[mingw-openssl] Synced patches with native openssl-1.0.1e-38.fc21
Erik van Pienbroek
epienbro at fedoraproject.org
Sat Jan 25 22:18:21 UTC 2014
commit b629b66276880b84115d04b03ca8597cd7858741
Author: Erik van Pienbroek <epienbro at fedoraproject.org>
Date: Sat Jan 25 23:18:30 2014 +0100
Synced patches with native openssl-1.0.1e-38.fc21
- Synced patches with native openssl-1.0.1e-38.fc21
- Enable ECC support (RHBZ #1037919)
- Fixes CVE-2013-6450 (RHBZ #1047844)
- Fixes CVE-2013-4353 (RHBZ #1049062)
- Fixes CVE-2013-6449 (RHBZ #1045444)
.gitignore | 1 +
README.FIPS | 10 +-
ec_curve.c | 396 ++++++
ectest.c | 742 ++++++++++
fixpatch | 15 +
hobble-openssl | 17 +-
mingw-openssl.spec | 74 +-
openssl-1.0.1-beta2-rpmbuild.patch | 37 +-
openssl-1.0.1-version.patch | 43 -
openssl-1.0.1e-3des-strength.patch | 171 +++
openssl-1.0.1e-arm-use-elf-auxv-caps.patch | 93 ++
openssl-1.0.1e-backports.patch | 379 ++++--
openssl-1.0.1e-compat-symbols.patch | 46 +
openssl-1.0.1e-cve-2013-4353.patch | 21 +
openssl-1.0.1e-cve-2013-6449.patch | 111 ++
openssl-1.0.1e-cve-2013-6450.patch | 85 ++
openssl-1.0.1e-ecc-suiteb.patch | 124 ++
openssl-1.0.1e-fips-ctor.patch | 179 +++
openssl-1.0.1e-fips-ec.patch | 2039 ++++++++++++++++++++++++++++
openssl-1.0.1e-fips.patch | 571 +++++----
openssl-1.0.1e-manfix.patch | 241 +++-
openssl-1.0.1e-new-fips-reqs.patch | 1070 +++++++++++++++
openssl-1.0.1e-no-md5-verify.patch | 25 +
openssl-1.0.1e-trusted-first.patch | 330 +++++
openssl-1.0.1e-version.patch | 63 +
openssl-1.0.1e-weak-ciphers.patch | 12 +
openssl-fips.conf | 2 +
sources | 2 +-
28 files changed, 6369 insertions(+), 530 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d72a084..b9433ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0d-usa.tar.bz2
/openssl-1.0.1c-usa.tar.xz
/openssl-1.0.1e-usa.tar.xz
+/openssl-1.0.1e-hobbled.tar.xz
diff --git a/README.FIPS b/README.FIPS
index eb17bca..a11863f 100644
--- a/README.FIPS
+++ b/README.FIPS
@@ -3,13 +3,15 @@ User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
This package contains libraries which comprise the FIPS 140-2
Red Hat Enterprise Linux - OPENSSL Module.
+Note that the openssl-fips subpackage needs to be installed for the
+OpenSSL FIPS module installation to be complete.
The module files
================
-/usr/lib[64]/libcrypto.so.1.0.0d
-/usr/lib[64]/libssl.so.1.0.0d
-/usr/lib[64]/.libcrypto.so.1.0.0d.hmac
-/usr/lib[64]/.libssl.so.1.0.0d.hmac
+/usr/lib[64]/libcrypto.so.1.0.1e
+/usr/lib[64]/libssl.so.1.0.1e
+/usr/lib[64]/.libcrypto.so.1.0.1e.hmac
+/usr/lib[64]/.libssl.so.1.0.1e.hmac
Dependencies
============
diff --git a/ec_curve.c b/ec_curve.c
new file mode 100644
index 0000000..0c287bf
--- /dev/null
+++ b/ec_curve.c
@@ -0,0 +1,396 @@
+/* crypto/ec/ec_curve.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/opensslconf.h>
+
+typedef struct {
+ int field_type, /* either NID_X9_62_prime_field or
+ * NID_X9_62_characteristic_two_field */
+ seed_len,
+ param_len;
+ unsigned int cofactor; /* promoted to BN_ULONG */
+} EC_CURVE_DATA;
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
+ _EC_NIST_PRIME_384 = {
+ { NID_X9_62_prime_field,20,48,1 },
+ { 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, /* seed */
+ 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
+
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
+ 0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E, /* b */
+ 0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
+ 0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
+ 0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
+ 0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
+ 0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1, /* x */
+ 0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
+ 0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
+ 0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
+ 0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
+ 0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e, /* y */
+ 0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
+ 0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
+ 0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
+ 0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
+ 0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
+ 0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
+ };
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
+ _EC_NIST_PRIME_521 = {
+ { NID_X9_62_prime_field,20,66,1 },
+ { 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, /* seed */
+ 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
+
+ 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+ 0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F, /* b */
+ 0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+ 0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+ 0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+ 0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+ 0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+ 0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+ 0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD, /* x */
+ 0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+ 0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+ 0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+ 0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+ 0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+ 0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+ 0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04, /* y */
+ 0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+ 0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+ 0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+ 0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+ 0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+ 0x94,0x76,0x9f,0xd1,0x66,0x50,
+ 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+ 0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+ 0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+ 0xB7,0x1E,0x91,0x38,0x64,0x09 }
+ };
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
+ _EC_X9_62_PRIME_256V1 = {
+ { NID_X9_62_prime_field,20,32,1 },
+ { 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, /* seed */
+ 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
+
+ 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* p */
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* a */
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFC,
+ 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB, /* b */
+ 0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
+ 0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
+ 0x60,0x4B,
+ 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC, /* x */
+ 0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
+ 0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
+ 0xC2,0x96,
+ 0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7, /* y */
+ 0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
+ 0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
+ 0x51,0xf5,
+ 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF, /* order */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
+ 0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
+ 0x25,0x51 }
+ };
+
+typedef struct _ec_list_element_st {
+ int nid;
+ const EC_CURVE_DATA *data;
+ const EC_METHOD *(*meth)(void);
+ const char *comment;
+ } ec_list_element;
+
+static const ec_list_element curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+ { NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ { NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
+#else
+ { NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
+#else
+ { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },
+#endif
+};
+
+#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
+
+static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
+ {
+ EC_GROUP *group=NULL;
+ EC_POINT *P=NULL;
+ BN_CTX *ctx=NULL;
+ BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
+ int ok=0;
+ int seed_len,param_len;
+ const EC_METHOD *meth;
+ const EC_CURVE_DATA *data;
+ const unsigned char *params;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ data = curve.data;
+ seed_len = data->seed_len;
+ param_len = data->param_len;
+ params = (const unsigned char *)(data+1); /* skip header */
+ params += seed_len; /* skip seed */
+
+ if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
+ || !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
+ || !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (curve.meth != 0)
+ {
+ meth = curve.meth();
+ if (((group = EC_GROUP_new(meth)) == NULL) ||
+ (!(group->meth->group_set_curve(group, p, a, b, ctx))))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ else if (data->field_type == NID_X9_62_prime_field)
+ {
+ if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#ifndef OPENSSL_NO_EC2M
+ else /* field_type == NID_X9_62_characteristic_two_field */
+ {
+ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#endif
+
+ if ((P = EC_POINT_new(group)) == NULL)
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
+ || !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
+ || !BN_set_word(x, (BN_ULONG)data->cofactor))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!EC_GROUP_set_generator(group, P, order, x))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (seed_len)
+ {
+ if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
+ {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ ok=1;
+err:
+ if (!ok)
+ {
+ EC_GROUP_free(group);
+ group = NULL;
+ }
+ if (P)
+ EC_POINT_free(P);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (p)
+ BN_free(p);
+ if (a)
+ BN_free(a);
+ if (b)
+ BN_free(b);
+ if (order)
+ BN_free(order);
+ if (x)
+ BN_free(x);
+ if (y)
+ BN_free(y);
+ return group;
+ }
+
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+ {
+ size_t i;
+ EC_GROUP *ret = NULL;
+
+ if (nid <= 0)
+ return NULL;
+
+ for (i=0; i<curve_list_length; i++)
+ if (curve_list[i].nid == nid)
+ {
+ ret = ec_group_new_from_data(curve_list[i]);
+ break;
+ }
+
+ if (ret == NULL)
+ {
+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+ return NULL;
+ }
+
+ EC_GROUP_set_curve_name(ret, nid);
+
+ return ret;
+ }
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+ {
+ size_t i, min;
+
+ if (r == NULL || nitems == 0)
+ return curve_list_length;
+
+ min = nitems < curve_list_length ? nitems : curve_list_length;
+
+ for (i = 0; i < min; i++)
+ {
+ r[i].nid = curve_list[i].nid;
+ r[i].comment = curve_list[i].comment;
+ }
+
+ return curve_list_length;
+ }
diff --git a/ectest.c b/ectest.c
new file mode 100644
index 0000000..921edcd
--- /dev/null
+++ b/ectest.c
@@ -0,0 +1,742 @@
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+#else
+
+
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+
+#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
+/* suppress "too big too optimize" warning */
+#pragma warning(disable:4959)
+#endif
+
+#define ABORT do { \
+ fflush(stdout); \
+ fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+ ERR_print_errors_fp(stderr); \
+ EXIT(1); \
+} while (0)
+
+#define TIMING_BASE_PT 0
+#define TIMING_RAND_PT 1
+#define TIMING_SIMUL 2
+
+#if 0
+static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
+ {
+ clock_t clck;
+ int i, j;
+ BIGNUM *s;
+ BIGNUM *r[10], *r0[10];
+ EC_POINT *P;
+
+ s = BN_new();
+ if (s == NULL) ABORT;
+
+ fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
+ if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
+ fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
+ fflush(stdout);
+
+ P = EC_POINT_new(group);
+ if (P == NULL) ABORT;
+ EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+ for (i = 0; i < 10; i++)
+ {
+ if ((r[i] = BN_new()) == NULL) ABORT;
+ if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;
+ if (type != TIMING_BASE_PT)
+ {
+ if ((r0[i] = BN_new()) == NULL) ABORT;
+ if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;
+ }
+ }
+
+ clck = clock();
+ for (i = 0; i < 10; i++)
+ {
+ for (j = 0; j < 10; j++)
+ {
+ if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
+ (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;
+ }
+ }
+ clck = clock() - clck;
+
+ fprintf(stdout, "\n");
+
+#ifdef CLOCKS_PER_SEC
+ /* "To determine the time in seconds, the value returned
+ * by the clock function should be divided by the value
+ * of the macro CLOCKS_PER_SEC."
+ * -- ISO/IEC 9899 */
+# define UNIT "s"
+#else
+ /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+ * -- cc on NeXTstep/OpenStep */
+# define UNIT "units"
+# define CLOCKS_PER_SEC 1
+#endif
+
+ if (type == TIMING_BASE_PT) {
+ fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+ "base point multiplications", (double)clck/CLOCKS_PER_SEC);
+ } else if (type == TIMING_RAND_PT) {
+ fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+ "random point multiplications", (double)clck/CLOCKS_PER_SEC);
+ } else if (type == TIMING_SIMUL) {
+ fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+ "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);
+ }
+ fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
+
+ EC_POINT_free(P);
+ BN_free(s);
+ for (i = 0; i < 10; i++)
+ {
+ BN_free(r[i]);
+ if (type != TIMING_BASE_PT) BN_free(r0[i]);
+ }
+ }
+#endif
+
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+ {
+ BIGNUM *n1, *n2, *order;
+ EC_POINT *P = EC_POINT_new(group);
+ EC_POINT *Q = EC_POINT_new(group);
+ BN_CTX *ctx = BN_CTX_new();
+
+ n1 = BN_new(); n2 = BN_new(); order = BN_new();
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
+ if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+ if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+ if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+ fprintf(stdout, " ok\n");
+ fprintf(stdout, "long/negative scalar tests ... ");
+ if (!BN_one(n1)) ABORT;
+ /* n1 = 1 - order */
+ if (!BN_sub(n1, n1, order)) ABORT;
+ if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+ /* n2 = 1 + order */
+ if (!BN_add(n2, order, BN_value_one())) ABORT;
+ if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+ /* n2 = (1 - order) * (1 + order) */
+ if (!BN_mul(n2, n1, n2, ctx)) ABORT;
+ if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+ fprintf(stdout, "ok\n");
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ BN_free(n1);
+ BN_free(n2);
+ BN_free(order);
+ BN_CTX_free(ctx);
+ }
+
+static void prime_field_tests(void)
+ {
+ BN_CTX *ctx = NULL;
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group;
+ EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+ EC_POINT *P, *Q, *R;
+ BIGNUM *x, *y, *z;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+
+#if 1 /* optional */
+ ctx = BN_CTX_new();
+ if (!ctx) ABORT;
+#endif
+
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ if (!p || !a || !b) ABORT;
+
+ group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+ * so that the library gets to choose the EC_METHOD */
+ if (!group) ABORT;
+
+ P = EC_POINT_new(group);
+ Q = EC_POINT_new(group);
+ R = EC_POINT_new(group);
+ if (!P || !Q || !R) ABORT;
+
+ x = BN_new();
+ y = BN_new();
+ z = BN_new();
+ if (!x || !y || !z) ABORT;
+
+/* Curve P-256 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+ "84F3B9CAC2FC632551")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 256) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_256, group)) ABORT;
+
+
+ /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+ "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+ "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+ "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 384) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_384, group)) ABORT;
+
+
+ /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+ "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+ "DF883D2C34F1EF451FD46B503F00")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+ "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+ "3C1856A429BF97E7E31C2E5BD66")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+ "C9B8899C47AEBB6FB71E91386409")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+ "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+ "7086A272C24088BE94769FD16650")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 521) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
+ /* more tests using the last curve */
+
+ if (!EC_POINT_copy(Q, P)) ABORT;
+ if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+ if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+ if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+ {
+ const EC_POINT *points[4];
+ const BIGNUM *scalars[4];
+ BIGNUM scalar3;
+
+ if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ points[0] = Q;
+ points[1] = Q;
+ points[2] = Q;
+ points[3] = Q;
+
+ if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+ if (!BN_add(y, z, BN_value_one())) ABORT;
+ if (BN_is_odd(y)) ABORT;
+ if (!BN_rshift1(y, y)) ABORT;
+ scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
+ scalars[1] = y;
+
+ fprintf(stdout, "combined multiplication ...");
+ fflush(stdout);
+
+ /* z is still the group order */
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+ if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+ if (!BN_add(z, z, y)) ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = y;
+ scalars[1] = z; /* z = -(order + y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+ if (!BN_add(z, x, y)) ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = x;
+ scalars[1] = y;
+ scalars[2] = z; /* z = -(x+y) */
+
+ BN_init(&scalar3);
+ BN_zero(&scalar3);
+ scalars[3] = &scalar3;
+
+ if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ fprintf(stdout, " ok\n\n");
+
+ BN_free(&scalar3);
+ }
+
+
+#if 0
+ timings(P_256, TIMING_BASE_PT, ctx);
+ timings(P_256, TIMING_RAND_PT, ctx);
+ timings(P_256, TIMING_SIMUL, ctx);
+ timings(P_384, TIMING_BASE_PT, ctx);
+ timings(P_384, TIMING_RAND_PT, ctx);
+ timings(P_384, TIMING_SIMUL, ctx);
+#endif
+
+
+ if (ctx)
+ BN_CTX_free(ctx);
+ BN_free(p); BN_free(a); BN_free(b);
+ EC_GROUP_free(group);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ BN_free(x); BN_free(y); BN_free(z);
+
+ if (P_160) EC_GROUP_free(P_160);
+ if (P_192) EC_GROUP_free(P_192);
+ if (P_224) EC_GROUP_free(P_224);
+ if (P_256) EC_GROUP_free(P_256);
+ if (P_384) EC_GROUP_free(P_384);
+ if (P_521) EC_GROUP_free(P_521);
+
+ }
+
+
+static void internal_curve_test(void)
+ {
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0, n = 0;
+ int ok = 1;
+
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+ if (curves == NULL)
+ return;
+
+ if (!EC_get_builtin_curves(curves, crv_len))
+ {
+ OPENSSL_free(curves);
+ return;
+ }
+
+ fprintf(stdout, "testing internal curves: ");
+
+ for (n = 0; n < crv_len; n++)
+ {
+ EC_GROUP *group = NULL;
+ int nid = curves[n].nid;
+ if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+ {
+ ok = 0;
+ fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+ " curve %s\n", OBJ_nid2sn(nid));
+ /* try next curve */
+ continue;
+ }
+ if (!EC_GROUP_check(group, NULL))
+ {
+ ok = 0;
+ fprintf(stdout, "\nEC_GROUP_check() failed with"
+ " curve %s\n", OBJ_nid2sn(nid));
+ EC_GROUP_free(group);
+ /* try the next curve */
+ continue;
+ }
+ fprintf(stdout, ".");
+ fflush(stdout);
+ EC_GROUP_free(group);
+ }
+ if (ok)
+ fprintf(stdout, " ok\n\n");
+ else
+ {
+ fprintf(stdout, " failed\n\n");
+ ABORT;
+ }
+ OPENSSL_free(curves);
+ return;
+ }
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3. */
+struct nistp_test_params
+ {
+ const EC_METHOD* (*meth) ();
+ int degree;
+ /* Qx, Qy and D are taken from
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+ * Otherwise, values are standard curve parameters from FIPS 180-3 */
+ const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+ };
+
+static const struct nistp_test_params nistp_tests_params[] =
+ {
+ {
+ /* P-256 */
+ EC_GFp_nistp256_method,
+ 256,
+ "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
+ "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
+ "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
+ "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
+ "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
+ "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
+ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
+ "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
+ "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
+ },
+ };
+
+void nistp_single_test(const struct nistp_test_params *test)
+ {
+ BN_CTX *ctx;
+ BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
+ EC_GROUP *NISTP;
+ EC_POINT *G, *P, *Q, *Q_CHECK;
+
+ fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
+ ctx = BN_CTX_new();
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ x = BN_new(); y = BN_new();
+ m = BN_new(); n = BN_new(); order = BN_new();
+
+ NISTP = EC_GROUP_new(test->meth());
+ if(!NISTP) ABORT;
+ if (!BN_hex2bn(&p, test->p)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, test->a)) ABORT;
+ if (!BN_hex2bn(&b, test->b)) ABORT;
+ if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
+ G = EC_POINT_new(NISTP);
+ P = EC_POINT_new(NISTP);
+ Q = EC_POINT_new(NISTP);
+ Q_CHECK = EC_POINT_new(NISTP);
+ if(!BN_hex2bn(&x, test->Qx)) ABORT;
+ if(!BN_hex2bn(&y, test->Qy)) ABORT;
+ if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
+ if (!BN_hex2bn(&x, test->Gx)) ABORT;
+ if (!BN_hex2bn(&y, test->Gy)) ABORT;
+ if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
+ if (!BN_hex2bn(&order, test->order)) ABORT;
+ if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+
+ fprintf(stdout, "verify degree ... ");
+ if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
+ fprintf(stdout, "ok\n");
+
+ fprintf(stdout, "NIST test vectors ... ");
+ if (!BN_hex2bn(&n, test->d)) ABORT;
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ /* set generator to P = 2*G, where G is the standard generator */
+ if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
+ if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
+ /* set the scalar to m=n/2, where n is the NIST test scalar */
+ if (!BN_rshift(m, n, 1)) ABORT;
+
+ /* test the non-standard generator */
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ /* now repeat all tests with precomputation */
+ if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
+
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ /* reset generator */
+ if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ fprintf(stdout, "ok\n");
+ group_order_tests(NISTP);
+#if 0
+ timings(NISTP, TIMING_BASE_PT, ctx);
+ timings(NISTP, TIMING_RAND_PT, ctx);
+#endif
+ EC_GROUP_free(NISTP);
+ EC_POINT_free(G);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(Q_CHECK);
+ BN_free(n);
+ BN_free(m);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ BN_free(x);
+ BN_free(y);
+ BN_free(order);
+ BN_CTX_free(ctx);
+ }
+
+void nistp_tests()
+ {
+ unsigned i;
+
+ for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
+ {
+ nistp_single_test(&nistp_tests_params[i]);
+ }
+ }
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+ {
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+ {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ }
+ else
+ {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ ERR_load_crypto_strings();
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+ prime_field_tests();
+ puts("");
+#ifndef OPENSSL_NO_EC2M
+ char2_field_tests();
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ nistp_tests();
+#endif
+ /* test the internal curves */
+ internal_curve_test();
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ CRYPTO_mem_leaks_fp(stderr);
+
+ return 0;
+ }
+#endif
diff --git a/fixpatch b/fixpatch
new file mode 100755
index 0000000..bf5eb67
--- /dev/null
+++ b/fixpatch
@@ -0,0 +1,15 @@
+#!/bin/sh
+# Fixes patch from upstream tracker view
+gawk '
+BEGIN {
+ dir=""
+}
+/^Index: openssl\// {
+ dir = $2
+}
+/^(---|\+\+\+)/ {
+ $2 = dir
+}
+{
+ print
+}'
diff --git a/hobble-openssl b/hobble-openssl
index 4ca7eab..3c75ea1 100755
--- a/hobble-openssl
+++ b/hobble-openssl
@@ -13,15 +13,15 @@ set -e
# Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/rc5/asm -type f | xargs -r rm -fv)
-# RC5, EC, SRP.
-for a in rc5 ec ecdh ecdsa srp; do
+# RC5, SRP.
+for a in rc5 srp; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c
> $c
done
done
-for c in `find crypto/evp -name "*_rc5.c" -o -name "*_ecdsa.c"`; do
+for c in `find crypto/evp -name "*_rc5.c"`; do
echo Destroying $c
> $c
done
@@ -31,15 +31,18 @@ for c in `find crypto/bn -name "*gf2m.c"`; do
> $c
done
+for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp?2?.c" -o -name "ectest.c"`; do
+ echo Destroying $c
+ > $c
+done
+
for h in `find crypto ssl apps test -name "*.h"` ; do
- echo Removing RC5, SRP and EC references from $h
+ echo Removing RC5, SRP and EC2M references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
- /^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
- /^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
- /^#[ \t]*ifndef.*NO_ECDSA/ {ech--; next;} \
+ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
diff --git a/mingw-openssl.spec b/mingw-openssl.spec
index b95cac4..a033292 100644
--- a/mingw-openssl.spec
+++ b/mingw-openssl.spec
@@ -24,16 +24,17 @@
Name: mingw-openssl
Version: 1.0.1e
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: MinGW port of the OpenSSL toolkit
License: OpenSSL
Group: Development/Libraries
URL: http://www.openssl.org/
-# We remove certain patented algorithms from the openssl source tarball
-# with the hobble-openssl script which is included below.
-Source0: openssl-%{version}-usa.tar.xz
+# We have to remove certain patented algorithms from the openssl source
+# tarball with the hobble-openssl script which is included below.
+# The original openssl upstream tarball cannot be shipped in the .src.rpm.
+Source: openssl-%{version}-hobbled.tar.xz
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -42,8 +43,10 @@ Source7: renew-dummy-cert
Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
+Source11: README.FIPS
+Source12: ec_curve.c
+Source13: ectest.c
-Source11: README.FIPS
# Build changes
Patch1: openssl-1.0.1-beta2-rpmbuild.patch
Patch2: openssl-1.0.0f-defaults.patch
@@ -68,7 +71,7 @@ Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1a-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
-Patch51: openssl-1.0.1-version.patch
+Patch51: openssl-1.0.1e-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
Patch60: openssl-1.0.0d-apps-dgst.patch
@@ -77,11 +80,24 @@ Patch65: openssl-1.0.0e-chil-fixes.patch
Patch66: openssl-1.0.1-pkgconfig-krb5.patch
Patch68: openssl-1.0.1e-secure-getenv.patch
Patch69: openssl-1.0.1c-dh-1024.patch
+Patch70: openssl-1.0.1e-fips-ec.patch
Patch71: openssl-1.0.1e-manfix.patch
+Patch72: openssl-1.0.1e-fips-ctor.patch
+Patch73: openssl-1.0.1e-ecc-suiteb.patch
+Patch74: openssl-1.0.1e-no-md5-verify.patch
+Patch75: openssl-1.0.1e-compat-symbols.patch
+Patch76: openssl-1.0.1e-new-fips-reqs.patch
+Patch77: openssl-1.0.1e-weak-ciphers.patch
+Patch78: openssl-1.0.1e-3des-strength.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch
Patch83: openssl-1.0.1e-bad-mac.patch
+Patch84: openssl-1.0.1e-trusted-first.patch
+Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
+Patch86: openssl-1.0.1e-cve-2013-6449.patch
+Patch87: openssl-1.0.1e-cve-2013-6450.patch
+Patch88: openssl-1.0.1e-cve-2013-4353.patch
# MinGW-specific patches.
# Rename *eay32.dll to lib*.dll
@@ -192,6 +208,9 @@ Static version of the MinGW port of the OpenSSL toolkit.
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
%{SOURCE1} > /dev/null
+
+cp %{SOURCE12} %{SOURCE13} crypto/ec/
+
%patch1 -p1 -b .rpmbuild
%patch2 -p1 -b .defaults
%patch4 -p1 -b .enginesdir %{?_rawbuild}
@@ -200,6 +219,7 @@ Static version of the MinGW port of the OpenSSL toolkit.
%patch7 -p1 -b .timezone
%patch8 -p1 -b .perlfind %{?_rawbuild}
%patch9 -p1 -b .aliasing
+
%patch23 -p1 -b .default-paths
%patch24 -p1 -b .issuer-hash
@@ -223,11 +243,24 @@ Static version of the MinGW port of the OpenSSL toolkit.
%patch66 -p1 -b .krb5
#patch68 -p1 -b .secure-getenv
%patch69 -p1 -b .dh1024
+#patch70 -p1 -b .fips-ec
+#patch72 -p1 -b .fips-ctor
+%patch73 -p1 -b .suiteb
+#patch74 -p1 -b .no-md5-verify
+%patch75 -p1 -b .compat
+#patch76 -p1 -b .fips-reqs
+%patch77 -p1 -b .weak-ciphers
+%patch78 -p1 -b .3des-strength
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports
%patch71 -p1 -b .manfix
%patch83 -p1 -b .bad-mac
+%patch84 -p1 -b .trusted-first
+%patch85 -p1 -b .armcap
+%patch86 -p1 -b .hash-crash
+%patch87 -p1 -b .dtls1-mitm
+%patch88 -p1 -b .handshake-crash
# MinGW specific patches
%patch101 -p1 -b .mingw-libversion
@@ -269,9 +302,9 @@ PERL=%{__perl} \
--prefix=%{mingw32_prefix} \
--openssldir=%{mingw32_sysconfdir}/pki/tls \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
- enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh no-ecdsa \
- no-srp no-fips \
- no-hw --cross-compile-prefix=%{mingw32_target}- \
+ enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
+ no-fips no-hw \
+ --cross-compile-prefix=%{mingw32_target}- \
--enginesdir=%{mingw32_libdir}/openssl/engines \
shared mingw
@@ -284,11 +317,6 @@ make all build-shared
# Generate hashes for the included certs.
make rehash build-shared
-if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
- iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
- mv -f CHANGES.utf8 CHANGES
-fi
-
popd
###############################################################################
@@ -301,9 +329,9 @@ PERL=%{__perl} \
--prefix=%{mingw64_prefix} \
--openssldir=%{mingw64_sysconfdir}/pki/tls \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
- enable-cms enable-md2 no-mdc2 no-rc5 no-ec no-ec2m no-ecdh no-ecdsa \
- no-srp no-fips \
- no-hw --cross-compile-prefix=%{mingw64_target}- \
+ enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
+ no-fips no-hw \
+ --cross-compile-prefix=%{mingw64_target}- \
--enginesdir=%{mingw64_libdir}/openssl/engines \
shared mingw64
@@ -316,11 +344,6 @@ make all build-shared
# Generate hashes for the included certs.
make rehash build-shared
-if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
- iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
- mv -f CHANGES.utf8 CHANGES
-fi
-
popd
@@ -482,6 +505,13 @@ mkdir -m700 $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/CA/private
%changelog
+* Sat Jan 25 2014 Erik van Pienbroek <epienbro at fedoraproject.org> - 1.0.1e-5
+- Synced patches with native openssl-1.0.1e-38.fc21
+- Enable ECC support (RHBZ #1037919)
+- Fixes CVE-2013-6450 (RHBZ #1047844)
+- Fixes CVE-2013-4353 (RHBZ #1049062)
+- Fixes CVE-2013-6449 (RHBZ #1045444)
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.1e-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/openssl-1.0.1-beta2-rpmbuild.patch b/openssl-1.0.1-beta2-rpmbuild.patch
index 0a5cef1..a4bb691 100644
--- a/openssl-1.0.1-beta2-rpmbuild.patch
+++ b/openssl-1.0.1-beta2-rpmbuild.patch
@@ -7,66 +7,67 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
# /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -373,16 +373,16 @@ my %table=(
+@@ -373,16 +373,17 @@ my %table=(
# ldconfig and run-time linker to autodiscover. Unfortunately it
# doesn't work just yet, because of couple of bugs in glibc
# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
-+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
++"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
#### SPARC Linux setups
# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -396,8 +396,8 @@ my %table=(
+@@ -396,8 +397,8 @@ my %table=(
#
# <appro at fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-@@ -1678,7 +1678,7 @@ while (<IN>)
+@@ -1678,7 +1679,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
diff --git a/openssl-1.0.1e-3des-strength.patch b/openssl-1.0.1e-3des-strength.patch
new file mode 100644
index 0000000..7375b47
--- /dev/null
+++ b/openssl-1.0.1e-3des-strength.patch
@@ -0,0 +1,171 @@
+Although the real strength is rather 112 bits we use 128 here as
+we do not want to sort it behind more obscure ciphers.
+AES-128 is preferred anyway.
+diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
+--- openssl-1.0.1e/ssl/s2_lib.c.3des-strength 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s2_lib.c 2014-01-22 16:32:45.791700322 +0100
+@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
+ SSL_SSLV2,
+ SSL_NOT_EXP|SSL_HIGH,
+ 0,
+- 168,
++ 128,
+ 168,
+ },
+
+diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c
+--- openssl-1.0.1e/ssl/s3_lib.c.3des-strength 2014-01-17 11:41:11.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_lib.c 2014-01-22 16:31:14.713666777 +0100
+@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_SSLV3,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2432,7 +2432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
+@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+- 168,
++ 128,
+ 168,
+ },
+
diff --git a/openssl-1.0.1e-arm-use-elf-auxv-caps.patch b/openssl-1.0.1e-arm-use-elf-auxv-caps.patch
new file mode 100644
index 0000000..94a8c42
--- /dev/null
+++ b/openssl-1.0.1e-arm-use-elf-auxv-caps.patch
@@ -0,0 +1,93 @@
+diff --git a/crypto/armcap.c b/crypto/armcap.c
+index 5258d2f..efb4009 100644
+--- a/crypto/armcap.c
++++ b/crypto/armcap.c
+@@ -9,11 +9,6 @@
+
+ unsigned int OPENSSL_armcap_P;
+
+-static sigset_t all_masked;
+-
+-static sigjmp_buf ill_jmp;
+-static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+-
+ /*
+ * Following subroutines could have been inlined, but it's not all
+ * ARM compilers support inline assembler...
+@@ -29,24 +24,26 @@ unsigned int OPENSSL_rdtsc(void)
+ return 0;
+ }
+
+-#if defined(__GNUC__) && __GNUC__>=2
+-void OPENSSL_cpuid_setup(void) __attribute__((constructor));
+-#endif
+-void OPENSSL_cpuid_setup(void)
++#if defined(__GLIBC__) && __GLIBC__>=2 && __GLIBC_MINOR__>=16
++#include <sys/auxv.h>
++
++void OPENSSL_cpuid_find(void)
++ {
++ unsigned long hwcap = getauxval(AT_HWCAP);
++ char *plat = (char *)getauxval(AT_PLATFORM);
++
++ OPENSSL_armcap_P |= hwcap & HWCAP_ARM_NEON ? ARMV7_NEON : 0;
++ OPENSSL_armcap_P |= plat ? (plat[1] == '7' ? ARMV7_TICK : 0) : 0;
++ }
++#else
++static sigset_t all_masked;
++static sigjmp_buf ill_jmp;
++static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
++
++void OPENSSL_cpuid_find(void)
+ {
+- char *e;
+ struct sigaction ill_oact,ill_act;
+ sigset_t oset;
+- static int trigger=0;
+-
+- if (trigger) return;
+- trigger=1;
+-
+- if ((e=getenv("OPENSSL_armcap")))
+- {
+- OPENSSL_armcap_P=strtoul(e,NULL,0);
+- return;
+- }
+
+ sigfillset(&all_masked);
+ sigdelset(&all_masked,SIGILL);
+@@ -55,8 +52,6 @@ void OPENSSL_cpuid_setup(void)
+ sigdelset(&all_masked,SIGBUS);
+ sigdelset(&all_masked,SIGSEGV);
+
+- OPENSSL_armcap_P = 0;
+-
+ memset(&ill_act,0,sizeof(ill_act));
+ ill_act.sa_handler = ill_handler;
+ ill_act.sa_mask = all_masked;
+@@ -78,3 +73,25 @@ void OPENSSL_cpuid_setup(void)
+ sigaction (SIGILL,&ill_oact,NULL);
+ sigprocmask(SIG_SETMASK,&oset,NULL);
+ }
++#endif
++
++#if defined(__GNUC__) && __GNUC__>=2
++void OPENSSL_cpuid_setup(void) __attribute__((constructor));
++#endif
++void OPENSSL_cpuid_setup(void)
++ {
++ char *e;
++ static int trigger=0;
++
++ if (trigger) return;
++ trigger=1;
++
++ if ((e=getenv("OPENSSL_armcap")))
++ {
++ OPENSSL_armcap_P=strtoul(e,NULL,0);
++ return;
++ }
++
++ OPENSSL_armcap_P = 0;
++ OPENSSL_cpuid_find();
++ }
diff --git a/openssl-1.0.1e-backports.patch b/openssl-1.0.1e-backports.patch
index d6b7224..abe3017 100644
--- a/openssl-1.0.1e-backports.patch
+++ b/openssl-1.0.1e-backports.patch
@@ -1,33 +1,84 @@
-From 08f8933fa34d242383a1e12d4701acb1855686bf Mon Sep 17 00:00:00 2001
-From: Nick Alcock <nix at esperi.org.uk>
-Date: Fri, 15 Feb 2013 17:44:11 +0000
-Subject: [PATCH] Fix POD errors to stop make install_docs dying with pod2man
- 2.5.0+
-
-podlators 2.5.0 has switched to dying on POD syntax errors. This means
-that a bunch of long-standing erroneous POD in the openssl documentation
-now leads to fatal errors from pod2man, halting installation.
-
-Unfortunately POD constraints mean that you have to sort numeric lists
-in ascending order if they start with 1: you cannot do 1, 0, 2 even if
-you want 1 to appear first. I've reshuffled such (alas, I wish there
-were a better way but I don't know of one).
-(cherry picked from commit 5cc270774258149235f69e1789b3370f57b0e27b)
----
- doc/crypto/X509_STORE_CTX_get_error.pod | 2 ++
- doc/ssl/SSL_CTX_set_client_CA_list.pod | 8 ++++----
- doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 4 ++++
- doc/ssl/SSL_accept.pod | 10 +++++-----
- doc/ssl/SSL_connect.pod | 10 +++++-----
- doc/ssl/SSL_do_handshake.pod | 10 +++++-----
- doc/ssl/SSL_shutdown.pod | 10 +++++-----
- 7 files changed, 30 insertions(+), 24 deletions(-)
-
-diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod
-index a883f6c..60e8332 100644
---- a/doc/crypto/X509_STORE_CTX_get_error.pod
-+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
-@@ -278,6 +278,8 @@ happen if extended CRL checking is enabled.
+diff -up openssl-1.0.1e/crypto/pem/pem_info.c.backports openssl-1.0.1e/crypto/pem/pem_info.c
+--- openssl-1.0.1e/crypto/pem/pem_info.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/pem/pem_info.c 2013-08-16 15:31:35.726003892 +0200
+@@ -167,6 +167,7 @@ start:
+ #ifndef OPENSSL_NO_RSA
+ if (strcmp(name,PEM_STRING_RSA) == 0)
+ {
++ d2i=(D2I_OF(void))d2i_RSAPrivateKey;
+ if (xi->x_pkey != NULL)
+ {
+ if (!sk_X509_INFO_push(ret,xi)) goto err;
+diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports 2013-08-16 15:31:35.697003256 +0200
++++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-08-16 15:33:37.770673918 +0200
+@@ -582,6 +582,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CT
+ pm = RSA_NO_PADDING;
+ else if (!strcmp(value, "oeap"))
+ pm = RSA_PKCS1_OAEP_PADDING;
++ else if (!strcmp(value, "oaep"))
++ pm = RSA_PKCS1_OAEP_PADDING;
+ else if (!strcmp(value, "x931"))
+ pm = RSA_X931_PADDING;
+ else if (!strcmp(value, "pss"))
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.backports openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.backports 2013-08-16 15:31:35.721003782 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-08-16 15:31:35.726003892 +0200
+@@ -696,6 +696,7 @@ static int check_cert(X509_STORE_CTX *ct
+ X509_CRL *crl = NULL, *dcrl = NULL;
+ X509 *x;
+ int ok, cnum;
++ unsigned int last_reasons;
+ cnum = ctx->error_depth;
+ x = sk_X509_value(ctx->chain, cnum);
+ ctx->current_cert = x;
+@@ -704,6 +705,7 @@ static int check_cert(X509_STORE_CTX *ct
+ ctx->current_reasons = 0;
+ while (ctx->current_reasons != CRLDP_ALL_REASONS)
+ {
++ last_reasons = ctx->current_reasons;
+ /* Try to retrieve relevant CRL */
+ if (ctx->get_crl)
+ ok = ctx->get_crl(ctx, &crl, x);
+@@ -747,6 +749,15 @@ static int check_cert(X509_STORE_CTX *ct
+ X509_CRL_free(dcrl);
+ crl = NULL;
+ dcrl = NULL;
++ /* If reasons not updated we wont get anywhere by
++ * another iteration, so exit loop.
++ */
++ if (last_reasons == ctx->current_reasons)
++ {
++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
++ ok = ctx->verify_cb(0, ctx);
++ goto err;
++ }
+ }
+ err:
+ X509_CRL_free(crl);
+diff -up openssl-1.0.1e/crypto/x509/x_all.c.backports openssl-1.0.1e/crypto/x509/x_all.c
+--- openssl-1.0.1e/crypto/x509/x_all.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x_all.c 2013-08-16 15:33:25.247399940 +0200
+@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, c
+
+ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+ {
++ x->cert_info->enc.modified = 1;
+ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+ x->cert_info->signature,
+ x->sig_alg, x->signature, x->cert_info, ctx);
+@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY
+
+ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+ {
++ x->crl->enc.modified = 1;
+ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+ x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
+ }
+diff -up openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
+--- openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-08-16 15:31:35.727003914 +0200
+@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl
an application specific error. This will never be returned unless explicitly
set by an application.
@@ -36,56 +87,36 @@ index a883f6c..60e8332 100644
=head1 NOTES
The above functions should be used instead of directly referencing the fields
-diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
-index 632b556..5e66133 100644
---- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
-@@ -66,16 +66,16 @@ values:
+diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports openssl-1.0.1e/doc/ssl/SSL_accept.pod
+--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports 2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-08-16 15:31:35.727003914 +0200
+@@ -44,17 +44,17 @@ The following return values can occur:
=over 4
-=item 1
-
--The operation succeeded.
+-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+-established.
-
=item 0
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+=item 1
+
-+The operation succeeded.
-+
- =back
-
- =head1 EXAMPLES
-diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-index b80e25b..7e60df5 100644
---- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
-
- Return values from the server callback are interpreted as follows:
-
-+=over 4
++The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
++established.
+
- =item > 0
-
- PSK identity was found and the server callback has provided the PSK
-@@ -99,4 +101,6 @@ completely.
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
+ =item E<lt>0
-+=back
-+
- =cut
-diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
-index cc724c0..b1c34d1 100644
---- a/doc/ssl/SSL_accept.pod
-+++ b/doc/ssl/SSL_accept.pod
-@@ -44,17 +44,17 @@ The following return values can occur:
+ The TLS/SSL handshake was not successful because a fatal error occurred either
+diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports openssl-1.0.1e/doc/ssl/SSL_connect.pod
+--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports 2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-08-16 15:31:35.727003914 +0200
+@@ -41,17 +41,17 @@ The following return values can occur:
=over 4
@@ -107,38 +138,53 @@ index cc724c0..b1c34d1 100644
+
=item E<lt>0
- The TLS/SSL handshake was not successful because a fatal error occurred either
-diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
-index cc56ebb..946ca89 100644
---- a/doc/ssl/SSL_connect.pod
-+++ b/doc/ssl/SSL_connect.pod
-@@ -41,17 +41,17 @@ The following return values can occur:
+ The TLS/SSL handshake was not successful, because a fatal error occurred either
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports 2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-08-16 15:31:35.727003914 +0200
+@@ -66,16 +66,16 @@ values:
=over 4
-=item 1
-
--The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
--established.
+-The operation succeeded.
-
=item 0
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+=item 1
+
-+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-+established.
++The operation succeeded.
+
- =item E<lt>0
+ =back
- The TLS/SSL handshake was not successful, because a fatal error occurred either
-diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
-index 2435764..7f8cf24 100644
---- a/doc/ssl/SSL_do_handshake.pod
-+++ b/doc/ssl/SSL_do_handshake.pod
+ =head1 EXAMPLES
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-08-16 15:31:35.727003914 +0200
+@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_
+
+ Return values from the server callback are interpreted as follows:
+
++=over 4
++
+ =item > 0
+
+ PSK identity was found and the server callback has provided the PSK
+@@ -99,4 +101,6 @@ completely.
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+
++=back
++
+ =cut
+diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
+--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports 2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-08-16 15:31:35.727003914 +0200
@@ -45,17 +45,17 @@ The following return values can occur:
=over 4
@@ -162,10 +208,9 @@ index 2435764..7f8cf24 100644
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
-diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
-index 89911ac..42a89b7 100644
---- a/doc/ssl/SSL_shutdown.pod
-+++ b/doc/ssl/SSL_shutdown.pod
+diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
+--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports 2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-08-16 15:31:35.728003935 +0200
@@ -92,11 +92,6 @@ The following return values can occur:
=over 4
@@ -178,7 +223,7 @@ index 89911ac..42a89b7 100644
=item 0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
-@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be performed.
+@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be per
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
@@ -190,26 +235,84 @@ index 89911ac..42a89b7 100644
=item -1
The shutdown was not successful because a fatal error occurred either
---
-1.7.9.5
-
-From 147dbb2fe3bead7a10e2f280261b661ce7af7adc Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Mon, 11 Feb 2013 18:24:03 +0000
-Subject: [PATCH] Fix for SSL_get_certificate
-
-Now we set the current certificate to the one used by a server
-there is no need to call ssl_get_server_send_cert which will
-fail if we haven't sent a certificate yet.
----
- ssl/ssl_lib.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 14d143d..ff5a85a 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
+diff -up openssl-1.0.1e/ssl/d1_lib.c.backports openssl-1.0.1e/ssl/d1_lib.c
+--- openssl-1.0.1e/ssl/d1_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_lib.c 2013-08-16 15:33:33.306576363 +0200
+@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
+ pqueue_free(s->d1->buffered_app_data.q);
+
+ OPENSSL_free(s->d1);
++ s->d1 = NULL;
+ }
+
+ void dtls1_clear(SSL *s)
+diff -up openssl-1.0.1e/ssl/d1_pkt.c.backports openssl-1.0.1e/ssl/d1_pkt.c
+--- openssl-1.0.1e/ssl/d1_pkt.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_pkt.c 2013-08-16 15:31:35.728003935 +0200
+@@ -847,6 +847,12 @@ start:
+ }
+ }
+
++ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
++ {
++ rr->length = 0;
++ goto start;
++ }
++
+ /* we now have a packet which can be read and processed */
+
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+@@ -1051,6 +1057,7 @@ start:
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+ !s->s3->renegotiate)
+ {
++ s->d1->handshake_read_seq++;
+ s->new_session = 1;
+ ssl3_renegotiate(s);
+ if (ssl3_renegotiate_check(s))
+diff -up openssl-1.0.1e/ssl/d1_srvr.c.backports openssl-1.0.1e/ssl/d1_srvr.c
+--- openssl-1.0.1e/ssl/d1_srvr.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_srvr.c 2013-08-16 15:31:35.728003935 +0200
+@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
+ case SSL3_ST_SW_HELLO_REQ_B:
+
+ s->shutdown=0;
++ dtls1_clear_record_buffer(s);
+ dtls1_start_timer(s);
+ ret=dtls1_send_hello_request(s);
+ if (ret <= 0) goto end;
+- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
++ s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+ s->state=SSL3_ST_SW_FLUSH;
+ s->init_num=0;
+
+diff -up openssl-1.0.1e/ssl/s3_cbc.c.backports openssl-1.0.1e/ssl/s3_cbc.c
+--- openssl-1.0.1e/ssl/s3_cbc.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_cbc.c 2013-08-16 15:31:35.729003956 +0200
+@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
+ unsigned padding_length, good, to_check, i;
+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ /* Check if version requires explicit IV */
+- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+ {
+ /* These lengths are all public so we can test them in
+ * non-constant time.
+diff -up openssl-1.0.1e/ssl/ssl_lib.c.backports openssl-1.0.1e/ssl/ssl_lib.c
+--- openssl-1.0.1e/ssl/ssl_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/ssl_lib.c 2013-08-16 15:31:35.729003956 +0200
+@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+
+ ret->extra_certs=NULL;
+- ret->comp_methods=SSL_COMP_get_compression_methods();
++ /* No compression for DTLS */
++ if (meth->version != DTLS1_VERSION)
++ ret->comp_methods=SSL_COMP_get_compression_methods();
+
+ ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
@@ -220,37 +323,23 @@ index 14d143d..ff5a85a 100644
return(s->cert->key->x509);
else
return(NULL);
---
-1.7.9.5
-
-From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw2 at infradead.org>
-Date: Tue, 12 Feb 2013 14:55:32 +0000
-Subject: [PATCH] Check DTLS_BAD_VER for version number.
-
-The version check for DTLS1_VERSION was redundant as
-DTLS1_VERSION > TLS1_1_VERSION, however we do need to
-check for DTLS1_BAD_VER for compatibility.
-
-PR:2984
-(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
----
- ssl/s3_cbc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 02edf3f..443a31e 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
- unsigned padding_length, good, to_check, i;
- const unsigned overhead = 1 /* padding length byte */ + mac_size;
- /* Check if version requires explicit IV */
-- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
-+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
- {
- /* These lengths are all public so we can test them in
- * non-constant time.
---
-1.7.9.5
-
+diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
+index 3b6c469..e8a7518 100644
+--- a/crypto/x86cpuid.pl
++++ b/crypto/x86cpuid.pl
+@@ -69,6 +69,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ &inc ("esi"); # number of cores
+
+ &mov ("eax",1);
++ &xor ("ecx","ecx");
+ &cpuid ();
+ &bt ("edx",28);
+ &jnc (&label("generic"));
+@@ -102,6 +103,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+ &set_label("nocacheinfo");
+ &mov ("eax",1);
++ &xor ("ecx","ecx");
+ &cpuid ();
+ &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
+ &cmp ("ebp",0);
diff --git a/openssl-1.0.1e-compat-symbols.patch b/openssl-1.0.1e-compat-symbols.patch
new file mode 100644
index 0000000..25a9d02
--- /dev/null
+++ b/openssl-1.0.1e-compat-symbols.patch
@@ -0,0 +1,46 @@
+diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.compat openssl-1.0.1e/crypto/dsa/dsa_key.c
+--- openssl-1.0.1e/crypto/dsa/dsa_key.c.compat 2013-11-26 14:36:35.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-12-11 16:34:58.638549687 +0100
+@@ -68,6 +68,11 @@
+ #include <openssl/fips.h>
+ #include <openssl/evp.h>
+
++/* just a compatibility symbol - no-op */
++void FIPS_corrupt_dsa_keygen(void)
++ {
++ }
++
+ static int fips_check_dsa(DSA *dsa)
+ {
+ EVP_PKEY *pk;
+diff -up openssl-1.0.1e/crypto/engine/eng_all.c.compat openssl-1.0.1e/crypto/engine/eng_all.c
+--- openssl-1.0.1e/crypto/engine/eng_all.c.compat 2013-11-26 14:36:35.000000000 +0100
++++ openssl-1.0.1e/crypto/engine/eng_all.c 2013-12-11 16:32:13.512820424 +0100
+@@ -62,6 +62,11 @@
+ #include <openssl/fips.h>
+ #endif
+
++/* just backwards compatibility symbol - no-op */
++void ENGINE_load_aesni (void)
++{
++}
++
+ void ENGINE_load_builtin_engines(void)
+ {
+ /* Some ENGINEs need this */
+diff -up openssl-1.0.1e/crypto/fips/fips.c.compat openssl-1.0.1e/crypto/fips/fips.c
+--- openssl-1.0.1e/crypto/fips/fips.c.compat 2013-11-26 14:36:35.000000000 +0100
++++ openssl-1.0.1e/crypto/fips/fips.c 2013-12-11 16:38:52.524831858 +0100
+@@ -111,6 +111,12 @@ int FIPS_module_mode(void)
+ return ret;
+ }
+
++/* just a compat symbol - return NULL */
++const void *FIPS_rand_check(void)
++ {
++ return NULL;
++ }
++
+ int FIPS_selftest_failed(void)
+ {
+ int ret = 0;
diff --git a/openssl-1.0.1e-cve-2013-4353.patch b/openssl-1.0.1e-cve-2013-4353.patch
new file mode 100644
index 0000000..5f96116
--- /dev/null
+++ b/openssl-1.0.1e-cve-2013-4353.patch
@@ -0,0 +1,21 @@
+Fix for TLS record tampering bug. A carefully crafted invalid
+handshake could crash OpenSSL with a NULL pointer exception.
+Thanks to Anton Johansson for reporting this issues.
+(CVE-2013-4353)
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s->s3->tmp.new_cipher == NULL)
++ return;
+ if (s->state & SSL_ST_CONNECT)
+ {
+ sender=s->method->ssl3_enc->server_finished_label;
diff --git a/openssl-1.0.1e-cve-2013-6449.patch b/openssl-1.0.1e-cve-2013-6449.patch
new file mode 100644
index 0000000..d80a178
--- /dev/null
+++ b/openssl-1.0.1e-cve-2013-6449.patch
@@ -0,0 +1,111 @@
+Use version in SSL_METHOD not SSL structure.
+
+When deciding whether to use TLS 1.2 PRF and record hash algorithms
+use the version number in the corresponding SSL_METHOD structure
+instead of the SSL structure. The SSL structure version is sometimes
+inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
+(CVE-2013-6449)
+
+Also preventively check EVP errors for handshake digests.
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s->s3->tmp.new_cipher->algorithm2;
+- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++ if (s->method->version == TLS1_2_VERSION &&
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index ead01c8..1e5dcab 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+
+ i=s->method->ssl3_enc->final_finish_mac(s,
+ sender,slen,s->s3->tmp.finish_md);
++ if (i == 0)
++ return 0;
+ s->s3->tmp.finish_md_len = i;
+ memcpy(p, s->s3->tmp.finish_md, i);
+ p+=i;
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 804291e..c4bc4e7 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
+ if (version != s->version)
+ {
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+- if ((s->version & 0xFF00) == (version & 0xFF00))
++ if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
+ /* Send back error using their minor version number :-) */
+ s->version = (unsigned short)version;
+ al=SSL_AD_PROTOCOL_VERSION;
+@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ slen=s->method->ssl3_enc->client_finished_label_len;
+ }
+
+- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
++ i = s->method->ssl3_enc->final_finish_mac(s,
+ sender,slen,s->s3->tmp.peer_finish_md);
++ if (i == 0)
++ {
++ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ s->s3->tmp.peer_finish_md_len = i;
+
+ return(1);
+ }
+diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
+index e5a8b3f..52efed3 100644
+--- a/ssl/s3_srvr.c
++++ b/ssl/s3_srvr.c
+@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
+ (s->version != DTLS1_VERSION && s->client_version < s->version))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
++ if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
++ !s->enc_write_ctx && !s->write_hash)
+ {
+ /* similar to ssl3_get_record, send alert using remote version number */
+ s->version = s->client_version;
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 809ad2e..72015f5 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
+ if (mask & ssl_get_algorithm2(s))
+ {
+ int hashsize = EVP_MD_size(md);
+- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
++ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+ {
+ /* internal error: 'buf' is too small for this cipersuite! */
+ err = 1;
+ }
+ else
+ {
+- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
+- EVP_DigestFinal_ex(&ctx,q,&i);
+- if (i != (unsigned int)hashsize) /* can't really happen */
++ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
++ !EVP_DigestFinal_ex(&ctx,q,&i) ||
++ (i != (unsigned int)hashsize))
+ err = 1;
+- q+=i;
++ q+=hashsize;
+ }
+ }
+ }
+--
+1.8.3.1
+
diff --git a/openssl-1.0.1e-cve-2013-6450.patch b/openssl-1.0.1e-cve-2013-6450.patch
new file mode 100644
index 0000000..fa096c8
--- /dev/null
+++ b/openssl-1.0.1e-cve-2013-6450.patch
@@ -0,0 +1,85 @@
+Fix DTLS retransmission from previous session.
+
+For DTLS we might need to retransmit messages from the previous session
+so keep a copy of write context in DTLS retransmission buffers instead
+of replacing it after sending CCS. CVE-2013-6450.
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 65ec001..7a5596a 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ {
++
++ if (frag->msg_header.is_ccs)
++ {
++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++ }
+ if (frag->fragment) OPENSSL_free(frag->fragment);
+ if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+index 96ce9a7..e485907 100644
+--- a/ssl/ssl_locl.h
++++ b/ssl/ssl_locl.h
+@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ s_get_meth) \
+ const SSL_METHOD *func_name(void) \
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 72015f5..56db834 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
+ s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ else
+ s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+- if (s->enc_write_ctx != NULL)
++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ reuse_dd = 1;
+- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ goto err;
+- else
+- /* make sure it's intialized in case we exit later with an error */
+- EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ dd= s->enc_write_ctx;
+- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++ if (SSL_IS_DTLS(s))
++ {
++ mac_ctx = EVP_MD_CTX_create();
++ if (!mac_ctx)
++ goto err;
++ s->write_hash = mac_ctx;
++ }
++ else
++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL)
+ {
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index 6fc469f..d14e8e4 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
+
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+ {
+- EVP_MD_CTX_cleanup(ctx);
+- OPENSSL_free(ctx);
++ if (ctx)
++ {
++ EVP_MD_CTX_cleanup(ctx);
++ OPENSSL_free(ctx);
++ }
+ }
+
+ /* This call frees resources associated with the context */
diff --git a/openssl-1.0.1e-ecc-suiteb.patch b/openssl-1.0.1e-ecc-suiteb.patch
new file mode 100644
index 0000000..dc87b00
--- /dev/null
+++ b/openssl-1.0.1e-ecc-suiteb.patch
@@ -0,0 +1,124 @@
+diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
+--- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100
++++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100
+@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
+ else
+ #endif
+ #ifndef OPENSSL_NO_ECDSA
+- if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
+- else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
+- else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
+- else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
++ if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
+ else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
+ else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+- else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
+- else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
+- else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
+- else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
+- else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
+- else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
+- else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
+- else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
+- else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
+- else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
+ else if (strcmp(*argv,"ecdsa") == 0)
+ {
+- for (i=0; i < EC_NUM; i++)
++ for (i=R_EC_P256; i <= R_EC_P521; i++)
+ ecdsa_doit[i]=1;
+ }
+ else
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+- if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
+- else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
+- else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
+- else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
++ if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
+ else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
+ else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+- else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
+- else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
+- else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
+- else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
+- else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
+- else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
+- else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
+- else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
+- else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
+- else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
+ else if (strcmp(*argv,"ecdh") == 0)
+ {
+- for (i=0; i < EC_NUM; i++)
++ for (i=R_EC_P256; i <= R_EC_P521; i++)
+ ecdh_doit[i]=1;
+ }
+ else
+@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv)
+ BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
+ #endif
+ #ifndef OPENSSL_NO_ECDSA
+- BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+- BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+- BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
++ BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n");
+ BIO_printf(bio_err,"ecdsa\n");
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+- BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
+- BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
+- BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
++ BIO_printf(bio_err,"ecdhp256 ecdhp384 ecdhp521\n");
+ BIO_printf(bio_err,"ecdh\n");
+ #endif
+
+@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv)
+ if (!FIPS_mode() || i != R_DSA_512)
+ dsa_doit[i]=1;
+ #ifndef OPENSSL_NO_ECDSA
+- for (i=0; i<EC_NUM; i++)
++ for (i=R_EC_P256; i <= R_EC_P521; i++)
+ ecdsa_doit[i]=1;
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+- for (i=0; i<EC_NUM; i++)
++ for (i=R_EC_P256; i <= R_EC_P521; i++)
+ ecdh_doit[i]=1;
+ #endif
+ }
+diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
+--- openssl-1.0.1e/ssl/t1_lib.c.suiteb 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/t1_lib.c 2013-11-08 18:05:27.551617554 +0100
+@@ -204,31 +204,9 @@ static int nid_list[] =
+
+ static int pref_list[] =
+ {
+- NID_sect571r1, /* sect571r1 (14) */
+- NID_sect571k1, /* sect571k1 (13) */
+ NID_secp521r1, /* secp521r1 (25) */
+- NID_sect409k1, /* sect409k1 (11) */
+- NID_sect409r1, /* sect409r1 (12) */
+ NID_secp384r1, /* secp384r1 (24) */
+- NID_sect283k1, /* sect283k1 (9) */
+- NID_sect283r1, /* sect283r1 (10) */
+- NID_secp256k1, /* secp256k1 (22) */
+ NID_X9_62_prime256v1, /* secp256r1 (23) */
+- NID_sect239k1, /* sect239k1 (8) */
+- NID_sect233k1, /* sect233k1 (6) */
+- NID_sect233r1, /* sect233r1 (7) */
+- NID_secp224k1, /* secp224k1 (20) */
+- NID_secp224r1, /* secp224r1 (21) */
+- NID_sect193r1, /* sect193r1 (4) */
+- NID_sect193r2, /* sect193r2 (5) */
+- NID_secp192k1, /* secp192k1 (18) */
+- NID_X9_62_prime192v1, /* secp192r1 (19) */
+- NID_sect163k1, /* sect163k1 (1) */
+- NID_sect163r1, /* sect163r1 (2) */
+- NID_sect163r2, /* sect163r2 (3) */
+- NID_secp160k1, /* secp160k1 (15) */
+- NID_secp160r1, /* secp160r1 (16) */
+- NID_secp160r2, /* secp160r2 (17) */
+ };
+
+ int tls1_ec_curve_id2nid(int curve_id)
diff --git a/openssl-1.0.1e-fips-ctor.patch b/openssl-1.0.1e-fips-ctor.patch
new file mode 100644
index 0000000..44576ef
--- /dev/null
+++ b/openssl-1.0.1e-fips-ctor.patch
@@ -0,0 +1,179 @@
+diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/fips.c
+--- openssl-1.0.1e/crypto/fips/fips.c.fips-ctor 2013-09-26 13:52:30.767885457 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c 2013-09-26 14:01:29.406010187 +0200
+@@ -60,6 +60,8 @@
+ #include <dlfcn.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <unistd.h>
++#include <errno.h>
+ #include "fips_locl.h"
+
+ #ifdef OPENSSL_FIPS
+@@ -198,8 +200,10 @@ bin2hex(void *buf, size_t len)
+ return hex;
+ }
+
+-#define HMAC_PREFIX "."
+-#define HMAC_SUFFIX ".hmac"
++#define HMAC_PREFIX "."
++#ifndef HMAC_SUFFIX
++#define HMAC_SUFFIX ".hmac"
++#endif
+ #define READ_BUFFER_LENGTH 16384
+
+ static char *
+@@ -279,19 +283,13 @@ end:
+ }
+
+ static int
+-FIPSCHECK_verify(const char *libname, const char *symbolname)
++FIPSCHECK_verify(const char *path)
+ {
+- char path[PATH_MAX+1];
+- int rv;
++ int rv = 0;
+ FILE *hf;
+ char *hmacpath, *p;
+ char *hmac = NULL;
+ size_t n;
+-
+- rv = get_library_path(libname, symbolname, path, sizeof(path));
+-
+- if (rv < 0)
+- return 0;
+
+ hmacpath = make_hmac_path(path);
+ if (hmacpath == NULL)
+@@ -341,6 +339,53 @@ end:
+ return 1;
+ }
+
++static int
++verify_checksums(void)
++ {
++ int rv;
++ char path[PATH_MAX+1];
++ char *p;
++
++ /* we need to avoid dlopening libssl, assume both libcrypto and libssl
++ are in the same directory */
++
++ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
++ if (rv < 0)
++ return 0;
++
++ rv = FIPSCHECK_verify(path);
++ if (!rv)
++ return 0;
++
++ /* replace libcrypto with libssl */
++ while ((p = strstr(path, "libcrypto.so")) != NULL)
++ {
++ p = stpcpy(p, "libssl");
++ memmove(p, p+3, strlen(p+2));
++ }
++
++ rv = FIPSCHECK_verify(path);
++ if (!rv)
++ return 0;
++ return 1;
++ }
++
++#ifndef FIPS_MODULE_PATH
++#define FIPS_MODULE_PATH "/etc/system-fips"
++#endif
++
++int
++FIPS_module_installed(void)
++ {
++ int rv;
++ rv = access(FIPS_MODULE_PATH, F_OK);
++ if (rv < 0 && errno != ENOENT)
++ rv = 0;
++
++ /* Installed == true */
++ return !rv;
++ }
++
+ int FIPS_module_mode_set(int onoff, const char *auth)
+ {
+ int ret = 0;
+@@ -379,15 +424,7 @@ int FIPS_module_mode_set(int onoff, cons
+ }
+ #endif
+
+- if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
+- {
+- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+- fips_selftest_fail = 1;
+- ret = 0;
+- goto end;
+- }
+-
+- if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
++ if(!verify_checksums())
+ {
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ fips_selftest_fail = 1;
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ctor openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ctor 2013-09-26 13:52:30.814886515 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h 2013-09-26 13:52:30.816886560 +0200
+@@ -74,6 +74,7 @@ struct hmac_ctx_st;
+
+ int FIPS_module_mode_set(int onoff, const char *auth);
+ int FIPS_module_mode(void);
++int FIPS_module_installed(void);
+ const void *FIPS_rand_check(void);
+ int FIPS_selftest(void);
+ int FIPS_selftest_failed(void);
+diff -up openssl-1.0.1e/crypto/o_init.c.fips-ctor openssl-1.0.1e/crypto/o_init.c
+--- openssl-1.0.1e/crypto/o_init.c.fips-ctor 2013-09-26 13:52:30.807886357 +0200
++++ openssl-1.0.1e/crypto/o_init.c 2013-09-26 14:00:21.000000000 +0200
+@@ -71,6 +71,9 @@ static void init_fips_mode(void)
+ char buf[2] = "0";
+ int fd;
+
++ /* Ensure the selftests always run */
++ FIPS_mode_set(1);
++
+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ {
+ buf[0] = '1';
+@@ -85,9 +88,15 @@ static void init_fips_mode(void)
+ * otherwise.
+ */
+
+- if (buf[0] == '1')
++ if (buf[0] != '1')
++ {
++ /* drop down to non-FIPS mode if it is not requested */
++ FIPS_mode_set(0);
++ }
++ else
+ {
+- FIPS_mode_set(1);
++ /* abort if selftest failed */
++ FIPS_selftest_check();
+ }
+ }
+ #endif
+@@ -96,13 +105,17 @@ static void init_fips_mode(void)
+ * Currently only sets FIPS callbacks
+ */
+
+-void OPENSSL_init_library(void)
++void __attribute__ ((constructor)) OPENSSL_init_library(void)
+ {
+ static int done = 0;
+ if (done)
+ return;
+ done = 1;
+ #ifdef OPENSSL_FIPS
++ if (!FIPS_module_installed())
++ {
++ return;
++ }
+ RAND_init_fips();
+ init_fips_mode();
+ if (!FIPS_mode())
diff --git a/openssl-1.0.1e-fips-ec.patch b/openssl-1.0.1e-fips-ec.patch
new file mode 100644
index 0000000..7287dae
--- /dev/null
+++ b/openssl-1.0.1e-fips-ec.patch
@@ -0,0 +1,2039 @@
+diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h
+--- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec 2013-11-08 17:59:42.755019363 +0100
++++ openssl-1.0.1e/crypto/ecdh/ecdh.h 2013-11-08 17:59:43.147028002 +0100
+@@ -85,6 +85,8 @@
+ extern "C" {
+ #endif
+
++#define EC_FLAG_COFACTOR_ECDH 0x1000
++
+ const ECDH_METHOD *ECDH_OpenSSL(void);
+
+ void ECDH_set_default_method(const ECDH_METHOD *);
+diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c
+--- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c 2013-11-08 17:59:54.712282862 +0100
+@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ /* NIST PRIME CURVES TESTS */
++#if 0
+ if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
++#endif
+ if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c
+--- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdh/ech_lib.c 2013-11-08 17:59:43.148028024 +0100
+@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
+ {
+ if(!default_ECDH_method)
+ {
+-#ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return FIPS_ecdh_openssl();
+- else
+- return ECDH_OpenSSL();
+-#else
+ default_ECDH_method = ECDH_OpenSSL();
+-#endif
+ }
+ return default_ECDH_method;
+ }
+diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c
+--- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c 2013-11-08 17:59:43.148028024 +0100
+@@ -79,6 +79,10 @@
+ #include <openssl/obj_mac.h>
+ #include <openssl/bn.h>
+
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+ EC_KEY *ecdh,
+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+@@ -90,7 +94,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
+ NULL, /* init */
+ NULL, /* finish */
+ #endif
+- 0, /* flags */
++ ECDH_FLAG_FIPS_METHOD, /* flags */
+ NULL /* app_data */
+ };
+
+@@ -118,6 +122,14 @@ static int ecdh_compute_key(void *out, s
+ size_t buflen, len;
+ unsigned char *buf=NULL;
+
++#ifdef OPENSSL_FIPS
++ if(FIPS_selftest_failed())
++ {
++ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
++ return -1;
++ }
++#endif
++
+ if (outlen > INT_MAX)
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
+@@ -137,6 +149,18 @@ static int ecdh_compute_key(void *out, s
+ }
+
+ group = EC_KEY_get0_group(ecdh);
++
++ if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH)
++ {
++ if (!EC_GROUP_get_cofactor(group, x, ctx) ||
++ !BN_mul(x, x, priv_key, ctx))
++ {
++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ priv_key = x;
++ }
++
+ if ((tmp=EC_POINT_new(group)) == NULL)
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
+--- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c 2013-11-08 17:59:43.148028024 +0100
+@@ -138,11 +138,14 @@ int restore_rand(void)
+ }
+
+ static int fbytes_counter = 0;
+-static const char *numbers[8] = {
++static const char *numbers[10] = {
++ "651056770906015076056810763456358567190100156695615665659",
+ "651056770906015076056810763456358567190100156695615665659",
+ "6140507067065001063065065565667405560006161556565665656654",
+ "8763001015071075675010661307616710783570106710677817767166"
+ "71676178726717",
++ "8763001015071075675010661307616710783570106710677817767166"
++ "71676178726717",
+ "7000000175690566466555057817571571075705015757757057795755"
+ "55657156756655",
+ "1275552191113212300012030439187146164646146646466749494799",
+@@ -157,7 +160,7 @@ int fbytes(unsigned char *buf, int num)
+ int ret;
+ BIGNUM *tmp = NULL;
+
+- if (fbytes_counter >= 8)
++ if (fbytes_counter >= 10)
+ return 0;
+ tmp = BN_new();
+ if (!tmp)
+@@ -550,7 +553,9 @@ int main(void)
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+ /* the tests */
++#if 0
+ if (!x9_62_tests(out)) goto err;
++#endif
+ if (!test_builtin(out)) goto err;
+
+ ret = 0;
+diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
+--- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c 2013-11-08 17:59:43.148028024 +0100
+@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
+ {
+ if(!default_ECDSA_method)
+ {
+-#ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return FIPS_ecdsa_openssl();
+- else
+- return ECDSA_OpenSSL();
+-#else
+ default_ECDSA_method = ECDSA_OpenSSL();
+-#endif
+ }
+ return default_ECDSA_method;
+ }
+diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
+--- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c 2013-11-08 17:59:43.148028024 +0100
+@@ -60,6 +60,9 @@
+ #include <openssl/err.h>
+ #include <openssl/obj_mac.h>
+ #include <openssl/bn.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+
+ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
+ const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
+@@ -77,7 +80,7 @@ static ECDSA_METHOD openssl_ecdsa_meth =
+ NULL, /* init */
+ NULL, /* finish */
+ #endif
+- 0, /* flags */
++ ECDSA_FLAG_FIPS_METHOD, /* flags */
+ NULL /* app_data */
+ };
+
+@@ -231,6 +234,14 @@ static ECDSA_SIG *ecdsa_do_sign(const un
+ ECDSA_DATA *ecdsa;
+ const BIGNUM *priv_key;
+
++#ifdef OPENSSL_FIPS
++ if(FIPS_selftest_failed())
++ {
++ FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
++ return NULL;
++ }
++#endif
++
+ ecdsa = ecdsa_check(eckey);
+ group = EC_KEY_get0_group(eckey);
+ priv_key = EC_KEY_get0_private_key(eckey);
+@@ -360,6 +371,14 @@ static int ecdsa_do_verify(const unsigne
+ const EC_GROUP *group;
+ const EC_POINT *pub_key;
+
++#ifdef OPENSSL_FIPS
++ if(FIPS_selftest_failed())
++ {
++ FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
++ return -1;
++ }
++#endif
++
+ /* check input values */
+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+ (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
+diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c
+--- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ec_key.c 2013-11-08 17:59:43.148028024 +0100
+@@ -64,9 +64,6 @@
+ #include <string.h>
+ #include "ec_lcl.h"
+ #include <openssl/err.h>
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+
+ EC_KEY *EC_KEY_new(void)
+ {
+@@ -234,6 +231,39 @@ int EC_KEY_up_ref(EC_KEY *r)
+ return ((i > 1) ? 1 : 0);
+ }
+
++#ifdef OPENSSL_FIPS
++
++#include <openssl/evp.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++
++static int fips_check_ec(EC_KEY *key)
++ {
++ EVP_PKEY *pk;
++ unsigned char tbs[] = "ECDSA Pairwise Check Data";
++ int ret = 0;
++
++ if ((pk=EVP_PKEY_new()) == NULL)
++ goto err;
++
++ EVP_PKEY_set1_EC_KEY(pk, key);
++
++ if (fips_pkey_signature_test(pk, tbs, 0, NULL, 0, NULL, 0, NULL))
++ ret = 1;
++
++ err:
++ if (ret == 0)
++ {
++ FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
++ fips_set_selftest_fail();
++ }
++ if (pk)
++ EVP_PKEY_free(pk);
++ return ret;
++ }
++
++#endif
++
+ int EC_KEY_generate_key(EC_KEY *eckey)
+ {
+ int ok = 0;
+@@ -242,8 +272,11 @@ int EC_KEY_generate_key(EC_KEY *eckey)
+ EC_POINT *pub_key = NULL;
+
+ #ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return FIPS_ec_key_generate_key(eckey);
++ if(FIPS_selftest_failed())
++ {
++ FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
++ return 0;
++ }
+ #endif
+
+ if (!eckey || !eckey->group)
+@@ -287,6 +320,15 @@ int EC_KEY_generate_key(EC_KEY *eckey)
+ eckey->priv_key = priv_key;
+ eckey->pub_key = pub_key;
+
++#ifdef OPENSSL_FIPS
++ if(!fips_check_ec(eckey))
++ {
++ eckey->priv_key = NULL;
++ eckey->pub_key = NULL;
++ goto err;
++ }
++#endif
++
+ ok=1;
+
+ err:
+@@ -429,10 +471,12 @@ int EC_KEY_set_public_key_affine_coordin
+ tx, ty, ctx))
+ goto err;
+ }
+- /* Check if retrieved coordinates match originals: if not values
+- * are out of range.
++ /* Check if retrieved coordinates match originals and are less than
++ * field order: if not values are out of range.
+ */
+- if (BN_cmp(x, tx) || BN_cmp(y, ty))
++ if (BN_cmp(x, tx) || BN_cmp(y, ty)
++ || (BN_cmp(x, &key->group->field) >= 0)
++ || (BN_cmp(y, &key->group->field) >= 0))
+ {
+ ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+ EC_R_COORDINATES_OUT_OF_RANGE);
+diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c
+--- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ecp_mont.c 2013-11-08 17:59:43.149028046 +0100
+@@ -63,18 +63,11 @@
+
+ #include <openssl/err.h>
+
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+-
+ #include "ec_lcl.h"
+
+
+ const EC_METHOD *EC_GFp_mont_method(void)
+ {
+-#ifdef OPENSSL_FIPS
+- return fips_ec_gfp_mont_method();
+-#else
+ static const EC_METHOD ret = {
+ EC_FLAGS_DEFAULT_OCT,
+ NID_X9_62_prime_field,
+@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void
+ ec_GFp_mont_field_set_to_one };
+
+ return &ret;
+-#endif
+ }
+
+
+diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c
+--- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ecp_nist.c 2013-11-08 17:59:43.149028046 +0100
+@@ -67,15 +67,8 @@
+ #include <openssl/obj_mac.h>
+ #include "ec_lcl.h"
+
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+-
+ const EC_METHOD *EC_GFp_nist_method(void)
+ {
+-#ifdef OPENSSL_FIPS
+- return fips_ec_gfp_nist_method();
+-#else
+ static const EC_METHOD ret = {
+ EC_FLAGS_DEFAULT_OCT,
+ NID_X9_62_prime_field,
+@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
+ 0 /* field_set_to_one */ };
+
+ return &ret;
+-#endif
+ }
+
+ int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c
+--- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ecp_smpl.c 2013-11-08 17:59:43.149028046 +0100
+@@ -65,17 +65,10 @@
+ #include <openssl/err.h>
+ #include <openssl/symhacks.h>
+
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+-
+ #include "ec_lcl.h"
+
+ const EC_METHOD *EC_GFp_simple_method(void)
+ {
+-#ifdef OPENSSL_FIPS
+- return fips_ec_gfp_simple_method();
+-#else
+ static const EC_METHOD ret = {
+ EC_FLAGS_DEFAULT_OCT,
+ NID_X9_62_prime_field,
+@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
+ 0 /* field_set_to_one */ };
+
+ return &ret;
+-#endif
+ }
+
+
+@@ -186,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
+ return 0;
+ }
+
++ if (BN_num_bits(p) < 256)
++ {
++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
++ return 0;
++ }
++
+ if (ctx == NULL)
+ {
+ ctx = new_ctx = BN_CTX_new();
+diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c
+--- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_ecdsa.c 2013-11-08 17:59:43.149028046 +0100
+@@ -116,7 +116,6 @@
+ #include <openssl/x509.h>
+
+ #ifndef OPENSSL_NO_SHA
+-#ifndef OPENSSL_FIPS
+
+ static int init(EVP_MD_CTX *ctx)
+ { return SHA1_Init(ctx->md_data); }
+@@ -132,7 +131,7 @@ static const EVP_MD ecdsa_md=
+ NID_ecdsa_with_SHA1,
+ NID_ecdsa_with_SHA1,
+ SHA_DIGEST_LENGTH,
+- EVP_MD_FLAG_PKEY_DIGEST,
++ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+ init,
+ update,
+ final,
+@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
+ return(&ecdsa_md);
+ }
+ #endif
+-#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2013-11-08 17:59:43.149028046 +0100
++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c 2013-11-08 17:59:43.149028046 +0100
+@@ -0,0 +1,496 @@
++/* fips/ecdh/fips_ecdhvs.c */
++/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++ printf("No FIPS ECDH support\n");
++ return(0);
++}
++#else
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++#include <openssl/ecdh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++static const EVP_MD *eparse_md(char *line)
++ {
++ char *p;
++ if (line[0] != '[' || line[1] != 'E')
++ return NULL;
++ p = strchr(line, '-');
++ if (!p)
++ return NULL;
++ line = p + 1;
++ p = strchr(line, ']');
++ if (!p)
++ return NULL;
++ *p = 0;
++ p = line;
++ while(isspace(*p))
++ p++;
++ if (!strcmp(p, "SHA1"))
++ return EVP_sha1();
++ else if (!strcmp(p, "SHA224"))
++ return EVP_sha224();
++ else if (!strcmp(p, "SHA256"))
++ return EVP_sha256();
++ else if (!strcmp(p, "SHA384"))
++ return EVP_sha384();
++ else if (!strcmp(p, "SHA512"))
++ return EVP_sha512();
++ else
++ return NULL;
++ }
++
++static int lookup_curve2(char *cname)
++ {
++ char *p;
++ p = strchr(cname, ']');
++ if (!p)
++ {
++ fprintf(stderr, "Parse error: missing ]\n");
++ return NID_undef;
++ }
++ *p = 0;
++
++ if (!strcmp(cname, "B-163"))
++ return NID_sect163r2;
++ if (!strcmp(cname, "B-233"))
++ return NID_sect233r1;
++ if (!strcmp(cname, "B-283"))
++ return NID_sect283r1;
++ if (!strcmp(cname, "B-409"))
++ return NID_sect409r1;
++ if (!strcmp(cname, "B-571"))
++ return NID_sect571r1;
++ if (!strcmp(cname, "K-163"))
++ return NID_sect163k1;
++ if (!strcmp(cname, "K-233"))
++ return NID_sect233k1;
++ if (!strcmp(cname, "K-283"))
++ return NID_sect283k1;
++ if (!strcmp(cname, "K-409"))
++ return NID_sect409k1;
++ if (!strcmp(cname, "K-571"))
++ return NID_sect571k1;
++ if (!strcmp(cname, "P-192"))
++ return NID_X9_62_prime192v1;
++ if (!strcmp(cname, "P-224"))
++ return NID_secp224r1;
++ if (!strcmp(cname, "P-256"))
++ return NID_X9_62_prime256v1;
++ if (!strcmp(cname, "P-384"))
++ return NID_secp384r1;
++ if (!strcmp(cname, "P-521"))
++ return NID_secp521r1;
++
++ fprintf(stderr, "Unknown Curve name %s\n", cname);
++ return NID_undef;
++ }
++
++static int lookup_curve(char *cname)
++ {
++ char *p;
++ p = strchr(cname, ':');
++ if (!p)
++ {
++ fprintf(stderr, "Parse error: missing :\n");
++ return NID_undef;
++ }
++ cname = p + 1;
++ while(isspace(*cname))
++ cname++;
++ return lookup_curve2(cname);
++ }
++
++static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
++ {
++ EC_POINT *peer;
++ int rv;
++ BN_CTX *c;
++ peer = EC_POINT_new(group);
++ if (!peer)
++ return NULL;
++ c = BN_CTX_new();
++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
++ == NID_X9_62_prime_field)
++ rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
++ else
++#ifdef OPENSSL_NO_EC2M
++ {
++ fprintf(stderr, "ERROR: GF2m not supported\n");
++ exit(1);
++ }
++#else
++ rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
++#endif
++
++ BN_CTX_free(c);
++ if (rv)
++ return peer;
++ EC_POINT_free(peer);
++ return NULL;
++ }
++
++static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
++ {
++ const EC_POINT *pt;
++ const EC_GROUP *grp;
++ const EC_METHOD *meth;
++ int rv;
++ BIGNUM *tx, *ty;
++ const BIGNUM *d = NULL;
++ BN_CTX *ctx;
++ ctx = BN_CTX_new();
++ if (!ctx)
++ return 0;
++ tx = BN_CTX_get(ctx);
++ ty = BN_CTX_get(ctx);
++ if (!tx || !ty)
++ return 0;
++ grp = EC_KEY_get0_group(key);
++ pt = EC_KEY_get0_public_key(key);
++ if (exout)
++ d = EC_KEY_get0_private_key(key);
++ meth = EC_GROUP_method_of(grp);
++ if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
++ rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
++ else
++#ifdef OPENSSL_NO_EC2M
++ {
++ fprintf(stderr, "ERROR: GF2m not supported\n");
++ exit(1);
++ }
++#else
++ rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
++#endif
++
++ if (add_e)
++ {
++ do_bn_print_name(out, "QeIUTx", tx);
++ do_bn_print_name(out, "QeIUTy", ty);
++ if (d)
++ do_bn_print_name(out, "QeIUTd", d);
++ }
++ else
++ {
++ do_bn_print_name(out, "QIUTx", tx);
++ do_bn_print_name(out, "QIUTy", ty);
++ if (d)
++ do_bn_print_name(out, "QIUTd", d);
++ }
++
++ BN_CTX_free(ctx);
++
++ return rv;
++
++ }
++
++static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
++ BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
++ BIGNUM *cy, const EVP_MD *md,
++ unsigned char *rhash, size_t rhashlen)
++ {
++ EC_KEY *ec = NULL;
++ EC_POINT *peerkey = NULL;
++ unsigned char *Z;
++ unsigned char chash[EVP_MAX_MD_SIZE];
++ int Zlen;
++ ec = EC_KEY_new();
++ EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
++ EC_KEY_set_group(ec, group);
++ peerkey = make_peer(group, cx, cy);
++ if (rhash == NULL)
++ {
++ if (md)
++ rhashlen = M_EVP_MD_size(md);
++ EC_KEY_generate_key(ec);
++ ec_print_key(out, ec, md ? 1 : 0, exout);
++ }
++ else
++ {
++ EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
++ EC_KEY_set_private_key(ec, id);
++ }
++ Zlen = (EC_GROUP_get_degree(group) + 7)/8;
++ Z = OPENSSL_malloc(Zlen);
++ if (!Z)
++ exit(1);
++ ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
++ if (md)
++ {
++ if (exout)
++ OutputValue("Z", Z, Zlen, out, 0);
++ FIPS_digest(Z, Zlen, chash, NULL, md);
++ OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
++ chash, rhashlen, out, 0);
++ if (rhash)
++ {
++ fprintf(out, "Result = %s\n",
++ memcmp(chash, rhash, rhashlen) ? "F" : "P");
++ }
++ }
++ else
++ OutputValue("ZIUT", Z, Zlen, out, 0);
++ OPENSSL_cleanse(Z, Zlen);
++ OPENSSL_free(Z);
++ EC_KEY_free(ec);
++ EC_POINT_free(peerkey);
++ }
++
++#ifdef FIPS_ALGVS
++int fips_ecdhvs_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++ {
++ char **args = argv + 1;
++ int argn = argc - 1;
++ FILE *in, *out;
++ char buf[2048], lbuf[2048];
++ unsigned char *rhash = NULL;
++ long rhashlen;
++ BIGNUM *cx = NULL, *cy = NULL;
++ BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
++ const EVP_MD *md = NULL;
++ EC_GROUP *group = NULL;
++ char *keyword = NULL, *value = NULL;
++ int do_verify = -1, exout = 0;
++ int rv = 1;
++
++ int curve_nids[5] = {0,0,0,0,0};
++ int param_set = -1;
++
++ fips_algtest_init();
++
++ if (argn && !strcmp(*args, "ecdhver"))
++ {
++ do_verify = 1;
++ args++;
++ argn--;
++ }
++ else if (argn && !strcmp(*args, "ecdhgen"))
++ {
++ do_verify = 0;
++ args++;
++ argn--;
++ }
++
++ if (argn && !strcmp(*args, "-exout"))
++ {
++ exout = 1;
++ args++;
++ argn--;
++ }
++
++ if (do_verify == -1)
++ {
++ fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
++ exit(1);
++ }
++
++ if (argn == 2)
++ {
++ in = fopen(*args, "r");
++ if (!in)
++ {
++ fprintf(stderr, "Error opening input file\n");
++ exit(1);
++ }
++ out = fopen(args[1], "w");
++ if (!out)
++ {
++ fprintf(stderr, "Error opening output file\n");
++ exit(1);
++ }
++ }
++ else if (argn == 0)
++ {
++ in = stdin;
++ out = stdout;
++ }
++ else
++ {
++ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
++ exit(1);
++ }
++
++ while (fgets(buf, sizeof(buf), in) != NULL)
++ {
++ fputs(buf, out);
++ if (buf[0] == '[' && buf[1] == 'E')
++ {
++ int c = buf[2];
++ if (c < 'A' || c > 'E')
++ goto parse_error;
++ param_set = c - 'A';
++ /* If just [E?] then initial paramset */
++ if (buf[3] == ']')
++ continue;
++ if (group)
++ EC_GROUP_free(group);
++ group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
++ }
++ if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
++ {
++ int nid;
++ if (param_set == -1)
++ goto parse_error;
++ nid = lookup_curve(buf);
++ if (nid == NID_undef)
++ goto parse_error;
++ curve_nids[param_set] = nid;
++ }
++
++ if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
++ {
++ int nid = lookup_curve2(buf + 1);
++ if (nid == NID_undef)
++ goto parse_error;
++ if (group)
++ EC_GROUP_free(group);
++ group = EC_GROUP_new_by_curve_name(nid);
++ if (!group)
++ {
++ fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
++ return 1;
++ }
++ }
++
++ if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
++ {
++ md = eparse_md(buf);
++ if (md == NULL)
++ goto parse_error;
++ continue;
++ }
++ if (!parse_line(&keyword, &value, lbuf, buf))
++ continue;
++ if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
++ {
++ if (!do_hex2bn(&cx, value))
++ goto parse_error;
++ }
++ else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
++ {
++ if (!do_hex2bn(&cy, value))
++ goto parse_error;
++ if (do_verify == 0)
++ ec_output_Zhash(out, exout, group,
++ NULL, NULL, NULL,
++ cx, cy, md, rhash, rhashlen);
++ }
++ else if (!strcmp(keyword, "deIUT"))
++ {
++ if (!do_hex2bn(&id, value))
++ goto parse_error;
++ }
++ else if (!strcmp(keyword, "QeIUTx"))
++ {
++ if (!do_hex2bn(&ix, value))
++ goto parse_error;
++ }
++ else if (!strcmp(keyword, "QeIUTy"))
++ {
++ if (!do_hex2bn(&iy, value))
++ goto parse_error;
++ }
++ else if (!strcmp(keyword, "CAVSHashZZ"))
++ {
++ if (!md)
++ goto parse_error;
++ rhash = hex2bin_m(value, &rhashlen);
++ if (!rhash || rhashlen != M_EVP_MD_size(md))
++ goto parse_error;
++ ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
++ md, rhash, rhashlen);
++ }
++ }
++ rv = 0;
++ parse_error:
++ if (id)
++ BN_free(id);
++ if (ix)
++ BN_free(ix);
++ if (iy)
++ BN_free(iy);
++ if (cx)
++ BN_free(cx);
++ if (cy)
++ BN_free(cy);
++ if (group)
++ EC_GROUP_free(group);
++ if (in && in != stdin)
++ fclose(in);
++ if (out && out != stdout)
++ fclose(out);
++ if (rv)
++ fprintf(stderr, "Error Parsing request file\n");
++ return rv;
++ }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c 2013-11-08 17:59:43.150028068 +0100
+@@ -0,0 +1,533 @@
++/* fips/ecdsa/fips_ecdsavs.c */
++/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++#include <stdio.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char **argv)
++{
++ printf("No FIPS ECDSA support\n");
++ return(0);
++}
++#else
++
++#include <string.h>
++#include <ctype.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/ecdsa.h>
++#include <openssl/evp.h>
++#include "fips_utl.h"
++
++#include <openssl/objects.h>
++
++
++static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
++ {
++ char *cname, *p;
++ /* Copy buffer as we will change it */
++ strcpy(curve_name, in);
++ cname = curve_name + 1;
++ p = strchr(cname, ']');
++ if (!p)
++ {
++ fprintf(stderr, "Parse error: missing ]\n");
++ return NID_undef;
++ }
++ *p = 0;
++ p = strchr(cname, ',');
++ if (p)
++ {
++ if (!pmd)
++ {
++ fprintf(stderr, "Parse error: unexpected digest\n");
++ return NID_undef;
++ }
++ *p = 0;
++ p++;
++
++ if (!strcmp(p, "SHA-1"))
++ *pmd = EVP_sha1();
++ else if (!strcmp(p, "SHA-224"))
++ *pmd = EVP_sha224();
++ else if (!strcmp(p, "SHA-256"))
++ *pmd = EVP_sha256();
++ else if (!strcmp(p, "SHA-384"))
++ *pmd = EVP_sha384();
++ else if (!strcmp(p, "SHA-512"))
++ *pmd = EVP_sha512();
++ else
++ {
++ fprintf(stderr, "Unknown digest %s\n", p);
++ return NID_undef;
++ }
++ }
++ else if(pmd)
++ *pmd = EVP_sha1();
++
++ if (!strcmp(cname, "B-163"))
++ return NID_sect163r2;
++ if (!strcmp(cname, "B-233"))
++ return NID_sect233r1;
++ if (!strcmp(cname, "B-283"))
++ return NID_sect283r1;
++ if (!strcmp(cname, "B-409"))
++ return NID_sect409r1;
++ if (!strcmp(cname, "B-571"))
++ return NID_sect571r1;
++ if (!strcmp(cname, "K-163"))
++ return NID_sect163k1;
++ if (!strcmp(cname, "K-233"))
++ return NID_sect233k1;
++ if (!strcmp(cname, "K-283"))
++ return NID_sect283k1;
++ if (!strcmp(cname, "K-409"))
++ return NID_sect409k1;
++ if (!strcmp(cname, "K-571"))
++ return NID_sect571k1;
++ if (!strcmp(cname, "P-192"))
++ return NID_X9_62_prime192v1;
++ if (!strcmp(cname, "P-224"))
++ return NID_secp224r1;
++ if (!strcmp(cname, "P-256"))
++ return NID_X9_62_prime256v1;
++ if (!strcmp(cname, "P-384"))
++ return NID_secp384r1;
++ if (!strcmp(cname, "P-521"))
++ return NID_secp521r1;
++
++ fprintf(stderr, "Unknown Curve name %s\n", cname);
++ return NID_undef;
++ }
++
++static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
++ {
++ const EC_POINT *pt;
++ const EC_GROUP *grp;
++ const EC_METHOD *meth;
++ int rv;
++ BN_CTX *ctx;
++ ctx = BN_CTX_new();
++ if (!ctx)
++ return 0;
++ grp = EC_KEY_get0_group(key);
++ pt = EC_KEY_get0_public_key(key);
++ meth = EC_GROUP_method_of(grp);
++ if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
++ rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
++ else
++#ifdef OPENSSL_NO_EC2M
++ {
++ fprintf(stderr, "ERROR: GF2m not supported\n");
++ exit(1);
++ }
++#else
++ rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
++#endif
++
++ BN_CTX_free(ctx);
++
++ return rv;
++
++ }
++
++static int KeyPair(FILE *in, FILE *out)
++ {
++ char buf[2048], lbuf[2048];
++ char *keyword, *value;
++ int curve_nid = NID_undef;
++ int i, count;
++ BIGNUM *Qx = NULL, *Qy = NULL;
++ const BIGNUM *d = NULL;
++ EC_KEY *key = NULL;
++ Qx = BN_new();
++ Qy = BN_new();
++ while(fgets(buf, sizeof buf, in) != NULL)
++ {
++ if (*buf == '[' && buf[2] == '-')
++ {
++ if (buf[2] == '-')
++ curve_nid = elookup_curve(buf, lbuf, NULL);
++ fputs(buf, out);
++ continue;
++ }
++ if (!parse_line(&keyword, &value, lbuf, buf))
++ {
++ fputs(buf, out);
++ continue;
++ }
++ if (!strcmp(keyword, "N"))
++ {
++ count = atoi(value);
++
++ for (i = 0; i < count; i++)
++ {
++
++ key = EC_KEY_new_by_curve_name(curve_nid);
++ if (!EC_KEY_generate_key(key))
++ {
++ fprintf(stderr, "Error generating key\n");
++ return 0;
++ }
++
++ if (!ec_get_pubkey(key, Qx, Qy))
++ {
++ fprintf(stderr, "Error getting public key\n");
++ return 0;
++ }
++
++ d = EC_KEY_get0_private_key(key);
++
++ do_bn_print_name(out, "d", d);
++ do_bn_print_name(out, "Qx", Qx);
++ do_bn_print_name(out, "Qy", Qy);
++ fputs(RESP_EOL, out);
++ EC_KEY_free(key);
++
++ }
++
++ }
++
++ }
++ BN_free(Qx);
++ BN_free(Qy);
++ return 1;
++ }
++
++static int PKV(FILE *in, FILE *out)
++ {
++
++ char buf[2048], lbuf[2048];
++ char *keyword, *value;
++ int curve_nid = NID_undef;
++ BIGNUM *Qx = NULL, *Qy = NULL;
++ EC_KEY *key = NULL;
++ while(fgets(buf, sizeof buf, in) != NULL)
++ {
++ fputs(buf, out);
++ if (*buf == '[' && buf[2] == '-')
++ {
++ curve_nid = elookup_curve(buf, lbuf, NULL);
++ if (curve_nid == NID_undef)
++ return 0;
++
++ }
++ if (!parse_line(&keyword, &value, lbuf, buf))
++ continue;
++ if (!strcmp(keyword, "Qx"))
++ {
++ if (!do_hex2bn(&Qx, value))
++ {
++ fprintf(stderr, "Invalid Qx value\n");
++ return 0;
++ }
++ }
++ if (!strcmp(keyword, "Qy"))
++ {
++ int rv;
++ if (!do_hex2bn(&Qy, value))
++ {
++ fprintf(stderr, "Invalid Qy value\n");
++ return 0;
++ }
++ key = EC_KEY_new_by_curve_name(curve_nid);
++ no_err = 1;
++ rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
++ no_err = 0;
++ EC_KEY_free(key);
++ fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
++ }
++
++ }
++ BN_free(Qx);
++ BN_free(Qy);
++ return 1;
++ }
++
++static int SigGen(FILE *in, FILE *out)
++ {
++ char buf[2048], lbuf[2048];
++ char *keyword, *value;
++ unsigned char *msg;
++ int curve_nid = NID_undef;
++ long mlen;
++ BIGNUM *Qx = NULL, *Qy = NULL;
++ EC_KEY *key = NULL;
++ ECDSA_SIG *sig = NULL;
++ const EVP_MD *digest = NULL;
++ Qx = BN_new();
++ Qy = BN_new();
++ while(fgets(buf, sizeof buf, in) != NULL)
++ {
++ fputs(buf, out);
++ if (*buf == '[')
++ {
++ curve_nid = elookup_curve(buf, lbuf, &digest);
++ if (curve_nid == NID_undef)
++ return 0;
++ }
++ if (!parse_line(&keyword, &value, lbuf, buf))
++ continue;
++ if (!strcmp(keyword, "Msg"))
++ {
++ msg = hex2bin_m(value, &mlen);
++ if (!msg)
++ {
++ fprintf(stderr, "Invalid Message\n");
++ return 0;
++ }
++
++ key = EC_KEY_new_by_curve_name(curve_nid);
++ if (!EC_KEY_generate_key(key))
++ {
++ fprintf(stderr, "Error generating key\n");
++ return 0;
++ }
++
++ if (!ec_get_pubkey(key, Qx, Qy))
++ {
++ fprintf(stderr, "Error getting public key\n");
++ return 0;
++ }
++
++ sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
++
++ if (!sig)
++ {
++ fprintf(stderr, "Error signing message\n");
++ return 0;
++ }
++
++ do_bn_print_name(out, "Qx", Qx);
++ do_bn_print_name(out, "Qy", Qy);
++ do_bn_print_name(out, "R", sig->r);
++ do_bn_print_name(out, "S", sig->s);
++
++ EC_KEY_free(key);
++ OPENSSL_free(msg);
++ FIPS_ecdsa_sig_free(sig);
++
++ }
++
++ }
++ BN_free(Qx);
++ BN_free(Qy);
++ return 1;
++ }
++
++static int SigVer(FILE *in, FILE *out)
++ {
++ char buf[2048], lbuf[2048];
++ char *keyword, *value;
++ unsigned char *msg = NULL;
++ int curve_nid = NID_undef;
++ long mlen;
++ BIGNUM *Qx = NULL, *Qy = NULL;
++ EC_KEY *key = NULL;
++ ECDSA_SIG sg, *sig = &sg;
++ const EVP_MD *digest = NULL;
++ sig->r = NULL;
++ sig->s = NULL;
++ while(fgets(buf, sizeof buf, in) != NULL)
++ {
++ fputs(buf, out);
++ if (*buf == '[')
++ {
++ curve_nid = elookup_curve(buf, lbuf, &digest);
++ if (curve_nid == NID_undef)
++ return 0;
++ }
++ if (!parse_line(&keyword, &value, lbuf, buf))
++ continue;
++ if (!strcmp(keyword, "Msg"))
++ {
++ msg = hex2bin_m(value, &mlen);
++ if (!msg)
++ {
++ fprintf(stderr, "Invalid Message\n");
++ return 0;
++ }
++ }
++
++ if (!strcmp(keyword, "Qx"))
++ {
++ if (!do_hex2bn(&Qx, value))
++ {
++ fprintf(stderr, "Invalid Qx value\n");
++ return 0;
++ }
++ }
++ if (!strcmp(keyword, "Qy"))
++ {
++ if (!do_hex2bn(&Qy, value))
++ {
++ fprintf(stderr, "Invalid Qy value\n");
++ return 0;
++ }
++ }
++ if (!strcmp(keyword, "R"))
++ {
++ if (!do_hex2bn(&sig->r, value))
++ {
++ fprintf(stderr, "Invalid R value\n");
++ return 0;
++ }
++ }
++ if (!strcmp(keyword, "S"))
++ {
++ int rv;
++ if (!do_hex2bn(&sig->s, value))
++ {
++ fprintf(stderr, "Invalid S value\n");
++ return 0;
++ }
++ key = EC_KEY_new_by_curve_name(curve_nid);
++ rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
++
++ if (rv != 1)
++ {
++ fprintf(stderr, "Error setting public key\n");
++ return 0;
++ }
++
++ no_err = 1;
++ rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
++ EC_KEY_free(key);
++ if (msg)
++ OPENSSL_free(msg);
++ no_err = 0;
++
++ fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
++ }
++
++ }
++ if (sig->r)
++ BN_free(sig->r);
++ if (sig->s)
++ BN_free(sig->s);
++ if (Qx)
++ BN_free(Qx);
++ if (Qy)
++ BN_free(Qy);
++ return 1;
++ }
++#ifdef FIPS_ALGVS
++int fips_ecdsavs_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++ {
++ FILE *in = NULL, *out = NULL;
++ const char *cmd = argv[1];
++ int rv = 0;
++ fips_algtest_init();
++
++ if (argc == 4)
++ {
++ in = fopen(argv[2], "r");
++ if (!in)
++ {
++ fprintf(stderr, "Error opening input file\n");
++ exit(1);
++ }
++ out = fopen(argv[3], "w");
++ if (!out)
++ {
++ fprintf(stderr, "Error opening output file\n");
++ exit(1);
++ }
++ }
++ else if (argc == 2)
++ {
++ in = stdin;
++ out = stdout;
++ }
++
++ if (!cmd)
++ {
++ fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
++ return 1;
++ }
++ if (!strcmp(cmd, "KeyPair"))
++ rv = KeyPair(in, out);
++ else if (!strcmp(cmd, "PKV"))
++ rv = PKV(in, out);
++ else if (!strcmp(cmd, "SigVer"))
++ rv = SigVer(in, out);
++ else if (!strcmp(cmd, "SigGen"))
++ rv = SigGen(in, out);
++ else
++ {
++ fprintf(stderr, "Unknown command %s\n", cmd);
++ return 1;
++ }
++
++ if (argc == 4)
++ {
++ fclose(in);
++ fclose(out);
++ }
++
++ if (rv <= 0)
++ {
++ fprintf(stderr, "Error running %s\n", cmd);
++ return 1;
++ }
++
++ return 0;
++ }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c 2013-11-08 17:59:43.150028068 +0100
+@@ -0,0 +1,252 @@
++/* fips/ecdh/fips_ecdh_selftest.c */
++/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
++ * project 2011.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/ec.h>
++#include <openssl/ecdh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++
++#ifdef OPENSSL_FIPS
++
++#include "fips_locl.h"
++
++static const unsigned char p256_qcavsx[] = {
++ 0x52,0xc6,0xa5,0x75,0xf3,0x04,0x98,0xb3,0x29,0x66,0x0c,0x62,
++ 0x18,0x60,0x55,0x41,0x59,0xd4,0x60,0x85,0x99,0xc1,0x51,0x13,
++ 0x6f,0x97,0x85,0x93,0x33,0x34,0x07,0x50
++};
++static const unsigned char p256_qcavsy[] = {
++ 0x6f,0x69,0x24,0xeb,0xe9,0x3b,0xa7,0xcc,0x47,0x17,0xaa,0x3f,
++ 0x70,0xfc,0x10,0x73,0x0a,0xcd,0x21,0xee,0x29,0x19,0x1f,0xaf,
++ 0xb4,0x1c,0x1e,0xc2,0x8e,0x97,0x81,0x6e
++};
++static const unsigned char p256_qiutx[] = {
++ 0x71,0x46,0x88,0x08,0x92,0x21,0x1b,0x10,0x21,0x74,0xff,0x0c,
++ 0x94,0xde,0x34,0x7c,0x86,0x74,0xbe,0x67,0x41,0x68,0xd4,0xc1,
++ 0xe5,0x75,0x63,0x9c,0xa7,0x46,0x93,0x6f
++};
++static const unsigned char p256_qiuty[] = {
++ 0x33,0x40,0xa9,0x6a,0xf5,0x20,0xb5,0x9e,0xfc,0x60,0x1a,0xae,
++ 0x3d,0xf8,0x21,0xd2,0xa7,0xca,0x52,0x34,0xb9,0x5f,0x27,0x75,
++ 0x6c,0x81,0xbe,0x32,0x4d,0xba,0xbb,0xf8
++};
++static const unsigned char p256_qiutd[] = {
++ 0x1a,0x48,0x55,0x6b,0x11,0xbe,0x92,0xd4,0x1c,0xd7,0x45,0xc3,
++ 0x82,0x81,0x51,0xf1,0x23,0x40,0xb7,0x83,0xfd,0x01,0x6d,0xbc,
++ 0xa1,0x66,0xaf,0x0a,0x03,0x23,0xcd,0xc8
++};
++static const unsigned char p256_ziut[] = {
++ 0x77,0x2a,0x1e,0x37,0xee,0xe6,0x51,0x02,0x71,0x40,0xf8,0x6a,
++ 0x36,0xf8,0x65,0x61,0x2b,0x18,0x71,0x82,0x23,0xe6,0xf2,0x77,
++ 0xce,0xec,0xb8,0x49,0xc7,0xbf,0x36,0x4f
++};
++
++
++typedef struct
++ {
++ int curve;
++ const unsigned char *x1;
++ size_t x1len;
++ const unsigned char *y1;
++ size_t y1len;
++ const unsigned char *d1;
++ size_t d1len;
++ const unsigned char *x2;
++ size_t x2len;
++ const unsigned char *y2;
++ size_t y2len;
++ const unsigned char *z;
++ size_t zlen;
++ } ECDH_SELFTEST_DATA;
++
++#define make_ecdh_test(nid, pr) { nid, \
++ pr##_qiutx, sizeof(pr##_qiutx), \
++ pr##_qiuty, sizeof(pr##_qiuty), \
++ pr##_qiutd, sizeof(pr##_qiutd), \
++ pr##_qcavsx, sizeof(pr##_qcavsx), \
++ pr##_qcavsy, sizeof(pr##_qcavsy), \
++ pr##_ziut, sizeof(pr##_ziut) }
++
++static ECDH_SELFTEST_DATA test_ecdh_data[] =
++ {
++ make_ecdh_test(NID_X9_62_prime256v1, p256),
++ };
++
++int FIPS_selftest_ecdh(void)
++ {
++ EC_KEY *ec1 = NULL, *ec2 = NULL;
++ const EC_POINT *ecp = NULL;
++ BIGNUM *x = NULL, *y = NULL, *d = NULL;
++ unsigned char *ztmp = NULL;
++ int rv = 1;
++ size_t i;
++
++ for (i = 0; i < sizeof(test_ecdh_data)/sizeof(ECDH_SELFTEST_DATA); i++)
++ {
++ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
++ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
++ continue;
++ ztmp = OPENSSL_malloc(ecd->zlen);
++
++ x = BN_bin2bn(ecd->x1, ecd->x1len, x);
++ y = BN_bin2bn(ecd->y1, ecd->y1len, y);
++ d = BN_bin2bn(ecd->d1, ecd->d1len, d);
++
++ if (!x || !y || !d || !ztmp)
++ {
++ rv = -1;
++ goto err;
++ }
++
++ ec1 = EC_KEY_new_by_curve_name(ecd->curve);
++ if (!ec1)
++ {
++ rv = -1;
++ goto err;
++ }
++ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
++
++ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
++ {
++ rv = -1;
++ goto err;
++ }
++
++ if (!EC_KEY_set_private_key(ec1, d))
++ {
++ rv = -1;
++ goto err;
++ }
++
++ x = BN_bin2bn(ecd->x2, ecd->x2len, x);
++ y = BN_bin2bn(ecd->y2, ecd->y2len, y);
++
++ if (!x || !y)
++ {
++ rv = -1;
++ goto err;
++ }
++
++ ec2 = EC_KEY_new_by_curve_name(ecd->curve);
++ if (!ec2)
++ {
++ rv = -1;
++ goto err;
++ }
++ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
++
++ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
++ {
++ rv = -1;
++ goto err;
++ }
++
++ ecp = EC_KEY_get0_public_key(ec2);
++ if (!ecp)
++ {
++ rv = -1;
++ goto err;
++ }
++
++ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0))
++ {
++ rv = -1;
++ goto err;
++ }
++
++ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
++ ztmp[0] ^= 0x1;
++
++ if (memcmp(ztmp, ecd->z, ecd->zlen))
++ {
++ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
++ rv = 0;
++ }
++ else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
++ goto err;
++
++ EC_KEY_free(ec1);
++ ec1 = NULL;
++ EC_KEY_free(ec2);
++ ec2 = NULL;
++ OPENSSL_free(ztmp);
++ ztmp = NULL;
++ }
++
++ err:
++
++ if (x)
++ BN_clear_free(x);
++ if (y)
++ BN_clear_free(y);
++ if (d)
++ BN_clear_free(d);
++ if (ec1)
++ EC_KEY_free(ec1);
++ if (ec2)
++ EC_KEY_free(ec2);
++ if (ztmp)
++ OPENSSL_free(ztmp);
++
++ return rv;
++
++ }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c 2013-11-08 17:59:43.150028068 +0100
+@@ -0,0 +1,167 @@
++/* fips/ecdsa/fips_ecdsa_selftest.c */
++/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
++ * project 2011.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * licensing at OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/ec.h>
++#include <openssl/ecdsa.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++
++#ifdef OPENSSL_FIPS
++
++static const char P_256_name[] = "ECDSA P-256";
++
++static const unsigned char P_256_d[] = {
++ 0x51,0xbd,0x06,0xa1,0x1c,0xda,0xe2,0x12,0x99,0xc9,0x52,0x3f,
++ 0xea,0xa4,0xd2,0xd1,0xf4,0x7f,0xd4,0x3e,0xbd,0xf8,0xfc,0x87,
++ 0xdc,0x82,0x53,0x21,0xee,0xa0,0xdc,0x64
++};
++static const unsigned char P_256_qx[] = {
++ 0x23,0x89,0xe0,0xf4,0x69,0xe0,0x49,0xe5,0xc7,0xe5,0x40,0x6e,
++ 0x8f,0x25,0xdd,0xad,0x11,0x16,0x14,0x9b,0xab,0x44,0x06,0x31,
++ 0xbf,0x5e,0xa6,0x44,0xac,0x86,0x00,0x07
++};
++static const unsigned char P_256_qy[] = {
++ 0xb3,0x05,0x0d,0xd0,0xdc,0xf7,0x40,0xe6,0xf9,0xd8,0x6d,0x7b,
++ 0x63,0xca,0x97,0xe6,0x12,0xf9,0xd4,0x18,0x59,0xbe,0xb2,0x5e,
++ 0x4a,0x6a,0x77,0x23,0xf4,0x11,0x9d,0xeb
++};
++
++typedef struct
++ {
++ int curve;
++ const char *name;
++ const unsigned char *x;
++ size_t xlen;
++ const unsigned char *y;
++ size_t ylen;
++ const unsigned char *d;
++ size_t dlen;
++ } EC_SELFTEST_DATA;
++
++#define make_ecdsa_test(nid, pr) { nid, pr##_name, \
++ pr##_qx, sizeof(pr##_qx), \
++ pr##_qy, sizeof(pr##_qy), \
++ pr##_d, sizeof(pr##_d)}
++
++static EC_SELFTEST_DATA test_ec_data[] =
++ {
++ make_ecdsa_test(NID_X9_62_prime256v1, P_256),
++ };
++
++int FIPS_selftest_ecdsa()
++ {
++ EC_KEY *ec = NULL;
++ BIGNUM *x = NULL, *y = NULL, *d = NULL;
++ EVP_PKEY *pk = NULL;
++ int rv = 0;
++ size_t i;
++
++ for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
++ {
++ EC_SELFTEST_DATA *ecd = test_ec_data + i;
++
++ x = BN_bin2bn(ecd->x, ecd->xlen, x);
++ y = BN_bin2bn(ecd->y, ecd->ylen, y);
++ d = BN_bin2bn(ecd->d, ecd->dlen, d);
++
++ if (!x || !y || !d)
++ goto err;
++
++ ec = EC_KEY_new_by_curve_name(ecd->curve);
++ if (!ec)
++ goto err;
++
++ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
++ goto err;
++
++ if (!EC_KEY_set_private_key(ec, d))
++ goto err;
++
++ if ((pk=EVP_PKEY_new()) == NULL)
++ goto err;
++
++ EVP_PKEY_assign_EC_KEY(pk, ec);
++
++ if (!fips_pkey_signature_test(pk, NULL, 0,
++ NULL, 0, EVP_sha256(), 0,
++ ecd->name))
++ goto err;
++ }
++
++ rv = 1;
++
++ err:
++
++ if (x)
++ BN_clear_free(x);
++ if (y)
++ BN_clear_free(y);
++ if (d)
++ BN_clear_free(d);
++ if (pk)
++ EVP_PKEY_free(pk);
++ else if (ec)
++ EC_KEY_free(ec);
++
++ return rv;
++
++ }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec 2013-11-08 17:59:43.116027318 +0100
++++ openssl-1.0.1e/crypto/fips/fips.h 2013-11-08 17:59:43.150028068 +0100
+@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
+ void FIPS_corrupt_dsa(void);
+ void FIPS_corrupt_dsa_keygen(void);
+ int FIPS_selftest_dsa(void);
++int FIPS_selftest_ecdsa(void);
++int FIPS_selftest_ecdh(void);
+ void FIPS_corrupt_rng(void);
+ void FIPS_rng_stick(void);
+ void FIPS_x931_stick(int onoff);
+diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec 2013-11-08 17:59:43.117027340 +0100
++++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-11-08 17:59:43.150028068 +0100
+@@ -95,8 +95,12 @@ int FIPS_selftest(void)
+ rv = 0;
+ if (!FIPS_selftest_rsa())
+ rv = 0;
++ if (!FIPS_selftest_ecdsa())
++ rv = 0;
+ if (!FIPS_selftest_dsa())
+ rv = 0;
++ if (!FIPS_selftest_ecdh())
++ rv = 0;
+ return rv;
+ }
+
+diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile
+--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec 2013-11-08 17:59:43.119027384 +0100
++++ openssl-1.0.1e/crypto/fips/Makefile 2013-11-08 17:59:43.151028090 +0100
+@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
+- fips_cmac_selftest.c fips_enc.c fips_md.c
++ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
+
+ LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
+- fips_cmac_selftest.o fips_enc.o fips_md.o
++ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
+
+ LIBCRYPTO=-L.. -lcrypto
+
+@@ -118,6 +118,21 @@ fips_aes_selftest.o: ../../include/opens
+ fips_aes_selftest.o: ../../include/openssl/safestack.h
+ fips_aes_selftest.o: ../../include/openssl/stack.h
+ fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
++fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_cmac_selftest.o: ../../include/openssl/cmac.h
++fips_cmac_selftest.o: ../../include/openssl/crypto.h
++fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_cmac_selftest.o: ../../include/openssl/lhash.h
++fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
++fips_cmac_selftest.o: ../../include/openssl/objects.h
++fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
++fips_cmac_selftest.o: ../../include/openssl/opensslv.h
++fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
++fips_cmac_selftest.o: ../../include/openssl/safestack.h
++fips_cmac_selftest.o: ../../include/openssl/stack.h
++fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
++fips_cmac_selftest.o: fips_locl.h
+ fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ fips_des_selftest.o: ../../include/openssl/crypto.h
+ fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+@@ -231,6 +246,46 @@ fips_dsa_selftest.o: ../../include/opens
+ fips_dsa_selftest.o: ../../include/openssl/stack.h
+ fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
+ fips_dsa_selftest.o: fips_locl.h
++fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
++fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_ecdh_selftest.o: ../../include/openssl/lhash.h
++fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
++fips_ecdh_selftest.o: ../../include/openssl/objects.h
++fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
++fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
++fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
++fips_ecdh_selftest.o: ../../include/openssl/safestack.h
++fips_ecdh_selftest.o: ../../include/openssl/stack.h
++fips_ecdh_selftest.o: ../../include/openssl/symhacks.h fips_ecdh_selftest.c
++fips_ecdh_selftest.o: fips_locl.h
++fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_ecdsa_selftest.o: ../../include/openssl/bn.h
++fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
++fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
++fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_ecdsa_selftest.o: ../../include/openssl/fips.h
++fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
++fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
++fips_ecdsa_selftest.o: ../../include/openssl/objects.h
++fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
++fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
++fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
++fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
++fips_ecdsa_selftest.o: ../../include/openssl/stack.h
++fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
++fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
++fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
++fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++fips_enc.o: ../../include/openssl/opensslconf.h
++fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
+ fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ fips_hmac_selftest.o: ../../include/openssl/crypto.h
+ fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+@@ -245,6 +300,15 @@ fips_hmac_selftest.o: ../../include/open
+ fips_hmac_selftest.o: ../../include/openssl/safestack.h
+ fips_hmac_selftest.o: ../../include/openssl/stack.h
+ fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
++fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
++fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
++fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
++fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++fips_md.o: fips_md.c
+ fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map
+--- openssl-1.0.1e/version.map.fips-ec 2013-11-08 17:59:43.131027649 +0100
++++ openssl-1.0.1e/version.map 2013-11-08 17:59:43.151028090 +0100
+@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
+ _original*;
+ _current*;
+ };
++OPENSSL_1.0.1_EC {
++ global:
++ EC*;
++};
diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch
index 0175754..e6942b1 100644
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@@ -1,6 +1,6 @@
diff -up openssl-1.0.1e/apps/pkcs12.c.fips openssl-1.0.1e/apps/pkcs12.c
--- openssl-1.0.1e/apps/pkcs12.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/pkcs12.c 2013-02-19 12:47:33.714118364 +0100
++++ openssl-1.0.1e/apps/pkcs12.c 2013-10-04 11:48:04.172693955 +0200
@@ -67,6 +67,9 @@
#include <openssl/err.h>
#include <openssl/pem.h>
@@ -25,7 +25,7 @@ diff -up openssl-1.0.1e/apps/pkcs12.c.fips openssl-1.0.1e/apps/pkcs12.c
diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
--- openssl-1.0.1e/apps/speed.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/speed.c 2013-02-19 12:47:33.715118384 +0100
++++ openssl-1.0.1e/apps/speed.c 2013-10-04 11:49:56.384227859 +0200
@@ -195,7 +195,6 @@
#ifdef OPENSSL_DOING_MAKEDEPEND
#undef AES_set_encrypt_key
@@ -68,7 +68,27 @@ diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
dsa_doit[R_DSA_1024]=1;
dsa_doit[R_DSA_2048]=1;
}
-@@ -1226,30 +1234,54 @@ int MAIN(int argc, char **argv)
+@@ -1162,12 +1170,18 @@ int MAIN(int argc, char **argv)
+ {
+ for (i=0; i<ALGOR_NUM; i++)
+ {
+- if (i != D_EVP)
++ if (i != D_EVP &&
++ (!FIPS_mode() || (i != D_WHIRLPOOL &&
++ i != D_MD2 && i != D_MD4 &&
++ i != D_MD5 && i != D_MDC2 &&
++ i != D_RMD160)))
+ doit[i]=1;
+ }
+ for (i=0; i<RSA_NUM; i++)
++ if (!FIPS_mode() || i != R_RSA_512)
+ rsa_doit[i]=1;
+ for (i=0; i<DSA_NUM; i++)
++ if (!FIPS_mode() || i != R_DSA_512)
+ dsa_doit[i]=1;
+ #ifndef OPENSSL_NO_ECDSA
+ for (i=0; i<EC_NUM; i++)
+@@ -1226,30 +1240,54 @@ int MAIN(int argc, char **argv)
AES_set_encrypt_key(key32,256,&aes_ks3);
#endif
#ifndef OPENSSL_NO_CAMELLIA
@@ -123,9 +143,17 @@ diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
#endif
#ifndef OPENSSL_NO_RSA
memset(rsa_c,0,sizeof(rsa_c));
+@@ -1564,6 +1602,7 @@ int MAIN(int argc, char **argv)
+ HMAC_CTX hctx;
+
+ HMAC_CTX_init(&hctx);
++ HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+ 16,EVP_md5(), NULL);
+
diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
---- openssl-1.0.1e/Configure.fips 2013-02-19 12:47:33.670117470 +0100
-+++ openssl-1.0.1e/Configure 2013-02-19 12:47:33.716118405 +0100
+--- openssl-1.0.1e/Configure.fips 2013-10-04 11:48:04.153693526 +0200
++++ openssl-1.0.1e/Configure 2013-10-04 11:48:04.173693978 +0200
@@ -995,11 +995,6 @@ if (defined($disabled{"md5"}) || defined
$disabled{"ssl2"} = "forced";
}
@@ -162,7 +190,7 @@ diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
diff -up openssl-1.0.1e/crypto/aes/aes_misc.c.fips openssl-1.0.1e/crypto/aes/aes_misc.c
--- openssl-1.0.1e/crypto/aes/aes_misc.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/aes/aes_misc.c 2013-02-19 12:47:33.717118426 +0100
++++ openssl-1.0.1e/crypto/aes/aes_misc.c 2013-10-04 11:48:04.173693978 +0200
@@ -69,17 +69,11 @@ const char *AES_options(void) {
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
@@ -183,7 +211,7 @@ diff -up openssl-1.0.1e/crypto/aes/aes_misc.c.fips openssl-1.0.1e/crypto/aes/aes
}
diff -up openssl-1.0.1e/crypto/cmac/cmac.c.fips openssl-1.0.1e/crypto/cmac/cmac.c
--- openssl-1.0.1e/crypto/cmac/cmac.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/cmac/cmac.c 2013-02-19 12:47:33.717118426 +0100
++++ openssl-1.0.1e/crypto/cmac/cmac.c 2013-10-04 11:48:04.173693978 +0200
@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
@@ -233,8 +261,8 @@ diff -up openssl-1.0.1e/crypto/cmac/cmac.c.fips openssl-1.0.1e/crypto/cmac/cmac.
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
diff -up openssl-1.0.1e/crypto/crypto.h.fips openssl-1.0.1e/crypto/crypto.h
---- openssl-1.0.1e/crypto/crypto.h.fips 2013-02-19 12:47:33.444112876 +0100
-+++ openssl-1.0.1e/crypto/crypto.h 2013-02-19 12:47:33.718118447 +0100
+--- openssl-1.0.1e/crypto/crypto.h.fips 2013-10-04 11:48:04.058691381 +0200
++++ openssl-1.0.1e/crypto/crypto.h 2013-10-04 11:48:04.173693978 +0200
@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
void OPENSSL_init(void);
@@ -281,8 +309,8 @@ diff -up openssl-1.0.1e/crypto/crypto.h.fips openssl-1.0.1e/crypto/crypto.h
/* Function codes. */
diff -up openssl-1.0.1e/crypto/des/des.h.fips openssl-1.0.1e/crypto/des/des.h
---- openssl-1.0.1e/crypto/des/des.h.fips 2013-02-19 12:47:33.516114340 +0100
-+++ openssl-1.0.1e/crypto/des/des.h 2013-02-19 12:47:33.718118447 +0100
+--- openssl-1.0.1e/crypto/des/des.h.fips 2013-10-04 11:48:04.088692058 +0200
++++ openssl-1.0.1e/crypto/des/des.h 2013-10-04 11:48:04.173693978 +0200
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
@@ -295,7 +323,7 @@ diff -up openssl-1.0.1e/crypto/des/des.h.fips openssl-1.0.1e/crypto/des/des.h
void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
diff -up openssl-1.0.1e/crypto/des/set_key.c.fips openssl-1.0.1e/crypto/des/set_key.c
--- openssl-1.0.1e/crypto/des/set_key.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/des/set_key.c 2013-02-19 12:47:33.719118468 +0100
++++ openssl-1.0.1e/crypto/des/set_key.c 2013-10-04 11:48:04.174694001 +0200
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock
}
@@ -312,7 +340,7 @@ diff -up openssl-1.0.1e/crypto/des/set_key.c.fips openssl-1.0.1e/crypto/des/set_
register DES_LONG c,d,t,s,t2;
diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen.c
--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-02-19 12:47:33.719118468 +0100
++++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-10-04 11:48:04.174694001 +0200
@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
#endif
if(ret->meth->generate_params)
@@ -347,8 +375,8 @@ diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen.
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h
---- openssl-1.0.1e/crypto/dh/dh.h.fips 2013-02-19 12:47:33.388111739 +0100
-+++ openssl-1.0.1e/crypto/dh/dh.h 2013-02-19 12:47:33.719118468 +0100
+--- openssl-1.0.1e/crypto/dh/dh.h.fips 2013-10-04 11:48:04.032690794 +0200
++++ openssl-1.0.1e/crypto/dh/dh.h 2013-10-04 11:48:04.174694001 +0200
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -360,7 +388,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h
* implementation now uses constant time
diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.c
--- openssl-1.0.1e/crypto/dh/dh_key.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dh/dh_key.c 2013-02-19 12:47:33.720118488 +0100
++++ openssl-1.0.1e/crypto/dh/dh_key.c 2013-10-04 11:48:04.174694001 +0200
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -421,7 +449,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.
}
diff -up openssl-1.0.1e/crypto/dh/dh_lib.c.fips openssl-1.0.1e/crypto/dh/dh_lib.c
--- openssl-1.0.1e/crypto/dh/dh_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dh/dh_lib.c 2013-02-19 12:47:33.720118488 +0100
++++ openssl-1.0.1e/crypto/dh/dh_lib.c 2013-10-04 11:48:04.174694001 +0200
@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
{
if(!default_DH_method)
@@ -439,7 +467,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_lib.c.fips openssl-1.0.1e/crypto/dh/dh_lib.
}
diff -up openssl-1.0.1e/crypto/dsa/dsa_err.c.fips openssl-1.0.1e/crypto/dsa/dsa_err.c
--- openssl-1.0.1e/crypto/dsa/dsa_err.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_err.c 2013-02-19 12:47:33.720118488 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_err.c 2013-10-04 11:48:04.174694001 +0200
@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -460,7 +488,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_err.c.fips openssl-1.0.1e/crypto/dsa/dsa_
{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips openssl-1.0.1e/crypto/dsa/dsa_gen.c
--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-02-19 12:47:33.721118508 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-10-04 11:48:04.175694023 +0200
@@ -85,6 +85,14 @@
#include <openssl/fips.h>
#endif
@@ -868,8 +896,8 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips openssl-1.0.1e/crypto/dsa/dsa_
if (mont != NULL) BN_MONT_CTX_free(mont);
return ok;
diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips openssl-1.0.1e/crypto/dsa/dsa.h
---- openssl-1.0.1e/crypto/dsa/dsa.h.fips 2013-02-19 12:47:33.205108020 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-02-19 12:47:33.721118508 +0100
+--- openssl-1.0.1e/crypto/dsa/dsa.h.fips 2013-10-04 11:48:03.956689078 +0200
++++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-10-04 11:48:04.175694023 +0200
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
@@ -932,7 +960,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips openssl-1.0.1e/crypto/dsa/dsa.h
#ifdef __cplusplus
diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips openssl-1.0.1e/crypto/dsa/dsa_key.c
--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-02-19 12:47:33.722118528 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-10-04 11:48:04.175694023 +0200
@@ -66,6 +66,35 @@
#ifdef OPENSSL_FIPS
@@ -1013,7 +1041,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips openssl-1.0.1e/crypto/dsa/dsa_
err:
diff -up openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips openssl-1.0.1e/crypto/dsa/dsa_lib.c
--- openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_lib.c 2013-02-19 12:47:33.722118528 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_lib.c 2013-10-04 11:48:04.175694023 +0200
@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
{
if(!default_DSA_method)
@@ -1030,8 +1058,8 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips openssl-1.0.1e/crypto/dsa/dsa_
return default_DSA_method;
}
diff -up openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips openssl-1.0.1e/crypto/dsa/dsa_locl.h
---- openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips 2013-02-19 12:47:33.209108100 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h 2013-02-19 12:47:33.722118528 +0100
+--- openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips 2013-10-04 11:48:03.958689123 +0200
++++ openssl-1.0.1e/crypto/dsa/dsa_locl.h 2013-10-04 11:48:04.175694023 +0200
@@ -56,5 +56,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
@@ -1040,7 +1068,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips openssl-1.0.1e/crypto/dsa/dsa
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1e/crypto/dsa/dsa_ossl.c
--- openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c 2013-02-19 12:47:33.723118548 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c 2013-10-04 11:48:04.175694023 +0200
@@ -65,6 +65,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -1116,7 +1144,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1e/crypto/dsa/dsa
}
diff -up openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1e/crypto/dsa/dsa_pmeth.c
--- openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c 2013-02-19 12:47:33.723118548 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c 2013-10-04 11:48:04.175694023 +0200
@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
if (!dsa)
return 0;
@@ -1128,7 +1156,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1e/crypto/dsa/ds
else
diff -up openssl-1.0.1e/crypto/dsa/dsatest.c.fips openssl-1.0.1e/crypto/dsa/dsatest.c
--- openssl-1.0.1e/crypto/dsa/dsatest.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsatest.c 2013-02-19 12:47:33.723118548 +0100
++++ openssl-1.0.1e/crypto/dsa/dsatest.c 2013-10-04 11:48:04.176694045 +0200
@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -1215,7 +1243,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsatest.c.fips openssl-1.0.1e/crypto/dsa/dsat
if (h != 2)
diff -up openssl-1.0.1e/crypto/engine/eng_all.c.fips openssl-1.0.1e/crypto/engine/eng_all.c
--- openssl-1.0.1e/crypto/engine/eng_all.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/engine/eng_all.c 2013-02-19 12:47:33.724118569 +0100
++++ openssl-1.0.1e/crypto/engine/eng_all.c 2013-10-04 11:48:04.176694045 +0200
@@ -58,11 +58,25 @@
#include "cryptlib.h"
@@ -1244,7 +1272,7 @@ diff -up openssl-1.0.1e/crypto/engine/eng_all.c.fips openssl-1.0.1e/crypto/engin
* it is the *only* way for standard builtin implementations to be be
diff -up openssl-1.0.1e/crypto/evp/c_allc.c.fips openssl-1.0.1e/crypto/evp/c_allc.c
--- openssl-1.0.1e/crypto/evp/c_allc.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/c_allc.c 2013-02-19 12:47:33.725118589 +0100
++++ openssl-1.0.1e/crypto/evp/c_allc.c 2013-10-04 11:48:04.176694045 +0200
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
@@ -1320,7 +1348,7 @@ diff -up openssl-1.0.1e/crypto/evp/c_allc.c.fips openssl-1.0.1e/crypto/evp/c_all
}
diff -up openssl-1.0.1e/crypto/evp/c_alld.c.fips openssl-1.0.1e/crypto/evp/c_alld.c
--- openssl-1.0.1e/crypto/evp/c_alld.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/c_alld.c 2013-02-19 12:47:33.725118589 +0100
++++ openssl-1.0.1e/crypto/evp/c_alld.c 2013-10-04 11:48:04.176694045 +0200
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
@@ -1368,7 +1396,7 @@ diff -up openssl-1.0.1e/crypto/evp/c_alld.c.fips openssl-1.0.1e/crypto/evp/c_all
}
diff -up openssl-1.0.1e/crypto/evp/digest.c.fips openssl-1.0.1e/crypto/evp/digest.c
--- openssl-1.0.1e/crypto/evp/digest.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/digest.c 2013-02-19 12:51:41.276779877 +0100
++++ openssl-1.0.1e/crypto/evp/digest.c 2013-10-04 11:48:04.176694045 +0200
@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
return EVP_DigestInit_ex(ctx, type, NULL);
}
@@ -1519,7 +1547,7 @@ diff -up openssl-1.0.1e/crypto/evp/digest.c.fips openssl-1.0.1e/crypto/evp/diges
return 1;
diff -up openssl-1.0.1e/crypto/evp/e_aes.c.fips openssl-1.0.1e/crypto/evp/e_aes.c
--- openssl-1.0.1e/crypto/evp/e_aes.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/e_aes.c 2013-02-19 12:47:33.726118609 +0100
++++ openssl-1.0.1e/crypto/evp/e_aes.c 2013-10-04 11:48:04.177694068 +0200
@@ -56,7 +56,6 @@
#include <assert.h>
#include <openssl/aes.h>
@@ -1553,7 +1581,7 @@ diff -up openssl-1.0.1e/crypto/evp/e_aes.c.fips openssl-1.0.1e/crypto/evp/e_aes.
-#endif
diff -up openssl-1.0.1e/crypto/evp/e_des3.c.fips openssl-1.0.1e/crypto/evp/e_des3.c
--- openssl-1.0.1e/crypto/evp/e_des3.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/e_des3.c 2013-02-19 12:47:33.727118629 +0100
++++ openssl-1.0.1e/crypto/evp/e_des3.c 2013-10-04 11:48:04.177694068 +0200
@@ -65,8 +65,6 @@
#include <openssl/des.h>
#include <openssl/rand.h>
@@ -1614,7 +1642,7 @@ diff -up openssl-1.0.1e/crypto/evp/e_des3.c.fips openssl-1.0.1e/crypto/evp/e_des
-#endif
diff -up openssl-1.0.1e/crypto/evp/e_null.c.fips openssl-1.0.1e/crypto/evp/e_null.c
--- openssl-1.0.1e/crypto/evp/e_null.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/e_null.c 2013-02-19 12:47:33.727118629 +0100
++++ openssl-1.0.1e/crypto/evp/e_null.c 2013-10-04 11:48:04.177694068 +0200
@@ -61,8 +61,6 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -1640,7 +1668,7 @@ diff -up openssl-1.0.1e/crypto/evp/e_null.c.fips openssl-1.0.1e/crypto/evp/e_nul
-#endif
diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.fips openssl-1.0.1e/crypto/evp/evp_enc.c
--- openssl-1.0.1e/crypto/evp/evp_enc.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/evp_enc.c 2013-02-19 12:47:33.728118649 +0100
++++ openssl-1.0.1e/crypto/evp/evp_enc.c 2013-10-04 11:48:04.177694068 +0200
@@ -69,17 +69,58 @@
#endif
#include "evp_locl.h"
@@ -1790,8 +1818,8 @@ diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.fips openssl-1.0.1e/crypto/evp/evp_
return 1;
}
diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
---- openssl-1.0.1e/crypto/evp/evp.h.fips 2013-02-19 12:47:33.474113487 +0100
-+++ openssl-1.0.1e/crypto/evp/evp.h 2013-02-19 12:47:33.728118649 +0100
+--- openssl-1.0.1e/crypto/evp/evp.h.fips 2013-10-04 11:48:04.071691675 +0200
++++ openssl-1.0.1e/crypto/evp/evp.h 2013-10-04 11:48:04.177694068 +0200
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
@@ -1803,7 +1831,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
/*
#define EVP_RC2_KEY_SIZE 16
#define EVP_RC4_KEY_SIZE 16
-@@ -272,10 +276,6 @@ struct env_md_ctx_st
+@@ -282,10 +286,6 @@ struct env_md_ctx_st
* cleaned */
#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
* in EVP_MD_CTX_cleanup */
@@ -1814,7 +1842,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
* in FIPS mode */
-@@ -287,6 +287,10 @@ struct env_md_ctx_st
+@@ -297,6 +297,10 @@ struct env_md_ctx_st
#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
@@ -1825,7 +1853,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
-@@ -338,15 +342,15 @@ struct evp_cipher_st
+@@ -348,15 +352,15 @@ struct evp_cipher_st
/* cipher handles random key generation */
#define EVP_CIPH_RAND_KEY 0x200
/* cipher has its own additional copying logic */
@@ -1846,7 +1874,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
*/
diff -up openssl-1.0.1e/crypto/evp/evp_lib.c.fips openssl-1.0.1e/crypto/evp/evp_lib.c
--- openssl-1.0.1e/crypto/evp/evp_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/evp_lib.c 2013-02-19 12:47:33.729118669 +0100
++++ openssl-1.0.1e/crypto/evp/evp_lib.c 2013-10-04 11:48:04.177694068 +0200
@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
@@ -1858,8 +1886,8 @@ diff -up openssl-1.0.1e/crypto/evp/evp_lib.c.fips openssl-1.0.1e/crypto/evp/evp_
}
diff -up openssl-1.0.1e/crypto/evp/evp_locl.h.fips openssl-1.0.1e/crypto/evp/evp_locl.h
---- openssl-1.0.1e/crypto/evp/evp_locl.h.fips 2013-02-19 12:47:33.465113304 +0100
-+++ openssl-1.0.1e/crypto/evp/evp_locl.h 2013-02-19 12:47:33.729118669 +0100
+--- openssl-1.0.1e/crypto/evp/evp_locl.h.fips 2013-10-04 11:48:04.067691584 +0200
++++ openssl-1.0.1e/crypto/evp/evp_locl.h 2013-10-04 11:48:04.178694091 +0200
@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
@@ -1896,7 +1924,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp_locl.h.fips openssl-1.0.1e/crypto/evp/evp
#endif
diff -up openssl-1.0.1e/crypto/evp/Makefile.fips openssl-1.0.1e/crypto/evp/Makefile
--- openssl-1.0.1e/crypto/evp/Makefile.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/Makefile 2013-02-19 12:53:25.468917386 +0100
++++ openssl-1.0.1e/crypto/evp/Makefile 2013-10-04 11:48:04.178694091 +0200
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -1915,60 +1943,60 @@ diff -up openssl-1.0.1e/crypto/evp/Makefile.fips openssl-1.0.1e/crypto/evp/Makef
e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
SRC= $(LIBSRC)
-diff -up openssl-1.0.1e/crypto/evp/m_dss1.c.fips openssl-1.0.1e/crypto/evp/m_dss1.c
---- openssl-1.0.1e/crypto/evp/m_dss1.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_dss1.c 2013-02-19 12:47:33.730118689 +0100
-@@ -68,8 +68,6 @@
- #include <openssl/dsa.h>
+diff -up openssl-1.0.1e/crypto/evp/m_dss.c.fips openssl-1.0.1e/crypto/evp/m_dss.c
+--- openssl-1.0.1e/crypto/evp/m_dss.c.fips 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_dss.c 2013-10-04 11:48:04.178694091 +0200
+@@ -66,7 +66,6 @@
#endif
--#ifndef OPENSSL_FIPS
--
+ #ifndef OPENSSL_NO_SHA
+-#ifndef OPENSSL_FIPS
+
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
-
-@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
- NID_dsa,
- NID_dsaWithSHA1,
+@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
+ NID_dsaWithSHA,
+ NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_PKEY_DIGEST,
+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
init,
update,
final,
-@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
- return(&dss1_md);
+@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
+ return(&dsa_md);
}
#endif
-#endif
-diff -up openssl-1.0.1e/crypto/evp/m_dss.c.fips openssl-1.0.1e/crypto/evp/m_dss.c
---- openssl-1.0.1e/crypto/evp/m_dss.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_dss.c 2013-02-19 12:47:33.730118689 +0100
-@@ -66,7 +66,6 @@
+diff -up openssl-1.0.1e/crypto/evp/m_dss1.c.fips openssl-1.0.1e/crypto/evp/m_dss1.c
+--- openssl-1.0.1e/crypto/evp/m_dss1.c.fips 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_dss1.c 2013-10-04 11:48:04.178694091 +0200
+@@ -68,8 +68,6 @@
+ #include <openssl/dsa.h>
#endif
- #ifndef OPENSSL_NO_SHA
--#ifndef OPENSSL_FIPS
-
+-#ifndef OPENSSL_FIPS
+-
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
-@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
- NID_dsaWithSHA,
- NID_dsaWithSHA,
+
+@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
+ NID_dsa,
+ NID_dsaWithSHA1,
SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_PKEY_DIGEST,
+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
init,
update,
final,
-@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
- return(&dsa_md);
+@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
+ return(&dss1_md);
}
#endif
-#endif
diff -up openssl-1.0.1e/crypto/evp/m_md2.c.fips openssl-1.0.1e/crypto/evp/m_md2.c
--- openssl-1.0.1e/crypto/evp/m_md2.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_md2.c 2013-02-19 12:47:33.731118710 +0100
++++ openssl-1.0.1e/crypto/evp/m_md2.c 2013-10-04 11:48:04.178694091 +0200
@@ -68,6 +68,7 @@
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
@@ -1979,7 +2007,7 @@ diff -up openssl-1.0.1e/crypto/evp/m_md2.c.fips openssl-1.0.1e/crypto/evp/m_md2.
{ return MD2_Init(ctx->md_data); }
diff -up openssl-1.0.1e/crypto/evp/m_sha1.c.fips openssl-1.0.1e/crypto/evp/m_sha1.c
--- openssl-1.0.1e/crypto/evp/m_sha1.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_sha1.c 2013-02-19 12:47:33.731118710 +0100
++++ openssl-1.0.1e/crypto/evp/m_sha1.c 2013-10-04 11:48:04.178694091 +0200
@@ -59,8 +59,6 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -2046,7 +2074,7 @@ diff -up openssl-1.0.1e/crypto/evp/m_sha1.c.fips openssl-1.0.1e/crypto/evp/m_sha
-#endif
diff -up openssl-1.0.1e/crypto/evp/p_sign.c.fips openssl-1.0.1e/crypto/evp/p_sign.c
--- openssl-1.0.1e/crypto/evp/p_sign.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/p_sign.c 2013-02-19 12:47:33.731118710 +0100
++++ openssl-1.0.1e/crypto/evp/p_sign.c 2013-10-04 11:48:04.179694114 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2080,7 +2108,7 @@ diff -up openssl-1.0.1e/crypto/evp/p_sign.c.fips openssl-1.0.1e/crypto/evp/p_sig
*siglen = sltmp;
diff -up openssl-1.0.1e/crypto/evp/p_verify.c.fips openssl-1.0.1e/crypto/evp/p_verify.c
--- openssl-1.0.1e/crypto/evp/p_verify.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/p_verify.c 2013-02-19 12:47:33.732118731 +0100
++++ openssl-1.0.1e/crypto/evp/p_verify.c 2013-10-04 11:48:04.179694114 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2113,8 +2141,8 @@ diff -up openssl-1.0.1e/crypto/evp/p_verify.c.fips openssl-1.0.1e/crypto/evp/p_v
err:
EVP_PKEY_CTX_free(pkctx);
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips 2013-02-19 12:47:33.732118731 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c 2013-02-19 12:47:33.732118731 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips 2013-10-04 11:48:04.179694114 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c 2013-10-04 11:48:04.179694114 +0200
@@ -0,0 +1,939 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -3056,8 +3084,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1e/crypt
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips 2013-02-19 12:47:33.732118731 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c 2013-02-19 12:47:33.732118731 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips 2013-10-04 11:48:04.179694114 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c 2013-10-04 11:48:04.179694114 +0200
@@ -0,0 +1,517 @@
+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -3577,8 +3605,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1e/cry
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips 2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c 2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips 2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c 2013-10-04 11:48:04.180694136 +0200
@@ -0,0 +1,702 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -4283,8 +4311,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1e/cryp
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips 2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c 2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips 2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c 2013-10-04 11:48:04.180694136 +0200
@@ -0,0 +1,292 @@
+/* fips/dh/fips_dhvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4579,8 +4607,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1e/crypto/
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips 2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c 2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips 2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c 2013-10-04 11:48:04.180694136 +0200
@@ -0,0 +1,416 @@
+/* fips/rand/fips_drbgvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4999,8 +5027,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1e/crypt
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips 2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c 2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips 2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c 2013-10-04 11:48:04.180694136 +0200
@@ -0,0 +1,537 @@
+#include <openssl/opensslconf.h>
+
@@ -5540,8 +5568,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1e/crypto
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips 2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c 2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips 2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c 2013-10-04 11:48:04.181694158 +0200
@@ -0,0 +1,571 @@
+/* fips/aes/fips_gcmtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6115,8 +6143,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1e/cryp
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips 2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c 2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips 2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c 2013-10-04 11:48:04.181694158 +0200
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
@@ -6349,8 +6377,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1e/crypto
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips 2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c 2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips 2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c 2013-10-04 11:48:04.181694158 +0200
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6743,8 +6771,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1e/cry
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips 2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c 2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips 2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c 2013-10-04 11:48:04.181694158 +0200
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7117,8 +7145,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1e/cry
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips 2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c 2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips 2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c 2013-10-04 11:48:04.181694158 +0200
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7498,8 +7526,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1e/cry
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips 2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c 2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips 2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c 2013-10-04 11:48:04.182694181 +0200
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7890,8 +7918,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1e/cryp
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1e/crypto/fips/cavs/fips_utl.h
---- openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips 2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h 2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips 2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h 2013-10-04 11:48:04.182694181 +0200
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -8237,8 +8265,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1e/crypto/f
+ }
+
diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips 2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c 2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips 2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c 2013-10-04 11:48:04.182694181 +0200
@@ -0,0 +1,359 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -8384,7 +8412,7 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ memset(out, 0, sizeof(out));
-+ if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(),NULL, NULL, NULL, 1))
+ goto err;
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
+ sizeof(ccm_nonce), NULL))
@@ -8392,7 +8420,7 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
+ sizeof(ccm_tag), NULL))
+ goto err;
-+ if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1))
++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
+ goto err;
+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
+ goto err;
@@ -8409,14 +8437,14 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
+
+ memset(out, 0, sizeof(out));
+
-+ if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
+ goto err;
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
+ sizeof(ccm_nonce), NULL))
+ goto err;
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
+ goto err;
-+ if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0))
++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
+ goto err;
+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
+ goto err;
@@ -8478,12 +8506,12 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
+ EVP_CIPHER_CTX_init(&ctx);
+ memset(out, 0, sizeof(out));
+ memset(tag, 0, sizeof(tag));
-+ if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
+ goto err;
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
+ sizeof(gcm_iv), NULL))
+ goto err;
-+ if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1))
++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1))
+ goto err;
+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
+ goto err;
@@ -8500,14 +8528,14 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
+
+ memset(out, 0, sizeof(out));
+
-+ if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
++ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
+ goto err;
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
+ sizeof(gcm_iv), NULL))
+ goto err;
+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
+ goto err;
-+ if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0))
++ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0))
+ goto err;
+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
+ goto err;
@@ -8600,8 +8628,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips.c.fips openssl-1.0.1e/crypto/fips/fips.c
---- openssl-1.0.1e/crypto/fips/fips.c.fips 2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/fips.c 2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips.c.fips 2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c 2013-10-04 11:48:04.182694181 +0200
@@ -0,0 +1,489 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9093,8 +9121,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.c.fips openssl-1.0.1e/crypto/fips/fips.
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips 2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c 2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips 2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c 2013-10-04 11:48:04.183694204 +0200
@@ -0,0 +1,161 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9258,8 +9286,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1e/cry
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_des_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips 2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c 2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips 2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c 2013-10-04 11:48:04.183694204 +0200
@@ -0,0 +1,147 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9409,8 +9437,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1e/cryp
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips 2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c 2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips 2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c 2013-10-04 11:48:04.183694204 +0200
@@ -0,0 +1,436 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -9849,8 +9877,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1e/crypto/f
+ return 1;
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips 2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c 2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips 2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c 2013-10-04 11:48:04.183694204 +0200
@@ -0,0 +1,378 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10231,8 +10259,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1e/crypto/
+ return 1;
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips 2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c 2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips 2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c 2013-10-04 11:48:04.183694204 +0200
@@ -0,0 +1,281 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10516,8 +10544,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1e/crypto/
+ return 1;
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips 2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c 2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips 2013-10-04 11:48:04.184694226 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c 2013-10-04 11:48:04.184694226 +0200
@@ -0,0 +1,578 @@
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
@@ -11098,8 +11126,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1e/crypto/f
+ return 1;
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips 2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips 2013-10-04 11:48:04.184694226 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-10-04 11:48:04.184694226 +0200
@@ -0,0 +1,172 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -11274,8 +11302,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1e/crypto/
+ }
+
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips 2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c 2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips 2013-10-04 11:48:04.184694226 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c 2013-10-04 11:48:04.184694226 +0200
@@ -0,0 +1,862 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -12140,8 +12168,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1e/cry
+ }
+
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips 2013-02-19 12:47:33.738118852 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h 2013-02-19 12:47:33.738118852 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips 2013-10-04 11:48:04.185694249 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h 2013-10-04 11:48:04.185694249 +0200
@@ -0,0 +1,2335 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -14479,8 +14507,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1e/cry
+ };
+
diff -up openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips 2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c 2013-02-19 12:47:33.739118872 +0100
+--- openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips 2013-10-04 11:48:04.185694249 +0200
++++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c 2013-10-04 11:48:04.185694249 +0200
@@ -0,0 +1,193 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -14676,8 +14704,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1e/cryp
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_enc.c.fips openssl-1.0.1e/crypto/fips/fips_enc.c
---- openssl-1.0.1e/crypto/fips/fips_enc.c.fips 2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_enc.c 2013-02-19 12:47:33.739118872 +0100
+--- openssl-1.0.1e/crypto/fips/fips_enc.c.fips 2013-10-04 11:48:04.185694249 +0200
++++ openssl-1.0.1e/crypto/fips/fips_enc.c 2013-10-04 11:48:04.185694249 +0200
@@ -0,0 +1,191 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -14871,8 +14899,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_enc.c.fips openssl-1.0.1e/crypto/fips/f
+ }
+
diff -up openssl-1.0.1e/crypto/fips/fips.h.fips openssl-1.0.1e/crypto/fips/fips.h
---- openssl-1.0.1e/crypto/fips/fips.h.fips 2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips.h 2013-02-19 12:47:33.739118872 +0100
+--- openssl-1.0.1e/crypto/fips/fips.h.fips 2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h 2013-10-04 11:48:04.186694271 +0200
@@ -0,0 +1,279 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -15154,8 +15182,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips openssl-1.0.1e/crypto/fips/fips.
+#endif
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips 2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c 2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips 2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c 2013-10-04 11:48:04.186694271 +0200
@@ -0,0 +1,137 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -15295,8 +15323,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1e/cry
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_locl.h.fips openssl-1.0.1e/crypto/fips/fips_locl.h
---- openssl-1.0.1e/crypto/fips/fips_locl.h.fips 2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_locl.h 2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_locl.h.fips 2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_locl.h 2013-10-04 11:48:04.186694271 +0200
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15370,8 +15398,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_locl.h.fips openssl-1.0.1e/crypto/fips/
+#endif
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_md.c.fips openssl-1.0.1e/crypto/fips/fips_md.c
---- openssl-1.0.1e/crypto/fips/fips_md.c.fips 2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_md.c 2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_md.c.fips 2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_md.c 2013-10-04 11:48:04.186694271 +0200
@@ -0,0 +1,145 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -15519,8 +15547,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_md.c.fips openssl-1.0.1e/crypto/fips/fi
+ }
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips openssl-1.0.1e/crypto/fips/fips_post.c
---- openssl-1.0.1e/crypto/fips/fips_post.c.fips 2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips 2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-10-04 11:48:04.186694271 +0200
@@ -0,0 +1,205 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15728,8 +15756,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips openssl-1.0.1e/crypto/fips/
+ }
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_rand.c.fips openssl-1.0.1e/crypto/fips/fips_rand.c
---- openssl-1.0.1e/crypto/fips/fips_rand.c.fips 2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand.c 2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand.c.fips 2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand.c 2013-10-04 11:48:04.187694294 +0200
@@ -0,0 +1,457 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -16189,8 +16217,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand.c.fips openssl-1.0.1e/crypto/fips/
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_rand.h.fips openssl-1.0.1e/crypto/fips/fips_rand.h
---- openssl-1.0.1e/crypto/fips/fips_rand.h.fips 2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand.h 2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand.h.fips 2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand.h 2013-10-04 11:48:04.187694294 +0200
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -16338,8 +16366,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand.h.fips openssl-1.0.1e/crypto/fips/
+#endif
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1e/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips 2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h 2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips 2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h 2013-10-04 11:48:04.187694294 +0200
@@ -0,0 +1,219 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -16561,8 +16589,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1e/crypto/f
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
diff -up openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1e/crypto/fips/fips_rand_lib.c
---- openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips 2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c 2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips 2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c 2013-10-04 11:48:04.187694294 +0200
@@ -0,0 +1,191 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -16756,8 +16784,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1e/crypto/f
+ return 0;
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips 2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c 2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips 2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c 2013-10-04 11:48:04.187694294 +0200
@@ -0,0 +1,183 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -16943,8 +16971,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1e/cry
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_randtest.c.fips openssl-1.0.1e/crypto/fips/fips_randtest.c
---- openssl-1.0.1e/crypto/fips/fips_randtest.c.fips 2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_randtest.c 2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_randtest.c.fips 2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_randtest.c 2013-10-04 11:48:04.187694294 +0200
@@ -0,0 +1,250 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -17197,8 +17225,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_randtest.c.fips openssl-1.0.1e/crypto/f
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips 2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips 2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2013-10-04 11:48:04.188694316 +0200
@@ -0,0 +1,444 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -17645,8 +17673,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1e/cryp
+
+#endif /* def OPENSSL_FIPS */
diff -up openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips 2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c 2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips 2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c 2013-10-04 11:48:04.188694316 +0200
@@ -0,0 +1,282 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -17931,8 +17959,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1e/crypto/
+
+ }
diff -up openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips 2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c 2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips 2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c 2013-10-04 11:48:04.188694316 +0200
@@ -0,0 +1,140 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18075,8 +18103,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1e/cryp
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips 2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c 2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips 2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c 2013-10-04 11:48:04.188694316 +0200
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18259,8 +18287,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1e/c
+
+
diff -up openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips openssl-1.0.1e/crypto/fips/fips_test_suite.c
---- openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips 2013-02-19 12:47:33.743118955 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_test_suite.c 2013-02-19 12:47:33.743118955 +0100
+--- openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips 2013-10-04 11:48:04.189694339 +0200
++++ openssl-1.0.1e/crypto/fips/fips_test_suite.c 2013-10-04 11:48:04.189694339 +0200
@@ -0,0 +1,588 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18851,8 +18879,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips openssl-1.0.1e/crypto
+
+#endif
diff -up openssl-1.0.1e/crypto/fips/Makefile.fips openssl-1.0.1e/crypto/fips/Makefile
---- openssl-1.0.1e/crypto/fips/Makefile.fips 2013-02-19 12:47:33.743118955 +0100
-+++ openssl-1.0.1e/crypto/fips/Makefile 2013-02-19 12:47:33.743118955 +0100
+--- openssl-1.0.1e/crypto/fips/Makefile.fips 2013-10-04 11:48:04.189694339 +0200
++++ openssl-1.0.1e/crypto/fips/Makefile 2013-10-04 11:48:04.189694339 +0200
@@ -0,0 +1,340 @@
+#
+# OpenSSL/crypto/fips/Makefile
@@ -19196,7 +19224,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips openssl-1.0.1e/crypto/fips/Mak
+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
diff -up openssl-1.0.1e/crypto/hmac/hmac.c.fips openssl-1.0.1e/crypto/hmac/hmac.c
--- openssl-1.0.1e/crypto/hmac/hmac.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/hmac/hmac.c 2013-02-19 12:47:33.743118955 +0100
++++ openssl-1.0.1e/crypto/hmac/hmac.c 2013-10-04 11:48:04.189694339 +0200
@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
return 0;
@@ -19259,9 +19287,21 @@ diff -up openssl-1.0.1e/crypto/hmac/hmac.c.fips openssl-1.0.1e/crypto/hmac/hmac.
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
+diff -up openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c 2013-10-04 11:48:04.189694339 +0200
+@@ -76,7 +76,7 @@
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+-fips_md_init(MDC2)
++nonfips_md_init(MDC2)
+ {
+ c->num=0;
+ c->pad_type=1;
diff -up openssl-1.0.1e/crypto/md2/md2_dgst.c.fips openssl-1.0.1e/crypto/md2/md2_dgst.c
--- openssl-1.0.1e/crypto/md2/md2_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/md2/md2_dgst.c 2013-02-19 12:47:33.743118955 +0100
++++ openssl-1.0.1e/crypto/md2/md2_dgst.c 2013-10-04 11:48:04.189694339 +0200
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
@@ -19285,7 +19325,7 @@ diff -up openssl-1.0.1e/crypto/md2/md2_dgst.c.fips openssl-1.0.1e/crypto/md2/md2
memset(c->state,0,sizeof c->state);
diff -up openssl-1.0.1e/crypto/md4/md4_dgst.c.fips openssl-1.0.1e/crypto/md4/md4_dgst.c
--- openssl-1.0.1e/crypto/md4/md4_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/md4/md4_dgst.c 2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/md4/md4_dgst.c 2013-10-04 11:48:04.190694362 +0200
@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -19297,7 +19337,7 @@ diff -up openssl-1.0.1e/crypto/md4/md4_dgst.c.fips openssl-1.0.1e/crypto/md4/md4
c->A=INIT_DATA_A;
diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.fips openssl-1.0.1e/crypto/md5/md5_dgst.c
--- openssl-1.0.1e/crypto/md5/md5_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/md5/md5_dgst.c 2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/md5/md5_dgst.c 2013-10-04 11:48:04.190694362 +0200
@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -19307,34 +19347,22 @@ diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.fips openssl-1.0.1e/crypto/md5/md5
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c 2013-02-19 12:47:33.744118975 +0100
-@@ -76,7 +76,7 @@
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
- static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
--fips_md_init(MDC2)
-+nonfips_md_init(MDC2)
- {
- c->num=0;
- c->pad_type=1;
diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
--- openssl-1.0.1e/crypto/o_fips.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/o_fips.c 2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/o_fips.c 2013-10-04 11:48:04.190694362 +0200
@@ -79,6 +79,8 @@ int FIPS_mode_set(int r)
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
#endif
-+ if (FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
++ if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
+ return 1;
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
return 0;
if (r)
diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
--- openssl-1.0.1e/crypto/o_init.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/o_init.c 2013-02-19 12:47:33.744118975 +0100
-@@ -55,28 +55,63 @@
++++ openssl-1.0.1e/crypto/o_init.c 2013-10-04 11:48:04.190694362 +0200
+@@ -55,28 +55,68 @@
#include <e_os.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
@@ -19392,6 +19420,11 @@ diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
- FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
RAND_init_fips();
+ init_fips_mode();
++ if (!FIPS_mode())
++ {
++ /* Clean up prematurely set default rand method */
++ RAND_set_rand_method(NULL);
++ }
#endif
#if 0
fprintf(stderr, "Called OPENSSL_init\n");
@@ -19404,7 +19437,7 @@ diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
+ }
diff -up openssl-1.0.1e/crypto/opensslconf.h.in.fips openssl-1.0.1e/crypto/opensslconf.h.in
--- openssl-1.0.1e/crypto/opensslconf.h.in.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/opensslconf.h.in 2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/opensslconf.h.in 2013-10-04 11:48:04.190694362 +0200
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
@@ -19428,7 +19461,7 @@ diff -up openssl-1.0.1e/crypto/opensslconf.h.in.fips openssl-1.0.1e/crypto/opens
diff -up openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1e/crypto/pkcs12/p12_crt.c
--- openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c 2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c 2013-10-04 11:48:04.190694362 +0200
@@ -59,6 +59,10 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -19457,7 +19490,7 @@ diff -up openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1e/crypto/pkcs1
if (!iter)
diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips openssl-1.0.1e/crypto/rand/md_rand.c
--- openssl-1.0.1e/crypto/rand/md_rand.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-10-04 11:48:04.190694362 +0200
@@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
@@ -19471,8 +19504,8 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips openssl-1.0.1e/crypto/rand/md
RAND_poll();
initialized = 1;
diff -up openssl-1.0.1e/crypto/rand/rand.h.fips openssl-1.0.1e/crypto/rand/rand.h
---- openssl-1.0.1e/crypto/rand/rand.h.fips 2013-02-19 12:47:33.176107430 +0100
-+++ openssl-1.0.1e/crypto/rand/rand.h 2013-02-19 12:47:33.745118995 +0100
+--- openssl-1.0.1e/crypto/rand/rand.h.fips 2013-10-04 11:48:03.945688829 +0200
++++ openssl-1.0.1e/crypto/rand/rand.h 2013-10-04 11:48:04.190694362 +0200
@@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -19513,7 +19546,7 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips openssl-1.0.1e/crypto/rand/rand.
}
diff -up openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1e/crypto/ripemd/rmd_dgst.c
--- openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c 2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c 2013-10-04 11:48:04.191694385 +0200
@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
# endif
@@ -19525,7 +19558,7 @@ diff -up openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1e/crypto/ripe
c->A=RIPEMD160_A;
diff -up openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1e/crypto/rsa/rsa_crpt.c
--- openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c 2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c 2013-10-04 11:48:04.191694385 +0200
@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
RSA *rsa, int padding)
{
@@ -19554,7 +19587,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1e/crypto/rsa/rsa
#endif
diff -up openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips openssl-1.0.1e/crypto/rsa/rsa_eay.c
--- openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_eay.c 2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_eay.c 2013-10-04 11:48:04.191694385 +0200
@@ -114,6 +114,10 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -19687,7 +19720,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips openssl-1.0.1e/crypto/rsa/rsa_
}
diff -up openssl-1.0.1e/crypto/rsa/rsa_err.c.fips openssl-1.0.1e/crypto/rsa/rsa_err.c
--- openssl-1.0.1e/crypto/rsa/rsa_err.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_err.c 2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_err.c 2013-10-04 11:48:04.191694385 +0200
@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
@@ -19699,7 +19732,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_err.c.fips openssl-1.0.1e/crypto/rsa/rsa_
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips openssl-1.0.1e/crypto/rsa/rsa_gen.c
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-10-04 11:48:04.191694385 +0200
@@ -69,6 +69,78 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
@@ -19842,8 +19875,8 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips openssl-1.0.1e/crypto/rsa/rsa_
err:
if (ok == -1)
diff -up openssl-1.0.1e/crypto/rsa/rsa.h.fips openssl-1.0.1e/crypto/rsa/rsa.h
---- openssl-1.0.1e/crypto/rsa/rsa.h.fips 2013-02-19 12:47:33.485113710 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa.h 2013-02-19 12:47:33.746119015 +0100
+--- openssl-1.0.1e/crypto/rsa/rsa.h.fips 2013-10-04 11:48:04.075691765 +0200
++++ openssl-1.0.1e/crypto/rsa/rsa.h 2013-10-04 11:48:04.192694407 +0200
@@ -164,6 +164,8 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
@@ -19930,7 +19963,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa.h.fips openssl-1.0.1e/crypto/rsa/rsa.h
#define RSA_R_P_NOT_PRIME 128
diff -up openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips openssl-1.0.1e/crypto/rsa/rsa_lib.c
--- openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_lib.c 2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_lib.c 2013-10-04 11:48:04.192694407 +0200
@@ -84,6 +84,13 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -20008,7 +20041,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips openssl-1.0.1e/crypto/rsa/rsa_
#ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-10-04 11:48:04.192694407 +0200
@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
RSA_R_INVALID_DIGEST_LENGTH);
return -1;
@@ -20054,7 +20087,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1e/crypto/rsa/rs
sig, siglen, rsa);
diff -up openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips openssl-1.0.1e/crypto/rsa/rsa_sign.c
--- openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_sign.c 2013-02-19 12:47:33.747119035 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_sign.c 2013-10-04 11:48:04.192694407 +0200
@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
i2d_X509_SIG(&sig,&p);
s=tmps;
@@ -20086,9 +20119,63 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips openssl-1.0.1e/crypto/rsa/rsa
if (i <= 0) goto err;
/* Oddball MDC2 case: signature can be OCTET STRING.
+diff -up openssl-1.0.1e/crypto/sha/sha.h.fips openssl-1.0.1e/crypto/sha/sha.h
+--- openssl-1.0.1e/crypto/sha/sha.h.fips 2013-10-04 11:48:03.867687068 +0200
++++ openssl-1.0.1e/crypto/sha/sha.h 2013-10-04 11:48:04.192694407 +0200
+@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
+ void SHA_Transform(SHA_CTX *c, const unsigned char *data);
+ #endif
+ #ifndef OPENSSL_NO_SHA1
+-#ifdef OPENSSL_FIPS
+-int private_SHA1_Init(SHA_CTX *c);
+-#endif
+ int SHA1_Init(SHA_CTX *c);
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
+@@ -141,10 +138,6 @@ typedef struct SHA256state_st
+ } SHA256_CTX;
+
+ #ifndef OPENSSL_NO_SHA256
+-#ifdef OPENSSL_FIPS
+-int private_SHA224_Init(SHA256_CTX *c);
+-int private_SHA256_Init(SHA256_CTX *c);
+-#endif
+ int SHA224_Init(SHA256_CTX *c);
+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+@@ -192,10 +185,6 @@ typedef struct SHA512state_st
+ #endif
+
+ #ifndef OPENSSL_NO_SHA512
+-#ifdef OPENSSL_FIPS
+-int private_SHA384_Init(SHA512_CTX *c);
+-int private_SHA512_Init(SHA512_CTX *c);
+-#endif
+ int SHA384_Init(SHA512_CTX *c);
+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+diff -up openssl-1.0.1e/crypto/sha/sha_locl.h.fips openssl-1.0.1e/crypto/sha/sha_locl.h
+--- openssl-1.0.1e/crypto/sha/sha_locl.h.fips 2013-10-04 11:48:03.870687135 +0200
++++ openssl-1.0.1e/crypto/sha/sha_locl.h 2013-10-04 11:48:04.192694407 +0200
+@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
+ #define INIT_DATA_h4 0xc3d2e1f0UL
+
+ #ifdef SHA_0
+-fips_md_init(SHA)
++nonfips_md_init(SHA)
+ #else
+ fips_md_init_ctx(SHA1, SHA)
+ #endif
+ {
++#if defined(SHA_1) && defined(OPENSSL_FIPS)
++ FIPS_selftest_check();
++#endif
+ memset (c,0,sizeof(*c));
+ c->h0=INIT_DATA_h0;
+ c->h1=INIT_DATA_h1;
diff -up openssl-1.0.1e/crypto/sha/sha256.c.fips openssl-1.0.1e/crypto/sha/sha256.c
--- openssl-1.0.1e/crypto/sha/sha256.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/sha/sha256.c 2013-02-19 12:47:33.747119035 +0100
++++ openssl-1.0.1e/crypto/sha/sha256.c 2013-10-04 11:48:04.193694429 +0200
@@ -12,12 +12,19 @@
#include <openssl/crypto.h>
@@ -20121,7 +20208,7 @@ diff -up openssl-1.0.1e/crypto/sha/sha256.c.fips openssl-1.0.1e/crypto/sha/sha25
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
diff -up openssl-1.0.1e/crypto/sha/sha512.c.fips openssl-1.0.1e/crypto/sha/sha512.c
--- openssl-1.0.1e/crypto/sha/sha512.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/sha/sha512.c 2013-02-19 12:47:33.747119035 +0100
++++ openssl-1.0.1e/crypto/sha/sha512.c 2013-10-04 11:48:04.193694429 +0200
@@ -5,6 +5,10 @@
* ====================================================================
*/
@@ -20153,63 +20240,9 @@ diff -up openssl-1.0.1e/crypto/sha/sha512.c.fips openssl-1.0.1e/crypto/sha/sha51
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.1e/crypto/sha/sha.h.fips openssl-1.0.1e/crypto/sha/sha.h
---- openssl-1.0.1e/crypto/sha/sha.h.fips 2013-02-19 12:47:32.986103568 +0100
-+++ openssl-1.0.1e/crypto/sha/sha.h 2013-02-19 12:47:33.747119035 +0100
-@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
- void SHA_Transform(SHA_CTX *c, const unsigned char *data);
- #endif
- #ifndef OPENSSL_NO_SHA1
--#ifdef OPENSSL_FIPS
--int private_SHA1_Init(SHA_CTX *c);
--#endif
- int SHA1_Init(SHA_CTX *c);
- int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
- int SHA1_Final(unsigned char *md, SHA_CTX *c);
-@@ -141,10 +138,6 @@ typedef struct SHA256state_st
- } SHA256_CTX;
-
- #ifndef OPENSSL_NO_SHA256
--#ifdef OPENSSL_FIPS
--int private_SHA224_Init(SHA256_CTX *c);
--int private_SHA256_Init(SHA256_CTX *c);
--#endif
- int SHA224_Init(SHA256_CTX *c);
- int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
- int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-@@ -192,10 +185,6 @@ typedef struct SHA512state_st
- #endif
-
- #ifndef OPENSSL_NO_SHA512
--#ifdef OPENSSL_FIPS
--int private_SHA384_Init(SHA512_CTX *c);
--int private_SHA512_Init(SHA512_CTX *c);
--#endif
- int SHA384_Init(SHA512_CTX *c);
- int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
- int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.1e/crypto/sha/sha_locl.h.fips openssl-1.0.1e/crypto/sha/sha_locl.h
---- openssl-1.0.1e/crypto/sha/sha_locl.h.fips 2013-02-19 12:47:32.991103670 +0100
-+++ openssl-1.0.1e/crypto/sha/sha_locl.h 2013-02-19 12:47:33.747119035 +0100
-@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
- #define INIT_DATA_h4 0xc3d2e1f0UL
-
- #ifdef SHA_0
--fips_md_init(SHA)
-+nonfips_md_init(SHA)
- #else
- fips_md_init_ctx(SHA1, SHA)
- #endif
- {
-+#if defined(SHA_1) && defined(OPENSSL_FIPS)
-+ FIPS_selftest_check();
-+#endif
- memset (c,0,sizeof(*c));
- c->h0=INIT_DATA_h0;
- c->h1=INIT_DATA_h1;
diff -up openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1e/crypto/whrlpool/wp_dgst.c
--- openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c 2013-02-19 12:47:33.748119055 +0100
++++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c 2013-10-04 11:48:04.193694429 +0200
@@ -55,7 +55,7 @@
#include <openssl/crypto.h>
#include <string.h>
@@ -20220,8 +20253,8 @@ diff -up openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1e/crypto/whr
memset (c,0,sizeof(*c));
return(1);
diff -up openssl-1.0.1e/Makefile.org.fips openssl-1.0.1e/Makefile.org
---- openssl-1.0.1e/Makefile.org.fips 2013-02-19 12:47:33.678117634 +0100
-+++ openssl-1.0.1e/Makefile.org 2013-02-19 12:47:33.748119055 +0100
+--- openssl-1.0.1e/Makefile.org.fips 2013-10-04 11:48:04.157693616 +0200
++++ openssl-1.0.1e/Makefile.org 2013-10-04 11:48:04.193694429 +0200
@@ -136,6 +136,9 @@ FIPSCANLIB=
BASEADDR=
@@ -20249,9 +20282,21 @@ diff -up openssl-1.0.1e/Makefile.org.fips openssl-1.0.1e/Makefile.org
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
+diff -up openssl-1.0.1e/ssl/d1_srvr.c.fips openssl-1.0.1e/ssl/d1_srvr.c
+--- openssl-1.0.1e/ssl/d1_srvr.c.fips 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_srvr.c 2013-10-04 11:48:04.193694429 +0200
+@@ -1372,6 +1372,8 @@ int dtls1_send_server_key_exchange(SSL *
+ j=0;
+ for (num=2; num > 0; num--)
+ {
++ EVP_MD_CTX_set_flags(&md_ctx,
++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx,(num == 2)
+ ?s->ctx->md5:s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
diff -up openssl-1.0.1e/ssl/ssl_algs.c.fips openssl-1.0.1e/ssl/ssl_algs.c
--- openssl-1.0.1e/ssl/ssl_algs.c.fips 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/ssl/ssl_algs.c 2013-02-19 12:47:33.748119055 +0100
++++ openssl-1.0.1e/ssl/ssl_algs.c 2013-10-04 11:48:04.193694429 +0200
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
diff --git a/openssl-1.0.1e-manfix.patch b/openssl-1.0.1e-manfix.patch
index 37b59f9..4ba2abb 100644
--- a/openssl-1.0.1e-manfix.patch
+++ b/openssl-1.0.1e-manfix.patch
@@ -1,6 +1,6 @@
diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod
--- openssl-1.0.1e/doc/apps/cms.pod.manfix 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/cms.pod 2013-04-30 16:29:25.020724103 +0200
++++ openssl-1.0.1e/doc/apps/cms.pod 2013-09-12 11:17:42.147092310 +0200
@@ -450,28 +450,28 @@ remains DER.
=over 4
@@ -36,9 +36,109 @@ diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod
the message was verified correctly but an error occurred writing out
the signers certificates.
+diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod
+--- openssl-1.0.1e/doc/apps/ec.pod.manfix 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/ec.pod 2013-09-12 11:17:42.147092310 +0200
+@@ -93,10 +93,6 @@ prints out the public, private key compo
+
+ this option prevents output of the encoded version of the key.
+
+-=item B<-modulus>
+-
+-this option prints out the value of the public key component of the key.
+-
+ =item B<-pubin>
+
+ by default a private key is read from the input file: with this option a
+diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/openssl.pod
+--- openssl-1.0.1e/doc/apps/openssl.pod.manfix 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/openssl.pod 2013-09-12 11:17:42.148092331 +0200
+@@ -163,7 +163,7 @@ Create or examine a netscape certificate
+
+ Online Certificate Status Protocol utility.
+
+-=item L<B<passwd>|passwd(1)>
++=item L<B<passwd>|sslpasswd(1)>
+
+ Generation of hashed passwords.
+
+@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
+
+ Public key algorithm cryptographic operation utility.
+
+-=item L<B<rand>|rand(1)>
++=item L<B<rand>|sslrand(1)>
+
+ Generate pseudo-random bytes.
+
+@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
+ L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
+ L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+-L<passwd(1)|passwd(1)>,
++L<sslpasswd(1)|sslpasswd(1)>,
+ L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
++L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+ L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+ L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_client.pod
+--- openssl-1.0.1e/doc/apps/s_client.pod.manfix 2013-09-12 11:17:41.517078502 +0200
++++ openssl-1.0.1e/doc/apps/s_client.pod 2013-09-12 11:17:42.149092353 +0200
+@@ -32,9 +32,14 @@ B<openssl> B<s_client>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-bugs>]
+ [B<-cipher cipherlist>]
+ [B<-starttls protocol>]
+@@ -44,6 +49,7 @@ B<openssl> B<s_client>
+ [B<-sess_out filename>]
+ [B<-sess_in filename>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+
+ =head1 DESCRIPTION
+
+@@ -182,7 +188,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+@@ -243,6 +249,17 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a list of
++comma-separated protocol names that the client should advertise
++support for. The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++Empty list of protocols is treated specially and will cause the client to
++advertise support for the TLS extension but disconnect just after
++reciving ServerHello with a list of server supported protocols.
++
+ =back
+
+ =head1 CONNECTED COMMANDS
diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.pod
--- openssl-1.0.1e/doc/apps/smime.pod.manfix 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/smime.pod 2013-04-30 20:55:00.982603518 +0200
++++ openssl-1.0.1e/doc/apps/smime.pod 2013-09-12 11:17:42.150092375 +0200
@@ -308,28 +308,28 @@ remains DER.
=over 4
@@ -74,9 +174,96 @@ diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.
the message was verified correctly but an error occurred writing out
the signers certificates.
+diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_server.pod
+--- openssl-1.0.1e/doc/apps/s_server.pod.manfix 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/s_server.pod 2013-09-12 11:17:42.150092375 +0200
+@@ -40,10 +40,16 @@ B<openssl> B<s_server>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-no_dhe>]
++[B<-no_ecdhe>]
+ [B<-bugs>]
+ [B<-hack>]
+ [B<-www>]
+@@ -54,6 +60,7 @@ B<openssl> B<s_server>
+ [B<-no_ticket>]
+ [B<-id_prefix arg>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+
+ =head1 DESCRIPTION
+
+@@ -131,6 +138,10 @@ a static set of parameters hard coded in
+ if this option is set then no DH parameters will be loaded effectively
+ disabling the ephemeral DH cipher suites.
+
++=item B<-no_ecdhe>
++
++if this option is set then ephemeral ECDH cipher suites will be disabled.
++
+ =item B<-no_tmp_rsa>
+
+ certain export cipher suites sometimes use a temporary RSA key, this option
+@@ -201,7 +212,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+@@ -276,6 +287,14 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a
++comma-separated list of supported protocol names.
++The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++
+ =back
+
+ =head1 CONNECTED COMMANDS
+diff -up openssl-1.0.1e/doc/apps/verify.pod.manfix openssl-1.0.1e/doc/apps/verify.pod
+--- openssl-1.0.1e/doc/apps/verify.pod.manfix 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/verify.pod 2013-09-12 11:25:13.994994992 +0200
+@@ -25,6 +25,7 @@ B<openssl> B<verify>
+ [B<-untrusted file>]
+ [B<-help>]
+ [B<-issuer_checks>]
++[B<-attime timestamp>]
+ [B<-verbose>]
+ [B<->]
+ [certificates]
+@@ -80,6 +81,12 @@ rejected. The presence of rejection mess
+ anything is wrong; during the normal verification process, several
+ rejections may take place.
+
++=item B<-attime timestamp>
++
++Perform validation checks using the time specified by B<timestamp> and not
++the current system time. B<timestamp> is the number of seconds since
++01.01.1970 (UNIX time).
++
+ =item B<-policy arg>
+
+ Enable policy processing and add B<arg> to the user-initial-policy-set (see
diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL_accept.pod
---- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix 2013-04-30 15:30:40.000000000 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-04-30 21:17:28.057369256 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix 2013-09-12 11:17:42.129091915 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-09-12 11:17:42.156092507 +0200
@@ -44,13 +44,13 @@ The following return values can occur:
=over 4
@@ -95,7 +282,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL
established.
diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_clear.pod
--- openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-04-30 21:19:20.057609717 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-09-12 11:17:42.158092551 +0200
@@ -56,12 +56,12 @@ The following return values can occur:
=over 4
@@ -112,9 +299,9 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_
The SSL_clear() operation was successful.
diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
---- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-04-30 21:11:49.602141805 +0200
-@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
+--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix 2013-09-12 11:17:42.049090162 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-09-12 11:17:42.159092573 +0200
+@@ -60,11 +60,11 @@ SSL_COMP_add_compression_method() may re
=over 4
@@ -129,8 +316,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix opens
The operation failed. Check the error queue to find out the reason.
diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SSL_connect.pod
---- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix 2013-04-30 15:30:40.000000000 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-04-30 21:15:09.791416694 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix 2013-09-12 11:17:42.130091937 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-09-12 11:17:42.161092616 +0200
@@ -41,13 +41,13 @@ The following return values can occur:
=over 4
@@ -149,7 +336,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SS
established.
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
--- openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-04-30 21:12:39.211201170 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-09-12 11:17:42.162092638 +0200
@@ -52,13 +52,13 @@ The following values are returned by all
=over 4
@@ -168,7 +355,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/do
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
--- openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-04-30 21:22:20.102446527 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-09-12 11:17:42.163092660 +0200
@@ -100,13 +100,13 @@ The following return values can occur:
=over 4
@@ -186,8 +373,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl
The operation succeeded.
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
---- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix 2013-04-30 15:30:40.000000000 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-04-30 21:23:02.644353105 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix 2013-09-12 11:17:42.132091981 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-09-12 11:17:42.164092682 +0200
@@ -66,13 +66,13 @@ values:
=over 4
@@ -206,7 +393,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-04-30 21:15:37.490008175 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-09-12 11:17:42.166092726 +0200
@@ -64,13 +64,13 @@ return the following values:
=over 4
@@ -225,7 +412,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openss
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-04-30 21:19:59.388447867 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-09-12 11:17:42.167092748 +0200
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
=over 4
@@ -241,8 +428,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1
The operation succeeded.
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
---- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix 2013-04-30 15:30:40.000000000 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-04-30 21:14:20.037354235 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix 2013-09-12 11:17:42.133092003 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-09-12 11:17:42.168092770 +0200
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
connection will fail with decryption_error before it will be finished
completely.
@@ -253,8 +440,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
---- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix 2013-04-30 15:30:40.000000000 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-04-30 21:21:52.906866978 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix 2013-09-12 11:17:42.135092047 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-09-12 11:17:42.170092814 +0200
@@ -45,13 +45,13 @@ The following return values can occur:
=over 4
@@ -273,7 +460,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/s
established.
diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_read.pod
--- openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-04-30 21:13:05.809769163 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-09-12 11:17:42.171092836 +0200
@@ -86,7 +86,7 @@ The following return values can occur:
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
@@ -285,7 +472,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_r
shutdown due to a "close notify" alert sent by the peer (in which case
diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
--- openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-04-30 21:16:30.000129487 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-09-12 11:17:42.172092857 +0200
@@ -27,11 +27,11 @@ The following return values can occur:
=over 4
@@ -302,7 +489,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc
diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
--- openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-04-30 21:20:49.594517776 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-09-12 11:17:42.174092901 +0200
@@ -35,11 +35,11 @@ The following return values can occur:
=over 4
@@ -319,7 +506,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL
diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_session.pod
--- openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-04-30 21:17:57.551999090 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-09-12 11:17:42.175092923 +0200
@@ -37,11 +37,11 @@ The following return values can occur:
=over 4
@@ -335,8 +522,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ss
The operation succeeded.
diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
---- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix 2013-04-30 15:30:40.000000000 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-04-30 21:18:44.571853502 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix 2013-09-12 11:17:42.137092090 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-09-12 11:17:42.177092967 +0200
@@ -92,14 +92,14 @@ The following return values can occur:
=over 4
@@ -356,7 +543,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/S
and the peer's "close notify" alert was received.
diff -up openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix openssl-1.0.1e/doc/ssl/SSL_write.pod
--- openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-04-30 21:13:31.129309841 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-09-12 11:17:42.177092967 +0200
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
diff --git a/openssl-1.0.1e-new-fips-reqs.patch b/openssl-1.0.1e-new-fips-reqs.patch
new file mode 100644
index 0000000..7054955
--- /dev/null
+++ b/openssl-1.0.1e-new-fips-reqs.patch
@@ -0,0 +1,1070 @@
+diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_gen.c
+--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs 2013-12-18 12:17:09.748636614 +0100
++++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-12-18 12:17:09.798637687 +0100
+@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
+ return 0;
+ }
+
+- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
++ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN))
+ {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+diff -up openssl-1.0.1e/crypto/dh/dh.h.fips-reqs openssl-1.0.1e/crypto/dh/dh.h
+--- openssl-1.0.1e/crypto/dh/dh.h.fips-reqs 2013-12-18 12:17:09.748636614 +0100
++++ openssl-1.0.1e/crypto/dh/dh.h 2013-12-18 12:17:09.798637687 +0100
+@@ -78,6 +78,7 @@
+ #endif
+
+ #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
++#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
+
+ #define DH_FLAG_CACHE_MONT_P 0x01
+ #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+diff -up openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_check.c
+--- openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dh/dh_check.c 2013-12-18 12:17:09.799637708 +0100
+@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
+ BN_sub_word(q,1);
+ if (BN_cmp(pub_key,q)>=0)
+ *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
++#ifdef OPENSSL_FIPS
++ if (FIPS_mode() && dh->q != NULL)
++ {
++ BN_CTX *ctx = NULL;
+
++ ctx = BN_CTX_new();
++ if (ctx == NULL)
++ goto err;
++
++ if (BN_mod_exp_mont(q, pub_key, dh->q, dh->p, ctx, NULL) <= 0)
++ {
++ BN_CTX_free(ctx);
++ goto err;
++ }
++ if (!BN_is_one(q))
++ {
++ /* it would be more correct to add new return flag
++ * for this test, but we do not want to do it
++ * so just error out
++ */
++ BN_CTX_free(ctx);
++ goto err;
++ }
++
++ BN_CTX_free(ctx);
++ }
++#endif
+ ok = 1;
+ err:
+ if (q != NULL) BN_free(q);
+diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs 2013-12-18 12:17:09.749636636 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-12-18 12:17:09.799637708 +0100
+@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ }
+
+ if (FIPS_module_mode() &&
+- (bits != 1024 || qbits != 160) &&
+ (bits != 2048 || qbits != 224) &&
+ (bits != 2048 || qbits != 256) &&
+ (bits != 3072 || qbits != 256))
+diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1e/crypto/dsa/dsa.h
+--- openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs 2013-12-18 12:17:09.749636636 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-12-18 12:17:09.799637708 +0100
+@@ -89,6 +89,7 @@
+ #endif
+
+ #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
++#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048
+
+ #define DSA_FLAG_CACHE_MONT_P 0x01
+ #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
+@@ -254,9 +255,9 @@ int DSAparams_print_fp(FILE *fp, const D
+ int DSA_print_fp(FILE *bp, const DSA *x, int off);
+ #endif
+
+-#define DSS_prime_checks 50
+-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
+- * 50 rounds of Rabin-Miller */
++#define DSS_prime_checks 64
++/* Primality test according to FIPS PUB 186[-4], Appendix 2.1:
++ * 64 rounds of Rabin-Miller */
+ #define DSA_is_prime(n, callback, cb_arg) \
+ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_key.c
+--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs 2013-12-18 12:17:09.797637665 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-12-18 12:17:09.799637708 +0100
+@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa)
+
+ #ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
+- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
++ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN))
+ {
+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+diff -up openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_dh_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs 2013-12-18 17:06:36.575114314 +0100
++++ openssl-1.0.1e/crypto/fips/fips_dh_selftest.c 2013-12-18 17:26:14.409036334 +0100
+@@ -0,0 +1,162 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 2013 Red Hat, Inc.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * openssl-core at openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/dh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++
++static const unsigned char dh_test_2048_p[] = {
++ 0xAE,0xEC,0xEE,0x22,0xFA,0x3A,0xA5,0x22,0xC0,0xDE,0x0F,0x09,
++ 0x7E,0x17,0xC0,0x05,0xF9,0xF1,0xE7,0xC6,0x87,0x14,0x6D,0x11,
++ 0xE7,0xAE,0xED,0x2F,0x72,0x59,0xC5,0xA9,0x9B,0xB8,0x02,0xA5,
++ 0xF3,0x69,0x70,0xD6,0xDD,0x90,0xF9,0x19,0x79,0xBE,0x60,0x8F,
++ 0x25,0x92,0x30,0x1C,0x51,0x51,0x38,0x26,0x82,0x25,0xE6,0xFC,
++ 0xED,0x65,0x96,0x8F,0x57,0xE5,0x53,0x8B,0x38,0x63,0xC7,0xCE,
++ 0xBC,0x1B,0x4D,0x18,0x2A,0x5B,0x04,0x3F,0x6A,0x3C,0x94,0x39,
++ 0xAE,0x36,0xD6,0x5E,0x0F,0xA2,0xCC,0xD0,0xD4,0xD5,0xC6,0x1E,
++ 0xF6,0xA0,0xF5,0x89,0x4E,0xB4,0x0B,0xA4,0xB3,0x2B,0x3D,0xE2,
++ 0x4E,0xE1,0x49,0x25,0x99,0x5F,0x32,0x16,0x33,0x32,0x1B,0x7A,
++ 0xA5,0x5C,0x6B,0x34,0x0D,0x39,0x99,0xDC,0xF0,0x76,0xE5,0x5A,
++ 0xD4,0x71,0x00,0xED,0x5A,0x73,0xFB,0xC8,0x01,0xAD,0x99,0xCF,
++ 0x99,0x52,0x7C,0x9C,0x64,0xC6,0x76,0x40,0x57,0xAF,0x59,0xD7,
++ 0x38,0x0B,0x40,0xDE,0x33,0x0D,0xB8,0x76,0xEC,0xA9,0xD8,0x73,
++ 0xF8,0xEF,0x26,0x66,0x06,0x27,0xDD,0x7C,0xA4,0x10,0x9C,0xA6,
++ 0xAA,0xF9,0x53,0x62,0x73,0x1D,0xBA,0x1C,0xF1,0x67,0xF4,0x35,
++ 0xED,0x6F,0x37,0x92,0xE8,0x4F,0x6C,0xBA,0x52,0x6E,0xA1,0xED,
++ 0xDA,0x9F,0x85,0x11,0x82,0x52,0x62,0x08,0x44,0xF1,0x30,0x03,
++ 0xC3,0x38,0x2C,0x79,0xBD,0xD4,0x43,0x45,0xEE,0x8E,0x50,0xFC,
++ 0x29,0x46,0x9A,0xFE,0x54,0x1A,0x19,0x8F,0x4B,0x84,0x08,0xDE,
++ 0x20,0x62,0x73,0xCC,0xDD,0x7E,0xF0,0xEF,0xA2,0xFD,0x86,0x58,
++ 0x4B,0xD8,0x37,0xEB
++};
++
++static const unsigned char dh_test_2048_g[] = {
++ 0x02
++};
++
++static const unsigned char dh_test_2048_pub_key[] = {
++ 0xA0,0x39,0x11,0x77,0x9A,0xC1,0x30,0x1F,0xBE,0x48,0xA7,0xAA,
++ 0xA0,0x84,0x54,0x64,0xAD,0x1B,0x70,0xFA,0x13,0x55,0x63,0xD2,
++ 0x1F,0x62,0x32,0x93,0x8E,0xC9,0x3E,0x09,0xA7,0x64,0xE4,0x12,
++ 0x6E,0x1B,0xF2,0x92,0x3B,0xB9,0xCB,0x56,0xEA,0x07,0x88,0xB5,
++ 0xA6,0xBC,0x16,0x1F,0x27,0xFE,0xD8,0xAA,0x40,0xB2,0xB0,0x2D,
++ 0x37,0x76,0xA6,0xA4,0x82,0x2C,0x0E,0x22,0x64,0x9D,0xCB,0xD1,
++ 0x00,0xB7,0x89,0x14,0x72,0x4E,0xBE,0x48,0x41,0xF8,0xB2,0x51,
++ 0x11,0x09,0x4B,0x22,0x01,0x23,0x39,0x96,0xE0,0x15,0xD7,0x9F,
++ 0x60,0xD1,0xB7,0xAE,0xFE,0x5F,0xDB,0xE7,0x03,0x17,0x97,0xA6,
++ 0x16,0x74,0xBD,0x53,0x81,0x19,0xC5,0x47,0x5E,0xCE,0x8D,0xED,
++ 0x45,0x5D,0x3C,0x00,0xA0,0x0A,0x68,0x6A,0xE0,0x8E,0x06,0x46,
++ 0x6F,0xD7,0xF9,0xDF,0x31,0x7E,0x77,0x44,0x0D,0x98,0xE0,0xCA,
++ 0x98,0x09,0x52,0x04,0x90,0xEA,0x6D,0xF4,0x30,0x69,0x8F,0xB1,
++ 0x9B,0xC1,0x43,0xDB,0xD5,0x8D,0xC8,0x8E,0xB6,0x0B,0x05,0xBE,
++ 0x0E,0xC5,0x99,0xC8,0x6E,0x4E,0xF3,0xCB,0xC3,0x5E,0x9B,0x53,
++ 0xF7,0x06,0x1C,0x4F,0xC7,0xB8,0x6E,0x30,0x18,0xCA,0x9B,0xB9,
++ 0xBC,0x5F,0x17,0x72,0x29,0x5A,0xE5,0xD9,0x96,0xB7,0x0B,0xF3,
++ 0x2D,0x8C,0xF1,0xE1,0x0E,0x0D,0x74,0xD5,0x9D,0xF0,0x06,0xA9,
++ 0xB4,0x95,0x63,0x76,0x46,0x55,0x48,0x82,0x39,0x90,0xEF,0x56,
++ 0x75,0x34,0xB8,0x34,0xC3,0x18,0x6E,0x1E,0xAD,0xE3,0x48,0x7E,
++ 0x93,0x2C,0x23,0xE7,0xF8,0x90,0x73,0xB1,0x77,0x80,0x67,0xA9,
++ 0x36,0x9E,0xDA,0xD2
++};
++
++static const unsigned char dh_test_2048_priv_key[] = {
++ 0x0C,0x4B,0x30,0x89,0xD1,0xB8,0x62,0xCB,0x3C,0x43,0x64,0x91,
++ 0xF0,0x91,0x54,0x70,0xC5,0x27,0x96,0xE3,0xAC,0xBE,0xE8,0x00,
++ 0xEC,0x55,0xF6,0xCC
++};
++
++int FIPS_selftest_dh()
++ {
++ DH *dh = NULL;
++ int ret = 0;
++ void *pub_key = NULL;
++ int len;
++
++ dh = DH_new();
++
++ if(dh == NULL)
++ goto err;
++
++ fips_load_key_component(dh, p, dh_test_2048);
++ fips_load_key_component(dh, g, dh_test_2048);
++ /* note that the private key is much shorter than normally used
++ * but still g ** priv_key > p
++ */
++ fips_load_key_component(dh, priv_key, dh_test_2048);
++
++ if (DH_generate_key(dh) <= 0)
++ goto err;
++
++ len = BN_num_bytes(dh->pub_key);
++ if ((pub_key = OPENSSL_malloc(len)) == NULL)
++ goto err;
++ BN_bn2bin(dh->pub_key, pub_key);
++
++ if (len != sizeof(dh_test_2048_pub_key) ||
++ memcmp(pub_key, dh_test_2048_pub_key, len) != 0)
++ goto err;
++
++ ret = 1;
++
++ err:
++ if (dh)
++ DH_free(dh);
++
++ OPENSSL_free(pub_key);
++ return ret;
++ }
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs 2013-12-18 12:17:09.757636808 +0100
++++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-12-18 18:53:33.263711297 +0100
+@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
+ int rv = 0;
+ unsigned char *adin = NULL;
+ size_t adinlen = 0;
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ int locked;
++ locked = private_RAND_lock(1);
+ do
+ {
+ size_t rcnt;
+@@ -109,7 +110,8 @@ static int fips_drbg_bytes(unsigned char
+ while (count);
+ rv = 1;
+ err:
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+ return rv;
+ }
+
+@@ -124,35 +126,51 @@ static int fips_drbg_status(void)
+ {
+ DRBG_CTX *dctx = &ossl_dctx;
+ int rv;
+- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
++ int locked;
++ locked = private_RAND_lock(1);
+ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
+- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+ return rv;
+ }
+
+ static void fips_drbg_cleanup(void)
+ {
+ DRBG_CTX *dctx = &ossl_dctx;
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ int locked;
++ locked = private_RAND_lock(1);
+ FIPS_drbg_uninstantiate(dctx);
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+ }
+
+ static int fips_drbg_seed(const void *seed, int seedlen)
+ {
+ DRBG_CTX *dctx = &ossl_dctx;
++ int locked;
++ int ret = 1;
++
++ locked = private_RAND_lock(1);
+ if (dctx->rand_seed_cb)
+- return dctx->rand_seed_cb(dctx, seed, seedlen);
+- return 1;
++ ret = dctx->rand_seed_cb(dctx, seed, seedlen);
++ if (locked)
++ private_RAND_lock(0);
++ return ret;
+ }
+
+ static int fips_drbg_add(const void *seed, int seedlen,
+ double add_entropy)
+ {
+ DRBG_CTX *dctx = &ossl_dctx;
++ int locked;
++ int ret = 1;
++
++ locked = private_RAND_lock(1);
+ if (dctx->rand_add_cb)
+- return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
+- return 1;
++ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
++ if (locked)
++ private_RAND_lock(0);
++ return ret;
+ }
+
+ static const RAND_METHOD rand_drbg_meth =
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-reqs openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-reqs 2013-12-18 12:17:09.000000000 +0100
++++ openssl-1.0.1e/crypto/fips/fips.h 2013-12-18 17:13:00.928586689 +0100
+@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
+ int FIPS_selftest_dsa(void);
+ int FIPS_selftest_ecdsa(void);
+ int FIPS_selftest_ecdh(void);
++int FIPS_selftest_dh(void);
+ void FIPS_corrupt_rng(void);
+ void FIPS_rng_stick(void);
+ void FIPS_x931_stick(int onoff);
+diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_post.c
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs 2013-12-18 12:17:09.000000000 +0100
++++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-12-18 17:12:26.721832716 +0100
+@@ -99,6 +99,8 @@ int FIPS_selftest(void)
+ rv = 0;
+ if (!FIPS_selftest_dsa())
+ rv = 0;
++ if (!FIPS_selftest_dh())
++ rv = 0;
+ if (!FIPS_selftest_ecdh())
+ rv = 0;
+ return rv;
+diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs 2013-12-18 12:17:09.761636893 +0100
++++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2013-12-18 12:17:09.799637708 +0100
+@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
+ };
+
++static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
++ {
++ unsigned char *ctbuf = NULL, *ptbuf = NULL;
++ int ret = 0;
++ int len;
++
++ ctbuf = OPENSSL_malloc(RSA_size(rsa));
++ if (!ctbuf)
++ goto err;
++
++ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
++ if (len <= 0)
++ goto err;
++ /* Check ciphertext doesn't match plaintext */
++ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
++ goto err;
++
++ ptbuf = OPENSSL_malloc(RSA_size(rsa));
++ if (!ptbuf)
++ goto err;
++
++ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
++ if (len != ptlen)
++ goto err;
++ if (memcmp(ptbuf, plaintext, len))
++ goto err;
++
++ ret = 1;
++
++ err:
++ if (ctbuf)
++ OPENSSL_free(ctbuf);
++ if (ptbuf)
++ OPENSSL_free(ptbuf);
++ return ret;
++ }
+
+ int FIPS_selftest_rsa()
+ {
+@@ -353,7 +389,7 @@ int FIPS_selftest_rsa()
+ if ((pk=EVP_PKEY_new()) == NULL)
+ goto err;
+
+- EVP_PKEY_assign_RSA(pk, key);
++ EVP_PKEY_set1_RSA(pk, key);
+
+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+@@ -430,13 +466,15 @@ int FIPS_selftest_rsa()
+ "RSA SHA512 X931"))
+ goto err;
+
++ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
++ goto err;
+
+ ret = 1;
+
+ err:
+ if (pk)
+ EVP_PKEY_free(pk);
+- else if (key)
++ if (key)
+ RSA_free(key);
+ return ret;
+ }
+diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-reqs openssl-1.0.1e/crypto/fips/Makefile
+--- openssl-1.0.1e/crypto/fips/Makefile.fips-reqs 2013-12-18 12:17:20.000000000 +0100
++++ openssl-1.0.1e/crypto/fips/Makefile 2013-12-18 17:14:20.348337362 +0100
+@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
+- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
++ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \
++ fips_dh_selftest.c
+
+ LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
+- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
++ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
++ fips_dh_selftest.o
+
+ LIBCRYPTO=-L.. -lcrypto
+
+diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/modes/gcm128.c
+--- openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/modes/gcm128.c 2013-12-18 12:17:09.800637730 +0100
+@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
+ # endif
+ #endif
+
++ ctx->totlen += len;
++ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
++ return -1;
++
+ #if 0
+ n = (unsigned int)mlen%16; /* alternative to ctx->mres */
+ #endif
+@@ -1200,6 +1204,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
+ # endif
+ #endif
+
++ ctx->totlen += len;
++ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
++ return -1;
++
+ mlen += len;
+ if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
+ return -1;
+diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto/modes/modes_lcl.h
+--- openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs 2013-12-18 12:17:09.388628895 +0100
++++ openssl-1.0.1e/crypto/modes/modes_lcl.h 2013-12-18 12:17:09.800637730 +0100
+@@ -115,6 +115,7 @@ struct gcm128_context {
+ unsigned int mres, ares;
+ block128_f block;
+ void *key;
++ u64 totlen;
+ };
+
+ struct xts128_context {
+diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/rand/md_rand.c
+--- openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs 2013-12-18 12:17:09.763636936 +0100
++++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-12-18 12:17:09.800637730 +0100
+@@ -143,12 +143,6 @@ static long md_count[2]={0,0};
+ static double entropy=0;
+ static int initialized=0;
+
+-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+- * holds CRYPTO_LOCK_RAND
+- * (to prevent double locking) */
+-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
+-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
+-
+
+ #ifdef PREDICT
+ int rand_predictable=0;
+@@ -196,7 +190,7 @@ static void ssleay_rand_add(const void *
+ long md_c[2];
+ unsigned char local_md[MD_DIGEST_LENGTH];
+ EVP_MD_CTX m;
+- int do_not_lock;
++ int locked;
+
+ /*
+ * (Based on the rand(3) manpage)
+@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void *
+ * hash function.
+ */
+
+- /* check if we already have the lock */
+- if (crypto_lock_rand)
+- {
+- CRYPTO_THREADID cur;
+- CRYPTO_THREADID_current(&cur);
+- CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+- }
+- else
+- do_not_lock = 0;
++ locked = private_RAND_lock(1);
+
+- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ st_idx=state_index;
+
+ /* use our own copies of the counters so that even
+@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void *
+
+ md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+
+ EVP_MD_CTX_init(&m);
+ for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void *
+ }
+ EVP_MD_CTX_cleanup(&m);
+
+- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ locked = private_RAND_lock(1);
+ /* Don't just copy back local_md into md -- this could mean that
+ * other thread's seeding remains without effect (except for
+ * the incremented counter). By XORing it we keep at least as
+@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void *
+ }
+ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+ entropy += add;
+- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+
+ #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+ assert(md_c[1] == md_count[1]);
+@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch
+ pid_t curr_pid = getpid();
+ #endif
+ int do_stir_pool = 0;
++ int locked;
+
+ #ifdef PREDICT
+ if (rand_predictable)
+@@ -381,13 +367,7 @@ static int ssleay_rand_bytes(unsigned ch
+ * global 'md'.
+ */
+
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+-
+- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+- CRYPTO_THREADID_current(&locking_threadid);
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+- crypto_lock_rand = 1;
++ locked = private_RAND_lock(1);
+
+ /* always poll for external entropy in FIPS mode, drbg provides the
+ * expansion
+@@ -461,9 +441,8 @@ static int ssleay_rand_bytes(unsigned ch
+
+ md_count[0] += 1;
+
+- /* before unlocking, we must clear 'crypto_lock_rand' */
+- crypto_lock_rand = 0;
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+
+ while (num > 0)
+ {
+@@ -515,10 +494,11 @@ static int ssleay_rand_bytes(unsigned ch
+ MD_Init(&m);
+ MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+ MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ locked = private_RAND_lock(1);
+ MD_Update(&m,md,MD_DIGEST_LENGTH);
+ MD_Final(&m,md);
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ if (locked)
++ private_RAND_lock(0);
+
+ EVP_MD_CTX_cleanup(&m);
+ if (ok)
+@@ -548,32 +528,10 @@ static int ssleay_rand_pseudo_bytes(unsi
+
+ static int ssleay_rand_status(void)
+ {
+- CRYPTO_THREADID cur;
+ int ret;
+- int do_not_lock;
++ int locked;
+
+- CRYPTO_THREADID_current(&cur);
+- /* check if we already have the lock
+- * (could happen if a RAND_poll() implementation calls RAND_status()) */
+- if (crypto_lock_rand)
+- {
+- CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
+- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+- }
+- else
+- do_not_lock = 0;
+-
+- if (!do_not_lock)
+- {
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+-
+- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+- CRYPTO_THREADID_cpy(&locking_threadid, &cur);
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+- crypto_lock_rand = 1;
+- }
++ locked = private_RAND_lock(1);
+
+ if (!initialized)
+ {
+@@ -583,13 +541,8 @@ static int ssleay_rand_status(void)
+
+ ret = entropy >= ENTROPY_NEEDED;
+
+- if (!do_not_lock)
+- {
+- /* before unlocking, we must clear 'crypto_lock_rand' */
+- crypto_lock_rand = 0;
+-
+- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+- }
++ if (locked)
++ private_RAND_lock(0);
+
+ return ret;
+ }
+diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h
+--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs 2013-12-18 12:17:09.764636958 +0100
++++ openssl-1.0.1e/crypto/rand/rand.h 2013-12-18 12:17:09.800637730 +0100
+@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
+ int RAND_init_fips(void);
+ #endif
+
++int private_RAND_lock(int lock);
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
+--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-12-18 12:17:09.507631447 +0100
++++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-12-18 12:17:09.800637730 +0100
+@@ -112,7 +112,7 @@
+ #ifndef HEADER_RAND_LCL_H
+ #define HEADER_RAND_LCL_H
+
+-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
++#define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */
+
+
+ #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
+--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-12-18 18:16:45.625850730 +0100
+@@ -181,6 +181,41 @@ int RAND_status(void)
+ return 0;
+ }
+
++int private_RAND_lock(int lock)
++ {
++ static int crypto_lock_rand;
++ static CRYPTO_THREADID locking_threadid;
++ int do_lock;
++
++ if (!lock)
++ {
++ crypto_lock_rand = 0;
++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ return 0;
++ }
++
++ /* check if we already have the lock */
++ if (crypto_lock_rand)
++ {
++ CRYPTO_THREADID cur;
++ CRYPTO_THREADID_current(&cur);
++ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
++ do_lock = !!CRYPTO_THREADID_cmp(&locking_threadid, &cur);
++ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
++ }
++ else
++ do_lock = 1;
++ if (do_lock)
++ {
++ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ crypto_lock_rand = 1;
++ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
++ CRYPTO_THREADID_current(&locking_threadid);
++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
++ }
++ return do_lock;
++ }
++
+ #ifdef OPENSSL_FIPS
+
+ /* FIPS DRBG initialisation code. This sets up the DRBG for use by the
+@@ -239,12 +274,16 @@ static int drbg_rand_add(DRBG_CTX *ctx,
+ double entropy)
+ {
+ RAND_SSLeay()->add(in, inlen, entropy);
++ if (FIPS_rand_status())
++ FIPS_drbg_reseed(ctx, NULL, 0);
+ return 1;
+ }
+
+ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+ {
+ RAND_SSLeay()->seed(in, inlen);
++ if (FIPS_rand_status())
++ FIPS_drbg_reseed(ctx, NULL, 0);
+ return 1;
+ }
+
+diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs 2013-12-18 12:17:09.764636958 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-12-19 17:40:58.483154314 +0100
+@@ -1,5 +1,6 @@
+ /* crypto/rsa/rsa_gen.c */
+ /* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
++ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+@@ -165,6 +166,222 @@ int RSA_generate_key_ex(RSA *rsa, int bi
+ return rsa_builtin_keygen(rsa, bits, e_value, cb);
+ }
+
++#ifdef OPENSSL_FIPS
++static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
++ {
++ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
++ BIGNUM local_r0, local_d, local_p;
++ BIGNUM *pr0, *d, *p;
++ BN_CTX *ctx = NULL;
++ int ok = -1;
++ int i;
++ int n = 0;
++ int test = 0;
++ int pbits = bits/2;
++
++ if(FIPS_selftest_failed())
++ {
++ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
++ return 0;
++ }
++
++ if (bits != 2048 && bits != 3072)
++ {
++ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++
++ ctx = BN_CTX_new();
++ if (ctx == NULL) goto err;
++ BN_CTX_start(ctx);
++ r0 = BN_CTX_get(ctx);
++ r1 = BN_CTX_get(ctx);
++ r2 = BN_CTX_get(ctx);
++ r3 = BN_CTX_get(ctx);
++
++ if (r3 == NULL) goto err;
++
++ /* We need the RSA components non-NULL */
++ if (!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
++ if (!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
++ if (!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
++ if (!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
++ if (!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
++ if (!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
++ if (!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
++ if (!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
++
++ if (!BN_set_word(r0, RSA_F4)) goto err;
++ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256)
++ {
++ ok = 0; /* we set our own err */
++ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_BAD_E_VALUE);
++ goto err;
++ }
++
++ /* prepare approximate minimum p and q */
++ if (!BN_set_word(r0, 0xB504F334)) goto err;
++ if (!BN_lshift(r0, r0, pbits - 32)) goto err;
++
++ /* prepare minimum p and q difference */
++ if (!BN_one(r3)) goto err;
++ if (!BN_lshift(r3, r3, pbits - 100)) goto err;
++
++ BN_copy(rsa->e, e_value);
++
++ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
++ test = 1;
++
++ /* generate p and q */
++ for (i = 0; i < 5 * pbits; i++)
++ {
++ ploop:
++ if (!test)
++ if (!BN_rand(rsa->p, pbits, 0, 1)) goto err;
++ if (BN_cmp(rsa->p, r0) < 0)
++ {
++ if (test) goto err;
++ goto ploop;
++ }
++
++ if (!BN_sub(r2, rsa->p, BN_value_one())) goto err;
++ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
++ if (BN_is_one(r1))
++ {
++ int r;
++ r = BN_is_prime_fasttest_ex(rsa->p, pbits>1024?4:5, ctx, 0, cb);
++ if (r == -1 || (test && r <= 0)) goto err;
++ if (r > 0) break;
++ }
++
++ if(!BN_GENCB_call(cb, 2, n++))
++ goto err;
++ }
++
++ if(!BN_GENCB_call(cb, 3, 0))
++ goto err;
++
++ if(i >= 5*pbits)
++ /* prime not found */
++ goto err;
++
++ for (i = 0; i < 5 * pbits; i++)
++ {
++ qloop:
++ if (!test)
++ if (!BN_rand(rsa->q, pbits, 0, 1)) goto err;
++ if (BN_cmp(rsa->q, r0) < 0)
++ {
++ if (test) goto err;
++ goto qloop;
++ }
++ if (!BN_sub(r2, rsa->q, rsa->p)) goto err;
++ if (BN_ucmp(r2, r3) <= 0)
++ {
++ if (test) goto err;
++ goto qloop;
++ }
++
++ if (!BN_sub(r2, rsa->q, BN_value_one())) goto err;
++ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
++ if (BN_is_one(r1))
++ {
++ int r;
++ r = BN_is_prime_fasttest_ex(rsa->q, pbits>1024?4:5, ctx, 0, cb);
++ if (r == -1 || (test && r <= 0)) goto err;
++ if (r > 0) break;
++ }
++
++ if(!BN_GENCB_call(cb, 2, n++))
++ goto err;
++ }
++
++ if(!BN_GENCB_call(cb, 3, 1))
++ goto err;
++
++ if(i >= 5*pbits)
++ /* prime not found */
++ goto err;
++
++ if (test)
++ {
++ /* do not try to calculate the remaining key values */
++ BN_clear(rsa->n);
++ ok = 1;
++ goto err;
++ }
++
++ if (BN_cmp(rsa->p,rsa->q) < 0)
++ {
++ tmp=rsa->p;
++ rsa->p=rsa->q;
++ rsa->q=tmp;
++ }
++
++ /* calculate n */
++ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
++
++ /* calculate d */
++ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
++ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
++ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
++ {
++ pr0 = &local_r0;
++ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
++ }
++ else
++ pr0 = r0;
++ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
++
++ /* set up d for correct BN_FLG_CONSTTIME flag */
++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
++ {
++ d = &local_d;
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
++ }
++ else
++ d = rsa->d;
++
++ /* calculate d mod (p-1) */
++ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
++
++ /* calculate d mod (q-1) */
++ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
++
++ /* calculate inverse of q mod p */
++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
++ {
++ p = &local_p;
++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
++ }
++ else
++ p = rsa->p;
++ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
++
++ if (fips_rsa_pairwise_fail)
++ BN_add_word(rsa->n, 1);
++
++ if(!fips_check_rsa(rsa))
++ goto err;
++
++ ok=1;
++err:
++ if (ok == -1)
++ {
++ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
++ ok = 0;
++ }
++ if (ctx != NULL)
++ {
++ BN_CTX_end(ctx);
++ BN_CTX_free(ctx);
++ }
++
++ return ok;
++ }
++#endif
++
+ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+ {
+ BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
+@@ -176,17 +393,7 @@ static int rsa_builtin_keygen(RSA *rsa,
+ #ifdef OPENSSL_FIPS
+ if (FIPS_module_mode())
+ {
+- if(FIPS_selftest_failed())
+- {
+- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
+- return 0;
+- }
+-
+- if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
+- {
+- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
+- return 0;
+- }
++ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
+ }
+ #endif
+
+@@ -301,17 +508,6 @@ static int rsa_builtin_keygen(RSA *rsa,
+ p = rsa->p;
+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
+
+-#ifdef OPENSSL_FIPS
+- if (FIPS_module_mode())
+- {
+- if (fips_rsa_pairwise_fail)
+- BN_add_word(rsa->n, 1);
+-
+- if(!fips_check_rsa(rsa))
+- goto err;
+- }
+-#endif
+-
+ ok=1;
+ err:
+ if (ok == -1)
+diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c
+--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-18 12:17:09.801637751 +0100
+@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
+ err:
+ return ret;
+ }
++
++int private_tls1_PRF(long digest_mask,
++ const void *seed1, int seed1_len,
++ const void *seed2, int seed2_len,
++ const void *seed3, int seed3_len,
++ const void *seed4, int seed4_len,
++ const void *seed5, int seed5_len,
++ const unsigned char *sec, int slen,
++ unsigned char *out1,
++ unsigned char *out2, int olen)
++ {
++ return tls1_PRF(digest_mask,
++ seed1, seed1_len,
++ seed2, seed2_len,
++ seed3, seed3_len,
++ seed4, seed4_len,
++ seed5, seed5_len,
++ sec, slen,
++ out1, out2, olen);
++ }
++
+ static int tls1_generate_key_block(SSL *s, unsigned char *km,
+ unsigned char *tmp, int num)
+ {
diff --git a/openssl-1.0.1e-no-md5-verify.patch b/openssl-1.0.1e-no-md5-verify.patch
new file mode 100644
index 0000000..f379735
--- /dev/null
+++ b/openssl-1.0.1e-no-md5-verify.patch
@@ -0,0 +1,25 @@
+diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
+--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/a_verify.c 2013-11-13 16:30:04.628791616 +0100
+@@ -56,6 +56,9 @@
+ * [including the GNU Public Licence.]
+ */
+
++/* for secure_getenv */
++#define _GNU_SOURCE
++
+ #include <stdio.h>
+ #include <time.h>
+
+@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
+ goto err;
+ ret = -1;
+ }
++ else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
++ {
++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++ goto err;
++ }
+ else
+ {
+ const EVP_MD *type;
diff --git a/openssl-1.0.1e-trusted-first.patch b/openssl-1.0.1e-trusted-first.patch
new file mode 100644
index 0000000..08ab639
--- /dev/null
+++ b/openssl-1.0.1e-trusted-first.patch
@@ -0,0 +1,330 @@
+diff -up openssl-1.0.1e/apps/apps.c.trusted-first openssl-1.0.1e/apps/apps.c
+--- openssl-1.0.1e/apps/apps.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/apps.c 2013-08-16 15:42:39.920534769 +0200
+@@ -2361,6 +2361,8 @@ int args_verify(char ***pargs, int *parg
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++ else if (!strcmp(arg, "-trusted_first"))
++ flags |= X509_V_FLAG_TRUSTED_FIRST;
+ else
+ return 0;
+
+diff -up openssl-1.0.1e/apps/cms.c.trusted-first openssl-1.0.1e/apps/cms.c
+--- openssl-1.0.1e/apps/cms.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/cms.c 2013-08-16 15:43:56.671213879 +0200
+@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1e/apps/ocsp.c.trusted-first openssl-1.0.1e/apps/ocsp.c
+--- openssl-1.0.1e/apps/ocsp.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/ocsp.c 2013-08-16 15:49:47.477572414 +0200
+@@ -595,6 +595,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+diff -up openssl-1.0.1e/apps/s_client.c.trusted-first openssl-1.0.1e/apps/s_client.c
+--- openssl-1.0.1e/apps/s_client.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/s_client.c 2013-08-16 15:49:00.727542994 +0200
+@@ -298,6 +298,7 @@ static void sc_usage(void)
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
++ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
+ BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
+diff -up openssl-1.0.1e/apps/smime.c.trusted-first openssl-1.0.1e/apps/smime.c
+--- openssl-1.0.1e/apps/smime.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/smime.c 2013-08-16 15:46:44.024875150 +0200
+@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1e/apps/s_server.c.trusted-first openssl-1.0.1e/apps/s_server.c
+--- openssl-1.0.1e/apps/s_server.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/s_server.c 2013-08-16 15:48:19.469634430 +0200
+@@ -501,6 +501,7 @@ static void sv_usage(void)
+ BIO_printf(bio_err," -state - Print the SSL states\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
++ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
+diff -up openssl-1.0.1e/apps/s_time.c.trusted-first openssl-1.0.1e/apps/s_time.c
+--- openssl-1.0.1e/apps/s_time.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/s_time.c 2013-08-16 15:47:35.862674188 +0200
+@@ -179,6 +179,7 @@ static void s_time_usage(void)
+ file if not specified by this option\n\
+ -CApath arg - PEM format directory of CA's\n\
+ -CAfile arg - PEM format file of CA's\n\
++-trusted_first - Use trusted CA's first when building the trust chain\n\
+ -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
+
+ printf( "usage: s_time <args>\n\n" );
+diff -up openssl-1.0.1e/apps/ts.c.trusted-first openssl-1.0.1e/apps/ts.c
+--- openssl-1.0.1e/apps/ts.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/ts.c 2013-08-16 15:45:27.766206812 +0200
+@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
+ "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+ "[-queryfile request.tsq] "
+ "-in response.tsr [-token_in] "
+- "-CApath ca_path -CAfile ca_file.pem "
++ "-CApath ca_path -CAfile ca_file.pem -trusted_first"
+ "-untrusted cert_file.pem\n");
+ cleanup:
+ /* Clean up. */
+diff -up openssl-1.0.1e/apps/verify.c.trusted-first openssl-1.0.1e/apps/verify.c
+--- openssl-1.0.1e/apps/verify.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/verify.c 2013-08-16 15:46:09.720124654 +0200
+@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
+
+ end:
+ if (ret == 1) {
+- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
++ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
+ BIO_printf(bio_err," [-attime timestamp]");
+ #ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," [-engine e]");
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.trusted-first 2013-08-16 15:42:39.864533545 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-08-16 15:42:39.921534791 +0200
+@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+
+ /* If we are self signed, we break */
+ if (ctx->check_issued(ctx, x,x)) break;
++ /* If asked see if we can find issuer in trusted store first */
++ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
++ {
++ ok = ctx->get_issuer(&xtmp, ctx, x);
++ if (ok < 0)
++ return ok;
++ /* If successful for now free up cert so it
++ * will be picked up again later.
++ */
++ if (ok > 0)
++ {
++ X509_free(xtmp);
++ break;
++ }
++ }
+
+ /* If we were passed a cert chain, use it first */
+ if (ctx->untrusted != NULL)
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1e/crypto/x509/x509_vfy.h
+--- openssl-1.0.1e/crypto/x509/x509_vfy.h.trusted-first 2013-08-16 15:42:39.356522432 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.h 2013-08-16 15:42:39.922534813 +0200
+@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
+ #define X509_V_FLAG_USE_DELTAS 0x2000
+ /* Check selfsigned CA signature */
+ #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
++/* Use trusted store first */
++#define X509_V_FLAG_TRUSTED_FIRST 0x8000
+
+
+ #define X509_VP_FLAG_DEFAULT 0x1
+diff -up openssl-1.0.1e/doc/apps/cms.pod.trusted-first openssl-1.0.1e/doc/apps/cms.pod
+--- openssl-1.0.1e/doc/apps/cms.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/cms.pod 2013-08-16 15:50:48.723921117 +0200
+@@ -35,6 +35,7 @@ B<openssl> B<cms>
+ [B<-print>]
+ [B<-CAfile file>]
+ [B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-md digest>]
+ [B<-[cipher]>]
+ [B<-nointern>]
+@@ -238,6 +239,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before untrusted certificates
++from the message when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1e/doc/apps/ocsp.pod.trusted-first openssl-1.0.1e/doc/apps/ocsp.pod
+--- openssl-1.0.1e/doc/apps/ocsp.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/ocsp.pod 2013-08-16 15:52:20.106933403 +0200
+@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
+ [B<-path>]
+ [B<-CApath dir>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-VAfile file>]
+ [B<-validity_period n>]
+ [B<-status_age n>]
+@@ -138,6 +139,13 @@ or "/" by default.
+ file or pathname containing trusted CA certificates. These are used to verify
+ the signature on the OCSP response.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the response or residing in other certificates file when building the trust
++chain to verify responder certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-verify_other file>
+
+ file containing additional certificates to search when attempting to locate
+diff -up openssl-1.0.1e/doc/apps/s_client.pod.trusted-first openssl-1.0.1e/doc/apps/s_client.pod
+--- openssl-1.0.1e/doc/apps/s_client.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/s_client.pod 2013-08-16 15:53:17.364194159 +0200
+@@ -17,6 +17,7 @@ B<openssl> B<s_client>
+ [B<-pass arg>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reconnect>]
+ [B<-pause>]
+ [B<-showcerts>]
+@@ -107,7 +108,7 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
+
+ Set various certificate chain valiadition option. See the
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1e/doc/apps/smime.pod.trusted-first openssl-1.0.1e/doc/apps/smime.pod
+--- openssl-1.0.1e/doc/apps/smime.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/smime.pod 2013-08-16 15:56:12.497050767 +0200
+@@ -15,6 +15,9 @@ B<openssl> B<smime>
+ [B<-pk7out>]
+ [B<-[cipher]>]
+ [B<-in file>]
++[B<-CAfile file>]
++[B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-certfile file>]
+ [B<-signer file>]
+ [B<-recip file>]
+@@ -146,6 +149,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the message when building the trust chain to verify a certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1e/doc/apps/s_server.pod.trusted-first openssl-1.0.1e/doc/apps/s_server.pod
+--- openssl-1.0.1e/doc/apps/s_server.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/s_server.pod 2013-08-16 15:54:33.609873214 +0200
+@@ -33,6 +33,7 @@ B<openssl> B<s_server>
+ [B<-state>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-nocert>]
+ [B<-cipher cipherlist>]
+ [B<-quiet>]
+@@ -168,6 +169,12 @@ and to use when attempting to build the
+ is also used in the list of acceptable client CAs passed to the client when
+ a certificate is requested.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates
++when building the trust chain to verify client certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-state>
+
+ prints out the SSL session states.
+diff -up openssl-1.0.1e/doc/apps/s_time.pod.trusted-first openssl-1.0.1e/doc/apps/s_time.pod
+--- openssl-1.0.1e/doc/apps/s_time.pod.trusted-first 2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/apps/s_time.pod 2013-08-16 15:55:12.651732938 +0200
+@@ -14,6 +14,7 @@ B<openssl> B<s_time>
+ [B<-key filename>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reuse>]
+ [B<-new>]
+ [B<-verify depth>]
+@@ -76,6 +77,12 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over the certificates provided
++by the server when building the trust chain to verify server certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-new>
+
+ performs the timing test using a new session ID for each connection.
+diff -up openssl-1.0.1e/doc/apps/ts.pod.trusted-first openssl-1.0.1e/doc/apps/ts.pod
+--- openssl-1.0.1e/doc/apps/ts.pod.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/ts.pod 2013-08-16 15:57:17.399479957 +0200
+@@ -46,6 +46,7 @@ B<-verify>
+ [B<-token_in>]
+ [B<-CApath> trusted_cert_path]
+ [B<-CAfile> trusted_certs.pem]
++[B<-trusted_first>]
+ [B<-untrusted> cert_file.pem]
+
+ =head1 DESCRIPTION
+@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
+ or B<-CApath> must be specified.
+ (Optional)
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates
++when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-untrusted> cert_file.pem
+
+ Set of additional untrusted certificates in PEM format which may be
+diff -up openssl-1.0.1e/doc/apps/verify.pod.trusted-first openssl-1.0.1e/doc/apps/verify.pod
+--- openssl-1.0.1e/doc/apps/verify.pod.trusted-first 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/verify.pod 2013-08-16 15:58:00.267423925 +0200
+@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
+ B<openssl> B<verify>
+ [B<-CApath directory>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-purpose purpose>]
+ [B<-policy arg>]
+ [B<-ignore_critical>]
+@@ -56,6 +57,12 @@ in PEM format concatenated together.
+ A file of untrusted certificates. The file should contain multiple certificates
+ in PEM format concatenated together.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before the certificates in the untrusted
++file when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-purpose purpose>
+
+ The intended use for the certificate. If this option is not specified,
diff --git a/openssl-1.0.1e-version.patch b/openssl-1.0.1e-version.patch
new file mode 100644
index 0000000..e73f2c9
--- /dev/null
+++ b/openssl-1.0.1e-version.patch
@@ -0,0 +1,63 @@
+diff -up openssl-1.0.1e/crypto/cversion.c.version openssl-1.0.1e/crypto/cversion.c
+--- openssl-1.0.1e/crypto/cversion.c.version 2013-02-11 16:02:47.000000000 +0100
++++ openssl-1.0.1e/crypto/cversion.c 2013-07-26 12:28:12.739161925 +0200
+@@ -62,7 +62,7 @@
+ #include "buildinf.h"
+ #endif
+
+-const char *SSLeay_version(int t)
++const char *_current_SSLeay_version(int t)
+ {
+ if (t == SSLEAY_VERSION)
+ return OPENSSL_VERSION_TEXT;
+@@ -110,8 +110,25 @@ const char *SSLeay_version(int t)
+ return("not available");
+ }
+
+-unsigned long SSLeay(void)
++const char *_original_SSLeay_version(int t)
++ {
++ if (t == SSLEAY_VERSION)
++ return "OpenSSL 1.0.0-fips 29 Mar 2010";
++ else
++ return _current_SSLeay_version(t);
++ }
++
++unsigned long _original_SSLeay(void)
++ {
++ return(0x10000003);
++ }
++
++unsigned long _current_SSLeay(void)
+ {
+ return(SSLEAY_VERSION_NUMBER);
+ }
+
++__asm__(".symver _original_SSLeay,SSLeay@");
++__asm__(".symver _original_SSLeay_version,SSLeay_version@");
++__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
++__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.1");
+diff -up openssl-1.0.1e/Makefile.shared.version openssl-1.0.1e/Makefile.shared
+--- openssl-1.0.1e/Makefile.shared.version 2013-07-26 12:23:43.615545603 +0200
++++ openssl-1.0.1e/Makefile.shared 2013-07-26 12:23:43.701547398 +0200
+@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
+diff -up openssl-1.0.1e/version.map.version openssl-1.0.1e/version.map
+--- openssl-1.0.1e/version.map.version 2013-07-26 12:23:43.701547398 +0200
++++ openssl-1.0.1e/version.map 2013-07-26 12:29:10.698371472 +0200
+@@ -0,0 +1,8 @@
++OPENSSL_1.0.1 {
++ global:
++ SSLeay;
++ SSLeay_version;
++ local:
++ _original*;
++ _current*;
++};
diff --git a/openssl-1.0.1e-weak-ciphers.patch b/openssl-1.0.1e-weak-ciphers.patch
new file mode 100644
index 0000000..8657345
--- /dev/null
+++ b/openssl-1.0.1e-weak-ciphers.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
+--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100
++++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100
+@@ -331,7 +331,7 @@ extern "C" {
+ /* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
++#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
+ /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites!
diff --git a/openssl-fips.conf b/openssl-fips.conf
new file mode 100644
index 0000000..e155f61
--- /dev/null
+++ b/openssl-fips.conf
@@ -0,0 +1,2 @@
+-b /usr/lib{,64}/libcrypto.so.*
+-b /usr/lib{,64}/libssl.so.*
diff --git a/sources b/sources
index f4ba3a1..556dcb4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-641677c116865e60601677329b514e2d openssl-1.0.1e-usa.tar.xz
+6115ae0bb61b481a9195baef72514c2e openssl-1.0.1e-hobbled.tar.xz
More information about the scm-commits
mailing list