGN_UNLOCK() {if (locked_sign) pthread_mutex_unlock(&sign_lock);}
-
-pthread_mutex_t verify_lock = PTHREAD_MUTEX_INITIALIZER;
-static int locked_verify = 0;
-static void VERIFY_LOCK() {if (locked_verify) pthread_mutex_lock(&verify_lock);}
-static void VERIFY_UNLOCK() {if (locked_verify) pthread_mutex_unlock(&verify_lock);}
-
-pthread_mutex_t failure_count_lock = PTHREAD_MUTEX_INITIALIZER;
-long failure_count = 0;
-static void
-failure()
-{
- pthread_mutex_lock(&failure_count_lock);
- failure_count++;
- pthread_mutex_unlock(&failure_count_lock);
-}
-
-static void *
-thread_main(void *argp)
-{
- struct thread_args *args = argp;
- unsigned char *signature;
- unsigned int signature_len, signature_alloc_len;
- int ret, i;
-
- signature_alloc_len = args->signature_len;
- if (RSA_size(args->rsa) > signature_alloc_len) {
- signature_alloc_len = RSA_size(args->rsa);
- }
- signature = malloc(signature_alloc_len);
- if (signature == NULL) {
- fprintf(stderr, "Skipping checks in thread %lu -- %s.\n",
- (unsigned long) pthread_self(), strerror(errno));
- pthread_exit(0);
- return NULL;
- }
- for (i = 0; i < ITERATION_COUNT; i++) {
- signature_len = signature_alloc_len;
- SIGN_LOCK();
- ret = RSA_check_key(args->rsa);
- ERR_print_errors_fp(stdout);
- if (ret != 1) {
- failure();
- break;
- }
- ret = RSA_sign(args->digest_type,
- args->digest,
- args->digest_len,
- signature, &signature_len,
- args->rsa);
- SIGN_UNLOCK();
- ERR_print_errors_fp(stdout);
- if (ret != 1) {
- failure();
- break;
- }
-
- VERIFY_LOCK();
- ret = RSA_verify(args->digest_type,
- args->digest,
- args->digest_len,
- signature, signature_len,
- args->rsa);
- VERIFY_UNLOCK();
- if (ret != 1) {
- fprintf(stderr,
- "Signature from thread %lu(%d) fails "
- "verification (passed in thread #%lu)!\n",
- (long) pthread_self(), i,
- (long) args->main_thread);
- ERR_print_errors_fp(stdout);
- failure();
- continue;
- }
- if (print) {
- fprintf(stderr, ">%d\n", i);
- }
- }
- free(signature);
-
- pthread_exit(0);
-
- return NULL;
-}
-
-unsigned char *
-xmemdup(unsigned char *s, size_t len)
-{
- unsigned char *r;
- r = malloc(len);
- if (r == NULL) {
- fprintf(stderr, "Out of memory.\n");
- ERR_print_errors_fp(stdout);
- assert(r != NULL);
- }
- memcpy(r, s, len);
- return r;
-}
-
-int
-main(int argc, char **argv)
-{
- RSA *rsa;
- MD5_CTX md5;
- int fd, i;
- pthread_t threads[MAX_THREAD_COUNT];
- int thread_count = 1000;
- unsigned char *message, *digest;
- unsigned int message_len, digest_len;
- unsigned char *correct_signature;
- unsigned int correct_siglen, ret;
- struct thread_args master_args, *args;
- int sync = 0, seed = 0;
- int again = 1;
-#ifdef USE_ENGINE
- char *engine = NULL;
- ENGINE *e = NULL;
-#endif
-
- pthread_mutex_init(&failure_count_lock, NULL);
-
- for (i = 1; i < argc; i++) {
- if (strcmp(argv[i], "--seed") == 0) {
- printf("Seeding PRNG.\n");
- seed++;
- } else
- if (strcmp(argv[i], "--sync") == 0) {
- printf("Running synchronized.\n");
- sync++;
- } else
- if ((strcmp(argv[i], "--threads") == 0) && (i < argc - 1)) {
- i++;
- thread_count = atol(argv[i]);
- if (thread_count > MAX_THREAD_COUNT) {
- thread_count = MAX_THREAD_COUNT;
- }
- printf("Starting %d threads.\n", thread_count);
- sync++;
- } else
- if (strcmp(argv[i], "--sign") == 0) {
- printf("Locking signing.\n");
- locked_sign++;
- } else
- if (strcmp(argv[i], "--verify") == 0) {
- printf("Locking verifies.\n");
- locked_verify++;
- } else
- if (strcmp(argv[i], "--print") == 0) {
- printf("Tracing.\n");
- print++;
-#ifdef USE_ENGINE
- } else
- if ((strcmp(argv[i], "--engine") == 0) && (i < argc - 1)) {
- printf("Using engine \"%s\".\n", argv[i + 1]);
- engine = argv[i + 1];
- i++;
-#endif
- } else {
- printf("Bad argument: %s\n", argv[i]);
- return 1;
- }
- }
-
- /* Get some random data to sign. */
- fd = open("/dev/urandom", O_RDONLY);
- if (fd == -1) {
- fprintf(stderr, "Error opening /dev/urandom: %s\n",
- strerror(errno));
- }
-
- if (print) {
- fprintf(stderr, "Reading random data.\n");
- }
- message = malloc(message_len = 9371);
- read(fd, message, message_len);
- close(fd);
-
- /* Initialize the SSL library and set up thread-safe locking. */
- ERR_load_crypto_strings();
- SSL_library_init();
- mutex_locks = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
- for (i = 0; i < CRYPTO_num_locks(); i++) {
- pthread_mutex_init(&mutex_locks[i], NULL);
- }
- CRYPTO_set_id_callback(thread_id_cb);
- CRYPTO_set_locking_callback(lock_cb);
- ERR_print_errors_fp(stdout);
-
- /* Seed the PRNG if we were asked to do so. */
- if (seed) {
- if (print) {
- fprintf(stderr, "Seeding PRNG.\n");
- }
- RAND_add(message, message_len, message_len);
- ERR_print_errors_fp(stdout);
- }
-
- /* Turn on a hardware crypto device if asked to do so. */
-#ifdef USE_ENGINE
- if (engine) {
-#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
- ENGINE_load_builtin_engines();
-#endif
- if (print) {
- fprintf(stderr, "Initializing \"%s\" engine.\n",
- engine);
- }
- e = ENGINE_by_id(engine);
- ERR_print_errors_fp(stdout);
- if (e) {
- i = ENGINE_init(e);
- ERR_print_errors_fp(stdout);
- i = ENGINE_set_default_RSA(e);
- ERR_print_errors_fp(stdout);
- }
- }
-#endif
-
- /* Compute the digest for the signature. */
- if (print) {
- fprintf(stderr, "Computing digest.\n");
- }
- digest = malloc(digest_len = MD5_DIGEST_LENGTH);
- MD5_Init(&md5);
- MD5_Update(&md5, message, message_len);
- MD5_Final(digest, &md5);
-
- /* Generate a signing key. */
- if (print) {
- fprintf(stderr, "Generating key.\n");
- }
- rsa = RSA_generate_key(4096, 3, NULL, NULL);
- ERR_print_errors_fp(stdout);
- if (rsa == NULL) {
- _exit(1);
- }
-
- /* Sign the data. */
- correct_siglen = RSA_size(rsa);
- correct_signature = malloc(correct_siglen);
- for (i = 0; i < MAIN_COUNT; i++) {
- if (print) {
- fprintf(stderr, "Signing data (%d).\n", i);
- }
- ret = RSA_check_key(rsa);
- ERR_print_errors_fp(stdout);
- if (ret != 1) {
- failure();
- }
- correct_siglen = RSA_size(rsa);
- ret = RSA_sign(NID_md5, digest, digest_len,
- correct_signature, &correct_siglen,
- rsa);
- ERR_print_errors_fp(stdout);
- if (ret != 1) {
- _exit(2);
- }
- if (print) {
- fprintf(stderr, "Verifying data (%d).\n", i);
- }
- ret = RSA_verify(NID_md5, digest, digest_len,
- correct_signature, correct_siglen,
- rsa);
- if (ret != 1) {
- _exit(2);
- }
- }
-
- /* Collect up the inforamtion which other threads will need for
- * comparing their signature results with ours. */
- master_args.rsa = rsa;
- master_args.digest_type = NID_md5;
- master_args.digest = digest;
- master_args.digest_len = digest_len;
- master_args.signature = correct_signature;
- master_args.signature_len = correct_siglen;
- master_args.main_thread = pthread_self();
-
- fprintf(stdout, "Performing %d signatures in each of %d threads "
- "(%d, %d).\n", ITERATION_COUNT, thread_count,
- digest_len, correct_siglen);
- fflush(NULL);
-
- /* Start up all of the threads. */
- for (i = 0; i < thread_count; i++) {
- args = malloc(sizeof(struct thread_args));
- args->rsa = RSAPrivateKey_dup(master_args.rsa);
- args->digest_type = master_args.digest_type;
- args->digest_len = master_args.digest_len;
- args->digest = xmemdup(master_args.digest, args->digest_len);
- args->signature_len = master_args.signature_len;
- args->signature = xmemdup(master_args.signature,
- args->signature_len);
- args->main_thread = pthread_self();
- ret = pthread_create(&threads[i], NULL, thread_main, args);
- while ((ret != 0) && (errno == EAGAIN)) {
- ret = pthread_create(&threads[i], NULL,
- thread_main, &args);
- fprintf(stderr, "Thread limit hit at %d.\n", i);
- }
- if (ret != 0) {
- fprintf(stderr, "Unable to create thread %d: %s.\n",
- i, strerror(errno));
- threads[i] = -1;
- } else {
- if (sync) {
- ret = pthread_join(threads[i], NULL);
- assert(ret == 0);
- }
- if (print) {
- fprintf(stderr, "%d\n", i);
- }
- }
- }
-
- /* Wait for all threads to complete. So long as we can find an
- * unjoined thread, keep joining threads. */
- do {
- again = 0;
- for (i = 0; i < thread_count; i++) {
- /* If we have an unterminated thread, join it. */
- if (threads[i] != -1) {
- again = 1;
- if (print) {
- fprintf(stderr, "Joining thread %d.\n",
- i);
- }
- pthread_join(threads[i], NULL);
- threads[i] = -1;
- break;
- }
- }
- } while (again == 1);
-
- fprintf(stderr, "%ld failures\n", failure_count);
-
- return (failure_count != 0);
-}
diff --git a/opensslconf-new-warning.h b/opensslconf-new-warning.h
deleted file mode 100644
index de091c8..0000000
--- a/opensslconf-new-warning.h
+++ /dev/null
@@ -1,7 +0,0 @@
-/* Prepended at openssl package build-time. Don't include this file directly,
- * use <openssl/opensslconf.h> instead. */
-
-#ifndef openssl_opensslconf_multilib_redirection_h
-#error "Don't include this file directly, use <openssl/opensslconf.h>
instead!"
-#endif
-
diff --git a/opensslconf-new.h b/opensslconf-new.h
deleted file mode 100644
index 04363c3..0000000
--- a/opensslconf-new.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* This file is here to prevent a file conflict on multiarch systems. A
- * conflict will frequently occur because arch-specific build-time
- * configuration options are stored (and used, so they can't just be stripped
- * out) in opensslconf.h. The original opensslconf.h has been renamed.
- * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
-
-#ifdef openssl_opensslconf_multilib_redirection_h
-#error "Do not define openssl_opensslconf_multilib_redirection_h!"
-#endif
-#define openssl_opensslconf_multilib_redirection_h
-
-#if defined(__i386__)
-#include "opensslconf-i386.h"
-#elif defined(__ia64__)
-#include "opensslconf-ia64.h"
-#elif defined(__mips64) && defined(__MIPSEL__)
-#include "opensslconf-mips64el.h"
-#elif defined(__mips64)
-#include "opensslconf-mips64.h"
-#elif defined(__mips) && defined(__MIPSEL__)
-#include "opensslconf-mipsel.h"
-#elif defined(__mips)
-#include "opensslconf-mips.h"
-#elif defined(__powerpc64__)
-#include <endian.h>
-#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-#include "opensslconf-ppc64.h"
-#else
-#include "opensslconf-ppc64le.h"
-#endif
-#elif defined(__powerpc__)
-#include "opensslconf-ppc.h"
-#elif defined(__s390x__)
-#include "opensslconf-s390x.h"
-#elif defined(__s390__)
-#include "opensslconf-s390.h"
-#elif defined(__sparc__) && defined(__arch64__)
-#include "opensslconf-sparc64.h"
-#elif defined(__sparc__)
-#include "opensslconf-sparc.h"
-#elif defined(__x86_64__)
-#include "opensslconf-x86_64.h"
-#else
-#error "This openssl-devel package does not work your architecture?"
-#endif
-
-#undef openssl_opensslconf_multilib_redirection_h
diff --git a/renew-dummy-cert b/renew-dummy-cert
deleted file mode 100755
index 50f9931..0000000
--- a/renew-dummy-cert
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-if [ $# -eq 0 ]; then
- echo $"Usage: `basename $0` filename" 1>&2
- exit 1
-fi
-
-PEM=$1
-REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
-KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
-CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
-NEW=${PEM}_
-
-trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
-
-if [ ! -f $PEM ]; then
- echo "$PEM: file not found" 1>&2
- exit 1
-fi
-
-let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
-let SERIAL++
-
-umask 077
-
-OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
-
-openssl rsa -inform pem -in $PEM -out $KEY
-openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
-openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \
- -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
-
-(cat $KEY ; echo "" ; cat $CRT) > $NEW
-
-chown $OWNER $NEW
-
-mv -f $NEW $PEM
-
-rm -f $REQ $KEY $CRT
-
-exit 0
-
diff --git a/sources b/sources
deleted file mode 100644
index 9a179e8..0000000
--- a/sources
+++ /dev/null
@@ -1 +0,0 @@
-SHA512 (openssl-1.0.2o-hobbled.tar.xz) =
e0c2da98288c5546a4821598784c3cfbb11120c667e815d00ab6143e13cd45037d5f6e4ee8b076ae690ac8eabc8bf68d37c57d386158df3a6b9e2e851713c423