[openssl] new upstream release fixing multiple security issues
Tomáš Mráz
tmraz at fedoraproject.org
Thu Oct 16 11:50:16 UTC 2014
commit 613f66414168c14ec7d71787e8e7b45167c0fb8d
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Thu Oct 16 13:50:08 2014 +0200
new upstream release fixing multiple security issues
openssl-1.0.1i-copy-algo.patch | 33 -
...atch => openssl-1.0.1j-ephemeral-key-size.patch | 52 +-
...evp-wrap.patch => openssl-1.0.1j-evp-wrap.patch | 87 ++--
...e-fips-ec.patch => openssl-1.0.1j-fips-ec.patch | 184 +++---
...-1.0.1g-fips.patch => openssl-1.0.1j-fips.patch | 686 ++++++++++----------
openssl.spec | 17 +-
6 files changed, 511 insertions(+), 548 deletions(-)
---
diff --git a/openssl-1.0.1e-ephemeral-key-size.patch b/openssl-1.0.1j-ephemeral-key-size.patch
similarity index 66%
rename from openssl-1.0.1e-ephemeral-key-size.patch
rename to openssl-1.0.1j-ephemeral-key-size.patch
index 14f7940..e8e8dbb 100644
--- a/openssl-1.0.1e-ephemeral-key-size.patch
+++ b/openssl-1.0.1j-ephemeral-key-size.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h
---- openssl-1.0.1e/apps/s_apps.h.ephemeral 2014-02-12 14:49:14.333513753 +0100
-+++ openssl-1.0.1e/apps/s_apps.h 2014-02-12 14:49:14.417515629 +0100
+diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
+--- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200
++++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
@@ -9,9 +9,9 @@ diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h
int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
int extract_host_port(char *str,char **host_ptr,char **port_ptr);
-diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c
---- openssl-1.0.1e/apps/s_cb.c.ephemeral 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/s_cb.c 2014-02-12 14:56:25.584142499 +0100
+diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
+--- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
}
}
@@ -51,10 +51,10 @@ diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
{
-diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c
---- openssl-1.0.1e/apps/s_client.c.ephemeral 2014-02-12 14:49:14.407515406 +0100
-+++ openssl-1.0.1e/apps/s_client.c 2014-02-12 14:49:14.418515652 +0100
-@@ -2032,6 +2032,8 @@ static void print_stuff(BIO *bio, SSL *s
+diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
+--- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200
++++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200
+@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s
BIO_write(bio,"\n",1);
}
@@ -63,19 +63,18 @@ diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
-diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h
---- openssl-1.0.1e/ssl/ssl.h.ephemeral 2014-02-12 14:49:14.391515049 +0100
-+++ openssl-1.0.1e/ssl/ssl.h 2014-02-12 14:49:14.418515652 +0100
-@@ -1563,6 +1563,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
+--- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200
++++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200
+@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109
-+
+ #define SSL_CTRL_CHECK_PROTO_VERSION 119
+
#define DTLSv1_get_timeout(ssl, arg) \
- SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
- #define DTLSv1_handle_timeout(ssl) \
-@@ -1604,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
@@ -85,13 +84,13 @@ diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c
---- openssl-1.0.1e/ssl/s3_lib.c.ephemeral 2014-02-12 14:49:14.412515518 +0100
-+++ openssl-1.0.1e/ssl/s3_lib.c 2014-02-12 14:49:14.418515652 +0100
-@@ -3350,6 +3350,44 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
- #endif
+diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c
+--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200
++++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200
+@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
#endif /* !OPENSSL_NO_TLSEXT */
+
+ case SSL_CTRL_GET_SERVER_TMP_KEY:
+ if (s->server || !s->session || !s->session->sess_cert)
+ return 0;
@@ -130,6 +129,7 @@ diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c
+ EVP_PKEY_free(ptmp);
+ return 0;
+ }
- default:
- break;
- }
++
+ case SSL_CTRL_CHECK_PROTO_VERSION:
+ /* For library-internal use; checks that the current protocol
+ * is the highest enabled version (according to s->ctx->method,
diff --git a/openssl-1.0.1i-evp-wrap.patch b/openssl-1.0.1j-evp-wrap.patch
similarity index 92%
rename from openssl-1.0.1i-evp-wrap.patch
rename to openssl-1.0.1j-evp-wrap.patch
index 2affef5..5e60d76 100644
--- a/openssl-1.0.1i-evp-wrap.patch
+++ b/openssl-1.0.1j-evp-wrap.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap openssl-1.0.1i/crypto/aes/aes_wrap.c
---- openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/aes/aes_wrap.c 2014-09-08 15:07:27.331994490 +0200
+diff -up openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap openssl-1.0.1j/crypto/aes/aes_wrap.c
+--- openssl-1.0.1j/crypto/aes/aes_wrap.c.wrap 2014-10-15 13:15:29.000000000 +0200
++++ openssl-1.0.1j/crypto/aes/aes_wrap.c 2014-10-16 13:30:10.679654927 +0200
@@ -53,207 +53,18 @@
#include "cryptlib.h"
@@ -212,9 +212,9 @@ diff -up openssl-1.0.1i/crypto/aes/aes_wrap.c.wrap openssl-1.0.1i/crypto/aes/aes
-
-
-#endif
-diff -up openssl-1.0.1i/crypto/evp/c_allc.c.wrap openssl-1.0.1i/crypto/evp/c_allc.c
---- openssl-1.0.1i/crypto/evp/c_allc.c.wrap 2014-09-08 15:07:27.254992717 +0200
-+++ openssl-1.0.1i/crypto/evp/c_allc.c 2014-09-08 15:07:27.331994490 +0200
+diff -up openssl-1.0.1j/crypto/evp/c_allc.c.wrap openssl-1.0.1j/crypto/evp/c_allc.c
+--- openssl-1.0.1j/crypto/evp/c_allc.c.wrap 2014-10-16 13:30:10.583652760 +0200
++++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:30:10.679654927 +0200
@@ -98,6 +98,7 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_des_ecb());
EVP_add_cipher(EVP_des_ede());
@@ -285,9 +285,9 @@ diff -up openssl-1.0.1i/crypto/evp/c_allc.c.wrap openssl-1.0.1i/crypto/evp/c_all
EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
#endif
-diff -up openssl-1.0.1i/crypto/evp/e_aes.c.wrap openssl-1.0.1i/crypto/evp/e_aes.c
---- openssl-1.0.1i/crypto/evp/e_aes.c.wrap 2014-09-08 15:07:27.255992740 +0200
-+++ openssl-1.0.1i/crypto/evp/e_aes.c 2014-09-08 15:07:27.331994490 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_aes.c.wrap openssl-1.0.1j/crypto/evp/e_aes.c
+--- openssl-1.0.1j/crypto/evp/e_aes.c.wrap 2014-10-16 13:30:10.584652782 +0200
++++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:30:10.679654927 +0200
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
@@ -476,9 +476,9 @@ diff -up openssl-1.0.1i/crypto/evp/e_aes.c.wrap openssl-1.0.1i/crypto/evp/e_aes.
+ }
+
#endif
-diff -up openssl-1.0.1i/crypto/evp/e_des3.c.wrap openssl-1.0.1i/crypto/evp/e_des3.c
---- openssl-1.0.1i/crypto/evp/e_des3.c.wrap 2014-09-08 15:07:27.255992740 +0200
-+++ openssl-1.0.1i/crypto/evp/e_des3.c 2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_des3.c.wrap openssl-1.0.1j/crypto/evp/e_des3.c
+--- openssl-1.0.1j/crypto/evp/e_des3.c.wrap 2014-10-16 13:30:10.584652782 +0200
++++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:30:10.679654927 +0200
@@ -310,4 +310,112 @@ const EVP_CIPHER *EVP_des_ede3(void)
{
return &des_ede3_ecb;
@@ -592,10 +592,10 @@ diff -up openssl-1.0.1i/crypto/evp/e_des3.c.wrap openssl-1.0.1i/crypto/evp/e_des
+
+# endif
#endif
-diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_enc.c
---- openssl-1.0.1i/crypto/evp/evp_enc.c.wrap 2014-09-08 15:07:27.255992740 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_enc.c 2014-09-08 15:07:27.332994513 +0200
-@@ -233,7 +233,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.wrap openssl-1.0.1j/crypto/evp/evp_enc.c
+--- openssl-1.0.1j/crypto/evp/evp_enc.c.wrap 2014-10-16 13:30:10.584652782 +0200
++++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:30:10.680654949 +0200
+@@ -234,7 +234,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
ctx->cipher_data = NULL;
}
ctx->key_len = cipher->key_len;
@@ -605,7 +605,7 @@ diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_
if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
{
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
-@@ -256,6 +257,13 @@ skip_to_init:
+@@ -257,6 +258,13 @@ skip_to_init:
|| ctx->cipher->block_size == 8
|| ctx->cipher->block_size == 16);
@@ -619,9 +619,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_enc.c.wrap openssl-1.0.1i/crypto/evp/evp_
if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch(EVP_CIPHER_CTX_mode(ctx)) {
-diff -up openssl-1.0.1i/crypto/evp/evp_err.c.wrap openssl-1.0.1i/crypto/evp/evp_err.c
---- openssl-1.0.1i/crypto/evp/evp_err.c.wrap 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_err.c 2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_err.c.wrap openssl-1.0.1j/crypto/evp/evp_err.c
+--- openssl-1.0.1j/crypto/evp/evp_err.c.wrap 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/evp_err.c 2014-10-16 13:30:10.680654949 +0200
@@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
@@ -638,9 +638,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_err.c.wrap openssl-1.0.1i/crypto/evp/evp_
{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
{0,NULL}
-diff -up openssl-1.0.1i/crypto/evp/evp.h.wrap openssl-1.0.1i/crypto/evp/evp.h
---- openssl-1.0.1i/crypto/evp/evp.h.wrap 2014-09-08 15:07:27.256992763 +0200
-+++ openssl-1.0.1i/crypto/evp/evp.h 2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp.h.wrap openssl-1.0.1j/crypto/evp/evp.h
+--- openssl-1.0.1j/crypto/evp/evp.h.wrap 2014-10-16 13:30:10.585652805 +0200
++++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:30:10.680654949 +0200
@@ -336,6 +336,7 @@ struct evp_cipher_st
#define EVP_CIPH_GCM_MODE 0x6
#define EVP_CIPH_CCM_MODE 0x7
@@ -706,9 +706,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp.h.wrap openssl-1.0.1i/crypto/evp/evp.h
#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
-diff -up openssl-1.0.1i/crypto/evp/evp_lib.c.wrap openssl-1.0.1i/crypto/evp/evp_lib.c
---- openssl-1.0.1i/crypto/evp/evp_lib.c.wrap 2014-09-08 15:07:27.256992763 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_lib.c 2014-09-08 15:07:27.332994513 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.wrap openssl-1.0.1j/crypto/evp/evp_lib.c
+--- openssl-1.0.1j/crypto/evp/evp_lib.c.wrap 2014-10-16 13:30:10.585652805 +0200
++++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:30:10.680654949 +0200
@@ -68,7 +68,15 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_
if (c->cipher->set_asn1_parameters != NULL)
ret=c->cipher->set_asn1_parameters(c,type);
@@ -738,9 +738,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_lib.c.wrap openssl-1.0.1i/crypto/evp/evp_
else
ret=-1;
return(ret);
-diff -up openssl-1.0.1i/crypto/evp/evp_test.c.wrap openssl-1.0.1i/crypto/evp/evp_test.c
---- openssl-1.0.1i/crypto/evp/evp_test.c.wrap 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/evp/evp_test.c 2014-09-08 15:07:27.333994536 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_test.c.wrap openssl-1.0.1j/crypto/evp/evp_test.c
+--- openssl-1.0.1j/crypto/evp/evp_test.c.wrap 2014-10-15 14:51:06.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/evp_test.c 2014-10-16 13:30:10.680654949 +0200
@@ -141,7 +141,7 @@ static void test1(const EVP_CIPHER *c,co
{
EVP_CIPHER_CTX ctx;
@@ -806,9 +806,9 @@ diff -up openssl-1.0.1i/crypto/evp/evp_test.c.wrap openssl-1.0.1i/crypto/evp/evp
/* Load up the software EVP_CIPHER and EVP_MD definitions */
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
-diff -up openssl-1.0.1i/crypto/evp/evptests.txt.wrap openssl-1.0.1i/crypto/evp/evptests.txt
---- openssl-1.0.1i/crypto/evp/evptests.txt.wrap 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/crypto/evp/evptests.txt 2014-09-08 15:07:27.333994536 +0200
+diff -up openssl-1.0.1j/crypto/evp/evptests.txt.wrap openssl-1.0.1j/crypto/evp/evptests.txt
+--- openssl-1.0.1j/crypto/evp/evptests.txt.wrap 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/evptests.txt 2014-10-16 13:30:10.681654972 +0200
@@ -332,3 +332,15 @@ SEED-ECB:0000000000000000000000000000000
SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
@@ -825,9 +825,9 @@ diff -up openssl-1.0.1i/crypto/evp/evptests.txt.wrap openssl-1.0.1i/crypto/evp/e
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f
+
-diff -up openssl-1.0.1i/crypto/modes/Makefile.wrap openssl-1.0.1i/crypto/modes/Makefile
---- openssl-1.0.1i/crypto/modes/Makefile.wrap 2014-09-08 15:07:27.233992233 +0200
-+++ openssl-1.0.1i/crypto/modes/Makefile 2014-09-08 15:07:27.333994536 +0200
+diff -up openssl-1.0.1j/crypto/modes/Makefile.wrap openssl-1.0.1j/crypto/modes/Makefile
+--- openssl-1.0.1j/crypto/modes/Makefile.wrap 2014-10-16 13:30:10.560652240 +0200
++++ openssl-1.0.1j/crypto/modes/Makefile 2014-10-16 13:30:10.681654972 +0200
@@ -22,9 +22,9 @@ APPS=
LIB=$(TOP)/libcrypto.a
@@ -840,10 +840,10 @@ diff -up openssl-1.0.1i/crypto/modes/Makefile.wrap openssl-1.0.1i/crypto/modes/M
SRC= $(LIBSRC)
-diff -up openssl-1.0.1i/crypto/modes/modes.h.wrap openssl-1.0.1i/crypto/modes/modes.h
---- openssl-1.0.1i/crypto/modes/modes.h.wrap 2014-09-08 15:07:26.865983757 +0200
-+++ openssl-1.0.1i/crypto/modes/modes.h 2014-09-08 15:07:27.333994536 +0200
-@@ -133,3 +133,17 @@ typedef struct xts128_context XTS128_CON
+diff -up openssl-1.0.1j/crypto/modes/modes.h.wrap openssl-1.0.1j/crypto/modes/modes.h
+--- openssl-1.0.1j/crypto/modes/modes.h.wrap 2014-10-16 13:30:10.681654972 +0200
++++ openssl-1.0.1j/crypto/modes/modes.h 2014-10-16 13:31:01.232796186 +0200
+@@ -136,6 +136,20 @@ typedef struct xts128_context XTS128_CON
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
const unsigned char *inp, unsigned char *out, size_t len, int enc);
@@ -861,9 +861,12 @@ diff -up openssl-1.0.1i/crypto/modes/modes.h.wrap openssl-1.0.1i/crypto/modes/mo
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+ unsigned char *out,
+ const unsigned char *in, size_t inlen, block128_f block);
-diff -up openssl-1.0.1i/crypto/modes/wrap128.c.wrap openssl-1.0.1i/crypto/modes/wrap128.c
---- openssl-1.0.1i/crypto/modes/wrap128.c.wrap 2014-09-08 15:07:27.333994536 +0200
-+++ openssl-1.0.1i/crypto/modes/wrap128.c 2014-09-08 15:07:27.333994536 +0200
+ #ifdef __cplusplus
+ }
+ #endif
+diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/wrap128.c
+--- openssl-1.0.1j/crypto/modes/wrap128.c.wrap 2014-10-16 13:30:10.681654972 +0200
++++ openssl-1.0.1j/crypto/modes/wrap128.c 2014-10-16 13:30:10.681654972 +0200
@@ -0,0 +1,372 @@
+/* crypto/modes/wrap128.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
diff --git a/openssl-1.0.1e-fips-ec.patch b/openssl-1.0.1j-fips-ec.patch
similarity index 89%
rename from openssl-1.0.1e-fips-ec.patch
rename to openssl-1.0.1j-fips-ec.patch
index e1f648c..b608a9d 100644
--- a/openssl-1.0.1e-fips-ec.patch
+++ b/openssl-1.0.1j-fips-ec.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h
---- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec 2013-11-08 17:59:42.755019363 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ecdh.h 2013-11-08 17:59:43.147028002 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1j/crypto/ecdh/ecdh.h
+--- openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec 2014-10-16 13:25:20.248098308 +0200
++++ openssl-1.0.1j/crypto/ecdh/ecdh.h 2014-10-16 13:25:20.730109190 +0200
@@ -85,6 +85,8 @@
extern "C" {
#endif
@@ -10,9 +10,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ec
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
-diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c
---- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c 2013-11-08 17:59:54.712282862 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1j/crypto/ecdh/ecdhtest.c
+--- openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c 2014-10-16 13:25:20.730109190 +0200
@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -24,9 +24,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecd
if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
-diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c
---- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c 2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_lib.c
+--- openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ecdh/ech_lib.c 2014-10-16 13:25:20.730109190 +0200
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
{
if(!default_ECDH_method)
@@ -42,9 +42,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh
}
return default_ECDH_method;
}
-diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c
---- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c 2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_ossl.c
+--- openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c 2014-10-16 13:25:20.730109190 +0200
@@ -79,6 +79,10 @@
#include <openssl/obj_mac.h>
#include <openssl/bn.h>
@@ -99,9 +99,9 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd
if ((tmp=EC_POINT_new(group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
---- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c 2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecdsatest.c
+--- openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c 2014-10-16 13:25:20.731109212 +0200
@@ -138,11 +138,14 @@ int restore_rand(void)
}
@@ -137,9 +137,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e
if (!test_builtin(out)) goto err;
ret = 0;
-diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
---- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c 2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_lib.c
+--- openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c 2014-10-16 13:25:20.731109212 +0200
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
{
if(!default_ECDSA_method)
@@ -155,9 +155,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd
}
return default_ECDSA_method;
}
-diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
---- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c 2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c
+--- openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c 2014-10-16 13:25:20.731109212 +0200
@@ -60,6 +60,9 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
@@ -207,9 +207,9 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
-diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c
---- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ec_key.c 2013-11-08 17:59:43.148028024 +0100
+diff -up openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec openssl-1.0.1j/crypto/ec/ec_key.c
+--- openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ec/ec_key.c 2014-10-16 13:25:20.731109212 +0200
@@ -64,9 +64,6 @@
#include <string.h>
#include "ec_lcl.h"
@@ -306,10 +306,10 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k
{
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
EC_R_COORDINATES_OUT_OF_RANGE);
-diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c
---- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_mont.c 2013-11-08 17:59:43.149028046 +0100
-@@ -63,18 +63,11 @@
+diff -up openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_mont.c
+--- openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec 2014-10-16 13:25:20.731109212 +0200
++++ openssl-1.0.1j/crypto/ec/ecp_mont.c 2014-10-16 13:27:34.156121340 +0200
+@@ -63,10 +63,6 @@
#include <openssl/err.h>
@@ -320,26 +320,22 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec
#include "ec_lcl.h"
- const EC_METHOD *EC_GFp_mont_method(void)
- {
--#ifdef OPENSSL_FIPS
-- return fips_ec_gfp_mont_method();
--#else
- static const EC_METHOD ret = {
- EC_FLAGS_DEFAULT_OCT,
- NID_X9_62_prime_field,
-@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void
+@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void
+ ec_GFp_mont_field_decode,
ec_GFp_mont_field_set_to_one };
- return &ret;
+-#ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return fips_ec_gfp_mont_method();
-#endif
+-
+ return &ret;
}
-
-diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c
---- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_nist.c 2013-11-08 17:59:43.149028046 +0100
-@@ -67,15 +67,8 @@
+diff -up openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_nist.c
+--- openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec 2014-10-16 13:25:20.732109235 +0200
++++ openssl-1.0.1j/crypto/ec/ecp_nist.c 2014-10-16 13:27:53.163550441 +0200
+@@ -67,10 +67,6 @@
#include <openssl/obj_mac.h>
#include "ec_lcl.h"
@@ -349,24 +345,23 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec
-
const EC_METHOD *EC_GFp_nist_method(void)
{
--#ifdef OPENSSL_FIPS
-- return fips_ec_gfp_nist_method();
--#else
static const EC_METHOD ret = {
- EC_FLAGS_DEFAULT_OCT,
- NID_X9_62_prime_field,
-@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
+@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_nist_method(void
+ 0 /* field_decode */,
0 /* field_set_to_one */ };
- return &ret;
+-#ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return fips_ec_gfp_nist_method();
-#endif
+-
+ return &ret;
}
- int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c
---- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c 2013-11-08 17:59:43.149028046 +0100
-@@ -65,17 +65,10 @@
+diff -up openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_smpl.c
+--- openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ec/ecp_smpl.c 2014-10-16 13:28:39.386593946 +0200
+@@ -65,10 +65,6 @@
#include <openssl/err.h>
#include <openssl/symhacks.h>
@@ -377,22 +372,19 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec
#include "ec_lcl.h"
const EC_METHOD *EC_GFp_simple_method(void)
- {
--#ifdef OPENSSL_FIPS
-- return fips_ec_gfp_simple_method();
--#else
- static const EC_METHOD ret = {
- EC_FLAGS_DEFAULT_OCT,
- NID_X9_62_prime_field,
-@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
+@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
+ 0 /* field_decode */,
0 /* field_set_to_one */ };
- return &ret;
+-#ifdef OPENSSL_FIPS
+- if (FIPS_mode())
+- return fips_ec_gfp_simple_method();
-#endif
+-
+ return &ret;
}
-
-@@ -186,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
+@@ -187,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0;
}
@@ -405,9 +397,9 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec
if (ctx == NULL)
{
ctx = new_ctx = BN_CTX_new();
-diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c
---- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c 2013-11-08 17:59:43.149028046 +0100
+diff -up openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1j/crypto/evp/m_ecdsa.c
+--- openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/m_ecdsa.c 2014-10-16 13:25:20.732109235 +0200
@@ -116,7 +116,6 @@
#include <openssl/x509.h>
@@ -430,9 +422,9 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m
}
#endif
-#endif
-diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2013-11-08 17:59:43.149028046 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c 2013-11-08 17:59:43.149028046 +0100
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2014-10-16 13:25:20.732109235 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c 2014-10-16 13:25:20.732109235 +0200
@@ -0,0 +1,496 @@
+/* fips/ecdh/fips_ecdhvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -930,9 +922,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr
+ }
+
+#endif
-diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2013-11-08 17:59:43.150028068 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c 2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2014-10-16 13:25:20.733109257 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c 2014-10-16 13:25:20.733109257 +0200
@@ -0,0 +1,533 @@
+/* fips/ecdsa/fips_ecdsavs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -1467,9 +1459,9 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c
+ }
+
+#endif
-diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c 2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec 2014-10-16 13:25:20.733109257 +0200
++++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c 2014-10-16 13:25:20.733109257 +0200
@@ -0,0 +1,252 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -1723,9 +1715,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/
+ }
+
+#endif
-diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c 2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2014-10-16 13:25:20.733109257 +0200
++++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c 2014-10-16 13:25:20.733109257 +0200
@@ -0,0 +1,167 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -1894,9 +1886,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e
+ }
+
+#endif
-diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h
---- openssl-1.0.1e/crypto/fips/fips.h.fips-ec 2013-11-08 17:59:43.116027318 +0100
-+++ openssl-1.0.1e/crypto/fips/fips.h 2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips.h.fips-ec openssl-1.0.1j/crypto/fips/fips.h
+--- openssl-1.0.1j/crypto/fips/fips.h.fips-ec 2014-10-16 13:25:20.701108535 +0200
++++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:25:20.733109257 +0200
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
void FIPS_corrupt_dsa(void);
void FIPS_corrupt_dsa_keygen(void);
@@ -1906,9 +1898,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
-diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c
---- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec 2013-11-08 17:59:43.117027340 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-11-08 17:59:43.150028068 +0100
+diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec openssl-1.0.1j/crypto/fips/fips_post.c
+--- openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec 2014-10-16 13:25:20.702108557 +0200
++++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:25:20.733109257 +0200
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_rsa())
@@ -1922,9 +1914,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi
return rv;
}
-diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile
---- openssl-1.0.1e/crypto/fips/Makefile.fips-ec 2013-11-08 17:59:43.119027384 +0100
-+++ openssl-1.0.1e/crypto/fips/Makefile 2013-11-08 17:59:43.151028090 +0100
+diff -up openssl-1.0.1j/crypto/fips/Makefile.fips-ec openssl-1.0.1j/crypto/fips/Makefile
+--- openssl-1.0.1j/crypto/fips/Makefile.fips-ec 2014-10-16 13:25:20.704108603 +0200
++++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:25:20.734109280 +0200
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@@ -1941,7 +1933,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
LIBCRYPTO=-L.. -lcrypto
-@@ -118,6 +118,21 @@ fips_aes_selftest.o: ../../include/opens
+@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens
fips_aes_selftest.o: ../../include/openssl/safestack.h
fips_aes_selftest.o: ../../include/openssl/stack.h
fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
@@ -1963,7 +1955,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_des_selftest.o: ../../include/openssl/crypto.h
fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-@@ -231,6 +246,46 @@ fips_dsa_selftest.o: ../../include/opens
+@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens
fips_dsa_selftest.o: ../../include/openssl/stack.h
fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
fips_dsa_selftest.o: fips_locl.h
@@ -2010,7 +2002,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_hmac_selftest.o: ../../include/openssl/crypto.h
fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-@@ -245,6 +300,15 @@ fips_hmac_selftest.o: ../../include/open
+@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open
fips_hmac_selftest.o: ../../include/openssl/safestack.h
fips_hmac_selftest.o: ../../include/openssl/stack.h
fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
@@ -2026,9 +2018,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map
---- openssl-1.0.1e/version.map.fips-ec 2013-11-08 17:59:43.131027649 +0100
-+++ openssl-1.0.1e/version.map 2013-11-08 17:59:43.151028090 +0100
+diff -up openssl-1.0.1j/version.map.fips-ec openssl-1.0.1j/version.map
+--- openssl-1.0.1j/version.map.fips-ec 2014-10-16 13:25:20.716108873 +0200
++++ openssl-1.0.1j/version.map 2014-10-16 13:25:20.734109280 +0200
@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
_original*;
_current*;
diff --git a/openssl-1.0.1g-fips.patch b/openssl-1.0.1j-fips.patch
similarity index 95%
rename from openssl-1.0.1g-fips.patch
rename to openssl-1.0.1j-fips.patch
index 449ca1c..dff6aca 100644
--- a/openssl-1.0.1g-fips.patch
+++ b/openssl-1.0.1j-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1g/apps/speed.c.fips openssl-1.0.1g/apps/speed.c
---- openssl-1.0.1g/apps/speed.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/apps/speed.c 2014-05-06 16:29:50.536922993 +0200
+diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c
+--- openssl-1.0.1j/apps/speed.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/apps/speed.c 2014-10-16 13:19:35.084306085 +0200
@@ -195,7 +195,6 @@
#ifdef OPENSSL_DOING_MAKEDEPEND
#undef AES_set_encrypt_key
@@ -126,10 +126,10 @@ diff -up openssl-1.0.1g/apps/speed.c.fips openssl-1.0.1g/apps/speed.c
HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
16,EVP_md5(), NULL);
-diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure
---- openssl-1.0.1g/Configure.fips 2014-05-06 16:29:50.523922693 +0200
-+++ openssl-1.0.1g/Configure 2014-05-06 16:29:50.536922993 +0200
-@@ -997,11 +997,6 @@ if (defined($disabled{"md5"}) || defined
+diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure
+--- openssl-1.0.1j/Configure.fips 2014-10-16 13:19:35.056305452 +0200
++++ openssl-1.0.1j/Configure 2014-10-16 13:19:35.084306085 +0200
+@@ -998,11 +998,6 @@ if (defined($disabled{"md5"}) || defined
$disabled{"ssl2"} = "forced";
}
@@ -141,7 +141,7 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure
# RSAX ENGINE sets default non-FIPS RSA method.
if ($fips)
{
-@@ -1476,7 +1471,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
+@@ -1477,7 +1472,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
@@ -149,7 +149,7 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
-@@ -1663,9 +1657,12 @@ while (<IN>)
+@@ -1664,9 +1658,12 @@ while (<IN>)
s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
@@ -163,9 +163,9 @@ diff -up openssl-1.0.1g/Configure.fips openssl-1.0.1g/Configure
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.1g/crypto/aes/aes_misc.c.fips openssl-1.0.1g/crypto/aes/aes_misc.c
---- openssl-1.0.1g/crypto/aes/aes_misc.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/aes/aes_misc.c 2014-05-06 16:29:50.536922993 +0200
+diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes_misc.c
+--- openssl-1.0.1j/crypto/aes/aes_misc.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/aes/aes_misc.c 2014-10-16 13:19:35.085306107 +0200
@@ -69,17 +69,11 @@ const char *AES_options(void) {
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
@@ -184,9 +184,9 @@ diff -up openssl-1.0.1g/crypto/aes/aes_misc.c.fips openssl-1.0.1g/crypto/aes/aes
-#endif
return private_AES_set_decrypt_key(userKey, bits, key);
}
-diff -up openssl-1.0.1g/crypto/cmac/cmac.c.fips openssl-1.0.1g/crypto/cmac/cmac.c
---- openssl-1.0.1g/crypto/cmac/cmac.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/cmac/cmac.c 2014-05-06 16:29:50.537923016 +0200
+diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac.c
+--- openssl-1.0.1j/crypto/cmac/cmac.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/cmac/cmac.c 2014-10-16 13:19:35.085306107 +0200
@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
@@ -235,9 +235,9 @@ diff -up openssl-1.0.1g/crypto/cmac/cmac.c.fips openssl-1.0.1g/crypto/cmac/cmac.
if (ctx->nlast_block == -1)
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-diff -up openssl-1.0.1g/crypto/crypto.h.fips openssl-1.0.1g/crypto/crypto.h
---- openssl-1.0.1g/crypto/crypto.h.fips 2014-05-06 16:29:50.419920288 +0200
-+++ openssl-1.0.1g/crypto/crypto.h 2014-05-06 16:29:50.537923016 +0200
+diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h
+--- openssl-1.0.1j/crypto/crypto.h.fips 2014-10-16 13:19:34.918302337 +0200
++++ openssl-1.0.1j/crypto/crypto.h 2014-10-16 13:19:35.085306107 +0200
@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
void OPENSSL_init(void);
@@ -283,9 +283,9 @@ diff -up openssl-1.0.1g/crypto/crypto.h.fips openssl-1.0.1g/crypto/crypto.h
/* Error codes for the CRYPTO functions. */
/* Function codes. */
-diff -up openssl-1.0.1g/crypto/des/des.h.fips openssl-1.0.1g/crypto/des/des.h
---- openssl-1.0.1g/crypto/des/des.h.fips 2014-05-06 16:29:50.449920982 +0200
-+++ openssl-1.0.1g/crypto/des/des.h 2014-05-06 16:29:50.537923016 +0200
+diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h
+--- openssl-1.0.1j/crypto/des/des.h.fips 2014-10-16 13:19:34.967303443 +0200
++++ openssl-1.0.1j/crypto/des/des.h 2014-10-16 13:19:35.085306107 +0200
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
@@ -296,9 +296,9 @@ diff -up openssl-1.0.1g/crypto/des/des.h.fips openssl-1.0.1g/crypto/des/des.h
void DES_string_to_key(const char *str,DES_cblock *key);
void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-diff -up openssl-1.0.1g/crypto/des/set_key.c.fips openssl-1.0.1g/crypto/des/set_key.c
---- openssl-1.0.1g/crypto/des/set_key.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/des/set_key.c 2014-05-06 16:29:50.537923016 +0200
+diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_key.c
+--- openssl-1.0.1j/crypto/des/set_key.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/des/set_key.c 2014-10-16 13:19:35.085306107 +0200
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock
}
@@ -313,9 +313,9 @@ diff -up openssl-1.0.1g/crypto/des/set_key.c.fips openssl-1.0.1g/crypto/des/set_
{
static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
register DES_LONG c,d,t,s,t2;
-diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips openssl-1.0.1g/crypto/dh/dh_gen.c
---- openssl-1.0.1g/crypto/dh/dh_gen.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dh/dh_gen.c 2014-05-06 16:29:50.537923016 +0200
+diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen.c
+--- openssl-1.0.1j/crypto/dh/dh_gen.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dh/dh_gen.c 2014-10-16 13:19:35.085306107 +0200
@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
#endif
if(ret->meth->generate_params)
@@ -349,9 +349,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips openssl-1.0.1g/crypto/dh/dh_gen.
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
-diff -up openssl-1.0.1g/crypto/dh/dh.h.fips openssl-1.0.1g/crypto/dh/dh.h
---- openssl-1.0.1g/crypto/dh/dh.h.fips 2014-05-06 16:29:50.394919710 +0200
-+++ openssl-1.0.1g/crypto/dh/dh.h 2014-05-06 16:29:50.537923016 +0200
+diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h
+--- openssl-1.0.1j/crypto/dh/dh.h.fips 2014-10-16 13:19:34.887301637 +0200
++++ openssl-1.0.1j/crypto/dh/dh.h 2014-10-16 13:19:35.086306130 +0200
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -369,9 +369,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh.h.fips openssl-1.0.1g/crypto/dh/dh.h
DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
int i2d_DHparams(const DH *a,unsigned char **pp);
#ifndef OPENSSL_NO_FP_API
-diff -up openssl-1.0.1g/crypto/dh/dh_key.c.fips openssl-1.0.1g/crypto/dh/dh_key.c
---- openssl-1.0.1g/crypto/dh/dh_key.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dh/dh_key.c 2014-05-06 16:29:50.538923040 +0200
+diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key.c
+--- openssl-1.0.1j/crypto/dh/dh_key.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dh/dh_key.c 2014-10-16 13:19:35.086306130 +0200
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -452,9 +452,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_key.c.fips openssl-1.0.1g/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.1g/crypto/dh/dh_lib.c.fips openssl-1.0.1g/crypto/dh/dh_lib.c
---- openssl-1.0.1g/crypto/dh/dh_lib.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dh/dh_lib.c 2014-05-06 16:29:50.538923040 +0200
+diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib.c
+--- openssl-1.0.1j/crypto/dh/dh_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dh/dh_lib.c 2014-10-16 13:19:35.086306130 +0200
@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
{
if(!default_DH_method)
@@ -470,9 +470,9 @@ diff -up openssl-1.0.1g/crypto/dh/dh_lib.c.fips openssl-1.0.1g/crypto/dh/dh_lib.
}
return default_DH_method;
}
-diff -up openssl-1.0.1g/crypto/dsa/dsa_err.c.fips openssl-1.0.1g/crypto/dsa/dsa_err.c
---- openssl-1.0.1g/crypto/dsa/dsa_err.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsa_err.c 2014-05-06 16:29:50.538923040 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_err.c
+--- openssl-1.0.1j/crypto/dsa/dsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_err.c 2014-10-16 13:19:35.086306130 +0200
@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -491,9 +491,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_err.c.fips openssl-1.0.1g/crypto/dsa/dsa_
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips openssl-1.0.1g/crypto/dsa/dsa_gen.c
---- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:29:50.538923040 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_gen.c 2014-10-16 13:19:35.086306130 +0200
@@ -85,6 +85,14 @@
#include <openssl/fips.h>
#endif
@@ -900,9 +900,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips openssl-1.0.1g/crypto/dsa/dsa_
}
if (mont != NULL) BN_MONT_CTX_free(mont);
return ok;
-diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips openssl-1.0.1g/crypto/dsa/dsa.h
---- openssl-1.0.1g/crypto/dsa/dsa.h.fips 2014-05-06 16:29:50.316917907 +0200
-+++ openssl-1.0.1g/crypto/dsa/dsa.h 2014-05-06 16:29:50.538923040 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h
+--- openssl-1.0.1j/crypto/dsa/dsa.h.fips 2014-10-16 13:19:34.791299470 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa.h 2014-10-16 13:19:35.087306152 +0200
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
@@ -963,9 +963,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips openssl-1.0.1g/crypto/dsa/dsa.h
#define DSA_R_PARAMETER_ENCODING_ERROR 105
#ifdef __cplusplus
-diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips openssl-1.0.1g/crypto/dsa/dsa_key.c
---- openssl-1.0.1g/crypto/dsa/dsa_key.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsa_key.c 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_key.c
+--- openssl-1.0.1j/crypto/dsa/dsa_key.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_key.c 2014-10-16 13:19:35.087306152 +0200
@@ -66,6 +66,35 @@
#ifdef OPENSSL_FIPS
@@ -1044,9 +1044,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips openssl-1.0.1g/crypto/dsa/dsa_
ok=1;
err:
-diff -up openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips openssl-1.0.1g/crypto/dsa/dsa_lib.c
---- openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsa_lib.c 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_lib.c
+--- openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_lib.c 2014-10-16 13:19:35.087306152 +0200
@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
{
if(!default_DSA_method)
@@ -1062,18 +1062,18 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_lib.c.fips openssl-1.0.1g/crypto/dsa/dsa_
}
return default_DSA_method;
}
-diff -up openssl-1.0.1g/crypto/dsa/dsa_locl.h.fips openssl-1.0.1g/crypto/dsa/dsa_locl.h
---- openssl-1.0.1g/crypto/dsa/dsa_locl.h.fips 2014-05-06 16:29:50.317917930 +0200
-+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips openssl-1.0.1j/crypto/dsa/dsa_locl.h
+--- openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips 2014-10-16 13:19:34.792299493 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_locl.h 2014-10-16 13:19:35.087306152 +0200
@@ -56,5 +56,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-diff -up openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1g/crypto/dsa/dsa_ossl.c
---- openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsa_ossl.c 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c 2014-10-16 13:19:35.087306152 +0200
@@ -65,6 +65,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -1147,9 +1147,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1g/crypto/dsa/dsa
dsa->flags|=DSA_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1g/crypto/dsa/dsa_pmeth.c
---- openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsa_pmeth.c 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/dsa_pmeth.c
+--- openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c 2014-10-16 13:19:35.087306152 +0200
@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
if (!dsa)
return 0;
@@ -1159,9 +1159,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1g/crypto/dsa/ds
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
else
-diff -up openssl-1.0.1g/crypto/dsa/dsatest.c.fips openssl-1.0.1g/crypto/dsa/dsatest.c
---- openssl-1.0.1g/crypto/dsa/dsatest.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dsa/dsatest.c 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsatest.c
+--- openssl-1.0.1j/crypto/dsa/dsatest.c.fips 2014-10-15 14:51:06.000000000 +0200
++++ openssl-1.0.1j/crypto/dsa/dsatest.c 2014-10-16 13:19:35.088306175 +0200
@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -1246,9 +1246,9 @@ diff -up openssl-1.0.1g/crypto/dsa/dsatest.c.fips openssl-1.0.1g/crypto/dsa/dsat
goto end;
}
if (h != 2)
-diff -up openssl-1.0.1g/crypto/engine/eng_all.c.fips openssl-1.0.1g/crypto/engine/eng_all.c
---- openssl-1.0.1g/crypto/engine/eng_all.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/engine/eng_all.c 2014-05-06 16:29:50.539923063 +0200
+diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engine/eng_all.c
+--- openssl-1.0.1j/crypto/engine/eng_all.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/engine/eng_all.c 2014-10-16 13:19:35.088306175 +0200
@@ -58,11 +58,25 @@
#include "cryptlib.h"
@@ -1275,9 +1275,9 @@ diff -up openssl-1.0.1g/crypto/engine/eng_all.c.fips openssl-1.0.1g/crypto/engin
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
-diff -up openssl-1.0.1g/crypto/evp/c_allc.c.fips openssl-1.0.1g/crypto/evp/c_allc.c
---- openssl-1.0.1g/crypto/evp/c_allc.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/c_allc.c 2014-05-06 16:29:50.540923086 +0200
+diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_allc.c
+--- openssl-1.0.1j/crypto/evp/c_allc.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:19:35.088306175 +0200
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
@@ -1351,9 +1351,9 @@ diff -up openssl-1.0.1g/crypto/evp/c_allc.c.fips openssl-1.0.1g/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.0.1g/crypto/evp/c_alld.c.fips openssl-1.0.1g/crypto/evp/c_alld.c
---- openssl-1.0.1g/crypto/evp/c_alld.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/c_alld.c 2014-05-06 16:29:50.540923086 +0200
+diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_alld.c
+--- openssl-1.0.1j/crypto/evp/c_alld.c.fips 2014-10-15 14:51:06.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/c_alld.c 2014-10-16 13:19:35.088306175 +0200
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
@@ -1399,9 +1399,9 @@ diff -up openssl-1.0.1g/crypto/evp/c_alld.c.fips openssl-1.0.1g/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.0.1g/crypto/evp/digest.c.fips openssl-1.0.1g/crypto/evp/digest.c
---- openssl-1.0.1g/crypto/evp/digest.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/digest.c 2014-05-06 16:29:50.540923086 +0200
+diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/digest.c
+--- openssl-1.0.1j/crypto/evp/digest.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/digest.c 2014-10-16 13:19:35.088306175 +0200
@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
return EVP_DigestInit_ex(ctx, type, NULL);
}
@@ -1550,9 +1550,9 @@ diff -up openssl-1.0.1g/crypto/evp/digest.c.fips openssl-1.0.1g/crypto/evp/diges
memset(ctx,'\0',sizeof *ctx);
return 1;
-diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes.c
---- openssl-1.0.1g/crypto/evp/e_aes.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/e_aes.c 2014-05-06 16:29:50.540923086 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes.c
+--- openssl-1.0.1j/crypto/evp/e_aes.c.fips 2014-10-16 13:19:35.048305272 +0200
++++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:19:35.089306198 +0200
@@ -56,7 +56,6 @@
#include <assert.h>
#include <openssl/aes.h>
@@ -1561,7 +1561,7 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes.
#include "modes_lcl.h"
#include <openssl/rand.h>
-@@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
+@@ -730,7 +729,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
if (arg <= 0)
return 0;
#ifdef OPENSSL_FIPS
@@ -1570,7 +1570,7 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes.
&& arg < 12)
return 0;
#endif
-@@ -1134,7 +1133,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1189,7 +1188,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
return 0;
#ifdef OPENSSL_FIPS
/* Requirement of SP800-38E */
@@ -1579,14 +1579,14 @@ diff -up openssl-1.0.1g/crypto/evp/e_aes.c.fips openssl-1.0.1g/crypto/evp/e_aes.
(len > (1UL<<20)*16))
{
EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
-@@ -1317,4 +1316,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm
+@@ -1386,4 +1385,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm
BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
#endif
-#endif
-diff -up openssl-1.0.1g/crypto/evp/e_des3.c.fips openssl-1.0.1g/crypto/evp/e_des3.c
---- openssl-1.0.1g/crypto/evp/e_des3.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/e_des3.c 2014-05-06 16:29:50.540923086 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des3.c
+--- openssl-1.0.1j/crypto/evp/e_des3.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:19:35.089306198 +0200
@@ -65,8 +65,6 @@
#include <openssl/des.h>
#include <openssl/rand.h>
@@ -1645,9 +1645,9 @@ diff -up openssl-1.0.1g/crypto/evp/e_des3.c.fips openssl-1.0.1g/crypto/evp/e_des
}
#endif
-#endif
-diff -up openssl-1.0.1g/crypto/evp/e_null.c.fips openssl-1.0.1g/crypto/evp/e_null.c
---- openssl-1.0.1g/crypto/evp/e_null.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/e_null.c 2014-05-06 16:29:50.540923086 +0200
+diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_null.c
+--- openssl-1.0.1j/crypto/evp/e_null.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/e_null.c 2014-10-16 13:19:35.089306198 +0200
@@ -61,8 +61,6 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -1671,11 +1671,11 @@ diff -up openssl-1.0.1g/crypto/evp/e_null.c.fips openssl-1.0.1g/crypto/evp/e_nul
return 1;
}
-#endif
-diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_enc.c
---- openssl-1.0.1g/crypto/evp/evp_enc.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/evp_enc.c 2014-05-06 16:29:50.541923109 +0200
-@@ -69,17 +69,58 @@
- #endif
+diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_enc.c
+--- openssl-1.0.1j/crypto/evp/evp_enc.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:21:57.064511350 +0200
+@@ -70,17 +70,58 @@
+ #include "constant_time_locl.h"
#include "evp_locl.h"
-#ifdef OPENSSL_FIPS
@@ -1737,7 +1737,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
memset(ctx,0,sizeof(EVP_CIPHER_CTX));
/* ctx->cipher=NULL; */
}
-@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
enc = 1;
ctx->encrypt = enc;
}
@@ -1752,7 +1752,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
-@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
ctx->engine = NULL;
#endif
@@ -1763,7 +1763,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
-@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
@@ -1774,7 +1774,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
-@@ -249,6 +290,22 @@ skip_to_init:
+@@ -250,6 +291,22 @@ skip_to_init:
}
}
@@ -1797,7 +1797,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
}
-@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
+@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
{
@@ -1805,7 +1805,7 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
if (c->cipher != NULL)
{
if(c->cipher->cleanup && !c->cipher->cleanup(c))
-@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
+@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
}
if (c->cipher_data)
OPENSSL_free(c->cipher_data);
@@ -1822,9 +1822,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_enc.c.fips openssl-1.0.1g/crypto/evp/evp_
memset(c,0,sizeof(EVP_CIPHER_CTX));
return 1;
}
-diff -up openssl-1.0.1g/crypto/evp/evp.h.fips openssl-1.0.1g/crypto/evp/evp.h
---- openssl-1.0.1g/crypto/evp/evp.h.fips 2014-05-06 16:29:50.432920589 +0200
-+++ openssl-1.0.1g/crypto/evp/evp.h 2014-05-06 16:29:50.541923109 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h
+--- openssl-1.0.1j/crypto/evp/evp.h.fips 2014-10-16 13:19:34.940302834 +0200
++++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:19:35.090306220 +0200
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
@@ -1877,9 +1877,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp.h.fips openssl-1.0.1g/crypto/evp/evp.h
/* Cipher handles any and all padding logic as well
* as finalisation.
*/
-diff -up openssl-1.0.1g/crypto/evp/evp_lib.c.fips openssl-1.0.1g/crypto/evp/evp_lib.c
---- openssl-1.0.1g/crypto/evp/evp_lib.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/evp_lib.c 2014-05-06 16:29:50.541923109 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_lib.c
+--- openssl-1.0.1j/crypto/evp/evp_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:19:35.090306220 +0200
@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
@@ -1890,9 +1890,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_lib.c.fips openssl-1.0.1g/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
-diff -up openssl-1.0.1g/crypto/evp/evp_locl.h.fips openssl-1.0.1g/crypto/evp/evp_locl.h
---- openssl-1.0.1g/crypto/evp/evp_locl.h.fips 2014-05-06 16:29:50.428920496 +0200
-+++ openssl-1.0.1g/crypto/evp/evp_locl.h 2014-05-06 16:29:50.541923109 +0200
+diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp_locl.h
+--- openssl-1.0.1j/crypto/evp/evp_locl.h.fips 2014-10-16 13:19:34.933302676 +0200
++++ openssl-1.0.1j/crypto/evp/evp_locl.h 2014-10-16 13:19:35.090306220 +0200
@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
@@ -1927,9 +1927,9 @@ diff -up openssl-1.0.1g/crypto/evp/evp_locl.h.fips openssl-1.0.1g/crypto/evp/evp
#define Camellia_set_key private_Camellia_set_key
#endif
-diff -up openssl-1.0.1g/crypto/evp/Makefile.fips openssl-1.0.1g/crypto/evp/Makefile
---- openssl-1.0.1g/crypto/evp/Makefile.fips 2014-04-07 18:55:33.000000000 +0200
-+++ openssl-1.0.1g/crypto/evp/Makefile 2014-05-06 16:29:50.541923109 +0200
+diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makefile
+--- openssl-1.0.1j/crypto/evp/Makefile.fips 2014-10-15 14:54:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/Makefile 2014-10-16 13:19:35.090306220 +0200
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -1948,9 +1948,9 @@ diff -up openssl-1.0.1g/crypto/evp/Makefile.fips openssl-1.0.1g/crypto/evp/Makef
e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
SRC= $(LIBSRC)
-diff -up openssl-1.0.1g/crypto/evp/m_dss.c.fips openssl-1.0.1g/crypto/evp/m_dss.c
---- openssl-1.0.1g/crypto/evp/m_dss.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/m_dss.c 2014-05-06 16:29:50.542923132 +0200
+diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss.c
+--- openssl-1.0.1j/crypto/evp/m_dss.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/m_dss.c 2014-10-16 13:19:35.090306220 +0200
@@ -66,7 +66,6 @@
#endif
@@ -1973,9 +1973,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_dss.c.fips openssl-1.0.1g/crypto/evp/m_dss.
}
#endif
-#endif
-diff -up openssl-1.0.1g/crypto/evp/m_dss1.c.fips openssl-1.0.1g/crypto/evp/m_dss1.c
---- openssl-1.0.1g/crypto/evp/m_dss1.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/m_dss1.c 2014-05-06 16:29:50.542923132 +0200
+diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss1.c
+--- openssl-1.0.1j/crypto/evp/m_dss1.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/m_dss1.c 2014-10-16 13:19:35.091306243 +0200
@@ -68,8 +68,6 @@
#include <openssl/dsa.h>
#endif
@@ -1999,9 +1999,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_dss1.c.fips openssl-1.0.1g/crypto/evp/m_dss
}
#endif
-#endif
-diff -up openssl-1.0.1g/crypto/evp/m_md2.c.fips openssl-1.0.1g/crypto/evp/m_md2.c
---- openssl-1.0.1g/crypto/evp/m_md2.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/m_md2.c 2014-05-06 16:29:50.542923132 +0200
+diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2.c
+--- openssl-1.0.1j/crypto/evp/m_md2.c.fips 2014-10-15 14:51:06.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/m_md2.c 2014-10-16 13:19:35.091306243 +0200
@@ -68,6 +68,7 @@
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
@@ -2010,9 +2010,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_md2.c.fips openssl-1.0.1g/crypto/evp/m_md2.
static int init(EVP_MD_CTX *ctx)
{ return MD2_Init(ctx->md_data); }
-diff -up openssl-1.0.1g/crypto/evp/m_sha1.c.fips openssl-1.0.1g/crypto/evp/m_sha1.c
---- openssl-1.0.1g/crypto/evp/m_sha1.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/m_sha1.c 2014-05-06 16:29:50.542923132 +0200
+diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha1.c
+--- openssl-1.0.1j/crypto/evp/m_sha1.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/m_sha1.c 2014-10-16 13:19:35.091306243 +0200
@@ -59,8 +59,6 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -2077,9 +2077,9 @@ diff -up openssl-1.0.1g/crypto/evp/m_sha1.c.fips openssl-1.0.1g/crypto/evp/m_sha
#endif /* ifndef OPENSSL_NO_SHA512 */
-#endif
-diff -up openssl-1.0.1g/crypto/evp/p_sign.c.fips openssl-1.0.1g/crypto/evp/p_sign.c
---- openssl-1.0.1g/crypto/evp/p_sign.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/p_sign.c 2014-05-06 16:29:50.542923132 +0200
+diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sign.c
+--- openssl-1.0.1j/crypto/evp/p_sign.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/p_sign.c 2014-10-16 13:19:35.091306243 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2111,9 +2111,9 @@ diff -up openssl-1.0.1g/crypto/evp/p_sign.c.fips openssl-1.0.1g/crypto/evp/p_sig
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
-diff -up openssl-1.0.1g/crypto/evp/p_verify.c.fips openssl-1.0.1g/crypto/evp/p_verify.c
---- openssl-1.0.1g/crypto/evp/p_verify.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/evp/p_verify.c 2014-05-06 16:29:50.542923132 +0200
+diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_verify.c
+--- openssl-1.0.1j/crypto/evp/p_verify.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/evp/p_verify.c 2014-10-16 13:19:35.091306243 +0200
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2145,9 +2145,9 @@ diff -up openssl-1.0.1g/crypto/evp/p_verify.c.fips openssl-1.0.1g/crypto/evp/p_v
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
EVP_PKEY_CTX_free(pkctx);
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips 2014-05-06 16:29:50.543923155 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c 2014-05-06 16:29:50.543923155 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips 2014-10-16 13:19:35.092306265 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c 2014-10-16 13:19:35.092306265 +0200
@@ -0,0 +1,939 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -3088,9 +3088,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1g/crypt
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips 2014-05-06 16:29:50.543923155 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c 2014-05-06 16:29:50.543923155 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips 2014-10-16 13:19:35.092306265 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c 2014-10-16 13:19:35.092306265 +0200
@@ -0,0 +1,517 @@
+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -3609,9 +3609,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1g/cry
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips 2014-05-06 16:29:50.543923155 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c 2014-05-06 16:29:50.543923155 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips 2014-10-16 13:19:35.092306265 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c 2014-10-16 13:19:35.092306265 +0200
@@ -0,0 +1,702 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -4315,9 +4315,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1g/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips 2014-05-06 16:29:50.543923155 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c 2014-05-06 16:29:50.543923155 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips 2014-10-16 13:19:35.093306288 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c 2014-10-16 13:19:35.093306288 +0200
@@ -0,0 +1,292 @@
+/* fips/dh/fips_dhvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4611,9 +4611,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1g/crypto/
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips 2014-05-06 16:29:50.544923178 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c 2014-05-06 16:29:50.544923178 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips 2014-10-16 13:19:35.093306288 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c 2014-10-16 13:19:35.093306288 +0200
@@ -0,0 +1,416 @@
+/* fips/rand/fips_drbgvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5031,9 +5031,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1g/crypt
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips 2014-05-06 16:29:50.544923178 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c 2014-05-06 16:29:50.544923178 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips 2014-10-16 13:19:35.093306288 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c 2014-10-16 13:19:35.093306288 +0200
@@ -0,0 +1,537 @@
+#include <openssl/opensslconf.h>
+
@@ -5572,9 +5572,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1g/crypto
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips 2014-05-06 16:29:50.544923178 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c 2014-05-06 16:29:50.544923178 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips 2014-10-16 13:19:35.094306310 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c 2014-10-16 13:19:35.093306288 +0200
@@ -0,0 +1,571 @@
+/* fips/aes/fips_gcmtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6147,9 +6147,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1g/cryp
+}
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips 2014-05-06 16:29:50.544923178 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c 2014-05-06 16:29:50.544923178 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips 2014-10-16 13:19:35.094306310 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c 2014-10-16 13:19:35.094306310 +0200
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
@@ -6381,9 +6381,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1g/crypto
+ return 0;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips 2014-05-06 16:29:50.545923201 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c 2014-05-06 16:29:50.545923201 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips 2014-10-16 13:19:35.094306310 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c 2014-10-16 13:19:35.094306310 +0200
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6775,9 +6775,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1g/cry
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips 2014-05-06 16:29:50.545923201 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c 2014-05-06 16:29:50.545923201 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips 2014-10-16 13:19:35.094306310 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c 2014-10-16 13:19:35.094306310 +0200
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7149,9 +7149,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1g/cry
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips 2014-05-06 16:29:50.545923201 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c 2014-05-06 16:29:50.545923201 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips 2014-10-16 13:19:35.094306310 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c 2014-10-16 13:19:35.094306310 +0200
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7530,9 +7530,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1g/cry
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c
---- openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips 2014-05-06 16:29:50.545923201 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c 2014-05-06 16:29:50.545923201 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips 2014-10-16 13:19:35.095306333 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c 2014-10-16 13:19:35.095306333 +0200
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7922,9 +7922,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1g/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1g/crypto/fips/cavs/fips_utl.h
---- openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips 2014-05-06 16:29:50.545923201 +0200
-+++ openssl-1.0.1g/crypto/fips/cavs/fips_utl.h 2014-05-06 16:29:50.545923201 +0200
+diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips 2014-10-16 13:19:35.095306333 +0200
++++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h 2014-10-16 13:19:35.095306333 +0200
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -8269,9 +8269,9 @@ diff -up openssl-1.0.1g/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1g/crypto/f
+#endif
+ }
+
-diff -up openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_aes_selftest.c 2014-05-06 16:29:50.546923224 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips 2014-10-16 13:19:35.095306333 +0200
++++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c 2014-10-16 13:19:35.095306333 +0200
@@ -0,0 +1,359 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -8632,9 +8632,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1g/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips.c.fips openssl-1.0.1g/crypto/fips/fips.c
---- openssl-1.0.1g/crypto/fips/fips.c.fips 2014-05-06 16:29:50.546923224 +0200
-+++ openssl-1.0.1g/crypto/fips/fips.c 2014-05-06 16:33:24.309865160 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips.c
+--- openssl-1.0.1j/crypto/fips/fips.c.fips 2014-10-16 13:19:35.095306333 +0200
++++ openssl-1.0.1j/crypto/fips/fips.c 2014-10-16 13:19:35.095306333 +0200
@@ -0,0 +1,491 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9127,9 +9127,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips.c.fips openssl-1.0.1g/crypto/fips/fips.
+
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c 2014-05-06 16:29:50.546923224 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200
++++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c 2014-10-16 13:19:35.096306356 +0200
@@ -0,0 +1,161 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9292,9 +9292,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1g/cry
+ return rv;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_des_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips 2014-05-06 16:29:50.546923224 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_des_selftest.c 2014-05-06 16:29:50.546923224 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200
++++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c 2014-10-16 13:19:35.096306356 +0200
@@ -0,0 +1,147 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9443,9 +9443,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1g/cryp
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips 2014-05-06 16:29:50.546923224 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c 2014-05-06 16:29:50.546923224 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips 2014-10-16 13:19:35.096306356 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c 2014-10-16 13:19:35.096306356 +0200
@@ -0,0 +1,436 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -9883,9 +9883,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1g/crypto/f
+
+ return 1;
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips 2014-05-06 16:29:50.547923248 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_hash.c 2014-05-06 16:29:50.547923248 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hash.c
+--- openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips 2014-10-16 13:19:35.096306356 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c 2014-10-16 13:19:35.096306356 +0200
@@ -0,0 +1,378 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10265,9 +10265,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1g/crypto/
+
+ return 1;
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips 2014-05-06 16:29:50.547923248 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c 2014-05-06 16:29:50.547923248 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips 2014-10-16 13:19:35.097306378 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c 2014-10-16 13:19:35.096306356 +0200
@@ -0,0 +1,281 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10550,9 +10550,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1g/crypto/
+
+ return 1;
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips 2014-05-06 16:29:50.547923248 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_lib.c 2014-05-06 16:29:50.547923248 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_lib.c
+--- openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips 2014-10-16 13:19:35.097306378 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c 2014-10-16 13:19:35.097306378 +0200
@@ -0,0 +1,578 @@
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
@@ -11132,9 +11132,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1g/crypto/f
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips 2014-05-06 16:29:50.547923248 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c 2014-05-06 16:29:50.547923248 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips 2014-10-16 13:19:35.097306378 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c 2014-10-16 13:19:35.097306378 +0200
@@ -0,0 +1,172 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -11308,9 +11308,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1g/crypto/
+ return &rand_drbg_meth;
+ }
+
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips 2014-05-06 16:29:50.548923271 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c 2014-05-06 16:29:50.548923271 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips 2014-10-16 13:19:35.097306378 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c 2014-10-16 13:19:35.097306378 +0200
@@ -0,0 +1,862 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -12174,9 +12174,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1g/cry
+ return rv;
+ }
+
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips 2014-05-06 16:29:50.548923271 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h 2014-05-06 16:29:50.548923271 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips 2014-10-16 13:19:35.098306401 +0200
++++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h 2014-10-16 13:19:35.098306401 +0200
@@ -0,0 +1,2335 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -14513,9 +14513,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1g/cry
+ 0xc2,0xd6,0xfd,0xa5
+ };
+
-diff -up openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c 2014-05-06 16:29:50.548923271 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200
++++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c 2014-10-16 13:19:35.099306423 +0200
@@ -0,0 +1,193 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -14710,9 +14710,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1g/cryp
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_enc.c.fips openssl-1.0.1g/crypto/fips/fips_enc.c
---- openssl-1.0.1g/crypto/fips/fips_enc.c.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_enc.c 2014-05-06 16:29:50.549923294 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/fips_enc.c
+--- openssl-1.0.1j/crypto/fips/fips_enc.c.fips 2014-10-16 13:19:35.099306423 +0200
++++ openssl-1.0.1j/crypto/fips/fips_enc.c 2014-10-16 13:19:35.099306423 +0200
@@ -0,0 +1,191 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -14905,9 +14905,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_enc.c.fips openssl-1.0.1g/crypto/fips/f
+ }
+ }
+
-diff -up openssl-1.0.1g/crypto/fips/fips.h.fips openssl-1.0.1g/crypto/fips/fips.h
---- openssl-1.0.1g/crypto/fips/fips.h.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips.h 2014-05-06 16:29:50.549923294 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips.h
+--- openssl-1.0.1j/crypto/fips/fips.h.fips 2014-10-16 13:19:35.099306423 +0200
++++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:19:35.099306423 +0200
@@ -0,0 +1,279 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -15188,9 +15188,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips.h.fips openssl-1.0.1g/crypto/fips/fips.
+}
+#endif
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c 2014-05-06 16:29:50.549923294 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200
++++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c 2014-10-16 13:19:35.099306423 +0200
@@ -0,0 +1,137 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -15329,9 +15329,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1g/cry
+ return 1;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_locl.h.fips openssl-1.0.1g/crypto/fips/fips_locl.h
---- openssl-1.0.1g/crypto/fips/fips_locl.h.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_locl.h 2014-05-06 16:29:50.549923294 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/fips_locl.h
+--- openssl-1.0.1j/crypto/fips/fips_locl.h.fips 2014-10-16 13:19:35.100306446 +0200
++++ openssl-1.0.1j/crypto/fips/fips_locl.h 2014-10-16 13:19:35.099306423 +0200
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15404,9 +15404,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_locl.h.fips openssl-1.0.1g/crypto/fips/
+}
+#endif
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_md.c.fips openssl-1.0.1g/crypto/fips/fips_md.c
---- openssl-1.0.1g/crypto/fips/fips_md.c.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_md.c 2014-05-06 16:29:50.549923294 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fips_md.c
+--- openssl-1.0.1j/crypto/fips/fips_md.c.fips 2014-10-16 13:19:35.100306446 +0200
++++ openssl-1.0.1j/crypto/fips/fips_md.c 2014-10-16 13:19:35.100306446 +0200
@@ -0,0 +1,145 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -15553,9 +15553,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_md.c.fips openssl-1.0.1g/crypto/fips/fi
+ return NULL;
+ }
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips openssl-1.0.1g/crypto/fips/fips_post.c
---- openssl-1.0.1g/crypto/fips/fips_post.c.fips 2014-05-06 16:29:50.549923294 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_post.c 2014-05-06 16:29:50.549923294 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/fips_post.c
+--- openssl-1.0.1j/crypto/fips/fips_post.c.fips 2014-10-16 13:19:35.100306446 +0200
++++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:19:35.100306446 +0200
@@ -0,0 +1,205 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15762,9 +15762,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips openssl-1.0.1g/crypto/fips/
+ return 1;
+ }
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_rand.c.fips openssl-1.0.1g/crypto/fips/fips_rand.c
---- openssl-1.0.1g/crypto/fips/fips_rand.c.fips 2014-05-06 16:29:50.550923317 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rand.c 2014-05-06 16:29:50.550923317 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/fips_rand.c
+--- openssl-1.0.1j/crypto/fips/fips_rand.c.fips 2014-10-16 13:19:35.100306446 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rand.c 2014-10-16 13:19:35.100306446 +0200
@@ -0,0 +1,457 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -16223,9 +16223,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand.c.fips openssl-1.0.1g/crypto/fips/
+}
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_rand.h.fips openssl-1.0.1g/crypto/fips/fips_rand.h
---- openssl-1.0.1g/crypto/fips/fips_rand.h.fips 2014-05-06 16:29:50.550923317 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rand.h 2014-05-06 16:29:50.550923317 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/fips_rand.h
+--- openssl-1.0.1j/crypto/fips/fips_rand.h.fips 2014-10-16 13:19:35.100306446 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rand.h 2014-10-16 13:19:35.100306446 +0200
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -16372,9 +16372,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand.h.fips openssl-1.0.1g/crypto/fips/
+#endif
+#endif
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1g/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips 2014-05-06 16:29:50.550923317 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rand_lcl.h 2014-05-06 16:29:50.550923317 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/fips/fips_rand_lcl.h
+--- openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips 2014-10-16 13:19:35.101306469 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h 2014-10-16 13:19:35.101306469 +0200
@@ -0,0 +1,219 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -16595,9 +16595,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1g/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1g/crypto/fips/fips_rand_lib.c
---- openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips 2014-05-06 16:29:50.550923317 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rand_lib.c 2014-05-06 16:29:50.550923317 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/fips/fips_rand_lib.c
+--- openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips 2014-10-16 13:19:35.101306469 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c 2014-10-16 13:19:35.101306469 +0200
@@ -0,0 +1,191 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -16790,9 +16790,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1g/crypto/f
+ }
+ return 0;
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips 2014-05-06 16:29:50.550923317 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rand_selftest.c 2014-05-06 16:29:50.550923317 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips 2014-10-16 13:19:35.101306469 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c 2014-10-16 13:19:35.101306469 +0200
@@ -0,0 +1,183 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -16977,9 +16977,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1g/cry
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_randtest.c.fips openssl-1.0.1g/crypto/fips/fips_randtest.c
---- openssl-1.0.1g/crypto/fips/fips_randtest.c.fips 2014-05-06 16:29:50.551923340 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_randtest.c 2014-05-06 16:29:50.551923340 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/fips/fips_randtest.c
+--- openssl-1.0.1j/crypto/fips/fips_randtest.c.fips 2014-10-16 13:19:35.101306469 +0200
++++ openssl-1.0.1j/crypto/fips/fips_randtest.c 2014-10-16 13:19:35.101306469 +0200
@@ -0,0 +1,250 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -17231,9 +17231,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_randtest.c.fips openssl-1.0.1g/crypto/f
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips 2014-05-06 16:29:50.551923340 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c 2014-05-06 16:29:50.551923340 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c 2014-10-16 13:19:35.102306491 +0200
@@ -0,0 +1,444 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -17679,9 +17679,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1g/cryp
+ }
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips 2014-05-06 16:29:50.551923340 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c 2014-05-06 16:29:50.551923340 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips 2014-10-16 13:19:35.102306491 +0200
++++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c 2014-10-16 13:19:35.102306491 +0200
@@ -0,0 +1,282 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -17965,9 +17965,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1g/crypto/
+ return 0;
+
+ }
-diff -up openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1g/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips 2014-05-06 16:29:50.551923340 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_sha_selftest.c 2014-05-06 16:29:50.551923340 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_sha_selftest.c
+--- openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200
++++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c 2014-10-16 13:19:35.102306491 +0200
@@ -0,0 +1,140 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18109,9 +18109,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1g/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips 2014-05-06 16:29:50.551923340 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c 2014-05-06 16:29:50.551923340 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips 2014-10-16 13:19:35.102306491 +0200
++++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c 2014-10-16 13:19:35.102306491 +0200
@@ -0,0 +1,236 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18349,9 +18349,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1g/c
+ }
+
+
-diff -up openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips openssl-1.0.1g/crypto/fips/fips_test_suite.c
---- openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips 2014-05-06 16:29:50.552923363 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_test_suite.c 2014-05-06 16:29:50.552923363 +0200
+diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto/fips/fips_test_suite.c
+--- openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips 2014-10-16 13:19:35.103306514 +0200
++++ openssl-1.0.1j/crypto/fips/fips_test_suite.c 2014-10-16 13:19:35.103306514 +0200
@@ -0,0 +1,588 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18941,9 +18941,9 @@ diff -up openssl-1.0.1g/crypto/fips/fips_test_suite.c.fips openssl-1.0.1g/crypto
+ }
+
+#endif
-diff -up openssl-1.0.1g/crypto/fips/Makefile.fips openssl-1.0.1g/crypto/fips/Makefile
---- openssl-1.0.1g/crypto/fips/Makefile.fips 2014-05-06 16:29:50.552923363 +0200
-+++ openssl-1.0.1g/crypto/fips/Makefile 2014-05-06 16:29:50.552923363 +0200
+diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Makefile
+--- openssl-1.0.1j/crypto/fips/Makefile.fips 2014-10-16 13:19:35.103306514 +0200
++++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:19:35.103306514 +0200
@@ -0,0 +1,341 @@
+#
+# OpenSSL/crypto/fips/Makefile
@@ -19286,9 +19286,9 @@ diff -up openssl-1.0.1g/crypto/fips/Makefile.fips openssl-1.0.1g/crypto/fips/Mak
+fips_sha_selftest.o: ../../include/openssl/safestack.h
+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
-diff -up openssl-1.0.1g/crypto/hmac/hmac.c.fips openssl-1.0.1g/crypto/hmac/hmac.c
---- openssl-1.0.1g/crypto/hmac/hmac.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/hmac/hmac.c 2014-05-06 16:29:50.552923363 +0200
+diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac.c
+--- openssl-1.0.1j/crypto/hmac/hmac.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/hmac/hmac.c 2014-10-16 13:19:35.103306514 +0200
@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
return 0;
@@ -19351,9 +19351,9 @@ diff -up openssl-1.0.1g/crypto/hmac/hmac.c.fips openssl-1.0.1g/crypto/hmac/hmac.
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
-diff -up openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1g/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/mdc2/mdc2dgst.c 2014-05-06 16:29:50.552923363 +0200
+diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c 2014-10-16 13:19:35.103306514 +0200
@@ -76,7 +76,7 @@
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
@@ -19363,9 +19363,9 @@ diff -up openssl-1.0.1g/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1g/crypto/mdc2/m
{
c->num=0;
c->pad_type=1;
-diff -up openssl-1.0.1g/crypto/md2/md2_dgst.c.fips openssl-1.0.1g/crypto/md2/md2_dgst.c
---- openssl-1.0.1g/crypto/md2/md2_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/md2/md2_dgst.c 2014-05-06 16:29:50.552923363 +0200
+diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2_dgst.c
+--- openssl-1.0.1j/crypto/md2/md2_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/md2/md2_dgst.c 2014-10-16 13:19:35.103306514 +0200
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
@@ -19387,9 +19387,9 @@ diff -up openssl-1.0.1g/crypto/md2/md2_dgst.c.fips openssl-1.0.1g/crypto/md2/md2
{
c->num=0;
memset(c->state,0,sizeof c->state);
-diff -up openssl-1.0.1g/crypto/md4/md4_dgst.c.fips openssl-1.0.1g/crypto/md4/md4_dgst.c
---- openssl-1.0.1g/crypto/md4/md4_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/md4/md4_dgst.c 2014-05-06 16:29:50.552923363 +0200
+diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4_dgst.c
+--- openssl-1.0.1j/crypto/md4/md4_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/md4/md4_dgst.c 2014-10-16 13:19:35.104306536 +0200
@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -19399,9 +19399,9 @@ diff -up openssl-1.0.1g/crypto/md4/md4_dgst.c.fips openssl-1.0.1g/crypto/md4/md4
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1g/crypto/md5/md5_dgst.c.fips openssl-1.0.1g/crypto/md5/md5_dgst.c
---- openssl-1.0.1g/crypto/md5/md5_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/md5/md5_dgst.c 2014-05-06 16:29:50.553923386 +0200
+diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5_dgst.c
+--- openssl-1.0.1j/crypto/md5/md5_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/md5/md5_dgst.c 2014-10-16 13:19:35.104306536 +0200
@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -19411,9 +19411,9 @@ diff -up openssl-1.0.1g/crypto/md5/md5_dgst.c.fips openssl-1.0.1g/crypto/md5/md5
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1g/crypto/o_fips.c.fips openssl-1.0.1g/crypto/o_fips.c
---- openssl-1.0.1g/crypto/o_fips.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/o_fips.c 2014-05-06 16:29:50.553923386 +0200
+diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c
+--- openssl-1.0.1j/crypto/o_fips.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/o_fips.c 2014-10-16 13:19:35.104306536 +0200
@@ -79,6 +79,8 @@ int FIPS_mode_set(int r)
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
@@ -19423,9 +19423,9 @@ diff -up openssl-1.0.1g/crypto/o_fips.c.fips openssl-1.0.1g/crypto/o_fips.c
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
return 0;
if (r)
-diff -up openssl-1.0.1g/crypto/o_init.c.fips openssl-1.0.1g/crypto/o_init.c
---- openssl-1.0.1g/crypto/o_init.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/o_init.c 2014-05-06 16:29:50.553923386 +0200
+diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c
+--- openssl-1.0.1j/crypto/o_init.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/o_init.c 2014-10-16 13:19:35.104306536 +0200
@@ -55,28 +55,68 @@
#include <e_os.h>
#include <openssl/err.h>
@@ -19499,9 +19499,9 @@ diff -up openssl-1.0.1g/crypto/o_init.c.fips openssl-1.0.1g/crypto/o_init.c
+ {
+ OPENSSL_init_library();
+ }
-diff -up openssl-1.0.1g/crypto/opensslconf.h.in.fips openssl-1.0.1g/crypto/opensslconf.h.in
---- openssl-1.0.1g/crypto/opensslconf.h.in.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/opensslconf.h.in 2014-05-06 16:29:50.553923386 +0200
+diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opensslconf.h.in
+--- openssl-1.0.1j/crypto/opensslconf.h.in.fips 2014-10-15 14:51:06.000000000 +0200
++++ openssl-1.0.1j/crypto/opensslconf.h.in 2014-10-16 13:19:35.104306536 +0200
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
@@ -19523,10 +19523,10 @@ diff -up openssl-1.0.1g/crypto/opensslconf.h.in.fips openssl-1.0.1g/crypto/opens
/* Generate 80386 code? */
#undef I386_ONLY
-diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips openssl-1.0.1g/crypto/rand/md_rand.c
---- openssl-1.0.1g/crypto/rand/md_rand.c.fips 2014-04-07 18:54:21.000000000 +0200
-+++ openssl-1.0.1g/crypto/rand/md_rand.c 2014-05-06 16:29:50.553923386 +0200
-@@ -395,7 +395,10 @@ static int ssleay_rand_bytes(unsigned ch
+diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md_rand.c
+--- openssl-1.0.1j/crypto/rand/md_rand.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rand/md_rand.c 2014-10-16 13:19:35.104306536 +0200
+@@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
@@ -19538,9 +19538,9 @@ diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips openssl-1.0.1g/crypto/rand/md
{
RAND_poll();
initialized = 1;
-diff -up openssl-1.0.1g/crypto/rand/rand.h.fips openssl-1.0.1g/crypto/rand/rand.h
---- openssl-1.0.1g/crypto/rand/rand.h.fips 2014-05-06 16:29:50.303917606 +0200
-+++ openssl-1.0.1g/crypto/rand/rand.h 2014-05-06 16:29:50.553923386 +0200
+diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand.h
+--- openssl-1.0.1j/crypto/rand/rand.h.fips 2014-10-16 13:19:34.775299109 +0200
++++ openssl-1.0.1j/crypto/rand/rand.h 2014-10-16 13:19:35.105306559 +0200
@@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -19581,9 +19581,9 @@ diff -up openssl-1.0.1g/crypto/rand/rand.h.fips openssl-1.0.1g/crypto/rand/rand.
#ifdef __cplusplus
}
-diff -up openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1g/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/ripemd/rmd_dgst.c 2014-05-06 16:29:50.553923386 +0200
+diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c 2014-10-16 13:19:35.105306559 +0200
@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
# endif
@@ -19593,9 +19593,9 @@ diff -up openssl-1.0.1g/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1g/crypto/ripe
{
memset (c,0,sizeof(*c));
c->A=RIPEMD160_A;
-diff -up openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1g/crypto/rsa/rsa_crpt.c
---- openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_crpt.c 2014-05-06 16:29:50.554923409 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa_crpt.c
+--- openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c 2014-10-16 13:19:35.105306559 +0200
@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
RSA *rsa, int padding)
{
@@ -19622,9 +19622,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1g/crypto/rsa/rsa
return -1;
}
#endif
-diff -up openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips openssl-1.0.1g/crypto/rsa/rsa_eay.c
---- openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_eay.c 2014-05-06 16:29:50.554923409 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_eay.c
+--- openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_eay.c 2014-10-16 13:19:35.105306559 +0200
@@ -114,6 +114,10 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -19755,9 +19755,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_eay.c.fips openssl-1.0.1g/crypto/rsa/rsa_
rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
return(1);
}
-diff -up openssl-1.0.1g/crypto/rsa/rsa_err.c.fips openssl-1.0.1g/crypto/rsa/rsa_err.c
---- openssl-1.0.1g/crypto/rsa/rsa_err.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_err.c 2014-05-06 16:29:50.554923409 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_err.c
+--- openssl-1.0.1j/crypto/rsa/rsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_err.c 2014-10-16 13:19:35.105306559 +0200
@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
@@ -19767,9 +19767,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_err.c.fips openssl-1.0.1g/crypto/rsa/rsa_
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips openssl-1.0.1g/crypto/rsa/rsa_gen.c
---- openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c 2014-05-06 16:29:50.554923409 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_gen.c 2014-10-16 13:19:35.106306581 +0200
@@ -69,6 +69,78 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
@@ -19911,9 +19911,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips openssl-1.0.1g/crypto/rsa/rsa_
ok=1;
err:
if (ok == -1)
-diff -up openssl-1.0.1g/crypto/rsa/rsa.h.fips openssl-1.0.1g/crypto/rsa/rsa.h
---- openssl-1.0.1g/crypto/rsa/rsa.h.fips 2014-05-06 16:29:50.436920681 +0200
-+++ openssl-1.0.1g/crypto/rsa/rsa.h 2014-05-06 16:29:50.554923409 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h
+--- openssl-1.0.1j/crypto/rsa/rsa.h.fips 2014-10-16 13:19:34.947302992 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa.h 2014-10-16 13:24:00.824305281 +0200
@@ -164,6 +164,8 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
@@ -19997,10 +19997,10 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa.h.fips openssl-1.0.1g/crypto/rsa/rsa.h
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
- #define RSA_R_P_NOT_PRIME 128
-diff -up openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips openssl-1.0.1g/crypto/rsa/rsa_lib.c
---- openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_lib.c 2014-05-06 16:29:50.554923409 +0200
+ #define RSA_R_PKCS_DECODING_ERROR 159
+diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_lib.c
+--- openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_lib.c 2014-10-16 13:19:35.106306581 +0200
@@ -84,6 +84,13 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -20076,9 +20076,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_lib.c.fips openssl-1.0.1g/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
{
#ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1g/crypto/rsa/rsa_pmeth.c
---- openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_pmeth.c 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c 2014-10-16 13:19:35.106306581 +0200
@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
RSA_R_INVALID_DIGEST_LENGTH);
return -1;
@@ -20122,9 +20122,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1g/crypto/rsa/rs
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
-diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa_sign.c
---- openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rsa/rsa_sign.c 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa_sign.c
+--- openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/rsa/rsa_sign.c 2014-10-16 13:19:35.106306581 +0200
@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
i2d_X509_SIG(&sig,&p);
s=tmps;
@@ -20135,7 +20135,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa
if (i <= 0)
ret=0;
else
-@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi
+@@ -197,8 +198,8 @@ int int_rsa_verify(int dtype, const unsi
if((dtype == NID_md5_sha1) && rm)
{
@@ -20146,7 +20146,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa
if (i <= 0)
return 0;
*prm_len = i;
-@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi
+@@ -215,7 +216,8 @@ int int_rsa_verify(int dtype, const unsi
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
}
@@ -20156,9 +20156,9 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_sign.c.fips openssl-1.0.1g/crypto/rsa/rsa
if (i <= 0) goto err;
/* Oddball MDC2 case: signature can be OCTET STRING.
-diff -up openssl-1.0.1g/crypto/sha/sha.h.fips openssl-1.0.1g/crypto/sha/sha.h
---- openssl-1.0.1g/crypto/sha/sha.h.fips 2014-05-06 16:29:50.224915780 +0200
-+++ openssl-1.0.1g/crypto/sha/sha.h 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h
+--- openssl-1.0.1j/crypto/sha/sha.h.fips 2014-10-16 13:19:34.667296671 +0200
++++ openssl-1.0.1j/crypto/sha/sha.h 2014-10-16 13:19:35.107306604 +0200
@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
void SHA_Transform(SHA_CTX *c, const unsigned char *data);
#endif
@@ -20191,9 +20191,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha.h.fips openssl-1.0.1g/crypto/sha/sha.h
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.1g/crypto/sha/sha_locl.h.fips openssl-1.0.1g/crypto/sha/sha_locl.h
---- openssl-1.0.1g/crypto/sha/sha_locl.h.fips 2014-05-06 16:29:50.226915826 +0200
-+++ openssl-1.0.1g/crypto/sha/sha_locl.h 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha_locl.h
+--- openssl-1.0.1j/crypto/sha/sha_locl.h.fips 2014-10-16 13:19:34.669296716 +0200
++++ openssl-1.0.1j/crypto/sha/sha_locl.h 2014-10-16 13:19:35.107306604 +0200
@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
#define INIT_DATA_h4 0xc3d2e1f0UL
@@ -20210,9 +20210,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha_locl.h.fips openssl-1.0.1g/crypto/sha/sha
memset (c,0,sizeof(*c));
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
-diff -up openssl-1.0.1g/crypto/sha/sha256.c.fips openssl-1.0.1g/crypto/sha/sha256.c
---- openssl-1.0.1g/crypto/sha/sha256.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/sha/sha256.c 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha256.c
+--- openssl-1.0.1j/crypto/sha/sha256.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/sha/sha256.c 2014-10-16 13:19:35.107306604 +0200
@@ -12,12 +12,19 @@
#include <openssl/crypto.h>
@@ -20243,9 +20243,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha256.c.fips openssl-1.0.1g/crypto/sha/sha25
memset (c,0,sizeof(*c));
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
-diff -up openssl-1.0.1g/crypto/sha/sha512.c.fips openssl-1.0.1g/crypto/sha/sha512.c
---- openssl-1.0.1g/crypto/sha/sha512.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/sha/sha512.c 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha512.c
+--- openssl-1.0.1j/crypto/sha/sha512.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/sha/sha512.c 2014-10-16 13:19:35.107306604 +0200
@@ -5,6 +5,10 @@
* ====================================================================
*/
@@ -20277,9 +20277,9 @@ diff -up openssl-1.0.1g/crypto/sha/sha512.c.fips openssl-1.0.1g/crypto/sha/sha51
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1g/crypto/whrlpool/wp_dgst.c
---- openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/whrlpool/wp_dgst.c 2014-05-06 16:29:50.555923432 +0200
+diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c 2014-10-16 13:19:35.107306604 +0200
@@ -55,7 +55,7 @@
#include <openssl/crypto.h>
#include <string.h>
@@ -20289,9 +20289,9 @@ diff -up openssl-1.0.1g/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1g/crypto/whr
{
memset (c,0,sizeof(*c));
return(1);
-diff -up openssl-1.0.1g/Makefile.org.fips openssl-1.0.1g/Makefile.org
---- openssl-1.0.1g/Makefile.org.fips 2014-05-06 16:29:50.519922600 +0200
-+++ openssl-1.0.1g/Makefile.org 2014-05-06 16:29:50.556923456 +0200
+diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org
+--- openssl-1.0.1j/Makefile.org.fips 2014-10-16 13:19:35.062305588 +0200
++++ openssl-1.0.1j/Makefile.org 2014-10-16 13:19:35.108306626 +0200
@@ -136,6 +136,9 @@ FIPSCANLIB=
BASEADDR=
@@ -20319,10 +20319,10 @@ diff -up openssl-1.0.1g/Makefile.org.fips openssl-1.0.1g/Makefile.org
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.1g/ssl/d1_srvr.c.fips openssl-1.0.1g/ssl/d1_srvr.c
---- openssl-1.0.1g/ssl/d1_srvr.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/d1_srvr.c 2014-05-06 16:29:50.556923456 +0200
-@@ -1383,6 +1383,8 @@ int dtls1_send_server_key_exchange(SSL *
+diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c
+--- openssl-1.0.1j/ssl/d1_srvr.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/ssl/d1_srvr.c 2014-10-16 13:19:35.108306626 +0200
+@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL *
j=0;
for (num=2; num > 0; num--)
{
@@ -20331,9 +20331,9 @@ diff -up openssl-1.0.1g/ssl/d1_srvr.c.fips openssl-1.0.1g/ssl/d1_srvr.c
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.1g/ssl/ssl_algs.c.fips openssl-1.0.1g/ssl/ssl_algs.c
---- openssl-1.0.1g/ssl/ssl_algs.c.fips 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/ssl_algs.c 2014-05-06 16:29:50.556923456 +0200
+diff -up openssl-1.0.1j/ssl/ssl_algs.c.fips openssl-1.0.1j/ssl/ssl_algs.c
+--- openssl-1.0.1j/ssl/ssl_algs.c.fips 2014-10-15 14:53:39.000000000 +0200
++++ openssl-1.0.1j/ssl/ssl_algs.c 2014-10-16 13:19:35.108306626 +0200
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
diff --git a/openssl.spec b/openssl.spec
index b42bc91..79fa822 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,8 +22,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.1i
-Release: 5%{?dist}
+Version: 1.0.1j
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -58,7 +58,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
Patch39: openssl-1.0.1h-ipv6-apps.patch
-Patch40: openssl-1.0.1g-fips.patch
+Patch40: openssl-1.0.1j-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch
@@ -72,7 +72,7 @@ Patch65: openssl-1.0.0e-chil-fixes.patch
Patch66: openssl-1.0.1-pkgconfig-krb5.patch
Patch68: openssl-1.0.1e-secure-getenv.patch
Patch69: openssl-1.0.1c-dh-1024.patch
-Patch70: openssl-1.0.1e-fips-ec.patch
+Patch70: openssl-1.0.1j-fips-ec.patch
Patch71: openssl-1.0.1i-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch
@@ -84,12 +84,11 @@ Patch90: openssl-1.0.1e-enc-fail.patch
Patch92: openssl-1.0.1h-system-cipherlist.patch
Patch93: openssl-1.0.1h-disable-sslv2v3.patch
# Backported fixes including security fixes
-Patch80: openssl-1.0.1i-evp-wrap.patch
+Patch80: openssl-1.0.1j-evp-wrap.patch
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch84: openssl-1.0.1i-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
-Patch89: openssl-1.0.1e-ephemeral-key-size.patch
-Patch94: openssl-1.0.1i-copy-algo.patch
+Patch89: openssl-1.0.1j-ephemeral-key-size.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -212,7 +211,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch84 -p1 -b .trusted-first
%patch85 -p1 -b .armcap
%patch89 -p1 -b .ephemeral
-%patch94 -p1 -b .copy-algo
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@@ -480,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Oct 16 2014 Tomáš Mráz <tmraz at redhat.com> 1.0.1j-1
+- new upstream release fixing multiple security issues
+
* Fri Oct 10 2014 Tomáš Mráz <tmraz at redhat.com> 1.0.1i-5
- copy negotiated digests when switching certs by SNI (#1150032)
More information about the scm-commits
mailing list