diff --git a/openssl-1.1.0-afalg-eventfd2.patch b/openssl-1.1.0-afalg-eventfd2.patch deleted file mode 100644 index 2d4cbe9..0000000 --- a/openssl-1.1.0-afalg-eventfd2.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.1.0b/engines/afalg/e_afalg.c.eventfd2 openssl-1.1.0b/engines/afalg/e_afalg.c ---- openssl-1.1.0b/engines/afalg/e_afalg.c.eventfd2 2016-09-26 11:46:07.000000000 +0200 -+++ openssl-1.1.0b/engines/afalg/e_afalg.c 2016-10-11 10:56:00.884185249 +0200 -@@ -104,7 +104,7 @@ static ossl_inline int io_setup(unsigned - - static ossl_inline int eventfd(int n) - { -- return syscall(__NR_eventfd, n); -+ return syscall(__NR_eventfd2, n, 0); - } - - static ossl_inline int io_destroy(aio_context_t ctx) diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch index 8d00f64..bedd957 100644 --- a/openssl-1.1.0-build.patch +++ b/openssl-1.1.0-build.patch @@ -38,12 +38,12 @@ diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configu }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], -diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt ---- openssl-1.1.0f/test/evptests.txt.build 2017-05-25 14:46:21.000000000 +0200 -+++ openssl-1.1.0f/test/evptests.txt 2017-06-02 15:05:49.422161136 +0200 -@@ -3690,14 +3690,6 @@ PublicKey=Bob-25519-PUBLIC - MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08= - -----END PUBLIC KEY----- +diff -up openssl-1.1.0g/test/evptests.txt.build openssl-1.1.0g/test/evptests.txt +--- openssl-1.1.0g/test/evptests.txt.build 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/test/evptests.txt 2017-11-03 16:37:01.253671494 +0100 +@@ -3707,14 +3707,6 @@ MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+D + + PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC -Derive=Alice-25519 -PeerKey=Bob-25519-PUBLIC @@ -56,7 +56,7 @@ diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt # Illegal sign/verify operations with X25519 key Sign=Alice-25519 -@@ -3710,6 +3702,14 @@ Result = KEYOP_INIT_ERROR +@@ -3727,6 +3719,14 @@ Result = KEYOP_INIT_ERROR Function = EVP_PKEY_verify_init Reason = operation not supported for this keytype diff --git a/openssl-1.1.0-dtls-failure.patch b/openssl-1.1.0-dtls-failure.patch deleted file mode 100644 index 180a1a5..0000000 --- a/openssl-1.1.0-dtls-failure.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 290cfa823fb3afea5b36ed17113ffb4f675d0165 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 20 Jun 2017 16:36:30 +0100 -Subject: [PATCH] Fix DTLS failure when used in a build which has SCTP enabled - -The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for -BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build -BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with -the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately -due to this clash, this wasn't the case. The BIO ended up going into peek -mode and was continually reading the same data over and over - throwing it -away as a replay. - -Fixes #3723 ---- - crypto/bio/bss_dgram.c | 9 +++++++++ - include/openssl/bio.h | 7 ++++--- - ssl/statem/statem.c | 8 ++++---- - 3 files changed, 17 insertions(+), 7 deletions(-) - -diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c -index 7ef4281..4070f20 100644 ---- a/crypto/bio/bss_dgram.c -+++ b/crypto/bio/bss_dgram.c -@@ -787,6 +787,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) - case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); - break; -+ -+ /* -+ * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility -+ * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value -+ * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The -+ * value has been updated to a non-clashing value. However to preserve -+ * binary compatiblity we now respond to both the old value and the new one -+ */ -+ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: - case BIO_CTRL_DGRAM_SET_PEEK_MODE: - data->peekmode = (unsigned int)num; - break; -diff --git a/include/openssl/bio.h b/include/openssl/bio.h -index 0955b76..5f8f83a 100644 ---- a/include/openssl/bio.h -+++ b/include/openssl/bio.h -@@ -126,11 +126,10 @@ extern "C" { - - # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 - --# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 -- -+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */ -+# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 - # ifndef OPENSSL_NO_SCTP - /* SCTP stuff */ --# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 - # define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51 - # define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52 - # define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53 -@@ -143,6 +142,8 @@ extern "C" { - # define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70 - # endif - -+# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 -+ - /* modifiers */ - # define BIO_FP_READ 0x02 - # define BIO_FP_WRITE 0x04 -diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c -index 52beac7..9eab8ce 100644 ---- a/ssl/statem/statem.c -+++ b/ssl/statem/statem.c -@@ -300,10 +300,10 @@ static int state_machine(SSL *s, int server) - return -1; - } - #ifndef OPENSSL_NO_SCTP -- if (SSL_IS_DTLS(s)) { -+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { - /* - * Notify SCTP BIO socket to enter handshake mode and prevent stream -- * identifier other than 0. Will be ignored if no SCTP is used. -+ * identifier other than 0. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); -@@ -421,10 +421,10 @@ static int state_machine(SSL *s, int server) - st->in_handshake--; - - #ifndef OPENSSL_NO_SCTP -- if (SSL_IS_DTLS(s)) { -+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { - /* - * Notify SCTP BIO socket to leave handshake mode and allow stream -- * identifier other than 0. Will be ignored if no SCTP is used. -+ * identifier other than 0. - */ - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, - st->in_handshake, NULL); --- -2.9.3 - diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index 3362a20..aa1e032 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -1,9 +1,9 @@ -diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c ---- openssl-1.1.0f/apps/speed.c.fips 2017-06-02 14:14:25.449420942 +0200 -+++ openssl-1.1.0f/apps/speed.c 2017-06-02 14:14:25.457421131 +0200 -@@ -1448,7 +1448,9 @@ int speed_main(int argc, char **argv) - } - # endif +diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c +--- openssl-1.1.0g/apps/speed.c.fips 2017-11-03 16:17:27.753155253 +0100 ++++ openssl-1.1.0g/apps/speed.c 2017-11-03 16:19:01.490326410 +0100 +@@ -1446,7 +1446,9 @@ int speed_main(int argc, char **argv) + if (strcmp(*argv, "openssl") == 0) + continue; if (strcmp(*argv, "rsa") == 0) { - rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = + if (!FIPS_mode()) @@ -12,7 +12,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = rsa_doit[R_RSA_15360] = 1; -@@ -1461,7 +1463,9 @@ int speed_main(int argc, char **argv) +@@ -1459,7 +1461,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -23,7 +23,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1550,15 +1554,21 @@ int speed_main(int argc, char **argv) +@@ -1548,15 +1552,21 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -48,7 +48,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c #endif #ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) -@@ -1607,30 +1617,46 @@ int speed_main(int argc, char **argv) +@@ -1605,30 +1615,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -105,7 +105,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -1891,6 +1917,7 @@ int speed_main(int argc, char **argv) +@@ -1889,6 +1915,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -113,10 +113,10 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.0f/Configure.fips openssl-1.1.0f/Configure ---- openssl-1.1.0f/Configure.fips 2017-06-02 14:14:25.455421083 +0200 -+++ openssl-1.1.0f/Configure 2017-06-02 14:14:25.458421154 +0200 -@@ -314,7 +314,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.0g/Configure.fips openssl-1.1.0g/Configure +--- openssl-1.1.0g/Configure.fips 2017-11-03 16:17:27.759155391 +0100 ++++ openssl-1.1.0g/Configure 2017-11-03 16:17:27.762155461 +0100 +@@ -312,7 +312,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", @@ -125,9 +125,9 @@ diff -up openssl-1.1.0f/Configure.fips openssl-1.1.0f/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf" ]; -diff -up openssl-1.1.0f/crypto/bn/bn_rand.c.fips openssl-1.1.0f/crypto/bn/bn_rand.c ---- openssl-1.1.0f/crypto/bn/bn_rand.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/bn/bn_rand.c 2017-06-02 14:14:25.458421154 +0200 +diff -up openssl-1.1.0g/crypto/bn/bn_rand.c.fips openssl-1.1.0g/crypto/bn/bn_rand.c +--- openssl-1.1.0g/crypto/bn/bn_rand.c.fips 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/bn/bn_rand.c 2017-11-03 16:17:27.762155461 +0100 @@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM goto err; } @@ -143,9 +143,9 @@ diff -up openssl-1.1.0f/crypto/bn/bn_rand.c.fips openssl-1.1.0f/crypto/bn/bn_ran if (RAND_bytes(buf, bytes) <= 0) goto err; -diff -up openssl-1.1.0f/crypto/dh/dh_err.c.fips openssl-1.1.0f/crypto/dh/dh_err.c ---- openssl-1.1.0f/crypto/dh/dh_err.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dh/dh_err.c 2017-06-02 14:14:25.458421154 +0200 +diff -up openssl-1.1.0g/crypto/dh/dh_err.c.fips openssl-1.1.0g/crypto/dh/dh_err.c +--- openssl-1.1.0g/crypto/dh/dh_err.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dh/dh_err.c 2017-11-03 16:17:27.762155461 +0100 @@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, @@ -168,9 +168,9 @@ diff -up openssl-1.1.0f/crypto/dh/dh_err.c.fips openssl-1.1.0f/crypto/dh/dh_err. {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, -diff -up openssl-1.1.0f/crypto/dh/dh_gen.c.fips openssl-1.1.0f/crypto/dh/dh_gen.c ---- openssl-1.1.0f/crypto/dh/dh_gen.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dh/dh_gen.c 2017-06-02 14:14:25.458421154 +0200 +diff -up openssl-1.1.0g/crypto/dh/dh_gen.c.fips openssl-1.1.0g/crypto/dh/dh_gen.c +--- openssl-1.1.0g/crypto/dh/dh_gen.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dh/dh_gen.c 2017-11-03 16:17:27.762155461 +0100 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -214,9 +214,9 @@ diff -up openssl-1.1.0f/crypto/dh/dh_gen.c.fips openssl-1.1.0f/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.c ---- openssl-1.1.0f/crypto/dh/dh_key.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dh/dh_key.c 2017-06-02 14:14:25.458421154 +0200 +diff -up openssl-1.1.0g/crypto/dh/dh_key.c.fips openssl-1.1.0g/crypto/dh/dh_key.c +--- openssl-1.1.0g/crypto/dh/dh_key.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dh/dh_key.c 2017-11-03 16:17:27.763155484 +0100 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -261,7 +261,7 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key. if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; -@@ -70,6 +87,14 @@ static int generate_key(DH *dh) +@@ -82,6 +99,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -276,7 +276,7 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -@@ -153,6 +178,13 @@ static int compute_key(unsigned char *ke +@@ -165,6 +190,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -290,7 +290,7 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -204,6 +236,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -216,6 +248,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -300,9 +300,9 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0f/crypto/dsa/dsa_err.c.fips openssl-1.1.0f/crypto/dsa/dsa_err.c ---- openssl-1.1.0f/crypto/dsa/dsa_err.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dsa/dsa_err.c 2017-06-02 14:14:25.458421154 +0200 +diff -up openssl-1.1.0g/crypto/dsa/dsa_err.c.fips openssl-1.1.0g/crypto/dsa/dsa_err.c +--- openssl-1.1.0g/crypto/dsa/dsa_err.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dsa/dsa_err.c 2017-11-03 16:17:27.763155484 +0100 @@ -21,10 +21,13 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, @@ -330,9 +330,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_err.c.fips openssl-1.1.0f/crypto/dsa/dsa_ {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, {ERR_REASON(DSA_R_SEED_LEN_SMALL), -diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_gen.c ---- openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dsa/dsa_gen.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips openssl-1.1.0g/crypto/dsa/dsa_gen.c +--- openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dsa/dsa_gen.c 2017-11-03 16:17:27.763155484 +0100 @@ -22,12 +22,22 @@ #include #include @@ -402,7 +402,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_ if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); -@@ -418,9 +448,10 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -420,9 +450,10 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; /* Provided seed didn't produce a prime: error */ if (seed_in) { @@ -416,7 +416,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_ } /* do a callback call */ -@@ -506,11 +537,14 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -508,11 +539,14 @@ int dsa_builtin_paramgen2(DSA *ret, size if (counter >= (int)(4 * L)) break; } @@ -431,7 +431,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_ } end: if (!BN_GENCB_call(cb, 2, 1)) -@@ -581,7 +615,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -583,7 +617,7 @@ int dsa_builtin_paramgen2(DSA *ret, size BN_free(ret->g); ret->g = BN_dup(g); if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { @@ -440,7 +440,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_ goto err; } if (counter_ret != NULL) -@@ -599,3 +633,53 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -601,3 +635,53 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX_free(mctx); return ok; } @@ -494,9 +494,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.0f/crypto/dsa/dsa_key.c.fips openssl-1.1.0f/crypto/dsa/dsa_key.c ---- openssl-1.1.0f/crypto/dsa/dsa_key.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dsa/dsa_key.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/dsa/dsa_key.c.fips openssl-1.1.0g/crypto/dsa/dsa_key.c +--- openssl-1.1.0g/crypto/dsa/dsa_key.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dsa/dsa_key.c 2017-11-03 16:17:27.763155484 +0100 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -576,9 +576,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_key.c.fips openssl-1.1.0f/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa_ossl.c ---- openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dsa/dsa_ossl.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0g/crypto/dsa/dsa_ossl.c +--- openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dsa/dsa_ossl.c 2017-11-03 16:17:27.763155484 +0100 @@ -15,6 +15,9 @@ #include #include "dsa_locl.h" @@ -589,7 +589,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -56,6 +59,19 @@ static DSA_SIG *dsa_do_sign(const unsign +@@ -68,6 +71,19 @@ static DSA_SIG *dsa_do_sign(const unsign DSA_SIG *ret = NULL; int rv = 0; @@ -609,7 +609,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa m = BN_new(); xr = BN_new(); if (m == NULL || xr == NULL) -@@ -239,6 +255,18 @@ static int dsa_do_verify(const unsigned +@@ -266,6 +282,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -628,7 +628,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -327,6 +355,9 @@ static int dsa_do_verify(const unsigned +@@ -354,6 +382,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -638,9 +638,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0f/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/dsa/dsa_pmeth.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0g/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/dsa/dsa_pmeth.c 2017-11-03 16:17:27.763155484 +0100 @@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -652,9 +652,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0f/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdh_ossl.c ---- openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/ec/ecdh_ossl.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdh_ossl.c +--- openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/ec/ecdh_ossl.c 2017-11-03 16:17:27.764155507 +0100 @@ -33,9 +33,20 @@ #include #include "ec_lcl.h" @@ -676,9 +676,9 @@ diff -up openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/ec/ecdsa_ossl.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/ec/ecdsa_ossl.c 2017-11-03 16:17:27.764155507 +0100 @@ -15,6 +15,10 @@ #include #include "ec_lcl.h" @@ -690,7 +690,7 @@ diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecd int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -203,6 +207,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns +@@ -217,6 +221,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns ECDSA_SIG *ret; const BIGNUM *priv_key; @@ -704,7 +704,7 @@ diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecd group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); -@@ -352,6 +363,13 @@ int ossl_ecdsa_verify_sig(const unsigned +@@ -366,6 +377,13 @@ int ossl_ecdsa_verify_sig(const unsigned const EC_GROUP *group; const EC_POINT *pub_key; @@ -718,9 +718,9 @@ diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.0f/crypto/ec/ec_key.c.fips openssl-1.1.0f/crypto/ec/ec_key.c ---- openssl-1.1.0f/crypto/ec/ec_key.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/ec/ec_key.c 2017-06-02 14:14:25.459421178 +0200 +diff -up openssl-1.1.0g/crypto/ec/ec_key.c.fips openssl-1.1.0g/crypto/ec/ec_key.c +--- openssl-1.1.0g/crypto/ec/ec_key.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/ec/ec_key.c 2017-11-03 16:17:27.764155507 +0100 @@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } @@ -785,9 +785,9 @@ diff -up openssl-1.1.0f/crypto/ec/ec_key.c.fips openssl-1.1.0f/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.0f/crypto/err/err_all.c.fips openssl-1.1.0f/crypto/err/err_all.c ---- openssl-1.1.0f/crypto/err/err_all.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/err/err_all.c 2017-06-02 14:14:25.460421201 +0200 +diff -up openssl-1.1.0g/crypto/err/err_all.c.fips openssl-1.1.0g/crypto/err/err_all.c +--- openssl-1.1.0g/crypto/err/err_all.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/err/err_all.c 2017-11-03 16:17:27.764155507 +0100 @@ -43,9 +43,6 @@ int err_load_crypto_strings_int(void) { @@ -798,9 +798,9 @@ diff -up openssl-1.1.0f/crypto/err/err_all.c.fips openssl-1.1.0f/crypto/err/err_ #ifndef OPENSSL_NO_ERR ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ ERR_load_BN_strings() == 0 || -diff -up openssl-1.1.0f/crypto/evp/c_allc.c.fips openssl-1.1.0f/crypto/evp/c_allc.c ---- openssl-1.1.0f/crypto/evp/c_allc.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/c_allc.c 2017-06-02 14:14:25.460421201 +0200 +diff -up openssl-1.1.0g/crypto/evp/c_allc.c.fips openssl-1.1.0g/crypto/evp/c_allc.c +--- openssl-1.1.0g/crypto/evp/c_allc.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/c_allc.c 2017-11-03 16:17:27.764155507 +0100 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -882,9 +882,9 @@ diff -up openssl-1.1.0f/crypto/evp/c_allc.c.fips openssl-1.1.0f/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0f/crypto/evp/c_alld.c.fips openssl-1.1.0f/crypto/evp/c_alld.c ---- openssl-1.1.0f/crypto/evp/c_alld.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/c_alld.c 2017-06-02 14:14:25.460421201 +0200 +diff -up openssl-1.1.0g/crypto/evp/c_alld.c.fips openssl-1.1.0g/crypto/evp/c_alld.c +--- openssl-1.1.0g/crypto/evp/c_alld.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/c_alld.c 2017-11-03 16:17:27.764155507 +0100 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -911,9 +911,9 @@ diff -up openssl-1.1.0f/crypto/evp/c_alld.c.fips openssl-1.1.0f/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0f/crypto/evp/digest.c.fips openssl-1.1.0f/crypto/evp/digest.c ---- openssl-1.1.0f/crypto/evp/digest.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/digest.c 2017-06-02 14:14:25.460421201 +0200 +diff -up openssl-1.1.0g/crypto/evp/digest.c.fips openssl-1.1.0g/crypto/evp/digest.c +--- openssl-1.1.0g/crypto/evp/digest.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/digest.c 2017-11-03 16:17:27.765155531 +0100 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -973,9 +973,9 @@ diff -up openssl-1.1.0f/crypto/evp/digest.c.fips openssl-1.1.0f/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes.c ---- openssl-1.1.0f/crypto/evp/e_aes.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/e_aes.c 2017-06-02 14:14:25.460421201 +0200 +diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.c +--- openssl-1.1.0g/crypto/evp/e_aes.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/e_aes.c 2017-11-03 16:17:27.765155531 +0100 @@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -1047,7 +1047,7 @@ diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes. static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -2189,11 +2207,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX +@@ -2190,11 +2208,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX #define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, @@ -1062,7 +1062,7 @@ diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes. typedef struct { union { -@@ -2286,7 +2304,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT +@@ -2287,7 +2305,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT return rv ? (int)rv : -1; } @@ -1071,9 +1071,9 @@ diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.0f/crypto/evp/e_des3.c.fips openssl-1.1.0f/crypto/evp/e_des3.c ---- openssl-1.1.0f/crypto/evp/e_des3.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/e_des3.c 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/evp/e_des3.c.fips openssl-1.1.0g/crypto/evp/e_des3.c +--- openssl-1.1.0g/crypto/evp/e_des3.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/e_des3.c 2017-11-03 16:17:27.765155531 +0100 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1100,9 +1100,9 @@ diff -up openssl-1.1.0f/crypto/evp/e_des3.c.fips openssl-1.1.0f/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.0f/crypto/evp/e_null.c.fips openssl-1.1.0f/crypto/evp/e_null.c ---- openssl-1.1.0f/crypto/evp/e_null.c.fips 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/e_null.c 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/evp/e_null.c.fips openssl-1.1.0g/crypto/evp/e_null.c +--- openssl-1.1.0g/crypto/evp/e_null.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/e_null.c 2017-11-03 16:17:27.765155531 +0100 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1113,9 +1113,9 @@ diff -up openssl-1.1.0f/crypto/evp/e_null.c.fips openssl-1.1.0f/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_enc.c ---- openssl-1.1.0f/crypto/evp/evp_enc.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/evp_enc.c 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/evp/evp_enc.c.fips openssl-1.1.0g/crypto/evp/evp_enc.c +--- openssl-1.1.0g/crypto/evp/evp_enc.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/evp_enc.c 2017-11-03 16:17:27.765155531 +0100 @@ -16,10 +16,19 @@ #include #include "internal/evp_int.h" @@ -1150,7 +1150,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -65,6 +80,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -66,6 +81,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1163,7 +1163,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -134,7 +155,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -135,7 +156,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1172,7 +1172,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; -@@ -193,6 +214,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -194,6 +215,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1191,9 +1191,9 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_err.c ---- openssl-1.1.0f/crypto/evp/evp_err.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/evp_err.c 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/evp/evp_err.c.fips openssl-1.1.0g/crypto/evp/evp_err.c +--- openssl-1.1.0g/crypto/evp/evp_err.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/evp_err.c 2017-11-03 16:17:27.766155554 +0100 @@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[] {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, @@ -1202,7 +1202,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, -@@ -109,6 +110,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +@@ -111,6 +112,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, @@ -1210,7 +1210,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_ {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, -@@ -144,6 +146,7 @@ static ERR_STRING_DATA EVP_str_reasons[] +@@ -148,6 +150,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1218,9 +1218,9 @@ diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_ {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.0f/crypto/evp/evp_lib.c.fips openssl-1.1.0f/crypto/evp/evp_lib.c ---- openssl-1.1.0f/crypto/evp/evp_lib.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/evp_lib.c 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/evp/evp_lib.c.fips openssl-1.1.0g/crypto/evp/evp_lib.c +--- openssl-1.1.0g/crypto/evp/evp_lib.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/evp_lib.c 2017-11-03 16:17:27.766155554 +0100 @@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1231,9 +1231,9 @@ diff -up openssl-1.1.0f/crypto/evp/evp_lib.c.fips openssl-1.1.0f/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.0f/crypto/evp/m_sha1.c.fips openssl-1.1.0f/crypto/evp/m_sha1.c ---- openssl-1.1.0f/crypto/evp/m_sha1.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/evp/m_sha1.c 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/evp/m_sha1.c.fips openssl-1.1.0g/crypto/evp/m_sha1.c +--- openssl-1.1.0g/crypto/evp/m_sha1.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/evp/m_sha1.c 2017-11-03 16:17:27.766155554 +0100 @@ -94,7 +94,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1279,9 +1279,9 @@ diff -up openssl-1.1.0f/crypto/evp/m_sha1.c.fips openssl-1.1.0f/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.0f/crypto/fips/build.info.fips openssl-1.1.0f/crypto/fips/build.info ---- openssl-1.1.0f/crypto/fips/build.info.fips 2017-06-02 14:14:25.461421225 +0200 -+++ openssl-1.1.0f/crypto/fips/build.info 2017-06-02 14:14:25.461421225 +0200 +diff -up openssl-1.1.0g/crypto/fips/build.info.fips openssl-1.1.0g/crypto/fips/build.info +--- openssl-1.1.0g/crypto/fips/build.info.fips 2017-11-03 16:17:27.766155554 +0100 ++++ openssl-1.1.0g/crypto/fips/build.info 2017-11-03 16:17:27.766155554 +0100 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1298,9 +1298,9 @@ diff -up openssl-1.1.0f/crypto/fips/build.info.fips openssl-1.1.0f/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_aes_selftest.c 2017-06-02 14:14:25.462421248 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips 2017-11-03 16:17:27.766155554 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_aes_selftest.c 2017-11-03 16:17:27.766155554 +0100 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1674,9 +1674,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0f/cryp +} + +#endif -diff -up openssl-1.1.0f/crypto/fips/fips.c.fips openssl-1.1.0f/crypto/fips/fips.c ---- openssl-1.1.0f/crypto/fips/fips.c.fips 2017-06-02 14:14:25.462421248 +0200 -+++ openssl-1.1.0f/crypto/fips/fips.c 2017-06-02 14:14:25.462421248 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips.c.fips openssl-1.1.0g/crypto/fips/fips.c +--- openssl-1.1.0g/crypto/fips/fips.c.fips 2017-11-03 16:17:27.766155554 +0100 ++++ openssl-1.1.0g/crypto/fips/fips.c 2017-11-03 16:17:27.766155554 +0100 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2204,9 +2204,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips.c.fips openssl-1.1.0f/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c 2017-06-02 14:14:25.462421248 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c 2017-11-03 16:17:27.767155577 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2364,9 +2364,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0f/cry + return rv; +} +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_des_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_des_selftest.c 2017-06-02 14:14:25.462421248 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_des_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_des_selftest.c 2017-11-03 16:17:27.767155577 +0100 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2501,9 +2501,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0f/cryp + return ret; +} +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_dh_selftest.c 2017-06-02 14:14:25.462421248 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_dh_selftest.c 2017-11-03 16:17:27.767155577 +0100 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2685,9 +2685,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0f/crypt + return ret; +} +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips 2017-06-02 14:14:25.463421272 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c 2017-06-02 14:14:25.463421272 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips 2017-11-03 16:17:27.767155577 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c 2017-11-03 16:17:27.767155577 +0100 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3104,9 +3104,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0f/crypto/f + + return 1; +} -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips 2017-06-02 14:14:25.463421272 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_hash.c 2017-06-02 14:14:25.463421272 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips 2017-11-03 16:17:27.767155577 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_hash.c 2017-11-03 16:17:27.767155577 +0100 @@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3469,9 +3469,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0f/crypto/ + + return 1; +} -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips 2017-06-02 14:14:25.463421272 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c 2017-06-02 14:14:25.463421272 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips 2017-11-03 16:17:27.768155600 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c 2017-11-03 16:17:27.768155600 +0100 @@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3745,9 +3745,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0f/crypto/ + + return 1; +} -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips 2017-06-02 14:14:25.463421272 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_lib.c 2017-06-02 14:14:25.463421272 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips 2017-11-03 16:17:27.768155600 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_lib.c 2017-11-03 16:17:27.768155600 +0100 @@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4304,9 +4304,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0f/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips 2017-06-02 14:14:25.463421272 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_rand.c 2017-06-02 14:14:25.463421272 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips 2017-11-03 16:17:27.768155600 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_rand.c 2017-11-03 16:17:27.768155600 +0100 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4491,9 +4491,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0f/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips 2017-06-02 14:14:25.464421296 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c 2017-06-02 14:14:25.464421296 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips 2017-11-03 16:17:27.768155600 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c 2017-11-03 16:17:27.768155600 +0100 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5323,9 +5323,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0f/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips 2017-06-02 14:14:25.465421319 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h 2017-06-02 14:14:25.465421319 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips 2017-11-03 16:17:27.769155623 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h 2017-11-03 16:17:27.769155623 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7118,9 +7118,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0f/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c 2017-06-02 14:14:25.465421319 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips 2017-11-03 16:17:27.769155623 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c 2017-11-03 16:17:27.769155623 +0100 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7317,9 +7317,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0f/cryp + return ret; +} +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c 2017-06-02 14:14:25.465421319 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7563,9 +7563,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0f/cry +} + +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c 2017-06-02 14:14:25.465421319 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7733,9 +7733,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0f/cr +} + +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_enc.c.fips openssl-1.1.0f/crypto/fips/fips_enc.c ---- openssl-1.1.0f/crypto/fips/fips_enc.c.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_enc.c 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_enc.c.fips openssl-1.1.0g/crypto/fips/fips_enc.c +--- openssl-1.1.0g/crypto/fips/fips_enc.c.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_enc.c 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7926,9 +7926,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_enc.c.fips openssl-1.1.0f/crypto/fips/f + + } +} -diff -up openssl-1.1.0f/crypto/fips/fips_err.h.fips openssl-1.1.0f/crypto/fips/fips_err.h ---- openssl-1.1.0f/crypto/fips/fips_err.h.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_err.h 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_err.h.fips openssl-1.1.0g/crypto/fips/fips_err.h +--- openssl-1.1.0g/crypto/fips/fips_err.h.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_err.h 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8126,9 +8126,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_err.h.fips openssl-1.1.0f/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.0f/crypto/fips/fips_ers.c.fips openssl-1.1.0f/crypto/fips/fips_ers.c ---- openssl-1.1.0f/crypto/fips/fips_ers.c.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_ers.c 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_ers.c.fips openssl-1.1.0g/crypto/fips/fips_ers.c +--- openssl-1.1.0g/crypto/fips/fips_ers.c.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_ers.c 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,7 @@ +#include + @@ -8137,9 +8137,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_ers.c.fips openssl-1.1.0f/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8275,9 +8275,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0f/cry + return 1; +} +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_locl.h.fips openssl-1.1.0f/crypto/fips/fips_locl.h ---- openssl-1.1.0f/crypto/fips/fips_locl.h.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_locl.h 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_locl.h.fips openssl-1.1.0g/crypto/fips/fips_locl.h +--- openssl-1.1.0g/crypto/fips/fips_locl.h.fips 2017-11-03 16:17:27.770155646 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_locl.h 2017-11-03 16:17:27.770155646 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8350,9 +8350,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_locl.h.fips openssl-1.1.0f/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_md.c.fips openssl-1.1.0f/crypto/fips/fips_md.c ---- openssl-1.1.0f/crypto/fips/fips_md.c.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_md.c 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_md.c.fips openssl-1.1.0g/crypto/fips/fips_md.c +--- openssl-1.1.0g/crypto/fips/fips_md.c.fips 2017-11-03 16:17:27.771155670 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_md.c 2017-11-03 16:17:27.771155670 +0100 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8498,9 +8498,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_md.c.fips openssl-1.1.0f/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.1.0f/crypto/fips/fips_post.c.fips openssl-1.1.0f/crypto/fips/fips_post.c ---- openssl-1.1.0f/crypto/fips/fips_post.c.fips 2017-06-02 14:14:25.466421343 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_post.c 2017-06-02 14:14:25.466421343 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_post.c.fips openssl-1.1.0g/crypto/fips/fips_post.c +--- openssl-1.1.0g/crypto/fips/fips_post.c.fips 2017-11-03 16:17:27.771155670 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_post.c 2017-11-03 16:17:27.771155670 +0100 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8724,9 +8724,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_post.c.fips openssl-1.1.0f/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0f/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips 2017-06-02 14:14:25.467421366 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_rand_lcl.h 2017-06-02 14:14:25.467421366 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0g/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips 2017-11-03 16:17:27.771155670 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_rand_lcl.h 2017-11-03 16:17:27.771155670 +0100 @@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8937,9 +8937,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0f/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0f/crypto/fips/fips_rand_lib.c ---- openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips 2017-06-02 14:14:25.467421366 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_rand_lib.c 2017-06-02 14:14:25.467421366 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0g/crypto/fips/fips_rand_lib.c +--- openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips 2017-11-03 16:17:27.771155670 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_rand_lib.c 2017-11-03 16:17:27.771155670 +0100 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9175,9 +9175,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0f/crypto/f +# endif +} + -diff -up openssl-1.1.0f/crypto/fips/fips_randtest.c.fips openssl-1.1.0f/crypto/fips/fips_randtest.c ---- openssl-1.1.0f/crypto/fips/fips_randtest.c.fips 2017-06-02 14:14:25.467421366 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_randtest.c 2017-06-02 14:14:25.467421366 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_randtest.c.fips openssl-1.1.0g/crypto/fips/fips_randtest.c +--- openssl-1.1.0g/crypto/fips/fips_randtest.c.fips 2017-11-03 16:17:27.771155670 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_randtest.c 2017-11-03 16:17:27.771155670 +0100 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -9426,9 +9426,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_randtest.c.fips openssl-1.1.0f/crypto/f +} + +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips 2017-06-02 14:14:25.467421366 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c 2017-06-02 14:14:25.467421366 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips 2017-11-03 16:17:27.772155692 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c 2017-11-03 16:17:27.772155692 +0100 @@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10008,9 +10008,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0f/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips 2017-06-02 14:14:25.467421366 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_sha_selftest.c 2017-06-02 14:14:25.467421366 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips 2017-11-03 16:17:27.772155692 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_sha_selftest.c 2017-11-03 16:17:27.772155692 +0100 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10150,9 +10150,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0f/cryp +} + +#endif -diff -up openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips 2017-06-02 14:14:25.468421390 +0200 -+++ openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips 2017-11-03 16:17:27.772155692 +0100 ++++ openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c 2017-11-03 16:17:27.772155692 +0100 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10281,9 +10281,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0f/c +#endif + return 0; +} -diff -up openssl-1.1.0f/crypto/hmac/hmac.c.fips openssl-1.1.0f/crypto/hmac/hmac.c ---- openssl-1.1.0f/crypto/hmac/hmac.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/hmac/hmac.c 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/hmac/hmac.c.fips openssl-1.1.0g/crypto/hmac/hmac.c +--- openssl-1.1.0g/crypto/hmac/hmac.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/hmac/hmac.c 2017-11-03 16:17:27.772155692 +0100 @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } @@ -10298,9 +10298,9 @@ diff -up openssl-1.1.0f/crypto/hmac/hmac.c.fips openssl-1.1.0f/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.1.0f/crypto/include/internal/fips_int.h.fips openssl-1.1.0f/crypto/include/internal/fips_int.h ---- openssl-1.1.0f/crypto/include/internal/fips_int.h.fips 2017-06-02 14:14:25.468421390 +0200 -+++ openssl-1.1.0f/crypto/include/internal/fips_int.h 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/include/internal/fips_int.h.fips openssl-1.1.0g/crypto/include/internal/fips_int.h +--- openssl-1.1.0g/crypto/include/internal/fips_int.h.fips 2017-11-03 16:17:27.772155692 +0100 ++++ openssl-1.1.0g/crypto/include/internal/fips_int.h 2017-11-03 16:17:27.772155692 +0100 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10403,9 +10403,9 @@ diff -up openssl-1.1.0f/crypto/include/internal/fips_int.h.fips openssl-1.1.0f/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.0f/crypto/o_fips.c.fips openssl-1.1.0f/crypto/o_fips.c ---- openssl-1.1.0f/crypto/o_fips.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/o_fips.c 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/o_fips.c.fips openssl-1.1.0g/crypto/o_fips.c +--- openssl-1.1.0g/crypto/o_fips.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/o_fips.c 2017-11-03 16:17:27.772155692 +0100 @@ -9,7 +9,10 @@ #include "internal/cryptlib.h" @@ -10434,9 +10434,9 @@ diff -up openssl-1.1.0f/crypto/o_fips.c.fips openssl-1.1.0f/crypto/o_fips.c #else if (r == 0) return 1; -diff -up openssl-1.1.0f/crypto/o_init.c.fips openssl-1.1.0f/crypto/o_init.c ---- openssl-1.1.0f/crypto/o_init.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/o_init.c 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/o_init.c.fips openssl-1.1.0g/crypto/o_init.c +--- openssl-1.1.0g/crypto/o_init.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/o_init.c 2017-11-03 16:17:27.772155692 +0100 @@ -7,11 +7,50 @@ * https://www.openssl.org/source/license.html */ @@ -10523,9 +10523,9 @@ diff -up openssl-1.1.0f/crypto/o_init.c.fips openssl-1.1.0f/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.1.0f/crypto/rand/md_rand.c.fips openssl-1.1.0f/crypto/rand/md_rand.c ---- openssl-1.1.0f/crypto/rand/md_rand.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rand/md_rand.c 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/rand/md_rand.c.fips openssl-1.1.0g/crypto/rand/md_rand.c +--- openssl-1.1.0g/crypto/rand/md_rand.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rand/md_rand.c 2017-11-03 16:17:27.773155716 +0100 @@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; @@ -10535,9 +10535,9 @@ diff -up openssl-1.1.0f/crypto/rand/md_rand.c.fips openssl-1.1.0f/crypto/rand/md RAND_poll(); initialized = 1; } -diff -up openssl-1.1.0f/crypto/rand/rand_err.c.fips openssl-1.1.0f/crypto/rand/rand_err.c ---- openssl-1.1.0f/crypto/rand/rand_err.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rand/rand_err.c 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/rand/rand_err.c.fips openssl-1.1.0g/crypto/rand/rand_err.c +--- openssl-1.1.0g/crypto/rand/rand_err.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rand/rand_err.c 2017-11-03 16:17:27.773155716 +0100 @@ -20,10 +20,13 @@ static ERR_STRING_DATA RAND_str_functs[] = { @@ -10552,9 +10552,9 @@ diff -up openssl-1.1.0f/crypto/rand/rand_err.c.fips openssl-1.1.0f/crypto/rand/r {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; -diff -up openssl-1.1.0f/crypto/rand/rand_lcl.h.fips openssl-1.1.0f/crypto/rand/rand_lcl.h ---- openssl-1.1.0f/crypto/rand/rand_lcl.h.fips 2017-06-02 14:14:25.303417501 +0200 -+++ openssl-1.1.0f/crypto/rand/rand_lcl.h 2017-06-02 14:14:25.468421390 +0200 +diff -up openssl-1.1.0g/crypto/rand/rand_lcl.h.fips openssl-1.1.0g/crypto/rand/rand_lcl.h +--- openssl-1.1.0g/crypto/rand/rand_lcl.h.fips 2017-11-03 16:17:27.577151176 +0100 ++++ openssl-1.1.0g/crypto/rand/rand_lcl.h 2017-11-03 16:17:27.773155716 +0100 @@ -10,7 +10,7 @@ #ifndef HEADER_RAND_LCL_H # define HEADER_RAND_LCL_H @@ -10564,9 +10564,9 @@ diff -up openssl-1.1.0f/crypto/rand/rand_lcl.h.fips openssl-1.1.0f/crypto/rand/r # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) # define USE_SHA1_RAND -diff -up openssl-1.1.0f/crypto/rand/rand_lib.c.fips openssl-1.1.0f/crypto/rand/rand_lib.c ---- openssl-1.1.0f/crypto/rand/rand_lib.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rand/rand_lib.c 2017-06-02 14:14:25.469421413 +0200 +diff -up openssl-1.1.0g/crypto/rand/rand_lib.c.fips openssl-1.1.0g/crypto/rand/rand_lib.c +--- openssl-1.1.0g/crypto/rand/rand_lib.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rand/rand_lib.c 2017-11-03 16:17:27.773155716 +0100 @@ -18,6 +18,8 @@ #ifdef OPENSSL_FIPS # include @@ -10704,9 +10704,9 @@ diff -up openssl-1.1.0f/crypto/rand/rand_lib.c.fips openssl-1.1.0f/crypto/rand/r +} + +#endif -diff -up openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0f/crypto/rsa/rsa_crpt.c ---- openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rsa/rsa_crpt.c 2017-06-02 14:14:25.469421413 +0200 +diff -up openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0g/crypto/rsa/rsa_crpt.c +--- openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rsa/rsa_crpt.c 2017-11-03 16:17:27.773155716 +0100 @@ -28,24 +28,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10760,9 +10760,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0f/crypto/rsa/rsa return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.1.0f/crypto/rsa/rsa_err.c.fips openssl-1.1.0f/crypto/rsa/rsa_err.c ---- openssl-1.1.0f/crypto/rsa/rsa_err.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rsa/rsa_err.c 2017-06-02 14:14:25.469421413 +0200 +diff -up openssl-1.1.0g/crypto/rsa/rsa_err.c.fips openssl-1.1.0g/crypto/rsa/rsa_err.c +--- openssl-1.1.0g/crypto/rsa/rsa_err.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rsa/rsa_err.c 2017-11-03 16:17:27.773155716 +0100 @@ -21,6 +21,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, @@ -10808,9 +10808,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_err.c.fips openssl-1.1.0f/crypto/rsa/rsa_ {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips openssl-1.1.0f/crypto/rsa/rsa_gen.c ---- openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips 2017-06-02 14:14:25.451420989 +0200 -+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:18:19.933947715 +0200 +diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_gen.c +--- openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips 2017-11-03 16:17:27.755155299 +0100 ++++ openssl-1.1.0g/crypto/rsa/rsa_gen.c 2017-11-03 16:17:27.773155716 +0100 @@ -18,6 +18,75 @@ #include "internal/cryptlib.h" #include @@ -11189,23 +11189,10 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips openssl-1.1.0f/crypto/rsa/rsa_ /* * When generating ridiculously small keys, we can get stuck * continually regenerating the same prime values. -diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_lib.c ---- openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rsa/rsa_lib.c 2017-06-02 14:14:25.469421413 +0200 -@@ -26,6 +26,12 @@ RSA *RSA_new(void) - - void RSA_set_default_method(const RSA_METHOD *meth) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD); -+ return; -+ } -+#endif - default_RSA_meth = meth; - } - -@@ -54,6 +60,12 @@ int RSA_set_method(RSA *rsa, const RSA_M +diff -up openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips openssl-1.1.0g/crypto/rsa/rsa_lib.c +--- openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rsa/rsa_lib.c 2017-11-03 16:17:27.774155739 +0100 +@@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ const RSA_METHOD *mtmp; @@ -11218,7 +11205,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_ mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -@@ -86,7 +98,6 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -64,7 +70,6 @@ RSA *RSA_new_method(ENGINE *engine) ret->meth = RSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE @@ -11226,7 +11213,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_ if (engine) { if (!ENGINE_init(engine)) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -@@ -103,8 +114,19 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -81,8 +86,19 @@ RSA *RSA_new_method(ENGINE *engine) } } #endif @@ -11247,9 +11234,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa_ossl.c ---- openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rsa/rsa_ossl.c 2017-06-02 14:14:25.470421437 +0200 +diff -up openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0g/crypto/rsa/rsa_ossl.c +--- openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rsa/rsa_ossl.c 2017-11-03 16:23:05.795985063 +0100 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -11258,10 +11245,23 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa +# include +#endif + - #ifndef RSA_NULL - static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, -@@ -56,6 +60,22 @@ static int rsa_ossl_public_encrypt(int f + unsigned char *to, RSA *rsa, int padding); + static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, +@@ -45,6 +49,12 @@ static const RSA_METHOD *default_RSA_met + + void RSA_set_default_method(const RSA_METHOD *meth) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD); ++ return; ++ } ++#endif + default_RSA_meth = meth; + } + +@@ -66,6 +76,22 @@ static int rsa_ossl_public_encrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -11284,7 +11284,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -@@ -235,6 +255,22 @@ static int rsa_ossl_private_encrypt(int +@@ -245,6 +271,22 @@ static int rsa_ossl_private_encrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -11307,7 +11307,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -370,6 +406,22 @@ static int rsa_ossl_private_decrypt(int +@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -11330,7 +11330,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -494,6 +546,22 @@ static int rsa_ossl_public_decrypt(int f +@@ -504,6 +562,22 @@ static int rsa_ossl_public_decrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -11353,9 +11353,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips openssl-1.1.0f/crypto/rsa/rsa_sign.c ---- openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/rsa/rsa_sign.c 2017-06-02 14:14:25.470421437 +0200 +diff -up openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips openssl-1.1.0g/crypto/rsa/rsa_sign.c +--- openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rsa/rsa_sign.c 2017-11-03 16:17:27.774155739 +0100 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -11382,9 +11382,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips openssl-1.1.0f/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.0f/crypto/sha/sha_locl.h.fips openssl-1.1.0f/crypto/sha/sha_locl.h ---- openssl-1.1.0f/crypto/sha/sha_locl.h.fips 2017-06-02 14:14:25.232415827 +0200 -+++ openssl-1.1.0f/crypto/sha/sha_locl.h 2017-06-02 14:14:25.470421437 +0200 +diff -up openssl-1.1.0g/crypto/sha/sha_locl.h.fips openssl-1.1.0g/crypto/sha/sha_locl.h +--- openssl-1.1.0g/crypto/sha/sha_locl.h.fips 2017-11-03 16:17:27.487149091 +0100 ++++ openssl-1.1.0g/crypto/sha/sha_locl.h 2017-11-03 16:17:27.774155739 +0100 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -11395,9 +11395,9 @@ diff -up openssl-1.1.0f/crypto/sha/sha_locl.h.fips openssl-1.1.0f/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.0f/crypto/sha/sha256.c.fips openssl-1.1.0f/crypto/sha/sha256.c ---- openssl-1.1.0f/crypto/sha/sha256.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/sha/sha256.c 2017-06-02 14:14:25.470421437 +0200 +diff -up openssl-1.1.0g/crypto/sha/sha256.c.fips openssl-1.1.0g/crypto/sha/sha256.c +--- openssl-1.1.0g/crypto/sha/sha256.c.fips 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/crypto/sha/sha256.c 2017-11-03 16:17:27.774155739 +0100 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -11418,9 +11418,9 @@ diff -up openssl-1.1.0f/crypto/sha/sha256.c.fips openssl-1.1.0f/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.0f/crypto/sha/sha512.c.fips openssl-1.1.0f/crypto/sha/sha512.c ---- openssl-1.1.0f/crypto/sha/sha512.c.fips 2017-05-25 14:46:19.000000000 +0200 -+++ openssl-1.1.0f/crypto/sha/sha512.c 2017-06-02 14:14:25.470421437 +0200 +diff -up openssl-1.1.0g/crypto/sha/sha512.c.fips openssl-1.1.0g/crypto/sha/sha512.c +--- openssl-1.1.0g/crypto/sha/sha512.c.fips 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/crypto/sha/sha512.c 2017-11-03 16:17:27.774155739 +0100 @@ -62,6 +62,9 @@ int SHA384_Init(SHA512_CTX *c) @@ -11441,9 +11441,9 @@ diff -up openssl-1.1.0f/crypto/sha/sha512.c.fips openssl-1.1.0f/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod 2017-06-02 14:14:25.470421437 +0200 +diff -up openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod +--- openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod 2017-11-03 16:17:27.775155762 +0100 @@ -29,8 +29,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -11457,10 +11457,10 @@ diff -up openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.0f/include/openssl/crypto.h.fips openssl-1.1.0f/include/openssl/crypto.h ---- openssl-1.1.0f/include/openssl/crypto.h.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/crypto.h 2017-06-02 14:14:25.470421437 +0200 -@@ -332,6 +332,11 @@ int OPENSSL_isservice(void); +diff -up openssl-1.1.0g/include/openssl/crypto.h.fips openssl-1.1.0g/include/openssl/crypto.h +--- openssl-1.1.0g/include/openssl/crypto.h.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/crypto.h 2017-11-03 16:17:27.775155762 +0100 +@@ -336,6 +336,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -11472,9 +11472,9 @@ diff -up openssl-1.1.0f/include/openssl/crypto.h.fips openssl-1.1.0f/include/ope void OPENSSL_init(void); struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -diff -up openssl-1.1.0f/include/openssl/dh.h.fips openssl-1.1.0f/include/openssl/dh.h ---- openssl-1.1.0f/include/openssl/dh.h.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/dh.h 2017-06-02 14:14:25.471421461 +0200 +diff -up openssl-1.1.0g/include/openssl/dh.h.fips openssl-1.1.0g/include/openssl/dh.h +--- openssl-1.1.0g/include/openssl/dh.h.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/dh.h 2017-11-03 16:17:27.775155762 +0100 @@ -30,6 +30,7 @@ extern "C" { # endif @@ -11506,9 +11506,9 @@ diff -up openssl-1.1.0f/include/openssl/dh.h.fips openssl-1.1.0f/include/openssl # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.0f/include/openssl/dsa.h.fips openssl-1.1.0f/include/openssl/dsa.h ---- openssl-1.1.0f/include/openssl/dsa.h.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/dsa.h 2017-06-02 14:14:25.471421461 +0200 +diff -up openssl-1.1.0g/include/openssl/dsa.h.fips openssl-1.1.0g/include/openssl/dsa.h +--- openssl-1.1.0g/include/openssl/dsa.h.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/dsa.h 2017-11-03 16:17:27.775155762 +0100 @@ -36,6 +36,7 @@ extern "C" { # endif @@ -11554,10 +11554,10 @@ diff -up openssl-1.1.0f/include/openssl/dsa.h.fips openssl-1.1.0f/include/openss # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openssl/evp.h ---- openssl-1.1.0f/include/openssl/evp.h.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/evp.h 2017-06-02 14:14:25.471421461 +0200 -@@ -1458,6 +1458,7 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.0g/include/openssl/evp.h.fips openssl-1.1.0g/include/openssl/evp.h +--- openssl-1.1.0g/include/openssl/evp.h.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/evp.h 2017-11-03 16:17:27.775155762 +0100 +@@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 # define EVP_F_AES_WRAP_CIPHER 170 @@ -11565,7 +11565,7 @@ diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openss # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_CAMELLIA_INIT_KEY 159 # define EVP_F_CHACHA20_POLY1305_CTRL 182 -@@ -1534,6 +1535,7 @@ int ERR_load_EVP_strings(void); +@@ -1539,6 +1540,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -11573,7 +11573,7 @@ diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openss # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -1568,6 +1570,7 @@ int ERR_load_EVP_strings(void); +@@ -1574,6 +1576,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -11581,9 +11581,9 @@ diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openss # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.0f/include/openssl/fips.h.fips openssl-1.1.0f/include/openssl/fips.h ---- openssl-1.1.0f/include/openssl/fips.h.fips 2017-06-02 14:14:25.471421461 +0200 -+++ openssl-1.1.0f/include/openssl/fips.h 2017-06-02 14:14:25.471421461 +0200 +diff -up openssl-1.1.0g/include/openssl/fips.h.fips openssl-1.1.0g/include/openssl/fips.h +--- openssl-1.1.0g/include/openssl/fips.h.fips 2017-11-03 16:17:27.775155762 +0100 ++++ openssl-1.1.0g/include/openssl/fips.h 2017-11-03 16:17:27.775155762 +0100 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11771,9 +11771,9 @@ diff -up openssl-1.1.0f/include/openssl/fips.h.fips openssl-1.1.0f/include/opens +} +# endif +#endif -diff -up openssl-1.1.0f/include/openssl/fips_rand.h.fips openssl-1.1.0f/include/openssl/fips_rand.h ---- openssl-1.1.0f/include/openssl/fips_rand.h.fips 2017-06-02 14:14:25.471421461 +0200 -+++ openssl-1.1.0f/include/openssl/fips_rand.h 2017-06-02 14:14:25.471421461 +0200 +diff -up openssl-1.1.0g/include/openssl/fips_rand.h.fips openssl-1.1.0g/include/openssl/fips_rand.h +--- openssl-1.1.0g/include/openssl/fips_rand.h.fips 2017-11-03 16:17:27.776155785 +0100 ++++ openssl-1.1.0g/include/openssl/fips_rand.h 2017-11-03 16:17:27.776155785 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11920,9 +11920,9 @@ diff -up openssl-1.1.0f/include/openssl/fips_rand.h.fips openssl-1.1.0f/include/ +# endif +# endif +#endif -diff -up openssl-1.1.0f/include/openssl/opensslconf.h.in.fips openssl-1.1.0f/include/openssl/opensslconf.h.in ---- openssl-1.1.0f/include/openssl/opensslconf.h.in.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/opensslconf.h.in 2017-06-02 14:14:25.472421484 +0200 +diff -up openssl-1.1.0g/include/openssl/opensslconf.h.in.fips openssl-1.1.0g/include/openssl/opensslconf.h.in +--- openssl-1.1.0g/include/openssl/opensslconf.h.in.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/opensslconf.h.in 2017-11-03 16:17:27.776155785 +0100 @@ -136,6 +136,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11935,9 +11935,9 @@ diff -up openssl-1.1.0f/include/openssl/opensslconf.h.in.fips openssl-1.1.0f/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.0f/include/openssl/rand.h.fips openssl-1.1.0f/include/openssl/rand.h ---- openssl-1.1.0f/include/openssl/rand.h.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/rand.h 2017-06-02 14:14:25.472421484 +0200 +diff -up openssl-1.1.0g/include/openssl/rand.h.fips openssl-1.1.0g/include/openssl/rand.h +--- openssl-1.1.0g/include/openssl/rand.h.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/rand.h 2017-11-03 16:17:27.776155785 +0100 @@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) #endif @@ -11962,9 +11962,9 @@ diff -up openssl-1.1.0f/include/openssl/rand.h.fips openssl-1.1.0f/include/opens # define RAND_R_PRNG_NOT_SEEDED 100 # ifdef __cplusplus -diff -up openssl-1.1.0f/include/openssl/rsa.h.fips openssl-1.1.0f/include/openssl/rsa.h ---- openssl-1.1.0f/include/openssl/rsa.h.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/include/openssl/rsa.h 2017-06-02 14:14:25.472421484 +0200 +diff -up openssl-1.1.0g/include/openssl/rsa.h.fips openssl-1.1.0g/include/openssl/rsa.h +--- openssl-1.1.0g/include/openssl/rsa.h.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/include/openssl/rsa.h 2017-11-03 16:17:27.776155785 +0100 @@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); /* Function codes. */ # define RSA_F_CHECK_PADDING_MD 140 @@ -12009,9 +12009,9 @@ diff -up openssl-1.1.0f/include/openssl/rsa.h.fips openssl-1.1.0f/include/openss # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.1.0f/ssl/ssl_ciph.c.fips openssl-1.1.0f/ssl/ssl_ciph.c ---- openssl-1.1.0f/ssl/ssl_ciph.c.fips 2017-06-02 14:14:25.456421107 +0200 -+++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-06-02 14:14:25.472421484 +0200 +diff -up openssl-1.1.0g/ssl/ssl_ciph.c.fips openssl-1.1.0g/ssl/ssl_ciph.c +--- openssl-1.1.0g/ssl/ssl_ciph.c.fips 2017-11-03 16:17:27.760155415 +0100 ++++ openssl-1.1.0g/ssl/ssl_ciph.c 2017-11-03 16:17:27.776155785 +0100 @@ -404,7 +404,8 @@ void ssl_load_ciphers(void) } } @@ -12031,9 +12031,9 @@ diff -up openssl-1.1.0f/ssl/ssl_ciph.c.fips openssl-1.1.0f/ssl/ssl_ciph.c continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || -diff -up openssl-1.1.0f/ssl/ssl_init.c.fips openssl-1.1.0f/ssl/ssl_init.c ---- openssl-1.1.0f/ssl/ssl_init.c.fips 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/ssl/ssl_init.c 2017-06-02 14:14:25.472421484 +0200 +diff -up openssl-1.1.0g/ssl/ssl_init.c.fips openssl-1.1.0g/ssl/ssl_init.c +--- openssl-1.1.0g/ssl/ssl_init.c.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/ssl/ssl_init.c 2017-11-03 16:17:27.776155785 +0100 @@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -12077,10 +12077,10 @@ diff -up openssl-1.1.0f/ssl/ssl_init.c.fips openssl-1.1.0f/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.0f/ssl/ssl_lib.c.fips openssl-1.1.0f/ssl/ssl_lib.c ---- openssl-1.1.0f/ssl/ssl_lib.c.fips 2017-06-02 14:14:25.456421107 +0200 -+++ openssl-1.1.0f/ssl/ssl_lib.c 2017-06-02 14:14:25.473421508 +0200 -@@ -2413,13 +2413,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.0g/ssl/ssl_lib.c.fips openssl-1.1.0g/ssl/ssl_lib.c +--- openssl-1.1.0g/ssl/ssl_lib.c.fips 2017-11-03 16:17:27.760155415 +0100 ++++ openssl-1.1.0g/ssl/ssl_lib.c 2017-11-03 16:17:27.777155808 +0100 +@@ -2524,13 +2524,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -12105,9 +12105,9 @@ diff -up openssl-1.1.0f/ssl/ssl_lib.c.fips openssl-1.1.0f/ssl/ssl_lib.c } if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.0f/test/dsatest.c.fips openssl-1.1.0f/test/dsatest.c ---- openssl-1.1.0f/test/dsatest.c.fips 2017-05-25 14:46:21.000000000 +0200 -+++ openssl-1.1.0f/test/dsatest.c 2017-06-02 14:14:25.473421508 +0200 +diff -up openssl-1.1.0g/test/dsatest.c.fips openssl-1.1.0g/test/dsatest.c +--- openssl-1.1.0g/test/dsatest.c.fips 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/test/dsatest.c 2017-11-03 16:17:27.777155808 +0100 @@ -32,41 +32,42 @@ int main(int argc, char *argv[]) static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -12196,10 +12196,10 @@ diff -up openssl-1.1.0f/test/dsatest.c.fips openssl-1.1.0f/test/dsatest.c goto end; } if (h != 2) { -diff -up openssl-1.1.0f/util/mkdef.pl.fips openssl-1.1.0f/util/mkdef.pl ---- openssl-1.1.0f/util/mkdef.pl.fips 2017-05-25 14:46:21.000000000 +0200 -+++ openssl-1.1.0f/util/mkdef.pl 2017-06-02 14:14:25.473421508 +0200 -@@ -298,6 +298,8 @@ $crypto.=" include/openssl/modes.h"; +diff -up openssl-1.1.0g/util/mkdef.pl.fips openssl-1.1.0g/util/mkdef.pl +--- openssl-1.1.0g/util/mkdef.pl.fips 2017-11-02 15:29:06.000000000 +0100 ++++ openssl-1.1.0g/util/mkdef.pl 2017-11-03 16:17:27.777155808 +0100 +@@ -300,6 +300,8 @@ $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; $crypto.=" include/openssl/ct.h"; $crypto.=" include/openssl/kdf.h"; diff --git a/openssl-1.1.0-manfix.patch b/openssl-1.1.0-manfix.patch index 347d57a..53fc603 100644 --- a/openssl-1.1.0-manfix.patch +++ b/openssl-1.1.0-manfix.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0-pre5/doc/apps/ec.pod.manfix openssl-1.1.0-pre5/doc/apps/ec.pod ---- openssl-1.1.0-pre5/doc/apps/ec.pod.manfix 2016-04-19 16:57:55.000000000 +0200 -+++ openssl-1.1.0-pre5/doc/apps/ec.pod 2016-07-20 15:13:07.874678467 +0200 -@@ -100,10 +100,6 @@ prints out the public, private key compo +diff -up openssl-1.1.0g/doc/apps/ec.pod.manfix openssl-1.1.0g/doc/apps/ec.pod +--- openssl-1.1.0g/doc/apps/ec.pod.manfix 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/doc/apps/ec.pod 2017-11-03 16:09:31.714027145 +0100 +@@ -101,10 +101,6 @@ prints out the public, private key compo this option prevents output of the encoded version of the key. @@ -12,10 +12,10 @@ diff -up openssl-1.1.0-pre5/doc/apps/ec.pod.manfix openssl-1.1.0-pre5/doc/apps/e =item B<-pubin> by default a private key is read from the input file: with this option a -diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/apps/openssl.pod ---- openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix 2016-04-19 16:57:55.000000000 +0200 -+++ openssl-1.1.0-pre5/doc/apps/openssl.pod 2016-07-20 15:14:57.596163046 +0200 -@@ -163,7 +163,7 @@ Create or examine a netscape certificate +diff -up openssl-1.1.0g/doc/apps/openssl.pod.manfix openssl-1.1.0g/doc/apps/openssl.pod +--- openssl-1.1.0g/doc/apps/openssl.pod.manfix 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/doc/apps/openssl.pod 2017-11-03 16:11:48.478245311 +0100 +@@ -170,7 +170,7 @@ Create or examine a Netscape certificate Online Certificate Status Protocol utility. @@ -24,7 +24,7 @@ diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/a Generation of hashed passwords. -@@ -187,7 +187,7 @@ Public key algorithm parameter managemen +@@ -198,7 +198,7 @@ Public key algorithm parameter managemen Public key algorithm cryptographic operation utility. @@ -33,15 +33,19 @@ diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/a Generate pseudo-random bytes. -@@ -401,9 +401,9 @@ L, L, L, - L, L, L, - L, L, L, L, - L, L, L, +@@ -432,13 +432,13 @@ L, L, L + L, L, + L, L, L, L, L, + L, L, L, -L, -+L, L, L, L, --L, L, L, -+L, L, L, + L, L, L, +-L, L, L, L, ++L, L, L, L, L, - L, L, - L, L, + L, L, L, + L, L, L, ++L, L, + L, + L, L, L, + L, L, L diff --git a/openssl-1.1.0-no-weak-verify.patch b/openssl-1.1.0-no-weak-verify.patch index 406d7a0..59439af 100644 --- a/openssl-1.1.0-no-weak-verify.patch +++ b/openssl-1.1.0-no-weak-verify.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.0f/crypto/asn1/a_verify.c ---- openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify 2017-05-25 14:46:18.000000000 +0200 -+++ openssl-1.1.0f/crypto/asn1/a_verify.c 2017-06-26 16:26:49.496989272 +0200 +diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/crypto/asn1/a_verify.c +--- openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/asn1/a_verify.c 2017-11-03 16:15:46.125801341 +0100 @@ -7,6 +7,9 @@ * https://www.openssl.org/source/license.html */ @@ -10,8 +10,8 @@ diff -up openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.0f/cry + #include #include - -@@ -129,6 +132,12 @@ int ASN1_item_verify(const ASN1_ITEM *it + #include +@@ -126,6 +129,12 @@ int ASN1_item_verify(const ASN1_ITEM *it if (ret != 2) goto err; ret = -1; diff --git a/openssl-1.1.0-secure-getenv.patch b/openssl-1.1.0-secure-getenv.patch index 2f73499..2fb8ae6 100644 --- a/openssl-1.1.0-secure-getenv.patch +++ b/openssl-1.1.0-secure-getenv.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0b/crypto/conf/conf_api.c ---- openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200 -+++ openssl-1.1.0b/crypto/conf/conf_api.c 2016-09-26 15:19:19.420705501 +0200 +diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c +--- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/conf/conf_api.c 2017-11-03 16:12:31.826265323 +0100 @@ -9,6 +9,8 @@ /* Part of the code in here was originally in conf.c, which is now removed */ @@ -28,9 +28,9 @@ diff -up openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0b/cryp } static unsigned long conf_value_hash(const CONF_VALUE *v) -diff -up openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0b/crypto/conf/conf_mod.c ---- openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200 -+++ openssl-1.1.0b/crypto/conf/conf_mod.c 2016-09-26 15:19:19.421705524 +0200 +diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c +--- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/conf/conf_mod.c 2017-11-03 16:12:31.827265347 +0100 @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ @@ -49,9 +49,9 @@ diff -up openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0b/cryp if (file) return OPENSSL_strdup(file); -diff -up openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0b/crypto/engine/eng_list.c ---- openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200 -+++ openssl-1.1.0b/crypto/engine/eng_list.c 2016-09-26 15:19:19.421705524 +0200 +diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c +--- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/engine/eng_list.c 2017-11-03 16:12:31.827265347 +0100 @@ -13,6 +13,8 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ @@ -70,9 +70,9 @@ diff -up openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0b/cr load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || -diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/crypto/rand/randfile.c ---- openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200 -+++ openssl-1.1.0b/crypto/rand/randfile.c 2016-09-26 15:22:17.427882518 +0200 +diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c +--- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rand/randfile.c 2017-11-03 16:12:31.827265347 +0100 @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ @@ -82,7 +82,7 @@ diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/cryp #include "internal/cryptlib.h" #include -@@ -319,10 +321,10 @@ const char *RAND_file_name(char *buf, si +@@ -317,10 +319,10 @@ const char *RAND_file_name(char *buf, si if (OPENSSL_issetugid() != 0) { use_randfile = 0; } else { @@ -95,9 +95,9 @@ diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/cryp } } #endif -diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto/x509/by_dir.c ---- openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv 2016-09-26 11:46:06.000000000 +0200 -+++ openssl-1.1.0b/crypto/x509/by_dir.c 2016-09-26 15:19:19.421705524 +0200 +diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c +--- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/crypto/x509/by_dir.c 2017-11-03 16:12:31.827265347 +0100 @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ @@ -107,7 +107,7 @@ diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto #include #include #include -@@ -80,7 +82,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in +@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { @@ -116,9 +116,9 @@ diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); else -diff -up openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv openssl-1.1.0b/crypto/x509/by_file.c ---- openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv 2016-09-26 11:46:06.000000000 +0200 -+++ openssl-1.1.0b/crypto/x509/by_file.c 2016-09-26 15:19:19.421705524 +0200 +diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c +--- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/crypto/x509/by_file.c 2017-11-03 16:14:13.230649686 +0100 @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ @@ -132,8 +132,8 @@ diff -up openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv openssl-1.1.0b/crypt switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { -- file = (char *)getenv(X509_get_default_cert_file_env()); -+ file = (char *)secure_getenv(X509_get_default_cert_file_env()); +- file = getenv(X509_get_default_cert_file_env()); ++ file = secure_getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); diff --git a/openssl-1.1.0-thread-local.patch b/openssl-1.1.0-thread-local.patch deleted file mode 100644 index a51062a..0000000 --- a/openssl-1.1.0-thread-local.patch +++ /dev/null @@ -1,48 +0,0 @@ -From c8ec34109cab8c92685958ddfef0776a4b3b8460 Mon Sep 17 00:00:00 2001 -From: Rich Salz -Date: Wed, 31 May 2017 12:14:55 -0400 -Subject: [PATCH] Only release thread-local key if we created it. - -Thanks to Jan Alexander Steffens for finding the bug and confirming the -fix. - -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/3592) -(cherry picked from commit 73bc53708c386c1ea85941d345721e23dc61c05c) ---- - crypto/err/err.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/crypto/err/err.c b/crypto/err/err.c -index f866f2f..c55f849 100644 ---- a/crypto/err/err.c -+++ b/crypto/err/err.c -@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { - #endif - - static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; -+static int set_err_thread_local; - static CRYPTO_THREAD_LOCAL err_thread_local; - - static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; -@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init) - - void err_cleanup(void) - { -- CRYPTO_THREAD_cleanup_local(&err_thread_local); -+ if (set_err_thread_local != 0) -+ CRYPTO_THREAD_cleanup_local(&err_thread_local); - CRYPTO_THREAD_lock_free(err_string_lock); - err_string_lock = NULL; - } -@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid) - - DEFINE_RUN_ONCE_STATIC(err_do_init) - { -+ set_err_thread_local = 1; - return CRYPTO_THREAD_init_local(&err_thread_local, NULL); - } - --- -2.9.3 - diff --git a/openssl.spec b/openssl.spec index 90f20fb..ab7e6c3 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,8 +21,8 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.0f -Release: 9%{?dist} +Version: 1.1.0g +Release: 1%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -58,12 +58,9 @@ Patch39: openssl-1.1.0-cc-reqs.patch Patch40: openssl-1.1.0-disable-ssl3.patch Patch41: openssl-1.1.0-system-cipherlist.patch Patch42: openssl-1.1.0-fips.patch -Patch43: openssl-1.1.0-afalg-eventfd2.patch Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch Patch45: openssl-1.1.0-weak-ciphers.patch # Backported fixes including security fixes -Patch70: openssl-1.1.0-thread-local.patch -Patch71: openssl-1.1.0-dtls-failure.patch License: OpenSSL Group: System Environment/Libraries @@ -157,18 +154,14 @@ cp %{SOURCE13} test/ %patch35 -p1 -b .chil %patch36 -p1 -b .secure-getenv %patch37 -p1 -b .curves -%patch38 -p1 -b .no-md5-verify +%patch38 -p1 -b .no-weak-verify %patch39 -p1 -b .cc-reqs %patch40 -p1 -b .disable-ssl3 %patch41 -p1 -b .system-cipherlist %patch42 -p1 -b .fips -%patch43 -p1 -b .eventfd2 %patch44 -p1 -b .preserve-nl %patch45 -p1 -b .weak-ciphers -%patch70 -p1 -b .thread-local -%patch71 -p1 -b .dtls-failure - %build # Figure out which flags we want to use. # default @@ -235,6 +228,8 @@ sslarch=linux-generic64 # want to depend on the uninitialized memory as a source of entropy anyway. RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY" +export HASHBANGPERL=/usr/bin/perl + # ia64, x86_64, ppc are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and @@ -436,6 +431,9 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Fri Nov 3 2017 Tomáš Mráz 1.1.0g-1 +- update to upstream version 1.1.0g + * Thu Aug 03 2017 Fedora Release Engineering - 1:1.1.0f-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild