[rpms/openssl] rebase_40beta: make DTLS1 work in FIPS mode

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl] rebase_40beta: make DTLS1 work in FIPS mode
@ 2026-06-09 12:43 Tomas Mraz
  0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 4e423c3c5070e4bc200b9c460349f64034fbfe09
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2013-09-27T15:43:51+02:00
            Stats  : +285/-251 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/4e423c3c5070e4bc200b9c460349f64034fbfe09?branch=rebase_40beta

            Log:
            make DTLS1 work in FIPS mode

- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode

---
diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch
index 42e4558..c2f7848 100644
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.0.1e/apps/pkcs12.c.fips openssl-1.0.1e/apps/pkcs12.c
 --- openssl-1.0.1e/apps/pkcs12.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/pkcs12.c	2013-02-19 12:47:33.714118364 +0100
++++ openssl-1.0.1e/apps/pkcs12.c	2013-09-27 14:32:35.324664728 +0200
 @@ -67,6 +67,9 @@
  #include <openssl/err.h>
  #include <openssl/pem.h>
@@ -25,7 +25,7 @@ diff -up openssl-1.0.1e/apps/pkcs12.c.fips openssl-1.0.1e/apps/pkcs12.c
  
 diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
 --- openssl-1.0.1e/apps/speed.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/speed.c	2013-02-19 12:47:33.715118384 +0100
++++ openssl-1.0.1e/apps/speed.c	2013-09-27 14:48:55.247722737 +0200
 @@ -195,7 +195,6 @@
  #ifdef OPENSSL_DOING_MAKEDEPEND
  #undef AES_set_encrypt_key
@@ -68,7 +68,24 @@ diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
  			dsa_doit[R_DSA_1024]=1;
  			dsa_doit[R_DSA_2048]=1;
  			}
-@@ -1226,30 +1234,54 @@ int MAIN(int argc, char **argv)
+@@ -1162,12 +1170,15 @@ int MAIN(int argc, char **argv)
+ 		{
+ 		for (i=0; i<ALGOR_NUM; i++)
+ 			{
+-			if (i != D_EVP)
++			if (i != D_EVP &&
++			    (!FIPS_mode() || i != D_WHIRLPOOL))
+ 				doit[i]=1;
+ 			}
+ 		for (i=0; i<RSA_NUM; i++)
++		    if (!FIPS_mode() || i != R_RSA_512)
+ 			rsa_doit[i]=1;
+ 		for (i=0; i<DSA_NUM; i++)
++		    if (!FIPS_mode() || i != R_DSA_512)
+ 			dsa_doit[i]=1;
+ #ifndef OPENSSL_NO_ECDSA
+ 		for (i=0; i<EC_NUM; i++)
+@@ -1226,30 +1237,54 @@ int MAIN(int argc, char **argv)
  	AES_set_encrypt_key(key32,256,&aes_ks3);
  #endif
  #ifndef OPENSSL_NO_CAMELLIA
@@ -123,7 +140,7 @@ diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
  #endif
  #ifndef OPENSSL_NO_RSA
  	memset(rsa_c,0,sizeof(rsa_c));
-@@ -1564,6 +1596,7 @@ int MAIN(int argc, char **argv)
+@@ -1564,6 +1559,7 @@ int MAIN(int argc, char **argv)
  		HMAC_CTX hctx;
  
  		HMAC_CTX_init(&hctx);
@@ -132,8 +149,8 @@ diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
  			16,EVP_md5(), NULL);
  
 diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
---- openssl-1.0.1e/Configure.fips	2013-02-19 12:47:33.670117470 +0100
-+++ openssl-1.0.1e/Configure	2013-02-19 12:47:33.716118405 +0100
+--- openssl-1.0.1e/Configure.fips	2013-09-27 14:32:35.077659167 +0200
++++ openssl-1.0.1e/Configure	2013-09-27 14:32:35.324664728 +0200
 @@ -995,11 +995,6 @@ if (defined($disabled{"md5"}) || defined
  	$disabled{"ssl2"} = "forced";
  	}
@@ -170,7 +187,7 @@ diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
 diff -up openssl-1.0.1e/crypto/aes/aes_misc.c.fips openssl-1.0.1e/crypto/aes/aes_misc.c
 --- openssl-1.0.1e/crypto/aes/aes_misc.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/aes/aes_misc.c	2013-02-19 12:47:33.717118426 +0100
++++ openssl-1.0.1e/crypto/aes/aes_misc.c	2013-09-27 14:32:35.325664751 +0200
 @@ -69,17 +69,11 @@ const char *AES_options(void) {
  int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
  			AES_KEY *key)
@@ -191,7 +208,7 @@ diff -up openssl-1.0.1e/crypto/aes/aes_misc.c.fips openssl-1.0.1e/crypto/aes/aes
  	}
 diff -up openssl-1.0.1e/crypto/cmac/cmac.c.fips openssl-1.0.1e/crypto/cmac/cmac.c
 --- openssl-1.0.1e/crypto/cmac/cmac.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/cmac/cmac.c	2013-02-19 12:47:33.717118426 +0100
++++ openssl-1.0.1e/crypto/cmac/cmac.c	2013-09-27 14:32:35.325664751 +0200
 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
  
  void CMAC_CTX_cleanup(CMAC_CTX *ctx)
@@ -241,8 +258,8 @@ diff -up openssl-1.0.1e/crypto/cmac/cmac.c.fips openssl-1.0.1e/crypto/cmac/cmac.
  		return 0;
  	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
 diff -up openssl-1.0.1e/crypto/crypto.h.fips openssl-1.0.1e/crypto/crypto.h
---- openssl-1.0.1e/crypto/crypto.h.fips	2013-02-19 12:47:33.444112876 +0100
-+++ openssl-1.0.1e/crypto/crypto.h	2013-02-19 12:47:33.718118447 +0100
+--- openssl-1.0.1e/crypto/crypto.h.fips	2013-09-27 14:32:34.972656804 +0200
++++ openssl-1.0.1e/crypto/crypto.h	2013-09-27 14:32:35.325664751 +0200
 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
  void OPENSSL_init(void);
  
@@ -289,8 +306,8 @@ diff -up openssl-1.0.1e/crypto/crypto.h.fips openssl-1.0.1e/crypto/crypto.h
  
  /* Function codes. */
 diff -up openssl-1.0.1e/crypto/des/des.h.fips openssl-1.0.1e/crypto/des/des.h
---- openssl-1.0.1e/crypto/des/des.h.fips	2013-02-19 12:47:33.516114340 +0100
-+++ openssl-1.0.1e/crypto/des/des.h	2013-02-19 12:47:33.718118447 +0100
+--- openssl-1.0.1e/crypto/des/des.h.fips	2013-09-27 14:32:35.004657525 +0200
++++ openssl-1.0.1e/crypto/des/des.h	2013-09-27 14:32:35.325664751 +0200
 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
  int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
  int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
@@ -303,7 +320,7 @@ diff -up openssl-1.0.1e/crypto/des/des.h.fips openssl-1.0.1e/crypto/des/des.h
  void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
 diff -up openssl-1.0.1e/crypto/des/set_key.c.fips openssl-1.0.1e/crypto/des/set_key.c
 --- openssl-1.0.1e/crypto/des/set_key.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/des/set_key.c	2013-02-19 12:47:33.719118468 +0100
++++ openssl-1.0.1e/crypto/des/set_key.c	2013-09-27 14:32:35.325664751 +0200
 @@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock
  	}
  
@@ -320,7 +337,7 @@ diff -up openssl-1.0.1e/crypto/des/set_key.c.fips openssl-1.0.1e/crypto/des/set_
  	register DES_LONG c,d,t,s,t2;
 diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen.c
 --- openssl-1.0.1e/crypto/dh/dh_gen.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dh/dh_gen.c	2013-02-19 12:47:33.719118468 +0100
++++ openssl-1.0.1e/crypto/dh/dh_gen.c	2013-09-27 14:32:35.325664751 +0200
 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
  #endif
  	if(ret->meth->generate_params)
@@ -355,8 +372,8 @@ diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen.
  	if (ctx == NULL) goto err;
  	BN_CTX_start(ctx);
 diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h
---- openssl-1.0.1e/crypto/dh/dh.h.fips	2013-02-19 12:47:33.388111739 +0100
-+++ openssl-1.0.1e/crypto/dh/dh.h	2013-02-19 12:47:33.719118468 +0100
+--- openssl-1.0.1e/crypto/dh/dh.h.fips	2013-09-27 14:32:34.943656151 +0200
++++ openssl-1.0.1e/crypto/dh/dh.h	2013-09-27 14:32:35.326664773 +0200
 @@ -77,6 +77,8 @@
  # define OPENSSL_DH_MAX_MODULUS_BITS	10000
  #endif
@@ -368,7 +385,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h
                                         * implementation now uses constant time
 diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.c
 --- openssl-1.0.1e/crypto/dh/dh_key.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dh/dh_key.c	2013-02-19 12:47:33.720118488 +0100
++++ openssl-1.0.1e/crypto/dh/dh_key.c	2013-09-27 14:32:35.326664773 +0200
 @@ -61,6 +61,9 @@
  #include <openssl/bn.h>
  #include <openssl/rand.h>
@@ -429,7 +446,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.
  	}
 diff -up openssl-1.0.1e/crypto/dh/dh_lib.c.fips openssl-1.0.1e/crypto/dh/dh_lib.c
 --- openssl-1.0.1e/crypto/dh/dh_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dh/dh_lib.c	2013-02-19 12:47:33.720118488 +0100
++++ openssl-1.0.1e/crypto/dh/dh_lib.c	2013-09-27 14:32:35.326664773 +0200
 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
  	{
  	if(!default_DH_method)
@@ -447,7 +464,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_lib.c.fips openssl-1.0.1e/crypto/dh/dh_lib.
  	}
 diff -up openssl-1.0.1e/crypto/dsa/dsa_err.c.fips openssl-1.0.1e/crypto/dsa/dsa_err.c
 --- openssl-1.0.1e/crypto/dsa/dsa_err.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_err.c	2013-02-19 12:47:33.720118488 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_err.c	2013-09-27 14:32:35.326664773 +0200
 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
  {ERR_FUNC(DSA_F_DO_DSA_PRINT),	"DO_DSA_PRINT"},
  {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
@@ -468,7 +485,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_err.c.fips openssl-1.0.1e/crypto/dsa/dsa_
  {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
 diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips openssl-1.0.1e/crypto/dsa/dsa_gen.c
 --- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c	2013-02-19 12:47:33.721118508 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_gen.c	2013-09-27 14:32:35.326664773 +0200
 @@ -85,6 +85,14 @@
  #include <openssl/fips.h>
  #endif
@@ -876,8 +893,8 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips openssl-1.0.1e/crypto/dsa/dsa_
  	if (mont != NULL) BN_MONT_CTX_free(mont);
  	return ok;
 diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips openssl-1.0.1e/crypto/dsa/dsa.h
---- openssl-1.0.1e/crypto/dsa/dsa.h.fips	2013-02-19 12:47:33.205108020 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa.h	2013-02-19 12:47:33.721118508 +0100
+--- openssl-1.0.1e/crypto/dsa/dsa.h.fips	2013-09-27 14:32:34.860654283 +0200
++++ openssl-1.0.1e/crypto/dsa/dsa.h	2013-09-27 14:32:35.326664773 +0200
 @@ -88,6 +88,8 @@
  # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
  #endif
@@ -940,7 +957,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips openssl-1.0.1e/crypto/dsa/dsa.h
  #ifdef  __cplusplus
 diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips openssl-1.0.1e/crypto/dsa/dsa_key.c
 --- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_key.c	2013-02-19 12:47:33.722118528 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_key.c	2013-09-27 14:32:35.327664795 +0200
 @@ -66,6 +66,35 @@
  
  #ifdef OPENSSL_FIPS
@@ -1021,7 +1038,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips openssl-1.0.1e/crypto/dsa/dsa_
  err:
 diff -up openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips openssl-1.0.1e/crypto/dsa/dsa_lib.c
 --- openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_lib.c	2013-02-19 12:47:33.722118528 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_lib.c	2013-09-27 14:32:35.327664795 +0200
 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
  	{
  	if(!default_DSA_method)
@@ -1038,8 +1055,8 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips openssl-1.0.1e/crypto/dsa/dsa_
  	return default_DSA_method;
  	}
 diff -up openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips openssl-1.0.1e/crypto/dsa/dsa_locl.h
---- openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips	2013-02-19 12:47:33.209108100 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h	2013-02-19 12:47:33.722118528 +0100
+--- openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips	2013-09-27 14:32:34.862654328 +0200
++++ openssl-1.0.1e/crypto/dsa/dsa_locl.h	2013-09-27 14:32:35.327664795 +0200
 @@ -56,5 +56,4 @@
  
  int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
@@ -1048,7 +1065,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips openssl-1.0.1e/crypto/dsa/dsa
  	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1e/crypto/dsa/dsa_ossl.c
 --- openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c	2013-02-19 12:47:33.723118548 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c	2013-09-27 14:32:35.327664795 +0200
 @@ -65,6 +65,9 @@
  #include <openssl/dsa.h>
  #include <openssl/rand.h>
@@ -1124,7 +1141,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1e/crypto/dsa/dsa
  }
 diff -up openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1e/crypto/dsa/dsa_pmeth.c
 --- openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c	2013-02-19 12:47:33.723118548 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c	2013-09-27 14:32:35.327664795 +0200
 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
  	if (!dsa)
  		return 0;
@@ -1136,7 +1153,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1e/crypto/dsa/ds
  	else
 diff -up openssl-1.0.1e/crypto/dsa/dsatest.c.fips openssl-1.0.1e/crypto/dsa/dsatest.c
 --- openssl-1.0.1e/crypto/dsa/dsatest.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/dsa/dsatest.c	2013-02-19 12:47:33.723118548 +0100
++++ openssl-1.0.1e/crypto/dsa/dsatest.c	2013-09-27 14:32:35.327664795 +0200
 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
  /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
   * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@@ -1223,7 +1240,7 @@ diff -up openssl-1.0.1e/crypto/dsa/dsatest.c.fips openssl-1.0.1e/crypto/dsa/dsat
  	if (h != 2)
 diff -up openssl-1.0.1e/crypto/engine/eng_all.c.fips openssl-1.0.1e/crypto/engine/eng_all.c
 --- openssl-1.0.1e/crypto/engine/eng_all.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/engine/eng_all.c	2013-02-19 12:47:33.724118569 +0100
++++ openssl-1.0.1e/crypto/engine/eng_all.c	2013-09-27 14:32:35.328664817 +0200
 @@ -58,11 +58,25 @@
  
  #include "cryptlib.h"
@@ -1252,7 +1269,7 @@ diff -up openssl-1.0.1e/crypto/engine/eng_all.c.fips openssl-1.0.1e/crypto/engin
  	 * it is the *only* way for standard builtin implementations to be be
 diff -up openssl-1.0.1e/crypto/evp/c_allc.c.fips openssl-1.0.1e/crypto/evp/c_allc.c
 --- openssl-1.0.1e/crypto/evp/c_allc.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/c_allc.c	2013-02-19 12:47:33.725118589 +0100
++++ openssl-1.0.1e/crypto/evp/c_allc.c	2013-09-27 14:32:35.328664817 +0200
 @@ -65,6 +65,11 @@
  void OpenSSL_add_all_ciphers(void)
  	{
@@ -1328,7 +1345,7 @@ diff -up openssl-1.0.1e/crypto/evp/c_allc.c.fips openssl-1.0.1e/crypto/evp/c_all
  	}
 diff -up openssl-1.0.1e/crypto/evp/c_alld.c.fips openssl-1.0.1e/crypto/evp/c_alld.c
 --- openssl-1.0.1e/crypto/evp/c_alld.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/c_alld.c	2013-02-19 12:47:33.725118589 +0100
++++ openssl-1.0.1e/crypto/evp/c_alld.c	2013-09-27 14:32:35.328664817 +0200
 @@ -64,6 +64,11 @@
  
  void OpenSSL_add_all_digests(void)
@@ -1376,7 +1393,7 @@ diff -up openssl-1.0.1e/crypto/evp/c_alld.c.fips openssl-1.0.1e/crypto/evp/c_all
  	}
 diff -up openssl-1.0.1e/crypto/evp/digest.c.fips openssl-1.0.1e/crypto/evp/digest.c
 --- openssl-1.0.1e/crypto/evp/digest.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/digest.c	2013-02-19 12:51:41.276779877 +0100
++++ openssl-1.0.1e/crypto/evp/digest.c	2013-09-27 14:32:35.328664817 +0200
 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
  	return EVP_DigestInit_ex(ctx, type, NULL);
  	}
@@ -1527,7 +1544,7 @@ diff -up openssl-1.0.1e/crypto/evp/digest.c.fips openssl-1.0.1e/crypto/evp/diges
  	return 1;
 diff -up openssl-1.0.1e/crypto/evp/e_aes.c.fips openssl-1.0.1e/crypto/evp/e_aes.c
 --- openssl-1.0.1e/crypto/evp/e_aes.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/e_aes.c	2013-02-19 12:47:33.726118609 +0100
++++ openssl-1.0.1e/crypto/evp/e_aes.c	2013-09-27 14:32:35.328664817 +0200
 @@ -56,7 +56,6 @@
  #include <assert.h>
  #include <openssl/aes.h>
@@ -1561,7 +1578,7 @@ diff -up openssl-1.0.1e/crypto/evp/e_aes.c.fips openssl-1.0.1e/crypto/evp/e_aes.
 -#endif
 diff -up openssl-1.0.1e/crypto/evp/e_des3.c.fips openssl-1.0.1e/crypto/evp/e_des3.c
 --- openssl-1.0.1e/crypto/evp/e_des3.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/e_des3.c	2013-02-19 12:47:33.727118629 +0100
++++ openssl-1.0.1e/crypto/evp/e_des3.c	2013-09-27 14:32:35.328664817 +0200
 @@ -65,8 +65,6 @@
  #include <openssl/des.h>
  #include <openssl/rand.h>
@@ -1622,7 +1639,7 @@ diff -up openssl-1.0.1e/crypto/evp/e_des3.c.fips openssl-1.0.1e/crypto/evp/e_des
 -#endif
 diff -up openssl-1.0.1e/crypto/evp/e_null.c.fips openssl-1.0.1e/crypto/evp/e_null.c
 --- openssl-1.0.1e/crypto/evp/e_null.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/e_null.c	2013-02-19 12:47:33.727118629 +0100
++++ openssl-1.0.1e/crypto/evp/e_null.c	2013-09-27 14:32:35.329664840 +0200
 @@ -61,8 +61,6 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -1648,7 +1665,7 @@ diff -up openssl-1.0.1e/crypto/evp/e_null.c.fips openssl-1.0.1e/crypto/evp/e_nul
 -#endif
 diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.fips openssl-1.0.1e/crypto/evp/evp_enc.c
 --- openssl-1.0.1e/crypto/evp/evp_enc.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/evp_enc.c	2013-02-19 12:47:33.728118649 +0100
++++ openssl-1.0.1e/crypto/evp/evp_enc.c	2013-09-27 14:32:35.329664840 +0200
 @@ -69,17 +69,58 @@
  #endif
  #include "evp_locl.h"
@@ -1798,8 +1815,8 @@ diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.fips openssl-1.0.1e/crypto/evp/evp_
  	return 1;
  	}
 diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
---- openssl-1.0.1e/crypto/evp/evp.h.fips	2013-02-19 12:47:33.474113487 +0100
-+++ openssl-1.0.1e/crypto/evp/evp.h	2013-02-19 12:47:33.728118649 +0100
+--- openssl-1.0.1e/crypto/evp/evp.h.fips	2013-09-27 14:32:34.986657119 +0200
++++ openssl-1.0.1e/crypto/evp/evp.h	2013-09-27 14:32:35.329664840 +0200
 @@ -75,6 +75,10 @@
  #include <openssl/bio.h>
  #endif
@@ -1854,7 +1871,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
   */
 diff -up openssl-1.0.1e/crypto/evp/evp_lib.c.fips openssl-1.0.1e/crypto/evp/evp_lib.c
 --- openssl-1.0.1e/crypto/evp/evp_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/evp_lib.c	2013-02-19 12:47:33.729118669 +0100
++++ openssl-1.0.1e/crypto/evp/evp_lib.c	2013-09-27 14:32:35.329664840 +0200
 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
  
  int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
@@ -1866,8 +1883,8 @@ diff -up openssl-1.0.1e/crypto/evp/evp_lib.c.fips openssl-1.0.1e/crypto/evp/evp_
  	}
  
 diff -up openssl-1.0.1e/crypto/evp/evp_locl.h.fips openssl-1.0.1e/crypto/evp/evp_locl.h
---- openssl-1.0.1e/crypto/evp/evp_locl.h.fips	2013-02-19 12:47:33.465113304 +0100
-+++ openssl-1.0.1e/crypto/evp/evp_locl.h	2013-02-19 12:47:33.729118669 +0100
+--- openssl-1.0.1e/crypto/evp/evp_locl.h.fips	2013-09-27 14:32:34.981657006 +0200
++++ openssl-1.0.1e/crypto/evp/evp_locl.h	2013-09-27 14:32:35.329664840 +0200
 @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
  	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
  	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
@@ -1904,7 +1921,7 @@ diff -up openssl-1.0.1e/crypto/evp/evp_locl.h.fips openssl-1.0.1e/crypto/evp/evp
  #endif
 diff -up openssl-1.0.1e/crypto/evp/Makefile.fips openssl-1.0.1e/crypto/evp/Makefile
 --- openssl-1.0.1e/crypto/evp/Makefile.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/Makefile	2013-02-19 12:53:25.468917386 +0100
++++ openssl-1.0.1e/crypto/evp/Makefile	2013-09-27 14:32:35.330664863 +0200
 @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
  	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
  	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -1923,60 +1940,60 @@ diff -up openssl-1.0.1e/crypto/evp/Makefile.fips openssl-1.0.1e/crypto/evp/Makef
  	e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
  
  SRC= $(LIBSRC)
-diff -up openssl-1.0.1e/crypto/evp/m_dss1.c.fips openssl-1.0.1e/crypto/evp/m_dss1.c
---- openssl-1.0.1e/crypto/evp/m_dss1.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_dss1.c	2013-02-19 12:47:33.730118689 +0100
-@@ -68,8 +68,6 @@
- #include <openssl/dsa.h>
+diff -up openssl-1.0.1e/crypto/evp/m_dss.c.fips openssl-1.0.1e/crypto/evp/m_dss.c
+--- openssl-1.0.1e/crypto/evp/m_dss.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_dss.c	2013-09-27 14:32:35.330664863 +0200
+@@ -66,7 +66,6 @@
  #endif
  
--#ifndef OPENSSL_FIPS 
--
+ #ifndef OPENSSL_NO_SHA
+-#ifndef OPENSSL_FIPS
+ 
  static int init(EVP_MD_CTX *ctx)
  	{ return SHA1_Init(ctx->md_data); }
- 
-@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
- 	NID_dsa,
- 	NID_dsaWithSHA1,
+@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
+ 	NID_dsaWithSHA,
+ 	NID_dsaWithSHA,
  	SHA_DIGEST_LENGTH,
 -	EVP_MD_FLAG_PKEY_DIGEST,
 +	EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
  	init,
  	update,
  	final,
-@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
- 	return(&dss1_md);
+@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
+ 	return(&dsa_md);
  	}
  #endif
 -#endif
-diff -up openssl-1.0.1e/crypto/evp/m_dss.c.fips openssl-1.0.1e/crypto/evp/m_dss.c
---- openssl-1.0.1e/crypto/evp/m_dss.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_dss.c	2013-02-19 12:47:33.730118689 +0100
-@@ -66,7 +66,6 @@
+diff -up openssl-1.0.1e/crypto/evp/m_dss1.c.fips openssl-1.0.1e/crypto/evp/m_dss1.c
+--- openssl-1.0.1e/crypto/evp/m_dss1.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_dss1.c	2013-09-27 14:32:35.330664863 +0200
+@@ -68,8 +68,6 @@
+ #include <openssl/dsa.h>
  #endif
  
- #ifndef OPENSSL_NO_SHA
--#ifndef OPENSSL_FIPS
- 
+-#ifndef OPENSSL_FIPS 
+-
  static int init(EVP_MD_CTX *ctx)
  	{ return SHA1_Init(ctx->md_data); }
-@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
- 	NID_dsaWithSHA,
- 	NID_dsaWithSHA,
+ 
+@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
+ 	NID_dsa,
+ 	NID_dsaWithSHA1,
  	SHA_DIGEST_LENGTH,
 -	EVP_MD_FLAG_PKEY_DIGEST,
 +	EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
  	init,
  	update,
  	final,
-@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
- 	return(&dsa_md);
+@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
+ 	return(&dss1_md);
  	}
  #endif
 -#endif
 diff -up openssl-1.0.1e/crypto/evp/m_md2.c.fips openssl-1.0.1e/crypto/evp/m_md2.c
 --- openssl-1.0.1e/crypto/evp/m_md2.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_md2.c	2013-02-19 12:47:33.731118710 +0100
++++ openssl-1.0.1e/crypto/evp/m_md2.c	2013-09-27 14:32:35.330664863 +0200
 @@ -68,6 +68,7 @@
  #ifndef OPENSSL_NO_RSA
  #include <openssl/rsa.h>
@@ -1987,7 +2004,7 @@ diff -up openssl-1.0.1e/crypto/evp/m_md2.c.fips openssl-1.0.1e/crypto/evp/m_md2.
  	{ return MD2_Init(ctx->md_data); }
 diff -up openssl-1.0.1e/crypto/evp/m_sha1.c.fips openssl-1.0.1e/crypto/evp/m_sha1.c
 --- openssl-1.0.1e/crypto/evp/m_sha1.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_sha1.c	2013-02-19 12:47:33.731118710 +0100
++++ openssl-1.0.1e/crypto/evp/m_sha1.c	2013-09-27 14:32:35.330664863 +0200
 @@ -59,8 +59,6 @@
  #include <stdio.h>
  #include "cryptlib.h"
@@ -2054,7 +2071,7 @@ diff -up openssl-1.0.1e/crypto/evp/m_sha1.c.fips openssl-1.0.1e/crypto/evp/m_sha
 -#endif
 diff -up openssl-1.0.1e/crypto/evp/p_sign.c.fips openssl-1.0.1e/crypto/evp/p_sign.c
 --- openssl-1.0.1e/crypto/evp/p_sign.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/p_sign.c	2013-02-19 12:47:33.731118710 +0100
++++ openssl-1.0.1e/crypto/evp/p_sign.c	2013-09-27 14:32:35.330664863 +0200
 @@ -61,6 +61,7 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -2088,7 +2105,7 @@ diff -up openssl-1.0.1e/crypto/evp/p_sign.c.fips openssl-1.0.1e/crypto/evp/p_sig
  		*siglen = sltmp;
 diff -up openssl-1.0.1e/crypto/evp/p_verify.c.fips openssl-1.0.1e/crypto/evp/p_verify.c
 --- openssl-1.0.1e/crypto/evp/p_verify.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/p_verify.c	2013-02-19 12:47:33.732118731 +0100
++++ openssl-1.0.1e/crypto/evp/p_verify.c	2013-09-27 14:32:35.330664863 +0200
 @@ -61,6 +61,7 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -2121,8 +2138,8 @@ diff -up openssl-1.0.1e/crypto/evp/p_verify.c.fips openssl-1.0.1e/crypto/evp/p_v
  		err:
  		EVP_PKEY_CTX_free(pkctx);
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips	2013-02-19 12:47:33.732118731 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c	2013-02-19 12:47:33.732118731 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips	2013-09-27 14:32:35.331664885 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c	2013-09-27 14:32:35.331664885 +0200
 @@ -0,0 +1,939 @@
 +/* ====================================================================
 + * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -3064,8 +3081,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1e/crypt
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips	2013-02-19 12:47:33.732118731 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c	2013-02-19 12:47:33.732118731 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips	2013-09-27 14:32:35.331664885 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c	2013-09-27 14:32:35.331664885 +0200
 @@ -0,0 +1,517 @@
 +/* fips_cmactest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3585,8 +3602,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1e/cry
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips	2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c	2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips	2013-09-27 14:32:35.331664885 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c	2013-09-27 14:32:35.331664885 +0200
 @@ -0,0 +1,702 @@
 +/* ====================================================================
 + * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -4291,8 +4308,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1e/cryp
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips	2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c	2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips	2013-09-27 14:32:35.332664908 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c	2013-09-27 14:32:35.331664885 +0200
 @@ -0,0 +1,292 @@
 +/* fips/dh/fips_dhvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4587,8 +4604,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1e/crypto/
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips	2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c	2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips	2013-09-27 14:32:35.332664908 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c	2013-09-27 14:32:35.332664908 +0200
 @@ -0,0 +1,416 @@
 +/* fips/rand/fips_drbgvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5007,8 +5024,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1e/crypt
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips	2013-02-19 12:47:33.733118752 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c	2013-02-19 12:47:33.733118752 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips	2013-09-27 14:32:35.332664908 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c	2013-09-27 14:32:35.332664908 +0200
 @@ -0,0 +1,537 @@
 +#include <openssl/opensslconf.h>
 +
@@ -5548,8 +5565,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1e/crypto
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips	2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c	2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips	2013-09-27 14:32:35.332664908 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c	2013-09-27 14:32:35.332664908 +0200
 @@ -0,0 +1,571 @@
 +/* fips/aes/fips_gcmtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -6123,8 +6140,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1e/cryp
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips	2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c	2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips	2013-09-27 14:32:35.332664908 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c	2013-09-27 14:32:35.332664908 +0200
 @@ -0,0 +1,230 @@
 +/*
 + * Crude test driver for processing the VST and MCT testvector files
@@ -6357,8 +6374,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1e/crypto
 +    }
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips	2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c	2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips	2013-09-27 14:32:35.333664930 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c	2013-09-27 14:32:35.333664930 +0200
 @@ -0,0 +1,390 @@
 +/* fips_rsagtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -6751,8 +6768,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1e/cry
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips	2013-02-19 12:47:33.734118772 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c	2013-02-19 12:47:33.734118772 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips	2013-09-27 14:32:35.333664930 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c	2013-09-27 14:32:35.333664930 +0200
 @@ -0,0 +1,370 @@
 +/* fips_rsastest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7125,8 +7142,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1e/cry
 +	}
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips	2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c	2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips	2013-09-27 14:32:35.333664930 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c	2013-09-27 14:32:35.333664930 +0200
 @@ -0,0 +1,377 @@
 +/* fips_rsavtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7506,8 +7523,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1e/cry
 +	}
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips	2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c	2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips	2013-09-27 14:32:35.333664930 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c	2013-09-27 14:32:35.333664930 +0200
 @@ -0,0 +1,388 @@
 +/* fips_shatest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7898,8 +7915,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1e/cryp
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1e/crypto/fips/cavs/fips_utl.h
---- openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips	2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h	2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips	2013-09-27 14:32:35.333664930 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h	2013-09-27 14:32:35.333664930 +0200
 @@ -0,0 +1,343 @@
 +/* ====================================================================
 + * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
@@ -8245,8 +8262,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1e/crypto/f
 +    }
 +
 diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_aes_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips	2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c	2013-02-19 12:47:33.735118792 +0100
+--- openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips	2013-09-27 14:32:35.334664952 +0200
++++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c	2013-09-27 14:32:35.334664952 +0200
 @@ -0,0 +1,359 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -8608,8 +8625,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/cryp
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips.c.fips openssl-1.0.1e/crypto/fips/fips.c
---- openssl-1.0.1e/crypto/fips/fips.c.fips	2013-02-19 12:47:33.735118792 +0100
-+++ openssl-1.0.1e/crypto/fips/fips.c	2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips.c.fips	2013-09-27 14:32:35.334664952 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c	2013-09-27 14:32:35.334664952 +0200
 @@ -0,0 +1,489 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -9101,8 +9118,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.c.fips openssl-1.0.1e/crypto/fips/fips.
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips	2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c	2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips	2013-09-27 14:32:35.334664952 +0200
++++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c	2013-09-27 14:32:35.334664952 +0200
 @@ -0,0 +1,161 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -9266,8 +9283,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1e/cry
 +	}
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_des_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips	2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c	2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips	2013-09-27 14:32:35.334664952 +0200
++++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c	2013-09-27 14:32:35.334664952 +0200
 @@ -0,0 +1,147 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -9417,8 +9434,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1e/cryp
 +    }
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips	2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c	2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips	2013-09-27 14:32:35.334664952 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c	2013-09-27 14:32:35.334664952 +0200
 @@ -0,0 +1,436 @@
 +/* fips/rand/fips_drbg_ctr.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -9857,8 +9874,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1e/crypto/f
 +	return 1;
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hash.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips	2013-02-19 12:47:33.736118812 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c	2013-02-19 12:47:33.736118812 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips	2013-09-27 14:32:35.335664975 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c	2013-09-27 14:32:35.335664975 +0200
 @@ -0,0 +1,378 @@
 +/* fips/rand/fips_drbg_hash.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -10239,8 +10256,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1e/crypto/
 +	return 1;
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips	2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c	2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips	2013-09-27 14:32:35.335664975 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c	2013-09-27 14:32:35.335664975 +0200
 @@ -0,0 +1,281 @@
 +/* fips/rand/fips_drbg_hmac.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -10524,8 +10541,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1e/crypto/
 +	return 1;
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_lib.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips	2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c	2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips	2013-09-27 14:32:35.335664975 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c	2013-09-27 14:32:35.335664975 +0200
 @@ -0,0 +1,578 @@
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 + * project.
@@ -11106,8 +11123,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1e/crypto/f
 +	return 1;
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips	2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c	2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips	2013-09-27 14:32:35.335664975 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c	2013-09-27 14:32:35.335664975 +0200
 @@ -0,0 +1,172 @@
 +/* fips/rand/fips_drbg_rand.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -11282,8 +11299,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1e/crypto/
 +	}
 +
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips	2013-02-19 12:47:33.737118832 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c	2013-02-19 12:47:33.737118832 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips	2013-09-27 14:32:35.336664998 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c	2013-09-27 14:32:35.336664998 +0200
 @@ -0,0 +1,862 @@
 +/* fips/rand/fips_drbg_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -12148,8 +12165,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1e/cry
 +	}
 +
 diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h
---- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips	2013-02-19 12:47:33.738118852 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h	2013-02-19 12:47:33.738118852 +0100
+--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips	2013-09-27 14:32:35.337665020 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h	2013-09-27 14:32:35.337665020 +0200
 @@ -0,0 +1,2335 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -14487,8 +14504,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1e/cry
 +	};
 +
 diff -up openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips	2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c	2013-02-19 12:47:33.739118872 +0100
+--- openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips	2013-09-27 14:32:35.337665020 +0200
++++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c	2013-09-27 14:32:35.337665020 +0200
 @@ -0,0 +1,193 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -14684,8 +14701,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1e/cryp
 +	}
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_enc.c.fips openssl-1.0.1e/crypto/fips/fips_enc.c
---- openssl-1.0.1e/crypto/fips/fips_enc.c.fips	2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_enc.c	2013-02-19 12:47:33.739118872 +0100
+--- openssl-1.0.1e/crypto/fips/fips_enc.c.fips	2013-09-27 14:32:35.337665020 +0200
++++ openssl-1.0.1e/crypto/fips/fips_enc.c	2013-09-27 14:32:35.337665020 +0200
 @@ -0,0 +1,191 @@
 +/* fipe/evp/fips_enc.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -14879,8 +14896,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_enc.c.fips openssl-1.0.1e/crypto/fips/f
 +	}
 +
 diff -up openssl-1.0.1e/crypto/fips/fips.h.fips openssl-1.0.1e/crypto/fips/fips.h
---- openssl-1.0.1e/crypto/fips/fips.h.fips	2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips.h	2013-02-19 12:47:33.739118872 +0100
+--- openssl-1.0.1e/crypto/fips/fips.h.fips	2013-09-27 14:32:35.337665020 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-09-27 14:32:35.337665020 +0200
 @@ -0,0 +1,279 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -15162,8 +15179,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips openssl-1.0.1e/crypto/fips/fips.
 +#endif
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips	2013-02-19 12:47:33.739118872 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c	2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips	2013-09-27 14:32:35.337665020 +0200
++++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c	2013-09-27 14:32:35.337665020 +0200
 @@ -0,0 +1,137 @@
 +/* ====================================================================
 + * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
@@ -15303,8 +15320,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1e/cry
 +    }
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_locl.h.fips openssl-1.0.1e/crypto/fips/fips_locl.h
---- openssl-1.0.1e/crypto/fips/fips_locl.h.fips	2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_locl.h	2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_locl.h.fips	2013-09-27 14:32:35.337665020 +0200
++++ openssl-1.0.1e/crypto/fips/fips_locl.h	2013-09-27 14:32:35.337665020 +0200
 @@ -0,0 +1,71 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -15378,8 +15395,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_locl.h.fips openssl-1.0.1e/crypto/fips/
 +#endif
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_md.c.fips openssl-1.0.1e/crypto/fips/fips_md.c
---- openssl-1.0.1e/crypto/fips/fips_md.c.fips	2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_md.c	2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_md.c.fips	2013-09-27 14:32:35.338665043 +0200
++++ openssl-1.0.1e/crypto/fips/fips_md.c	2013-09-27 14:32:35.338665043 +0200
 @@ -0,0 +1,145 @@
 +/* fips/evp/fips_md.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -15527,8 +15544,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_md.c.fips openssl-1.0.1e/crypto/fips/fi
 +		}
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips openssl-1.0.1e/crypto/fips/fips_post.c
---- openssl-1.0.1e/crypto/fips/fips_post.c.fips	2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips	2013-09-27 14:32:35.338665043 +0200
++++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-09-27 14:32:35.338665043 +0200
 @@ -0,0 +1,205 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -15736,8 +15753,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips openssl-1.0.1e/crypto/fips/
 +	}
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_rand.c.fips openssl-1.0.1e/crypto/fips/fips_rand.c
---- openssl-1.0.1e/crypto/fips/fips_rand.c.fips	2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand.c	2013-02-19 12:47:33.740118893 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand.c.fips	2013-09-27 14:32:35.338665043 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand.c	2013-09-27 14:32:35.338665043 +0200
 @@ -0,0 +1,457 @@
 +/* ====================================================================
 + * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
@@ -16197,8 +16214,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand.c.fips openssl-1.0.1e/crypto/fips/
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_rand.h.fips openssl-1.0.1e/crypto/fips/fips_rand.h
---- openssl-1.0.1e/crypto/fips/fips_rand.h.fips	2013-02-19 12:47:33.740118893 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand.h	2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand.h.fips	2013-09-27 14:32:35.338665043 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand.h	2013-09-27 14:32:35.338665043 +0200
 @@ -0,0 +1,145 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -16346,8 +16363,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand.h.fips openssl-1.0.1e/crypto/fips/
 +#endif
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1e/crypto/fips/fips_rand_lcl.h
---- openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips	2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h	2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips	2013-09-27 14:32:35.338665043 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h	2013-09-27 14:32:35.338665043 +0200
 @@ -0,0 +1,219 @@
 +/* fips/rand/fips_rand_lcl.h */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -16569,8 +16586,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1e/crypto/f
 +#define FIPS_digestfinal EVP_DigestFinal
 +#define M_EVP_MD_size EVP_MD_size
 diff -up openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1e/crypto/fips/fips_rand_lib.c
---- openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips	2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c	2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips	2013-09-27 14:32:35.339665065 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c	2013-09-27 14:32:35.339665065 +0200
 @@ -0,0 +1,191 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@@ -16764,8 +16781,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1e/crypto/f
 +	return 0;
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rand_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips	2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c	2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips	2013-09-27 14:32:35.339665065 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c	2013-09-27 14:32:35.339665065 +0200
 @@ -0,0 +1,183 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -16951,8 +16968,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1e/cry
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_randtest.c.fips openssl-1.0.1e/crypto/fips/fips_randtest.c
---- openssl-1.0.1e/crypto/fips/fips_randtest.c.fips	2013-02-19 12:47:33.741118914 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_randtest.c	2013-02-19 12:47:33.741118914 +0100
+--- openssl-1.0.1e/crypto/fips/fips_randtest.c.fips	2013-09-27 14:32:35.339665065 +0200
++++ openssl-1.0.1e/crypto/fips/fips_randtest.c	2013-09-27 14:32:35.339665065 +0200
 @@ -0,0 +1,250 @@
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 + * All rights reserved.
@@ -17205,8 +17222,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_randtest.c.fips openssl-1.0.1e/crypto/f
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips	2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c	2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips	2013-09-27 14:32:35.339665065 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c	2013-09-27 14:32:35.339665065 +0200
 @@ -0,0 +1,444 @@
 +/* ====================================================================
 + * Copyright (c) 2003-2007 The OpenSSL Project.  All rights reserved.
@@ -17653,8 +17670,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1e/cryp
 +
 +#endif /* def OPENSSL_FIPS */
 diff -up openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c
---- openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips	2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c	2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips	2013-09-27 14:32:35.339665065 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c	2013-09-27 14:32:35.339665065 +0200
 @@ -0,0 +1,282 @@
 +/* crypto/rsa/rsa_gen.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -17939,8 +17956,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1e/crypto/
 +
 +	}
 diff -up openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_sha_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips	2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c	2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips	2013-09-27 14:32:35.340665088 +0200
++++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c	2013-09-27 14:32:35.340665088 +0200
 @@ -0,0 +1,140 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -18083,8 +18100,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1e/cryp
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c
---- openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips	2013-02-19 12:47:33.742118935 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c	2013-02-19 12:47:33.742118935 +0100
+--- openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips	2013-09-27 14:32:35.340665088 +0200
++++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c	2013-09-27 14:32:35.340665088 +0200
 @@ -0,0 +1,180 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -18267,8 +18284,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1e/c
 +
 +
 diff -up openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips openssl-1.0.1e/crypto/fips/fips_test_suite.c
---- openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips	2013-02-19 12:47:33.743118955 +0100
-+++ openssl-1.0.1e/crypto/fips/fips_test_suite.c	2013-02-19 12:47:33.743118955 +0100
+--- openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips	2013-09-27 14:32:35.340665088 +0200
++++ openssl-1.0.1e/crypto/fips/fips_test_suite.c	2013-09-27 14:32:35.340665088 +0200
 @@ -0,0 +1,588 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -18859,8 +18876,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips openssl-1.0.1e/crypto
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/Makefile.fips openssl-1.0.1e/crypto/fips/Makefile
---- openssl-1.0.1e/crypto/fips/Makefile.fips	2013-02-19 12:47:33.743118955 +0100
-+++ openssl-1.0.1e/crypto/fips/Makefile	2013-02-19 12:47:33.743118955 +0100
+--- openssl-1.0.1e/crypto/fips/Makefile.fips	2013-09-27 14:32:35.340665088 +0200
++++ openssl-1.0.1e/crypto/fips/Makefile	2013-09-27 14:32:35.340665088 +0200
 @@ -0,0 +1,340 @@
 +#
 +# OpenSSL/crypto/fips/Makefile
@@ -19204,7 +19221,7 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips openssl-1.0.1e/crypto/fips/Mak
 +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
 diff -up openssl-1.0.1e/crypto/hmac/hmac.c.fips openssl-1.0.1e/crypto/hmac/hmac.c
 --- openssl-1.0.1e/crypto/hmac/hmac.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/hmac/hmac.c	2013-02-19 12:47:33.743118955 +0100
++++ openssl-1.0.1e/crypto/hmac/hmac.c	2013-09-27 14:32:35.340665088 +0200
 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
  			EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
  			return 0;
@@ -19267,9 +19284,21 @@ diff -up openssl-1.0.1e/crypto/hmac/hmac.c.fips openssl-1.0.1e/crypto/hmac/hmac.
  	EVP_MD_CTX_cleanup(&ctx->i_ctx);
  	EVP_MD_CTX_cleanup(&ctx->o_ctx);
  	EVP_MD_CTX_cleanup(&ctx->md_ctx);
+diff -up openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c	2013-09-27 14:32:35.341665110 +0200
+@@ -76,7 +76,7 @@
+ 			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
+ 
+ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+-fips_md_init(MDC2)
++nonfips_md_init(MDC2)
+ 	{
+ 	c->num=0;
+ 	c->pad_type=1;
 diff -up openssl-1.0.1e/crypto/md2/md2_dgst.c.fips openssl-1.0.1e/crypto/md2/md2_dgst.c
 --- openssl-1.0.1e/crypto/md2/md2_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/md2/md2_dgst.c	2013-02-19 12:47:33.743118955 +0100
++++ openssl-1.0.1e/crypto/md2/md2_dgst.c	2013-09-27 14:32:35.341665110 +0200
 @@ -62,6 +62,11 @@
  #include <openssl/md2.h>
  #include <openssl/opensslv.h>
@@ -19293,7 +19322,7 @@ diff -up openssl-1.0.1e/crypto/md2/md2_dgst.c.fips openssl-1.0.1e/crypto/md2/md2
  	memset(c->state,0,sizeof c->state);
 diff -up openssl-1.0.1e/crypto/md4/md4_dgst.c.fips openssl-1.0.1e/crypto/md4/md4_dgst.c
 --- openssl-1.0.1e/crypto/md4/md4_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/md4/md4_dgst.c	2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/md4/md4_dgst.c	2013-09-27 14:32:35.341665110 +0200
 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
  #define INIT_DATA_C (unsigned long)0x98badcfeL
  #define INIT_DATA_D (unsigned long)0x10325476L
@@ -19305,7 +19334,7 @@ diff -up openssl-1.0.1e/crypto/md4/md4_dgst.c.fips openssl-1.0.1e/crypto/md4/md4
  	c->A=INIT_DATA_A;
 diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.fips openssl-1.0.1e/crypto/md5/md5_dgst.c
 --- openssl-1.0.1e/crypto/md5/md5_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/md5/md5_dgst.c	2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/md5/md5_dgst.c	2013-09-27 14:32:35.341665110 +0200
 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
  #define INIT_DATA_C (unsigned long)0x98badcfeL
  #define INIT_DATA_D (unsigned long)0x10325476L
@@ -19315,21 +19344,9 @@ diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.fips openssl-1.0.1e/crypto/md5/md5
  	{
  	memset (c,0,sizeof(*c));
  	c->A=INIT_DATA_A;
-diff -up openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c	2013-02-19 12:47:33.744118975 +0100
-@@ -76,7 +76,7 @@
- 			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
- 
- static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
--fips_md_init(MDC2)
-+nonfips_md_init(MDC2)
- 	{
- 	c->num=0;
- 	c->pad_type=1;
 diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
 --- openssl-1.0.1e/crypto/o_fips.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/o_fips.c	2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/o_fips.c	2013-09-27 14:32:35.341665110 +0200
 @@ -79,6 +79,8 @@ int FIPS_mode_set(int r)
  #ifndef FIPS_AUTH_USER_PASS
  #define FIPS_AUTH_USER_PASS	"Default FIPS Crypto User Password"
@@ -19341,7 +19358,7 @@ diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
  	if (r)
 diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
 --- openssl-1.0.1e/crypto/o_init.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/o_init.c	2013-08-15 16:14:43.069221580 +0200
++++ openssl-1.0.1e/crypto/o_init.c	2013-09-27 14:32:35.341665110 +0200
 @@ -55,28 +55,68 @@
  #include <e_os.h>
  #include <openssl/err.h>
@@ -19417,7 +19434,7 @@ diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
 +	}
 diff -up openssl-1.0.1e/crypto/opensslconf.h.in.fips openssl-1.0.1e/crypto/opensslconf.h.in
 --- openssl-1.0.1e/crypto/opensslconf.h.in.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/opensslconf.h.in	2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/opensslconf.h.in	2013-09-27 14:32:35.341665110 +0200
 @@ -1,5 +1,20 @@
  /* crypto/opensslconf.h.in */
  
@@ -19441,7 +19458,7 @@ diff -up openssl-1.0.1e/crypto/opensslconf.h.in.fips openssl-1.0.1e/crypto/opens
  
 diff -up openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1e/crypto/pkcs12/p12_crt.c
 --- openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c	2013-02-19 12:47:33.744118975 +0100
++++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c	2013-09-27 14:32:35.341665110 +0200
 @@ -59,6 +59,10 @@
  #include <stdio.h>
  #include "cryptlib.h"
@@ -19470,7 +19487,7 @@ diff -up openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1e/crypto/pkcs1
  	if (!iter)
 diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips openssl-1.0.1e/crypto/rand/md_rand.c
 --- openssl-1.0.1e/crypto/rand/md_rand.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rand/md_rand.c	2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/rand/md_rand.c	2013-09-27 14:32:35.342665133 +0200
 @@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
  	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
  	crypto_lock_rand = 1;
@@ -19484,8 +19501,8 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips openssl-1.0.1e/crypto/rand/md
  		RAND_poll();
  		initialized = 1;
 diff -up openssl-1.0.1e/crypto/rand/rand.h.fips openssl-1.0.1e/crypto/rand/rand.h
---- openssl-1.0.1e/crypto/rand/rand.h.fips	2013-02-19 12:47:33.176107430 +0100
-+++ openssl-1.0.1e/crypto/rand/rand.h	2013-02-19 12:47:33.745118995 +0100
+--- openssl-1.0.1e/crypto/rand/rand.h.fips	2013-09-27 14:32:34.847653990 +0200
++++ openssl-1.0.1e/crypto/rand/rand.h	2013-09-27 14:32:35.342665133 +0200
 @@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
  /* Error codes for the RAND functions. */
  
@@ -19526,7 +19543,7 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips openssl-1.0.1e/crypto/rand/rand.
  }
 diff -up openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1e/crypto/ripemd/rmd_dgst.c
 --- openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c	2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c	2013-09-27 14:32:35.342665133 +0200
 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
       void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
  #  endif
@@ -19538,7 +19555,7 @@ diff -up openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1e/crypto/ripe
  	c->A=RIPEMD160_A;
 diff -up openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1e/crypto/rsa/rsa_crpt.c
 --- openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c	2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c	2013-09-27 14:32:35.342665133 +0200
 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
  	     RSA *rsa, int padding)
  	{
@@ -19567,7 +19584,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1e/crypto/rsa/rsa
  #endif
 diff -up openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips openssl-1.0.1e/crypto/rsa/rsa_eay.c
 --- openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_eay.c	2013-02-19 12:47:33.745118995 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_eay.c	2013-09-27 14:32:35.342665133 +0200
 @@ -114,6 +114,10 @@
  #include <openssl/bn.h>
  #include <openssl/rsa.h>
@@ -19700,7 +19717,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips openssl-1.0.1e/crypto/rsa/rsa_
  	}
 diff -up openssl-1.0.1e/crypto/rsa/rsa_err.c.fips openssl-1.0.1e/crypto/rsa/rsa_err.c
 --- openssl-1.0.1e/crypto/rsa/rsa_err.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_err.c	2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_err.c	2013-09-27 14:32:35.342665133 +0200
 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
  {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),	"RSA_public_encrypt"},
  {ERR_FUNC(RSA_F_RSA_PUB_DECODE),	"RSA_PUB_DECODE"},
@@ -19712,7 +19729,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_err.c.fips openssl-1.0.1e/crypto/rsa/rsa_
  {ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
 diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips openssl-1.0.1e/crypto/rsa/rsa_gen.c
 --- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c	2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_gen.c	2013-09-27 14:32:35.343665155 +0200
 @@ -69,6 +69,78 @@
  #include <openssl/rsa.h>
  #ifdef OPENSSL_FIPS
@@ -19855,8 +19872,8 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips openssl-1.0.1e/crypto/rsa/rsa_
  err:
  	if (ok == -1)
 diff -up openssl-1.0.1e/crypto/rsa/rsa.h.fips openssl-1.0.1e/crypto/rsa/rsa.h
---- openssl-1.0.1e/crypto/rsa/rsa.h.fips	2013-02-19 12:47:33.485113710 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa.h	2013-02-19 12:47:33.746119015 +0100
+--- openssl-1.0.1e/crypto/rsa/rsa.h.fips	2013-09-27 14:32:34.991657232 +0200
++++ openssl-1.0.1e/crypto/rsa/rsa.h	2013-09-27 14:32:35.343665155 +0200
 @@ -164,6 +164,8 @@ struct rsa_st
  # define OPENSSL_RSA_MAX_MODULUS_BITS	16384
  #endif
@@ -19943,7 +19960,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa.h.fips openssl-1.0.1e/crypto/rsa/rsa.h
  #define RSA_R_P_NOT_PRIME				 128
 diff -up openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips openssl-1.0.1e/crypto/rsa/rsa_lib.c
 --- openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_lib.c	2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_lib.c	2013-09-27 14:32:35.343665155 +0200
 @@ -84,6 +84,13 @@ RSA *RSA_new(void)
  
  void RSA_set_default_method(const RSA_METHOD *meth)
@@ -20021,7 +20038,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips openssl-1.0.1e/crypto/rsa/rsa_
  #ifndef OPENSSL_NO_ENGINE
 diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
 --- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c	2013-02-19 12:47:33.746119015 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c	2013-09-27 14:32:35.343665155 +0200
 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
  					RSA_R_INVALID_DIGEST_LENGTH);
  			return -1;
@@ -20067,7 +20084,7 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1e/crypto/rsa/rs
  					sig, siglen, rsa);
 diff -up openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips openssl-1.0.1e/crypto/rsa/rsa_sign.c
 --- openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/rsa/rsa_sign.c	2013-02-19 12:47:33.747119035 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_sign.c	2013-09-27 14:32:35.343665155 +0200
 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
  		i2d_X509_SIG(&sig,&p);
  		s=tmps;
@@ -20099,9 +20116,63 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips openssl-1.0.1e/crypto/rsa/rsa
  
  	if (i <= 0) goto err;
  	/* Oddball MDC2 case: signature can be OCTET STRING.
+diff -up openssl-1.0.1e/crypto/sha/sha.h.fips openssl-1.0.1e/crypto/sha/sha.h
+--- openssl-1.0.1e/crypto/sha/sha.h.fips	2013-09-27 14:32:34.763652099 +0200
++++ openssl-1.0.1e/crypto/sha/sha.h	2013-09-27 14:32:35.344665178 +0200
+@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
+ void SHA_Transform(SHA_CTX *c, const unsigned char *data);
+ #endif
+ #ifndef OPENSSL_NO_SHA1
+-#ifdef OPENSSL_FIPS
+-int private_SHA1_Init(SHA_CTX *c);
+-#endif
+ int SHA1_Init(SHA_CTX *c);
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
+@@ -141,10 +138,6 @@ typedef struct SHA256state_st
+ 	} SHA256_CTX;
+ 
+ #ifndef OPENSSL_NO_SHA256
+-#ifdef OPENSSL_FIPS
+-int private_SHA224_Init(SHA256_CTX *c);
+-int private_SHA256_Init(SHA256_CTX *c);
+-#endif
+ int SHA224_Init(SHA256_CTX *c);
+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+@@ -192,10 +185,6 @@ typedef struct SHA512state_st
+ #endif
+ 
+ #ifndef OPENSSL_NO_SHA512
+-#ifdef OPENSSL_FIPS
+-int private_SHA384_Init(SHA512_CTX *c);
+-int private_SHA512_Init(SHA512_CTX *c);
+-#endif
+ int SHA384_Init(SHA512_CTX *c);
+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+diff -up openssl-1.0.1e/crypto/sha/sha_locl.h.fips openssl-1.0.1e/crypto/sha/sha_locl.h
+--- openssl-1.0.1e/crypto/sha/sha_locl.h.fips	2013-09-27 14:32:34.765652144 +0200
++++ openssl-1.0.1e/crypto/sha/sha_locl.h	2013-09-27 14:32:35.344665178 +0200
+@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
+ #define INIT_DATA_h4 0xc3d2e1f0UL
+ 
+ #ifdef SHA_0
+-fips_md_init(SHA)
++nonfips_md_init(SHA)
+ #else
+ fips_md_init_ctx(SHA1, SHA)
+ #endif
+ 	{
++#if defined(SHA_1) && defined(OPENSSL_FIPS)
++	FIPS_selftest_check();
++#endif
+ 	memset (c,0,sizeof(*c));
+ 	c->h0=INIT_DATA_h0;
+ 	c->h1=INIT_DATA_h1;
 diff -up openssl-1.0.1e/crypto/sha/sha256.c.fips openssl-1.0.1e/crypto/sha/sha256.c
 --- openssl-1.0.1e/crypto/sha/sha256.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/sha/sha256.c	2013-02-19 12:47:33.747119035 +0100
++++ openssl-1.0.1e/crypto/sha/sha256.c	2013-09-27 14:32:35.343665155 +0200
 @@ -12,12 +12,19 @@
  
  #include <openssl/crypto.h>
@@ -20134,7 +20205,7 @@ diff -up openssl-1.0.1e/crypto/sha/sha256.c.fips openssl-1.0.1e/crypto/sha/sha25
  	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
 diff -up openssl-1.0.1e/crypto/sha/sha512.c.fips openssl-1.0.1e/crypto/sha/sha512.c
 --- openssl-1.0.1e/crypto/sha/sha512.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/sha/sha512.c	2013-02-19 12:47:33.747119035 +0100
++++ openssl-1.0.1e/crypto/sha/sha512.c	2013-09-27 14:32:35.344665178 +0200
 @@ -5,6 +5,10 @@
   * ====================================================================
   */
@@ -20166,63 +20237,9 @@ diff -up openssl-1.0.1e/crypto/sha/sha512.c.fips openssl-1.0.1e/crypto/sha/sha51
  	c->h[0]=U64(0x6a09e667f3bcc908);
  	c->h[1]=U64(0xbb67ae8584caa73b);
  	c->h[2]=U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.0.1e/crypto/sha/sha.h.fips openssl-1.0.1e/crypto/sha/sha.h
---- openssl-1.0.1e/crypto/sha/sha.h.fips	2013-02-19 12:47:32.986103568 +0100
-+++ openssl-1.0.1e/crypto/sha/sha.h	2013-02-19 12:47:33.747119035 +0100
-@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
- void SHA_Transform(SHA_CTX *c, const unsigned char *data);
- #endif
- #ifndef OPENSSL_NO_SHA1
--#ifdef OPENSSL_FIPS
--int private_SHA1_Init(SHA_CTX *c);
--#endif
- int SHA1_Init(SHA_CTX *c);
- int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
- int SHA1_Final(unsigned char *md, SHA_CTX *c);
-@@ -141,10 +138,6 @@ typedef struct SHA256state_st
- 	} SHA256_CTX;
- 
- #ifndef OPENSSL_NO_SHA256
--#ifdef OPENSSL_FIPS
--int private_SHA224_Init(SHA256_CTX *c);
--int private_SHA256_Init(SHA256_CTX *c);
--#endif
- int SHA224_Init(SHA256_CTX *c);
- int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
- int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-@@ -192,10 +185,6 @@ typedef struct SHA512state_st
- #endif
- 
- #ifndef OPENSSL_NO_SHA512
--#ifdef OPENSSL_FIPS
--int private_SHA384_Init(SHA512_CTX *c);
--int private_SHA512_Init(SHA512_CTX *c);
--#endif
- int SHA384_Init(SHA512_CTX *c);
- int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
- int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-diff -up openssl-1.0.1e/crypto/sha/sha_locl.h.fips openssl-1.0.1e/crypto/sha/sha_locl.h
---- openssl-1.0.1e/crypto/sha/sha_locl.h.fips	2013-02-19 12:47:32.991103670 +0100
-+++ openssl-1.0.1e/crypto/sha/sha_locl.h	2013-02-19 12:47:33.747119035 +0100
-@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
- #define INIT_DATA_h4 0xc3d2e1f0UL
- 
- #ifdef SHA_0
--fips_md_init(SHA)
-+nonfips_md_init(SHA)
- #else
- fips_md_init_ctx(SHA1, SHA)
- #endif
- 	{
-+#if defined(SHA_1) && defined(OPENSSL_FIPS)
-+	FIPS_selftest_check();
-+#endif
- 	memset (c,0,sizeof(*c));
- 	c->h0=INIT_DATA_h0;
- 	c->h1=INIT_DATA_h1;
 diff -up openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1e/crypto/whrlpool/wp_dgst.c
 --- openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c	2013-02-19 12:47:33.748119055 +0100
++++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c	2013-09-27 14:32:35.344665178 +0200
 @@ -55,7 +55,7 @@
  #include <openssl/crypto.h>
  #include <string.h>
@@ -20233,8 +20250,8 @@ diff -up openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1e/crypto/whr
  	memset (c,0,sizeof(*c));
  	return(1);
 diff -up openssl-1.0.1e/Makefile.org.fips openssl-1.0.1e/Makefile.org
---- openssl-1.0.1e/Makefile.org.fips	2013-02-19 12:47:33.678117634 +0100
-+++ openssl-1.0.1e/Makefile.org	2013-02-19 12:47:33.748119055 +0100
+--- openssl-1.0.1e/Makefile.org.fips	2013-09-27 14:32:35.081659258 +0200
++++ openssl-1.0.1e/Makefile.org	2013-09-27 14:32:35.344665178 +0200
 @@ -136,6 +136,9 @@ FIPSCANLIB=
  
  BASEADDR=
@@ -20262,9 +20279,22 @@ diff -up openssl-1.0.1e/Makefile.org.fips openssl-1.0.1e/Makefile.org
  		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
  # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
  # which in turn eliminates ambiguities in variable treatment with -e.
+diff -up openssl-1.0.1e/ssl/d1_clnt.c.fips openssl-1.0.1e/ssl/d1_clnt.c
+diff -up openssl-1.0.1e/ssl/d1_srvr.c.fips openssl-1.0.1e/ssl/d1_srvr.c
+--- openssl-1.0.1e/ssl/d1_srvr.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_srvr.c	2013-09-27 15:27:03.018220388 +0200
+@@ -1372,6 +1372,8 @@ int dtls1_send_server_key_exchange(SSL *
+ 				j=0;
+ 				for (num=2; num > 0; num--)
+ 					{
++					EVP_MD_CTX_set_flags(&md_ctx,
++								EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 					EVP_DigestInit_ex(&md_ctx,(num == 2)
+ 						?s->ctx->md5:s->ctx->sha1, NULL);
+ 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 diff -up openssl-1.0.1e/ssl/ssl_algs.c.fips openssl-1.0.1e/ssl/ssl_algs.c
 --- openssl-1.0.1e/ssl/ssl_algs.c.fips	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/ssl/ssl_algs.c	2013-02-19 12:47:33.748119055 +0100
++++ openssl-1.0.1e/ssl/ssl_algs.c	2013-09-27 14:32:35.344665178 +0200
 @@ -64,6 +64,12 @@
  int SSL_library_init(void)
  	{

diff --git a/openssl.spec b/openssl.spec
index 942a28e..8eff4e5 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -473,6 +473,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
 
 %changelog
+* Fri Sep 27 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-26
+- make DTLS1 work in FIPS mode
+- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
+
 * Mon Sep 23 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-25
 - avoid dlopening libssl.so from libcrypto (#1010357)
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: make DTLS1 work in FIPS mode Tomas Mraz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox