diff --git a/.gitignore b/.gitignore index c5509e6..c409f2a 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.0f-hobbled.tar.xz /openssl-1.1.0g-hobbled.tar.xz /openssl-1.1.0h-hobbled.tar.xz +/openssl-1.1.0i-hobbled.tar.xz diff --git a/ec_curve.c b/ec_curve.c index abee205..a93ba92 100644 --- a/ec_curve.c +++ b/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -350,6 +350,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) } #endif + EC_GROUP_set_curve_name(group, curve.nid); + if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -415,8 +417,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) return NULL; } - EC_GROUP_set_curve_name(ret, nid); - return ret; } diff --git a/ectest.c b/ectest.c index de00680..8f90a53 100644 --- a/ectest.c +++ b/ectest.c @@ -715,6 +715,29 @@ struct nistp_test_params { static const struct nistp_test_params nistp_tests_params[] = { { + /* P-224 */ + EC_GFp_nistp224_method, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, + { /* P-256 */ EC_GFp_nistp256_method, 256, diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch index d6bd022..ac038bf 100644 --- a/openssl-1.1.0-ec-curves.patch +++ b/openssl-1.1.0-ec-curves.patch @@ -1,10 +1,34 @@ -diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c ---- openssl-1.1.0e/apps/speed.c.curves 2017-02-16 12:58:20.000000000 +0100 -+++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:46:22.271504354 +0100 -@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = { - #define R_EC_X25519 16 +diff -up openssl-1.1.0i/apps/speed.c.curves openssl-1.1.0i/apps/speed.c +--- openssl-1.1.0i/apps/speed.c.curves 2018-09-20 14:53:56.778102859 +0200 ++++ openssl-1.1.0i/apps/speed.c 2018-09-20 14:58:41.089707321 +0200 +@@ -479,63 +479,27 @@ static const OPT_PAIR rsa_choices[] = { + + static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ + +-#define R_EC_P160 0 +-#define R_EC_P192 1 +-#define R_EC_P224 2 +-#define R_EC_P256 3 +-#define R_EC_P384 4 +-#define R_EC_P521 5 +-#define R_EC_K163 6 +-#define R_EC_K233 7 +-#define R_EC_K283 8 +-#define R_EC_K409 9 +-#define R_EC_K571 10 +-#define R_EC_B163 11 +-#define R_EC_B233 12 +-#define R_EC_B283 13 +-#define R_EC_B409 14 +-#define R_EC_B571 15 +-#define R_EC_X25519 16 ++#define R_EC_P224 0 ++#define R_EC_P256 1 ++#define R_EC_P384 2 ++#define R_EC_P521 3 ++#define R_EC_X25519 4 #ifndef OPENSSL_NO_EC - static OPT_PAIR ecdsa_choices[] = { + static const OPT_PAIR ecdsa_choices[] = { - {"ecdsap160", R_EC_P160}, - {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, @@ -20,11 +44,13 @@ diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c - {"ecdsab233", R_EC_B233}, - {"ecdsab283", R_EC_B283}, - {"ecdsab409", R_EC_B409}, -- {"ecdsab571", R_EC_B571}, - {NULL} +- {"ecdsab571", R_EC_B571} }; + # define ECDSA_NUM OSSL_NELEM(ecdsa_choices) + + static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ - static OPT_PAIR ecdh_choices[] = { + static const OPT_PAIR ecdh_choices[] = { - {"ecdhp160", R_EC_P160}, - {"ecdhp192", R_EC_P192}, {"ecdhp224", R_EC_P224}, @@ -44,9 +70,59 @@ diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c {"ecdhx25519", R_EC_X25519}, {NULL} }; -diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp_smpl.c ---- openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/ec/ecp_smpl.c 2017-02-16 15:46:22.264504188 +0100 +@@ -1766,9 +1730,9 @@ int speed_main(int argc, char **argv) + # endif + + # ifndef OPENSSL_NO_EC +- ecdsa_c[R_EC_P160][0] = count / 1000; +- ecdsa_c[R_EC_P160][1] = count / 1000 / 2; +- for (i = R_EC_P192; i <= R_EC_P521; i++) { ++ ecdsa_c[R_EC_P224][0] = count / 1000; ++ ecdsa_c[R_EC_P224][1] = count / 1000 / 2; ++ for (i = R_EC_P256; i <= R_EC_P521; i++) { + ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; + ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; + if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) +@@ -1780,6 +1744,7 @@ int speed_main(int argc, char **argv) + } + } + } ++#if 0 + ecdsa_c[R_EC_K163][0] = count / 1000; + ecdsa_c[R_EC_K163][1] = count / 1000 / 2; + for (i = R_EC_K233; i <= R_EC_K571; i++) { +@@ -1808,9 +1773,9 @@ int speed_main(int argc, char **argv) + } + } + } +- +- ecdh_c[R_EC_P160][0] = count / 1000; +- for (i = R_EC_P192; i <= R_EC_P521; i++) { ++#endif ++ ecdh_c[R_EC_P224][0] = count / 1000; ++ for (i = R_EC_P256; i <= R_EC_P521; i++) { + ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; +@@ -1820,6 +1785,7 @@ int speed_main(int argc, char **argv) + } + } + } ++#if 0 + ecdh_c[R_EC_K163][0] = count / 1000; + for (i = R_EC_K233; i <= R_EC_K571; i++) { + ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; +@@ -1842,6 +1808,7 @@ int speed_main(int argc, char **argv) + } + } + } ++#endif + /* default iteration count for the last EC Curve */ + ecdh_c[R_EC_X25519][0] = count / 1800; + # endif +diff -up openssl-1.1.0i/crypto/ec/ecp_smpl.c.curves openssl-1.1.0i/crypto/ec/ecp_smpl.c +--- openssl-1.1.0i/crypto/ec/ecp_smpl.c.curves 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/ec/ecp_smpl.c 2018-09-20 14:53:56.778102859 +0200 @@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO return 0; } @@ -59,9 +135,9 @@ diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) -diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c ---- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100 +diff -up openssl-1.1.0i/test/ecdsatest.c.curves openssl-1.1.0i/test/ecdsatest.c +--- openssl-1.1.0i/test/ecdsatest.c.curves 2018-08-14 14:45:10.000000000 +0200 ++++ openssl-1.1.0i/test/ecdsatest.c 2018-09-20 14:53:56.779102882 +0200 @@ -216,6 +216,7 @@ int x9_62_tests(BIO *out) if (!change_rand()) goto x962_err; diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index 66f727d..a823867 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -1,18 +1,17 @@ -diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c ---- openssl-1.1.0h/apps/speed.c.fips 2018-03-29 14:44:24.617236431 +0200 -+++ openssl-1.1.0h/apps/speed.c 2018-03-29 15:02:42.171996191 +0200 -@@ -1447,7 +1447,9 @@ int speed_main(int argc, char **argv) - if (strcmp(*argv, "openssl") == 0) +diff -up openssl-1.1.0i/apps/speed.c.fips openssl-1.1.0i/apps/speed.c +--- openssl-1.1.0i/apps/speed.c.fips 2018-09-20 15:00:45.813607363 +0200 ++++ openssl-1.1.0i/apps/speed.c 2018-09-20 15:10:18.596959503 +0200 +@@ -1430,7 +1430,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { -- rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = -+ if (!FIPS_mode()) -+ rsa_doit[R_RSA_512] = 1; -+ rsa_doit[R_RSA_1024] = - rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = - rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = - rsa_doit[R_RSA_15360] = 1; -@@ -1460,7 +1462,9 @@ int speed_main(int argc, char **argv) + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) +- rsa_doit[loop] = 1; ++ if (!FIPS_mode() || loop != R_RSA_512) ++ rsa_doit[loop] = 1; + continue; + } + if (found(*argv, rsa_choices, &i)) { +@@ -1440,7 +1441,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -23,7 +22,7 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1549,15 +1553,21 @@ int speed_main(int argc, char **argv) +@@ -1529,15 +1532,21 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -47,8 +46,8 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c + dsa_doit[i] = 1; #endif #ifndef OPENSSL_NO_EC - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) -@@ -1606,30 +1616,46 @@ int speed_main(int argc, char **argv) + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) +@@ -1586,30 +1595,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -105,7 +104,7 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -1890,6 +1916,7 @@ int speed_main(int argc, char **argv) +@@ -1875,6 +1900,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -113,10 +112,10 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.0h/Configure.fips openssl-1.1.0h/Configure ---- openssl-1.1.0h/Configure.fips 2018-03-29 14:44:24.624236595 +0200 -+++ openssl-1.1.0h/Configure 2018-03-29 14:44:24.628236689 +0200 -@@ -314,7 +314,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.0i/Configure.fips openssl-1.1.0i/Configure +--- openssl-1.1.0i/Configure.fips 2018-09-20 15:00:45.820607526 +0200 ++++ openssl-1.1.0i/Configure 2018-09-20 15:00:45.824607619 +0200 +@@ -317,7 +317,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", @@ -125,9 +124,9 @@ diff -up openssl-1.1.0h/Configure.fips openssl-1.1.0h/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; -diff -up openssl-1.1.0h/crypto/bn/bn_rand.c.fips openssl-1.1.0h/crypto/bn/bn_rand.c ---- openssl-1.1.0h/crypto/bn/bn_rand.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/bn/bn_rand.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/bn/bn_rand.c.fips openssl-1.1.0i/crypto/bn/bn_rand.c +--- openssl-1.1.0i/crypto/bn/bn_rand.c.fips 2018-08-14 14:45:06.000000000 +0200 ++++ openssl-1.1.0i/crypto/bn/bn_rand.c 2018-09-20 15:00:45.825607642 +0200 @@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM goto err; } @@ -143,9 +142,9 @@ diff -up openssl-1.1.0h/crypto/bn/bn_rand.c.fips openssl-1.1.0h/crypto/bn/bn_ran if (RAND_bytes(buf, bytes) <= 0) goto err; -diff -up openssl-1.1.0h/crypto/dh/dh_err.c.fips openssl-1.1.0h/crypto/dh/dh_err.c ---- openssl-1.1.0h/crypto/dh/dh_err.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dh/dh_err.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/dh/dh_err.c.fips openssl-1.1.0i/crypto/dh/dh_err.c +--- openssl-1.1.0i/crypto/dh/dh_err.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dh/dh_err.c 2018-09-20 15:00:45.825607642 +0200 @@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, @@ -168,9 +167,9 @@ diff -up openssl-1.1.0h/crypto/dh/dh_err.c.fips openssl-1.1.0h/crypto/dh/dh_err. {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, -diff -up openssl-1.1.0h/crypto/dh/dh_gen.c.fips openssl-1.1.0h/crypto/dh/dh_gen.c ---- openssl-1.1.0h/crypto/dh/dh_gen.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dh/dh_gen.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/dh/dh_gen.c.fips openssl-1.1.0i/crypto/dh/dh_gen.c +--- openssl-1.1.0i/crypto/dh/dh_gen.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dh/dh_gen.c 2018-09-20 15:00:45.825607642 +0200 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -214,9 +213,9 @@ diff -up openssl-1.1.0h/crypto/dh/dh_gen.c.fips openssl-1.1.0h/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key.c ---- openssl-1.1.0h/crypto/dh/dh_key.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dh/dh_key.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/dh/dh_key.c.fips openssl-1.1.0i/crypto/dh/dh_key.c +--- openssl-1.1.0i/crypto/dh/dh_key.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dh/dh_key.c 2018-09-20 15:04:18.450564129 +0200 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -273,10 +272,10 @@ diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key. + } +#endif + - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -@@ -165,6 +190,13 @@ static int compute_key(unsigned char *ke + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; +@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -290,7 +289,7 @@ diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -216,6 +248,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -300,9 +299,9 @@ diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0h/crypto/dsa/dsa_err.c.fips openssl-1.1.0h/crypto/dsa/dsa_err.c ---- openssl-1.1.0h/crypto/dsa/dsa_err.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_err.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/dsa/dsa_err.c.fips openssl-1.1.0i/crypto/dsa/dsa_err.c +--- openssl-1.1.0i/crypto/dsa/dsa_err.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dsa/dsa_err.c 2018-09-20 15:00:45.825607642 +0200 @@ -21,10 +21,13 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -317,7 +316,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_err.c.fips openssl-1.1.0h/crypto/dsa/dsa_ {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"}, {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"}, {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"}, -@@ -51,9 +54,12 @@ static ERR_STRING_DATA DSA_str_reasons[] +@@ -52,9 +55,12 @@ static ERR_STRING_DATA DSA_str_reasons[] {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"}, {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"}, @@ -330,9 +329,9 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_err.c.fips openssl-1.1.0h/crypto/dsa/dsa_ {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, {ERR_REASON(DSA_R_SEED_LEN_SMALL), -diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_gen.c ---- openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_gen.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/dsa/dsa_gen.c.fips openssl-1.1.0i/crypto/dsa/dsa_gen.c +--- openssl-1.1.0i/crypto/dsa/dsa_gen.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dsa/dsa_gen.c 2018-09-20 15:00:45.825607642 +0200 @@ -22,12 +22,22 @@ #include #include @@ -372,7 +371,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ } } -@@ -303,7 +319,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { @@ -381,7 +380,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ unsigned char *seed = NULL, *seed_tmp = NULL; unsigned char md[EVP_MAX_MD_SIZE]; int mdsize; -@@ -320,6 +336,20 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -327,6 +343,20 @@ int dsa_builtin_paramgen2(DSA *ret, size if (mctx == NULL) goto err; @@ -402,7 +401,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); -@@ -420,9 +450,10 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -427,9 +457,10 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; /* Provided seed didn't produce a prime: error */ if (seed_in) { @@ -416,7 +415,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ } /* do a callback call */ -@@ -508,11 +539,14 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -515,11 +546,14 @@ int dsa_builtin_paramgen2(DSA *ret, size if (counter >= (int)(4 * L)) break; } @@ -431,7 +430,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ } end: if (!BN_GENCB_call(cb, 2, 1)) -@@ -583,7 +617,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -590,7 +624,7 @@ int dsa_builtin_paramgen2(DSA *ret, size BN_free(ret->g); ret->g = BN_dup(g); if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { @@ -440,7 +439,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ goto err; } if (counter_ret != NULL) -@@ -601,3 +635,53 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -608,3 +642,53 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX_free(mctx); return ok; } @@ -494,9 +493,9 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.0h/crypto/dsa/dsa_key.c.fips openssl-1.1.0h/crypto/dsa/dsa_key.c ---- openssl-1.1.0h/crypto/dsa/dsa_key.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_key.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.0i/crypto/dsa/dsa_key.c.fips openssl-1.1.0i/crypto/dsa/dsa_key.c +--- openssl-1.1.0i/crypto/dsa/dsa_key.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dsa/dsa_key.c 2018-09-20 15:00:45.826607666 +0200 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -576,9 +575,9 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_key.c.fips openssl-1.1.0h/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa_ossl.c ---- openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_ossl.c 2018-03-29 14:44:24.629236712 +0200 +diff -up openssl-1.1.0i/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0i/crypto/dsa/dsa_ossl.c +--- openssl-1.1.0i/crypto/dsa/dsa_ossl.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dsa/dsa_ossl.c 2018-09-20 15:05:01.715572681 +0200 @@ -15,6 +15,9 @@ #include #include "dsa_locl.h" @@ -589,9 +588,9 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -68,6 +71,19 @@ static DSA_SIG *dsa_do_sign(const unsign - DSA_SIG *ret = NULL; - int rv = 0; +@@ -72,6 +75,19 @@ static DSA_SIG *dsa_do_sign(const unsign + goto err; + } +#ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { @@ -606,10 +605,10 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa + } +#endif + - m = BN_new(); - xr = BN_new(); - if (m == NULL || xr == NULL) -@@ -266,6 +282,18 @@ static int dsa_do_verify(const unsigned + ret = DSA_SIG_new(); + if (ret == NULL) + goto err; +@@ -298,6 +314,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -628,7 +627,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -354,6 +382,9 @@ static int dsa_do_verify(const unsigned +@@ -386,6 +414,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -638,10 +637,10 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0h/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_pmeth.c 2018-03-29 14:44:24.629236712 +0200 -@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT +diff -up openssl-1.1.0i/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0i/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.0i/crypto/dsa/dsa_pmeth.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/dsa/dsa_pmeth.c 2018-09-20 15:00:45.826607666 +0200 +@@ -208,8 +208,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; } @@ -652,9 +651,9 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0h/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdh_ossl.c ---- openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/ec/ecdh_ossl.c 2018-03-29 14:44:24.629236712 +0200 +diff -up openssl-1.1.0i/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0i/crypto/ec/ecdh_ossl.c +--- openssl-1.1.0i/crypto/ec/ecdh_ossl.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/ec/ecdh_ossl.c 2018-09-20 15:00:45.826607666 +0200 @@ -33,9 +33,20 @@ #include #include "ec_lcl.h" @@ -676,11 +675,11 @@ diff -up openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/ec/ecdsa_ossl.c 2018-03-29 14:44:24.629236712 +0200 -@@ -15,6 +15,10 @@ - #include +diff -up openssl-1.1.0i/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0i/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.0i/crypto/ec/ecdsa_ossl.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/ec/ecdsa_ossl.c 2018-09-20 15:05:45.150585195 +0200 +@@ -14,6 +14,10 @@ + #include "internal/bn_int.h" #include "ec_lcl.h" +#ifdef OPENSSL_FIPS @@ -690,7 +689,7 @@ diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecd int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -217,6 +221,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns +@@ -208,6 +212,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns ECDSA_SIG *ret; const BIGNUM *priv_key; @@ -718,9 +717,9 @@ diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key.c ---- openssl-1.1.0h/crypto/ec/ec_key.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/ec/ec_key.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.0i/crypto/ec/ec_key.c.fips openssl-1.1.0i/crypto/ec/ec_key.c +--- openssl-1.1.0i/crypto/ec/ec_key.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/ec/ec_key.c 2018-09-20 15:00:45.826607666 +0200 @@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } @@ -785,9 +784,9 @@ diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.0h/crypto/err/err_all.c.fips openssl-1.1.0h/crypto/err/err_all.c ---- openssl-1.1.0h/crypto/err/err_all.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/err/err_all.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.0i/crypto/err/err_all.c.fips openssl-1.1.0i/crypto/err/err_all.c +--- openssl-1.1.0i/crypto/err/err_all.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/err/err_all.c 2018-09-20 15:00:45.827607689 +0200 @@ -43,9 +43,6 @@ int err_load_crypto_strings_int(void) { @@ -798,9 +797,9 @@ diff -up openssl-1.1.0h/crypto/err/err_all.c.fips openssl-1.1.0h/crypto/err/err_ #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || -diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_allc.c ---- openssl-1.1.0h/crypto/evp/c_allc.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/c_allc.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.0i/crypto/evp/c_allc.c.fips openssl-1.1.0i/crypto/evp/c_allc.c +--- openssl-1.1.0i/crypto/evp/c_allc.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/c_allc.c 2018-09-20 15:00:45.827607689 +0200 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -882,9 +881,9 @@ diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_alld.c ---- openssl-1.1.0h/crypto/evp/c_alld.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/c_alld.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.0i/crypto/evp/c_alld.c.fips openssl-1.1.0i/crypto/evp/c_alld.c +--- openssl-1.1.0i/crypto/evp/c_alld.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/c_alld.c 2018-09-20 15:00:45.827607689 +0200 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -911,9 +910,9 @@ diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0h/crypto/evp/digest.c.fips openssl-1.1.0h/crypto/evp/digest.c ---- openssl-1.1.0h/crypto/evp/digest.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/digest.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.0i/crypto/evp/digest.c.fips openssl-1.1.0i/crypto/evp/digest.c +--- openssl-1.1.0i/crypto/evp/digest.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/digest.c 2018-09-20 15:00:45.827607689 +0200 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -973,9 +972,9 @@ diff -up openssl-1.1.0h/crypto/evp/digest.c.fips openssl-1.1.0h/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes.c ---- openssl-1.1.0h/crypto/evp/e_aes.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/e_aes.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.0i/crypto/evp/e_aes.c.fips openssl-1.1.0i/crypto/evp/e_aes.c +--- openssl-1.1.0i/crypto/evp/e_aes.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/e_aes.c 2018-09-20 15:00:45.828607712 +0200 @@ -1263,9 +1263,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -1071,9 +1070,9 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.0h/crypto/evp/e_des3.c.fips openssl-1.1.0h/crypto/evp/e_des3.c ---- openssl-1.1.0h/crypto/evp/e_des3.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/e_des3.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.0i/crypto/evp/e_des3.c.fips openssl-1.1.0i/crypto/evp/e_des3.c +--- openssl-1.1.0i/crypto/evp/e_des3.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/e_des3.c 2018-09-20 15:00:45.828607712 +0200 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1100,9 +1099,9 @@ diff -up openssl-1.1.0h/crypto/evp/e_des3.c.fips openssl-1.1.0h/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.0h/crypto/evp/e_null.c.fips openssl-1.1.0h/crypto/evp/e_null.c ---- openssl-1.1.0h/crypto/evp/e_null.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/e_null.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.0i/crypto/evp/e_null.c.fips openssl-1.1.0i/crypto/evp/e_null.c +--- openssl-1.1.0i/crypto/evp/e_null.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/e_null.c 2018-09-20 15:00:45.828607712 +0200 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1113,9 +1112,9 @@ diff -up openssl-1.1.0h/crypto/evp/e_null.c.fips openssl-1.1.0h/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_enc.c ---- openssl-1.1.0h/crypto/evp/evp_enc.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/evp_enc.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.0i/crypto/evp/evp_enc.c.fips openssl-1.1.0i/crypto/evp/evp_enc.c +--- openssl-1.1.0i/crypto/evp/evp_enc.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/evp_enc.c 2018-09-20 15:00:45.828607712 +0200 @@ -16,10 +16,19 @@ #include #include "internal/evp_int.h" @@ -1191,9 +1190,9 @@ diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_err.c ---- openssl-1.1.0h/crypto/evp/evp_err.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/evp_err.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.0i/crypto/evp/evp_err.c.fips openssl-1.1.0i/crypto/evp/evp_err.c +--- openssl-1.1.0i/crypto/evp/evp_err.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/evp_err.c 2018-09-20 15:00:45.829607736 +0200 @@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[] {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, @@ -1202,7 +1201,7 @@ diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, -@@ -111,6 +112,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +@@ -113,6 +114,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, @@ -1210,7 +1209,7 @@ diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_ {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, -@@ -150,6 +152,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +@@ -153,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1218,9 +1217,9 @@ diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_ {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.0h/crypto/evp/evp_lib.c.fips openssl-1.1.0h/crypto/evp/evp_lib.c ---- openssl-1.1.0h/crypto/evp/evp_lib.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/evp_lib.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.0i/crypto/evp/evp_lib.c.fips openssl-1.1.0i/crypto/evp/evp_lib.c +--- openssl-1.1.0i/crypto/evp/evp_lib.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/evp_lib.c 2018-09-20 15:00:45.829607736 +0200 @@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1231,9 +1230,9 @@ diff -up openssl-1.1.0h/crypto/evp/evp_lib.c.fips openssl-1.1.0h/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha1.c ---- openssl-1.1.0h/crypto/evp/m_sha1.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/m_sha1.c 2018-03-29 15:04:23.512375176 +0200 +diff -up openssl-1.1.0i/crypto/evp/m_sha1.c.fips openssl-1.1.0i/crypto/evp/m_sha1.c +--- openssl-1.1.0i/crypto/evp/m_sha1.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/evp/m_sha1.c 2018-09-20 15:00:45.829607736 +0200 @@ -94,7 +94,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1279,9 +1278,9 @@ diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.0h/crypto/fips/build.info.fips openssl-1.1.0h/crypto/fips/build.info ---- openssl-1.1.0h/crypto/fips/build.info.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/build.info 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.0i/crypto/fips/build.info.fips openssl-1.1.0i/crypto/fips/build.info +--- openssl-1.1.0i/crypto/fips/build.info.fips 2018-09-20 15:00:45.829607736 +0200 ++++ openssl-1.1.0i/crypto/fips/build.info 2018-09-20 15:00:45.829607736 +0200 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1298,9 +1297,9 @@ diff -up openssl-1.1.0h/crypto/fips/build.info.fips openssl-1.1.0h/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_aes_selftest.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_aes_selftest.c.fips 2018-09-20 15:00:45.829607736 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_aes_selftest.c 2018-09-20 15:00:45.829607736 +0200 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1674,9 +1673,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0h/cryp +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips.c.fips openssl-1.1.0h/crypto/fips/fips.c ---- openssl-1.1.0h/crypto/fips/fips.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips.c.fips openssl-1.1.0i/crypto/fips/fips.c +--- openssl-1.1.0i/crypto/fips/fips.c.fips 2018-09-20 15:00:45.829607736 +0200 ++++ openssl-1.1.0i/crypto/fips/fips.c 2018-09-20 15:00:45.829607736 +0200 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2204,9 +2203,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips.c.fips openssl-1.1.0h/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_cmac_selftest.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_cmac_selftest.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2364,9 +2363,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0h/cry + return rv; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_des_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_des_selftest.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_des_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_des_selftest.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_des_selftest.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2501,9 +2500,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0h/cryp + return ret; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_dh_selftest.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_dh_selftest.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_dh_selftest.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2685,9 +2684,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0h/crypt + return ret; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0i/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.0i/crypto/fips/fips_drbg_ctr.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_ctr.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3104,9 +3103,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0h/crypto/f + + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_hash.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0i/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.0i/crypto/fips/fips_drbg_hash.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_hash.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3469,9 +3468,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0h/crypto/ + + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0i/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.0i/crypto/fips/fips_drbg_hmac.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_hmac.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3745,9 +3744,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0h/crypto/ + + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_lib.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0i/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.0i/crypto/fips/fips_drbg_lib.c.fips 2018-09-20 15:00:45.830607759 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_lib.c 2018-09-20 15:00:45.830607759 +0200 @@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4304,9 +4303,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0h/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_rand.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0i/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.0i/crypto/fips/fips_drbg_rand.c.fips 2018-09-20 15:00:45.831607782 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_rand.c 2018-09-20 15:00:45.831607782 +0200 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4491,9 +4490,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0h/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c 2018-03-29 14:44:24.634236830 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_drbg_selftest.c.fips 2018-09-20 15:00:45.831607782 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_selftest.c 2018-09-20 15:00:45.831607782 +0200 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5323,9 +5322,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0h/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips 2018-03-29 14:44:24.634236830 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h 2018-03-29 14:44:24.634236830 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0i/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.0i/crypto/fips/fips_drbg_selftest.h.fips 2018-09-20 15:00:45.831607782 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_drbg_selftest.h 2018-09-20 15:00:45.831607782 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7118,9 +7117,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0h/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c 2018-03-29 14:44:24.634236830 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_dsa_selftest.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_dsa_selftest.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7317,9 +7316,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0h/cryp + return ret; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_ecdh_selftest.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_ecdh_selftest.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7563,9 +7562,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0h/cry +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_ecdsa_selftest.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_ecdsa_selftest.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7733,9 +7732,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0h/cr +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_enc.c.fips openssl-1.1.0h/crypto/fips/fips_enc.c ---- openssl-1.1.0h/crypto/fips/fips_enc.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_enc.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_enc.c.fips openssl-1.1.0i/crypto/fips/fips_enc.c +--- openssl-1.1.0i/crypto/fips/fips_enc.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_enc.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7926,9 +7925,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_enc.c.fips openssl-1.1.0h/crypto/fips/f + + } +} -diff -up openssl-1.1.0h/crypto/fips/fips_err.h.fips openssl-1.1.0h/crypto/fips/fips_err.h ---- openssl-1.1.0h/crypto/fips/fips_err.h.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_err.h 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_err.h.fips openssl-1.1.0i/crypto/fips/fips_err.h +--- openssl-1.1.0i/crypto/fips/fips_err.h.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_err.h 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8126,9 +8125,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_err.h.fips openssl-1.1.0h/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_ers.c.fips openssl-1.1.0h/crypto/fips/fips_ers.c ---- openssl-1.1.0h/crypto/fips/fips_ers.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_ers.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_ers.c.fips openssl-1.1.0i/crypto/fips/fips_ers.c +--- openssl-1.1.0i/crypto/fips/fips_ers.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_ers.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,7 @@ +#include + @@ -8137,9 +8136,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_ers.c.fips openssl-1.1.0h/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_hmac_selftest.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_hmac_selftest.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8275,9 +8274,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0h/cry + return 1; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_locl.h.fips openssl-1.1.0h/crypto/fips/fips_locl.h ---- openssl-1.1.0h/crypto/fips/fips_locl.h.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_locl.h 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_locl.h.fips openssl-1.1.0i/crypto/fips/fips_locl.h +--- openssl-1.1.0i/crypto/fips/fips_locl.h.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_locl.h 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8350,9 +8349,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_locl.h.fips openssl-1.1.0h/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_md.c.fips openssl-1.1.0h/crypto/fips/fips_md.c ---- openssl-1.1.0h/crypto/fips/fips_md.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_md.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_md.c.fips openssl-1.1.0i/crypto/fips/fips_md.c +--- openssl-1.1.0i/crypto/fips/fips_md.c.fips 2018-09-20 15:00:45.832607806 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_md.c 2018-09-20 15:00:45.832607806 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8498,9 +8497,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_md.c.fips openssl-1.1.0h/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.1.0h/crypto/fips/fips_post.c.fips openssl-1.1.0h/crypto/fips/fips_post.c ---- openssl-1.1.0h/crypto/fips/fips_post.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_post.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_post.c.fips openssl-1.1.0i/crypto/fips/fips_post.c +--- openssl-1.1.0i/crypto/fips/fips_post.c.fips 2018-09-20 15:00:45.833607829 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_post.c 2018-09-20 15:00:45.833607829 +0200 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8724,9 +8723,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_post.c.fips openssl-1.1.0h/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0h/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_rand_lcl.h 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0i/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.0i/crypto/fips/fips_rand_lcl.h.fips 2018-09-20 15:00:45.833607829 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_rand_lcl.h 2018-09-20 15:00:45.833607829 +0200 @@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8937,9 +8936,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0h/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0h/crypto/fips/fips_rand_lib.c ---- openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_rand_lib.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0i/crypto/fips/fips_rand_lib.c +--- openssl-1.1.0i/crypto/fips/fips_rand_lib.c.fips 2018-09-20 15:00:45.833607829 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_rand_lib.c 2018-09-20 15:00:45.833607829 +0200 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9175,9 +9174,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0h/crypto/f +# endif +} + -diff -up openssl-1.1.0h/crypto/fips/fips_randtest.c.fips openssl-1.1.0h/crypto/fips/fips_randtest.c ---- openssl-1.1.0h/crypto/fips/fips_randtest.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_randtest.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_randtest.c.fips openssl-1.1.0i/crypto/fips/fips_randtest.c +--- openssl-1.1.0i/crypto/fips/fips_randtest.c.fips 2018-09-20 15:00:45.833607829 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_randtest.c 2018-09-20 15:00:45.833607829 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -9426,9 +9425,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_randtest.c.fips openssl-1.1.0h/crypto/f +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_rsa_selftest.c.fips 2018-09-20 15:00:45.833607829 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_rsa_selftest.c 2018-09-20 15:00:45.833607829 +0200 @@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10008,9 +10007,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0h/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_sha_selftest.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0i/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.0i/crypto/fips/fips_sha_selftest.c.fips 2018-09-20 15:00:45.833607829 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_sha_selftest.c 2018-09-20 15:00:45.833607829 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10150,9 +10149,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0h/cryp +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0i/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.0i/crypto/fips/fips_standalone_hmac.c.fips 2018-09-20 15:00:45.834607852 +0200 ++++ openssl-1.1.0i/crypto/fips/fips_standalone_hmac.c 2018-09-20 15:00:45.834607852 +0200 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10281,9 +10280,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0h/c +#endif + return 0; +} -diff -up openssl-1.1.0h/crypto/hmac/hmac.c.fips openssl-1.1.0h/crypto/hmac/hmac.c ---- openssl-1.1.0h/crypto/hmac/hmac.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/hmac/hmac.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.0i/crypto/hmac/hmac.c.fips openssl-1.1.0i/crypto/hmac/hmac.c +--- openssl-1.1.0i/crypto/hmac/hmac.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/hmac/hmac.c 2018-09-20 15:00:45.834607852 +0200 @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } @@ -10298,9 +10297,9 @@ diff -up openssl-1.1.0h/crypto/hmac/hmac.c.fips openssl-1.1.0h/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.1.0h/crypto/include/internal/fips_int.h.fips openssl-1.1.0h/crypto/include/internal/fips_int.h ---- openssl-1.1.0h/crypto/include/internal/fips_int.h.fips 2018-03-29 14:44:24.637236901 +0200 -+++ openssl-1.1.0h/crypto/include/internal/fips_int.h 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/include/internal/fips_int.h.fips openssl-1.1.0i/crypto/include/internal/fips_int.h +--- openssl-1.1.0i/crypto/include/internal/fips_int.h.fips 2018-09-20 15:00:45.834607852 +0200 ++++ openssl-1.1.0i/crypto/include/internal/fips_int.h 2018-09-20 15:00:45.834607852 +0200 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10403,9 +10402,9 @@ diff -up openssl-1.1.0h/crypto/include/internal/fips_int.h.fips openssl-1.1.0h/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.0h/crypto/o_fips.c.fips openssl-1.1.0h/crypto/o_fips.c ---- openssl-1.1.0h/crypto/o_fips.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/o_fips.c 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/o_fips.c.fips openssl-1.1.0i/crypto/o_fips.c +--- openssl-1.1.0i/crypto/o_fips.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/o_fips.c 2018-09-20 15:00:45.834607852 +0200 @@ -9,7 +9,10 @@ #include "internal/cryptlib.h" @@ -10434,9 +10433,9 @@ diff -up openssl-1.1.0h/crypto/o_fips.c.fips openssl-1.1.0h/crypto/o_fips.c #else if (r == 0) return 1; -diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c ---- openssl-1.1.0h/crypto/o_init.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/o_init.c 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/o_init.c.fips openssl-1.1.0i/crypto/o_init.c +--- openssl-1.1.0i/crypto/o_init.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/o_init.c 2018-09-20 15:00:45.834607852 +0200 @@ -7,11 +7,50 @@ * https://www.openssl.org/source/license.html */ @@ -10523,9 +10522,9 @@ diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.1.0h/crypto/rand/md_rand.c.fips openssl-1.1.0h/crypto/rand/md_rand.c ---- openssl-1.1.0h/crypto/rand/md_rand.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rand/md_rand.c 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/rand/md_rand.c.fips openssl-1.1.0i/crypto/rand/md_rand.c +--- openssl-1.1.0i/crypto/rand/md_rand.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rand/md_rand.c 2018-09-20 15:00:45.834607852 +0200 @@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; @@ -10535,9 +10534,9 @@ diff -up openssl-1.1.0h/crypto/rand/md_rand.c.fips openssl-1.1.0h/crypto/rand/md RAND_poll(); initialized = 1; } -diff -up openssl-1.1.0h/crypto/rand/rand_err.c.fips openssl-1.1.0h/crypto/rand/rand_err.c ---- openssl-1.1.0h/crypto/rand/rand_err.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rand/rand_err.c 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/rand/rand_err.c.fips openssl-1.1.0i/crypto/rand/rand_err.c +--- openssl-1.1.0i/crypto/rand/rand_err.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rand/rand_err.c 2018-09-20 15:00:45.834607852 +0200 @@ -20,10 +20,13 @@ static ERR_STRING_DATA RAND_str_functs[] = { @@ -10552,9 +10551,9 @@ diff -up openssl-1.1.0h/crypto/rand/rand_err.c.fips openssl-1.1.0h/crypto/rand/r {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; -diff -up openssl-1.1.0h/crypto/rand/rand_lcl.h.fips openssl-1.1.0h/crypto/rand/rand_lcl.h ---- openssl-1.1.0h/crypto/rand/rand_lcl.h.fips 2018-03-29 14:44:24.359230371 +0200 -+++ openssl-1.1.0h/crypto/rand/rand_lcl.h 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/rand/rand_lcl.h.fips openssl-1.1.0i/crypto/rand/rand_lcl.h +--- openssl-1.1.0i/crypto/rand/rand_lcl.h.fips 2018-09-20 15:00:45.547601162 +0200 ++++ openssl-1.1.0i/crypto/rand/rand_lcl.h 2018-09-20 15:00:45.835607875 +0200 @@ -10,7 +10,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -10564,9 +10563,9 @@ diff -up openssl-1.1.0h/crypto/rand/rand_lcl.h.fips openssl-1.1.0h/crypto/rand/r # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # define USE_SHA1_RAND -diff -up openssl-1.1.0h/crypto/rand/rand_lib.c.fips openssl-1.1.0h/crypto/rand/rand_lib.c ---- openssl-1.1.0h/crypto/rand/rand_lib.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rand/rand_lib.c 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/rand/rand_lib.c.fips openssl-1.1.0i/crypto/rand/rand_lib.c +--- openssl-1.1.0i/crypto/rand/rand_lib.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rand/rand_lib.c 2018-09-20 15:00:45.835607875 +0200 @@ -18,6 +18,8 @@ #ifdef OPENSSL_FIPS # include @@ -10704,9 +10703,9 @@ diff -up openssl-1.1.0h/crypto/rand/rand_lib.c.fips openssl-1.1.0h/crypto/rand/r +} + +#endif -diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa_crpt.c ---- openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_crpt.c 2018-03-29 14:44:24.637236901 +0200 +diff -up openssl-1.1.0i/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0i/crypto/rsa/rsa_crpt.c +--- openssl-1.1.0i/crypto/rsa/rsa_crpt.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rsa/rsa_crpt.c 2018-09-20 15:00:45.835607875 +0200 @@ -28,24 +28,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10760,9 +10759,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.1.0h/crypto/rsa/rsa_err.c.fips openssl-1.1.0h/crypto/rsa/rsa_err.c ---- openssl-1.1.0h/crypto/rsa/rsa_err.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_err.c 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.0i/crypto/rsa/rsa_err.c.fips openssl-1.1.0i/crypto/rsa/rsa_err.c +--- openssl-1.1.0i/crypto/rsa/rsa_err.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rsa/rsa_err.c 2018-09-20 15:00:45.835607875 +0200 @@ -21,6 +21,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, @@ -10808,9 +10807,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_err.c.fips openssl-1.1.0h/crypto/rsa/rsa_ {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_gen.c ---- openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips 2018-03-29 14:44:24.620236501 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-29 15:20:36.277287100 +0200 +diff -up openssl-1.1.0i/crypto/rsa/rsa_gen.c.fips openssl-1.1.0i/crypto/rsa/rsa_gen.c +--- openssl-1.1.0i/crypto/rsa/rsa_gen.c.fips 2018-09-20 15:00:45.815607409 +0200 ++++ openssl-1.1.0i/crypto/rsa/rsa_gen.c 2018-09-20 15:00:45.835607875 +0200 @@ -18,6 +18,75 @@ #include "internal/cryptlib.h" #include @@ -11208,9 +11207,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ /* * When generating ridiculously small keys, we can get stuck * continually regenerating the same prime values. -diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_lib.c ---- openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_lib.c 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.0i/crypto/rsa/rsa_lib.c.fips openssl-1.1.0i/crypto/rsa/rsa_lib.c +--- openssl-1.1.0i/crypto/rsa/rsa_lib.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rsa/rsa_lib.c 2018-09-20 15:00:45.835607875 +0200 @@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -11253,9 +11252,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa_ossl.c ---- openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_ossl.c 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.0i/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0i/crypto/rsa/rsa_ossl.c +--- openssl-1.1.0i/crypto/rsa/rsa_ossl.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rsa/rsa_ossl.c 2018-09-20 15:00:45.835607875 +0200 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -11303,7 +11302,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -@@ -245,6 +271,22 @@ static int rsa_ossl_private_encrypt(int +@@ -240,6 +266,22 @@ static int rsa_ossl_private_encrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -11326,7 +11325,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int +@@ -370,6 +412,22 @@ static int rsa_ossl_private_decrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -11349,7 +11348,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -504,6 +562,22 @@ static int rsa_ossl_public_decrypt(int f +@@ -492,6 +550,22 @@ static int rsa_ossl_public_decrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -11372,9 +11371,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips openssl-1.1.0h/crypto/rsa/rsa_sign.c ---- openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_sign.c 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.0i/crypto/rsa/rsa_sign.c.fips openssl-1.1.0i/crypto/rsa/rsa_sign.c +--- openssl-1.1.0i/crypto/rsa/rsa_sign.c.fips 2018-08-14 14:45:07.000000000 +0200 ++++ openssl-1.1.0i/crypto/rsa/rsa_sign.c 2018-09-20 15:00:45.836607899 +0200 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -11401,9 +11400,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips openssl-1.1.0h/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.0h/crypto/sha/sha_locl.h.fips openssl-1.1.0h/crypto/sha/sha_locl.h ---- openssl-1.1.0h/crypto/sha/sha_locl.h.fips 2018-03-29 14:44:24.237227506 +0200 -+++ openssl-1.1.0h/crypto/sha/sha_locl.h 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.0i/crypto/sha/sha_locl.h.fips openssl-1.1.0i/crypto/sha/sha_locl.h +--- openssl-1.1.0i/crypto/sha/sha_locl.h.fips 2018-09-20 15:00:45.422598248 +0200 ++++ openssl-1.1.0i/crypto/sha/sha_locl.h 2018-09-20 15:00:45.836607899 +0200 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -11414,9 +11413,9 @@ diff -up openssl-1.1.0h/crypto/sha/sha_locl.h.fips openssl-1.1.0h/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.0h/crypto/sha/sha256.c.fips openssl-1.1.0h/crypto/sha/sha256.c ---- openssl-1.1.0h/crypto/sha/sha256.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/sha/sha256.c 2018-03-29 14:44:24.639236948 +0200 +diff -up openssl-1.1.0i/crypto/sha/sha256.c.fips openssl-1.1.0i/crypto/sha/sha256.c +--- openssl-1.1.0i/crypto/sha/sha256.c.fips 2018-08-14 14:45:08.000000000 +0200 ++++ openssl-1.1.0i/crypto/sha/sha256.c 2018-09-20 15:00:45.836607899 +0200 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -11437,9 +11436,9 @@ diff -up openssl-1.1.0h/crypto/sha/sha256.c.fips openssl-1.1.0h/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha512.c ---- openssl-1.1.0h/crypto/sha/sha512.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/sha/sha512.c 2018-03-29 14:44:24.639236948 +0200 +diff -up openssl-1.1.0i/crypto/sha/sha512.c.fips openssl-1.1.0i/crypto/sha/sha512.c +--- openssl-1.1.0i/crypto/sha/sha512.c.fips 2018-08-14 14:45:08.000000000 +0200 ++++ openssl-1.1.0i/crypto/sha/sha512.c 2018-09-20 15:00:45.836607899 +0200 @@ -62,6 +62,9 @@ int SHA384_Init(SHA512_CTX *c) @@ -11460,9 +11459,9 @@ diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod 2018-03-29 14:44:24.639236948 +0200 +diff -up openssl-1.1.0i/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0i/doc/crypto/DSA_generate_parameters.pod +--- openssl-1.1.0i/doc/crypto/DSA_generate_parameters.pod.fips 2018-08-14 14:45:08.000000000 +0200 ++++ openssl-1.1.0i/doc/crypto/DSA_generate_parameters.pod 2018-09-20 15:00:45.836607899 +0200 @@ -29,8 +29,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -11476,9 +11475,9 @@ diff -up openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.0h/include/openssl/crypto.h.fips openssl-1.1.0h/include/openssl/crypto.h ---- openssl-1.1.0h/include/openssl/crypto.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/crypto.h 2018-03-29 14:44:24.640236971 +0200 +diff -up openssl-1.1.0i/include/openssl/crypto.h.fips openssl-1.1.0i/include/openssl/crypto.h +--- openssl-1.1.0i/include/openssl/crypto.h.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/crypto.h 2018-09-20 15:00:45.836607899 +0200 @@ -336,6 +336,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -11491,9 +11490,9 @@ diff -up openssl-1.1.0h/include/openssl/crypto.h.fips openssl-1.1.0h/include/ope void OPENSSL_init(void); struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -diff -up openssl-1.1.0h/include/openssl/dh.h.fips openssl-1.1.0h/include/openssl/dh.h ---- openssl-1.1.0h/include/openssl/dh.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/dh.h 2018-03-29 14:44:24.640236971 +0200 +diff -up openssl-1.1.0i/include/openssl/dh.h.fips openssl-1.1.0i/include/openssl/dh.h +--- openssl-1.1.0i/include/openssl/dh.h.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/dh.h 2018-09-20 15:00:45.836607899 +0200 @@ -30,6 +30,7 @@ extern "C" { # endif @@ -11525,9 +11524,9 @@ diff -up openssl-1.1.0h/include/openssl/dh.h.fips openssl-1.1.0h/include/openssl # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openssl/dsa.h ---- openssl-1.1.0h/include/openssl/dsa.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/dsa.h 2018-03-29 14:44:24.641236994 +0200 +diff -up openssl-1.1.0i/include/openssl/dsa.h.fips openssl-1.1.0i/include/openssl/dsa.h +--- openssl-1.1.0i/include/openssl/dsa.h.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/dsa.h 2018-09-20 15:00:45.837607922 +0200 @@ -36,6 +36,7 @@ extern "C" { # endif @@ -11536,19 +11535,7 @@ diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -@@ -146,9 +147,9 @@ int DSAparams_print_fp(FILE *fp, const D - int DSA_print_fp(FILE *bp, const DSA *x, int off); - # endif - --# define DSS_prime_checks 50 -+# define DSS_prime_checks 64 - /* -- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of -+ * Primality test according to FIPS PUB 186-4, Appendix 2.1: 64 rounds of - * Rabin-Miller - */ - # define DSA_is_prime(n, callback, cb_arg) \ -@@ -241,8 +242,11 @@ int ERR_load_DSA_strings(void); +@@ -243,8 +244,11 @@ int ERR_load_DSA_strings(void); /* Function codes. */ # define DSA_F_DSAPARAMS_PRINT 100 # define DSA_F_DSAPARAMS_PRINT_FP 101 @@ -11560,7 +11547,7 @@ diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openss # define DSA_F_DSA_DO_SIGN 112 # define DSA_F_DSA_DO_VERIFY 113 # define DSA_F_DSA_METH_DUP 127 -@@ -269,9 +273,12 @@ int ERR_load_DSA_strings(void); +@@ -272,9 +276,12 @@ int ERR_load_DSA_strings(void); # define DSA_R_DECODE_ERROR 104 # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 @@ -11573,9 +11560,9 @@ diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openss # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openssl/evp.h ---- openssl-1.1.0h/include/openssl/evp.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/evp.h 2018-03-29 14:44:24.641236994 +0200 +diff -up openssl-1.1.0i/include/openssl/evp.h.fips openssl-1.1.0i/include/openssl/evp.h +--- openssl-1.1.0i/include/openssl/evp.h.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/evp.h 2018-09-20 15:00:45.837607922 +0200 @@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 @@ -11584,7 +11571,7 @@ diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openss # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_CAMELLIA_INIT_KEY 159 # define EVP_F_CHACHA20_POLY1305_CTRL 182 -@@ -1539,6 +1540,7 @@ int ERR_load_EVP_strings(void); +@@ -1541,6 +1542,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -11592,7 +11579,7 @@ diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openss # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -1575,6 +1577,7 @@ int ERR_load_EVP_strings(void); +@@ -1578,6 +1580,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -11600,9 +11587,9 @@ diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openss # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.0h/include/openssl/fips.h.fips openssl-1.1.0h/include/openssl/fips.h ---- openssl-1.1.0h/include/openssl/fips.h.fips 2018-03-29 14:44:24.641236994 +0200 -+++ openssl-1.1.0h/include/openssl/fips.h 2018-03-29 14:44:24.641236994 +0200 +diff -up openssl-1.1.0i/include/openssl/fips.h.fips openssl-1.1.0i/include/openssl/fips.h +--- openssl-1.1.0i/include/openssl/fips.h.fips 2018-09-20 15:00:45.837607922 +0200 ++++ openssl-1.1.0i/include/openssl/fips.h 2018-09-20 15:00:45.837607922 +0200 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11790,9 +11777,9 @@ diff -up openssl-1.1.0h/include/openssl/fips.h.fips openssl-1.1.0h/include/opens +} +# endif +#endif -diff -up openssl-1.1.0h/include/openssl/fips_rand.h.fips openssl-1.1.0h/include/openssl/fips_rand.h ---- openssl-1.1.0h/include/openssl/fips_rand.h.fips 2018-03-29 14:44:24.641236994 +0200 -+++ openssl-1.1.0h/include/openssl/fips_rand.h 2018-03-29 14:44:24.641236994 +0200 +diff -up openssl-1.1.0i/include/openssl/fips_rand.h.fips openssl-1.1.0i/include/openssl/fips_rand.h +--- openssl-1.1.0i/include/openssl/fips_rand.h.fips 2018-09-20 15:00:45.837607922 +0200 ++++ openssl-1.1.0i/include/openssl/fips_rand.h 2018-09-20 15:00:45.837607922 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11939,10 +11926,10 @@ diff -up openssl-1.1.0h/include/openssl/fips_rand.h.fips openssl-1.1.0h/include/ +# endif +# endif +#endif -diff -up openssl-1.1.0h/include/openssl/opensslconf.h.in.fips openssl-1.1.0h/include/openssl/opensslconf.h.in ---- openssl-1.1.0h/include/openssl/opensslconf.h.in.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/opensslconf.h.in 2018-03-29 14:44:24.642237018 +0200 -@@ -136,6 +136,11 @@ extern "C" { +diff -up openssl-1.1.0i/include/openssl/opensslconf.h.in.fips openssl-1.1.0i/include/openssl/opensslconf.h.in +--- openssl-1.1.0i/include/openssl/opensslconf.h.in.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/opensslconf.h.in 2018-09-20 15:00:45.837607922 +0200 +@@ -142,6 +142,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11954,9 +11941,9 @@ diff -up openssl-1.1.0h/include/openssl/opensslconf.h.in.fips openssl-1.1.0h/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.0h/include/openssl/rand.h.fips openssl-1.1.0h/include/openssl/rand.h ---- openssl-1.1.0h/include/openssl/rand.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/rand.h 2018-03-29 14:44:24.642237018 +0200 +diff -up openssl-1.1.0i/include/openssl/rand.h.fips openssl-1.1.0i/include/openssl/rand.h +--- openssl-1.1.0i/include/openssl/rand.h.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/rand.h 2018-09-20 15:00:45.837607922 +0200 @@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) #endif @@ -11981,9 +11968,9 @@ diff -up openssl-1.1.0h/include/openssl/rand.h.fips openssl-1.1.0h/include/opens # define RAND_R_PRNG_NOT_SEEDED 100 # ifdef __cplusplus -diff -up openssl-1.1.0h/include/openssl/rsa.h.fips openssl-1.1.0h/include/openssl/rsa.h ---- openssl-1.1.0h/include/openssl/rsa.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/rsa.h 2018-03-29 14:44:24.642237018 +0200 +diff -up openssl-1.1.0i/include/openssl/rsa.h.fips openssl-1.1.0i/include/openssl/rsa.h +--- openssl-1.1.0i/include/openssl/rsa.h.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/rsa.h 2018-09-20 15:00:45.838607945 +0200 @@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); /* Function codes. */ # define RSA_F_CHECK_PADDING_MD 140 @@ -12028,10 +12015,10 @@ diff -up openssl-1.1.0h/include/openssl/rsa.h.fips openssl-1.1.0h/include/openss # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.1.0h/ssl/ssl_ciph.c.fips openssl-1.1.0h/ssl/ssl_ciph.c ---- openssl-1.1.0h/ssl/ssl_ciph.c.fips 2018-03-29 14:44:24.625236619 +0200 -+++ openssl-1.1.0h/ssl/ssl_ciph.c 2018-03-29 14:44:24.643237042 +0200 -@@ -404,7 +404,8 @@ void ssl_load_ciphers(void) +diff -up openssl-1.1.0i/ssl/ssl_ciph.c.fips openssl-1.1.0i/ssl/ssl_ciph.c +--- openssl-1.1.0i/ssl/ssl_ciph.c.fips 2018-09-20 15:00:45.821607549 +0200 ++++ openssl-1.1.0i/ssl/ssl_ciph.c 2018-09-20 15:00:45.838607945 +0200 +@@ -401,7 +401,8 @@ void ssl_load_ciphers(void) } } /* Make sure we can access MD5 and SHA1 */ @@ -12041,7 +12028,7 @@ diff -up openssl-1.1.0h/ssl/ssl_ciph.c.fips openssl-1.1.0h/ssl/ssl_ciph.c OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); disabled_mkey_mask = 0; -@@ -687,7 +688,7 @@ static void ssl_cipher_collect_ciphers(c +@@ -684,7 +685,7 @@ static void ssl_cipher_collect_ciphers(c /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; @@ -12050,10 +12037,10 @@ diff -up openssl-1.1.0h/ssl/ssl_ciph.c.fips openssl-1.1.0h/ssl/ssl_ciph.c continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || -diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c ---- openssl-1.1.0h/ssl/ssl_init.c.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/ssl/ssl_init.c 2018-03-29 14:44:24.643237042 +0200 -@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas +diff -up openssl-1.1.0i/ssl/ssl_init.c.fips openssl-1.1.0i/ssl/ssl_init.c +--- openssl-1.1.0i/ssl/ssl_init.c.fips 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/ssl/ssl_init.c 2018-09-20 15:00:45.838607945 +0200 +@@ -29,6 +29,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); #endif @@ -12064,7 +12051,7 @@ diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -84,6 +88,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas +@@ -85,6 +89,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); @@ -12096,10 +12083,10 @@ diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.0h/ssl/ssl_lib.c.fips openssl-1.1.0h/ssl/ssl_lib.c ---- openssl-1.1.0h/ssl/ssl_lib.c.fips 2018-03-29 14:44:24.625236619 +0200 -+++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:44:24.643237042 +0200 -@@ -2588,13 +2588,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.0i/ssl/ssl_lib.c.fips openssl-1.1.0i/ssl/ssl_lib.c +--- openssl-1.1.0i/ssl/ssl_lib.c.fips 2018-09-20 15:00:45.822607573 +0200 ++++ openssl-1.1.0i/ssl/ssl_lib.c 2018-09-20 15:00:45.839607969 +0200 +@@ -2597,13 +2597,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -12124,9 +12111,9 @@ diff -up openssl-1.1.0h/ssl/ssl_lib.c.fips openssl-1.1.0h/ssl/ssl_lib.c } if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.0h/test/dsatest.c.fips openssl-1.1.0h/test/dsatest.c ---- openssl-1.1.0h/test/dsatest.c.fips 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/test/dsatest.c 2018-03-29 14:44:24.644237065 +0200 +diff -up openssl-1.1.0i/test/dsatest.c.fips openssl-1.1.0i/test/dsatest.c +--- openssl-1.1.0i/test/dsatest.c.fips 2018-08-14 14:45:10.000000000 +0200 ++++ openssl-1.1.0i/test/dsatest.c 2018-09-20 15:00:45.839607969 +0200 @@ -32,41 +32,42 @@ int main(int argc, char *argv[]) static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -12215,55 +12202,52 @@ diff -up openssl-1.1.0h/test/dsatest.c.fips openssl-1.1.0h/test/dsatest.c goto end; } if (h != 2) { -diff -up openssl-1.1.0h/util/libcrypto.num.fips openssl-1.1.0h/util/libcrypto.num ---- openssl-1.1.0h/util/libcrypto.num.fips 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/util/libcrypto.num 2018-03-29 18:06:26.962651662 +0200 -@@ -4232,5 +4232,40 @@ ZINT64_it - ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: - CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: - EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE --OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP -+FIPS_drbg_reseed 4348 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_check 4349 1_1_0g EXIST::FUNCTION: -+FIPS_rand_set_method 4350 1_1_0g EXIST::FUNCTION: -+FIPS_get_default_drbg 4351 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_reseed_interval 4352 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_app_data 4353 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_method 4354 1_1_0g EXIST::FUNCTION: -+FIPS_rand_status 4355 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_instantiate 4356 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_callbacks 4357 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_new 4358 1_1_0g EXIST::FUNCTION: -+FIPS_dsa_paramgen_check_g 4359 1_1_0g EXIST::FUNCTION: -+FIPS_selftest 4360 1_1_0g EXIST::FUNCTION: -+FIPS_rand_set_bits 4361 1_1_0g EXIST::FUNCTION: -+FIPS_rand_bytes 4362 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_app_data 4363 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_failed 4364 1_1_0g EXIST::FUNCTION: -+FIPS_dsa_builtin_paramgen2 4365 1_1_0g EXIST::FUNCTION: -+FIPS_rand_reset 4366 1_1_0g EXIST::FUNCTION: -+ERR_load_FIPS_strings 4367 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_generate 4368 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_uninstantiate 4369 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_check_interval 4370 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_free 4371 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_drbg_all 4372 1_1_0g EXIST::FUNCTION: -+FIPS_rand_get_method 4373 1_1_0g EXIST::FUNCTION: -+RAND_set_fips_drbg_type 4374 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_health_check 4375 1_1_0g EXIST::FUNCTION: -+RAND_init_fips 4376 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_rand_callbacks 4377 1_1_0g EXIST::FUNCTION: -+FIPS_rand_seed 4378 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_strength 4379 1_1_0g EXIST::FUNCTION: -+FIPS_rand_strength 4380 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_blocklength 4381 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_init 4382 1_1_0g EXIST::FUNCTION: -+OCSP_resp_get0_signer 4384 1_1_0h EXIST::FUNCTION:OCSP - X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: -diff -up openssl-1.1.0h/util/mkdef.pl.fips openssl-1.1.0h/util/mkdef.pl ---- openssl-1.1.0h/util/mkdef.pl.fips 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/util/mkdef.pl 2018-03-29 14:44:24.644237065 +0200 -@@ -311,6 +311,8 @@ $crypto.=" include/openssl/modes.h"; +diff -up openssl-1.1.0i/util/libcrypto.num.fips openssl-1.1.0i/util/libcrypto.num +--- openssl-1.1.0i/util/libcrypto.num.fips 2018-09-20 15:00:45.839607969 +0200 ++++ openssl-1.1.0i/util/libcrypto.num 2018-09-20 15:03:17.200136311 +0200 +@@ -4263,3 +4263,38 @@ X509_OBJECT_set1_X509 + X509_LOOKUP_meth_get_get_by_issuer_serial 4515 1_1_0i EXIST::FUNCTION: + X509_LOOKUP_meth_set_init 4516 1_1_0i EXIST::FUNCTION: + X509_OBJECT_set1_X509_CRL 4517 1_1_0i EXIST::FUNCTION: ++FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: ++FIPS_get_default_drbg 6351 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_reseed_interval 6352 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_app_data 6353 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_method 6354 1_1_0g EXIST::FUNCTION: ++FIPS_rand_status 6355 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_instantiate 6356 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_callbacks 6357 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_new 6358 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_paramgen_check_g 6359 1_1_0g EXIST::FUNCTION: ++FIPS_selftest 6360 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_bits 6361 1_1_0g EXIST::FUNCTION: ++FIPS_rand_bytes 6362 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_app_data 6363 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_failed 6364 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_builtin_paramgen2 6365 1_1_0g EXIST::FUNCTION: ++FIPS_rand_reset 6366 1_1_0g EXIST::FUNCTION: ++ERR_load_FIPS_strings 6367 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_generate 6368 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_uninstantiate 6369 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_check_interval 6370 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_free 6371 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_drbg_all 6372 1_1_0g EXIST::FUNCTION: ++FIPS_rand_get_method 6373 1_1_0g EXIST::FUNCTION: ++RAND_set_fips_drbg_type 6374 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_health_check 6375 1_1_0g EXIST::FUNCTION: ++RAND_init_fips 6376 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_rand_callbacks 6377 1_1_0g EXIST::FUNCTION: ++FIPS_rand_seed 6378 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: ++FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: +diff -up openssl-1.1.0i/util/mkdef.pl.fips openssl-1.1.0i/util/mkdef.pl +--- openssl-1.1.0i/util/mkdef.pl.fips 2018-08-14 14:45:10.000000000 +0200 ++++ openssl-1.1.0i/util/mkdef.pl 2018-09-20 15:00:45.840607992 +0200 +@@ -312,6 +312,8 @@ $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; $crypto.=" include/openssl/ct.h"; $crypto.=" include/openssl/kdf.h"; diff --git a/openssl-1.1.0-system-cipherlist.patch b/openssl-1.1.0-system-cipherlist.patch index 9f63162..08cd1e4 100644 --- a/openssl-1.1.0-system-cipherlist.patch +++ b/openssl-1.1.0-system-cipherlist.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0e/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist 2017-02-16 16:15:38.658931413 +0100 -+++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl 2017-02-16 16:15:38.675931806 +0100 -@@ -161,6 +161,10 @@ MANDIR=$(INSTALLTOP)/share/man +diff -up openssl-1.1.0i/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0i/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0i/Configurations/unix-Makefile.tmpl.system-cipherlist 2018-09-20 14:59:34.633951133 +0200 ++++ openssl-1.1.0i/Configurations/unix-Makefile.tmpl 2018-09-20 14:59:34.654951621 +0200 +@@ -164,6 +164,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -12,7 +12,7 @@ diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist open # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -171,7 +175,7 @@ HTMLSUFFIX=html +@@ -174,7 +178,7 @@ HTMLSUFFIX=html CROSS_COMPILE= {- $config{cross_compile_prefix} -} CC= $(CROSS_COMPILE){- $target{cc} -} @@ -21,19 +21,19 @@ diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist open CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} LDFLAGS= {- $target{lflags} -} PLIB_LDFLAGS= {- $target{plib_lflags} -} -diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure ---- openssl-1.1.0e/Configure.system-cipherlist 2017-02-16 12:58:20.000000000 +0100 -+++ openssl-1.1.0e/Configure 2017-02-16 16:15:38.679931899 +0100 -@@ -18,7 +18,7 @@ use if $^O ne "VMS", 'File::Glob' => qw/ - - # see INSTALL for instructions. +diff -up openssl-1.1.0i/Configure.system-cipherlist openssl-1.1.0i/Configure +--- openssl-1.1.0i/Configure.system-cipherlist 2018-08-14 14:45:06.000000000 +0200 ++++ openssl-1.1.0i/Configure 2018-09-20 15:00:20.494017123 +0200 +@@ -23,7 +23,7 @@ use OpenSSL::Glob; + my $orig_death_handler = $SIG{__DIE__}; + $SIG{__DIE__} = \&death_handler; -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # -@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no- +@@ -40,6 +40,9 @@ my $usage="Usage: Configure [no- # This becomes the value of OPENSSLDIR in Makefile and in C. # (Default: PREFIX/ssl) # @@ -43,7 +43,7 @@ diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure # --cross-compile-prefix Add specified prefix to binutils components. # # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for -@@ -293,6 +296,7 @@ $config{openssldir}=""; +@@ -298,6 +301,7 @@ $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; $config{cross_compile_prefix}=""; @@ -51,7 +51,7 @@ diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure $config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; my $nofipscanistercheck=0; $config{baseaddr}="0xFB00000"; -@@ -718,6 +722,10 @@ while (@argvcopy) +@@ -704,6 +708,10 @@ while (@argvcopy) { $config{baseaddr}="$1"; } @@ -62,7 +62,7 @@ diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure elsif (/^--cross-compile-prefix=(.*)$/) { $config{cross_compile_prefix}=$1; -@@ -851,6 +859,8 @@ if ($target =~ m/^CygWin32(-.*)$/) { +@@ -837,6 +845,8 @@ if ($target =~ m/^CygWin32(-.*)$/) { $target = "Cygwin".$1; } @@ -71,10 +71,10 @@ diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure foreach (sort (keys %disabled)) { $config{options} .= " no-$_"; -diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/doc/apps/ciphers.pod ---- openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/doc/apps/ciphers.pod 2017-02-16 16:37:14.043219953 +0100 -@@ -181,6 +181,15 @@ As of OpenSSL 1.0.0, the B cipher s +diff -up openssl-1.1.0i/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0i/doc/apps/ciphers.pod +--- openssl-1.1.0i/doc/apps/ciphers.pod.system-cipherlist 2018-08-14 14:45:08.000000000 +0200 ++++ openssl-1.1.0i/doc/apps/ciphers.pod 2018-09-20 14:59:34.655951644 +0200 +@@ -176,6 +176,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -90,9 +90,9 @@ diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/do =item B "high" encryption cipher suites. This currently means those with key lengths -diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/include/openssl/ssl.h ---- openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/ssl.h 2017-02-16 16:15:38.676931830 +0100 +diff -up openssl-1.1.0i/include/openssl/ssl.h.system-cipherlist openssl-1.1.0i/include/openssl/ssl.h +--- openssl-1.1.0i/include/openssl/ssl.h.system-cipherlist 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/include/openssl/ssl.h 2018-09-20 14:59:34.655951644 +0200 @@ -201,6 +201,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -105,10 +105,10 @@ diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/i /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ciph.c ---- openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 16:15:38.691932177 +0100 -@@ -1289,6 +1289,50 @@ static int check_suiteb_cipher_list(cons +diff -up openssl-1.1.0i/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0i/ssl/ssl_ciph.c +--- openssl-1.1.0i/ssl/ssl_ciph.c.system-cipherlist 2018-08-14 14:45:09.000000000 +0200 ++++ openssl-1.1.0i/ssl/ssl_ciph.c 2018-09-20 14:59:34.656951667 +0200 +@@ -1287,6 +1287,50 @@ static int check_suiteb_cipher_list(cons } #endif @@ -159,7 +159,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) **cipher_list, STACK_OF(SSL_CIPHER) **cipher_list_by_id, -@@ -1296,19 +1341,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1294,19 +1338,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; @@ -192,7 +192,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ #endif /* -@@ -1331,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1329,7 +1383,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -201,7 +201,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1401,8 +1456,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1395,8 +1449,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -211,7 +211,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ } /* -@@ -1447,9 +1501,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1441,9 +1494,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -222,7 +222,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1475,8 +1528,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1469,8 +1521,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -232,7 +232,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ } /* -@@ -1484,8 +1536,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1478,8 +1529,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -242,7 +242,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ } /* -@@ -1496,21 +1547,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1490,21 +1540,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { @@ -268,7 +268,7 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ } sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; -@@ -1520,6 +1571,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1514,6 +1564,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); sk_SSL_CIPHER_sort(*cipher_list_by_id); @@ -281,10 +281,10 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ return (cipherstack); } -diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_lib.c ---- openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist 2017-02-16 16:15:38.673931760 +0100 -+++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 16:15:38.692932200 +0100 -@@ -509,7 +509,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx +diff -up openssl-1.1.0i/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0i/ssl/ssl_lib.c +--- openssl-1.1.0i/ssl/ssl_lib.c.system-cipherlist 2018-09-20 14:59:34.653951597 +0200 ++++ openssl-1.1.0i/ssl/ssl_lib.c 2018-09-20 14:59:34.656951667 +0200 +@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -293,7 +293,7 @@ diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_l if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return (0); -@@ -2403,7 +2403,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -2587,7 +2587,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m #endif if (!ssl_create_cipher_list(ret->method, &ret->cipher_list, &ret->cipher_list_by_id, @@ -302,9 +302,9 @@ diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_l || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -up openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist openssl-1.1.0e/test/cipherlist_test.c ---- openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/test/cipherlist_test.c 2017-02-16 16:15:38.677931853 +0100 +diff -up openssl-1.1.0i/test/cipherlist_test.c.system-cipherlist openssl-1.1.0i/test/cipherlist_test.c +--- openssl-1.1.0i/test/cipherlist_test.c.system-cipherlist 2018-08-14 14:45:10.000000000 +0200 ++++ openssl-1.1.0i/test/cipherlist_test.c 2018-09-20 14:59:34.656951667 +0200 @@ -190,7 +190,9 @@ int main(int argc, char **argv) { int result = 0; diff --git a/openssl.spec b/openssl.spec index 786c7a7..21a9bdc 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,14 +15,14 @@ # Arches on which we need to prevent arch conflicts on opensslconf.h, must # also be handled in opensslconf-new.h. -%define multilib_arches %{ix86} ia64 %{mips} ppc %{power64} s390 s390x sparcv9 sparc64 x86_64 +%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 %global _performance_build 1 Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.0h -Release: 3%{?dist} +Version: 1.1.0i +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -61,7 +61,6 @@ Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch Patch45: openssl-1.1.0-weak-ciphers.patch Patch46: openssl-1.1.0-silent-rnd-write.patch # Backported fixes including security fixes -Patch70: openssl-1.1.0-missing-quotes.patch License: OpenSSL Group: System Environment/Libraries @@ -166,7 +165,6 @@ cp %{SOURCE13} test/ %patch45 -p1 -b .weak-ciphers %patch46 -p1 -b .silent-rnd-write -%patch70 -p1 -b .missing-quotes %build # Figure out which flags we want to use. @@ -335,6 +333,11 @@ for manpage in man*/* ; do done for conflict in passwd rand ; do rename ${conflict} ssl${conflict} man*/${conflict}* +# Fix dangling symlinks + manpage=man1/openssl-${conflict}.* + if [ -L ${manpage} ] ; then + ln -snf ssl${conflict}.1ssl ${manpage} + fi done popd @@ -344,11 +347,13 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts -# Ensure the openssl.cnf timestamp is identical across builds to avoid +# Ensure the config file timestamps are identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist # Determine which arch opensslconf.h is going to try to #include. basearch=%{_arch} @@ -390,6 +395,7 @@ export LD_LIBRARY_PATH %exclude %{_mandir}/man1*/*.pl* %exclude %{_mandir}/man1*/c_rehash* %exclude %{_mandir}/man1*/tsget* +%exclude %{_mandir}/man1*/openssl-tsget* %files libs %{!?_licensedir:%global license %%doc} @@ -399,6 +405,7 @@ export LD_LIBRARY_PATH %dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/private %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} %attr(0755,root,root) %{_libdir}/libssl.so.%{version} @@ -424,6 +431,7 @@ export LD_LIBRARY_PATH %{_mandir}/man1*/*.pl* %{_mandir}/man1*/c_rehash* %{_mandir}/man1*/tsget* +%{_mandir}/man1*/openssl-tsget* %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private %dir %{_sysconfdir}/pki/CA/certs @@ -435,6 +443,9 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Thu Sep 20 2018 Tomáš Mráz 1.1.0i-1 +- update to upstream version 1.1.0i + * Tue Apr 3 2018 Tomáš Mráz 1.1.0h-3 - fix regression of c_rehash (#1562953) diff --git a/sources b/sources index b8fb121..aee6fba 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.0h-hobbled.tar.xz) = cba4641956d6593f5cf5164bed12fb3acfaa9c24a69d5642cc0267d0918555450a12ddeac6e02b246afa64e7019f35baa0d9302d1f06e3be5555d8340319c5e4 +SHA512 (openssl-1.1.0i-hobbled.tar.xz) = 53a961f9bbc69aaa53e12d415e374f3139a1e4b892a6abf83a0ed77e2701ac74aeadcaaead200e0db5181ea7a977835a677ff8601cfd58de85defc7f4b388b38