[mingw-openssl: 17/32] - Updated to openssl 1.0.0a - Synced patches with Fedora native openssl-1.0.0a-1
Kalev Lember
kalev at fedoraproject.org
Tue Mar 6 20:07:40 UTC 2012
commit 205ba0063b05d6a609dcc7dcb961c143c0730d64
Author: Kalev Lember <kalev at fedoraproject.org>
Date: Sat Jun 19 19:33:41 2010 +0000
- Updated to openssl 1.0.0a
- Synced patches with Fedora native openssl-1.0.0a-1
.cvsignore | 2 +-
mingw32-openssl.spec | 55 +-
openssl-1.0.0-beta4-aesni.patch | 2388 ++++++++++++++++++++
openssl-1.0.0-beta4-backports.patch | 45 -
openssl-1.0.0-beta4-binutils.patch | 56 -
openssl-1.0.0-beta4-client-reneg.patch | 35 -
openssl-1.0.0-beta4-dtls-ipv6.patch | 219 --
openssl-1.0.0-beta4-reneg-err.patch | 93 -
openssl-1.0.0-beta4-reneg.patch | 237 --
openssl-1.0.0-beta4-version.patch | 14 -
...atch => openssl-1.0.0-beta5-cipher-change.patch | 14 +-
...r.patch => openssl-1.0.0-beta5-enginesdir.patch | 24 +-
...ps.patch => openssl-1.0.0-beta5-ipv6-apps.patch | 99 +-
...tch => openssl-1.0.0-beta5-readme-warning.patch | 22 +-
openssl-1.0.0-name-hash.patch | 22 +
openssl-1.0.0-timezone.patch | 21 +
...0-beta4-fips.patch => openssl-1.0.0a-fips.patch | 1009 +++++----
...fipsmode.patch => openssl-1.0.0a-fipsmode.patch | 49 +-
openssl-1.0.0a-version.patch | 13 +
sources | 2 +-
20 files changed, 3124 insertions(+), 1295 deletions(-)
---
diff --git a/.cvsignore b/.cvsignore
index 3819647..f4623d7 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-openssl-1.0.0-beta4-usa.tar.bz2
+openssl-1.0.0a-usa.tar.bz2
diff --git a/mingw32-openssl.spec b/mingw32-openssl.spec
index a956103..79cc7af 100644
--- a/mingw32-openssl.spec
+++ b/mingw32-openssl.spec
@@ -18,8 +18,6 @@
# 1.0.0 soversion = 10
%global soversion 10
-%global beta beta4
-
# Enable the tests.
# These only work some of the time, but fail randomly at other times
# (although I have had them complete a few times, so I don't think
@@ -30,16 +28,17 @@
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
Name: mingw32-openssl
-Version: 1.0.0
-Release: 0.6.%{beta}%{?dist}
+Version: 1.0.0a
+Release: 1%{?dist}
Summary: MinGW port of the OpenSSL toolkit
License: OpenSSL
Group: Development/Libraries
URL: http://www.openssl.org/
-# Use the hobble-openssl script to create the source file.
-Source0: openssl-%{version}-%{beta}-usa.tar.bz2
+# We remove certain patented algorithms from the openssl source tarball
+# with the hobble-openssl script which is included below.
+Source0: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -53,37 +52,33 @@ Source10: opensslconf-new-warning.h
Patch0: openssl-1.0.0-beta4-redhat.patch
Patch1: openssl-1.0.0-beta3-defaults.patch
Patch3: openssl-1.0.0-beta3-soversion.patch
-Patch4: openssl-1.0.0-beta4-enginesdir.patch
+Patch4: openssl-1.0.0-beta5-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch
+Patch7: openssl-1.0.0-timezone.patch
# Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch
-Patch24: openssl-1.0.0-beta4-binutils.patch
+Patch24: openssl-0.9.8j-bad-mime.patch
# Functionality changes
Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
-Patch38: openssl-1.0.0-beta3-cipher-change.patch
+Patch38: openssl-1.0.0-beta5-cipher-change.patch
# Disabled this because it uses getaddrinfo which is lacking on Windows.
-#Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
-Patch40: openssl-1.0.0-beta4-fips.patch
+#Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
+Patch40: openssl-1.0.0a-fips.patch
Patch41: openssl-1.0.0-beta3-fipscheck.patch
-Patch43: openssl-1.0.0-beta3-fipsmode.patch
+Patch43: openssl-1.0.0a-fipsmode.patch
Patch44: openssl-1.0.0-beta3-fipsrng.patch
Patch45: openssl-0.9.8j-env-nozlib.patch
-Patch47: openssl-0.9.8j-readme-warning.patch
-Patch48: openssl-0.9.8j-bad-mime.patch
+Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
-Patch51: openssl-1.0.0-beta4-version.patch
+Patch51: openssl-1.0.0a-version.patch
+Patch52: openssl-1.0.0-beta4-aesni.patch
+Patch53: openssl-1.0.0-name-hash.patch
# Backported fixes including security fixes
-Patch60: openssl-1.0.0-beta4-reneg.patch
-# This one is not backported but has to be applied after reneg patch
-Patch61: openssl-1.0.0-beta4-client-reneg.patch
-Patch62: openssl-1.0.0-beta4-backports.patch
-Patch63: openssl-1.0.0-beta4-reneg-err.patch
-Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch
# MinGW-specific patches.
# Use MINGW32_CFLAGS (set below) in Configure script
@@ -154,7 +149,7 @@ Static version of the MinGW port of the OpenSSL toolkit.
%prep
-%setup -q -n openssl-%{version}-%{beta}
+%setup -q -n openssl-%{version}
%{SOURCE1} > /dev/null
%patch0 -p1 -b .redhat
@@ -163,9 +158,10 @@ Static version of the MinGW port of the OpenSSL toolkit.
%patch4 -p1 -b .enginesdir
%patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost
+%patch7 -p1 -b .timezone
%patch23 -p1 -b .default-paths
-%patch24 -p1 -b .binutils
+%patch24 -p1 -b .bad-mime
%patch32 -p1 -b .ia64
#patch33 is applied after make test
@@ -179,16 +175,11 @@ Static version of the MinGW port of the OpenSSL toolkit.
%patch44 -p1 -b .fipsrng
%patch45 -p1 -b .env-nozlib
%patch47 -p1 -b .warning
-%patch48 -p1 -b .bad-mime
%patch49 -p1 -b .algo-doc
%patch50 -p1 -b .dtls1-abi
%patch51 -p1 -b .version
-
-%patch60 -p1 -b .reneg
-%patch61 -p1 -b .client-reneg
-%patch62 -p1 -b .backports
-%patch63 -p1 -b .reneg-err
-%patch64 -p1 -b .dtls-ipv6
+%patch52 -p1 -b .aesni
+%patch53 -p1 -b .name-hash
%patch100 -p1 -b .mingw-configure
%patch101 -p1 -b .mingw-libversion
@@ -352,6 +343,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Sat Jun 19 2010 Kalev Lember <kalev at smartlink.ee> - 1.0.0a-1
+- Updated to openssl 1.0.0a
+- Synced patches with Fedora native openssl-1.0.0a-1
+
* Thu Nov 26 2009 Kalev Lember <kalev at smartlink.ee> - 1.0.0-0.6.beta4
- Merged patches from native Fedora openssl (up to 1.0.0-0.16.beta4)
- Dropped the patch to fix non-fips mingw build,
diff --git a/openssl-1.0.0-beta4-aesni.patch b/openssl-1.0.0-beta4-aesni.patch
new file mode 100644
index 0000000..f57918b
--- /dev/null
+++ b/openssl-1.0.0-beta4-aesni.patch
@@ -0,0 +1,2388 @@
+diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
+--- openssl-1.0.0-beta4/Configure.aesni 2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/Configure 2010-01-12 22:18:06.000000000 +0100
+@@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
+ my $bits1="THIRTY_TWO_BIT ";
+ my $bits2="SIXTY_FOUR_BIT ";
+
+-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
++my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
+
+ my $x86_elf_asm="$x86_asm:elf";
+
+-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
+ my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void";
+ my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void";
+ my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
+@@ -491,7 +491,7 @@ my %table=(
+ #
+ # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+ "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
++"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+ # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
+ # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
+ "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/)
+ if ($aes_obj =~ /\.o$/)
+ {
+ $cflags.=" -DAES_ASM";
++ $aes_obj =~ s/\s*aesni\-x86\.o// if ($no_sse2);
+ }
+ else {
+ $aes_obj=$aes_enc;
+diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl
+--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni 2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl 2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,765 @@
++#!/usr/bin/env perl
++
++# ====================================================================
++# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
++# project. The module is, however, dual licensed under OpenSSL and
++# CRYPTOGAMS licenses depending on where you obtain it. For further
++# details see http://www.openssl.org/~appro/cryptogams/.
++# ====================================================================
++#
++# This module implements support for Intel AES-NI extension. In
++# OpenSSL context it's used with Intel engine, but can also be used as
++# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
++# details].
++
++$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
++ # generates drop-in replacement for
++ # crypto/aes/asm/aes-586.pl:-)
++
++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
++push(@INC,"${dir}","${dir}../../perlasm");
++require "x86asm.pl";
++
++&asm_init($ARGV[0],$0);
++
++$movekey = eval($RREFIX eq "aseni" ? "*movaps" : "*movups");
++
++$len="eax";
++$rounds="ecx";
++$key="edx";
++$inp="esi";
++$out="edi";
++$rounds_="ebx"; # backup copy for $rounds
++$key_="ebp"; # backup copy for $key
++
++$inout0="xmm0";
++$inout1="xmm1";
++$inout2="xmm2";
++$rndkey0="xmm3";
++$rndkey1="xmm4";
++$ivec="xmm5";
++$in0="xmm6";
++$in1="xmm7"; $inout3="xmm7";
++
++# Inline version of internal aesni_[en|de]crypt1
++sub aesni_inline_generate1
++{ my $p=shift;
++
++ &$movekey ($rndkey0,&QWP(0,$key));
++ &$movekey ($rndkey1,&QWP(16,$key));
++ &lea ($key,&DWP(32,$key));
++ &pxor ($inout0,$rndkey0);
++ &set_label("${p}1_loop");
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &dec ($rounds);
++ &$movekey ($rndkey1,&QWP(0,$key));
++ &lea ($key,&DWP(16,$key));
++ &jnz (&label("${p}1_loop"));
++ eval"&aes${p}last ($inout0,$rndkey1)";
++}
++
++sub aesni_generate1 # fully unrolled loop
++{ my $p=shift;
++
++ &function_begin_B("_aesni_${p}rypt1");
++ &$movekey ($rndkey0,&QWP(0,$key));
++ &$movekey ($rndkey1,&QWP(0x10,$key));
++ &cmp ($rounds,11);
++ &pxor ($inout0,$rndkey0);
++ &$movekey ($rndkey0,&QWP(0x20,$key));
++ &lea ($key,&DWP(0x30,$key));
++ &jb (&label("${p}128"));
++ &lea ($key,&DWP(0x20,$key));
++ &je (&label("${p}192"));
++ &lea ($key,&DWP(0x20,$key));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(-0x40,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &$movekey ($rndkey0,&QWP(-0x30,$key));
++ &set_label("${p}192");
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(-0x20,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &$movekey ($rndkey0,&QWP(-0x10,$key));
++ &set_label("${p}128");
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(0,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &$movekey ($rndkey0,&QWP(0x10,$key));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(0x20,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &$movekey ($rndkey0,&QWP(0x30,$key));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(0x40,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &$movekey ($rndkey0,&QWP(0x50,$key));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(0x60,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &$movekey ($rndkey0,&QWP(0x70,$key));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ eval"&aes${p}last ($inout0,$rndkey0)";
++ &ret();
++ &function_end_B("_aesni_${p}rypt1");
++}
++
++# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
++# &aesni_generate1("dec");
++&function_begin_B("${PREFIX}_encrypt");
++ &mov ("eax",&wparam(0));
++ &mov ($key,&wparam(2));
++ &movups ($inout0,&QWP(0,"eax"));
++ &mov ($rounds,&DWP(240,$key));
++ &mov ("eax",&wparam(1));
++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1");
++ &movups (&QWP(0,"eax"),$inout0);
++ &ret ();
++&function_end_B("${PREFIX}_encrypt");
++
++# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
++# &aesni_generate1("dec");
++&function_begin_B("${PREFIX}_decrypt");
++ &mov ("eax",&wparam(0));
++ &mov ($key,&wparam(2));
++ &movups ($inout0,&QWP(0,"eax"));
++ &mov ($rounds,&DWP(240,$key));
++ &mov ("eax",&wparam(1));
++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt1");
++ &movups (&QWP(0,"eax"),$inout0);
++ &ret ();
++&function_end_B("${PREFIX}_decrypt");
++
++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave
++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec]
++# latency is 6, it turned out that it can be scheduled only every
++# *second* cycle. Thus 3x interleave is the one providing optimal
++# utilization, i.e. when subroutine's throughput is virtually same as
++# of non-interleaved subroutine [for number of input blocks up to 3].
++# This is why it makes no sense to implement 2x subroutine. As soon
++# as/if Intel improves throughput by making it possible to schedule
++# the instructions in question *every* cycles I would have to
++# implement 6x interleave and use it in loop...
++sub aesni_generate3
++{ my $p=shift;
++
++ &function_begin_B("_aesni_${p}rypt3");
++ &$movekey ($rndkey0,&QWP(0,$key));
++ &shr ($rounds,1);
++ &$movekey ($rndkey1,&QWP(16,$key));
++ &lea ($key,&DWP(32,$key));
++ &pxor ($inout0,$rndkey0);
++ &pxor ($inout1,$rndkey0);
++ &pxor ($inout2,$rndkey0);
++ &jmp (&label("${p}3_loop"));
++ &set_label("${p}3_loop",16);
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey0,&QWP(0,$key));
++ eval"&aes${p} ($inout1,$rndkey1)";
++ &dec ($rounds);
++ eval"&aes${p} ($inout2,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(16,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &lea ($key,&DWP(32,$key));
++ eval"&aes${p} ($inout1,$rndkey0)";
++ eval"&aes${p} ($inout2,$rndkey0)";
++ &jnz (&label("${p}3_loop"));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey0,&QWP(0,$key));
++ eval"&aes${p} ($inout1,$rndkey1)";
++ eval"&aes${p} ($inout2,$rndkey1)";
++ eval"&aes${p}last ($inout0,$rndkey0)";
++ eval"&aes${p}last ($inout1,$rndkey0)";
++ eval"&aes${p}last ($inout2,$rndkey0)";
++ &ret();
++ &function_end_B("_aesni_${p}rypt3");
++}
++
++# 4x interleave is implemented to improve small block performance,
++# most notably [and naturally] 4 block by ~30%. One can argue that one
++# should have implemented 5x as well, but improvement would be <20%,
++# so it's not worth it...
++sub aesni_generate4
++{ my $p=shift;
++
++ &function_begin_B("_aesni_${p}rypt4");
++ &$movekey ($rndkey0,&QWP(0,$key));
++ &$movekey ($rndkey1,&QWP(16,$key));
++ &shr ($rounds,1);
++ &lea ($key,&DWP(32,$key));
++ &pxor ($inout0,$rndkey0);
++ &pxor ($inout1,$rndkey0);
++ &pxor ($inout2,$rndkey0);
++ &pxor ($inout3,$rndkey0);
++ &jmp (&label("${p}3_loop"));
++ &set_label("${p}3_loop",16);
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey0,&QWP(0,$key));
++ eval"&aes${p} ($inout1,$rndkey1)";
++ &dec ($rounds);
++ eval"&aes${p} ($inout2,$rndkey1)";
++ eval"&aes${p} ($inout3,$rndkey1)";
++ &$movekey ($rndkey1,&QWP(16,$key));
++ eval"&aes${p} ($inout0,$rndkey0)";
++ &lea ($key,&DWP(32,$key));
++ eval"&aes${p} ($inout1,$rndkey0)";
++ eval"&aes${p} ($inout2,$rndkey0)";
++ eval"&aes${p} ($inout3,$rndkey0)";
++ &jnz (&label("${p}3_loop"));
++ eval"&aes${p} ($inout0,$rndkey1)";
++ &$movekey ($rndkey0,&QWP(0,$key));
++ eval"&aes${p} ($inout1,$rndkey1)";
++ eval"&aes${p} ($inout2,$rndkey1)";
++ eval"&aes${p} ($inout3,$rndkey1)";
++ eval"&aes${p}last ($inout0,$rndkey0)";
++ eval"&aes${p}last ($inout1,$rndkey0)";
++ eval"&aes${p}last ($inout2,$rndkey0)";
++ eval"&aes${p}last ($inout3,$rndkey0)";
++ &ret();
++ &function_end_B("_aesni_${p}rypt4");
++}
++&aesni_generate3("enc") if ($PREFIX eq "aesni");
++&aesni_generate3("dec");
++&aesni_generate4("enc") if ($PREFIX eq "aesni");
++&aesni_generate4("dec");
++
++if ($PREFIX eq "aesni") {
++# void aesni_ecb_encrypt (const void *in, void *out,
++# size_t length, const AES_KEY *key,
++# int enc);
++&function_begin("aesni_ecb_encrypt");
++ &mov ($inp,&wparam(0));
++ &mov ($out,&wparam(1));
++ &mov ($len,&wparam(2));
++ &mov ($key,&wparam(3));
++ &mov ($rounds,&wparam(4));
++ &cmp ($len,16);
++ &jb (&label("ecb_ret"));
++ &and ($len,-16);
++ &test ($rounds,$rounds)
++ &mov ($rounds,&DWP(240,$key));
++ &mov ($key_,$key); # backup $key
++ &mov ($rounds_,$rounds); # backup $rounds
++ &jz (&label("ecb_decrypt"));
++
++ &sub ($len,0x40);
++ &jbe (&label("ecb_enc_tail"));
++ &jmp (&label("ecb_enc_loop3"));
++
++&set_label("ecb_enc_loop3",16);
++ &movups ($inout0,&QWP(0,$inp));
++ &movups ($inout1,&QWP(0x10,$inp));
++ &movups ($inout2,&QWP(0x20,$inp));
++ &call ("_aesni_encrypt3");
++ &sub ($len,0x30);
++ &lea ($inp,&DWP(0x30,$inp));
++ &lea ($out,&DWP(0x30,$out));
++ &movups (&QWP(-0x30,$out),$inout0);
++ &mov ($key,$key_); # restore $key
++ &movups (&QWP(-0x20,$out),$inout1);
++ &mov ($rounds,$rounds_); # restore $rounds
++ &movups (&QWP(-0x10,$out),$inout2);
++ &ja (&label("ecb_enc_loop3"));
++
++&set_label("ecb_enc_tail");
++ &add ($len,0x40);
++ &jz (&label("ecb_ret"));
++
++ &cmp ($len,0x10);
++ &movups ($inout0,&QWP(0,$inp));
++ &je (&label("ecb_enc_one"));
++ &cmp ($len,0x20);
++ &movups ($inout1,&QWP(0x10,$inp));
++ &je (&label("ecb_enc_two"));
++ &cmp ($len,0x30);
++ &movups ($inout2,&QWP(0x20,$inp));
++ &je (&label("ecb_enc_three"));
++ &movups ($inout3,&QWP(0x30,$inp));
++ &call ("_aesni_encrypt4");
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &movups (&QWP(0x20,$out),$inout2);
++ &movups (&QWP(0x30,$out),$inout3);
++ jmp (&label("ecb_ret"));
++
++&set_label("ecb_enc_one",16);
++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1");
++ &movups (&QWP(0,$out),$inout0);
++ &jmp (&label("ecb_ret"));
++
++&set_label("ecb_enc_two",16);
++ &call ("_aesni_encrypt3");
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &jmp (&label("ecb_ret"));
++
++&set_label("ecb_enc_three",16);
++ &call ("_aesni_encrypt3");
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &movups (&QWP(0x20,$out),$inout2);
++ &jmp (&label("ecb_ret"));
++
++&set_label("ecb_decrypt",16);
++ &sub ($len,0x40);
++ &jbe (&label("ecb_dec_tail"));
++ &jmp (&label("ecb_dec_loop3"));
++
++&set_label("ecb_dec_loop3",16);
++ &movups ($inout0,&QWP(0,$inp));
++ &movups ($inout1,&QWP(0x10,$inp));
++ &movups ($inout2,&QWP(0x20,$inp));
++ &call ("_aesni_decrypt3");
++ &sub ($len,0x30);
++ &lea ($inp,&DWP(0x30,$inp));
++ &lea ($out,&DWP(0x30,$out));
++ &movups (&QWP(-0x30,$out),$inout0);
++ &mov ($key,$key_); # restore $key
++ &movups (&QWP(-0x20,$out),$inout1);
++ &mov ($rounds,$rounds_); # restore $rounds
++ &movups (&QWP(-0x10,$out),$inout2);
++ &ja (&label("ecb_dec_loop3"));
++
++&set_label("ecb_dec_tail");
++ &add ($len,0x40);
++ &jz (&label("ecb_ret"));
++
++ &cmp ($len,0x10);
++ &movups ($inout0,&QWP(0,$inp));
++ &je (&label("ecb_dec_one"));
++ &cmp ($len,0x20);
++ &movups ($inout1,&QWP(0x10,$inp));
++ &je (&label("ecb_dec_two"));
++ &cmp ($len,0x30);
++ &movups ($inout2,&QWP(0x20,$inp));
++ &je (&label("ecb_dec_three"));
++ &movups ($inout3,&QWP(0x30,$inp));
++ &call ("_aesni_decrypt4");
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &movups (&QWP(0x20,$out),$inout2);
++ &movups (&QWP(0x30,$out),$inout3);
++ &jmp (&label("ecb_ret"));
++
++&set_label("ecb_dec_one",16);
++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3");
++ &movups (&QWP(0,$out),$inout0);
++ &jmp (&label("ecb_ret"));
++
++&set_label("ecb_dec_two",16);
++ &call ("_aesni_decrypt3");
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &jmp (&label("ecb_ret"));
++
++&set_label("ecb_dec_three",16);
++ &call ("_aesni_decrypt3");
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &movups (&QWP(0x20,$out),$inout2);
++
++&set_label("ecb_ret");
++&function_end("aesni_ecb_encrypt");
++}
++
++# void $PREFIX_cbc_encrypt (const void *inp, void *out,
++# size_t length, const AES_KEY *key,
++# unsigned char *ivp,const int enc);
++&function_begin("${PREFIX}_cbc_encrypt");
++ &mov ($inp,&wparam(0));
++ &mov ($out,&wparam(1));
++ &mov ($len,&wparam(2));
++ &mov ($key,&wparam(3));
++ &test ($len,$len);
++ &mov ($key_,&wparam(4));
++ &jz (&label("cbc_ret"));
++
++ &cmp (&wparam(5),0);
++ &movups ($ivec,&QWP(0,$key_)); # load IV
++ &mov ($rounds,&DWP(240,$key));
++ &mov ($key_,$key); # backup $key
++ &mov ($rounds_,$rounds); # backup $rounds
++ &je (&label("cbc_decrypt"));
++
++ &movaps ($inout0,$ivec);
++ &cmp ($len,16);
++ &jb (&label("cbc_enc_tail"));
++ &sub ($len,16);
++ &jmp (&label("cbc_enc_loop"));
++
++&set_label("cbc_enc_loop",16);
++ &movups ($ivec,&QWP(0,$inp));
++ &lea ($inp,&DWP(16,$inp));
++ &pxor ($inout0,$ivec);
++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt3");
++ &sub ($len,16);
++ &lea ($out,&DWP(16,$out));
++ &mov ($rounds,$rounds_); # restore $rounds
++ &mov ($key,$key_); # restore $key
++ &movups (&QWP(-16,$out),$inout0);
++ &jnc (&label("cbc_enc_loop"));
++ &add ($len,16);
++ &jnz (&label("cbc_enc_tail"));
++ &movaps ($ivec,$inout0);
++ &jmp (&label("cbc_ret"));
++
++&set_label("cbc_enc_tail");
++ &mov ("ecx",$len); # zaps $rounds
++ &data_word(0xA4F3F689); # rep movsb
++ &mov ("ecx",16); # zero tail
++ &sub ("ecx",$len);
++ &xor ("eax","eax"); # zaps $len
++ &data_word(0xAAF3F689); # rep stosb
++ &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block
++ &mov ($rounds,$rounds_); # restore $rounds
++ &mov ($inp,$out); # $inp and $out are the same
++ &mov ($key,$key_); # restore $key
++ &jmp (&label("cbc_enc_loop"));
++
++&set_label("cbc_decrypt",16);
++ &sub ($len,0x40);
++ &jbe (&label("cbc_dec_tail"));
++ &jmp (&label("cbc_dec_loop3"));
++
++&set_label("cbc_dec_loop3",16);
++ &movups ($inout0,&QWP(0,$inp));
++ &movups ($inout1,&QWP(0x10,$inp));
++ &movups ($inout2,&QWP(0x20,$inp));
++ &movaps ($in0,$inout0);
++ &movaps ($in1,$inout1);
++ &call ("_aesni_decrypt3");
++ &sub ($len,0x30);
++ &lea ($inp,&DWP(0x30,$inp));
++ &lea ($out,&DWP(0x30,$out));
++ &pxor ($inout0,$ivec);
++ &pxor ($inout1,$in0);
++ &movups ($ivec,&QWP(-0x10,$inp));
++ &pxor ($inout2,$in1);
++ &movups (&QWP(-0x30,$out),$inout0);
++ &mov ($rounds,$rounds_) # restore $rounds
++ &movups (&QWP(-0x20,$out),$inout1);
++ &mov ($key,$key_); # restore $key
++ &movups (&QWP(-0x10,$out),$inout2);
++ &ja (&label("cbc_dec_loop3"));
++
++&set_label("cbc_dec_tail");
++ &add ($len,0x40);
++ &jz (&label("cbc_ret"));
++
++ &movups ($inout0,&QWP(0,$inp));
++ &cmp ($len,0x10);
++ &movaps ($in0,$inout0);
++ &jbe (&label("cbc_dec_one"));
++ &movups ($inout1,&QWP(0x10,$inp));
++ &cmp ($len,0x20);
++ &movaps ($in1,$inout1);
++ &jbe (&label("cbc_dec_two"));
++ &movups ($inout2,&QWP(0x20,$inp));
++ &cmp ($len,0x30);
++ &jbe (&label("cbc_dec_three"));
++ &movups ($inout3,&QWP(0x30,$inp));
++ &call ("_aesni_decrypt4");
++ &movups ($rndkey0,&QWP(0x10,$inp));
++ &movups ($rndkey1,&QWP(0x20,$inp));
++ &pxor ($inout0,$ivec);
++ &pxor ($inout1,$in0);
++ &movups ($ivec,&QWP(0x30,$inp));
++ &movups (&QWP(0,$out),$inout0);
++ &pxor ($inout2,$rndkey0);
++ &pxor ($inout3,$rndkey1);
++ &movups (&QWP(0x10,$out),$inout1);
++ &movups (&QWP(0x20,$out),$inout2);
++ &movaps ($inout0,$inout3);
++ &lea ($out,&DWP(0x30,$out));
++ &jmp (&label("cbc_dec_tail_collected"));
++
++&set_label("cbc_dec_one");
++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3");
++ &pxor ($inout0,$ivec);
++ &movaps ($ivec,$in0);
++ &jmp (&label("cbc_dec_tail_collected"));
++
++&set_label("cbc_dec_two");
++ &call ("_aesni_decrypt3");
++ &pxor ($inout0,$ivec);
++ &pxor ($inout1,$in0);
++ &movups (&QWP(0,$out),$inout0);
++ &movaps ($inout0,$inout1);
++ &movaps ($ivec,$in1);
++ &lea ($out,&DWP(0x10,$out));
++ &jmp (&label("cbc_dec_tail_collected"));
++
++&set_label("cbc_dec_three");
++ &call ("_aesni_decrypt3");
++ &pxor ($inout0,$ivec);
++ &pxor ($inout1,$in0);
++ &pxor ($inout2,$in1);
++ &movups (&QWP(0,$out),$inout0);
++ &movups (&QWP(0x10,$out),$inout1);
++ &movaps ($inout0,$inout2);
++ &movups ($ivec,&QWP(0x20,$inp));
++ &lea ($out,&DWP(0x20,$out));
++
++&set_label("cbc_dec_tail_collected");
++ &and ($len,15);
++ &jnz (&label("cbc_dec_tail_partial"));
++ &movups (&QWP(0,$out),$inout0);
++ &jmp (&label("cbc_ret"));
++
++&set_label("cbc_dec_tail_partial");
++ &mov ($key_,"esp");
++ &sub ("esp",16);
++ &and ("esp",-16);
++ &movaps (&QWP(0,"esp"),$inout0);
++ &mov ($inp,"esp");
++ &mov ("ecx",$len);
++ &data_word(0xA4F3F689); # rep movsb
++ &mov ("esp",$key_);
++
++&set_label("cbc_ret");
++ &mov ($key_,&wparam(4));
++ &movups (&QWP(0,$key_),$ivec); # output IV
++&function_end("${PREFIX}_cbc_encrypt");
++
++# Mechanical port from aesni-x86_64.pl.
++#
++# _aesni_set_encrypt_key is private interface,
++# input:
++# "eax" const unsigned char *userKey
++# $rounds int bits
++# $key AES_KEY *key
++# output:
++# "eax" return code
++# $round rounds
++
++&function_begin_B("_aesni_set_encrypt_key");
++ &test ("eax","eax");
++ &jz (&label("bad_pointer"));
++ &test ($key,$key);
++ &jz (&label("bad_pointer"));
++
++ &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey
++ &pxor ("xmm4","xmm4"); # low dword of xmm4 is assumed 0
++ &lea ($key,&DWP(16,$key));
++ &cmp ($rounds,256);
++ &je (&label("14rounds"));
++ &cmp ($rounds,192);
++ &je (&label("12rounds"));
++ &cmp ($rounds,128);
++ &jne (&label("bad_keybits"));
++
++&set_label("10rounds",16);
++ &mov ($rounds,9);
++ &$movekey (&QWP(-16,$key),"xmm0"); # round 0
++ &aeskeygenassist("xmm1","xmm0",0x01); # round 1
++ &call (&label("key_128_cold"));
++ &aeskeygenassist("xmm1","xmm0",0x2); # round 2
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x04); # round 3
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x08); # round 4
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x10); # round 5
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x20); # round 6
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x40); # round 7
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x80); # round 8
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x1b); # round 9
++ &call (&label("key_128"));
++ &aeskeygenassist("xmm1","xmm0",0x36); # round 10
++ &call (&label("key_128"));
++ &$movekey (&QWP(0,$key),"xmm0");
++ &mov (&DWP(80,$key),$rounds);
++ &xor ("eax","eax");
++ &ret();
++
++&set_label("key_128",16);
++ &$movekey (&QWP(0,$key),"xmm0");
++ &lea ($key,&DWP(16,$key));
++&set_label("key_128_cold");
++ &shufps ("xmm4","xmm0",0b00010000);
++ &pxor ("xmm0","xmm4");
++ &shufps ("xmm4","xmm0",0b10001100,);
++ &pxor ("xmm0","xmm4");
++ &pshufd ("xmm1","xmm1",0b11111111); # critical path
++ &pxor ("xmm0","xmm1");
++ &ret();
++
++&set_label("12rounds",16);
++ &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey
++ &mov ($rounds,11);
++ &$movekey (&QWP(-16,$key),"xmm0") # round 0
++ &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2
++ &call (&label("key_192a_cold"));
++ &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3
++ &call (&label("key_192b"));
++ &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5
++ &call (&label("key_192a"));
++ &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6
++ &call (&label("key_192b"));
++ &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8
++ &call (&label("key_192a"));
++ &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9
++ &call (&label("key_192b"));
++ &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11
++ &call (&label("key_192a"));
++ &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12
++ &call (&label("key_192b"));
++ &$movekey (&QWP(0,$key),"xmm0");
++ &mov (&DWP(48,$key),$rounds);
++ &xor ("eax","eax");
++ &ret();
++
++&set_label("key_192a",16);
++ &$movekey (&QWP(0,$key),"xmm0");
++ &lea ($key,&DWP(16,$key));
++&set_label("key_192a_cold",16);
++ &movaps ("xmm5","xmm2");
++&set_label("key_192b_warm");
++ &shufps ("xmm4","xmm0",0b00010000);
++ &movaps ("xmm3","xmm2");
++ &pxor ("xmm0","xmm4");
++ &shufps ("xmm4","xmm0",0b10001100);
++ &pslldq ("xmm3",4);
++ &pxor ("xmm0","xmm4");
++ &pshufd ("xmm1","xmm1",0b01010101); # critical path
++ &pxor ("xmm2","xmm3");
++ &pxor ("xmm0","xmm1");
++ &pshufd ("xmm3","xmm0",0b11111111);
++ &pxor ("xmm2","xmm3");
++ &ret();
++
++&set_label("key_192b",16);
++ &movaps ("xmm3","xmm0");
++ &shufps ("xmm5","xmm0",0b01000100);
++ &$movekey (&QWP(0,$key),"xmm5");
++ &shufps ("xmm3","xmm2",0b01001110);
++ &$movekey (&QWP(16,$key),"xmm3");
++ &lea ($key,&DWP(32,$key));
++ &jmp (&label("key_192b_warm"));
++
++&set_label("14rounds",16);
++ &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey
++ &mov ($rounds,13);
++ &lea ($key,&DWP(16,$key));
++ &$movekey (&QWP(-32,$key),"xmm0"); # round 0
++ &$movekey (&QWP(-16,$key),"xmm2"); # round 1
++ &aeskeygenassist("xmm1","xmm2",0x01); # round 2
++ &call (&label("key_256a_cold"));
++ &aeskeygenassist("xmm1","xmm0",0x01); # round 3
++ &call (&label("key_256b"));
++ &aeskeygenassist("xmm1","xmm2",0x02); # round 4
++ &call (&label("key_256a"));
++ &aeskeygenassist("xmm1","xmm0",0x02); # round 5
++ &call (&label("key_256b"));
++ &aeskeygenassist("xmm1","xmm2",0x04); # round 6
++ &call (&label("key_256a"));
++ &aeskeygenassist("xmm1","xmm0",0x04); # round 7
++ &call (&label("key_256b"));
++ &aeskeygenassist("xmm1","xmm2",0x08); # round 8
++ &call (&label("key_256a"));
++ &aeskeygenassist("xmm1","xmm0",0x08); # round 9
++ &call (&label("key_256b"));
++ &aeskeygenassist("xmm1","xmm2",0x10); # round 10
++ &call (&label("key_256a"));
++ &aeskeygenassist("xmm1","xmm0",0x10); # round 11
++ &call (&label("key_256b"));
++ &aeskeygenassist("xmm1","xmm2",0x20); # round 12
++ &call (&label("key_256a"));
++ &aeskeygenassist("xmm1","xmm0",0x20); # round 13
++ &call (&label("key_256b"));
++ &aeskeygenassist("xmm1","xmm2",0x40); # round 14
++ &call (&label("key_256a"));
++ &$movekey (&QWP(0,$key),"xmm0");
++ &mov (&DWP(16,$key),$rounds);
++ &xor ("eax","eax");
++ &ret();
++
++&set_label("key_256a",16);
++ &$movekey (&QWP(0,$key),"xmm2");
++ &lea ($key,&DWP(16,$key));
++&set_label("key_256a_cold");
++ &shufps ("xmm4","xmm0",0b00010000);
++ &pxor ("xmm0","xmm4");
++ &shufps ("xmm4","xmm0",0b10001100);
++ &pxor ("xmm0","xmm4");
++ &pshufd ("xmm1","xmm1",0b11111111); # critical path
++ &pxor ("xmm0","xmm1");
++ &ret();
++
++&set_label("key_256b",16);
++ &$movekey (&QWP(0,$key),"xmm0");
++ &lea ($key,&DWP(16,$key));
++
++ &shufps ("xmm4","xmm2",0b00010000);
++ &pxor ("xmm2","xmm4");
++ &shufps ("xmm4","xmm2",0b10001100);
++ &pxor ("xmm2","xmm4");
++ &pshufd ("xmm1","xmm1",0b10101010); # critical path
++ &pxor ("xmm2","xmm1");
++ &ret();
++
++&set_label("bad_pointer",4);
++ &mov ("eax",-1);
++ &ret ();
++&set_label("bad_keybits",4);
++ &mov ("eax",-2);
++ &ret ();
++&function_end_B("_aesni_set_encrypt_key");
++
++# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
++# AES_KEY *key)
++&function_begin_B("${PREFIX}_set_encrypt_key");
++ &mov ("eax",&wparam(0));
++ &mov ($rounds,&wparam(1));
++ &mov ($key,&wparam(2));
++ &call ("_aesni_set_encrypt_key");
++ &ret ();
++&function_end_B("${PREFIX}_set_encrypt_key");
++
++# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
++# AES_KEY *key)
++&function_begin_B("${PREFIX}_set_decrypt_key");
++ &mov ("eax",&wparam(0));
++ &mov ($rounds,&wparam(1));
++ &mov ($key,&wparam(2));
++ &call ("_aesni_set_encrypt_key");
++ &mov ($key,&wparam(2));
++ &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key
++ &test ("eax","eax");
++ &jnz (&label("dec_key_ret"));
++ &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule
++
++ &$movekey ("xmm0",&QWP(0,$key)); # just swap
++ &$movekey ("xmm1",&QWP(0,"eax"));
++ &$movekey (&QWP(0,"eax"),"xmm0");
++ &$movekey (&QWP(0,$key),"xmm1");
++ &lea ($key,&DWP(16,$key));
++ &lea ("eax",&DWP(-16,"eax"));
++
++&set_label("dec_key_inverse");
++ &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse
++ &$movekey ("xmm1",&QWP(0,"eax"));
++ &aesimc ("xmm0","xmm0");
++ &aesimc ("xmm1","xmm1");
++ &lea ($key,&DWP(16,$key));
++ &lea ("eax",&DWP(-16,"eax"));
++ &cmp ("eax",$key);
++ &$movekey (&QWP(16,"eax"),"xmm0");
++ &$movekey (&QWP(-16,$key),"xmm1");
++ &ja (&label("dec_key_inverse"));
++
++ &$movekey ("xmm0",&QWP(0,$key)); # inverse middle
++ &aesimc ("xmm0","xmm0");
++ &$movekey (&QWP(0,$key),"xmm0");
++
++ &xor ("eax","eax"); # return success
++&set_label("dec_key_ret");
++ &ret ();
++&function_end_B("${PREFIX}_set_decrypt_key");
++&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
++
++&asm_finish();
+diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl
+--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni 2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl 2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,991 @@
++#!/usr/bin/env perl
++#
++# ====================================================================
++# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
++# project. The module is, however, dual licensed under OpenSSL and
++# CRYPTOGAMS licenses depending on where you obtain it. For further
++# details see http://www.openssl.org/~appro/cryptogams/.
++# ====================================================================
++#
++# This module implements support for Intel AES-NI extension. In
++# OpenSSL context it's used with Intel engine, but can also be used as
++# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
++# details].
++
++$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
++ # generates drop-in replacement for
++ # crypto/aes/asm/aes-x86_64.pl:-)
++
++$flavour = shift;
++$output = shift;
++if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
++
++$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
++
++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
++( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
++( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
++die "can't locate x86_64-xlate.pl";
++
++open STDOUT,"| $^X $xlate $flavour $output";
++
++$movkey = $PREFIX eq "aesni" ? "movaps" : "movups";
++ at _4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order
++ ("%rdi","%rsi","%rdx","%rcx"); # Unix order
++
++$code=".text\n";
++
++$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!!
++# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
++$inp="%rdi";
++$out="%rsi";
++$len="%rdx";
++$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!!
++$ivp="%r8"; # cbc
++
++$rnds_="%r10d"; # backup copy for $rounds
++$key_="%r11"; # backup copy for $key
++
++# %xmm register layout
++$inout0="%xmm0"; $inout1="%xmm1";
++$inout2="%xmm2"; $inout3="%xmm3";
++$rndkey0="%xmm4"; $rndkey1="%xmm5";
++
++$iv="%xmm6"; $in0="%xmm7"; # used in CBC decrypt
++$in1="%xmm8"; $in2="%xmm9";
++
++# Inline version of internal aesni_[en|de]crypt1.
++#
++# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
++# cycles which take care of loop variables...
++{ my $sn;
++sub aesni_generate1 {
++my ($p,$key,$rounds)=@_;
++++$sn;
++$code.=<<___;
++ $movkey ($key),$rndkey0
++ $movkey 16($key),$rndkey1
++ lea 32($key),$key
++ pxor $rndkey0,$inout0
++.Loop_${p}1_$sn:
++ aes${p} $rndkey1,$inout0
++ dec $rounds
++ $movkey ($key),$rndkey1
++ lea 16($key),$key
++ jnz .Loop_${p}1_$sn # loop body is 16 bytes
++ aes${p}last $rndkey1,$inout0
++___
++}}
++# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
++#
++{ my ($inp,$out,$key) = @_4args;
++
++$code.=<<___;
++.globl ${PREFIX}_encrypt
++.type ${PREFIX}_encrypt,\@abi-omnipotent
++.align 16
++${PREFIX}_encrypt:
++ movups ($inp),$inout0 # load input
++ mov 240($key),$rounds # pull $rounds
++___
++ &aesni_generate1("enc",$key,$rounds);
++$code.=<<___;
++ movups $inout0,($out) # output
++ ret
++.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt
++
++.globl ${PREFIX}_decrypt
++.type ${PREFIX}_decrypt,\@abi-omnipotent
++.align 16
++${PREFIX}_decrypt:
++ movups ($inp),$inout0 # load input
++ mov 240($key),$rounds # pull $rounds
++___
++ &aesni_generate1("dec",$key,$rounds);
++$code.=<<___;
++ movups $inout0,($out) # output
++ ret
++.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt
++___
++}
++
++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave
++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec]
++# latency is 6, it turned out that it can be scheduled only every
++# *second* cycle. Thus 3x interleave is the one providing optimal
++# utilization, i.e. when subroutine's throughput is virtually same as
++# of non-interleaved subroutine [for number of input blocks up to 3].
++# This is why it makes no sense to implement 2x subroutine. As soon
++# as/if Intel improves throughput by making it possible to schedule
++# the instructions in question *every* cycles I would have to
++# implement 6x interleave and use it in loop...
++sub aesni_generate3 {
++my $dir=shift;
++# As already mentioned it takes in $key and $rounds, which are *not*
++# preserved. $inout[0-2] is cipher/clear text...
++$code.=<<___;
++.type _aesni_${dir}rypt3,\@abi-omnipotent
++.align 16
++_aesni_${dir}rypt3:
++ $movkey ($key),$rndkey0
++ shr \$1,$rounds
++ $movkey 16($key),$rndkey1
++ lea 32($key),$key
++ pxor $rndkey0,$inout0
++ pxor $rndkey0,$inout1
++ pxor $rndkey0,$inout2
++
++.L${dir}_loop3:
++ aes${dir} $rndkey1,$inout0
++ $movkey ($key),$rndkey0
++ aes${dir} $rndkey1,$inout1
++ dec $rounds
++ aes${dir} $rndkey1,$inout2
++ aes${dir} $rndkey0,$inout0
++ $movkey 16($key),$rndkey1
++ aes${dir} $rndkey0,$inout1
++ lea 32($key),$key
++ aes${dir} $rndkey0,$inout2
++ jnz .L${dir}_loop3
++
++ aes${dir} $rndkey1,$inout0
++ $movkey ($key),$rndkey0
++ aes${dir} $rndkey1,$inout1
++ aes${dir} $rndkey1,$inout2
++ aes${dir}last $rndkey0,$inout0
++ aes${dir}last $rndkey0,$inout1
++ aes${dir}last $rndkey0,$inout2
++ ret
++.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3
++___
++}
++# 4x interleave is implemented to improve small block performance,
++# most notably [and naturally] 4 block by ~30%. One can argue that one
++# should have implemented 5x as well, but improvement would be <20%,
++# so it's not worth it...
++sub aesni_generate4 {
++my $dir=shift;
++# As already mentioned it takes in $key and $rounds, which are *not*
++# preserved. $inout[0-3] is cipher/clear text...
++$code.=<<___;
++.type _aesni_${dir}rypt4,\@abi-omnipotent
++.align 16
++_aesni_${dir}rypt4:
++ $movkey ($key),$rndkey0
++ shr \$1,$rounds
++ $movkey 16($key),$rndkey1
++ lea 32($key),$key
++ pxor $rndkey0,$inout0
++ pxor $rndkey0,$inout1
++ pxor $rndkey0,$inout2
++ pxor $rndkey0,$inout3
++
++.L${dir}_loop4:
++ aes${dir} $rndkey1,$inout0
++ $movkey ($key),$rndkey0
++ aes${dir} $rndkey1,$inout1
++ dec $rounds
++ aes${dir} $rndkey1,$inout2
++ aes${dir} $rndkey1,$inout3
++ aes${dir} $rndkey0,$inout0
++ $movkey 16($key),$rndkey1
++ aes${dir} $rndkey0,$inout1
++ lea 32($key),$key
++ aes${dir} $rndkey0,$inout2
++ aes${dir} $rndkey0,$inout3
++ jnz .L${dir}_loop4
++
++ aes${dir} $rndkey1,$inout0
++ $movkey ($key),$rndkey0
++ aes${dir} $rndkey1,$inout1
++ aes${dir} $rndkey1,$inout2
++ aes${dir} $rndkey1,$inout3
++ aes${dir}last $rndkey0,$inout0
++ aes${dir}last $rndkey0,$inout1
++ aes${dir}last $rndkey0,$inout2
++ aes${dir}last $rndkey0,$inout3
++ ret
++.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4
++___
++}
++&aesni_generate3("enc") if ($PREFIX eq "aesni");
++&aesni_generate3("dec");
++&aesni_generate4("enc") if ($PREFIX eq "aesni");
++&aesni_generate4("dec");
++
++if ($PREFIX eq "aesni") {
++# void aesni_ecb_encrypt (const void *in, void *out,
++# size_t length, const AES_KEY *key,
++# int enc);
++$code.=<<___;
++.globl aesni_ecb_encrypt
++.type aesni_ecb_encrypt,\@function,5
++.align 16
++aesni_ecb_encrypt:
++ cmp \$16,$len # check length
++ jb .Lecb_ret
++
++ mov 240($key),$rounds # pull $rounds
++ and \$-16,$len
++ mov $key,$key_ # backup $key
++ test %r8d,%r8d # 5th argument
++ mov $rounds,$rnds_ # backup $rounds
++ jz .Lecb_decrypt
++#--------------------------- ECB ENCRYPT ------------------------------#
++ sub \$0x40,$len
++ jbe .Lecb_enc_tail
++ jmp .Lecb_enc_loop3
++.align 16
++.Lecb_enc_loop3:
++ movups ($inp),$inout0
++ movups 0x10($inp),$inout1
++ movups 0x20($inp),$inout2
++ call _aesni_encrypt3
++ sub \$0x30,$len
++ lea 0x30($inp),$inp
++ lea 0x30($out),$out
++ movups $inout0,-0x30($out)
++ mov $rnds_,$rounds # restore $rounds
++ movups $inout1,-0x20($out)
++ mov $key_,$key # restore $key
++ movups $inout2,-0x10($out)
++ ja .Lecb_enc_loop3
++
++.Lecb_enc_tail:
++ add \$0x40,$len
++ jz .Lecb_ret
++
++ cmp \$0x10,$len
++ movups ($inp),$inout0
++ je .Lecb_enc_one
++ cmp \$0x20,$len
++ movups 0x10($inp),$inout1
++ je .Lecb_enc_two
++ cmp \$0x30,$len
++ movups 0x20($inp),$inout2
++ je .Lecb_enc_three
++ movups 0x30($inp),$inout3
++ call _aesni_encrypt4
++ movups $inout0,($out)
++ movups $inout1,0x10($out)
++ movups $inout2,0x20($out)
++ movups $inout3,0x30($out)
++ jmp .Lecb_ret
++.align 16
++.Lecb_enc_one:
++___
++ &aesni_generate1("enc",$key,$rounds);
++$code.=<<___;
++ movups $inout0,($out)
++ jmp .Lecb_ret
++.align 16
++.Lecb_enc_two:
++ call _aesni_encrypt3
++ movups $inout0,($out)
++ movups $inout1,0x10($out)
++ jmp .Lecb_ret
++.align 16
++.Lecb_enc_three:
++ call _aesni_encrypt3
++ movups $inout0,($out)
++ movups $inout1,0x10($out)
++ movups $inout2,0x20($out)
++ jmp .Lecb_ret
++#--------------------------- ECB DECRYPT ------------------------------#
++.align 16
++.Lecb_decrypt:
++ sub \$0x40,$len
++ jbe .Lecb_dec_tail
++ jmp .Lecb_dec_loop3
++.align 16
++.Lecb_dec_loop3:
++ movups ($inp),$inout0
++ movups 0x10($inp),$inout1
++ movups 0x20($inp),$inout2
++ call _aesni_decrypt3
++ sub \$0x30,$len
++ lea 0x30($inp),$inp
++ lea 0x30($out),$out
++ movups $inout0,-0x30($out)
++ mov $rnds_,$rounds # restore $rounds
++ movups $inout1,-0x20($out)
++ mov $key_,$key # restore $key
++ movups $inout2,-0x10($out)
++ ja .Lecb_dec_loop3
++
++.Lecb_dec_tail:
++ add \$0x40,$len
++ jz .Lecb_ret
++
++ cmp \$0x10,$len
++ movups ($inp),$inout0
++ je .Lecb_dec_one
++ cmp \$0x20,$len
++ movups 0x10($inp),$inout1
++ je .Lecb_dec_two
++ cmp \$0x30,$len
++ movups 0x20($inp),$inout2
++ je .Lecb_dec_three
++ movups 0x30($inp),$inout3
++ call _aesni_decrypt4
++ movups $inout0,($out)
++ movups $inout1,0x10($out)
++ movups $inout2,0x20($out)
++ movups $inout3,0x30($out)
++ jmp .Lecb_ret
++.align 16
++.Lecb_dec_one:
++___
++ &aesni_generate1("dec",$key,$rounds);
++$code.=<<___;
++ movups $inout0,($out)
++ jmp .Lecb_ret
++.align 16
++.Lecb_dec_two:
++ call _aesni_decrypt3
++ movups $inout0,($out)
++ movups $inout1,0x10($out)
++ jmp .Lecb_ret
++.align 16
++.Lecb_dec_three:
++ call _aesni_decrypt3
++ movups $inout0,($out)
++ movups $inout1,0x10($out)
++ movups $inout2,0x20($out)
++
++.Lecb_ret:
++ ret
++.size aesni_ecb_encrypt,.-aesni_ecb_encrypt
++___
++}
++
++# void $PREFIX_cbc_encrypt (const void *inp, void *out,
++# size_t length, const AES_KEY *key,
++# unsigned char *ivp,const int enc);
++$reserved = $win64?0x40:-0x18; # used in decrypt
++$code.=<<___;
++.globl ${PREFIX}_cbc_encrypt
++.type ${PREFIX}_cbc_encrypt,\@function,6
++.align 16
++${PREFIX}_cbc_encrypt:
++ test $len,$len # check length
++ jz .Lcbc_ret
++
++ mov 240($key),$rnds_ # pull $rounds
++ mov $key,$key_ # backup $key
++ test %r9d,%r9d # 6th argument
++ jz .Lcbc_decrypt
++#--------------------------- CBC ENCRYPT ------------------------------#
++ movups ($ivp),$inout0 # load iv as initial state
++ cmp \$16,$len
++ mov $rnds_,$rounds
++ jb .Lcbc_enc_tail
++ sub \$16,$len
++ jmp .Lcbc_enc_loop
++.align 16
++.Lcbc_enc_loop:
++ movups ($inp),$inout1 # load input
++ lea 16($inp),$inp
++ pxor $inout1,$inout0
++___
++ &aesni_generate1("enc",$key,$rounds);
++$code.=<<___;
++ sub \$16,$len
++ lea 16($out),$out
++ mov $rnds_,$rounds # restore $rounds
++ mov $key_,$key # restore $key
++ movups $inout0,-16($out) # store output
++ jnc .Lcbc_enc_loop
++ add \$16,$len
++ jnz .Lcbc_enc_tail
++ movups $inout0,($ivp)
++ jmp .Lcbc_ret
++
++.Lcbc_enc_tail:
++ mov $len,%rcx # zaps $key
++ xchg $inp,$out # $inp is %rsi and $out is %rdi now
++ .long 0x9066A4F3 # rep movsb
++ mov \$16,%ecx # zero tail
++ sub $len,%rcx
++ xor %eax,%eax
++ .long 0x9066AAF3 # rep stosb
++ lea -16(%rdi),%rdi # rewind $out by 1 block
++ mov $rnds_,$rounds # restore $rounds
++ mov %rdi,%rsi # $inp and $out are the same
++ mov $key_,$key # restore $key
++ xor $len,$len # len=16
++ jmp .Lcbc_enc_loop # one more spin
++#--------------------------- CBC DECRYPT ------------------------------#
++.align 16
++.Lcbc_decrypt:
++___
++$code.=<<___ if ($win64);
++ lea -0x58(%rsp),%rsp
++ movaps %xmm6,(%rsp)
++ movaps %xmm7,0x10(%rsp)
++ movaps %xmm8,0x20(%rsp)
++ movaps %xmm9,0x30(%rsp)
++.Lcbc_decrypt_body:
++___
++$code.=<<___;
++ movups ($ivp),$iv
++ sub \$0x40,$len
++ mov $rnds_,$rounds
++ jbe .Lcbc_dec_tail
++ jmp .Lcbc_dec_loop3
++.align 16
++.Lcbc_dec_loop3:
++ movups ($inp),$inout0
++ movups 0x10($inp),$inout1
++ movups 0x20($inp),$inout2
++ movaps $inout0,$in0
++ movaps $inout1,$in1
++ movaps $inout2,$in2
++ call _aesni_decrypt3
++ sub \$0x30,$len
++ lea 0x30($inp),$inp
++ lea 0x30($out),$out
++ pxor $iv,$inout0
++ pxor $in0,$inout1
++ movaps $in2,$iv
++ pxor $in1,$inout2
++ movups $inout0,-0x30($out)
++ mov $rnds_,$rounds # restore $rounds
++ movups $inout1,-0x20($out)
++ mov $key_,$key # restore $key
++ movups $inout2,-0x10($out)
++ ja .Lcbc_dec_loop3
++
++.Lcbc_dec_tail:
++ add \$0x40,$len
++ movups $iv,($ivp)
++ jz .Lcbc_dec_ret
++
++ movups ($inp),$inout0
++ cmp \$0x10,$len
++ movaps $inout0,$in0
++ jbe .Lcbc_dec_one
++ movups 0x10($inp),$inout1
++ cmp \$0x20,$len
++ movaps $inout1,$in1
++ jbe .Lcbc_dec_two
++ movups 0x20($inp),$inout2
++ cmp \$0x30,$len
++ movaps $inout2,$in2
++ jbe .Lcbc_dec_three
++ movups 0x30($inp),$inout3
++ call _aesni_decrypt4
++ pxor $iv,$inout0
++ movups 0x30($inp),$iv
++ pxor $in0,$inout1
++ movups $inout0,($out)
++ pxor $in1,$inout2
++ movups $inout1,0x10($out)
++ pxor $in2,$inout3
++ movups $inout2,0x20($out)
++ movaps $inout3,$inout0
++ lea 0x30($out),$out
++ jmp .Lcbc_dec_tail_collected
++.align 16
++.Lcbc_dec_one:
++___
++ &aesni_generate1("dec",$key,$rounds);
++$code.=<<___;
++ pxor $iv,$inout0
++ movaps $in0,$iv
++ jmp .Lcbc_dec_tail_collected
++.align 16
++.Lcbc_dec_two:
++ call _aesni_decrypt3
++ pxor $iv,$inout0
++ pxor $in0,$inout1
++ movups $inout0,($out)
++ movaps $in1,$iv
++ movaps $inout1,$inout0
++ lea 0x10($out),$out
++ jmp .Lcbc_dec_tail_collected
++.align 16
++.Lcbc_dec_three:
++ call _aesni_decrypt3
++ pxor $iv,$inout0
++ pxor $in0,$inout1
++ movups $inout0,($out)
++ pxor $in1,$inout2
++ movups $inout1,0x10($out)
++ movaps $in2,$iv
++ movaps $inout2,$inout0
++ lea 0x20($out),$out
++ jmp .Lcbc_dec_tail_collected
++.align 16
++.Lcbc_dec_tail_collected:
++ and \$15,$len
++ movups $iv,($ivp)
++ jnz .Lcbc_dec_tail_partial
++ movups $inout0,($out)
++ jmp .Lcbc_dec_ret
++.Lcbc_dec_tail_partial:
++ movaps $inout0,$reserved(%rsp)
++ mov $out,%rdi
++ mov $len,%rcx
++ lea $reserved(%rsp),%rsi
++ .long 0x9066A4F3 # rep movsb
++
++.Lcbc_dec_ret:
++___
++$code.=<<___ if ($win64);
++ movaps (%rsp),%xmm6
++ movaps 0x10(%rsp),%xmm7
++ movaps 0x20(%rsp),%xmm8
++ movaps 0x30(%rsp),%xmm9
++ lea 0x58(%rsp),%rsp
++___
++$code.=<<___;
++.Lcbc_ret:
++ ret
++.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
++___
++
++# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey,
++# int bits, AES_KEY *key)
++{ my ($inp,$bits,$key) = @_4args;
++ $bits =~ s/%r/%e/;
++
++$code.=<<___;
++.globl ${PREFIX}_set_decrypt_key
++.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent
++.align 16
++${PREFIX}_set_decrypt_key:
++ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
++ call _aesni_set_encrypt_key
++ shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key
++ test %eax,%eax
++ jnz .Ldec_key_ret
++ lea 16($key,$bits),$inp # points at the end of key schedule
++
++ $movkey ($key),%xmm0 # just swap
++ $movkey ($inp),%xmm1
++ $movkey %xmm0,($inp)
++ $movkey %xmm1,($key)
++ lea 16($key),$key
++ lea -16($inp),$inp
++
++.Ldec_key_inverse:
++ $movkey ($key),%xmm0 # swap and inverse
++ $movkey ($inp),%xmm1
++ aesimc %xmm0,%xmm0
++ aesimc %xmm1,%xmm1
++ lea 16($key),$key
++ lea -16($inp),$inp
++ cmp $key,$inp
++ $movkey %xmm0,16($inp)
++ $movkey %xmm1,-16($key)
++ ja .Ldec_key_inverse
++
++ $movkey ($key),%xmm0 # inverse middle
++ aesimc %xmm0,%xmm0
++ $movkey %xmm0,($inp)
++.Ldec_key_ret:
++ add \$8,%rsp
++ ret
++.LSEH_end_set_decrypt_key:
++.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
++___
++
++# This is based on submission by
++#
++# Huang Ying <ying.huang at intel.com>
++# Vinodh Gopal <vinodh.gopal at intel.com>
++# Kahraman Akdemir
++#
++# Agressively optimized in respect to aeskeygenassist's critical path
++# and is contained in %xmm0-5 to meet Win64 ABI requirement.
++#
++$code.=<<___;
++.globl ${PREFIX}_set_encrypt_key
++.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent
++.align 16
++${PREFIX}_set_encrypt_key:
++_aesni_set_encrypt_key:
++ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
++ test $inp,$inp
++ mov \$-1,%rax
++ jz .Lenc_key_ret
++ test $key,$key
++ jz .Lenc_key_ret
++
++ movups ($inp),%xmm0 # pull first 128 bits of *userKey
++ pxor %xmm4,%xmm4 # low dword of xmm4 is assumed 0
++ lea 16($key),%rax
++ cmp \$256,$bits
++ je .L14rounds
++ cmp \$192,$bits
++ je .L12rounds
++ cmp \$128,$bits
++ jne .Lbad_keybits
++
++.L10rounds:
++ mov \$9,$bits # 10 rounds for 128-bit key
++ $movkey %xmm0,($key) # round 0
++ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1
++ call .Lkey_expansion_128_cold
++ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9
++ call .Lkey_expansion_128
++ aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10
++ call .Lkey_expansion_128
++ $movkey %xmm0,(%rax)
++ mov $bits,80(%rax) # 240(%rdx)
++ xor %eax,%eax
++ jmp .Lenc_key_ret
++
++.align 16
++.L12rounds:
++ movq 16($inp),%xmm2 # remaining 1/3 of *userKey
++ mov \$11,$bits # 12 rounds for 192
++ $movkey %xmm0,($key) # round 0
++ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2
++ call .Lkey_expansion_192a_cold
++ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3
++ call .Lkey_expansion_192b
++ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5
++ call .Lkey_expansion_192a
++ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6
++ call .Lkey_expansion_192b
++ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8
++ call .Lkey_expansion_192a
++ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9
++ call .Lkey_expansion_192b
++ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11
++ call .Lkey_expansion_192a
++ aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12
++ call .Lkey_expansion_192b
++ $movkey %xmm0,(%rax)
++ mov $bits,48(%rax) # 240(%rdx)
++ xor %rax, %rax
++ jmp .Lenc_key_ret
++
++.align 16
++.L14rounds:
++ movups 16($inp),%xmm2 # remaning half of *userKey
++ mov \$13,$bits # 14 rounds for 256
++ lea 16(%rax),%rax
++ $movkey %xmm0,($key) # round 0
++ $movkey %xmm2,16($key) # round 1
++ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2
++ call .Lkey_expansion_256a_cold
++ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3
++ call .Lkey_expansion_256b
++ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4
++ call .Lkey_expansion_256a
++ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5
++ call .Lkey_expansion_256b
++ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6
++ call .Lkey_expansion_256a
++ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7
++ call .Lkey_expansion_256b
++ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8
++ call .Lkey_expansion_256a
++ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9
++ call .Lkey_expansion_256b
++ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10
++ call .Lkey_expansion_256a
++ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11
++ call .Lkey_expansion_256b
++ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12
++ call .Lkey_expansion_256a
++ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13
++ call .Lkey_expansion_256b
++ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14
++ call .Lkey_expansion_256a
++ $movkey %xmm0,(%rax)
++ mov $bits,16(%rax) # 240(%rdx)
++ xor %rax,%rax
++ jmp .Lenc_key_ret
++
++.align 16
++.Lbad_keybits:
++ mov \$-2,%rax
++.Lenc_key_ret:
++ add \$8,%rsp
++ ret
++.LSEH_end_set_encrypt_key:
++
++.align 16
++.Lkey_expansion_128:
++ $movkey %xmm0,(%rax)
++ lea 16(%rax),%rax
++.Lkey_expansion_128_cold:
++ shufps \$0b00010000,%xmm0,%xmm4
++ pxor %xmm4, %xmm0
++ shufps \$0b10001100,%xmm0,%xmm4
++ pxor %xmm4, %xmm0
++ pshufd \$0b11111111,%xmm1,%xmm1 # critical path
++ pxor %xmm1,%xmm0
++ ret
++
++.align 16
++.Lkey_expansion_192a:
++ $movkey %xmm0,(%rax)
++ lea 16(%rax),%rax
++.Lkey_expansion_192a_cold:
++ movaps %xmm2, %xmm5
++.Lkey_expansion_192b_warm:
++ shufps \$0b00010000,%xmm0,%xmm4
++ movaps %xmm2,%xmm3
++ pxor %xmm4,%xmm0
++ shufps \$0b10001100,%xmm0,%xmm4
++ pslldq \$4,%xmm3
++ pxor %xmm4,%xmm0
++ pshufd \$0b01010101,%xmm1,%xmm1 # critical path
++ pxor %xmm3,%xmm2
++ pxor %xmm1,%xmm0
++ pshufd \$0b11111111,%xmm0,%xmm3
++ pxor %xmm3,%xmm2
++ ret
++
++.align 16
++.Lkey_expansion_192b:
++ movaps %xmm0,%xmm3
++ shufps \$0b01000100,%xmm0,%xmm5
++ $movkey %xmm5,(%rax)
++ shufps \$0b01001110,%xmm2,%xmm3
++ $movkey %xmm3,16(%rax)
++ lea 32(%rax),%rax
++ jmp .Lkey_expansion_192b_warm
++
++.align 16
++.Lkey_expansion_256a:
++ $movkey %xmm2,(%rax)
++ lea 16(%rax),%rax
++.Lkey_expansion_256a_cold:
++ shufps \$0b00010000,%xmm0,%xmm4
++ pxor %xmm4,%xmm0
++ shufps \$0b10001100,%xmm0,%xmm4
++ pxor %xmm4,%xmm0
++ pshufd \$0b11111111,%xmm1,%xmm1 # critical path
++ pxor %xmm1,%xmm0
++ ret
++
++.align 16
++.Lkey_expansion_256b:
++ $movkey %xmm0,(%rax)
++ lea 16(%rax),%rax
++
++ shufps \$0b00010000,%xmm2,%xmm4
++ pxor %xmm4,%xmm2
++ shufps \$0b10001100,%xmm2,%xmm4
++ pxor %xmm4,%xmm2
++ pshufd \$0b10101010,%xmm1,%xmm1 # critical path
++ pxor %xmm1,%xmm2
++ ret
++.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
++___
++}
++
++$code.=<<___;
++.asciz "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
++.align 64
++___
++
++# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
++# CONTEXT *context,DISPATCHER_CONTEXT *disp)
++if ($win64) {
++$rec="%rcx";
++$frame="%rdx";
++$context="%r8";
++$disp="%r9";
++
++$code.=<<___;
++.extern __imp_RtlVirtualUnwind
++.type cbc_se_handler,\@abi-omnipotent
++.align 16
++cbc_se_handler:
++ push %rsi
++ push %rdi
++ push %rbx
++ push %rbp
++ push %r12
++ push %r13
++ push %r14
++ push %r15
++ pushfq
++ sub \$64,%rsp
++
++ mov 152($context),%rax # pull context->Rsp
++ mov 248($context),%rbx # pull context->Rip
++
++ lea .Lcbc_decrypt(%rip),%r10
++ cmp %r10,%rbx # context->Rip<"prologue" label
++ jb .Lin_prologue
++
++ lea .Lcbc_decrypt_body(%rip),%r10
++ cmp %r10,%rbx # context->Rip<cbc_decrypt_body
++ jb .Lrestore_rax
++
++ lea .Lcbc_ret(%rip),%r10
++ cmp %r10,%rbx # context->Rip>="epilogue" label
++ jae .Lin_prologue
++
++ lea 0(%rax),%rsi # top of stack
++ lea 512($context),%rdi # &context.Xmm6
++ mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax)
++ .long 0xa548f3fc # cld; rep movsq
++ lea 0x58(%rax),%rax # adjust stack pointer
++ jmp .Lin_prologue
++
++.Lrestore_rax:
++ mov 120($context),%rax
++.Lin_prologue:
++ mov 8(%rax),%rdi
++ mov 16(%rax),%rsi
++ mov %rax,152($context) # restore context->Rsp
++ mov %rsi,168($context) # restore context->Rsi
++ mov %rdi,176($context) # restore context->Rdi
++
++ jmp .Lcommon_seh_exit
++.size cbc_se_handler,.-cbc_se_handler
++
++.type ecb_se_handler,\@abi-omnipotent
++.align 16
++ecb_se_handler:
++ push %rsi
++ push %rdi
++ push %rbx
++ push %rbp
++ push %r12
++ push %r13
++ push %r14
++ push %r15
++ pushfq
++ sub \$64,%rsp
++
++ mov 152($context),%rax # pull context->Rsp
++ mov 8(%rax),%rdi
++ mov 16(%rax),%rsi
++ mov %rsi,168($context) # restore context->Rsi
++ mov %rdi,176($context) # restore context->Rdi
++
++.Lcommon_seh_exit:
++
++ mov 40($disp),%rdi # disp->ContextRecord
++ mov $context,%rsi # context
++ mov \$154,%ecx # sizeof(CONTEXT)
++ .long 0xa548f3fc # cld; rep movsq
++
++ mov $disp,%rsi
++ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
++ mov 8(%rsi),%rdx # arg2, disp->ImageBase
++ mov 0(%rsi),%r8 # arg3, disp->ControlPc
++ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
++ mov 40(%rsi),%r10 # disp->ContextRecord
++ lea 56(%rsi),%r11 # &disp->HandlerData
++ lea 24(%rsi),%r12 # &disp->EstablisherFrame
++ mov %r10,32(%rsp) # arg5
++ mov %r11,40(%rsp) # arg6
++ mov %r12,48(%rsp) # arg7
++ mov %rcx,56(%rsp) # arg8, (NULL)
++ call *__imp_RtlVirtualUnwind(%rip)
++
++ mov \$1,%eax # ExceptionContinueSearch
++ add \$64,%rsp
++ popfq
++ pop %r15
++ pop %r14
++ pop %r13
++ pop %r12
++ pop %rbp
++ pop %rbx
++ pop %rdi
++ pop %rsi
++ ret
++.size cbc_se_handler,.-cbc_se_handler
++
++.section .pdata
++.align 4
++ .rva .LSEH_begin_${PREFIX}_ecb_encrypt
++ .rva .LSEH_end_${PREFIX}_ecb_encrypt
++ .rva .LSEH_info_ecb
++
++ .rva .LSEH_begin_${PREFIX}_cbc_encrypt
++ .rva .LSEH_end_${PREFIX}_cbc_encrypt
++ .rva .LSEH_info_cbc
++
++ .rva ${PREFIX}_set_decrypt_key
++ .rva .LSEH_end_set_decrypt_key
++ .rva .LSEH_info_key
++
++ .rva ${PREFIX}_set_encrypt_key
++ .rva .LSEH_end_set_encrypt_key
++ .rva .LSEH_info_key
++.section .xdata
++.align 8
++.LSEH_info_ecb:
++ .byte 9,0,0,0
++ .rva ecb_se_handler
++.LSEH_info_cbc:
++ .byte 9,0,0,0
++ .rva cbc_se_handler
++.LSEH_info_key:
++ .byte 0x01,0x04,0x01,0x00
++ .byte 0x04,0x02,0x00,0x00
++___
++}
++
++sub rex {
++ local *opcode=shift;
++ my ($dst,$src)=@_;
++
++ if ($dst>=8 || $src>=8) {
++ $rex=0x40;
++ $rex|=0x04 if($dst>=8);
++ $rex|=0x01 if($src>=8);
++ push @opcode,$rex;
++ }
++}
++
++sub aesni {
++ my $line=shift;
++ my @opcode=(0x66);
++
++ if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
++ rex(\@opcode,$4,$3);
++ push @opcode,0x0f,0x3a,0xdf;
++ push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M
++ my $c=$2;
++ push @opcode,$c=~/^0/?oct($c):$c;
++ return ".byte\t".join(',', at opcode);
++ }
++ elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
++ my %opcodelet = (
++ "aesimc" => 0xdb,
++ "aesenc" => 0xdc, "aesenclast" => 0xdd,
++ "aesdec" => 0xde, "aesdeclast" => 0xdf
++ );
++ return undef if (!defined($opcodelet{$1}));
++ rex(\@opcode,$3,$2);
++ push @opcode,0x0f,0x38,$opcodelet{$1};
++ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
++ return ".byte\t".join(',', at opcode);
++ }
++ return $line;
++}
++
++$code =~ s/\`([^\`]*)\`/eval($1)/gem;
++$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
++
++print $code;
++
++close STDOUT;
+diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypto/aes/Makefile
+--- openssl-1.0.0-beta4/crypto/aes/Makefile.aesni 2008-12-23 12:33:00.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/aes/Makefile 2010-01-12 22:18:06.000000000 +0100
+@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
+
+ aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl
+ $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
++aesni-x86.s: asm/aesni-x86.pl ../perlasm/x86asm.pl
++ $(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+ aes-x86_64.s: asm/aes-x86_64.pl
+ $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
++aesni-x86_64.s: asm/aesni-x86_64.pl
++ $(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
+
+ aes-sparcv9.s: asm/aes-sparcv9.pl
+ $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_aesni.c
+--- openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni 2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/engine/eng_aesni.c 2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,413 @@
++/*
++ * Support for Intel AES-NI intruction set
++ * Author: Huang Ying <ying.huang at intel.com>
++ *
++ * Intel AES-NI is a new set of Single Instruction Multiple Data
++ * (SIMD) instructions that are going to be introduced in the next
++ * generation of Intel processor, as of 2009. These instructions
++ * enable fast and secure data encryption and decryption, using the
++ * Advanced Encryption Standard (AES), defined by FIPS Publication
++ * number 197. The architecture introduces six instructions that
++ * offer full hardware support for AES. Four of them support high
++ * performance data encryption and decryption, and the other two
++ * instructions support the AES key expansion procedure.
++ *
++ * The white paper can be downloaded from:
++ * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
++ *
++ * This file is based on engines/e_padlock.c
++ */
++
++/* ====================================================================
++ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay at cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh at cryptsoft.com).
++ *
++ */
++
++
++#include <openssl/opensslconf.h>
++
++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
++
++#include <stdio.h>
++#include "cryptlib.h"
++#include <openssl/dso.h>
++#include <openssl/engine.h>
++#include <openssl/evp.h>
++#include <openssl/aes.h>
++#include <openssl/err.h>
++#include <openssl/modes.h>
++
++/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it
++ doesn't exist elsewhere, but it even can't be compiled on other
++ platforms! */
++#undef COMPILE_HW_AESNI
++#if (defined(__x86_64) || defined(__x86_64__) || \
++ defined(_M_AMD64) || defined(_M_X64) || \
++ defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM)
++#define COMPILE_HW_AESNI
++static ENGINE *ENGINE_aesni (void);
++#endif
++
++void ENGINE_load_aesni (void)
++{
++/* On non-x86 CPUs it just returns. */
++#ifdef COMPILE_HW_AESNI
++ ENGINE *toadd = ENGINE_aesni();
++ if (!toadd)
++ return;
++ ENGINE_add (toadd);
++ ENGINE_register_complete (toadd);
++ ENGINE_free (toadd);
++ ERR_clear_error ();
++#endif
++}
++
++#ifdef COMPILE_HW_AESNI
++int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
++ AES_KEY *key);
++int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
++ AES_KEY *key);
++
++void aesni_encrypt(const unsigned char *in, unsigned char *out,
++ const AES_KEY *key);
++void aesni_decrypt(const unsigned char *in, unsigned char *out,
++ const AES_KEY *key);
++
++void aesni_ecb_encrypt(const unsigned char *in,
++ unsigned char *out,
++ size_t length,
++ const AES_KEY *key,
++ int enc);
++void aesni_cbc_encrypt(const unsigned char *in,
++ unsigned char *out,
++ size_t length,
++ const AES_KEY *key,
++ unsigned char *ivec, int enc);
++
++/* Function for ENGINE detection and control */
++static int aesni_init(ENGINE *e);
++
++/* Cipher Stuff */
++static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid);
++
++#define AESNI_MIN_ALIGN 16
++#define AESNI_ALIGN(x) \
++ ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
++
++/* Engine names */
++static const char aesni_id[] = "aesni",
++ aesni_name[] = "Intel AES-NI engine",
++ no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
++
++/* ===== Engine "management" functions ===== */
++
++#if defined(_WIN32)
++typedef unsigned __int64 IA32CAP;
++#else
++typedef unsigned long long IA32CAP;
++#endif
++
++/* Prepare the ENGINE structure for registration */
++static int
++aesni_bind_helper(ENGINE *e)
++{
++ int engage;
++ if (sizeof(OPENSSL_ia32cap_P) > 4) {
++ engage = (OPENSSL_ia32cap_P >> 57) & 1;
++ } else {
++ IA32CAP OPENSSL_ia32_cpuid(void);
++ engage = (OPENSSL_ia32_cpuid() >> 57) & 1;
++ }
++
++ /* Register everything or return with an error */
++ if (!ENGINE_set_id(e, aesni_id) ||
++ !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
++
++ !ENGINE_set_init_function(e, aesni_init) ||
++ (engage && !ENGINE_set_ciphers (e, aesni_ciphers))
++ )
++ return 0;
++
++ /* Everything looks good */
++ return 1;
++}
++
++/* Constructor */
++static ENGINE *
++ENGINE_aesni(void)
++{
++ ENGINE *eng = ENGINE_new();
++
++ if (!eng) {
++ return NULL;
++ }
++
++ if (!aesni_bind_helper(eng)) {
++ ENGINE_free(eng);
++ return NULL;
++ }
++
++ return eng;
++}
++
++/* Check availability of the engine */
++static int
++aesni_init(ENGINE *e)
++{
++ return 1;
++}
++
++#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
++#define NID_aes_128_cfb NID_aes_128_cfb128
++#endif
++
++#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
++#define NID_aes_128_ofb NID_aes_128_ofb128
++#endif
++
++#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
++#define NID_aes_192_cfb NID_aes_192_cfb128
++#endif
++
++#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
++#define NID_aes_192_ofb NID_aes_192_ofb128
++#endif
++
++#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
++#define NID_aes_256_cfb NID_aes_256_cfb128
++#endif
++
++#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
++#define NID_aes_256_ofb NID_aes_256_ofb128
++#endif
++
++/* List of supported ciphers. */
++static int aesni_cipher_nids[] = {
++ NID_aes_128_ecb,
++ NID_aes_128_cbc,
++ NID_aes_128_cfb,
++ NID_aes_128_ofb,
++
++ NID_aes_192_ecb,
++ NID_aes_192_cbc,
++ NID_aes_192_cfb,
++ NID_aes_192_ofb,
++
++ NID_aes_256_ecb,
++ NID_aes_256_cbc,
++ NID_aes_256_cfb,
++ NID_aes_256_ofb,
++};
++static int aesni_cipher_nids_num =
++ (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0]));
++
++typedef struct
++{
++ AES_KEY ks;
++ unsigned int _pad1[3];
++} AESNI_KEY;
++
++static int
++aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
++ const unsigned char *iv, int enc)
++{
++ int ret;
++ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++
++ if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
++ || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
++ || enc)
++ ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
++ else
++ ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
++
++ if(ret < 0) {
++ EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
++ return 0;
++ }
++
++ return 1;
++}
++
++static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++ aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
++ return 1;
++}
++static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++ aesni_cbc_encrypt(in, out, inl, key,
++ ctx->iv, ctx->encrypt);
++ return 1;
++}
++static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++ CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv,
++ &ctx->num, ctx->encrypt,
++ (block128_f)aesni_encrypt);
++ return 1;
++}
++static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
++ const unsigned char *in, size_t inl)
++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++ CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv,
++ &ctx->num, (block128_f)aesni_encrypt);
++ return 1;
++}
++
++#define AES_BLOCK_SIZE 16
++
++#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
++#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
++#define EVP_CIPHER_block_size_OFB 1
++#define EVP_CIPHER_block_size_CFB 1
++
++/* Declaring so many ciphers by hand would be a pain.
++ Instead introduce a bit of preprocessor magic :-) */
++#define DECLARE_AES_EVP(ksize,lmode,umode) \
++static const EVP_CIPHER aesni_##ksize##_##lmode = { \
++ NID_aes_##ksize##_##lmode, \
++ EVP_CIPHER_block_size_##umode, \
++ ksize / 8, \
++ AES_BLOCK_SIZE, \
++ 0 | EVP_CIPH_##umode##_MODE, \
++ aesni_init_key, \
++ aesni_cipher_##lmode, \
++ NULL, \
++ sizeof(AESNI_KEY), \
++ EVP_CIPHER_set_asn1_iv, \
++ EVP_CIPHER_get_asn1_iv, \
++ NULL, \
++ NULL \
++}
++
++DECLARE_AES_EVP(128,ecb,ECB);
++DECLARE_AES_EVP(128,cbc,CBC);
++DECLARE_AES_EVP(128,cfb,CFB);
++DECLARE_AES_EVP(128,ofb,OFB);
++
++DECLARE_AES_EVP(192,ecb,ECB);
++DECLARE_AES_EVP(192,cbc,CBC);
++DECLARE_AES_EVP(192,cfb,CFB);
++DECLARE_AES_EVP(192,ofb,OFB);
++
++DECLARE_AES_EVP(256,ecb,ECB);
++DECLARE_AES_EVP(256,cbc,CBC);
++DECLARE_AES_EVP(256,cfb,CFB);
++DECLARE_AES_EVP(256,ofb,OFB);
++
++static int
++aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher,
++ const int **nids, int nid)
++{
++ /* No specific cipher => return a list of supported nids ... */
++ if (!cipher) {
++ *nids = aesni_cipher_nids;
++ return aesni_cipher_nids_num;
++ }
++
++ /* ... or the requested "cipher" otherwise */
++ switch (nid) {
++ case NID_aes_128_ecb:
++ *cipher = &aesni_128_ecb;
++ break;
++ case NID_aes_128_cbc:
++ *cipher = &aesni_128_cbc;
++ break;
++ case NID_aes_128_cfb:
++ *cipher = &aesni_128_cfb;
++ break;
++ case NID_aes_128_ofb:
++ *cipher = &aesni_128_ofb;
++ break;
++
++ case NID_aes_192_ecb:
++ *cipher = &aesni_192_ecb;
++ break;
++ case NID_aes_192_cbc:
++ *cipher = &aesni_192_cbc;
++ break;
++ case NID_aes_192_cfb:
++ *cipher = &aesni_192_cfb;
++ break;
++ case NID_aes_192_ofb:
++ *cipher = &aesni_192_ofb;
++ break;
++
++ case NID_aes_256_ecb:
++ *cipher = &aesni_256_ecb;
++ break;
++ case NID_aes_256_cbc:
++ *cipher = &aesni_256_cbc;
++ break;
++ case NID_aes_256_cfb:
++ *cipher = &aesni_256_cfb;
++ break;
++ case NID_aes_256_ofb:
++ *cipher = &aesni_256_ofb;
++ break;
++
++ default:
++ /* Sorry, we don't support this NID */
++ *cipher = NULL;
++ return 0;
++ }
++
++ return 1;
++}
++
++#endif /* COMPILE_HW_AESNI */
++#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
+diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_all.c
+--- openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni 2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/engine/eng_all.c 2010-01-12 22:18:06.000000000 +0100
+@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
+ #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+ ENGINE_load_cryptodev();
+ #endif
++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI)
++ ENGINE_load_aesni();
++#endif
+ ENGINE_load_dynamic();
+ #ifndef OPENSSL_NO_STATIC_ENGINE
+ #ifndef OPENSSL_NO_HW
+diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/crypto/engine/engine.h
+--- openssl-1.0.0-beta4/crypto/engine/engine.h.aesni 2010-01-07 23:38:30.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/engine/engine.h 2010-01-12 22:18:06.000000000 +0100
+@@ -342,6 +342,7 @@ void ENGINE_load_gost(void);
+ #endif
+ #endif
+ void ENGINE_load_cryptodev(void);
++void ENGINE_load_aesni(void);
+ void ENGINE_load_builtin_engines(void);
+
+ /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/crypto/engine/Makefile
+--- openssl-1.0.0-beta4/crypto/engine/Makefile.aesni 2008-06-04 13:01:29.000000000 +0200
++++ openssl-1.0.0-beta4/crypto/engine/Makefile 2010-01-12 22:18:06.000000000 +0100
+@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
+ eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
+- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
++ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
++ eng_aesni.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
+- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
++ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
++ eng_aesni.o
+
+ SRC= $(LIBSRC)
+
+diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/crypto/evp/evp_err.c
+--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni 2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2010-01-12 22:18:06.000000000 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/evp/evp_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -70,6 +70,7 @@
+
+ static ERR_STRING_DATA EVP_str_functs[]=
+ {
++{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"},
+ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
+ {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+@@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+-{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"},
++{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
+ {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
+diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/evp/evp.h
+--- openssl-1.0.0-beta4/crypto/evp/evp.h.aesni 2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/evp/evp.h 2010-01-12 22:18:06.000000000 +0100
+@@ -1162,6 +1162,7 @@ void ERR_load_EVP_strings(void);
+ /* Error codes for the EVP functions. */
+
+ /* Function codes. */
++#define EVP_F_AESNI_INIT_KEY 163
+ #define EVP_F_AES_INIT_KEY 133
+ #define EVP_F_CAMELLIA_INIT_KEY 159
+ #define EVP_F_D2I_PKEY 100
+diff -up openssl-1.0.0-beta4/test/test_aesni.aesni openssl-1.0.0-beta4/test/test_aesni
+--- openssl-1.0.0-beta4/test/test_aesni.aesni 2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/test/test_aesni 2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,69 @@
++#!/bin/sh
++
++PROG=$1
++
++if [ -x $PROG ]; then
++ if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
++ :
++ else
++ echo "$PROG is not OpenSSL executable"
++ exit 1
++ fi
++else
++ echo "$PROG is not executable"
++ exit 1;
++fi
++
++if $PROG engine aesni | grep -v no-aesni; then
++
++ HASH=`cat $PROG | $PROG dgst -hex`
++
++ AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
++ aes-128-cbc aes-192-cbc aes-256-cbc \
++ aes-128-cfb aes-192-cfb aes-256-cfb \
++ aes-128-ofb aes-192-ofb aes-256-ofb"
++ BUFSIZE="16 32 48 64 80 96 128 144 999"
++
++ nerr=0
++
++ for alg in $AES_ALGS; do
++ echo $alg
++ for bufsize in $BUFSIZE; do
++ TEST=`( cat $PROG | \
++ $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
++ $PROG enc -d -k "$HASH" -$alg | \
++ $PROG dgst -hex ) 2>/dev/null`
++ if [ "$TEST" != "$HASH" ]; then
++ echo "-$alg/$bufsize encrypt test failed"
++ nerr=`expr $nerr + 1`
++ fi
++ done
++ for bufsize in $BUFSIZE; do
++ TEST=`( cat $PROG | \
++ $PROG enc -e -k "$HASH" -$alg | \
++ $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
++ $PROG dgst -hex ) 2>/dev/null`
++ if [ "$TEST" != "$HASH" ]; then
++ echo "-$alg/$bufsize decrypt test failed"
++ nerr=`expr $nerr + 1`
++ fi
++ done
++ TEST=`( cat $PROG | \
++ $PROG enc -e -k "$HASH" -$alg -engine aesni | \
++ $PROG enc -d -k "$HASH" -$alg -engine aesni | \
++ $PROG dgst -hex ) 2>/dev/null`
++ if [ "$TEST" != "$HASH" ]; then
++ echo "-$alg en/decrypt test failed"
++ nerr=`expr $nerr + 1`
++ fi
++ done
++
++ if [ $nerr -gt 0 ]; then
++ echo "AESNI engine test failed."
++ exit 1;
++ fi
++else
++ echo "AESNI engine is not available"
++fi
++
++exit 0
diff --git a/openssl-1.0.0-beta3-cipher-change.patch b/openssl-1.0.0-beta5-cipher-change.patch
similarity index 61%
rename from openssl-1.0.0-beta3-cipher-change.patch
rename to openssl-1.0.0-beta5-cipher-change.patch
index 8fe7ada..2e8343b 100644
--- a/openssl-1.0.0-beta3-cipher-change.patch
+++ b/openssl-1.0.0-beta5-cipher-change.patch
@@ -1,16 +1,16 @@
-diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h
---- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change 2009-08-05 18:22:45.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/ssl.h 2009-08-05 18:27:32.000000000 +0200
-@@ -511,7 +511,7 @@ typedef struct ssl_session_st
-
- #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
+diff -up openssl-1.0.0-beta5/ssl/ssl.h.cipher-change openssl-1.0.0-beta5/ssl/ssl.h
+--- openssl-1.0.0-beta5/ssl/ssl.h.cipher-change 2010-01-20 18:12:07.000000000 +0100
++++ openssl-1.0.0-beta5/ssl/ssl.h 2010-01-20 18:13:04.000000000 +0100
+@@ -513,7 +513,7 @@ typedef struct ssl_session_st
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
+ /* Allow initial connection to servers that don't support RI */
+ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
-@@ -528,7 +528,7 @@ typedef struct ssl_session_st
+@@ -530,7 +530,7 @@ typedef struct ssl_session_st
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
diff --git a/openssl-1.0.0-beta4-enginesdir.patch b/openssl-1.0.0-beta5-enginesdir.patch
similarity index 63%
rename from openssl-1.0.0-beta4-enginesdir.patch
rename to openssl-1.0.0-beta5-enginesdir.patch
index 0a304ce..d942d6e 100644
--- a/openssl-1.0.0-beta4-enginesdir.patch
+++ b/openssl-1.0.0-beta5-enginesdir.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
---- openssl-1.0.0-beta4/Configure.enginesdir 2009-11-12 12:17:59.000000000 +0100
-+++ openssl-1.0.0-beta4/Configure 2009-11-12 12:19:45.000000000 +0100
+diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
+--- openssl-1.0.0-beta5/Configure.enginesdir 2010-01-20 18:07:05.000000000 +0100
++++ openssl-1.0.0-beta5/Configure 2010-01-20 18:10:48.000000000 +0100
@@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
@@ -20,7 +20,7 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
-@@ -1055,7 +1060,7 @@ chop $prefix if $prefix =~ /.\/$/;
+@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
@@ -29,18 +29,18 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
print "IsMK1MF=$IsMK1MF\n";
-@@ -1676,7 +1681,7 @@ while (<IN>)
- # $foo is to become "$prefix/lib$multilib/engines";
- # as Makefile.org and engines/Makefile are adapted for
- # $multilib suffix.
-- my $foo = "$prefix/lib/engines";
+@@ -1673,7 +1678,7 @@ while (<IN>)
+ }
+ elsif (/^#define\s+ENGINESDIR/)
+ {
+- my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
-diff -up openssl-1.0.0-beta4/engines/Makefile.enginesdir openssl-1.0.0-beta4/engines/Makefile
---- openssl-1.0.0-beta4/engines/Makefile.enginesdir 2009-11-10 02:52:52.000000000 +0100
-+++ openssl-1.0.0-beta4/engines/Makefile 2009-11-12 12:23:06.000000000 +0100
+diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
+--- openssl-1.0.0-beta5/engines/Makefile.enginesdir 2010-01-16 21:06:09.000000000 +0100
++++ openssl-1.0.0-beta5/engines/Makefile 2010-01-20 18:07:05.000000000 +0100
@@ -124,7 +124,7 @@ install:
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
diff --git a/openssl-1.0.0-beta3-ipv6-apps.patch b/openssl-1.0.0-beta5-ipv6-apps.patch
similarity index 86%
rename from openssl-1.0.0-beta3-ipv6-apps.patch
rename to openssl-1.0.0-beta5-ipv6-apps.patch
index 690bc98..4304c01 100644
--- a/openssl-1.0.0-beta3-ipv6-apps.patch
+++ b/openssl-1.0.0-beta5-ipv6-apps.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
---- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_apps.h 2009-08-05 21:29:58.000000000 +0200
+diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h
+--- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_apps.h 2010-02-03 09:43:49.000000000 +0100
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
@@ -23,10 +23,10 @@ diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
-diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
---- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 22:33:44.000000000 +0200
-@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
+diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c
+--- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_client.c 2010-02-03 09:43:49.000000000 +0100
+@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
@@ -35,7 +35,7 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
-@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
+@@ -488,13 +488,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
@@ -51,7 +51,7 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
-@@ -956,7 +955,7 @@ bad:
+@@ -967,7 +966,7 @@ bad:
re_start:
@@ -60,10 +60,10 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
-diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
---- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 21:29:58.000000000 +0200
-@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
+diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c
+--- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_server.c 2010-02-03 09:43:49.000000000 +0100
+@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
@@ -72,7 +72,7 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
-@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
+@@ -909,8 +909,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
@@ -82,7 +82,7 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/
}
else if (strcmp(*argv,"-verify") == 0)
{
-@@ -1685,9 +1684,9 @@ bad:
+@@ -1700,9 +1699,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
@@ -94,10 +94,10 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/
print_stats(bio_s_out,ctx);
ret=0;
end:
-diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
---- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps 2008-11-12 04:57:47.000000000 +0100
-+++ openssl-1.0.0-beta3/apps/s_socket.c 2009-08-05 21:29:58.000000000 +0200
-@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
+diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c
+--- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps 2009-08-26 13:21:50.000000000 +0200
++++ openssl-1.0.0-beta5/apps/s_socket.c 2010-02-03 10:00:30.000000000 +0100
+@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
@@ -108,7 +108,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
-@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
+@@ -234,58 +232,70 @@ static int ssl_sock_init(void)
return(1);
}
@@ -217,7 +217,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
{
int sock;
char *name = NULL;
-@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
+@@ -323,33 +333,38 @@ int do_server(int port, int type, int *r
}
}
@@ -277,7 +277,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
-@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
+@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i
(void *) &j, sizeof j);
}
#endif
@@ -337,11 +337,10 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
int len;
/* struct linger ling; */
-@@ -425,137 +443,62 @@ redoit:
- if (i < 0) { perror("keepalive"); return(0); }
+@@ -432,136 +450,58 @@ redoit:
*/
-- if (host == NULL) goto end;
+ if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
@@ -351,50 +350,44 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
- sizeof(struct in_addr),AF_INET);
-#endif
- if (h1 == NULL)
-+ if (host == NULL)
++
++ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
++ buffer, sizeof(buffer),
++ NULL, 0, 0))
{
- BIO_printf(bio_err,"bad gethostbyaddr\n");
-- *host=NULL;
-- /* return(0); */
-- }
-- else
-- {
++ BIO_printf(bio_err,"getnameinfo failed\n");
+ *host=NULL;
+ /* return(0); */
+ }
+ else
+ {
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
-- {
-- perror("OPENSSL_malloc");
-+ *sock=ret;
++ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ {
+ perror("OPENSSL_malloc");
return(0);
}
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
+-
- h2=GetHostByName(*host);
- if (h2 == NULL)
-+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
-+ buffer, sizeof(buffer),
-+ NULL, 0, 0))
- {
+- {
- BIO_printf(bio_err,"gethostbyname failure\n");
-+ BIO_printf(bio_err,"getnameinfo failed\n");
-+ *host=NULL;
- return(0);
- }
+- return(0);
+- }
- i=0;
- if (h2->h_addrtype != AF_INET)
-+ else
- {
+- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
-+ {
-+ perror("OPENSSL_malloc");
- return(0);
- }
-- }
--end:
+- return(0);
+- }
+ strcpy(*host, buffer);
+ }
+ end:
*sock=ret;
return(1);
}
-+ }
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
diff --git a/openssl-0.9.8j-readme-warning.patch b/openssl-1.0.0-beta5-readme-warning.patch
similarity index 55%
rename from openssl-0.9.8j-readme-warning.patch
rename to openssl-1.0.0-beta5-readme-warning.patch
index 411e6bd..0d89720 100644
--- a/openssl-0.9.8j-readme-warning.patch
+++ b/openssl-1.0.0-beta5-readme-warning.patch
@@ -1,7 +1,7 @@
-diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
---- openssl-0.9.8j/README.warning 2009-01-07 11:50:53.000000000 +0100
-+++ openssl-0.9.8j/README 2009-01-14 17:43:02.000000000 +0100
-@@ -5,6 +5,31 @@
+diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
+--- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100
++++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100
+@@ -5,6 +5,35 @@
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -15,9 +15,15 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
+
+ This version also contains a few differences from the upstream code
+ some of which are:
-+ * The FIPS integrity verification check is implemented differently
-+ from the upstream FIPS validated OpenSSL module. It verifies
-+ HMAC-SHA256 checksum of the whole libcrypto shared library.
++ * There are added changes forward ported from the upstream OpenSSL
++ 0.9.8 FIPS branch however the FIPS integrity verification check
++ is implemented differently from the upstream FIPS validated OpenSSL
++ module. It verifies HMAC-SHA256 checksum of the whole shared
++ libraries. For this reason the changes are ported to files in the
++ crypto directory and not in a separate fips subdirectory. Also
++ note that the FIPS integrity verification check requires unmodified
++ libcrypto and libssl shared library files which means that it will
++ fail if these files are modified for example by prelink.
+ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
+ tries to initialize the FIPS mode if it is set to 1 aborting if the
+ FIPS mode could not be initialized. It is also possible to force the
@@ -27,8 +33,6 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
+ will not automatically load the built in compression method ZLIB
+ when initialized. Applications can still explicitely ask for ZLIB
+ compression method.
-+ * There is added a support for EAP-FAST through TLS extension. This code
-+ is backported from OpenSSL upstream development branch.
+
DESCRIPTION
-----------
diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch
new file mode 100644
index 0000000..9098c0a
--- /dev/null
+++ b/openssl-1.0.0-name-hash.patch
@@ -0,0 +1,22 @@
+diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c
+--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash 2010-01-12 18:27:10.000000000 +0100
++++ openssl-1.0.0/crypto/x509/x509_cmp.c 2010-04-06 16:44:52.000000000 +0200
+@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA
+ {
+ unsigned long ret=0;
+ unsigned char md[16];
++ EVP_MD_CTX ctx;
+
+ /* Make sure X509_NAME structure contains valid cached encoding */
+ i2d_X509_NAME(x,NULL);
+- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
++
++ EVP_MD_CTX_init(&ctx);
++ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
++ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)
++ && EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length)
++ && EVP_DigestFinal_ex(&ctx, md, NULL);
++ EVP_MD_CTX_cleanup(&ctx);
+
+ ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
+ ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/openssl-1.0.0-timezone.patch b/openssl-1.0.0-timezone.patch
new file mode 100644
index 0000000..b1d6682
--- /dev/null
+++ b/openssl-1.0.0-timezone.patch
@@ -0,0 +1,21 @@
+diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org
+--- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200
++++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200
+@@ -609,7 +609,7 @@ install_docs:
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+- sh -c "$$pod2man \
++ sh -c "TZ=UTC $$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+@@ -626,7 +626,7 @@ install_docs:
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+- sh -c "$$pod2man \
++ sh -c "TZ=UTC $$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
diff --git a/openssl-1.0.0-beta4-fips.patch b/openssl-1.0.0a-fips.patch
similarity index 90%
rename from openssl-1.0.0-beta4-fips.patch
rename to openssl-1.0.0a-fips.patch
index 41b3d1f..421e507 100644
--- a/openssl-1.0.0-beta4-fips.patch
+++ b/openssl-1.0.0a-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure
---- openssl-1.0.0-beta4/Configure.fips 2009-11-23 08:32:31.000000000 +0100
-+++ openssl-1.0.0-beta4/Configure 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/Configure.fips openssl-1.0.0a/Configure
+--- openssl-1.0.0a/Configure.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/Configure 2010-06-04 12:25:15.000000000 +0200
@@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml
my $processor="";
my $default_ranlib;
@@ -43,9 +43,9 @@ diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto/bf/bf_skey.c
---- openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bf/bf_skey.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/bf/bf_skey.c.fips openssl-1.0.0a/crypto/bf/bf_skey.c
+--- openssl-1.0.0a/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100
++++ openssl-1.0.0a/crypto/bf/bf_skey.c 2010-06-04 12:25:15.000000000 +0200
@@ -59,10 +59,15 @@
#include <stdio.h>
#include <string.h>
@@ -63,9 +63,9 @@ diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto
{
int i;
BF_LONG *p,ri,in[2];
-diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypto/bf/blowfish.h
---- openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bf/blowfish.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/bf/blowfish.h.fips openssl-1.0.0a/crypto/bf/blowfish.h
+--- openssl-1.0.0a/crypto/bf/blowfish.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/bf/blowfish.h 2010-06-04 12:25:15.000000000 +0200
@@ -104,7 +104,9 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
@@ -77,9 +77,9 @@ diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypt
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/bn.h
---- openssl-1.0.0-beta4/crypto/bn/bn.h.fips 2009-11-23 08:32:31.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bn/bn.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/bn/bn.h.fips openssl-1.0.0a/crypto/bn/bn.h
+--- openssl-1.0.0a/crypto/bn/bn.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/bn/bn.h 2010-06-04 12:25:15.000000000 +0200
@@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n
int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb);
@@ -98,9 +98,9 @@ diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/b
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/bn/bn_x931p.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/bn/bn_x931p.c.fips openssl-1.0.0a/crypto/bn/bn_x931p.c
+--- openssl-1.0.0a/crypto/bn/bn_x931p.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/bn/bn_x931p.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,272 @@
+/* bn_x931p.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -374,9 +374,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c
+
+ }
+
-diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/bn/Makefile
---- openssl-1.0.0-beta4/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bn/Makefile 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/bn/Makefile.fips openssl-1.0.0a/crypto/bn/Makefile
+--- openssl-1.0.0a/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100
++++ openssl-1.0.0a/crypto/bn/Makefile 2010-06-04 12:25:15.000000000 +0200
@@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li
bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
@@ -393,9 +393,9 @@ diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/
SRC= $(LIBSRC)
-diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl
---- openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl
+--- openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200
++++ openssl-1.0.0a/crypto/camellia/asm/cmll-x86.pl 2010-06-04 12:25:15.000000000 +0200
@@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0;
}
&function_end("Camellia_Ekeygen");
@@ -422,9 +422,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-
}
@SBOX=(
-diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4/crypto/camellia/camellia.h
---- openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/camellia.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/camellia/camellia.h.fips openssl-1.0.0a/crypto/camellia/camellia.h
+--- openssl-1.0.0a/crypto/camellia/camellia.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/camellia/camellia.h 2010-06-04 12:25:15.000000000 +0200
@@ -88,6 +88,11 @@ struct camellia_key_st
};
typedef struct camellia_key_st CAMELLIA_KEY;
@@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4
int Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key);
-diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0a/crypto/camellia/cmll_fblk.c
+--- openssl-1.0.0a/crypto/camellia/cmll_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/camellia/cmll_fblk.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,68 @@
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
@@ -509,9 +509,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c
+ return private_Camellia_set_key(userKey, bits, key);
+ }
+#endif
-diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c
---- openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips openssl-1.0.0a/crypto/camellia/cmll_misc.c
+--- openssl-1.0.0a/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100
++++ openssl-1.0.0a/crypto/camellia/cmll_misc.c 2010-06-04 12:25:15.000000000 +0200
@@ -52,11 +52,20 @@
#include <openssl/opensslv.h>
#include <openssl/camellia.h>
@@ -533,9 +533,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta
{
if(!userKey || !key)
return -1;
-diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/crypto/camellia/Makefile
---- openssl-1.0.0-beta4/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/Makefile 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/camellia/Makefile.fips openssl-1.0.0a/crypto/camellia/Makefile
+--- openssl-1.0.0a/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100
++++ openssl-1.0.0a/crypto/camellia/Makefile 2010-06-04 12:25:15.000000000 +0200
@@ -23,9 +23,9 @@ APPS=
LIB=$(TOP)/libcrypto.a
@@ -548,9 +548,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/c
SRC= $(LIBSRC)
-diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/cast/cast.h
---- openssl-1.0.0-beta4/crypto/cast/cast.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/cast/cast.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/cast/cast.h.fips openssl-1.0.0a/crypto/cast/cast.h
+--- openssl-1.0.0a/crypto/cast/cast.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/cast/cast.h 2010-06-04 12:25:15.000000000 +0200
@@ -83,7 +83,9 @@ typedef struct cast_key_st
int short_key; /* Use reduced rounds for short key */
} CAST_KEY;
@@ -560,11 +560,11 @@ diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
- void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
int enc);
-diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypto/cast/c_skey.c
---- openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/cast/c_skey.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/cast/c_skey.c.fips openssl-1.0.0a/crypto/cast/c_skey.c
+--- openssl-1.0.0a/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200
++++ openssl-1.0.0a/crypto/cast/c_skey.c 2010-06-04 12:25:15.000000000 +0200
@@ -57,6 +57,11 @@
*/
@@ -586,13 +586,14 @@ diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypt
{
CAST_LONG x[16];
CAST_LONG z[16];
-diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/crypto.h
---- openssl-1.0.0-beta4/crypto/crypto.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/crypto.h 2009-11-23 08:32:31.000000000 +0100
-@@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin
- unsigned long *OPENSSL_ia32cap_loc(void);
+diff -up openssl-1.0.0a/crypto/crypto.h.fips openssl-1.0.0a/crypto/crypto.h
+--- openssl-1.0.0a/crypto/crypto.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/crypto.h 2010-06-04 12:25:15.000000000 +0200
+@@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void)
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+ int OPENSSL_isservice(void);
++
+#ifdef OPENSSL_FIPS
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+ alg " previous FIPS forbidden algorithm error ignored");
@@ -659,9 +660,9 @@ diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/cry
/* Error codes for the CRYPTO functions. */
/* Function codes. */
-diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/dh/dh_err.c
---- openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dh/dh_err.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dh/dh_err.c.fips openssl-1.0.0a/crypto/dh/dh_err.c
+--- openssl-1.0.0a/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100
++++ openssl-1.0.0a/crypto/dh/dh_err.c 2010-06-04 12:25:15.000000000 +0200
@@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]=
{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
@@ -679,9 +680,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/
{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
-diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/dh/dh_gen.c
---- openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dh/dh_gen.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dh/dh_gen.c.fips openssl-1.0.0a/crypto/dh/dh_gen.c
+--- openssl-1.0.0a/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200
++++ openssl-1.0.0a/crypto/dh/dh_gen.c 2010-06-04 12:25:15.000000000 +0200
@@ -65,6 +65,10 @@
#include "cryptlib.h"
#include <openssl/bn.h>
@@ -714,9 +715,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
-diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/dh.h
---- openssl-1.0.0-beta4/crypto/dh/dh.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dh/dh.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dh/dh.h.fips openssl-1.0.0a/crypto/dh/dh.h
+--- openssl-1.0.0a/crypto/dh/dh.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/dh/dh.h 2010-06-04 12:25:15.000000000 +0200
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -743,9 +744,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/d
#ifdef __cplusplus
}
-diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/dh/dh_key.c
---- openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dh/dh_key.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dh/dh_key.c.fips openssl-1.0.0a/crypto/dh/dh_key.c
+--- openssl-1.0.0a/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200
++++ openssl-1.0.0a/crypto/dh/dh_key.c 2010-06-04 12:25:15.000000000 +0200
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -795,9 +796,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/
dh->flags |= DH_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips openssl-1.0.0a/crypto/dsa/dsa_gen.c
+--- openssl-1.0.0a/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100
++++ openssl-1.0.0a/crypto/dsa/dsa_gen.c 2010-06-04 12:25:15.000000000 +0200
@@ -77,8 +77,12 @@
#include "cryptlib.h"
#include <openssl/evp.h>
@@ -833,9 +834,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypt
if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
qsize != SHA256_DIGEST_LENGTH)
/* invalid q size */
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/dsa/dsa.h
---- openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dsa/dsa.h.fips openssl-1.0.0a/crypto/dsa/dsa.h
+--- openssl-1.0.0a/crypto/dsa/dsa.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/dsa/dsa.h 2010-06-04 12:25:15.000000000 +0200
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
@@ -892,9 +893,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/ds
#define DSA_R_PARAMETER_ENCODING_ERROR 105
#ifdef __cplusplus
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dsa/dsa_key.c.fips openssl-1.0.0a/crypto/dsa/dsa_key.c
+--- openssl-1.0.0a/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200
++++ openssl-1.0.0a/crypto/dsa/dsa_key.c 2010-06-04 12:25:15.000000000 +0200
@@ -63,9 +63,55 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -982,9 +983,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt
ok=1;
err:
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0a/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.0a/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200
++++ openssl-1.0.0a/crypto/dsa/dsa_ossl.c 2010-06-04 12:25:15.000000000 +0200
@@ -65,6 +65,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -1056,9 +1057,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/cryp
dsa->flags|=DSA_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypto/err/err_all.c
---- openssl-1.0.0-beta4/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/err/err_all.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/err/err_all.c.fips openssl-1.0.0a/crypto/err/err_all.c
+--- openssl-1.0.0a/crypto/err/err_all.c.fips 2009-08-09 16:58:05.000000000 +0200
++++ openssl-1.0.0a/crypto/err/err_all.c 2010-06-04 12:25:15.000000000 +0200
@@ -96,6 +96,9 @@
#include <openssl/ocsp.h>
#include <openssl/err.h>
@@ -1079,9 +1080,9 @@ diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypt
#ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
#endif
-diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto/evp/digest.c
---- openssl-1.0.0-beta4/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/digest.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/digest.c.fips openssl-1.0.0a/crypto/evp/digest.c
+--- openssl-1.0.0a/crypto/evp/digest.c.fips 2010-03-05 14:33:43.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/digest.c 2010-06-04 12:25:15.000000000 +0200
@@ -116,6 +116,7 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -1090,7 +1091,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
-@@ -137,9 +138,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
+@@ -138,9 +139,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
return EVP_DigestInit_ex(ctx, type, NULL);
}
@@ -1141,7 +1142,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
-@@ -195,6 +237,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+@@ -197,6 +239,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
#endif
if (ctx->digest != type)
{
@@ -1160,7 +1161,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
if (ctx->digest && ctx->digest->ctx_size)
OPENSSL_free(ctx->md_data);
ctx->digest=type;
-@@ -222,6 +276,9 @@ skip_to_init:
+@@ -230,6 +284,9 @@ skip_to_init:
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
@@ -1170,7 +1171,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
return ctx->update(ctx,data,count);
}
-@@ -238,6 +295,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
+@@ -246,6 +303,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
@@ -1180,9 +1181,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
-diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/evp/e_aes.c
---- openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/e_aes.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/e_aes.c.fips openssl-1.0.0a/crypto/evp/e_aes.c
+--- openssl-1.0.0a/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/e_aes.c 2010-06-04 12:25:15.000000000 +0200
@@ -69,32 +69,29 @@ typedef struct
IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
@@ -1235,9 +1236,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/crypto/evp/e_camellia.c
---- openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/e_camellia.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/e_camellia.c.fips openssl-1.0.0a/crypto/evp/e_camellia.c
+--- openssl-1.0.0a/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/e_camellia.c 2010-06-04 12:25:15.000000000 +0200
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks,
EVP_CIPHER_get_asn1_iv,
NULL)
@@ -1247,9 +1248,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/cr
IMPLEMENT_CAMELLIA_CFBR(128,1)
IMPLEMENT_CAMELLIA_CFBR(192,1)
-diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto/evp/e_des3.c
---- openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/e_des3.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/e_des3.c.fips openssl-1.0.0a/crypto/evp/e_des3.c
+--- openssl-1.0.0a/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/e_des3.c 2010-06-04 12:25:15.000000000 +0200
@@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
}
@@ -1294,9 +1295,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto
des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto/evp/e_null.c
---- openssl-1.0.0-beta4/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/e_null.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/e_null.c.fips openssl-1.0.0a/crypto/evp/e_null.c
+--- openssl-1.0.0a/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/e_null.c 2010-06-04 12:25:15.000000000 +0200
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
{
NID_undef,
@@ -1306,9 +1307,20 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto
null_init_key,
null_cipher,
NULL,
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypto/evp/evp_enc.c
---- openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_enc.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/e_rc4.c.fips openssl-1.0.0a/crypto/evp/e_rc4.c
+--- openssl-1.0.0a/crypto/evp/e_rc4.c.fips 2008-10-31 20:48:24.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/e_rc4.c 2010-06-04 12:25:15.000000000 +0200
+@@ -64,6 +64,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/rc4.h>
++#include "evp_locl.h"
+
+ /* FIXME: surely this is available elsewhere? */
+ #define EVP_RC4_KEY_SIZE 16
+diff -up openssl-1.0.0a/crypto/evp/evp_enc.c.fips openssl-1.0.0a/crypto/evp/evp_enc.c
+--- openssl-1.0.0a/crypto/evp/evp_enc.c.fips 2010-03-01 02:52:47.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/evp_enc.c 2010-06-04 12:25:15.000000000 +0200
@@ -68,8 +68,53 @@
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
@@ -1401,10 +1413,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypt
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
}
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypto/evp/evp_err.c
---- openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2009-11-23 08:32:31.000000000 +0100
-@@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+diff -up openssl-1.0.0a/crypto/evp/evp_err.c.fips openssl-1.0.0a/crypto/evp/evp_err.c
+--- openssl-1.0.0a/crypto/evp/evp_err.c.fips 2010-02-07 14:41:23.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/evp_err.c 2010-06-04 12:25:15.000000000 +0200
+@@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"},
@@ -1412,9 +1424,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypt
{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
-diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/evp/evp.h
---- openssl-1.0.0-beta4/crypto/evp/evp.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/evp.h.fips openssl-1.0.0a/crypto/evp/evp.h
+--- openssl-1.0.0a/crypto/evp/evp.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/evp.h 2010-06-04 12:25:15.000000000 +0200
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
@@ -1457,33 +1469,26 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev
#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
-@@ -330,6 +336,14 @@ struct evp_cipher_st
+@@ -330,12 +336,16 @@ struct evp_cipher_st
#define EVP_CIPH_NO_PADDING 0x100
/* cipher handles random key generation */
#define EVP_CIPH_RAND_KEY 0x200
+-/* cipher has its own additional copying logic */
+-#define EVP_CIPH_CUSTOM_COPY 0x400
+/* Note if suitable for use in FIPS mode */
+#define EVP_CIPH_FLAG_FIPS 0x400
+/* Allow non FIPS cipher in FIPS mode */
+#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
-+/* Allow use default ASN1 get/set iv */
-+#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
-+/* Buffer length in bits not bytes: CFB1 mode only */
-+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
+ /* Allow use default ASN1 get/set iv */
+ #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
+ /* Buffer length in bits not bytes: CFB1 mode only */
+ #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
++/* cipher has its own additional copying logic */
++#define EVP_CIPH_CUSTOM_COPY 0x4000
/* ctrl() values */
-@@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ
- const unsigned char *salt, const unsigned char *data,
- int datal, int count, unsigned char *key,unsigned char *iv);
-
-+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
-+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
-+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
-+
- int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
- int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void);
+@@ -1239,6 +1249,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_DIFFERENT_PARAMETERS 153
@@ -1491,9 +1496,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev
#define EVP_R_ENCODE_ERROR 115
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_EXPECTING_AN_RSA_KEY 127
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypto/evp/evp_lib.c
---- openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/evp_lib.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/evp_lib.c.fips openssl-1.0.0a/crypto/evp/evp_lib.c
+--- openssl-1.0.0a/crypto/evp/evp_lib.c.fips 2010-01-26 15:33:51.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/evp_lib.c 2010-06-04 12:25:15.000000000 +0200
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_
if (c->cipher->set_asn1_parameters != NULL)
@@ -1512,7 +1517,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt
else
ret=-1;
return(ret);
-@@ -180,6 +184,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
+@@ -186,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
{
@@ -1522,43 +1527,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
-@@ -289,3 +296,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_C
- {
- return (ctx->flags & flags);
- }
-+
-+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
-+ {
-+ ctx->flags |= flags;
-+ }
-+
-+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
-+ {
-+ ctx->flags &= ~flags;
-+ }
-+
-+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
-+ {
-+ return (ctx->flags & flags);
-+ }
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/crypto/evp/evp_locl.h
---- openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_locl.h 2009-11-23 08:32:31.000000000 +0100
-@@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER
- static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
- {\
- size_t chunk=EVP_MAXCHUNK;\
-- if (cbits==1) chunk>>=3;\
-+ if (cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) chunk>>=3;\
- if (inl<chunk) chunk=inl;\
- while(inl && inl>=chunk)\
- {\
-- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
-+ cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
- inl-=chunk;\
- in +=chunk;\
- out+=chunk;\
-@@ -254,14 +254,29 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
+diff -up openssl-1.0.0a/crypto/evp/evp_locl.h.fips openssl-1.0.0a/crypto/evp/evp_locl.h
+--- openssl-1.0.0a/crypto/evp/evp_locl.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/evp_locl.h 2010-06-04 12:25:15.000000000 +0200
+@@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
@@ -1580,6 +1552,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp
+#define CAST_set_key private_CAST_set_key
+#define RC5_32_set_key private_RC5_32_set_key
+#define BF_set_key private_BF_set_key
++#define SEED_set_key private_SEED_set_key
+#define Camellia_set_key private_Camellia_set_key
+#define idea_set_encrypt_key private_idea_set_encrypt_key
+
@@ -1588,14 +1561,16 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp
+#define MD2_Init private_MD2_Init
+#define MDC2_Init private_MDC2_Init
+#define SHA_Init private_SHA_Init
++#define RIPEMD160_Init private_RIPEMD160_Init
++#define WHIRLPOOL_Init private_WHIRLPOOL_Init
+
+#endif
struct evp_pkey_ctx_st
{
-diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss.c
---- openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/m_dss.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/m_dss.c.fips openssl-1.0.0a/crypto/evp/m_dss.c
+--- openssl-1.0.0a/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/m_dss.c 2010-06-04 12:25:15.000000000 +0200
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
NID_dsaWithSHA,
NID_dsaWithSHA,
@@ -1605,9 +1580,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/
init,
update,
final,
-diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss1.c
---- openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/m_dss1.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/m_dss1.c.fips openssl-1.0.0a/crypto/evp/m_dss1.c
+--- openssl-1.0.0a/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/m_dss1.c 2010-06-04 12:25:15.000000000 +0200
@@ -82,7 +82,7 @@ static const EVP_MD dss1_md=
NID_dsa,
NID_dsaWithSHA1,
@@ -1617,9 +1592,64 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto
init,
update,
final,
-diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto/evp/m_sha1.c
---- openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/m_sha1.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/m_mdc2.c.fips openssl-1.0.0a/crypto/evp/m_mdc2.c
+--- openssl-1.0.0a/crypto/evp/m_mdc2.c.fips 2010-02-02 14:36:05.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/m_mdc2.c 2010-06-04 12:25:15.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+
+ static int init(EVP_MD_CTX *ctx)
+ { return MDC2_Init(ctx->md_data); }
+diff -up openssl-1.0.0a/crypto/evp/m_md2.c.fips openssl-1.0.0a/crypto/evp/m_md2.c
+--- openssl-1.0.0a/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/m_md2.c 2010-06-04 12:25:15.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+
+ static int init(EVP_MD_CTX *ctx)
+ { return MD2_Init(ctx->md_data); }
+diff -up openssl-1.0.0a/crypto/evp/m_md4.c.fips openssl-1.0.0a/crypto/evp/m_md4.c
+--- openssl-1.0.0a/crypto/evp/m_md4.c.fips 2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/m_md4.c 2010-06-04 12:25:15.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+
+ static int init(EVP_MD_CTX *ctx)
+ { return MD4_Init(ctx->md_data); }
+diff -up openssl-1.0.0a/crypto/evp/m_md5.c.fips openssl-1.0.0a/crypto/evp/m_md5.c
+--- openssl-1.0.0a/crypto/evp/m_md5.c.fips 2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/m_md5.c 2010-06-04 12:25:15.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+
+ static int init(EVP_MD_CTX *ctx)
+ { return MD5_Init(ctx->md_data); }
+diff -up openssl-1.0.0a/crypto/evp/m_ripemd.c.fips openssl-1.0.0a/crypto/evp/m_ripemd.c
+--- openssl-1.0.0a/crypto/evp/m_ripemd.c.fips 2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/m_ripemd.c 2010-06-04 12:25:15.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+
+ static int init(EVP_MD_CTX *ctx)
+ { return RIPEMD160_Init(ctx->md_data); }
+diff -up openssl-1.0.0a/crypto/evp/m_sha1.c.fips openssl-1.0.0a/crypto/evp/m_sha1.c
+--- openssl-1.0.0a/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/m_sha1.c 2010-06-04 12:25:15.000000000 +0200
@@ -82,7 +82,8 @@ static const EVP_MD sha1_md=
NID_sha1,
NID_sha1WithRSAEncryption,
@@ -1670,9 +1700,20 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto
init512,
update512,
final512,
-diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/evp/names.c
---- openssl-1.0.0-beta4/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/names.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/m_wp.c.fips openssl-1.0.0a/crypto/evp/m_wp.c
+--- openssl-1.0.0a/crypto/evp/m_wp.c.fips 2005-11-30 21:57:23.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/m_wp.c 2010-06-04 12:25:15.000000000 +0200
+@@ -9,6 +9,7 @@
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
+ #include <openssl/whrlpool.h>
++#include "evp_locl.h"
+
+ static int init(EVP_MD_CTX *ctx)
+ { return WHIRLPOOL_Init(ctx->md_data); }
+diff -up openssl-1.0.0a/crypto/evp/names.c.fips openssl-1.0.0a/crypto/evp/names.c
+--- openssl-1.0.0a/crypto/evp/names.c.fips 2010-03-06 21:47:45.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/names.c 2010-06-04 12:25:15.000000000 +0200
@@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
{
int r;
@@ -1695,9 +1736,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/
name=OBJ_nid2sn(md->type);
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
if (r == 0) return(0);
-diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto/evp/p_sign.c
---- openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/p_sign.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/p_sign.c.fips openssl-1.0.0a/crypto/evp/p_sign.c
+--- openssl-1.0.0a/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/p_sign.c 2010-06-04 12:25:15.000000000 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -1729,9 +1770,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
-diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/crypto/evp/p_verify.c
---- openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/p_verify.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/evp/p_verify.c.fips openssl-1.0.0a/crypto/evp/p_verify.c
+--- openssl-1.0.0a/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/p_verify.c 2010-06-04 12:25:15.000000000 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -1763,9 +1804,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/cryp
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
EVP_PKEY_CTX_free(pkctx);
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_aesavs.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,939 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -2706,9 +2747,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_desmovs.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,702 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -3412,9 +3453,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_dssvs.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,537 @@
+#include <openssl/opensslconf.h>
+
@@ -3953,9 +3994,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_rngvs.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
@@ -4187,9 +4228,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c
+ return 0;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsagtest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4581,9 +4622,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsastest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4955,9 +4996,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c
+ return ret;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_rsavtest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5336,9 +5377,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c
+ return ret;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_shatest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5728,9 +5769,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0a/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.0a/crypto/fips/cavs/fips_utl.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/cavs/fips_utl.h 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -6075,9 +6116,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h
+#endif
+ }
+
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips_err.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips_err.c.fips openssl-1.0.0a/crypto/fips_err.c
+--- openssl-1.0.0a/crypto/fips_err.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips_err.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -6086,9 +6127,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c
+#else
+static void *dummy=&dummy;
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips_err.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips_err.h.fips openssl-1.0.0a/crypto/fips_err.h
+--- openssl-1.0.0a/crypto/fips_err.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips_err.h 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,137 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -6227,9 +6268,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h
+ }
+#endif
+ }
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_aes_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_aes_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,103 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -6334,9 +6375,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c
+ return ret;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips.c.fips openssl-1.0.0a/crypto/fips/fips.c
+--- openssl-1.0.0a/crypto/fips/fips.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,419 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -6757,9 +6798,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c
+
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_des_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_des_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,139 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -6900,9 +6941,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c
+ return ret;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_dsa_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,186 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -7090,9 +7131,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c
+ return ret;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips.h.fips openssl-1.0.0a/crypto/fips/fips.h
+--- openssl-1.0.0a/crypto/fips/fips.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips.h 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,163 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -7257,9 +7298,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h
+}
+#endif
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_hmac_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,137 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -7398,9 +7439,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c
+ return 1;
+ }
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_rand.c.fips openssl-1.0.0a/crypto/fips/fips_rand.c
+--- openssl-1.0.0a/crypto/fips/fips_rand.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_rand.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,412 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -7814,9 +7855,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c
+}
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_rand.h.fips openssl-1.0.0a/crypto/fips/fips_rand.h
+--- openssl-1.0.0a/crypto/fips/fips_rand.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_rand.h 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,77 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -7895,9 +7936,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h
+#endif
+#endif
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_rand_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_rand_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,373 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -8272,9 +8313,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_randtest.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_randtest.c.fips openssl-1.0.0a/crypto/fips/fips_randtest.c
+--- openssl-1.0.0a/crypto/fips/fips_randtest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_randtest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,248 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -8524,9 +8565,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_rsa_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,441 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -8969,9 +9010,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c
+ }
+
+#endif /* def OPENSSL_FIPS */
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_rsa_x931g.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,281 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -9254,9 +9295,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c
+ return 0;
+
+ }
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c
+--- openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_sha1_selftest.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,99 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9357,9 +9398,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c
+--- openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_standalone_sha1.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,173 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9534,9 +9575,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c
+ }
+
+
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips openssl-1.0.0a/crypto/fips/fips_test_suite.c
+--- openssl-1.0.0a/crypto/fips/fips_test_suite.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/fips_test_suite.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,588 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10126,9 +10167,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c
+ }
+
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips_locl.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips_locl.h.fips openssl-1.0.0a/crypto/fips_locl.h
+--- openssl-1.0.0a/crypto/fips_locl.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips_locl.h 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,72 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10202,9 +10243,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h
+}
+#endif
+#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/Makefile 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/fips/Makefile.fips openssl-1.0.0a/crypto/fips/Makefile
+--- openssl-1.0.0a/crypto/fips/Makefile.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/fips/Makefile 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,81 @@
+#
+# OpenSSL/crypto/fips/Makefile
@@ -10287,9 +10328,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
-diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/hmac/hmac.c
---- openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/hmac/hmac.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/hmac/hmac.c.fips openssl-1.0.0a/crypto/hmac/hmac.c
+--- openssl-1.0.0a/crypto/hmac/hmac.c.fips 2010-01-26 15:33:52.000000000 +0100
++++ openssl-1.0.0a/crypto/hmac/hmac.c 2010-06-04 12:25:15.000000000 +0200
@@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
if (key != NULL)
@@ -10304,31 +10345,9 @@ diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/
reset=1;
j=EVP_MD_block_size(md);
OPENSSL_assert(j <= (int)sizeof(ctx->key));
-@@ -209,3 +216,10 @@ unsigned char *HMAC(const EVP_MD *evp_md
- return NULL;
- }
-
-+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-+ {
-+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-+ }
-+
-diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips openssl-1.0.0-beta4/crypto/hmac/hmac.h
---- openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/hmac/hmac.h 2009-11-23 08:32:31.000000000 +0100
-@@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md
- unsigned int *md_len);
- int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-
-+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-
- #ifdef __cplusplus
- }
-diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Makefile
---- openssl-1.0.0-beta4/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/Makefile 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/Makefile.fips openssl-1.0.0a/crypto/Makefile
+--- openssl-1.0.0a/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200
++++ openssl-1.0.0a/crypto/Makefile 2010-06-04 12:25:15.000000000 +0200
@@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i
LIB= $(TOP)/libcrypto.a
@@ -10347,9 +10366,9 @@ diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Mak
ALL= $(GENERAL) $(SRC) $(HEADER)
-diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0a/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.0a/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200
++++ openssl-1.0.0a/crypto/mdc2/mdc2dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -61,6 +61,11 @@
#include <string.h>
#include <openssl/des.h>
@@ -10371,9 +10390,9 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/cry
{
c->num=0;
c->pad_type=1;
-diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2.h
---- openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips 2009-11-23 08:32:31.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/mdc2/mdc2.h.fips openssl-1.0.0a/crypto/mdc2/mdc2.h
+--- openssl-1.0.0a/crypto/mdc2/mdc2.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/mdc2/mdc2.h 2010-06-04 12:25:15.000000000 +0200
@@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st
int pad_type; /* either 1 or 2, default 1 */
} MDC2_CTX;
@@ -10385,9 +10404,9 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/
int MDC2_Init(MDC2_CTX *c);
int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/crypto/md2/md2_dgst.c
---- openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/md2/md2_dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/md2/md2_dgst.c.fips openssl-1.0.0a/crypto/md2/md2_dgst.c
+--- openssl-1.0.0a/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200
++++ openssl-1.0.0a/crypto/md2/md2_dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
@@ -10409,9 +10428,9 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/cryp
{
c->num=0;
memset(c->state,0,sizeof c->state);
-diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md2/md2.h
---- openssl-1.0.0-beta4/crypto/md2/md2.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md2/md2.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/md2/md2.h.fips openssl-1.0.0a/crypto/md2/md2.h
+--- openssl-1.0.0a/crypto/md2/md2.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/md2/md2.h 2010-06-04 12:25:15.000000000 +0200
@@ -81,6 +81,9 @@ typedef struct MD2state_st
} MD2_CTX;
@@ -10422,9 +10441,9 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md
int MD2_Init(MD2_CTX *c);
int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
int MD2_Final(unsigned char *md, MD2_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/crypto/md4/md4_dgst.c
---- openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md4/md4_dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/md4/md4_dgst.c.fips openssl-1.0.0a/crypto/md4/md4_dgst.c
+--- openssl-1.0.0a/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100
++++ openssl-1.0.0a/crypto/md4/md4_dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "md4_locl.h"
@@ -10446,9 +10465,9 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/cryp
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md4/md4.h
---- openssl-1.0.0-beta4/crypto/md4/md4.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md4/md4.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/md4/md4.h.fips openssl-1.0.0a/crypto/md4/md4.h
+--- openssl-1.0.0a/crypto/md4/md4.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/md4/md4.h 2010-06-04 12:25:15.000000000 +0200
@@ -105,6 +105,9 @@ typedef struct MD4state_st
unsigned int num;
} MD4_CTX;
@@ -10459,9 +10478,9 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md
int MD4_Init(MD4_CTX *c);
int MD4_Update(MD4_CTX *c, const void *data, size_t len);
int MD4_Final(unsigned char *md, MD4_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/crypto/md5/md5_dgst.c
---- openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md5/md5_dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/md5/md5_dgst.c.fips openssl-1.0.0a/crypto/md5/md5_dgst.c
+--- openssl-1.0.0a/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100
++++ openssl-1.0.0a/crypto/md5/md5_dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "md5_locl.h"
@@ -10483,9 +10502,9 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/cryp
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md5/md5.h
---- openssl-1.0.0-beta4/crypto/md5/md5.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md5/md5.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/md5/md5.h.fips openssl-1.0.0a/crypto/md5/md5.h
+--- openssl-1.0.0a/crypto/md5/md5.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/md5/md5.h 2010-06-04 12:25:15.000000000 +0200
@@ -105,6 +105,9 @@ typedef struct MD5state_st
unsigned int num;
} MD5_CTX;
@@ -10496,9 +10515,9 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md
int MD5_Init(MD5_CTX *c);
int MD5_Update(MD5_CTX *c, const void *data, size_t len);
int MD5_Final(unsigned char *md, MD5_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c
---- openssl-1.0.0-beta4/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/mem.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/mem.c.fips openssl-1.0.0a/crypto/mem.c
+--- openssl-1.0.0a/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100
++++ openssl-1.0.0a/crypto/mem.c 2010-06-04 12:25:15.000000000 +0200
@@ -101,7 +101,7 @@ static void (*free_locked_func)(void *)
/* may be changed as long as 'allow_customize_debug' is set */
@@ -10508,9 +10527,9 @@ diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c
/* use default functions from mem_dbg.c */
static void (*malloc_debug_func)(void *,int,const char *,int,int)
= CRYPTO_dbg_malloc;
-diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/o_init.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/o_init.c.fips openssl-1.0.0a/crypto/o_init.c
+--- openssl-1.0.0a/crypto/o_init.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,80 @@
+/* o_init.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10592,9 +10611,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c
+ }
+
+
-diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/crypto/opensslconf.h.in
---- openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/opensslconf.h.in 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/opensslconf.h.in.fips openssl-1.0.0a/crypto/opensslconf.h.in
+--- openssl-1.0.0a/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
++++ openssl-1.0.0a/crypto/opensslconf.h.in 2010-06-04 12:25:15.000000000 +0200
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
@@ -10616,9 +10635,9 @@ diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/cr
/* Generate 80386 code? */
#undef I386_ONLY
-diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c
---- openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0a/crypto/pkcs12/p12_crt.c
+--- openssl-1.0.0a/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
++++ openssl-1.0.0a/crypto/pkcs12/p12_crt.c 2010-06-04 12:25:15.000000000 +0200
@@ -59,6 +59,10 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -10645,9 +10664,9 @@ diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/cr
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
-diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/crypto/rand/md_rand.c
---- openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/md_rand.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rand/md_rand.c.fips openssl-1.0.0a/crypto/rand/md_rand.c
+--- openssl-1.0.0a/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100
++++ openssl-1.0.0a/crypto/rand/md_rand.c 2010-06-04 12:25:15.000000000 +0200
@@ -126,6 +126,10 @@
#include <openssl/crypto.h>
@@ -10674,9 +10693,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/cryp
#ifdef PREDICT
if (rand_predictable)
{
-diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/crypto/rand/rand_err.c
---- openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/rand_err.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rand/rand_err.c.fips openssl-1.0.0a/crypto/rand/rand_err.c
+--- openssl-1.0.0a/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100
++++ openssl-1.0.0a/crypto/rand/rand_err.c 2010-06-04 12:25:15.000000000 +0200
@@ -70,6 +70,13 @@
static ERR_STRING_DATA RAND_str_functs[]=
@@ -10709,9 +10728,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/cry
{0,NULL}
};
-diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/rand/rand.h
---- openssl-1.0.0-beta4/crypto/rand/rand.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/rand.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rand/rand.h.fips openssl-1.0.0a/crypto/rand/rand.h
+--- openssl-1.0.0a/crypto/rand/rand.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/rand/rand.h 2010-06-04 12:25:15.000000000 +0200
@@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -10741,9 +10760,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/
#ifdef __cplusplus
}
-diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/crypto/rand/rand_lib.c
---- openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/rand_lib.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rand/rand_lib.c.fips openssl-1.0.0a/crypto/rand/rand_lib.c
+--- openssl-1.0.0a/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100
++++ openssl-1.0.0a/crypto/rand/rand_lib.c 2010-06-04 12:25:15.000000000 +0200
@@ -60,6 +60,12 @@
#include <time.h>
#include "cryptlib.h"
@@ -10777,9 +10796,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/cry
return default_RAND_meth;
}
-diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc2/rc2.h
---- openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc2/rc2.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc2/rc2.h.fips openssl-1.0.0a/crypto/rc2/rc2.h
+--- openssl-1.0.0a/crypto/rc2/rc2.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/rc2/rc2.h 2010-06-04 12:25:15.000000000 +0200
@@ -79,7 +79,9 @@ typedef struct rc2_key_st
RC2_INT data[64];
} RC2_KEY;
@@ -10791,9 +10810,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc
void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
int enc);
-diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c
---- openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips openssl-1.0.0a/crypto/rc2/rc2_skey.c
+--- openssl-1.0.0a/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200
++++ openssl-1.0.0a/crypto/rc2/rc2_skey.c 2010-06-04 12:25:15.000000000 +0200
@@ -57,6 +57,11 @@
*/
@@ -10827,9 +10846,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/cryp
int i,j;
unsigned char *k;
RC2_INT *ki;
-diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl
---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl
+--- openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100
++++ openssl-1.0.0a/crypto/rc4/asm/rc4-s390x.pl 2010-06-04 12:25:15.000000000 +0200
@@ -202,4 +202,6 @@ RC4_options:
.string "rc4(8x,char)"
___
@@ -10837,9 +10856,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta
+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne "");
+
print $code;
-diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl
+--- openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200
++++ openssl-1.0.0a/crypto/rc4/asm/rc4-x86_64.pl 2010-06-04 12:25:15.000000000 +0200
@@ -499,6 +499,8 @@ ___
$code =~ s/#([bwd])/$1/gm;
@@ -10849,9 +10868,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet
print $code;
close STDOUT;
-diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl
---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl
+--- openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100
++++ openssl-1.0.0a/crypto/rc4/asm/rc4-586.pl 2010-06-04 12:25:15.000000000 +0200
@@ -166,8 +166,12 @@ $idx="edx";
&external_label("OPENSSL_ia32cap_P");
@@ -10875,9 +10894,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/
# const char *RC4_options(void);
&function_begin_B("RC4_options");
-diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto/rc4/Makefile
---- openssl-1.0.0-beta4/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/Makefile 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/Makefile.fips openssl-1.0.0a/crypto/rc4/Makefile
+--- openssl-1.0.0a/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100
++++ openssl-1.0.0a/crypto/rc4/Makefile 2010-06-04 12:25:15.000000000 +0200
@@ -21,8 +21,8 @@ TEST=rc4test.c
APPS=
@@ -10889,9 +10908,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto
SRC= $(LIBSRC)
-diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c
---- /dev/null 2009-11-20 08:30:43.534002215 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0a/crypto/rc4/rc4_fblk.c
+--- openssl-1.0.0a/crypto/rc4/rc4_fblk.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/rc4/rc4_fblk.c 2010-06-04 12:25:15.000000000 +0200
@@ -0,0 +1,75 @@
+/* crypto/rc4/rc4_fblk.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10968,9 +10987,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c
+ }
+#endif
+
-diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc4/rc4.h
---- openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips 2009-11-23 08:32:31.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/rc4.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/rc4.h.fips openssl-1.0.0a/crypto/rc4/rc4.h
+--- openssl-1.0.0a/crypto/rc4/rc4.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/rc4/rc4.h 2010-06-04 12:25:15.000000000 +0200
@@ -78,6 +78,9 @@ typedef struct rc4_key_st
@@ -10981,9 +11000,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
unsigned char *outdata);
-diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c
---- openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips openssl-1.0.0a/crypto/rc4/rc4_skey.c
+--- openssl-1.0.0a/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100
++++ openssl-1.0.0a/crypto/rc4/rc4_skey.c 2010-06-04 12:25:15.000000000 +0200
@@ -59,6 +59,11 @@
#include <openssl/rc4.h>
#include "rc4_locl.h"
@@ -11021,9 +11040,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/cryp
unsigned char *cp=(unsigned char *)d;
for (i=0;i<256;i++) cp[i]=i;
-diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/crypto/ripemd/ripemd.h
---- openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/ripemd/ripemd.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/ripemd/ripemd.h.fips openssl-1.0.0a/crypto/ripemd/ripemd.h
+--- openssl-1.0.0a/crypto/ripemd/ripemd.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/ripemd/ripemd.h 2010-06-04 12:25:15.000000000 +0200
@@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st
unsigned int num;
} RIPEMD160_CTX;
@@ -11034,9 +11053,9 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/cry
int RIPEMD160_Init(RIPEMD160_CTX *c);
int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0a/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.0a/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100
++++ openssl-1.0.0a/crypto/ripemd/rmd_dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "rmd_locl.h"
@@ -11058,9 +11077,9 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/c
{
memset (c,0,sizeof(*c));
c->A=RIPEMD160_A;
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c 2009-11-23 08:33:32.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips openssl-1.0.0a/crypto/rsa/rsa_eay.c
+--- openssl-1.0.0a/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200
++++ openssl-1.0.0a/crypto/rsa/rsa_eay.c 2010-06-04 12:25:15.000000000 +0200
@@ -114,6 +114,10 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -11321,9 +11340,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
return(1);
}
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_err.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_err.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rsa/rsa_err.c.fips openssl-1.0.0a/crypto/rsa/rsa_err.c
+--- openssl-1.0.0a/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100
++++ openssl-1.0.0a/crypto/rsa/rsa_err.c 2010-06-04 12:25:15.000000000 +0200
@@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
@@ -11350,9 +11369,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypt
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips openssl-1.0.0a/crypto/rsa/rsa_gen.c
+--- openssl-1.0.0a/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200
++++ openssl-1.0.0a/crypto/rsa/rsa_gen.c 2010-06-04 12:25:15.000000000 +0200
@@ -67,6 +67,82 @@
#include "cryptlib.h"
#include <openssl/bn.h>
@@ -11478,9 +11497,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypt
ok=1;
err:
if (ok == -1)
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rsa/rsa.h
---- openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rsa/rsa.h.fips openssl-1.0.0a/crypto/rsa/rsa.h
+--- openssl-1.0.0a/crypto/rsa/rsa.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/rsa/rsa.h 2010-06-04 12:25:15.000000000 +0200
@@ -74,6 +74,21 @@
#error RSA is disabled.
#endif
@@ -11550,9 +11569,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rs
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips 2009-08-05 17:04:16.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips openssl-1.0.0a/crypto/rsa/rsa_lib.c
+--- openssl-1.0.0a/crypto/rsa/rsa_lib.c.fips 2009-12-09 14:38:20.000000000 +0100
++++ openssl-1.0.0a/crypto/rsa/rsa_lib.c 2010-06-04 12:25:15.000000000 +0200
@@ -80,6 +80,13 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -11600,7 +11619,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt
ret->pad=0;
ret->version=0;
-@@ -285,6 +311,13 @@ int RSA_public_encrypt(int flen, const u
+@@ -294,6 +320,13 @@ int RSA_public_encrypt(int flen, const u
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
@@ -11614,7 +11633,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt
return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
-@@ -297,6 +330,13 @@ int RSA_private_decrypt(int flen, const
+@@ -306,6 +339,13 @@ int RSA_private_decrypt(int flen, const
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
@@ -11628,9 +11647,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips openssl-1.0.0a/crypto/rsa/rsa_sign.c
+--- openssl-1.0.0a/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200
++++ openssl-1.0.0a/crypto/rsa/rsa_sign.c 2010-06-04 12:25:15.000000000 +0200
@@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch
i2d_X509_SIG(&sig,&p);
s=tmps;
@@ -11662,9 +11681,54 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/cryp
if (i <= 0) goto err;
-diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha_dgst.c
---- openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha_dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/seed/seed.c.fips openssl-1.0.0a/crypto/seed/seed.c
+--- openssl-1.0.0a/crypto/seed/seed.c.fips 2008-12-16 08:41:21.000000000 +0100
++++ openssl-1.0.0a/crypto/seed/seed.c 2010-06-04 12:25:15.000000000 +0200
+@@ -34,6 +34,9 @@
+
+ #include <openssl/seed.h>
+ #include "seed_locl.h"
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+
+ static const seed_word SS[4][256] = { {
+ 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+@@ -193,7 +196,18 @@ static const seed_word KC[] = {
+ KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 };
+ #endif
+
++#ifdef OPENSSL_FIPS
+ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
++ {
++ if (FIPS_mode())
++ FIPS_BAD_ABORT(SEED)
++ private_SEED_set_key(rawkey, ks);
++ }
++
++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
++#else
++void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
++#endif
+ {
+ seed_word x1, x2, x3, x4;
+ seed_word t0, t1;
+diff -up openssl-1.0.0a/crypto/seed/seed.h.fips openssl-1.0.0a/crypto/seed/seed.h
+--- openssl-1.0.0a/crypto/seed/seed.h.fips 2010-06-04 12:25:14.000000000 +0200
++++ openssl-1.0.0a/crypto/seed/seed.h 2010-06-04 12:25:15.000000000 +0200
+@@ -117,6 +117,9 @@ typedef struct seed_key_st {
+ } SEED_KEY_SCHEDULE;
+
+
++#ifdef OPENSSL_FIPS
++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
++#endif
+ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+
+ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+diff -up openssl-1.0.0a/crypto/sha/sha_dgst.c.fips openssl-1.0.0a/crypto/sha/sha_dgst.c
+--- openssl-1.0.0a/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0a/crypto/sha/sha_dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -57,6 +57,12 @@
*/
@@ -11678,9 +11742,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/cryp
#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
#undef SHA_1
-diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sha/sha.h
---- openssl-1.0.0-beta4/crypto/sha/sha.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/sha/sha.h.fips openssl-1.0.0a/crypto/sha/sha.h
+--- openssl-1.0.0a/crypto/sha/sha.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/sha/sha.h 2010-06-04 12:25:15.000000000 +0200
@@ -106,6 +106,9 @@ typedef struct SHAstate_st
} SHA_CTX;
@@ -11691,9 +11755,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sh
int SHA_Init(SHA_CTX *c);
int SHA_Update(SHA_CTX *c, const void *data, size_t len);
int SHA_Final(unsigned char *md, SHA_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/crypto/sha/sha_locl.h
---- openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips 2009-11-23 08:32:30.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha_locl.h 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/sha/sha_locl.h.fips openssl-1.0.0a/crypto/sha/sha_locl.h
+--- openssl-1.0.0a/crypto/sha/sha_locl.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/sha/sha_locl.h 2010-06-04 12:25:15.000000000 +0200
@@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c,
#define INIT_DATA_h3 0x10325476UL
#define INIT_DATA_h4 0xc3d2e1f0UL
@@ -11710,9 +11774,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/cryp
memset (c,0,sizeof(*c));
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
-diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha1dgst.c
---- openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha1dgst.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/sha/sha1dgst.c.fips openssl-1.0.0a/crypto/sha/sha1dgst.c
+--- openssl-1.0.0a/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0a/crypto/sha/sha1dgst.c 2010-06-04 12:25:15.000000000 +0200
@@ -63,6 +63,10 @@
#define SHA_1
@@ -11724,9 +11788,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/cryp
const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
-diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto/sha/sha256.c
---- openssl-1.0.0-beta4/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha256.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/sha/sha256.c.fips openssl-1.0.0a/crypto/sha/sha256.c
+--- openssl-1.0.0a/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0a/crypto/sha/sha256.c 2010-06-04 12:25:15.000000000 +0200
@@ -12,12 +12,19 @@
#include <openssl/crypto.h>
@@ -11757,9 +11821,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto
memset (c,0,sizeof(*c));
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
-diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto/sha/sha512.c
---- openssl-1.0.0-beta4/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha512.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/sha/sha512.c.fips openssl-1.0.0a/crypto/sha/sha512.c
+--- openssl-1.0.0a/crypto/sha/sha512.c.fips 2009-12-30 12:53:33.000000000 +0100
++++ openssl-1.0.0a/crypto/sha/sha512.c 2010-06-04 12:25:15.000000000 +0200
@@ -5,6 +5,10 @@
* ====================================================================
*/
@@ -11791,18 +11855,39 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto
#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
/* maintain dword order required by assembler module */
unsigned int *h = (unsigned int *)c->h;
-@@ -380,7 +390,7 @@ static const SHA_LONG64 K512[80] = {
- ((SHA_LONG64)hi)<<32|lo; })
- # endif
- # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
--# define ROTR(a,n) ({ unsigned long ret; \
-+# define ROTR(a,n) ({ SHA_LONG64 ret; \
- asm ("rotrdi %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a),"K"(n)); ret; })
-diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org
---- openssl-1.0.0-beta4/Makefile.org.fips 2009-11-23 08:32:31.000000000 +0100
-+++ openssl-1.0.0-beta4/Makefile.org 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0a/crypto/whrlpool/whrlpool.h
+--- openssl-1.0.0a/crypto/whrlpool/whrlpool.h.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/crypto/whrlpool/whrlpool.h 2010-06-04 12:25:15.000000000 +0200
+@@ -24,6 +24,9 @@ typedef struct {
+ } WHIRLPOOL_CTX;
+
+ #ifndef OPENSSL_NO_WHIRLPOOL
++#ifdef OPENSSL_FIPS
++int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
++#endif
+ int WHIRLPOOL_Init (WHIRLPOOL_CTX *c);
+ int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
+ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
+diff -up openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0a/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.0a/crypto/whrlpool/wp_dgst.c.fips 2008-12-29 13:35:49.000000000 +0100
++++ openssl-1.0.0a/crypto/whrlpool/wp_dgst.c 2010-06-04 12:25:15.000000000 +0200
+@@ -53,8 +53,12 @@
+
+ #include "wp_locl.h"
+ #include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+
+-int WHIRLPOOL_Init (WHIRLPOOL_CTX *c)
++FIPS_NON_FIPS_MD_Init(WHIRLPOOL)
+ {
+ memset (c,0,sizeof(*c));
+ return(1);
+diff -up openssl-1.0.0a/Makefile.org.fips openssl-1.0.0a/Makefile.org
+--- openssl-1.0.0a/Makefile.org.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/Makefile.org 2010-06-04 12:25:15.000000000 +0200
@@ -110,6 +110,9 @@ LIBKRB5=
ZLIB_INCLUDE=
LIBZLIB=
@@ -11830,9 +11915,9 @@ diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_ciph.c
---- openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/ssl_ciph.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/ssl/ssl_ciph.c.fips openssl-1.0.0a/ssl/ssl_ciph.c
+--- openssl-1.0.0a/ssl/ssl_ciph.c.fips 2009-09-13 01:18:09.000000000 +0200
++++ openssl-1.0.0a/ssl/ssl_ciph.c 2010-06-04 12:25:15.000000000 +0200
@@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
@@ -11855,10 +11940,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_cip
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
-diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.c
---- openssl-1.0.0-beta4/ssl/ssl_lib.c.fips 2009-10-16 15:41:52.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/ssl_lib.c 2009-11-23 08:32:31.000000000 +0100
-@@ -1471,6 +1471,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.0.0a/ssl/ssl_lib.c.fips openssl-1.0.0a/ssl/ssl_lib.c
+--- openssl-1.0.0a/ssl/ssl_lib.c.fips 2010-02-17 20:43:46.000000000 +0100
++++ openssl-1.0.0a/ssl/ssl_lib.c 2010-06-04 12:25:15.000000000 +0200
+@@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
return(NULL);
}
@@ -11873,10 +11958,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
-diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.c
---- openssl-1.0.0-beta4/ssl/ssltest.c.fips 2009-11-23 08:32:31.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/ssltest.c 2009-11-23 08:32:31.000000000 +0100
-@@ -265,6 +265,9 @@ static void sv_usage(void)
+diff -up openssl-1.0.0a/ssl/ssltest.c.fips openssl-1.0.0a/ssl/ssltest.c
+--- openssl-1.0.0a/ssl/ssltest.c.fips 2010-06-04 12:25:15.000000000 +0200
++++ openssl-1.0.0a/ssl/ssltest.c 2010-06-04 12:25:15.000000000 +0200
+@@ -268,6 +268,9 @@ static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
@@ -11886,7 +11971,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
-@@ -484,6 +487,9 @@ int main(int argc, char *argv[])
+@@ -487,6 +490,9 @@ int main(int argc, char *argv[])
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
@@ -11896,7 +11981,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
verbose = 0;
debug = 0;
-@@ -515,7 +521,16 @@ int main(int argc, char *argv[])
+@@ -518,7 +524,16 @@ int main(int argc, char *argv[])
while (argc >= 1)
{
@@ -11914,7 +11999,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
-@@ -711,6 +726,20 @@ bad:
+@@ -714,6 +729,20 @@ bad:
EXIT(1);
}
@@ -11935,7 +12020,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
if (print_time)
{
if (!bio_pair)
-@@ -2153,12 +2182,12 @@ static int MS_CALLBACK app_verify_callba
+@@ -2156,12 +2185,12 @@ static int MS_CALLBACK app_verify_callba
}
#ifndef OPENSSL_NO_X509_VERIFY
@@ -11950,10 +12035,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
if(s->version == TLS1_VERSION)
FIPS_allow_md5(0);
# endif
-diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_clnt.c
---- openssl-1.0.0-beta4/ssl/s23_clnt.c.fips 2009-08-05 17:29:14.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/s23_clnt.c 2009-11-23 08:32:31.000000000 +0100
-@@ -335,6 +335,14 @@ static int ssl23_client_hello(SSL *s)
+diff -up openssl-1.0.0a/ssl/s23_clnt.c.fips openssl-1.0.0a/ssl/s23_clnt.c
+--- openssl-1.0.0a/ssl/s23_clnt.c.fips 2010-02-16 15:20:40.000000000 +0100
++++ openssl-1.0.0a/ssl/s23_clnt.c 2010-06-04 12:25:15.000000000 +0200
+@@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s)
version_major = TLS1_VERSION_MAJOR;
version_minor = TLS1_VERSION_MINOR;
}
@@ -11968,7 +12053,7 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln
else if (version == SSL3_VERSION)
{
version_major = SSL3_VERSION_MAJOR;
-@@ -618,6 +626,14 @@ static int ssl23_get_server_hello(SSL *s
+@@ -617,6 +625,14 @@ static int ssl23_get_server_hello(SSL *s
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
@@ -11983,10 +12068,10 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}
-diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srvr.c
---- openssl-1.0.0-beta4/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/s23_srvr.c 2009-11-23 08:32:31.000000000 +0100
-@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
+diff -up openssl-1.0.0a/ssl/s23_srvr.c.fips openssl-1.0.0a/ssl/s23_srvr.c
+--- openssl-1.0.0a/ssl/s23_srvr.c.fips 2010-02-16 15:20:40.000000000 +0100
++++ openssl-1.0.0a/ssl/s23_srvr.c 2010-06-04 12:25:15.000000000 +0200
+@@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s)
}
}
@@ -12002,9 +12087,9 @@ diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srv
if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
{
/* we have SSLv3/TLSv1 in an SSLv2 header
-diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.c
---- openssl-1.0.0-beta4/ssl/s3_clnt.c.fips 2009-10-30 15:06:18.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/s3_clnt.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/ssl/s3_clnt.c.fips openssl-1.0.0a/ssl/s3_clnt.c
+--- openssl-1.0.0a/ssl/s3_clnt.c.fips 2010-02-28 01:24:24.000000000 +0100
++++ openssl-1.0.0a/ssl/s3_clnt.c 2010-06-04 12:25:15.000000000 +0200
@@ -156,6 +156,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
@@ -12016,7 +12101,7 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
-@@ -1530,6 +1534,8 @@ int ssl3_get_key_exchange(SSL *s)
+@@ -1546,6 +1550,8 @@ int ssl3_get_key_exchange(SSL *s)
q=md_buf;
for (num=2; num > 0; num--)
{
@@ -12025,9 +12110,9 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c
---- openssl-1.0.0-beta4/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/s3_enc.c 2009-11-23 08:32:31.000000000 +0100
+diff -up openssl-1.0.0a/ssl/s3_enc.c.fips openssl-1.0.0a/ssl/s3_enc.c
+--- openssl-1.0.0a/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200
++++ openssl-1.0.0a/ssl/s3_enc.c 2010-06-04 12:25:15.000000000 +0200
@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *
#endif
k=0;
@@ -12053,10 +12138,10 @@ diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c
EVP_MD_CTX_copy_ex(&ctx,d);
n=EVP_MD_CTX_size(&ctx);
if (n < 0)
-diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.c
---- openssl-1.0.0-beta4/ssl/s3_srvr.c.fips 2009-10-30 14:22:44.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/s3_srvr.c 2009-11-23 08:32:31.000000000 +0100
-@@ -1679,6 +1679,8 @@ int ssl3_send_server_key_exchange(SSL *s
+diff -up openssl-1.0.0a/ssl/s3_srvr.c.fips openssl-1.0.0a/ssl/s3_srvr.c
+--- openssl-1.0.0a/ssl/s3_srvr.c.fips 2010-02-28 00:04:10.000000000 +0100
++++ openssl-1.0.0a/ssl/s3_srvr.c 2010-06-04 12:25:15.000000000 +0200
+@@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s
j=0;
for (num=2; num > 0; num--)
{
@@ -12065,15 +12150,15 @@ diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.0-beta4/ssl/t1_enc.c.fips openssl-1.0.0-beta4/ssl/t1_enc.c
---- openssl-1.0.0-beta4/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/t1_enc.c 2009-11-23 08:32:31.000000000 +0100
-@@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md
+diff -up openssl-1.0.0a/ssl/t1_enc.c.fips openssl-1.0.0a/ssl/t1_enc.c
+--- openssl-1.0.0a/ssl/t1_enc.c.fips 2010-05-17 13:26:56.000000000 +0200
++++ openssl-1.0.0a/ssl/t1_enc.c 2010-06-04 13:28:01.000000000 +0200
+@@ -170,6 +170,8 @@ static int tls1_P_hash(const EVP_MD *md,
HMAC_CTX_init(&ctx);
HMAC_CTX_init(&ctx_tmp);
+ HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
- HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
- if (seed1 != NULL) HMAC_Update(&ctx,seed1,seed1_len);
+ if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
+ goto err;
+ if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
diff --git a/openssl-1.0.0-beta3-fipsmode.patch b/openssl-1.0.0a-fipsmode.patch
similarity index 80%
rename from openssl-1.0.0-beta3-fipsmode.patch
rename to openssl-1.0.0a-fipsmode.patch
index 2fbf0a6..352e74e 100644
--- a/openssl-1.0.0-beta3-fipsmode.patch
+++ b/openssl-1.0.0a-fipsmode.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c
---- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/engine/eng_all.c 2009-08-11 17:37:16.000000000 +0200
+diff -up openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode openssl-1.0.0a/crypto/engine/eng_all.c
+--- openssl-1.0.0a/crypto/engine/eng_all.c.fipsmode 2009-07-01 16:55:58.000000000 +0200
++++ openssl-1.0.0a/crypto/engine/eng_all.c 2010-06-04 13:32:13.000000000 +0200
@@ -58,9 +58,23 @@
#include "cryptlib.h"
@@ -25,9 +25,9 @@ diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
-diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c
---- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode 2007-04-24 01:48:28.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/c_allc.c 2009-08-11 17:42:34.000000000 +0200
+diff -up openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode openssl-1.0.0a/crypto/evp/c_allc.c
+--- openssl-1.0.0a/crypto/evp/c_allc.c.fipsmode 2009-12-25 15:12:24.000000000 +0100
++++ openssl-1.0.0a/crypto/evp/c_allc.c 2010-06-04 13:32:13.000000000 +0200
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
@@ -40,7 +40,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_cfb1());
-@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void)
+@@ -221,4 +226,61 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
#endif
@@ -102,9 +102,9 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/cr
+ }
+#endif
}
-diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c
---- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/c_alld.c 2009-08-11 17:54:08.000000000 +0200
+diff -up openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode openssl-1.0.0a/crypto/evp/c_alld.c
+--- openssl-1.0.0a/crypto/evp/c_alld.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
++++ openssl-1.0.0a/crypto/evp/c_alld.c 2010-06-04 13:32:13.000000000 +0200
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
@@ -117,11 +117,10 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
-@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void)
- #endif
+@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
-+#endif
+ #endif
+#ifdef OPENSSL_FIPS
+ }
+ else
@@ -149,11 +148,11 @@ diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/cr
+ EVP_add_digest(EVP_sha512());
+#endif
+ }
- #endif
++#endif
}
-diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c
---- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode 2009-08-11 17:28:25.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 17:39:06.000000000 +0200
+diff -up openssl-1.0.0a/crypto/o_init.c.fipsmode openssl-1.0.0a/crypto/o_init.c
+--- openssl-1.0.0a/crypto/o_init.c.fipsmode 2010-06-04 13:32:13.000000000 +0200
++++ openssl-1.0.0a/crypto/o_init.c 2010-06-04 13:32:13.000000000 +0200
@@ -59,6 +59,43 @@
#include <e_os.h>
#include <openssl/err.h>
@@ -206,9 +205,9 @@ diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto
done = 1;
}
#endif
-diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c
---- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode 2009-07-08 10:50:53.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/ssl_algs.c 2009-08-11 18:01:13.000000000 +0200
+diff -up openssl-1.0.0a/ssl/ssl_algs.c.fipsmode openssl-1.0.0a/ssl/ssl_algs.c
+--- openssl-1.0.0a/ssl/ssl_algs.c.fipsmode 2010-04-07 15:18:30.000000000 +0200
++++ openssl-1.0.0a/ssl/ssl_algs.c 2010-06-04 13:32:48.000000000 +0200
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
@@ -222,7 +221,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
-@@ -115,6 +121,40 @@ int SSL_library_init(void)
+@@ -127,6 +133,48 @@ int SSL_library_init(void)
EVP_add_digest(EVP_sha());
EVP_add_digest(EVP_dss());
#endif
@@ -249,6 +248,14 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl
+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#endif
++#ifndef OPENSSL_NO_SHA256
++ EVP_add_digest(EVP_sha224());
++ EVP_add_digest(EVP_sha256());
++#endif
++#ifndef OPENSSL_NO_SHA512
++ EVP_add_digest(EVP_sha384());
++ EVP_add_digest(EVP_sha512());
++#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/openssl-1.0.0a-version.patch b/openssl-1.0.0a-version.patch
new file mode 100644
index 0000000..75a0233
--- /dev/null
+++ b/openssl-1.0.0a-version.patch
@@ -0,0 +1,13 @@
+diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h
+--- openssl-1.0.0a/crypto/opensslv.h.version 2010-06-04 13:28:52.000000000 +0200
++++ openssl-1.0.0a/crypto/opensslv.h 2010-06-04 13:29:42.000000000 +0200
+@@ -25,7 +25,8 @@
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+-#define OPENSSL_VERSION_NUMBER 0x1000001fL
++/* we have to keep the version number to not break the abi */
++#define OPENSSL_VERSION_NUMBER 0x10000003L
+ #ifdef OPENSSL_FIPS
+ #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010"
+ #else
diff --git a/sources b/sources
index 8a2c648..f42b68d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1fc0e41c230d0698f834413dfba864ad openssl-1.0.0-beta4-usa.tar.bz2
+36a9936e1791566b205daa7cb4bea074 openssl-1.0.0a-usa.tar.bz2
More information about the scm-commits
mailing list