[openssl] new upstream release fixing multiple security issues
Tomáš Mráz
tmraz at fedoraproject.org
Fri Jan 9 09:54:36 UTC 2015
commit 7e7e3f299f4184b89482c50d577da5b1ef4b19cb
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Jan 9 10:54:51 2015 +0100
new upstream release fixing multiple security issues
.gitignore | 1 +
openssl-1.0.1-beta2-dtls1-abi.patch | 23 -
openssl-1.0.1k-dtls1-abi.patch | 26 +
...suiteb.patch => openssl-1.0.1k-ecc-suiteb.patch | 58 +-
...atch => openssl-1.0.1k-ephemeral-key-size.patch | 40 +-
...-1.0.1j-fips.patch => openssl-1.0.1k-fips.patch | 678 ++++++++++----------
...dlock64.patch => openssl-1.0.1k-padlock64.patch | 16 +-
...rst.patch => openssl-1.0.1k-trusted-first.patch | 130 ++--
openssl.spec | 19 +-
sources | 2 +-
10 files changed, 505 insertions(+), 488 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 7d51cf7..599db8e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1h-hobbled.tar.xz
/openssl-1.0.1i-hobbled.tar.xz
/openssl-1.0.1j-hobbled.tar.xz
+/openssl-1.0.1k-hobbled.tar.xz
diff --git a/openssl-1.0.1k-dtls1-abi.patch b/openssl-1.0.1k-dtls1-abi.patch
new file mode 100644
index 0000000..e89ceba
--- /dev/null
+++ b/openssl-1.0.1k-dtls1-abi.patch
@@ -0,0 +1,26 @@
+diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h
+--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi 2015-01-09 09:58:59.332596897 +0100
++++ openssl-1.0.1k/ssl/dtls1.h 2015-01-09 10:02:34.908472320 +0100
+@@ -231,10 +231,6 @@ typedef struct dtls1_state_st
+ */
+ record_pqueue buffered_app_data;
+
+- /* Is set when listening for new connections with dtls1_listen() */
+- unsigned int listen;
+-
+- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
+ unsigned int mtu; /* max DTLS packet size */
+
+ struct hm_header_st w_msg_hdr;
+@@ -262,6 +258,11 @@ typedef struct dtls1_state_st
+ */
+ unsigned int change_cipher_spec_ok;
+
++ /* Is set when listening for new connections with dtls1_listen() */
++ unsigned int listen;
++
++ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
++
+ #ifndef OPENSSL_NO_SCTP
+ /* used when SSL_ST_XX_FLUSH is entered */
+ int next_state;
diff --git a/openssl-1.0.1e-ecc-suiteb.patch b/openssl-1.0.1k-ecc-suiteb.patch
similarity index 74%
rename from openssl-1.0.1e-ecc-suiteb.patch
rename to openssl-1.0.1k-ecc-suiteb.patch
index dc87b00..bf0065f 100644
--- a/openssl-1.0.1e-ecc-suiteb.patch
+++ b/openssl-1.0.1k-ecc-suiteb.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
---- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100
-+++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100
+diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c
+--- openssl-1.0.1k/apps/speed.c.suiteb 2015-01-09 10:03:38.406908388 +0100
++++ openssl-1.0.1k/apps/speed.c 2015-01-09 10:03:38.602912821 +0100
@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
else
#endif
@@ -87,38 +87,44 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
ecdh_doit[i]=1;
#endif
}
-diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
---- openssl-1.0.1e/ssl/t1_lib.c.suiteb 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/ssl/t1_lib.c 2013-11-08 18:05:27.551617554 +0100
-@@ -204,31 +204,9 @@ static int nid_list[] =
-
- static int pref_list[] =
- {
-- NID_sect571r1, /* sect571r1 (14) */
-- NID_sect571k1, /* sect571k1 (13) */
- NID_secp521r1, /* secp521r1 (25) */
-- NID_sect409k1, /* sect409k1 (11) */
-- NID_sect409r1, /* sect409r1 (12) */
- NID_secp384r1, /* secp384r1 (24) */
-- NID_sect283k1, /* sect283k1 (9) */
-- NID_sect283r1, /* sect283r1 (10) */
+diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c
+--- openssl-1.0.1k/ssl/t1_lib.c.suiteb 2015-01-09 10:03:38.603912844 +0100
++++ openssl-1.0.1k/ssl/t1_lib.c 2015-01-09 10:06:35.470912834 +0100
+@@ -218,29 +218,21 @@ static int pref_list[] =
+ NID_sect283k1, /* sect283k1 (9) */
+ NID_sect283r1, /* sect283r1 (10) */
+ #endif
- NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
-- NID_sect239k1, /* sect239k1 (8) */
-- NID_sect233k1, /* sect233k1 (6) */
-- NID_sect233r1, /* sect233r1 (7) */
+ #ifndef OPENSSL_NO_EC2M
+ NID_sect239k1, /* sect239k1 (8) */
+ NID_sect233k1, /* sect233k1 (6) */
+ NID_sect233r1, /* sect233r1 (7) */
+ #endif
- NID_secp224k1, /* secp224k1 (20) */
- NID_secp224r1, /* secp224r1 (21) */
-- NID_sect193r1, /* sect193r1 (4) */
-- NID_sect193r2, /* sect193r2 (5) */
+ #ifndef OPENSSL_NO_EC2M
+ NID_sect193r1, /* sect193r1 (4) */
+ NID_sect193r2, /* sect193r2 (5) */
+ #endif
- NID_secp192k1, /* secp192k1 (18) */
- NID_X9_62_prime192v1, /* secp192r1 (19) */
-- NID_sect163k1, /* sect163k1 (1) */
-- NID_sect163r1, /* sect163r1 (2) */
-- NID_sect163r2, /* sect163r2 (3) */
+ #ifndef OPENSSL_NO_EC2M
+ NID_sect163k1, /* sect163k1 (1) */
+ NID_sect163r1, /* sect163r1 (2) */
+ NID_sect163r2, /* sect163r2 (3) */
+ #endif
- NID_secp160k1, /* secp160k1 (15) */
- NID_secp160r1, /* secp160r1 (16) */
- NID_secp160r2, /* secp160r2 (17) */
};
int tls1_ec_curve_id2nid(int curve_id)
+@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL *
+ s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+ s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+
+- /* we support all named elliptic curves in RFC 4492 */
+ if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
+ s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
+ if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
diff --git a/openssl-1.0.1j-ephemeral-key-size.patch b/openssl-1.0.1k-ephemeral-key-size.patch
similarity index 71%
rename from openssl-1.0.1j-ephemeral-key-size.patch
rename to openssl-1.0.1k-ephemeral-key-size.patch
index e8e8dbb..23d4f33 100644
--- a/openssl-1.0.1j-ephemeral-key-size.patch
+++ b/openssl-1.0.1k-ephemeral-key-size.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
---- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200
-+++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200
+diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h
+--- openssl-1.0.1k/apps/s_apps.h.ephemeral 2015-01-09 10:22:03.289896211 +0100
++++ openssl-1.0.1k/apps/s_apps.h 2015-01-09 10:22:03.373898111 +0100
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
@@ -9,9 +9,9 @@ diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
int extract_host_port(char *str,char **host_ptr,char **port_ptr);
-diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
---- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200
+diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c
+--- openssl-1.0.1k/apps/s_cb.c.ephemeral 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/s_cb.c 2015-01-09 10:22:03.373898111 +0100
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
}
}
@@ -51,10 +51,10 @@ diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
{
-diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
---- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200
-+++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200
-@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s
+diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c
+--- openssl-1.0.1k/apps/s_client.c.ephemeral 2015-01-09 10:22:03.367897975 +0100
++++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:22:03.373898111 +0100
+@@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s
BIO_write(bio,"\n",1);
}
@@ -63,18 +63,18 @@ diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
-diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
---- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200
-+++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200
-@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h
+--- openssl-1.0.1k/ssl/ssl.h.ephemeral 2015-01-09 10:22:03.358897772 +0100
++++ openssl-1.0.1k/ssl/ssl.h 2015-01-09 10:25:08.644088146 +0100
+@@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define SSL_CTRL_CHECK_PROTO_VERSION 119
-
- #define DTLSv1_get_timeout(ssl, arg) \
-@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+ #define DTLS_CTRL_SET_LINK_MTU 120
+ #define DTLS_CTRL_GET_LINK_MIN_MTU 121
+@@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
@@ -84,9 +84,9 @@ diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c
---- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200
-+++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200
+diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c
+--- openssl-1.0.1k/ssl/s3_lib.c.ephemeral 2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/ssl/s3_lib.c 2015-01-09 10:22:03.374898133 +0100
@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
#endif /* !OPENSSL_NO_TLSEXT */
diff --git a/openssl-1.0.1j-fips.patch b/openssl-1.0.1k-fips.patch
similarity index 95%
rename from openssl-1.0.1j-fips.patch
rename to openssl-1.0.1k-fips.patch
index dff6aca..f75329c 100644
--- a/openssl-1.0.1j-fips.patch
+++ b/openssl-1.0.1k-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c
---- openssl-1.0.1j/apps/speed.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/apps/speed.c 2014-10-16 13:19:35.084306085 +0200
+diff -up openssl-1.0.1k/apps/speed.c.fips openssl-1.0.1k/apps/speed.c
+--- openssl-1.0.1k/apps/speed.c.fips 2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/apps/speed.c 2015-01-09 09:51:51.538921997 +0100
@@ -195,7 +195,6 @@
#ifdef OPENSSL_DOING_MAKEDEPEND
#undef AES_set_encrypt_key
@@ -126,10 +126,10 @@ diff -up openssl-1.0.1j/apps/speed.c.fips openssl-1.0.1j/apps/speed.c
HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
16,EVP_md5(), NULL);
-diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure
---- openssl-1.0.1j/Configure.fips 2014-10-16 13:19:35.056305452 +0200
-+++ openssl-1.0.1j/Configure 2014-10-16 13:19:35.084306085 +0200
-@@ -998,11 +998,6 @@ if (defined($disabled{"md5"}) || defined
+diff -up openssl-1.0.1k/Configure.fips openssl-1.0.1k/Configure
+--- openssl-1.0.1k/Configure.fips 2015-01-09 09:51:51.257915642 +0100
++++ openssl-1.0.1k/Configure 2015-01-09 09:51:51.539922020 +0100
+@@ -1003,11 +1003,6 @@ if (defined($disabled{"md5"}) || defined
$disabled{"ssl2"} = "forced";
}
@@ -141,7 +141,7 @@ diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure
# RSAX ENGINE sets default non-FIPS RSA method.
if ($fips)
{
-@@ -1477,7 +1472,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
+@@ -1482,7 +1477,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
@@ -149,7 +149,7 @@ diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
-@@ -1664,9 +1658,12 @@ while (<IN>)
+@@ -1669,9 +1663,12 @@ while (<IN>)
s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
@@ -163,9 +163,9 @@ diff -up openssl-1.0.1j/Configure.fips openssl-1.0.1j/Configure
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes_misc.c
---- openssl-1.0.1j/crypto/aes/aes_misc.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/aes/aes_misc.c 2014-10-16 13:19:35.085306107 +0200
+diff -up openssl-1.0.1k/crypto/aes/aes_misc.c.fips openssl-1.0.1k/crypto/aes/aes_misc.c
+--- openssl-1.0.1k/crypto/aes/aes_misc.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/aes/aes_misc.c 2015-01-09 09:51:51.539922020 +0100
@@ -69,17 +69,11 @@ const char *AES_options(void) {
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key)
@@ -184,9 +184,9 @@ diff -up openssl-1.0.1j/crypto/aes/aes_misc.c.fips openssl-1.0.1j/crypto/aes/aes
-#endif
return private_AES_set_decrypt_key(userKey, bits, key);
}
-diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac.c
---- openssl-1.0.1j/crypto/cmac/cmac.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/cmac/cmac.c 2014-10-16 13:19:35.085306107 +0200
+diff -up openssl-1.0.1k/crypto/cmac/cmac.c.fips openssl-1.0.1k/crypto/cmac/cmac.c
+--- openssl-1.0.1k/crypto/cmac/cmac.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/cmac/cmac.c 2015-01-09 09:51:51.540922042 +0100
@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
void CMAC_CTX_cleanup(CMAC_CTX *ctx)
@@ -235,9 +235,9 @@ diff -up openssl-1.0.1j/crypto/cmac/cmac.c.fips openssl-1.0.1j/crypto/cmac/cmac.
if (ctx->nlast_block == -1)
return 0;
bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h
---- openssl-1.0.1j/crypto/crypto.h.fips 2014-10-16 13:19:34.918302337 +0200
-+++ openssl-1.0.1j/crypto/crypto.h 2014-10-16 13:19:35.085306107 +0200
+diff -up openssl-1.0.1k/crypto/crypto.h.fips openssl-1.0.1k/crypto/crypto.h
+--- openssl-1.0.1k/crypto/crypto.h.fips 2015-01-09 09:51:51.138912950 +0100
++++ openssl-1.0.1k/crypto/crypto.h 2015-01-09 09:51:51.540922042 +0100
@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
void OPENSSL_init(void);
@@ -283,9 +283,9 @@ diff -up openssl-1.0.1j/crypto/crypto.h.fips openssl-1.0.1j/crypto/crypto.h
/* Error codes for the CRYPTO functions. */
/* Function codes. */
-diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h
---- openssl-1.0.1j/crypto/des/des.h.fips 2014-10-16 13:19:34.967303443 +0200
-+++ openssl-1.0.1j/crypto/des/des.h 2014-10-16 13:19:35.085306107 +0200
+diff -up openssl-1.0.1k/crypto/des/des.h.fips openssl-1.0.1k/crypto/des/des.h
+--- openssl-1.0.1k/crypto/des/des.h.fips 2015-01-09 09:51:51.168913629 +0100
++++ openssl-1.0.1k/crypto/des/des.h 2015-01-09 09:51:51.540922042 +0100
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
@@ -296,9 +296,9 @@ diff -up openssl-1.0.1j/crypto/des/des.h.fips openssl-1.0.1j/crypto/des/des.h
void DES_string_to_key(const char *str,DES_cblock *key);
void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_key.c
---- openssl-1.0.1j/crypto/des/set_key.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/des/set_key.c 2014-10-16 13:19:35.085306107 +0200
+diff -up openssl-1.0.1k/crypto/des/set_key.c.fips openssl-1.0.1k/crypto/des/set_key.c
+--- openssl-1.0.1k/crypto/des/set_key.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/des/set_key.c 2015-01-09 09:51:51.541922065 +0100
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock
}
@@ -313,9 +313,9 @@ diff -up openssl-1.0.1j/crypto/des/set_key.c.fips openssl-1.0.1j/crypto/des/set_
{
static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
register DES_LONG c,d,t,s,t2;
-diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen.c
---- openssl-1.0.1j/crypto/dh/dh_gen.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dh/dh_gen.c 2014-10-16 13:19:35.085306107 +0200
+diff -up openssl-1.0.1k/crypto/dh/dh_gen.c.fips openssl-1.0.1k/crypto/dh/dh_gen.c
+--- openssl-1.0.1k/crypto/dh/dh_gen.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dh/dh_gen.c 2015-01-09 09:51:51.541922065 +0100
@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
#endif
if(ret->meth->generate_params)
@@ -349,9 +349,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh_gen.c.fips openssl-1.0.1j/crypto/dh/dh_gen.
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
-diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h
---- openssl-1.0.1j/crypto/dh/dh.h.fips 2014-10-16 13:19:34.887301637 +0200
-+++ openssl-1.0.1j/crypto/dh/dh.h 2014-10-16 13:19:35.086306130 +0200
+diff -up openssl-1.0.1k/crypto/dh/dh.h.fips openssl-1.0.1k/crypto/dh/dh.h
+--- openssl-1.0.1k/crypto/dh/dh.h.fips 2015-01-09 09:51:51.112912362 +0100
++++ openssl-1.0.1k/crypto/dh/dh.h 2015-01-09 09:51:51.541922065 +0100
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -369,9 +369,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh.h.fips openssl-1.0.1j/crypto/dh/dh.h
DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
int i2d_DHparams(const DH *a,unsigned char **pp);
#ifndef OPENSSL_NO_FP_API
-diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key.c
---- openssl-1.0.1j/crypto/dh/dh_key.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dh/dh_key.c 2014-10-16 13:19:35.086306130 +0200
+diff -up openssl-1.0.1k/crypto/dh/dh_key.c.fips openssl-1.0.1k/crypto/dh/dh_key.c
+--- openssl-1.0.1k/crypto/dh/dh_key.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dh/dh_key.c 2015-01-09 09:51:51.542922087 +0100
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -452,9 +452,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh_key.c.fips openssl-1.0.1j/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib.c
---- openssl-1.0.1j/crypto/dh/dh_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dh/dh_lib.c 2014-10-16 13:19:35.086306130 +0200
+diff -up openssl-1.0.1k/crypto/dh/dh_lib.c.fips openssl-1.0.1k/crypto/dh/dh_lib.c
+--- openssl-1.0.1k/crypto/dh/dh_lib.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dh/dh_lib.c 2015-01-09 09:51:51.542922087 +0100
@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
{
if(!default_DH_method)
@@ -470,9 +470,9 @@ diff -up openssl-1.0.1j/crypto/dh/dh_lib.c.fips openssl-1.0.1j/crypto/dh/dh_lib.
}
return default_DH_method;
}
-diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_err.c
---- openssl-1.0.1j/crypto/dsa/dsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_err.c 2014-10-16 13:19:35.086306130 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_err.c.fips openssl-1.0.1k/crypto/dsa/dsa_err.c
+--- openssl-1.0.1k/crypto/dsa/dsa_err.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_err.c 2015-01-09 09:51:51.542922087 +0100
@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -491,9 +491,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_err.c.fips openssl-1.0.1j/crypto/dsa/dsa_
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_gen.c
---- openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_gen.c 2014-10-16 13:19:35.086306130 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_gen.c.fips openssl-1.0.1k/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1k/crypto/dsa/dsa_gen.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_gen.c 2015-01-09 09:51:51.543922110 +0100
@@ -85,6 +85,14 @@
#include <openssl/fips.h>
#endif
@@ -900,9 +900,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_gen.c.fips openssl-1.0.1j/crypto/dsa/dsa_
}
if (mont != NULL) BN_MONT_CTX_free(mont);
return ok;
-diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h
---- openssl-1.0.1j/crypto/dsa/dsa.h.fips 2014-10-16 13:19:34.791299470 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa.h 2014-10-16 13:19:35.087306152 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa.h.fips openssl-1.0.1k/crypto/dsa/dsa.h
+--- openssl-1.0.1k/crypto/dsa/dsa.h.fips 2015-01-09 09:51:51.033910576 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa.h 2015-01-09 09:51:51.543922110 +0100
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
@@ -963,9 +963,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa.h.fips openssl-1.0.1j/crypto/dsa/dsa.h
#define DSA_R_PARAMETER_ENCODING_ERROR 105
#ifdef __cplusplus
-diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_key.c
---- openssl-1.0.1j/crypto/dsa/dsa_key.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_key.c 2014-10-16 13:19:35.087306152 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_key.c.fips openssl-1.0.1k/crypto/dsa/dsa_key.c
+--- openssl-1.0.1k/crypto/dsa/dsa_key.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_key.c 2015-01-09 09:51:51.543922110 +0100
@@ -66,6 +66,35 @@
#ifdef OPENSSL_FIPS
@@ -1044,9 +1044,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_key.c.fips openssl-1.0.1j/crypto/dsa/dsa_
ok=1;
err:
-diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_lib.c
---- openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_lib.c 2014-10-16 13:19:35.087306152 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_lib.c.fips openssl-1.0.1k/crypto/dsa/dsa_lib.c
+--- openssl-1.0.1k/crypto/dsa/dsa_lib.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_lib.c 2015-01-09 09:51:51.543922110 +0100
@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
{
if(!default_DSA_method)
@@ -1062,18 +1062,18 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_lib.c.fips openssl-1.0.1j/crypto/dsa/dsa_
}
return default_DSA_method;
}
-diff -up openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips openssl-1.0.1j/crypto/dsa/dsa_locl.h
---- openssl-1.0.1j/crypto/dsa/dsa_locl.h.fips 2014-10-16 13:19:34.792299493 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_locl.h 2014-10-16 13:19:35.087306152 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_locl.h.fips openssl-1.0.1k/crypto/dsa/dsa_locl.h
+--- openssl-1.0.1k/crypto/dsa/dsa_locl.h.fips 2015-01-09 09:51:51.035910621 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_locl.h 2015-01-09 09:51:51.544922133 +0100
@@ -56,5 +56,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa_ossl.c
---- openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_ossl.c 2014-10-16 13:19:35.087306152 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1k/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.1k/crypto/dsa/dsa_ossl.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_ossl.c 2015-01-09 09:51:51.544922133 +0100
@@ -65,6 +65,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -1147,9 +1147,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1j/crypto/dsa/dsa
dsa->flags|=DSA_FLAG_CACHE_MONT_P;
return(1);
}
-diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/dsa_pmeth.c
---- openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c 2014-10-16 13:19:35.087306152 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1k/crypto/dsa/dsa_pmeth.c
+--- openssl-1.0.1k/crypto/dsa/dsa_pmeth.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsa_pmeth.c 2015-01-09 09:51:51.544922133 +0100
@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
if (!dsa)
return 0;
@@ -1159,9 +1159,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1j/crypto/dsa/ds
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
else
-diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsatest.c
---- openssl-1.0.1j/crypto/dsa/dsatest.c.fips 2014-10-15 14:51:06.000000000 +0200
-+++ openssl-1.0.1j/crypto/dsa/dsatest.c 2014-10-16 13:19:35.088306175 +0200
+diff -up openssl-1.0.1k/crypto/dsa/dsatest.c.fips openssl-1.0.1k/crypto/dsa/dsatest.c
+--- openssl-1.0.1k/crypto/dsa/dsatest.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/dsa/dsatest.c 2015-01-09 09:51:51.545922155 +0100
@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -1246,9 +1246,9 @@ diff -up openssl-1.0.1j/crypto/dsa/dsatest.c.fips openssl-1.0.1j/crypto/dsa/dsat
goto end;
}
if (h != 2)
-diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engine/eng_all.c
---- openssl-1.0.1j/crypto/engine/eng_all.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/engine/eng_all.c 2014-10-16 13:19:35.088306175 +0200
+diff -up openssl-1.0.1k/crypto/engine/eng_all.c.fips openssl-1.0.1k/crypto/engine/eng_all.c
+--- openssl-1.0.1k/crypto/engine/eng_all.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/engine/eng_all.c 2015-01-09 09:51:51.545922155 +0100
@@ -58,11 +58,25 @@
#include "cryptlib.h"
@@ -1275,9 +1275,9 @@ diff -up openssl-1.0.1j/crypto/engine/eng_all.c.fips openssl-1.0.1j/crypto/engin
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be
-diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_allc.c
---- openssl-1.0.1j/crypto/evp/c_allc.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/c_allc.c 2014-10-16 13:19:35.088306175 +0200
+diff -up openssl-1.0.1k/crypto/evp/c_allc.c.fips openssl-1.0.1k/crypto/evp/c_allc.c
+--- openssl-1.0.1k/crypto/evp/c_allc.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/c_allc.c 2015-01-09 09:51:51.545922155 +0100
@@ -65,6 +65,11 @@
void OpenSSL_add_all_ciphers(void)
{
@@ -1351,9 +1351,9 @@ diff -up openssl-1.0.1j/crypto/evp/c_allc.c.fips openssl-1.0.1j/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_alld.c
---- openssl-1.0.1j/crypto/evp/c_alld.c.fips 2014-10-15 14:51:06.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/c_alld.c 2014-10-16 13:19:35.088306175 +0200
+diff -up openssl-1.0.1k/crypto/evp/c_alld.c.fips openssl-1.0.1k/crypto/evp/c_alld.c
+--- openssl-1.0.1k/crypto/evp/c_alld.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/c_alld.c 2015-01-09 09:51:51.545922155 +0100
@@ -64,6 +64,11 @@
void OpenSSL_add_all_digests(void)
@@ -1399,9 +1399,9 @@ diff -up openssl-1.0.1j/crypto/evp/c_alld.c.fips openssl-1.0.1j/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/digest.c
---- openssl-1.0.1j/crypto/evp/digest.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/digest.c 2014-10-16 13:19:35.088306175 +0200
+diff -up openssl-1.0.1k/crypto/evp/digest.c.fips openssl-1.0.1k/crypto/evp/digest.c
+--- openssl-1.0.1k/crypto/evp/digest.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/digest.c 2015-01-09 09:51:51.546922178 +0100
@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
return EVP_DigestInit_ex(ctx, type, NULL);
}
@@ -1550,9 +1550,9 @@ diff -up openssl-1.0.1j/crypto/evp/digest.c.fips openssl-1.0.1j/crypto/evp/diges
memset(ctx,'\0',sizeof *ctx);
return 1;
-diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes.c
---- openssl-1.0.1j/crypto/evp/e_aes.c.fips 2014-10-16 13:19:35.048305272 +0200
-+++ openssl-1.0.1j/crypto/evp/e_aes.c 2014-10-16 13:19:35.089306198 +0200
+diff -up openssl-1.0.1k/crypto/evp/e_aes.c.fips openssl-1.0.1k/crypto/evp/e_aes.c
+--- openssl-1.0.1k/crypto/evp/e_aes.c.fips 2015-01-09 09:51:51.250915484 +0100
++++ openssl-1.0.1k/crypto/evp/e_aes.c 2015-01-09 09:51:51.546922178 +0100
@@ -56,7 +56,6 @@
#include <assert.h>
#include <openssl/aes.h>
@@ -1584,9 +1584,9 @@ diff -up openssl-1.0.1j/crypto/evp/e_aes.c.fips openssl-1.0.1j/crypto/evp/e_aes.
#endif
-#endif
-diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des3.c
---- openssl-1.0.1j/crypto/evp/e_des3.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/e_des3.c 2014-10-16 13:19:35.089306198 +0200
+diff -up openssl-1.0.1k/crypto/evp/e_des3.c.fips openssl-1.0.1k/crypto/evp/e_des3.c
+--- openssl-1.0.1k/crypto/evp/e_des3.c.fips 2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/e_des3.c 2015-01-09 09:51:51.547922201 +0100
@@ -65,8 +65,6 @@
#include <openssl/des.h>
#include <openssl/rand.h>
@@ -1596,7 +1596,7 @@ diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv,int enc);
-@@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
+@@ -207,9 +205,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
}
BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
@@ -1609,7 +1609,7 @@ diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des
des3_ctrl)
#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
-@@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
+@@ -218,21 +216,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
#define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
@@ -1640,14 +1640,14 @@ diff -up openssl-1.0.1j/crypto/evp/e_des3.c.fips openssl-1.0.1j/crypto/evp/e_des
des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-@@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void)
+@@ -315,4 +313,3 @@ const EVP_CIPHER *EVP_des_ede3(void)
return &des_ede3_ecb;
}
#endif
-#endif
-diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_null.c
---- openssl-1.0.1j/crypto/evp/e_null.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/e_null.c 2014-10-16 13:19:35.089306198 +0200
+diff -up openssl-1.0.1k/crypto/evp/e_null.c.fips openssl-1.0.1k/crypto/evp/e_null.c
+--- openssl-1.0.1k/crypto/evp/e_null.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/e_null.c 2015-01-09 09:51:51.547922201 +0100
@@ -61,8 +61,6 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -1671,11 +1671,11 @@ diff -up openssl-1.0.1j/crypto/evp/e_null.c.fips openssl-1.0.1j/crypto/evp/e_nul
return 1;
}
-#endif
-diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_enc.c
---- openssl-1.0.1j/crypto/evp/evp_enc.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/evp_enc.c 2014-10-16 13:21:57.064511350 +0200
-@@ -70,17 +70,58 @@
- #include "constant_time_locl.h"
+diff -up openssl-1.0.1k/crypto/evp/evp_enc.c.fips openssl-1.0.1k/crypto/evp/evp_enc.c
+--- openssl-1.0.1k/crypto/evp/evp_enc.c.fips 2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/evp_enc.c 2015-01-09 09:57:57.393196087 +0100
+@@ -69,17 +69,58 @@
+ #endif
#include "evp_locl.h"
-#ifdef OPENSSL_FIPS
@@ -1737,7 +1737,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
memset(ctx,0,sizeof(EVP_CIPHER_CTX));
/* ctx->cipher=NULL; */
}
-@@ -112,6 +153,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
enc = 1;
ctx->encrypt = enc;
}
@@ -1752,7 +1752,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
-@@ -170,10 +219,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
ctx->engine = NULL;
#endif
@@ -1763,7 +1763,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
-@@ -207,10 +252,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
@@ -1774,7 +1774,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
-@@ -250,6 +291,22 @@ skip_to_init:
+@@ -249,6 +290,22 @@ skip_to_init:
}
}
@@ -1797,7 +1797,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
}
-@@ -575,7 +632,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
+@@ -573,7 +630,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
{
@@ -1805,7 +1805,7 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
if (c->cipher != NULL)
{
if(c->cipher->cleanup && !c->cipher->cleanup(c))
-@@ -586,16 +642,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
+@@ -584,16 +640,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
}
if (c->cipher_data)
OPENSSL_free(c->cipher_data);
@@ -1822,9 +1822,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp_enc.c.fips openssl-1.0.1j/crypto/evp/evp_
memset(c,0,sizeof(EVP_CIPHER_CTX));
return 1;
}
-diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h
---- openssl-1.0.1j/crypto/evp/evp.h.fips 2014-10-16 13:19:34.940302834 +0200
-+++ openssl-1.0.1j/crypto/evp/evp.h 2014-10-16 13:19:35.090306220 +0200
+diff -up openssl-1.0.1k/crypto/evp/evp.h.fips openssl-1.0.1k/crypto/evp/evp.h
+--- openssl-1.0.1k/crypto/evp/evp.h.fips 2015-01-09 09:51:51.150913222 +0100
++++ openssl-1.0.1k/crypto/evp/evp.h 2015-01-09 09:51:51.548922223 +0100
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
@@ -1877,9 +1877,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp.h.fips openssl-1.0.1j/crypto/evp/evp.h
/* Cipher handles any and all padding logic as well
* as finalisation.
*/
-diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_lib.c
---- openssl-1.0.1j/crypto/evp/evp_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/evp_lib.c 2014-10-16 13:19:35.090306220 +0200
+diff -up openssl-1.0.1k/crypto/evp/evp_lib.c.fips openssl-1.0.1k/crypto/evp/evp_lib.c
+--- openssl-1.0.1k/crypto/evp/evp_lib.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/evp_lib.c 2015-01-09 09:51:51.548922223 +0100
@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
@@ -1890,9 +1890,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp_lib.c.fips openssl-1.0.1j/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
-diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp_locl.h
---- openssl-1.0.1j/crypto/evp/evp_locl.h.fips 2014-10-16 13:19:34.933302676 +0200
-+++ openssl-1.0.1j/crypto/evp/evp_locl.h 2014-10-16 13:19:35.090306220 +0200
+diff -up openssl-1.0.1k/crypto/evp/evp_locl.h.fips openssl-1.0.1k/crypto/evp/evp_locl.h
+--- openssl-1.0.1k/crypto/evp/evp_locl.h.fips 2015-01-09 09:51:51.147913154 +0100
++++ openssl-1.0.1k/crypto/evp/evp_locl.h 2015-01-09 09:51:51.549922246 +0100
@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
@@ -1927,9 +1927,9 @@ diff -up openssl-1.0.1j/crypto/evp/evp_locl.h.fips openssl-1.0.1j/crypto/evp/evp
#define Camellia_set_key private_Camellia_set_key
#endif
-diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makefile
---- openssl-1.0.1j/crypto/evp/Makefile.fips 2014-10-15 14:54:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/Makefile 2014-10-16 13:19:35.090306220 +0200
+diff -up openssl-1.0.1k/crypto/evp/Makefile.fips openssl-1.0.1k/crypto/evp/Makefile
+--- openssl-1.0.1k/crypto/evp/Makefile.fips 2015-01-08 15:03:32.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/Makefile 2015-01-09 09:51:51.549922246 +0100
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -1948,9 +1948,9 @@ diff -up openssl-1.0.1j/crypto/evp/Makefile.fips openssl-1.0.1j/crypto/evp/Makef
e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
SRC= $(LIBSRC)
-diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss.c
---- openssl-1.0.1j/crypto/evp/m_dss.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/m_dss.c 2014-10-16 13:19:35.090306220 +0200
+diff -up openssl-1.0.1k/crypto/evp/m_dss.c.fips openssl-1.0.1k/crypto/evp/m_dss.c
+--- openssl-1.0.1k/crypto/evp/m_dss.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/m_dss.c 2015-01-09 09:51:51.549922246 +0100
@@ -66,7 +66,6 @@
#endif
@@ -1973,9 +1973,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_dss.c.fips openssl-1.0.1j/crypto/evp/m_dss.
}
#endif
-#endif
-diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss1.c
---- openssl-1.0.1j/crypto/evp/m_dss1.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/m_dss1.c 2014-10-16 13:19:35.091306243 +0200
+diff -up openssl-1.0.1k/crypto/evp/m_dss1.c.fips openssl-1.0.1k/crypto/evp/m_dss1.c
+--- openssl-1.0.1k/crypto/evp/m_dss1.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/m_dss1.c 2015-01-09 09:51:51.549922246 +0100
@@ -68,8 +68,6 @@
#include <openssl/dsa.h>
#endif
@@ -1999,9 +1999,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_dss1.c.fips openssl-1.0.1j/crypto/evp/m_dss
}
#endif
-#endif
-diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2.c
---- openssl-1.0.1j/crypto/evp/m_md2.c.fips 2014-10-15 14:51:06.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/m_md2.c 2014-10-16 13:19:35.091306243 +0200
+diff -up openssl-1.0.1k/crypto/evp/m_md2.c.fips openssl-1.0.1k/crypto/evp/m_md2.c
+--- openssl-1.0.1k/crypto/evp/m_md2.c.fips 2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/crypto/evp/m_md2.c 2015-01-09 09:51:51.550922268 +0100
@@ -68,6 +68,7 @@
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
@@ -2010,9 +2010,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_md2.c.fips openssl-1.0.1j/crypto/evp/m_md2.
static int init(EVP_MD_CTX *ctx)
{ return MD2_Init(ctx->md_data); }
-diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha1.c
---- openssl-1.0.1j/crypto/evp/m_sha1.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/m_sha1.c 2014-10-16 13:19:35.091306243 +0200
+diff -up openssl-1.0.1k/crypto/evp/m_sha1.c.fips openssl-1.0.1k/crypto/evp/m_sha1.c
+--- openssl-1.0.1k/crypto/evp/m_sha1.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/m_sha1.c 2015-01-09 09:51:51.550922268 +0100
@@ -59,8 +59,6 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -2077,9 +2077,9 @@ diff -up openssl-1.0.1j/crypto/evp/m_sha1.c.fips openssl-1.0.1j/crypto/evp/m_sha
#endif /* ifndef OPENSSL_NO_SHA512 */
-#endif
-diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sign.c
---- openssl-1.0.1j/crypto/evp/p_sign.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/p_sign.c 2014-10-16 13:19:35.091306243 +0200
+diff -up openssl-1.0.1k/crypto/evp/p_sign.c.fips openssl-1.0.1k/crypto/evp/p_sign.c
+--- openssl-1.0.1k/crypto/evp/p_sign.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/p_sign.c 2015-01-09 09:51:51.550922268 +0100
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2111,9 +2111,9 @@ diff -up openssl-1.0.1j/crypto/evp/p_sign.c.fips openssl-1.0.1j/crypto/evp/p_sig
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
-diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_verify.c
---- openssl-1.0.1j/crypto/evp/p_verify.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/evp/p_verify.c 2014-10-16 13:19:35.091306243 +0200
+diff -up openssl-1.0.1k/crypto/evp/p_verify.c.fips openssl-1.0.1k/crypto/evp/p_verify.c
+--- openssl-1.0.1k/crypto/evp/p_verify.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/evp/p_verify.c 2015-01-09 09:51:51.550922268 +0100
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -2145,9 +2145,9 @@ diff -up openssl-1.0.1j/crypto/evp/p_verify.c.fips openssl-1.0.1j/crypto/evp/p_v
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
EVP_PKEY_CTX_free(pkctx);
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips 2014-10-16 13:19:35.092306265 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c 2014-10-16 13:19:35.092306265 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c.fips 2015-01-09 09:51:51.551922291 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_aesavs.c 2015-01-09 09:51:51.551922291 +0100
@@ -0,0 +1,939 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -3088,9 +3088,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1j/crypt
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips 2014-10-16 13:19:35.092306265 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c 2014-10-16 13:19:35.092306265 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c.fips 2015-01-09 09:51:51.552922314 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_cmactest.c 2015-01-09 09:51:51.552922314 +0100
@@ -0,0 +1,517 @@
+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -3609,9 +3609,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1j/cry
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips 2014-10-16 13:19:35.092306265 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c 2014-10-16 13:19:35.092306265 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c.fips 2015-01-09 09:51:51.552922314 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_desmovs.c 2015-01-09 09:51:51.552922314 +0100
@@ -0,0 +1,702 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -4315,9 +4315,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1j/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips 2014-10-16 13:19:35.093306288 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c 2014-10-16 13:19:35.093306288 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c.fips 2015-01-09 09:51:51.553922336 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_dhvs.c 2015-01-09 09:51:51.553922336 +0100
@@ -0,0 +1,292 @@
+/* fips/dh/fips_dhvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4611,9 +4611,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1j/crypto/
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips 2014-10-16 13:19:35.093306288 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c 2014-10-16 13:19:35.093306288 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c.fips 2015-01-09 09:51:51.553922336 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_drbgvs.c 2015-01-09 09:51:51.553922336 +0100
@@ -0,0 +1,416 @@
+/* fips/rand/fips_drbgvs.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5031,9 +5031,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1j/crypt
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips 2014-10-16 13:19:35.093306288 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c 2014-10-16 13:19:35.093306288 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c.fips 2015-01-09 09:51:51.553922336 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_dssvs.c 2015-01-09 09:51:51.553922336 +0100
@@ -0,0 +1,537 @@
+#include <openssl/opensslconf.h>
+
@@ -5572,9 +5572,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1j/crypto
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips 2014-10-16 13:19:35.094306310 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c 2014-10-16 13:19:35.093306288 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c.fips 2015-01-09 09:51:51.554922359 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_gcmtest.c 2015-01-09 09:51:51.554922359 +0100
@@ -0,0 +1,571 @@
+/* fips/aes/fips_gcmtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6147,9 +6147,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1j/cryp
+}
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips 2014-10-16 13:19:35.094306310 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c 2014-10-16 13:19:35.094306310 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c.fips 2015-01-09 09:51:51.554922359 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_rngvs.c 2015-01-09 09:51:51.554922359 +0100
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
@@ -6381,9 +6381,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1j/crypto
+ return 0;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips 2014-10-16 13:19:35.094306310 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c 2014-10-16 13:19:35.094306310 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c.fips 2015-01-09 09:51:51.555922381 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsagtest.c 2015-01-09 09:51:51.555922381 +0100
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -6775,9 +6775,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1j/cry
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips 2014-10-16 13:19:35.094306310 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c 2014-10-16 13:19:35.094306310 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c.fips 2015-01-09 09:51:51.555922381 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsastest.c 2015-01-09 09:51:51.555922381 +0100
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7149,9 +7149,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1j/cry
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips 2014-10-16 13:19:35.094306310 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c 2014-10-16 13:19:35.094306310 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c.fips 2015-01-09 09:51:51.555922381 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_rsavtest.c 2015-01-09 09:51:51.555922381 +0100
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7530,9 +7530,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1j/cry
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c
---- openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips 2014-10-16 13:19:35.095306333 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c 2014-10-16 13:19:35.095306333 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c.fips 2015-01-09 09:51:51.556922404 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_shatest.c 2015-01-09 09:51:51.556922404 +0100
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -7922,9 +7922,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1j/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/fips/cavs/fips_utl.h
---- openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips 2014-10-16 13:19:35.095306333 +0200
-+++ openssl-1.0.1j/crypto/fips/cavs/fips_utl.h 2014-10-16 13:19:35.095306333 +0200
+diff -up openssl-1.0.1k/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1k/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.1k/crypto/fips/cavs/fips_utl.h.fips 2015-01-09 09:51:51.556922404 +0100
++++ openssl-1.0.1k/crypto/fips/cavs/fips_utl.h 2015-01-09 09:51:51.556922404 +0100
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -8269,9 +8269,9 @@ diff -up openssl-1.0.1j/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1j/crypto/f
+#endif
+ }
+
-diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips 2014-10-16 13:19:35.095306333 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_aes_selftest.c 2014-10-16 13:19:35.095306333 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_aes_selftest.c.fips 2015-01-09 09:51:51.556922404 +0100
++++ openssl-1.0.1k/crypto/fips/fips_aes_selftest.c 2015-01-09 09:51:51.556922404 +0100
@@ -0,0 +1,359 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -8632,9 +8632,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1j/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips.c
---- openssl-1.0.1j/crypto/fips/fips.c.fips 2014-10-16 13:19:35.095306333 +0200
-+++ openssl-1.0.1j/crypto/fips/fips.c 2014-10-16 13:19:35.095306333 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips.c.fips openssl-1.0.1k/crypto/fips/fips.c
+--- openssl-1.0.1k/crypto/fips/fips.c.fips 2015-01-09 09:51:51.557922427 +0100
++++ openssl-1.0.1k/crypto/fips/fips.c 2015-01-09 09:51:51.557922427 +0100
@@ -0,0 +1,491 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9127,9 +9127,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips.c.fips openssl-1.0.1j/crypto/fips/fips.
+
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c 2014-10-16 13:19:35.096306356 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c.fips 2015-01-09 09:51:51.557922427 +0100
++++ openssl-1.0.1k/crypto/fips/fips_cmac_selftest.c 2015-01-09 09:51:51.557922427 +0100
@@ -0,0 +1,161 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9292,9 +9292,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1j/cry
+ return rv;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_des_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips 2014-10-16 13:19:35.096306356 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_des_selftest.c 2014-10-16 13:19:35.096306356 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_des_selftest.c.fips 2015-01-09 09:51:51.557922427 +0100
++++ openssl-1.0.1k/crypto/fips/fips_des_selftest.c 2015-01-09 09:51:51.557922427 +0100
@@ -0,0 +1,147 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9443,9 +9443,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1j/cryp
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips 2014-10-16 13:19:35.096306356 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c 2014-10-16 13:19:35.096306356 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c.fips 2015-01-09 09:51:51.558922449 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_ctr.c 2015-01-09 09:51:51.558922449 +0100
@@ -0,0 +1,436 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -9883,9 +9883,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1j/crypto/f
+
+ return 1;
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips 2014-10-16 13:19:35.096306356 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_hash.c 2014-10-16 13:19:35.096306356 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_hash.c
+--- openssl-1.0.1k/crypto/fips/fips_drbg_hash.c.fips 2015-01-09 09:51:51.558922449 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_hash.c 2015-01-09 09:51:51.558922449 +0100
@@ -0,0 +1,378 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10265,9 +10265,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1j/crypto/
+
+ return 1;
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips 2014-10-16 13:19:35.097306378 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c 2014-10-16 13:19:35.096306356 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c.fips 2015-01-09 09:51:51.559922472 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_hmac.c 2015-01-09 09:51:51.558922449 +0100
@@ -0,0 +1,281 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10550,9 +10550,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1j/crypto/
+
+ return 1;
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips 2014-10-16 13:19:35.097306378 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_lib.c 2014-10-16 13:19:35.097306378 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_lib.c
+--- openssl-1.0.1k/crypto/fips/fips_drbg_lib.c.fips 2015-01-09 09:51:51.559922472 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_lib.c 2015-01-09 09:51:51.559922472 +0100
@@ -0,0 +1,578 @@
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
@@ -11132,9 +11132,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1j/crypto/f
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips 2014-10-16 13:19:35.097306378 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_rand.c 2014-10-16 13:19:35.097306378 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1k/crypto/fips/fips_drbg_rand.c.fips 2015-01-09 09:51:51.559922472 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_rand.c 2015-01-09 09:51:51.559922472 +0100
@@ -0,0 +1,172 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -11308,9 +11308,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1j/crypto/
+ return &rand_drbg_meth;
+ }
+
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips 2014-10-16 13:19:35.097306378 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c 2014-10-16 13:19:35.097306378 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c.fips 2015-01-09 09:51:51.560922495 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_selftest.c 2015-01-09 09:51:51.560922495 +0100
@@ -0,0 +1,862 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -12174,9 +12174,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1j/cry
+ return rv;
+ }
+
-diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips 2014-10-16 13:19:35.098306401 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h 2014-10-16 13:19:35.098306401 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h.fips 2015-01-09 09:51:51.561922517 +0100
++++ openssl-1.0.1k/crypto/fips/fips_drbg_selftest.h 2015-01-09 09:51:51.561922517 +0100
@@ -0,0 +1,2335 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -14513,9 +14513,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1j/cry
+ 0xc2,0xd6,0xfd,0xa5
+ };
+
-diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c 2014-10-16 13:19:35.099306423 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c.fips 2015-01-09 09:51:51.562922540 +0100
++++ openssl-1.0.1k/crypto/fips/fips_dsa_selftest.c 2015-01-09 09:51:51.562922540 +0100
@@ -0,0 +1,193 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -14710,9 +14710,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1j/cryp
+ return ret;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/fips_enc.c
---- openssl-1.0.1j/crypto/fips/fips_enc.c.fips 2014-10-16 13:19:35.099306423 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_enc.c 2014-10-16 13:19:35.099306423 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_enc.c.fips openssl-1.0.1k/crypto/fips/fips_enc.c
+--- openssl-1.0.1k/crypto/fips/fips_enc.c.fips 2015-01-09 09:51:51.562922540 +0100
++++ openssl-1.0.1k/crypto/fips/fips_enc.c 2015-01-09 09:51:51.562922540 +0100
@@ -0,0 +1,191 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -14905,9 +14905,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_enc.c.fips openssl-1.0.1j/crypto/fips/f
+ }
+ }
+
-diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips.h
---- openssl-1.0.1j/crypto/fips/fips.h.fips 2014-10-16 13:19:35.099306423 +0200
-+++ openssl-1.0.1j/crypto/fips/fips.h 2014-10-16 13:19:35.099306423 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips.h.fips openssl-1.0.1k/crypto/fips/fips.h
+--- openssl-1.0.1k/crypto/fips/fips.h.fips 2015-01-09 09:51:51.562922540 +0100
++++ openssl-1.0.1k/crypto/fips/fips.h 2015-01-09 09:51:51.562922540 +0100
@@ -0,0 +1,279 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -15188,9 +15188,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips.h.fips openssl-1.0.1j/crypto/fips/fips.
+}
+#endif
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips 2014-10-16 13:19:35.099306423 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c 2014-10-16 13:19:35.099306423 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c.fips 2015-01-09 09:51:51.563922562 +0100
++++ openssl-1.0.1k/crypto/fips/fips_hmac_selftest.c 2015-01-09 09:51:51.563922562 +0100
@@ -0,0 +1,137 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -15329,9 +15329,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1j/cry
+ return 1;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/fips_locl.h
---- openssl-1.0.1j/crypto/fips/fips_locl.h.fips 2014-10-16 13:19:35.100306446 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_locl.h 2014-10-16 13:19:35.099306423 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_locl.h.fips openssl-1.0.1k/crypto/fips/fips_locl.h
+--- openssl-1.0.1k/crypto/fips/fips_locl.h.fips 2015-01-09 09:51:51.563922562 +0100
++++ openssl-1.0.1k/crypto/fips/fips_locl.h 2015-01-09 09:51:51.563922562 +0100
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15404,9 +15404,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_locl.h.fips openssl-1.0.1j/crypto/fips/
+}
+#endif
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fips_md.c
---- openssl-1.0.1j/crypto/fips/fips_md.c.fips 2014-10-16 13:19:35.100306446 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_md.c 2014-10-16 13:19:35.100306446 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_md.c.fips openssl-1.0.1k/crypto/fips/fips_md.c
+--- openssl-1.0.1k/crypto/fips/fips_md.c.fips 2015-01-09 09:51:51.563922562 +0100
++++ openssl-1.0.1k/crypto/fips/fips_md.c 2015-01-09 09:51:51.563922562 +0100
@@ -0,0 +1,145 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -15553,9 +15553,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_md.c.fips openssl-1.0.1j/crypto/fips/fi
+ return NULL;
+ }
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/fips_post.c
---- openssl-1.0.1j/crypto/fips/fips_post.c.fips 2014-10-16 13:19:35.100306446 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_post.c 2014-10-16 13:19:35.100306446 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_post.c.fips openssl-1.0.1k/crypto/fips/fips_post.c
+--- openssl-1.0.1k/crypto/fips/fips_post.c.fips 2015-01-09 09:51:51.563922562 +0100
++++ openssl-1.0.1k/crypto/fips/fips_post.c 2015-01-09 09:51:51.563922562 +0100
@@ -0,0 +1,205 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -15762,9 +15762,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips openssl-1.0.1j/crypto/fips/
+ return 1;
+ }
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/fips_rand.c
---- openssl-1.0.1j/crypto/fips/fips_rand.c.fips 2014-10-16 13:19:35.100306446 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rand.c 2014-10-16 13:19:35.100306446 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rand.c.fips openssl-1.0.1k/crypto/fips/fips_rand.c
+--- openssl-1.0.1k/crypto/fips/fips_rand.c.fips 2015-01-09 09:51:51.564922585 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rand.c 2015-01-09 09:51:51.564922585 +0100
@@ -0,0 +1,457 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -16223,9 +16223,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand.c.fips openssl-1.0.1j/crypto/fips/
+}
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/fips_rand.h
---- openssl-1.0.1j/crypto/fips/fips_rand.h.fips 2014-10-16 13:19:35.100306446 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rand.h 2014-10-16 13:19:35.100306446 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rand.h.fips openssl-1.0.1k/crypto/fips/fips_rand.h
+--- openssl-1.0.1k/crypto/fips/fips_rand.h.fips 2015-01-09 09:51:51.564922585 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rand.h 2015-01-09 09:51:51.564922585 +0100
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -16372,9 +16372,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand.h.fips openssl-1.0.1j/crypto/fips/
+#endif
+#endif
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips 2014-10-16 13:19:35.101306469 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rand_lcl.h 2014-10-16 13:19:35.101306469 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1k/crypto/fips/fips_rand_lcl.h
+--- openssl-1.0.1k/crypto/fips/fips_rand_lcl.h.fips 2015-01-09 09:51:51.564922585 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rand_lcl.h 2015-01-09 09:51:51.564922585 +0100
@@ -0,0 +1,219 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -16595,9 +16595,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1j/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/fips/fips_rand_lib.c
---- openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips 2014-10-16 13:19:35.101306469 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rand_lib.c 2014-10-16 13:19:35.101306469 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1k/crypto/fips/fips_rand_lib.c
+--- openssl-1.0.1k/crypto/fips/fips_rand_lib.c.fips 2015-01-09 09:51:51.565922608 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rand_lib.c 2015-01-09 09:51:51.565922608 +0100
@@ -0,0 +1,191 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -16790,9 +16790,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1j/crypto/f
+ }
+ return 0;
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips 2014-10-16 13:19:35.101306469 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rand_selftest.c 2014-10-16 13:19:35.101306469 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_rand_selftest.c.fips 2015-01-09 09:51:51.565922608 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rand_selftest.c 2015-01-09 09:51:51.565922608 +0100
@@ -0,0 +1,183 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -16977,9 +16977,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1j/cry
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/fips/fips_randtest.c
---- openssl-1.0.1j/crypto/fips/fips_randtest.c.fips 2014-10-16 13:19:35.101306469 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_randtest.c 2014-10-16 13:19:35.101306469 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_randtest.c.fips openssl-1.0.1k/crypto/fips/fips_randtest.c
+--- openssl-1.0.1k/crypto/fips/fips_randtest.c.fips 2015-01-09 09:51:51.565922608 +0100
++++ openssl-1.0.1k/crypto/fips/fips_randtest.c 2015-01-09 09:51:51.565922608 +0100
@@ -0,0 +1,250 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -17231,9 +17231,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_randtest.c.fips openssl-1.0.1j/crypto/f
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c 2014-10-16 13:19:35.102306491 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c.fips 2015-01-09 09:51:51.566922630 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rsa_selftest.c 2015-01-09 09:51:51.566922630 +0100
@@ -0,0 +1,444 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -17679,9 +17679,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1j/cryp
+ }
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips 2014-10-16 13:19:35.102306491 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c 2014-10-16 13:19:35.102306491 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c.fips 2015-01-09 09:51:51.566922630 +0100
++++ openssl-1.0.1k/crypto/fips/fips_rsa_x931g.c 2015-01-09 09:51:51.566922630 +0100
@@ -0,0 +1,282 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -17965,9 +17965,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1j/crypto/
+ return 0;
+
+ }
-diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips 2014-10-16 13:19:35.102306491 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_sha_selftest.c 2014-10-16 13:19:35.102306491 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1k/crypto/fips/fips_sha_selftest.c
+--- openssl-1.0.1k/crypto/fips/fips_sha_selftest.c.fips 2015-01-09 09:51:51.566922630 +0100
++++ openssl-1.0.1k/crypto/fips/fips_sha_selftest.c 2015-01-09 09:51:51.566922630 +0100
@@ -0,0 +1,140 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18109,9 +18109,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1j/cryp
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips 2014-10-16 13:19:35.102306491 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c 2014-10-16 13:19:35.102306491 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c.fips 2015-01-09 09:51:51.567922653 +0100
++++ openssl-1.0.1k/crypto/fips/fips_standalone_hmac.c 2015-01-09 09:51:51.567922653 +0100
@@ -0,0 +1,236 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18349,9 +18349,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1j/c
+ }
+
+
-diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto/fips/fips_test_suite.c
---- openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips 2014-10-16 13:19:35.103306514 +0200
-+++ openssl-1.0.1j/crypto/fips/fips_test_suite.c 2014-10-16 13:19:35.103306514 +0200
+diff -up openssl-1.0.1k/crypto/fips/fips_test_suite.c.fips openssl-1.0.1k/crypto/fips/fips_test_suite.c
+--- openssl-1.0.1k/crypto/fips/fips_test_suite.c.fips 2015-01-09 09:51:51.567922653 +0100
++++ openssl-1.0.1k/crypto/fips/fips_test_suite.c 2015-01-09 09:51:51.567922653 +0100
@@ -0,0 +1,588 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -18941,9 +18941,9 @@ diff -up openssl-1.0.1j/crypto/fips/fips_test_suite.c.fips openssl-1.0.1j/crypto
+ }
+
+#endif
-diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Makefile
---- openssl-1.0.1j/crypto/fips/Makefile.fips 2014-10-16 13:19:35.103306514 +0200
-+++ openssl-1.0.1j/crypto/fips/Makefile 2014-10-16 13:19:35.103306514 +0200
+diff -up openssl-1.0.1k/crypto/fips/Makefile.fips openssl-1.0.1k/crypto/fips/Makefile
+--- openssl-1.0.1k/crypto/fips/Makefile.fips 2015-01-09 09:51:51.568922675 +0100
++++ openssl-1.0.1k/crypto/fips/Makefile 2015-01-09 09:51:51.568922675 +0100
@@ -0,0 +1,341 @@
+#
+# OpenSSL/crypto/fips/Makefile
@@ -19286,9 +19286,9 @@ diff -up openssl-1.0.1j/crypto/fips/Makefile.fips openssl-1.0.1j/crypto/fips/Mak
+fips_sha_selftest.o: ../../include/openssl/safestack.h
+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
-diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac.c
---- openssl-1.0.1j/crypto/hmac/hmac.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/hmac/hmac.c 2014-10-16 13:19:35.103306514 +0200
+diff -up openssl-1.0.1k/crypto/hmac/hmac.c.fips openssl-1.0.1k/crypto/hmac/hmac.c
+--- openssl-1.0.1k/crypto/hmac/hmac.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/hmac/hmac.c 2015-01-09 09:51:51.568922675 +0100
@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
return 0;
@@ -19351,9 +19351,9 @@ diff -up openssl-1.0.1j/crypto/hmac/hmac.c.fips openssl-1.0.1j/crypto/hmac/hmac.
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
-diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/mdc2/mdc2dgst.c 2014-10-16 13:19:35.103306514 +0200
+diff -up openssl-1.0.1k/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1k/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1k/crypto/mdc2/mdc2dgst.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/mdc2/mdc2dgst.c 2015-01-09 09:51:51.568922675 +0100
@@ -76,7 +76,7 @@
*((c)++)=(unsigned char)(((l)>>24L)&0xff))
@@ -19363,9 +19363,9 @@ diff -up openssl-1.0.1j/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1j/crypto/mdc2/m
{
c->num=0;
c->pad_type=1;
-diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2_dgst.c
---- openssl-1.0.1j/crypto/md2/md2_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/md2/md2_dgst.c 2014-10-16 13:19:35.103306514 +0200
+diff -up openssl-1.0.1k/crypto/md2/md2_dgst.c.fips openssl-1.0.1k/crypto/md2/md2_dgst.c
+--- openssl-1.0.1k/crypto/md2/md2_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/md2/md2_dgst.c 2015-01-09 09:51:51.568922675 +0100
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
@@ -19387,9 +19387,9 @@ diff -up openssl-1.0.1j/crypto/md2/md2_dgst.c.fips openssl-1.0.1j/crypto/md2/md2
{
c->num=0;
memset(c->state,0,sizeof c->state);
-diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4_dgst.c
---- openssl-1.0.1j/crypto/md4/md4_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/md4/md4_dgst.c 2014-10-16 13:19:35.104306536 +0200
+diff -up openssl-1.0.1k/crypto/md4/md4_dgst.c.fips openssl-1.0.1k/crypto/md4/md4_dgst.c
+--- openssl-1.0.1k/crypto/md4/md4_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/md4/md4_dgst.c 2015-01-09 09:51:51.569922698 +0100
@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -19399,9 +19399,9 @@ diff -up openssl-1.0.1j/crypto/md4/md4_dgst.c.fips openssl-1.0.1j/crypto/md4/md4
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5_dgst.c
---- openssl-1.0.1j/crypto/md5/md5_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/md5/md5_dgst.c 2014-10-16 13:19:35.104306536 +0200
+diff -up openssl-1.0.1k/crypto/md5/md5_dgst.c.fips openssl-1.0.1k/crypto/md5/md5_dgst.c
+--- openssl-1.0.1k/crypto/md5/md5_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/md5/md5_dgst.c 2015-01-09 09:51:51.569922698 +0100
@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
@@ -19411,9 +19411,9 @@ diff -up openssl-1.0.1j/crypto/md5/md5_dgst.c.fips openssl-1.0.1j/crypto/md5/md5
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
-diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c
---- openssl-1.0.1j/crypto/o_fips.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/o_fips.c 2014-10-16 13:19:35.104306536 +0200
+diff -up openssl-1.0.1k/crypto/o_fips.c.fips openssl-1.0.1k/crypto/o_fips.c
+--- openssl-1.0.1k/crypto/o_fips.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/o_fips.c 2015-01-09 09:51:51.569922698 +0100
@@ -79,6 +79,8 @@ int FIPS_mode_set(int r)
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
@@ -19423,9 +19423,9 @@ diff -up openssl-1.0.1j/crypto/o_fips.c.fips openssl-1.0.1j/crypto/o_fips.c
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
return 0;
if (r)
-diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c
---- openssl-1.0.1j/crypto/o_init.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/o_init.c 2014-10-16 13:19:35.104306536 +0200
+diff -up openssl-1.0.1k/crypto/o_init.c.fips openssl-1.0.1k/crypto/o_init.c
+--- openssl-1.0.1k/crypto/o_init.c.fips 2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/crypto/o_init.c 2015-01-09 09:51:51.569922698 +0100
@@ -55,28 +55,68 @@
#include <e_os.h>
#include <openssl/err.h>
@@ -19499,9 +19499,9 @@ diff -up openssl-1.0.1j/crypto/o_init.c.fips openssl-1.0.1j/crypto/o_init.c
+ {
+ OPENSSL_init_library();
+ }
-diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opensslconf.h.in
---- openssl-1.0.1j/crypto/opensslconf.h.in.fips 2014-10-15 14:51:06.000000000 +0200
-+++ openssl-1.0.1j/crypto/opensslconf.h.in 2014-10-16 13:19:35.104306536 +0200
+diff -up openssl-1.0.1k/crypto/opensslconf.h.in.fips openssl-1.0.1k/crypto/opensslconf.h.in
+--- openssl-1.0.1k/crypto/opensslconf.h.in.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/opensslconf.h.in 2015-01-09 09:51:51.569922698 +0100
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
@@ -19523,9 +19523,9 @@ diff -up openssl-1.0.1j/crypto/opensslconf.h.in.fips openssl-1.0.1j/crypto/opens
/* Generate 80386 code? */
#undef I386_ONLY
-diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md_rand.c
---- openssl-1.0.1j/crypto/rand/md_rand.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rand/md_rand.c 2014-10-16 13:19:35.104306536 +0200
+diff -up openssl-1.0.1k/crypto/rand/md_rand.c.fips openssl-1.0.1k/crypto/rand/md_rand.c
+--- openssl-1.0.1k/crypto/rand/md_rand.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rand/md_rand.c 2015-01-09 09:51:51.570922721 +0100
@@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
crypto_lock_rand = 1;
@@ -19538,9 +19538,9 @@ diff -up openssl-1.0.1j/crypto/rand/md_rand.c.fips openssl-1.0.1j/crypto/rand/md
{
RAND_poll();
initialized = 1;
-diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand.h
---- openssl-1.0.1j/crypto/rand/rand.h.fips 2014-10-16 13:19:34.775299109 +0200
-+++ openssl-1.0.1j/crypto/rand/rand.h 2014-10-16 13:19:35.105306559 +0200
+diff -up openssl-1.0.1k/crypto/rand/rand.h.fips openssl-1.0.1k/crypto/rand/rand.h
+--- openssl-1.0.1k/crypto/rand/rand.h.fips 2015-01-09 09:51:51.020910282 +0100
++++ openssl-1.0.1k/crypto/rand/rand.h 2015-01-09 09:51:51.570922721 +0100
@@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -19581,9 +19581,9 @@ diff -up openssl-1.0.1j/crypto/rand/rand.h.fips openssl-1.0.1j/crypto/rand/rand.
#ifdef __cplusplus
}
-diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/ripemd/rmd_dgst.c 2014-10-16 13:19:35.105306559 +0200
+diff -up openssl-1.0.1k/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1k/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.1k/crypto/ripemd/rmd_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/ripemd/rmd_dgst.c 2015-01-09 09:51:51.570922721 +0100
@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
# endif
@@ -19593,9 +19593,9 @@ diff -up openssl-1.0.1j/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1j/crypto/ripe
{
memset (c,0,sizeof(*c));
c->A=RIPEMD160_A;
-diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa_crpt.c
---- openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_crpt.c 2014-10-16 13:19:35.105306559 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1k/crypto/rsa/rsa_crpt.c
+--- openssl-1.0.1k/crypto/rsa/rsa_crpt.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_crpt.c 2015-01-09 09:51:51.570922721 +0100
@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
RSA *rsa, int padding)
{
@@ -19622,9 +19622,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1j/crypto/rsa/rsa
return -1;
}
#endif
-diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_eay.c
---- openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_eay.c 2014-10-16 13:19:35.105306559 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_eay.c.fips openssl-1.0.1k/crypto/rsa/rsa_eay.c
+--- openssl-1.0.1k/crypto/rsa/rsa_eay.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_eay.c 2015-01-09 09:51:51.571922743 +0100
@@ -114,6 +114,10 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -19755,9 +19755,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_eay.c.fips openssl-1.0.1j/crypto/rsa/rsa_
rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
return(1);
}
-diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_err.c
---- openssl-1.0.1j/crypto/rsa/rsa_err.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_err.c 2014-10-16 13:19:35.105306559 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_err.c.fips openssl-1.0.1k/crypto/rsa/rsa_err.c
+--- openssl-1.0.1k/crypto/rsa/rsa_err.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_err.c 2015-01-09 09:51:51.571922743 +0100
@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
@@ -19767,9 +19767,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_err.c.fips openssl-1.0.1j/crypto/rsa/rsa_
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_gen.c
---- openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_gen.c 2014-10-16 13:19:35.106306581 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_gen.c.fips openssl-1.0.1k/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1k/crypto/rsa/rsa_gen.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_gen.c 2015-01-09 09:51:51.571922743 +0100
@@ -69,6 +69,78 @@
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
@@ -19911,9 +19911,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_gen.c.fips openssl-1.0.1j/crypto/rsa/rsa_
ok=1;
err:
if (ok == -1)
-diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h
---- openssl-1.0.1j/crypto/rsa/rsa.h.fips 2014-10-16 13:19:34.947302992 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa.h 2014-10-16 13:24:00.824305281 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa.h.fips openssl-1.0.1k/crypto/rsa/rsa.h
+--- openssl-1.0.1k/crypto/rsa/rsa.h.fips 2015-01-09 09:51:51.155913335 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa.h 2015-01-09 09:51:51.572922766 +0100
@@ -164,6 +164,8 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
@@ -19998,9 +19998,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa.h.fips openssl-1.0.1j/crypto/rsa/rsa.h
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_PKCS_DECODING_ERROR 159
-diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_lib.c
---- openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_lib.c 2014-10-16 13:19:35.106306581 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_lib.c.fips openssl-1.0.1k/crypto/rsa/rsa_lib.c
+--- openssl-1.0.1k/crypto/rsa/rsa_lib.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_lib.c 2015-01-09 09:51:51.572922766 +0100
@@ -84,6 +84,13 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -20076,9 +20076,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_lib.c.fips openssl-1.0.1j/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
{
#ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rsa_pmeth.c
---- openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c 2014-10-16 13:19:35.106306581 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1k/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1k/crypto/rsa/rsa_pmeth.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_pmeth.c 2015-01-09 09:51:51.572922766 +0100
@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
RSA_R_INVALID_DIGEST_LENGTH);
return -1;
@@ -20122,9 +20122,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1j/crypto/rsa/rs
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
-diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa_sign.c
---- openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/rsa/rsa_sign.c 2014-10-16 13:19:35.106306581 +0200
+diff -up openssl-1.0.1k/crypto/rsa/rsa_sign.c.fips openssl-1.0.1k/crypto/rsa/rsa_sign.c
+--- openssl-1.0.1k/crypto/rsa/rsa_sign.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/rsa/rsa_sign.c 2015-01-09 09:51:51.572922766 +0100
@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
i2d_X509_SIG(&sig,&p);
s=tmps;
@@ -20156,9 +20156,9 @@ diff -up openssl-1.0.1j/crypto/rsa/rsa_sign.c.fips openssl-1.0.1j/crypto/rsa/rsa
if (i <= 0) goto err;
/* Oddball MDC2 case: signature can be OCTET STRING.
-diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h
---- openssl-1.0.1j/crypto/sha/sha.h.fips 2014-10-16 13:19:34.667296671 +0200
-+++ openssl-1.0.1j/crypto/sha/sha.h 2014-10-16 13:19:35.107306604 +0200
+diff -up openssl-1.0.1k/crypto/sha/sha.h.fips openssl-1.0.1k/crypto/sha/sha.h
+--- openssl-1.0.1k/crypto/sha/sha.h.fips 2015-01-09 09:51:50.939908450 +0100
++++ openssl-1.0.1k/crypto/sha/sha.h 2015-01-09 09:51:51.573922789 +0100
@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
void SHA_Transform(SHA_CTX *c, const unsigned char *data);
#endif
@@ -20191,9 +20191,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha.h.fips openssl-1.0.1j/crypto/sha/sha.h
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha_locl.h
---- openssl-1.0.1j/crypto/sha/sha_locl.h.fips 2014-10-16 13:19:34.669296716 +0200
-+++ openssl-1.0.1j/crypto/sha/sha_locl.h 2014-10-16 13:19:35.107306604 +0200
+diff -up openssl-1.0.1k/crypto/sha/sha_locl.h.fips openssl-1.0.1k/crypto/sha/sha_locl.h
+--- openssl-1.0.1k/crypto/sha/sha_locl.h.fips 2015-01-09 09:51:50.942908518 +0100
++++ openssl-1.0.1k/crypto/sha/sha_locl.h 2015-01-09 09:51:51.573922789 +0100
@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
#define INIT_DATA_h4 0xc3d2e1f0UL
@@ -20210,9 +20210,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha_locl.h.fips openssl-1.0.1j/crypto/sha/sha
memset (c,0,sizeof(*c));
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
-diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha256.c
---- openssl-1.0.1j/crypto/sha/sha256.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/sha/sha256.c 2014-10-16 13:19:35.107306604 +0200
+diff -up openssl-1.0.1k/crypto/sha/sha256.c.fips openssl-1.0.1k/crypto/sha/sha256.c
+--- openssl-1.0.1k/crypto/sha/sha256.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/sha/sha256.c 2015-01-09 09:51:51.573922789 +0100
@@ -12,12 +12,19 @@
#include <openssl/crypto.h>
@@ -20243,9 +20243,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha256.c.fips openssl-1.0.1j/crypto/sha/sha25
memset (c,0,sizeof(*c));
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
-diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha512.c
---- openssl-1.0.1j/crypto/sha/sha512.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/sha/sha512.c 2014-10-16 13:19:35.107306604 +0200
+diff -up openssl-1.0.1k/crypto/sha/sha512.c.fips openssl-1.0.1k/crypto/sha/sha512.c
+--- openssl-1.0.1k/crypto/sha/sha512.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/sha/sha512.c 2015-01-09 09:51:51.573922789 +0100
@@ -5,6 +5,10 @@
* ====================================================================
*/
@@ -20277,9 +20277,9 @@ diff -up openssl-1.0.1j/crypto/sha/sha512.c.fips openssl-1.0.1j/crypto/sha/sha51
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whrlpool/wp_dgst.c
---- openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/crypto/whrlpool/wp_dgst.c 2014-10-16 13:19:35.107306604 +0200
+diff -up openssl-1.0.1k/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1k/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.1k/crypto/whrlpool/wp_dgst.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/whrlpool/wp_dgst.c 2015-01-09 09:51:51.574922811 +0100
@@ -55,7 +55,7 @@
#include <openssl/crypto.h>
#include <string.h>
@@ -20289,9 +20289,9 @@ diff -up openssl-1.0.1j/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1j/crypto/whr
{
memset (c,0,sizeof(*c));
return(1);
-diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org
---- openssl-1.0.1j/Makefile.org.fips 2014-10-16 13:19:35.062305588 +0200
-+++ openssl-1.0.1j/Makefile.org 2014-10-16 13:19:35.108306626 +0200
+diff -up openssl-1.0.1k/Makefile.org.fips openssl-1.0.1k/Makefile.org
+--- openssl-1.0.1k/Makefile.org.fips 2015-01-09 09:51:51.272915981 +0100
++++ openssl-1.0.1k/Makefile.org 2015-01-09 09:51:51.574922811 +0100
@@ -136,6 +136,9 @@ FIPSCANLIB=
BASEADDR=
@@ -20319,10 +20319,10 @@ diff -up openssl-1.0.1j/Makefile.org.fips openssl-1.0.1j/Makefile.org
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c
---- openssl-1.0.1j/ssl/d1_srvr.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/ssl/d1_srvr.c 2014-10-16 13:19:35.108306626 +0200
-@@ -1390,6 +1390,8 @@ int dtls1_send_server_key_exchange(SSL *
+diff -up openssl-1.0.1k/ssl/d1_srvr.c.fips openssl-1.0.1k/ssl/d1_srvr.c
+--- openssl-1.0.1k/ssl/d1_srvr.c.fips 2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/ssl/d1_srvr.c 2015-01-09 09:51:51.574922811 +0100
+@@ -1402,6 +1402,8 @@ int dtls1_send_server_key_exchange(SSL *
j=0;
for (num=2; num > 0; num--)
{
@@ -20331,9 +20331,9 @@ diff -up openssl-1.0.1j/ssl/d1_srvr.c.fips openssl-1.0.1j/ssl/d1_srvr.c
EVP_DigestInit_ex(&md_ctx,(num == 2)
?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.1j/ssl/ssl_algs.c.fips openssl-1.0.1j/ssl/ssl_algs.c
---- openssl-1.0.1j/ssl/ssl_algs.c.fips 2014-10-15 14:53:39.000000000 +0200
-+++ openssl-1.0.1j/ssl/ssl_algs.c 2014-10-16 13:19:35.108306626 +0200
+diff -up openssl-1.0.1k/ssl/ssl_algs.c.fips openssl-1.0.1k/ssl/ssl_algs.c
+--- openssl-1.0.1k/ssl/ssl_algs.c.fips 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/ssl/ssl_algs.c 2015-01-09 09:51:51.575922834 +0100
@@ -64,6 +64,12 @@
int SSL_library_init(void)
{
diff --git a/openssl-1.0.1-beta2-padlock64.patch b/openssl-1.0.1k-padlock64.patch
similarity index 91%
rename from openssl-1.0.1-beta2-padlock64.patch
rename to openssl-1.0.1k-padlock64.patch
index 4b7f7da..e70c0bf 100644
--- a/openssl-1.0.1-beta2-padlock64.patch
+++ b/openssl-1.0.1k-padlock64.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c
---- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 2011-06-21 18:42:15.000000000 +0200
-+++ openssl-1.0.1-beta2/engines/e_padlock.c 2012-02-06 20:18:52.039537799 +0100
+diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c
+--- openssl-1.0.1k/engines/e_padlock.c.padlock64 2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 10:18:55.579650992 +0100
@@ -101,7 +101,10 @@
compiler choice is limited to GCC and Microsoft C. */
#undef COMPILE_HW_PADLOCK
@@ -30,11 +30,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
/*
* As for excessive "push %ebx"/"pop %ebx" found all over.
* When generating position-independent code GCC won't let
-@@ -383,21 +387,6 @@ padlock_available(void)
+@@ -383,23 +387,6 @@ padlock_available(void)
return padlock_use_ace + padlock_use_rng;
}
-#ifndef OPENSSL_NO_AES
+-#ifndef AES_ASM
-/* Our own htonl()/ntohl() */
-static inline void
-padlock_bswapl(AES_KEY *ks)
@@ -48,11 +49,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
- }
-}
-#endif
+-#endif
-
/* Force key reload from memory to the CPU microcode.
Loading EFLAGS from the stack clears EFLAGS[30]
which does the trick. */
-@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \
+@@ -457,12 +444,129 @@ static inline void *name(size_t cnt, \
: "edx", "cc", "memory"); \
return iv; \
}
@@ -165,6 +167,7 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
+
++#ifndef AES_ASM
+/* Our own htonl()/ntohl() */
+static inline void
+padlock_bswapl(AES_KEY *ks)
@@ -177,10 +180,11 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
+ key++;
+ }
+}
++#endif
#endif
/* The RNG call itself */
-@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int
+@@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int
static inline unsigned char *
padlock_memcpy(void *dst,const void *src,size_t n)
{
diff --git a/openssl-1.0.1i-trusted-first.patch b/openssl-1.0.1k-trusted-first.patch
similarity index 66%
rename from openssl-1.0.1i-trusted-first.patch
rename to openssl-1.0.1k-trusted-first.patch
index f11f36d..8d3f23a 100644
--- a/openssl-1.0.1i-trusted-first.patch
+++ b/openssl-1.0.1k-trusted-first.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
---- openssl-1.0.1i/apps/apps.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/apps/apps.c 2014-08-07 13:54:27.751103405 +0200
+diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c
+--- openssl-1.0.1k/apps/apps.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/apps.c 2015-01-09 10:19:45.476779456 +0100
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
@@ -10,9 +10,9 @@ diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
else
return 0;
-diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
---- openssl-1.0.1i/apps/cms.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/apps/cms.c 2014-08-07 13:54:27.751103405 +0200
+diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c
+--- openssl-1.0.1k/apps/cms.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/cms.c 2015-01-09 10:19:45.476779456 +0100
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
@@ -21,20 +21,20 @@ diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c
---- openssl-1.0.1i/apps/ocsp.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/apps/ocsp.c 2014-08-07 13:54:27.752103409 +0200
+diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c
+--- openssl-1.0.1k/apps/ocsp.c.trusted-first 2015-01-09 10:19:45.477779478 +0100
++++ openssl-1.0.1k/apps/ocsp.c 2015-01-09 10:20:57.726413440 +0100
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
-+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
-diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_client.c
---- openssl-1.0.1i/apps/s_client.c.trusted-first 2014-08-07 13:54:27.752103409 +0200
-+++ openssl-1.0.1i/apps/s_client.c 2014-08-07 15:06:28.443918055 +0200
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c
+--- openssl-1.0.1k/apps/s_client.c.trusted-first 2015-01-09 10:19:45.438778596 +0100
++++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:19:45.477779478 +0100
@@ -299,6 +299,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
@@ -43,9 +43,9 @@ diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_clie
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
-diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
---- openssl-1.0.1i/apps/smime.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/apps/smime.c 2014-08-07 13:54:27.753103414 +0200
+diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c
+--- openssl-1.0.1k/apps/smime.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/smime.c 2015-01-09 10:19:45.477779478 +0100
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
@@ -54,9 +54,9 @@ diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_server.c
---- openssl-1.0.1i/apps/s_server.c.trusted-first 2014-08-07 13:54:27.718103241 +0200
-+++ openssl-1.0.1i/apps/s_server.c 2014-08-07 13:54:27.753103414 +0200
+diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c
+--- openssl-1.0.1k/apps/s_server.c.trusted-first 2015-01-09 10:19:45.445778755 +0100
++++ openssl-1.0.1k/apps/s_server.c 2015-01-09 10:19:45.478779501 +0100
@@ -502,6 +502,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
@@ -65,9 +65,9 @@ diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_serv
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
-diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
---- openssl-1.0.1i/apps/s_time.c.trusted-first 2014-08-07 13:54:27.432101823 +0200
-+++ openssl-1.0.1i/apps/s_time.c 2014-08-07 13:54:27.753103414 +0200
+diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c
+--- openssl-1.0.1k/apps/s_time.c.trusted-first 2015-01-09 10:19:45.391777534 +0100
++++ openssl-1.0.1k/apps/s_time.c 2015-01-09 10:19:45.478779501 +0100
@@ -179,6 +179,7 @@ static void s_time_usage(void)
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
@@ -76,9 +76,9 @@ diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" );
-diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
---- openssl-1.0.1i/apps/ts.c.trusted-first 2014-08-07 13:54:27.707103186 +0200
-+++ openssl-1.0.1i/apps/ts.c 2014-08-07 13:54:27.753103414 +0200
+diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c
+--- openssl-1.0.1k/apps/ts.c.trusted-first 2015-01-09 10:19:45.435778529 +0100
++++ openssl-1.0.1k/apps/ts.c 2015-01-09 10:19:45.478779501 +0100
@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
"[-queryfile request.tsq] "
@@ -88,9 +88,9 @@ diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
"-untrusted cert_file.pem\n");
cleanup:
/* Clean up. */
-diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
---- openssl-1.0.1i/apps/verify.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/apps/verify.c 2014-08-07 13:54:27.754103419 +0200
+diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c
+--- openssl-1.0.1k/apps/verify.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/verify.c 2015-01-09 10:19:45.478779501 +0100
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
end:
@@ -100,9 +100,9 @@ diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
BIO_printf(bio_err," [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," [-engine e]");
-diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.c
---- openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first 2014-08-07 13:54:27.716103231 +0200
-+++ openssl-1.0.1i/crypto/x509/x509_vfy.c 2014-08-07 13:54:27.754103419 +0200
+diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c
+--- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first 2015-01-09 10:19:45.443778710 +0100
++++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-01-09 10:19:45.479779524 +0100
@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
/* If we are self signed, we break */
@@ -125,9 +125,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/cryp
/* If we were passed a cert chain, use it first */
if (ctx->untrusted != NULL)
-diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.h
---- openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first 2014-08-07 13:54:27.360101466 +0200
-+++ openssl-1.0.1i/crypto/x509/x509_vfy.h 2014-08-07 13:54:27.754103419 +0200
+diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h
+--- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first 2015-01-09 10:19:45.266774706 +0100
++++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-01-09 10:19:45.479779524 +0100
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
#define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */
@@ -137,9 +137,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/cryp
#define X509_VP_FLAG_DEFAULT 0x1
-diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/cms.pod
---- openssl-1.0.1i/doc/apps/cms.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/doc/apps/cms.pod 2014-08-07 13:54:27.754103419 +0200
+diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod
+--- openssl-1.0.1k/doc/apps/cms.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/cms.pod 2015-01-09 10:19:45.479779524 +0100
@@ -35,6 +35,7 @@ B<openssl> B<cms>
[B<-print>]
[B<-CAfile file>]
@@ -161,9 +161,9 @@ diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/c
=item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the
-diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ocsp.pod
---- openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first 2014-08-07 13:54:27.708103191 +0200
-+++ openssl-1.0.1i/doc/apps/ocsp.pod 2014-08-07 13:54:27.755103424 +0200
+diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod
+--- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first 2015-01-09 10:19:45.436778551 +0100
++++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-01-09 10:19:45.479779524 +0100
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
[B<-path>]
[B<-CApath dir>]
@@ -172,7 +172,7 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
[B<-VAfile file>]
[B<-validity_period n>]
[B<-status_age n>]
-@@ -138,6 +139,13 @@ or "/" by default.
+@@ -142,6 +143,13 @@ connection timeout to the OCSP responder
file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response.
@@ -186,9 +186,9 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
=item B<-verify_other file>
file containing additional certificates to search when attempting to locate
-diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/apps/s_client.pod
---- openssl-1.0.1i/doc/apps/s_client.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
-+++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 13:54:27.755103424 +0200
+diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod
+--- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
++++ openssl-1.0.1k/doc/apps/s_client.pod 2015-01-09 10:19:45.479779524 +0100
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
[B<-pass arg>]
[B<-CApath directory>]
@@ -206,9 +206,9 @@ diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/a
Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details.
-diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps/smime.pod
---- openssl-1.0.1i/doc/apps/smime.pod.trusted-first 2014-07-22 21:43:11.000000000 +0200
-+++ openssl-1.0.1i/doc/apps/smime.pod 2014-08-07 13:54:27.755103424 +0200
+diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod
+--- openssl-1.0.1k/doc/apps/smime.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/smime.pod 2015-01-09 10:19:45.479779524 +0100
@@ -15,6 +15,9 @@ B<openssl> B<smime>
[B<-pk7out>]
[B<-[cipher]>]
@@ -232,9 +232,9 @@ diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps
=item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the
-diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/apps/s_server.pod
---- openssl-1.0.1i/doc/apps/s_server.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
-+++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 15:07:12.315099577 +0200
+diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod
+--- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
++++ openssl-1.0.1k/doc/apps/s_server.pod 2015-01-09 10:19:45.479779524 +0100
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
[B<-state>]
[B<-CApath directory>]
@@ -256,9 +256,9 @@ diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/a
=item B<-state>
prints out the SSL session states.
-diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/apps/s_time.pod
---- openssl-1.0.1i/doc/apps/s_time.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
-+++ openssl-1.0.1i/doc/apps/s_time.pod 2014-08-07 13:54:27.755103424 +0200
+diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod
+--- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/s_time.pod 2015-01-09 10:19:45.480779546 +0100
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
[B<-key filename>]
[B<-CApath directory>]
@@ -280,9 +280,9 @@ diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/app
=item B<-new>
performs the timing test using a new session ID for each connection.
-diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts.pod
---- openssl-1.0.1i/doc/apps/ts.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
-+++ openssl-1.0.1i/doc/apps/ts.pod 2014-08-07 13:54:27.756103429 +0200
+diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod
+--- openssl-1.0.1k/doc/apps/ts.pod.trusted-first 2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/doc/apps/ts.pod 2015-01-09 10:19:45.480779546 +0100
@@ -46,6 +46,7 @@ B<-verify>
[B<-token_in>]
[B<-CApath> trusted_cert_path]
@@ -304,9 +304,9 @@ diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts
=item B<-untrusted> cert_file.pem
Set of additional untrusted certificates in PEM format which may be
-diff -up openssl-1.0.1i/doc/apps/verify.pod.trusted-first openssl-1.0.1i/doc/apps/verify.pod
---- openssl-1.0.1i/doc/apps/verify.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
-+++ openssl-1.0.1i/doc/apps/verify.pod 2014-08-07 13:54:27.756103429 +0200
+diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod
+--- openssl-1.0.1k/doc/apps/verify.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/verify.pod 2015-01-09 10:19:45.480779546 +0100
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
B<openssl> B<verify>
[B<-CApath directory>]
diff --git a/openssl.spec b/openssl.spec
index 25c6f9b..bac101b 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,8 +22,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.1j
-Release: 3%{?dist}
+Version: 1.0.1k
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -58,11 +58,11 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
Patch39: openssl-1.0.1h-ipv6-apps.patch
-Patch40: openssl-1.0.1j-fips.patch
+Patch40: openssl-1.0.1k-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch
-Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
+Patch50: openssl-1.0.1k-dtls1-abi.patch
Patch51: openssl-1.0.1e-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
@@ -75,7 +75,7 @@ Patch69: openssl-1.0.1c-dh-1024.patch
Patch70: openssl-1.0.1j-fips-ec.patch
Patch71: openssl-1.0.1i-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch
-Patch73: openssl-1.0.1e-ecc-suiteb.patch
+Patch73: openssl-1.0.1k-ecc-suiteb.patch
Patch74: openssl-1.0.1e-no-md5-verify.patch
Patch75: openssl-1.0.1e-compat-symbols.patch
Patch76: openssl-1.0.1i-new-fips-reqs.patch
@@ -85,10 +85,10 @@ Patch92: openssl-1.0.1h-system-cipherlist.patch
Patch93: openssl-1.0.1h-disable-sslv2v3.patch
# Backported fixes including security fixes
Patch80: openssl-1.0.1j-evp-wrap.patch
-Patch81: openssl-1.0.1-beta2-padlock64.patch
-Patch84: openssl-1.0.1i-trusted-first.patch
+Patch81: openssl-1.0.1k-padlock64.patch
+Patch84: openssl-1.0.1k-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
-Patch89: openssl-1.0.1j-ephemeral-key-size.patch
+Patch89: openssl-1.0.1k-ephemeral-key-size.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -478,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Fri Jan 9 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1k-1
+- new upstream release fixing multiple security issues
+
* Thu Nov 20 2014 Tomáš Mráz <tmraz at redhat.com> 1.0.1j-3
- disable SSLv3 by default again (mail servers and possibly
LDAP servers should probably allow it explicitly for legacy
diff --git a/sources b/sources
index 615e1aa..11d2121 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d6eba044f614596f94ba27a90be2b5de openssl-1.0.1j-hobbled.tar.xz
+c272aff85ade496e3eca96a41a49a06f openssl-1.0.1k-hobbled.tar.xz
More information about the scm-commits
mailing list