public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: update to upstream version 1.1.0d
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : c144665042b8c504f704b68458edbfcbd8c00fb4
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2017-01-26T16:24:24+01:00
Stats : +344/-702 in 9 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/c144665042b8c504f704b68458edbfcbd8c00fb4?branch=rebase_40beta
Log:
update to upstream version 1.1.0d
---
diff --git a/.gitignore b/.gitignore
index 8ff039e..5a227f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.2j-hobbled.tar.xz
/openssl-1.1.0b-hobbled.tar.xz
/openssl-1.1.0c-hobbled.tar.xz
+/openssl-1.1.0d-hobbled.tar.xz
diff --git a/openssl-1.1.0-algo-doc.patch b/openssl-1.1.0-algo-doc.patch
index 3f9a951..460d2c2 100644
--- a/openssl-1.1.0-algo-doc.patch
+++ b/openssl-1.1.0-algo-doc.patch
@@ -1,19 +1,19 @@
-diff -up openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod
---- openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod.algo-doc 2016-07-18 15:47:38.556157873 +0200
-+++ openssl-1.1.0-pre5/doc/crypto/EVP_DigestInit.pod 2016-07-18 15:49:56.935312823 +0200
-@@ -161,7 +161,7 @@ corresponding OBJECT IDENTIFIER or NID_u
+diff -up openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod
+--- openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc 2017-01-26 15:49:18.784947229 +0100
++++ openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod 2017-01-26 15:52:46.458556068 +0100
+@@ -152,7 +152,7 @@ corresponding OBJECT IDENTIFIER or NID_u
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
EVP_MD_CTX_block_size() return the digest or block size in bytes.
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(),
- EVP_mdc2(), EVP_ripemd160(), EVP_blake2b_512(), and EVP_blake2s_256() return
+ EVP_mdc2(), EVP_ripemd160(), EVP_blake2b512(), and EVP_blake2s256() return
pointers to the corresponding EVP_MD structures.
-diff -up openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod
---- openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod.algo-doc 2016-04-19 16:57:55.000000000 +0200
-+++ openssl-1.1.0-pre5/doc/crypto/EVP_EncryptInit.pod 2016-07-18 15:47:38.570158192 +0200
-@@ -107,6 +107,32 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_ae
+diff -up openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod
+--- openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc 2017-01-26 14:10:24.000000000 +0100
++++ openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod 2017-01-26 15:49:18.784947229 +0100
+@@ -108,6 +108,32 @@ EVP_chacha20, EVP_chacha20_poly1305 - EV
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
diff --git a/openssl-1.1.0-cc-reqs.patch b/openssl-1.1.0-cc-reqs.patch
index 615c021..3a046c1 100644
--- a/openssl-1.1.0-cc-reqs.patch
+++ b/openssl-1.1.0-cc-reqs.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c
---- openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c.cc-reqs 2016-04-19 16:57:54.000000000 +0200
-+++ openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c 2016-07-20 17:01:49.929695542 +0200
-@@ -123,6 +123,12 @@ static int rsa_builtin_keygen(RSA *rsa,
+diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/rsa_gen.c
+--- openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100
+@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
goto err;
@@ -11,10 +11,10 @@ diff -up openssl-1.1.0-pre5/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0-pre5/cryp
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
+ goto err;
+
- BN_copy(rsa->e, e_value);
+ if (BN_copy(rsa->e, e_value) == NULL)
+ goto err;
- /* generate p and q */
-@@ -150,7 +156,9 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa,
do {
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
diff --git a/openssl-1.1.0-cert-req.patch b/openssl-1.1.0-cert-req.patch
deleted file mode 100644
index f448af0..0000000
--- a/openssl-1.1.0-cert-req.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up openssl-1.1.0c/ssl/statem/statem.c.certreq openssl-1.1.0c/ssl/statem/statem.c
---- openssl-1.1.0c/ssl/statem/statem.c.certreq 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/ssl/statem/statem.c 2016-11-30 14:23:14.274758723 +0100
-@@ -361,6 +361,8 @@ static int state_machine(SSL *s, int ser
- */
- s->ctx->stats.sess_accept_renegotiate++;
- }
-+
-+ s->s3->tmp.cert_request = 0;
- } else {
- s->ctx->stats.sess_connect++;
-
-@@ -368,7 +370,7 @@ static int state_machine(SSL *s, int ser
- memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
- s->hit = 0;
-
-- s->s3->tmp.cert_request = 0;
-+ s->s3->tmp.cert_req = 0;
-
- if (SSL_IS_DTLS(s)) {
- st->use_timer = 1;
diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch
index 0730fe9..2b6059e 100644
--- a/openssl-1.1.0-ec-curves.patch
+++ b/openssl-1.1.0-ec-curves.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.0/apps/speed.c.curves openssl-1.1.0/apps/speed.c
---- openssl-1.1.0/apps/speed.c.curves 2016-09-08 11:03:15.550585422 +0200
-+++ openssl-1.1.0/apps/speed.c 2016-09-08 11:05:17.287315488 +0200
+diff -up openssl-1.1.0d/apps/speed.c.curves openssl-1.1.0d/apps/speed.c
+--- openssl-1.1.0d/apps/speed.c.curves 2017-01-26 14:10:21.000000000 +0100
++++ openssl-1.1.0d/apps/speed.c 2017-01-26 15:53:33.913324153 +0100
@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = {
#define R_EC_X25519 16
#ifndef OPENSSL_NO_EC
@@ -44,9 +44,9 @@ diff -up openssl-1.1.0/apps/speed.c.curves openssl-1.1.0/apps/speed.c
{"ecdhx25519", R_EC_X25519},
{NULL}
};
-diff -up openssl-1.1.0c/crypto/ec/ecp_smpl.c.curves openssl-1.1.0c/crypto/ec/ecp_smpl.c
---- openssl-1.1.0c/crypto/ec/ecp_smpl.c.curves 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/ec/ecp_smpl.c 2016-11-11 13:31:51.329603626 +0100
+diff -up openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves openssl-1.1.0d/crypto/ec/ecp_smpl.c
+--- openssl-1.1.0d/crypto/ec/ecp_smpl.c.curves 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/ec/ecp_smpl.c 2017-01-26 15:53:33.913324153 +0100
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0;
}
@@ -59,43 +59,3 @@ diff -up openssl-1.1.0c/crypto/ec/ecp_smpl.c.curves openssl-1.1.0c/crypto/ec/ecp
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
-diff -up openssl-1.1.0/ssl/t1_lib.c.curves openssl-1.1.0/ssl/t1_lib.c
---- openssl-1.1.0/ssl/t1_lib.c.curves 2016-09-08 11:03:15.551585445 +0200
-+++ openssl-1.1.0/ssl/t1_lib.c 2016-09-08 11:06:58.072575697 +0200
-@@ -177,36 +177,12 @@ static const unsigned char eccurves_all[
- 0, 23, /* secp256r1 (23) */
- 0, 25, /* secp521r1 (25) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
-- 0, 27, /* brainpoolP384r1 (27) */
-- 0, 28, /* brainpool512r1 (28) */
-
- /*
- * Remaining curves disabled by default but still permitted if set
- * via an explicit callback or parameters.
- */
- 0, 22, /* secp256k1 (22) */
-- 0, 14, /* sect571r1 (14) */
-- 0, 13, /* sect571k1 (13) */
-- 0, 11, /* sect409k1 (11) */
-- 0, 12, /* sect409r1 (12) */
-- 0, 9, /* sect283k1 (9) */
-- 0, 10, /* sect283r1 (10) */
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
-- 0, 8, /* sect239k1 (8) */
-- 0, 6, /* sect233k1 (6) */
-- 0, 7, /* sect233r1 (7) */
-- 0, 4, /* sect193r1 (4) */
-- 0, 5, /* sect193r2 (5) */
-- 0, 1, /* sect163k1 (1) */
-- 0, 2, /* sect163r1 (2) */
-- 0, 3, /* sect163r2 (3) */
- };
-
- static const unsigned char suiteb_curves[] = {
diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch
index 0a24b0d..e5fb17b 100644
--- a/openssl-1.1.0-fips.patch
+++ b/openssl-1.1.0-fips.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c
---- openssl-1.1.0c/apps/speed.c.fips 2016-11-11 13:31:51.317603352 +0100
-+++ openssl-1.1.0c/apps/speed.c 2016-11-11 13:31:51.326603557 +0100
-@@ -1440,7 +1440,9 @@ int speed_main(int argc, char **argv)
+diff -up openssl-1.1.0d/apps/speed.c.fips openssl-1.1.0d/apps/speed.c
+--- openssl-1.1.0d/apps/speed.c.fips 2017-01-26 16:02:29.004335278 +0100
++++ openssl-1.1.0d/apps/speed.c 2017-01-26 16:02:29.013335037 +0100
+@@ -1442,7 +1442,9 @@ int speed_main(int argc, char **argv)
}
# endif
if (strcmp(*argv, "rsa") == 0) {
@@ -12,7 +12,7 @@ diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
rsa_doit[R_RSA_15360] = 1;
-@@ -1453,7 +1455,9 @@ int speed_main(int argc, char **argv)
+@@ -1455,7 +1457,9 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_DSA
if (strcmp(*argv, "dsa") == 0) {
@@ -23,7 +23,7 @@ diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c
dsa_doit[R_DSA_2048] = 1;
continue;
}
-@@ -1542,15 +1546,21 @@ int speed_main(int argc, char **argv)
+@@ -1544,15 +1548,21 @@ int speed_main(int argc, char **argv)
/* No parameters; turn on everything. */
if ((argc == 0) && !doit[D_EVP]) {
for (i = 0; i < ALGOR_NUM; i++)
@@ -48,7 +48,7 @@ diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c
#endif
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
-@@ -1599,30 +1609,46 @@ int speed_main(int argc, char **argv)
+@@ -1601,30 +1611,46 @@ int speed_main(int argc, char **argv)
AES_set_encrypt_key(key24, 192, &aes_ks2);
AES_set_encrypt_key(key32, 256, &aes_ks3);
#ifndef OPENSSL_NO_CAMELLIA
@@ -105,7 +105,7 @@ diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c
#endif
#ifndef SIGALRM
# ifndef OPENSSL_NO_DES
-@@ -1883,6 +1909,7 @@ int speed_main(int argc, char **argv)
+@@ -1885,6 +1911,7 @@ int speed_main(int argc, char **argv)
for (i = 0; i < loopargs_len; i++) {
loopargs[i].hctx = HMAC_CTX_new();
@@ -113,10 +113,10 @@ diff -up openssl-1.1.0c/apps/speed.c.fips openssl-1.1.0c/apps/speed.c
if (loopargs[i].hctx == NULL) {
BIO_printf(bio_err, "HMAC malloc failure, exiting...");
exit(1);
-diff -up openssl-1.1.0c/Configure.fips openssl-1.1.0c/Configure
---- openssl-1.1.0c/Configure.fips 2016-11-11 13:31:51.323603489 +0100
-+++ openssl-1.1.0c/Configure 2016-11-11 13:31:51.327603581 +0100
-@@ -311,7 +311,7 @@ $config{sdirs} = [
+diff -up openssl-1.1.0d/Configure.fips openssl-1.1.0d/Configure
+--- openssl-1.1.0d/Configure.fips 2017-01-26 16:02:29.010335117 +0100
++++ openssl-1.1.0d/Configure 2017-01-26 16:02:29.014335010 +0100
+@@ -312,7 +312,7 @@ $config{sdirs} = [
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
"des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
@@ -125,9 +125,9 @@ diff -up openssl-1.1.0c/Configure.fips openssl-1.1.0c/Configure
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
-diff -up openssl-1.1.0c/crypto/bn/bn_rand.c.fips openssl-1.1.0c/crypto/bn/bn_rand.c
---- openssl-1.1.0c/crypto/bn/bn_rand.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/bn/bn_rand.c 2016-11-11 13:31:51.327603581 +0100
+diff -up openssl-1.1.0d/crypto/bn/bn_rand.c.fips openssl-1.1.0d/crypto/bn/bn_rand.c
+--- openssl-1.1.0d/crypto/bn/bn_rand.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/bn/bn_rand.c 2017-01-26 16:02:29.014335010 +0100
@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
}
@@ -143,9 +143,9 @@ diff -up openssl-1.1.0c/crypto/bn/bn_rand.c.fips openssl-1.1.0c/crypto/bn/bn_ran
if (RAND_bytes(buf, bytes) <= 0)
goto err;
-diff -up openssl-1.1.0c/crypto/dh/dh_err.c.fips openssl-1.1.0c/crypto/dh/dh_err.c
---- openssl-1.1.0c/crypto/dh/dh_err.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dh/dh_err.c 2016-11-11 13:31:51.327603581 +0100
+diff -up openssl-1.1.0d/crypto/dh/dh_err.c.fips openssl-1.1.0d/crypto/dh/dh_err.c
+--- openssl-1.1.0d/crypto/dh/dh_err.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dh/dh_err.c 2017-01-26 16:02:29.014335010 +0100
@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
@@ -168,9 +168,9 @@ diff -up openssl-1.1.0c/crypto/dh/dh_err.c.fips openssl-1.1.0c/crypto/dh/dh_err.
{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
{ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
-diff -up openssl-1.1.0c/crypto/dh/dh_gen.c.fips openssl-1.1.0c/crypto/dh/dh_gen.c
---- openssl-1.1.0c/crypto/dh/dh_gen.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dh/dh_gen.c 2016-11-11 13:31:51.327603581 +0100
+diff -up openssl-1.1.0d/crypto/dh/dh_gen.c.fips openssl-1.1.0d/crypto/dh/dh_gen.c
+--- openssl-1.1.0d/crypto/dh/dh_gen.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dh/dh_gen.c 2017-01-26 16:02:29.014335010 +0100
@@ -16,6 +16,9 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -214,9 +214,9 @@ diff -up openssl-1.1.0c/crypto/dh/dh_gen.c.fips openssl-1.1.0c/crypto/dh/dh_gen.
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.0c/crypto/dh/dh_key.c.fips openssl-1.1.0c/crypto/dh/dh_key.c
---- openssl-1.1.0c/crypto/dh/dh_key.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dh/dh_key.c 2016-11-11 13:31:51.327603581 +0100
+diff -up openssl-1.1.0d/crypto/dh/dh_key.c.fips openssl-1.1.0d/crypto/dh/dh_key.c
+--- openssl-1.1.0d/crypto/dh/dh_key.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dh/dh_key.c 2017-01-26 16:02:29.014335010 +0100
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
#include "dh_locl.h"
@@ -290,7 +290,7 @@ diff -up openssl-1.1.0c/crypto/dh/dh_key.c.fips openssl-1.1.0c/crypto/dh/dh_key.
ctx = BN_CTX_new();
if (ctx == NULL)
-@@ -202,6 +234,9 @@ static int dh_bn_mod_exp(const DH *dh, B
+@@ -204,6 +236,9 @@ static int dh_bn_mod_exp(const DH *dh, B
static int dh_init(DH *dh)
{
@@ -300,16 +300,15 @@ diff -up openssl-1.1.0c/crypto/dh/dh_key.c.fips openssl-1.1.0c/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0c/crypto/dsa/dsa_err.c.fips openssl-1.1.0c/crypto/dsa/dsa_err.c
---- openssl-1.1.0c/crypto/dsa/dsa_err.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dsa/dsa_err.c 2016-11-11 13:31:51.327603581 +0100
+diff -up openssl-1.1.0d/crypto/dsa/dsa_err.c.fips openssl-1.1.0d/crypto/dsa/dsa_err.c
+--- openssl-1.1.0d/crypto/dsa/dsa_err.c.fips 2017-01-26 16:02:29.028334636 +0100
++++ openssl-1.1.0d/crypto/dsa/dsa_err.c 2017-01-26 16:05:40.306217789 +0100
@@ -21,10 +21,13 @@
static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-- {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+ {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"},
-+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
@@ -330,10 +329,10 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_err.c.fips openssl-1.1.0c/crypto/dsa/dsa_
+ {ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
- {0, NULL}
-diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_gen.c
---- openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dsa/dsa_gen.c 2016-11-11 13:31:51.327603581 +0100
+ {ERR_REASON(DSA_R_SEED_LEN_SMALL),
+diff -up openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips openssl-1.1.0d/crypto/dsa/dsa_gen.c
+--- openssl-1.1.0d/crypto/dsa/dsa_gen.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dsa/dsa_gen.c 2017-01-26 16:02:29.029334609 +0100
@@ -22,12 +22,22 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -373,7 +372,7 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
}
}
-@@ -301,7 +317,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -303,7 +319,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb)
{
@@ -382,7 +381,7 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
unsigned char *seed = NULL, *seed_tmp = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
int mdsize;
-@@ -318,6 +334,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -320,6 +336,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
if (mctx == NULL)
goto err;
@@ -403,7 +402,7 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
-@@ -416,9 +446,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -418,9 +448,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
goto err;
/* Provided seed didn't produce a prime: error */
if (seed_in) {
@@ -417,7 +416,7 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
}
/* do a callback call */
-@@ -504,11 +535,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -506,11 +537,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
if (counter >= (int)(4 * L))
break;
}
@@ -432,7 +431,7 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
}
end:
if (!BN_GENCB_call(cb, 2, 1))
-@@ -579,7 +613,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -581,7 +615,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
BN_free(ret->g);
ret->g = BN_dup(g);
if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
@@ -441,7 +440,7 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
goto err;
}
if (counter_ret != NULL)
-@@ -597,3 +631,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -599,3 +633,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
EVP_MD_CTX_free(mctx);
return ok;
}
@@ -495,9 +494,9 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_gen.c.fips openssl-1.1.0c/crypto/dsa/dsa_
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/dsa/dsa_key.c.fips openssl-1.1.0c/crypto/dsa/dsa_key.c
---- openssl-1.1.0c/crypto/dsa/dsa_key.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dsa/dsa_key.c 2016-11-11 13:31:51.328603603 +0100
+diff -up openssl-1.1.0d/crypto/dsa/dsa_key.c.fips openssl-1.1.0d/crypto/dsa/dsa_key.c
+--- openssl-1.1.0d/crypto/dsa/dsa_key.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dsa/dsa_key.c 2017-01-26 16:02:29.029334609 +0100
@@ -13,10 +13,49 @@
#include <openssl/bn.h>
#include "dsa_locl.h"
@@ -577,9 +576,9 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_key.c.fips openssl-1.1.0c/crypto/dsa/dsa_
ok = 1;
err:
-diff -up openssl-1.1.0c/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0c/crypto/dsa/dsa_ossl.c
---- openssl-1.1.0c/crypto/dsa/dsa_ossl.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dsa/dsa_ossl.c 2016-11-11 13:31:51.328603603 +0100
+diff -up openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0d/crypto/dsa/dsa_ossl.c
+--- openssl-1.1.0d/crypto/dsa/dsa_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dsa/dsa_ossl.c 2017-01-26 16:02:29.029334609 +0100
@@ -15,6 +15,9 @@
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -639,9 +638,9 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0c/crypto/dsa/dsa
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0c/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0c/crypto/dsa/dsa_pmeth.c
---- openssl-1.1.0c/crypto/dsa/dsa_pmeth.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/dsa/dsa_pmeth.c 2016-11-11 13:31:51.328603603 +0100
+diff -up openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0d/crypto/dsa/dsa_pmeth.c
+--- openssl-1.1.0d/crypto/dsa/dsa_pmeth.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/dsa/dsa_pmeth.c 2017-01-26 16:02:29.029334609 +0100
@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
BN_GENCB_free(pcb);
return 0;
@@ -653,9 +652,9 @@ diff -up openssl-1.1.0c/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0c/crypto/dsa/ds
BN_GENCB_free(pcb);
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
-diff -up openssl-1.1.0c/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0c/crypto/ec/ecdh_ossl.c
---- openssl-1.1.0c/crypto/ec/ecdh_ossl.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/ec/ecdh_ossl.c 2016-11-11 13:31:51.328603603 +0100
+diff -up openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdh_ossl.c
+--- openssl-1.1.0d/crypto/ec/ecdh_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/ec/ecdh_ossl.c 2017-01-26 16:02:29.029334609 +0100
@@ -33,9 +33,20 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -677,9 +676,9 @@ diff -up openssl-1.1.0c/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0c/crypto/ec/ecdh
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
return 0;
-diff -up openssl-1.1.0c/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0c/crypto/ec/ecdsa_ossl.c
---- openssl-1.1.0c/crypto/ec/ecdsa_ossl.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/ec/ecdsa_ossl.c 2016-11-11 13:31:51.328603603 +0100
+diff -up openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0d/crypto/ec/ecdsa_ossl.c
+--- openssl-1.1.0d/crypto/ec/ecdsa_ossl.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/ec/ecdsa_ossl.c 2017-01-26 16:02:29.030334582 +0100
@@ -15,6 +15,10 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -719,9 +718,9 @@ diff -up openssl-1.1.0c/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0c/crypto/ec/ecd
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.1.0c/crypto/ec/ec_key.c.fips openssl-1.1.0c/crypto/ec/ec_key.c
---- openssl-1.1.0c/crypto/ec/ec_key.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/ec/ec_key.c 2016-11-11 13:31:51.328603603 +0100
+diff -up openssl-1.1.0d/crypto/ec/ec_key.c.fips openssl-1.1.0d/crypto/ec/ec_key.c
+--- openssl-1.1.0d/crypto/ec/ec_key.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/ec/ec_key.c 2017-01-26 16:02:29.030334582 +0100
@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r)
return ((i > 1) ? 1 : 0);
}
@@ -786,9 +785,9 @@ diff -up openssl-1.1.0c/crypto/ec/ec_key.c.fips openssl-1.1.0c/crypto/ec/ec_key.
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
return 0;
}
-diff -up openssl-1.1.0c/crypto/err/err_all.c.fips openssl-1.1.0c/crypto/err/err_all.c
---- openssl-1.1.0c/crypto/err/err_all.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/err/err_all.c 2016-11-11 13:31:51.329603626 +0100
+diff -up openssl-1.1.0d/crypto/err/err_all.c.fips openssl-1.1.0d/crypto/err/err_all.c
+--- openssl-1.1.0d/crypto/err/err_all.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/err/err_all.c 2017-01-26 16:02:29.030334582 +0100
@@ -43,9 +43,6 @@
int err_load_crypto_strings_int(void)
{
@@ -799,9 +798,9 @@ diff -up openssl-1.1.0c/crypto/err/err_all.c.fips openssl-1.1.0c/crypto/err/err_
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
ERR_load_BN_strings() == 0 ||
-diff -up openssl-1.1.0c/crypto/evp/c_allc.c.fips openssl-1.1.0c/crypto/evp/c_allc.c
---- openssl-1.1.0c/crypto/evp/c_allc.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/c_allc.c 2016-11-11 13:31:51.329603626 +0100
+diff -up openssl-1.1.0d/crypto/evp/c_allc.c.fips openssl-1.1.0d/crypto/evp/c_allc.c
+--- openssl-1.1.0d/crypto/evp/c_allc.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/c_allc.c 2017-01-26 16:02:29.030334582 +0100
@@ -17,6 +17,9 @@
void openssl_add_all_ciphers_int(void)
{
@@ -883,9 +882,9 @@ diff -up openssl-1.1.0c/crypto/evp/c_allc.c.fips openssl-1.1.0c/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0c/crypto/evp/c_alld.c.fips openssl-1.1.0c/crypto/evp/c_alld.c
---- openssl-1.1.0c/crypto/evp/c_alld.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/c_alld.c 2016-11-11 13:31:51.329603626 +0100
+diff -up openssl-1.1.0d/crypto/evp/c_alld.c.fips openssl-1.1.0d/crypto/evp/c_alld.c
+--- openssl-1.1.0d/crypto/evp/c_alld.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/c_alld.c 2017-01-26 16:02:29.030334582 +0100
@@ -16,6 +16,9 @@
void openssl_add_all_digests_int(void)
@@ -912,9 +911,9 @@ diff -up openssl-1.1.0c/crypto/evp/c_alld.c.fips openssl-1.1.0c/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0c/crypto/evp/digest.c.fips openssl-1.1.0c/crypto/evp/digest.c
---- openssl-1.1.0c/crypto/evp/digest.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/digest.c 2016-11-11 13:31:51.329603626 +0100
+diff -up openssl-1.1.0d/crypto/evp/digest.c.fips openssl-1.1.0d/crypto/evp/digest.c
+--- openssl-1.1.0d/crypto/evp/digest.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/digest.c 2017-01-26 16:02:29.030334582 +0100
@@ -14,6 +14,9 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -974,18 +973,10 @@ diff -up openssl-1.1.0c/crypto/evp/digest.c.fips openssl-1.1.0c/crypto/evp/diges
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
if (size != NULL)
-diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.c
---- openssl-1.1.0c/crypto/evp/e_aes.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/e_aes.c 2016-11-11 13:31:51.329603626 +0100
-@@ -16,6 +16,7 @@
- #include <openssl/aes.h>
- #include "internal/evp_int.h"
- #include "modes_lcl.h"
-+#include "evp_locl.h"
- #include <openssl/rand.h>
-
- typedef struct {
-@@ -1260,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
+diff -up openssl-1.1.0d/crypto/evp/e_aes.c.fips openssl-1.1.0d/crypto/evp/e_aes.c
+--- openssl-1.1.0d/crypto/evp/e_aes.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/e_aes.c 2017-01-26 16:02:29.031334556 +0100
+@@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
return 1;
}
@@ -998,7 +989,7 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
-@@ -1306,6 +1307,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
+@@ -1307,6 +1307,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
@@ -1010,7 +1001,7 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
-@@ -1761,11 +1767,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
+@@ -1767,11 +1772,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
@@ -1028,7 +1019,7 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -1900,6 +1909,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1906,6 +1914,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
return 0;
if (!out || !in || len < AES_BLOCK_SIZE)
return 0;
@@ -1043,7 +1034,7 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
if (xctx->stream)
(*xctx->stream) (in, out, len,
xctx->xts.key1, xctx->xts.key2,
-@@ -1917,8 +1934,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1923,8 +1939,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY)
@@ -1056,7 +1047,7 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -2176,11 +2195,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
+@@ -2187,11 +2205,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
#define aes_ccm_cleanup NULL
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
@@ -1071,7 +1062,7 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
typedef struct {
union {
-@@ -2269,7 +2288,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
+@@ -2284,7 +2302,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
return rv ? (int)rv : -1;
}
@@ -1080,10 +1071,10 @@ diff -up openssl-1.1.0c/crypto/evp/e_aes.c.fips openssl-1.1.0c/crypto/evp/e_aes.
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-diff -up openssl-1.1.0c/crypto/evp/e_des3.c.fips openssl-1.1.0c/crypto/evp/e_des3.c
---- openssl-1.1.0c/crypto/evp/e_des3.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/e_des3.c 2016-11-11 13:31:51.330603649 +0100
-@@ -210,16 +210,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
+diff -up openssl-1.1.0d/crypto/evp/e_des3.c.fips openssl-1.1.0d/crypto/evp/e_des3.c
+--- openssl-1.1.0d/crypto/evp/e_des3.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/e_des3.c 2017-01-26 16:02:29.031334556 +0100
+@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
# define des_ede3_cbc_cipher des_ede_cbc_cipher
# define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
@@ -1109,9 +1100,9 @@ diff -up openssl-1.1.0c/crypto/evp/e_des3.c.fips openssl-1.1.0c/crypto/evp/e_des
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff -up openssl-1.1.0c/crypto/evp/e_null.c.fips openssl-1.1.0c/crypto/evp/e_null.c
---- openssl-1.1.0c/crypto/evp/e_null.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/e_null.c 2016-11-11 13:31:51.330603649 +0100
+diff -up openssl-1.1.0d/crypto/evp/e_null.c.fips openssl-1.1.0d/crypto/evp/e_null.c
+--- openssl-1.1.0d/crypto/evp/e_null.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/e_null.c 2017-01-26 16:02:29.031334556 +0100
@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
@@ -1122,9 +1113,9 @@ diff -up openssl-1.1.0c/crypto/evp/e_null.c.fips openssl-1.1.0c/crypto/evp/e_nul
null_init_key,
null_cipher,
NULL,
-diff -up openssl-1.1.0c/crypto/evp/evp_enc.c.fips openssl-1.1.0c/crypto/evp/evp_enc.c
---- openssl-1.1.0c/crypto/evp/evp_enc.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/evp_enc.c 2016-11-11 13:31:51.330603649 +0100
+diff -up openssl-1.1.0d/crypto/evp/evp_enc.c.fips openssl-1.1.0d/crypto/evp/evp_enc.c
+--- openssl-1.1.0d/crypto/evp/evp_enc.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/evp_enc.c 2017-01-26 16:02:29.032334529 +0100
@@ -16,10 +16,19 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -1200,18 +1191,18 @@ diff -up openssl-1.1.0c/crypto/evp/evp_enc.c.fips openssl-1.1.0c/crypto/evp/evp_
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if (!ctx->cipher->init(ctx, key, iv, enc))
-diff -up openssl-1.1.0c/crypto/evp/evp_err.c.fips openssl-1.1.0c/crypto/evp/evp_err.c
---- openssl-1.1.0c/crypto/evp/evp_err.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/evp_err.c 2016-11-11 13:31:51.330603649 +0100
-@@ -22,6 +22,7 @@ static ERR_STRING_DATA EVP_str_functs[]
- {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"},
- {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"},
+diff -up openssl-1.1.0d/crypto/evp/evp_err.c.fips openssl-1.1.0d/crypto/evp/evp_err.c
+--- openssl-1.1.0d/crypto/evp/evp_err.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/evp_err.c 2017-01-26 16:07:34.336167390 +0100
+@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[]
+ {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
{ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
+ {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"},
+ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "aes_xts_cipher"},
{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
{ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
-@@ -106,6 +107,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -109,6 +110,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
@@ -1219,7 +1210,7 @@ diff -up openssl-1.1.0c/crypto/evp/evp_err.c.fips openssl-1.1.0c/crypto/evp/evp_
{ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
{ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
-@@ -139,6 +141,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -144,6 +146,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -1227,9 +1218,9 @@ diff -up openssl-1.1.0c/crypto/evp/evp_err.c.fips openssl-1.1.0c/crypto/evp/evp_
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-diff -up openssl-1.1.0c/crypto/evp/evp_lib.c.fips openssl-1.1.0c/crypto/evp/evp_lib.c
---- openssl-1.1.0c/crypto/evp/evp_lib.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/evp_lib.c 2016-11-11 13:31:51.330603649 +0100
+diff -up openssl-1.1.0d/crypto/evp/evp_lib.c.fips openssl-1.1.0d/crypto/evp/evp_lib.c
+--- openssl-1.1.0d/crypto/evp/evp_lib.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/evp_lib.c 2017-01-26 16:02:29.032334529 +0100
@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
@@ -1240,10 +1231,10 @@ diff -up openssl-1.1.0c/crypto/evp/evp_lib.c.fips openssl-1.1.0c/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
-diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha1.c
---- openssl-1.1.0c/crypto/evp/m_sha1.c.fips 2016-11-10 15:03:44.000000000 +0100
-+++ openssl-1.1.0c/crypto/evp/m_sha1.c 2016-11-11 13:31:51.330603649 +0100
-@@ -89,7 +89,7 @@ static const EVP_MD sha1_md = {
+diff -up openssl-1.1.0d/crypto/evp/m_sha1.c.fips openssl-1.1.0d/crypto/evp/m_sha1.c
+--- openssl-1.1.0d/crypto/evp/m_sha1.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/evp/m_sha1.c 2017-01-26 16:02:29.032334529 +0100
+@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = {
NID_sha1,
NID_sha1WithRSAEncryption,
SHA_DIGEST_LENGTH,
@@ -1252,7 +1243,7 @@ diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha
init,
update,
final,
-@@ -134,7 +134,7 @@ static const EVP_MD sha224_md = {
+@@ -139,7 +139,7 @@ static const EVP_MD sha224_md = {
NID_sha224,
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
@@ -1261,7 +1252,7 @@ diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha
init224,
update256,
final256,
-@@ -153,7 +153,7 @@ static const EVP_MD sha256_md = {
+@@ -158,7 +158,7 @@ static const EVP_MD sha256_md = {
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
@@ -1270,7 +1261,7 @@ diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha
init256,
update256,
final256,
-@@ -193,7 +193,7 @@ static const EVP_MD sha384_md = {
+@@ -198,7 +198,7 @@ static const EVP_MD sha384_md = {
NID_sha384,
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
@@ -1279,7 +1270,7 @@ diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha
init384,
update512,
final512,
-@@ -212,7 +212,7 @@ static const EVP_MD sha512_md = {
+@@ -217,7 +217,7 @@ static const EVP_MD sha512_md = {
NID_sha512,
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
@@ -1288,9 +1279,9 @@ diff -up openssl-1.1.0c/crypto/evp/m_sha1.c.fips openssl-1.1.0c/crypto/evp/m_sha
init512,
update512,
final512,
-diff -up openssl-1.1.0c/crypto/fips/build.info.fips openssl-1.1.0c/crypto/fips/build.info
---- openssl-1.1.0c/crypto/fips/build.info.fips 2016-11-11 13:31:51.331603672 +0100
-+++ openssl-1.1.0c/crypto/fips/build.info 2016-11-11 13:31:51.331603672 +0100
+diff -up openssl-1.1.0d/crypto/fips/build.info.fips openssl-1.1.0d/crypto/fips/build.info
+--- openssl-1.1.0d/crypto/fips/build.info.fips 2017-01-26 16:02:29.032334529 +0100
++++ openssl-1.1.0d/crypto/fips/build.info 2017-01-26 16:02:29.032334529 +0100
@@ -0,0 +1,15 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
@@ -1307,9 +1298,9 @@ diff -up openssl-1.1.0c/crypto/fips/build.info.fips openssl-1.1.0c/crypto/fips/b
+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
+INCLUDE[fips_standalone_hmac]=../../include
+DEPEND[fips_standalone_hmac]=../../libcrypto
-diff -up openssl-1.1.0c/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_aes_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_aes_selftest.c.fips 2016-11-11 13:31:51.331603672 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_aes_selftest.c 2016-11-11 13:31:51.331603672 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_aes_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_aes_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100
++++ openssl-1.1.0d/crypto/fips/fips_aes_selftest.c 2017-01-26 16:02:29.033334502 +0100
@@ -0,0 +1,372 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -1683,9 +1674,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0c/cryp
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips.c.fips openssl-1.1.0c/crypto/fips/fips.c
---- openssl-1.1.0c/crypto/fips/fips.c.fips 2016-11-11 13:31:51.331603672 +0100
-+++ openssl-1.1.0c/crypto/fips/fips.c 2016-11-11 13:31:51.331603672 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips.c.fips openssl-1.1.0d/crypto/fips/fips.c
+--- openssl-1.1.0d/crypto/fips/fips.c.fips 2017-01-26 16:02:29.033334502 +0100
++++ openssl-1.1.0d/crypto/fips/fips.c 2017-01-26 16:02:29.033334502 +0100
@@ -0,0 +1,526 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2213,9 +2204,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips.c.fips openssl-1.1.0c/crypto/fips/fips.
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c.fips 2016-11-11 13:31:51.331603672 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c 2016-11-11 13:31:51.331603672 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100
++++ openssl-1.1.0d/crypto/fips/fips_cmac_selftest.c 2017-01-26 16:02:29.033334502 +0100
@@ -0,0 +1,156 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2373,9 +2364,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0c/cry
+ return rv;
+}
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_des_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_des_selftest.c.fips 2016-11-11 13:31:51.331603672 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_des_selftest.c 2016-11-11 13:31:51.331603672 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_des_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_des_selftest.c.fips 2017-01-26 16:02:29.033334502 +0100
++++ openssl-1.1.0d/crypto/fips/fips_des_selftest.c 2017-01-26 16:02:29.033334502 +0100
@@ -0,0 +1,133 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2510,9 +2501,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0c/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_dh_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_dh_selftest.c.fips 2016-11-11 13:31:51.332603695 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_dh_selftest.c 2016-11-11 13:31:51.331603672 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_dh_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_dh_selftest.c.fips 2017-01-26 16:02:29.035334448 +0100
++++ openssl-1.1.0d/crypto/fips/fips_dh_selftest.c 2017-01-26 16:02:29.035334448 +0100
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2694,9 +2685,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0c/crypt
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c
---- openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c.fips 2016-11-11 13:31:51.332603695 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c 2016-11-11 13:31:51.332603695 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c.fips 2017-01-26 16:02:29.035334448 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_ctr.c 2017-01-26 16:02:29.035334448 +0100
@@ -0,0 +1,415 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3113,9 +3104,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0c/crypto/f
+
+ return 1;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_hash.c
---- openssl-1.1.0c/crypto/fips/fips_drbg_hash.c.fips 2016-11-11 13:31:51.334603741 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_hash.c 2016-11-11 13:31:51.334603741 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_hash.c
+--- openssl-1.1.0d/crypto/fips/fips_drbg_hash.c.fips 2017-01-26 16:02:29.036334422 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_hash.c 2017-01-26 16:02:29.035334448 +0100
@@ -0,0 +1,361 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3478,9 +3469,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0c/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c
---- openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c.fips 2016-11-11 13:31:51.334603741 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c 2016-11-11 13:31:51.334603741 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c.fips 2017-01-26 16:02:29.036334422 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_hmac.c 2017-01-26 16:02:29.036334422 +0100
@@ -0,0 +1,272 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3754,9 +3745,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0c/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.0c/crypto/fips/fips_drbg_lib.c.fips 2016-11-11 13:31:51.334603741 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_lib.c 2016-11-11 13:31:51.334603741 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_lib.c
+--- openssl-1.1.0d/crypto/fips/fips_drbg_lib.c.fips 2017-01-26 16:02:29.036334422 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_lib.c 2017-01-26 16:02:29.036334422 +0100
@@ -0,0 +1,555 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
@@ -4313,9 +4304,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0c/crypto/f
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.0c/crypto/fips/fips_drbg_rand.c.fips 2016-11-11 13:31:51.335603764 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-11-11 13:31:51.335603764 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_rand.c
+--- openssl-1.1.0d/crypto/fips/fips_drbg_rand.c.fips 2017-01-26 16:02:29.036334422 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_rand.c 2017-01-26 16:02:29.036334422 +0100
@@ -0,0 +1,183 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4500,9 +4491,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0c/crypto/
+{
+ return &rand_drbg_meth;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c.fips 2016-11-11 13:31:51.335603764 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c 2016-11-11 13:31:51.335603764 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c.fips 2017-01-26 16:02:29.037334395 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_selftest.c 2017-01-26 16:02:29.037334395 +0100
@@ -0,0 +1,828 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5332,9 +5323,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0c/cry
+ FIPS_drbg_free(dctx);
+ return rv;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h
---- openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h.fips 2016-11-11 13:31:51.372604610 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h 2016-11-11 13:31:51.372604610 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h.fips 2017-01-26 16:02:29.037334395 +0100
++++ openssl-1.1.0d/crypto/fips/fips_drbg_selftest.h 2017-01-26 16:02:29.037334395 +0100
@@ -0,0 +1,1791 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7127,9 +7118,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0c/cry
+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
+ 0xc2, 0xd6, 0xfd, 0xa5
+};
-diff -up openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c.fips 2016-11-11 13:31:51.372604610 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c 2016-11-11 13:31:51.372604610 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100
++++ openssl-1.1.0d/crypto/fips/fips_dsa_selftest.c 2017-01-26 16:02:29.038334368 +0100
@@ -0,0 +1,195 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7326,9 +7317,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0c/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100
++++ openssl-1.1.0d/crypto/fips/fips_ecdh_selftest.c 2017-01-26 16:02:29.038334368 +0100
@@ -0,0 +1,242 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7572,9 +7563,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0c/cry
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c.fips 2017-01-26 16:02:29.038334368 +0100
++++ openssl-1.1.0d/crypto/fips/fips_ecdsa_selftest.c 2017-01-26 16:02:29.038334368 +0100
@@ -0,0 +1,166 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7742,9 +7733,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0c/cr
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_enc.c.fips openssl-1.1.0c/crypto/fips/fips_enc.c
---- openssl-1.1.0c/crypto/fips/fips_enc.c.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_enc.c 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_enc.c.fips openssl-1.1.0d/crypto/fips/fips_enc.c
+--- openssl-1.1.0d/crypto/fips/fips_enc.c.fips 2017-01-26 16:02:29.038334368 +0100
++++ openssl-1.1.0d/crypto/fips/fips_enc.c 2017-01-26 16:02:29.038334368 +0100
@@ -0,0 +1,189 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -7935,9 +7926,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_enc.c.fips openssl-1.1.0c/crypto/fips/f
+
+ }
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_err.h.fips openssl-1.1.0c/crypto/fips/fips_err.h
---- openssl-1.1.0c/crypto/fips/fips_err.h.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_err.h 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_err.h.fips openssl-1.1.0d/crypto/fips/fips_err.h
+--- openssl-1.1.0d/crypto/fips/fips_err.h.fips 2017-01-26 16:02:29.038334368 +0100
++++ openssl-1.1.0d/crypto/fips/fips_err.h 2017-01-26 16:02:29.038334368 +0100
@@ -0,0 +1,196 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -8135,9 +8126,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_err.h.fips openssl-1.1.0c/crypto/fips/f
+#endif
+ return 1;
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_ers.c.fips openssl-1.1.0c/crypto/fips/fips_ers.c
---- openssl-1.1.0c/crypto/fips/fips_ers.c.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_ers.c 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_ers.c.fips openssl-1.1.0d/crypto/fips/fips_ers.c
+--- openssl-1.1.0d/crypto/fips/fips_ers.c.fips 2017-01-26 16:02:29.039334342 +0100
++++ openssl-1.1.0d/crypto/fips/fips_ers.c 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -8146,9 +8137,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_ers.c.fips openssl-1.1.0c/crypto/fips/f
+#else
+static void *dummy = &dummy;
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c.fips 2017-01-26 16:02:29.039334342 +0100
++++ openssl-1.1.0d/crypto/fips/fips_hmac_selftest.c 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -8284,9 +8275,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0c/cry
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_locl.h.fips openssl-1.1.0c/crypto/fips/fips_locl.h
---- openssl-1.1.0c/crypto/fips/fips_locl.h.fips 2016-11-11 13:31:51.373604633 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_locl.h 2016-11-11 13:31:51.373604633 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_locl.h.fips openssl-1.1.0d/crypto/fips/fips_locl.h
+--- openssl-1.1.0d/crypto/fips/fips_locl.h.fips 2017-01-26 16:02:29.039334342 +0100
++++ openssl-1.1.0d/crypto/fips/fips_locl.h 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8359,9 +8350,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_locl.h.fips openssl-1.1.0c/crypto/fips/
+}
+# endif
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_md.c.fips openssl-1.1.0c/crypto/fips/fips_md.c
---- openssl-1.1.0c/crypto/fips/fips_md.c.fips 2016-11-11 13:31:51.374604656 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_md.c 2016-11-11 13:31:51.374604656 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_md.c.fips openssl-1.1.0d/crypto/fips/fips_md.c
+--- openssl-1.1.0d/crypto/fips/fips_md.c.fips 2017-01-26 16:02:29.039334342 +0100
++++ openssl-1.1.0d/crypto/fips/fips_md.c 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,144 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -8507,9 +8498,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_md.c.fips openssl-1.1.0c/crypto/fips/fi
+ return NULL;
+ }
+}
-diff -up openssl-1.1.0c/crypto/fips/fips_post.c.fips openssl-1.1.0c/crypto/fips/fips_post.c
---- openssl-1.1.0c/crypto/fips/fips_post.c.fips 2016-11-11 13:31:51.374604656 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_post.c 2016-11-11 13:31:51.374604656 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_post.c.fips openssl-1.1.0d/crypto/fips/fips_post.c
+--- openssl-1.1.0d/crypto/fips/fips_post.c.fips 2017-01-26 16:02:29.039334342 +0100
++++ openssl-1.1.0d/crypto/fips/fips_post.c 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,222 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8733,9 +8724,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_post.c.fips openssl-1.1.0c/crypto/fips/
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0c/crypto/fips/fips_rand_lcl.h
---- openssl-1.1.0c/crypto/fips/fips_rand_lcl.h.fips 2016-11-11 13:31:51.374604656 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_rand_lcl.h 2016-11-11 13:31:51.374604656 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0d/crypto/fips/fips_rand_lcl.h
+--- openssl-1.1.0d/crypto/fips/fips_rand_lcl.h.fips 2017-01-26 16:02:29.039334342 +0100
++++ openssl-1.1.0d/crypto/fips/fips_rand_lcl.h 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,209 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8946,9 +8937,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0c/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.1.0c/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0c/crypto/fips/fips_rand_lib.c
---- openssl-1.1.0c/crypto/fips/fips_rand_lib.c.fips 2016-11-11 13:31:51.374604656 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_rand_lib.c 2016-11-11 13:31:51.374604656 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0d/crypto/fips/fips_rand_lib.c
+--- openssl-1.1.0d/crypto/fips/fips_rand_lib.c.fips 2017-01-26 16:02:29.040334315 +0100
++++ openssl-1.1.0d/crypto/fips/fips_rand_lib.c 2017-01-26 16:02:29.039334342 +0100
@@ -0,0 +1,234 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9184,9 +9175,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0c/crypto/f
+# endif
+}
+
-diff -up openssl-1.1.0c/crypto/fips/fips_randtest.c.fips openssl-1.1.0c/crypto/fips/fips_randtest.c
---- openssl-1.1.0c/crypto/fips/fips_randtest.c.fips 2016-11-11 13:31:51.374604656 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_randtest.c 2016-11-11 13:31:51.374604656 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_randtest.c.fips openssl-1.1.0d/crypto/fips/fips_randtest.c
+--- openssl-1.1.0d/crypto/fips/fips_randtest.c.fips 2017-01-26 16:02:29.040334315 +0100
++++ openssl-1.1.0d/crypto/fips/fips_randtest.c 2017-01-26 16:02:29.040334315 +0100
@@ -0,0 +1,247 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
@@ -9435,9 +9426,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_randtest.c.fips openssl-1.1.0c/crypto/f
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c.fips 2016-11-11 13:31:51.375604679 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c.fips 2017-01-26 16:02:29.040334315 +0100
++++ openssl-1.1.0d/crypto/fips/fips_rsa_selftest.c 2017-01-26 16:02:29.040334315 +0100
@@ -0,0 +1,578 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -10017,9 +10008,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0c/cryp
+}
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.1.0c/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0c/crypto/fips/fips_sha_selftest.c
---- openssl-1.1.0c/crypto/fips/fips_sha_selftest.c.fips 2016-11-11 13:31:51.375604679 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_sha_selftest.c 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0d/crypto/fips/fips_sha_selftest.c
+--- openssl-1.1.0d/crypto/fips/fips_sha_selftest.c.fips 2017-01-26 16:02:29.040334315 +0100
++++ openssl-1.1.0d/crypto/fips/fips_sha_selftest.c 2017-01-26 16:02:29.040334315 +0100
@@ -0,0 +1,138 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10159,9 +10150,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0c/cryp
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c
---- openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c.fips 2016-11-11 13:31:51.375604679 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c.fips 2017-01-26 16:02:29.040334315 +0100
++++ openssl-1.1.0d/crypto/fips/fips_standalone_hmac.c 2017-01-26 16:02:29.040334315 +0100
@@ -0,0 +1,127 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10290,9 +10281,9 @@ diff -up openssl-1.1.0c/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0c/c
+#endif
+ return 0;
+}
-diff -up openssl-1.1.0c/crypto/hmac/hmac.c.fips openssl-1.1.0c/crypto/hmac/hmac.c
---- openssl-1.1.0c/crypto/hmac/hmac.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/hmac/hmac.c 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/hmac/hmac.c.fips openssl-1.1.0d/crypto/hmac/hmac.c
+--- openssl-1.1.0d/crypto/hmac/hmac.c.fips 2017-01-26 14:10:22.000000000 +0100
++++ openssl-1.1.0d/crypto/hmac/hmac.c 2017-01-26 16:02:29.041334288 +0100
@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
}
@@ -10307,9 +10298,9 @@ diff -up openssl-1.1.0c/crypto/hmac/hmac.c.fips openssl-1.1.0c/crypto/hmac/hmac.
reset = 1;
j = EVP_MD_block_size(md);
OPENSSL_assert(j <= (int)sizeof(ctx->key));
-diff -up openssl-1.1.0c/crypto/include/internal/fips_int.h.fips openssl-1.1.0c/crypto/include/internal/fips_int.h
---- openssl-1.1.0c/crypto/include/internal/fips_int.h.fips 2016-11-11 13:31:51.375604679 +0100
-+++ openssl-1.1.0c/crypto/include/internal/fips_int.h 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/include/internal/fips_int.h.fips openssl-1.1.0d/crypto/include/internal/fips_int.h
+--- openssl-1.1.0d/crypto/include/internal/fips_int.h.fips 2017-01-26 16:02:29.041334288 +0100
++++ openssl-1.1.0d/crypto/include/internal/fips_int.h 2017-01-26 16:02:29.041334288 +0100
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10412,9 +10403,9 @@ diff -up openssl-1.1.0c/crypto/include/internal/fips_int.h.fips openssl-1.1.0c/c
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+#endif
-diff -up openssl-1.1.0c/crypto/o_fips.c.fips openssl-1.1.0c/crypto/o_fips.c
---- openssl-1.1.0c/crypto/o_fips.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/o_fips.c 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/o_fips.c.fips openssl-1.1.0d/crypto/o_fips.c
+--- openssl-1.1.0d/crypto/o_fips.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/o_fips.c 2017-01-26 16:02:29.041334288 +0100
@@ -9,7 +9,10 @@
#include "internal/cryptlib.h"
@@ -10443,9 +10434,9 @@ diff -up openssl-1.1.0c/crypto/o_fips.c.fips openssl-1.1.0c/crypto/o_fips.c
#else
if (r == 0)
return 1;
-diff -up openssl-1.1.0c/crypto/o_init.c.fips openssl-1.1.0c/crypto/o_init.c
---- openssl-1.1.0c/crypto/o_init.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/o_init.c 2016-11-11 13:31:51.375604679 +0100
+diff -up openssl-1.1.0d/crypto/o_init.c.fips openssl-1.1.0d/crypto/o_init.c
+--- openssl-1.1.0d/crypto/o_init.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/o_init.c 2017-01-26 16:02:29.041334288 +0100
@@ -7,11 +7,50 @@
* https://www.openssl.org/source/license.html
*/
@@ -10532,9 +10523,9 @@ diff -up openssl-1.1.0c/crypto/o_init.c.fips openssl-1.1.0c/crypto/o_init.c
+{
+ OPENSSL_init_library();
+}
-diff -up openssl-1.1.0c/crypto/rand/md_rand.c.fips openssl-1.1.0c/crypto/rand/md_rand.c
---- openssl-1.1.0c/crypto/rand/md_rand.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-11-11 13:31:51.376604702 +0100
+diff -up openssl-1.1.0d/crypto/rand/md_rand.c.fips openssl-1.1.0d/crypto/rand/md_rand.c
+--- openssl-1.1.0d/crypto/rand/md_rand.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rand/md_rand.c 2017-01-26 16:02:29.041334288 +0100
@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf
CRYPTO_THREAD_unlock(rand_tmp_lock);
crypto_lock_rand = 1;
@@ -10544,9 +10535,9 @@ diff -up openssl-1.1.0c/crypto/rand/md_rand.c.fips openssl-1.1.0c/crypto/rand/md
RAND_poll();
initialized = 1;
}
-diff -up openssl-1.1.0c/crypto/rand/rand_err.c.fips openssl-1.1.0c/crypto/rand/rand_err.c
---- openssl-1.1.0c/crypto/rand/rand_err.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rand/rand_err.c 2016-11-11 13:31:51.376604702 +0100
+diff -up openssl-1.1.0d/crypto/rand/rand_err.c.fips openssl-1.1.0d/crypto/rand/rand_err.c
+--- openssl-1.1.0d/crypto/rand/rand_err.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rand/rand_err.c 2017-01-26 16:02:29.041334288 +0100
@@ -20,10 +20,13 @@
static ERR_STRING_DATA RAND_str_functs[] = {
@@ -10561,9 +10552,9 @@ diff -up openssl-1.1.0c/crypto/rand/rand_err.c.fips openssl-1.1.0c/crypto/rand/r
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
{0, NULL}
};
-diff -up openssl-1.1.0c/crypto/rand/rand_lcl.h.fips openssl-1.1.0c/crypto/rand/rand_lcl.h
---- openssl-1.1.0c/crypto/rand/rand_lcl.h.fips 2016-11-11 13:31:51.174600079 +0100
-+++ openssl-1.1.0c/crypto/rand/rand_lcl.h 2016-11-11 13:31:51.376604702 +0100
+diff -up openssl-1.1.0d/crypto/rand/rand_lcl.h.fips openssl-1.1.0d/crypto/rand/rand_lcl.h
+--- openssl-1.1.0d/crypto/rand/rand_lcl.h.fips 2017-01-26 16:02:28.830339932 +0100
++++ openssl-1.1.0d/crypto/rand/rand_lcl.h 2017-01-26 16:02:29.045334181 +0100
@@ -10,7 +10,7 @@
#ifndef HEADER_RAND_LCL_H
# define HEADER_RAND_LCL_H
@@ -10573,9 +10564,9 @@ diff -up openssl-1.1.0c/crypto/rand/rand_lcl.h.fips openssl-1.1.0c/crypto/rand/r
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
# define USE_SHA1_RAND
-diff -up openssl-1.1.0c/crypto/rand/rand_lib.c.fips openssl-1.1.0c/crypto/rand/rand_lib.c
---- openssl-1.1.0c/crypto/rand/rand_lib.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-11-11 13:31:51.376604702 +0100
+diff -up openssl-1.1.0d/crypto/rand/rand_lib.c.fips openssl-1.1.0d/crypto/rand/rand_lib.c
+--- openssl-1.1.0d/crypto/rand/rand_lib.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rand/rand_lib.c 2017-01-26 16:02:29.047334128 +0100
@@ -18,6 +18,8 @@
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
@@ -10713,9 +10704,9 @@ diff -up openssl-1.1.0c/crypto/rand/rand_lib.c.fips openssl-1.1.0c/crypto/rand/r
+}
+
+#endif
-diff -up openssl-1.1.0c/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0c/crypto/rsa/rsa_crpt.c
---- openssl-1.1.0c/crypto/rsa/rsa_crpt.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_crpt.c 2016-11-11 13:31:51.376604702 +0100
+diff -up openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0d/crypto/rsa/rsa_crpt.c
+--- openssl-1.1.0d/crypto/rsa/rsa_crpt.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_crpt.c 2017-01-26 16:02:29.048334101 +0100
@@ -28,24 +28,52 @@ int RSA_size(const RSA *r)
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
@@ -10769,9 +10760,9 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0c/crypto/rsa/rsa
return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-diff -up openssl-1.1.0c/crypto/rsa/rsa_err.c.fips openssl-1.1.0c/crypto/rsa/rsa_err.c
---- openssl-1.1.0c/crypto/rsa/rsa_err.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_err.c 2016-11-11 13:33:14.071497190 +0100
+diff -up openssl-1.1.0d/crypto/rsa/rsa_err.c.fips openssl-1.1.0d/crypto/rsa/rsa_err.c
+--- openssl-1.1.0d/crypto/rsa/rsa_err.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_err.c 2017-01-26 16:02:29.049334074 +0100
@@ -21,6 +21,7 @@
static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
@@ -10780,7 +10771,7 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_err.c.fips openssl-1.1.0c/crypto/rsa/rsa_
{ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
-@@ -32,6 +33,7 @@ static ERR_STRING_DATA RSA_str_functs[]
+@@ -33,6 +34,7 @@ static ERR_STRING_DATA RSA_str_functs[]
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
{ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
@@ -10788,7 +10779,7 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_err.c.fips openssl-1.1.0c/crypto/rsa/rsa_
{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
{ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
{ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
-@@ -75,8 +77,14 @@ static ERR_STRING_DATA RSA_str_functs[]
+@@ -76,8 +78,14 @@ static ERR_STRING_DATA RSA_str_functs[]
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"},
@@ -10803,7 +10794,7 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_err.c.fips openssl-1.1.0c/crypto/rsa/rsa_
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
-@@ -134,10 +142,13 @@ static ERR_STRING_DATA RSA_str_reasons[]
+@@ -135,10 +143,13 @@ static ERR_STRING_DATA RSA_str_reasons[]
{ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
@@ -10817,9 +10808,9 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_err.c.fips openssl-1.1.0c/crypto/rsa/rsa_
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
-diff -up openssl-1.1.0c/crypto/rsa/rsa_gen.c.fips openssl-1.1.0c/crypto/rsa/rsa_gen.c
---- openssl-1.1.0c/crypto/rsa/rsa_gen.c.fips 2016-11-11 13:31:51.320603420 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_gen.c 2016-11-11 13:31:51.377604725 +0100
+diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips openssl-1.1.0d/crypto/rsa/rsa_gen.c
+--- openssl-1.1.0d/crypto/rsa/rsa_gen.c.fips 2017-01-26 16:02:29.007335198 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:02:29.051334021 +0100
@@ -18,6 +18,75 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -11198,9 +11189,9 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_gen.c.fips openssl-1.1.0c/crypto/rsa/rsa_
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.0c/crypto/rsa/rsa_lib.c.fips openssl-1.1.0c/crypto/rsa/rsa_lib.c
---- openssl-1.1.0c/crypto/rsa/rsa_lib.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_lib.c 2016-11-11 13:31:51.377604725 +0100
+diff -up openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips openssl-1.1.0d/crypto/rsa/rsa_lib.c
+--- openssl-1.1.0d/crypto/rsa/rsa_lib.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_lib.c 2017-01-26 16:02:29.052333994 +0100
@@ -26,6 +26,12 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -11256,9 +11247,9 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_lib.c.fips openssl-1.1.0c/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
goto err;
}
-diff -up openssl-1.1.0c/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0c/crypto/rsa/rsa_ossl.c
---- openssl-1.1.0c/crypto/rsa/rsa_ossl.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_ossl.c 2016-11-11 13:31:51.377604725 +0100
+diff -up openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0d/crypto/rsa/rsa_ossl.c
+--- openssl-1.1.0d/crypto/rsa/rsa_ossl.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_ossl.c 2017-01-26 16:02:29.053333967 +0100
@@ -11,6 +11,10 @@
#include "internal/bn_int.h"
#include "rsa_locl.h"
@@ -11362,9 +11353,9 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0c/crypto/rsa/rsa
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
-diff -up openssl-1.1.0c/crypto/rsa/rsa_sign.c.fips openssl-1.1.0c/crypto/rsa/rsa_sign.c
---- openssl-1.1.0c/crypto/rsa/rsa_sign.c.fips 2016-11-11 13:31:51.377604725 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_sign.c 2016-11-11 13:37:08.746867781 +0100
+diff -up openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips openssl-1.1.0d/crypto/rsa/rsa_sign.c
+--- openssl-1.1.0d/crypto/rsa/rsa_sign.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/rsa/rsa_sign.c 2017-01-26 16:02:29.054333940 +0100
@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
@@ -11391,22 +11382,9 @@ diff -up openssl-1.1.0c/crypto/rsa/rsa_sign.c.fips openssl-1.1.0c/crypto/rsa/rsa
if (encrypt_len <= 0)
goto err;
-diff -up openssl-1.1.0c/crypto/sha/sha_locl.h.fips openssl-1.1.0c/crypto/sha/sha_locl.h
---- openssl-1.1.0c/crypto/sha/sha_locl.h.fips 2016-11-11 13:31:51.112598660 +0100
-+++ openssl-1.1.0c/crypto/sha/sha_locl.h 2016-11-11 13:31:51.377604725 +0100
-@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
-
- int HASH_INIT(SHA_CTX *c)
- {
-+#if defined(OPENSSL_FIPS)
-+ FIPS_selftest_check();
-+#endif
- memset(c, 0, sizeof(*c));
- c->h0 = INIT_DATA_h0;
- c->h1 = INIT_DATA_h1;
-diff -up openssl-1.1.0c/crypto/sha/sha256.c.fips openssl-1.1.0c/crypto/sha/sha256.c
---- openssl-1.1.0c/crypto/sha/sha256.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/sha/sha256.c 2016-11-11 13:31:51.377604725 +0100
+diff -up openssl-1.1.0d/crypto/sha/sha256.c.fips openssl-1.1.0d/crypto/sha/sha256.c
+--- openssl-1.1.0d/crypto/sha/sha256.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/sha/sha256.c 2017-01-26 16:02:29.055333914 +0100
@@ -18,6 +18,9 @@
int SHA224_Init(SHA256_CTX *c)
@@ -11427,9 +11405,9 @@ diff -up openssl-1.1.0c/crypto/sha/sha256.c.fips openssl-1.1.0c/crypto/sha/sha25
memset(c, 0, sizeof(*c));
c->h[0] = 0x6a09e667UL;
c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.1.0c/crypto/sha/sha512.c.fips openssl-1.1.0c/crypto/sha/sha512.c
---- openssl-1.1.0c/crypto/sha/sha512.c.fips 2016-11-10 15:03:45.000000000 +0100
-+++ openssl-1.1.0c/crypto/sha/sha512.c 2016-11-11 13:31:51.378604748 +0100
+diff -up openssl-1.1.0d/crypto/sha/sha512.c.fips openssl-1.1.0d/crypto/sha/sha512.c
+--- openssl-1.1.0d/crypto/sha/sha512.c.fips 2017-01-26 14:10:23.000000000 +0100
++++ openssl-1.1.0d/crypto/sha/sha512.c 2017-01-26 16:02:29.055333914 +0100
@@ -62,6 +62,9 @@
int SHA384_Init(SHA512_CTX *c)
@@ -11450,9 +11428,22 @@ diff -up openssl-1.1.0c/crypto/sha/sha512.c.fips openssl-1.1.0c/crypto/sha/sha51
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod
---- openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod 2016-11-11 13:31:51.378604748 +0100
+diff -up openssl-1.1.0d/crypto/sha/sha_locl.h.fips openssl-1.1.0d/crypto/sha/sha_locl.h
+--- openssl-1.1.0d/crypto/sha/sha_locl.h.fips 2017-01-26 16:02:28.826340039 +0100
++++ openssl-1.1.0d/crypto/sha/sha_locl.h 2017-01-26 16:02:29.054333940 +0100
+@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
+
+ int HASH_INIT(SHA_CTX *c)
+ {
++#if defined(OPENSSL_FIPS)
++ FIPS_selftest_check();
++#endif
+ memset(c, 0, sizeof(*c));
+ c->h0 = INIT_DATA_h0;
+ c->h1 = INIT_DATA_h1;
+diff -up openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod
+--- openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod.fips 2017-01-26 14:10:24.000000000 +0100
++++ openssl-1.1.0d/doc/crypto/DSA_generate_parameters.pod 2017-01-26 16:02:29.056333887 +0100
@@ -29,8 +29,10 @@ B<bits> is the length of the prime p to
For lengths under 2048 bits, the length of q is 160 bits; for lengths
greater than or equal to 2048 bits, the length of q is set to 256 bits.
@@ -11466,9 +11457,9 @@ diff -up openssl-1.1.0c/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.
DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
-diff -up openssl-1.1.0c/include/openssl/crypto.h.fips openssl-1.1.0c/include/openssl/crypto.h
---- openssl-1.1.0c/include/openssl/crypto.h.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/crypto.h 2016-11-11 13:31:51.378604748 +0100
+diff -up openssl-1.1.0d/include/openssl/crypto.h.fips openssl-1.1.0d/include/openssl/crypto.h
+--- openssl-1.1.0d/include/openssl/crypto.h.fips 2017-01-26 14:10:24.000000000 +0100
++++ openssl-1.1.0d/include/openssl/crypto.h 2017-01-26 16:02:29.057333860 +0100
@@ -332,6 +332,11 @@ int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
@@ -11481,9 +11472,9 @@ diff -up openssl-1.1.0c/include/openssl/crypto.h.fips openssl-1.1.0c/include/ope
void OPENSSL_init(void);
struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-diff -up openssl-1.1.0c/include/openssl/dh.h.fips openssl-1.1.0c/include/openssl/dh.h
---- openssl-1.1.0c/include/openssl/dh.h.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/dh.h 2016-11-11 13:31:51.378604748 +0100
+diff -up openssl-1.1.0d/include/openssl/dh.h.fips openssl-1.1.0d/include/openssl/dh.h
+--- openssl-1.1.0d/include/openssl/dh.h.fips 2017-01-26 14:10:24.000000000 +0100
++++ openssl-1.1.0d/include/openssl/dh.h 2017-01-26 16:02:29.058333833 +0100
@@ -30,6 +30,7 @@ extern "C" {
# endif
@@ -11492,7 +11483,7 @@ diff -up openssl-1.1.0c/include/openssl/dh.h.fips openssl-1.1.0c/include/openssl
# define DH_FLAG_CACHE_MONT_P 0x01
-@@ -307,6 +308,9 @@ int ERR_load_DH_strings(void);
+@@ -308,6 +309,9 @@ int ERR_load_DH_strings(void);
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
# define DH_F_DH_CMS_SET_SHARED_INFO 116
@@ -11502,7 +11493,7 @@ diff -up openssl-1.1.0c/include/openssl/dh.h.fips openssl-1.1.0c/include/openssl
# define DH_F_DH_METH_DUP 117
# define DH_F_DH_METH_NEW 118
# define DH_F_DH_METH_SET1_NAME 119
-@@ -328,10 +332,12 @@ int ERR_load_DH_strings(void);
+@@ -329,10 +333,12 @@ int ERR_load_DH_strings(void);
# define DH_R_DECODE_ERROR 104
# define DH_R_INVALID_PUBKEY 102
# define DH_R_KDF_PARAMETER_ERROR 112
@@ -11515,9 +11506,9 @@ diff -up openssl-1.1.0c/include/openssl/dh.h.fips openssl-1.1.0c/include/openssl
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
-diff -up openssl-1.1.0c/include/openssl/dsa.h.fips openssl-1.1.0c/include/openssl/dsa.h
---- openssl-1.1.0c/include/openssl/dsa.h.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/dsa.h 2016-11-11 13:31:51.378604748 +0100
+diff -up openssl-1.1.0d/include/openssl/dsa.h.fips openssl-1.1.0d/include/openssl/dsa.h
+--- openssl-1.1.0d/include/openssl/dsa.h.fips 2017-01-26 14:10:24.000000000 +0100
++++ openssl-1.1.0d/include/openssl/dsa.h 2017-01-26 16:08:36.807496229 +0100
@@ -36,6 +36,7 @@ extern "C" {
# endif
@@ -11562,19 +11553,19 @@ diff -up openssl-1.1.0c/include/openssl/dsa.h.fips openssl-1.1.0c/include/openss
+# define DSA_R_NON_FIPS_DSA_METHOD 200
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
-
-diff -up openssl-1.1.0c/include/openssl/evp.h.fips openssl-1.1.0c/include/openssl/evp.h
---- openssl-1.1.0c/include/openssl/evp.h.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/evp.h 2016-11-11 13:31:51.378604748 +0100
-@@ -1456,6 +1456,7 @@ int ERR_load_EVP_strings(void);
- # define EVP_F_AESNI_INIT_KEY 165
- # define EVP_F_AES_INIT_KEY 133
+ # define DSA_R_SEED_LEN_SMALL 110
+diff -up openssl-1.1.0d/include/openssl/evp.h.fips openssl-1.1.0d/include/openssl/evp.h
+--- openssl-1.1.0d/include/openssl/evp.h.fips 2017-01-26 14:10:24.000000000 +0100
++++ openssl-1.1.0d/include/openssl/evp.h 2017-01-26 16:09:01.024848394 +0100
+@@ -1458,6 +1458,7 @@ int ERR_load_EVP_strings(void);
+ # define EVP_F_AES_OCB_CIPHER 169
# define EVP_F_AES_T4_INIT_KEY 178
+ # define EVP_F_AES_WRAP_CIPHER 170
+# define EVP_F_AES_XTS_CIPHER 200
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_CAMELLIA_INIT_KEY 159
# define EVP_F_CHACHA20_POLY1305_CTRL 182
-@@ -1531,6 +1532,7 @@ int ERR_load_EVP_strings(void);
+@@ -1534,6 +1535,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
# define EVP_R_DECODE_ERROR 114
@@ -11582,7 +11573,7 @@ diff -up openssl-1.1.0c/include/openssl/evp.h.fips openssl-1.1.0c/include/openss
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
# define EVP_R_ERROR_LOADING_SECTION 165
-@@ -1564,6 +1566,7 @@ int ERR_load_EVP_strings(void);
+@@ -1568,6 +1570,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
@@ -11590,9 +11581,9 @@ diff -up openssl-1.1.0c/include/openssl/evp.h.fips openssl-1.1.0c/include/openss
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-diff -up openssl-1.1.0c/include/openssl/fips.h.fips openssl-1.1.0c/include/openssl/fips.h
---- openssl-1.1.0c/include/openssl/fips.h.fips 2016-11-11 13:31:51.379604771 +0100
-+++ openssl-1.1.0c/include/openssl/fips.h 2016-11-11 13:31:51.379604771 +0100
+diff -up openssl-1.1.0d/include/openssl/fips.h.fips openssl-1.1.0d/include/openssl/fips.h
+--- openssl-1.1.0d/include/openssl/fips.h.fips 2017-01-26 16:02:29.060333780 +0100
++++ openssl-1.1.0d/include/openssl/fips.h 2017-01-26 16:02:29.059333807 +0100
@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11780,9 +11771,9 @@ diff -up openssl-1.1.0c/include/openssl/fips.h.fips openssl-1.1.0c/include/opens
+}
+# endif
+#endif
-diff -up openssl-1.1.0c/include/openssl/fips_rand.h.fips openssl-1.1.0c/include/openssl/fips_rand.h
---- openssl-1.1.0c/include/openssl/fips_rand.h.fips 2016-11-11 13:31:51.379604771 +0100
-+++ openssl-1.1.0c/include/openssl/fips_rand.h 2016-11-11 13:31:51.379604771 +0100
+diff -up openssl-1.1.0d/include/openssl/fips_rand.h.fips openssl-1.1.0d/include/openssl/fips_rand.h
+--- openssl-1.1.0d/include/openssl/fips_rand.h.fips 2017-01-26 16:02:29.060333780 +0100
++++ openssl-1.1.0d/include/openssl/fips_rand.h 2017-01-26 16:02:29.060333780 +0100
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11929,9 +11920,9 @@ diff -up openssl-1.1.0c/include/openssl/fips_rand.h.fips openssl-1.1.0c/include/
+# endif
+# endif
+#endif
-diff -up openssl-1.1.0c/include/openssl/opensslconf.h.in.fips openssl-1.1.0c/include/openssl/opensslconf.h.in
---- openssl-1.1.0c/include/openssl/opensslconf.h.in.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/opensslconf.h.in 2016-11-11 13:31:51.379604771 +0100
+diff -up openssl-1.1.0d/include/openssl/opensslconf.h.in.fips openssl-1.1.0d/include/openssl/opensslconf.h.in
+--- openssl-1.1.0d/include/openssl/opensslconf.h.in.fips 2017-01-26 14:10:25.000000000 +0100
++++ openssl-1.1.0d/include/openssl/opensslconf.h.in 2017-01-26 16:02:29.060333780 +0100
@@ -136,6 +136,11 @@ extern "C" {
#define RC4_INT {- $config{rc4_int} -}
@@ -11944,9 +11935,9 @@ diff -up openssl-1.1.0c/include/openssl/opensslconf.h.in.fips openssl-1.1.0c/inc
#ifdef __cplusplus
}
#endif
-diff -up openssl-1.1.0c/include/openssl/rand.h.fips openssl-1.1.0c/include/openssl/rand.h
---- openssl-1.1.0c/include/openssl/rand.h.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/rand.h 2016-11-11 13:31:51.379604771 +0100
+diff -up openssl-1.1.0d/include/openssl/rand.h.fips openssl-1.1.0d/include/openssl/rand.h
+--- openssl-1.1.0d/include/openssl/rand.h.fips 2017-01-26 14:10:25.000000000 +0100
++++ openssl-1.1.0d/include/openssl/rand.h 2017-01-26 16:02:29.061333753 +0100
@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
#endif
@@ -11971,9 +11962,9 @@ diff -up openssl-1.1.0c/include/openssl/rand.h.fips openssl-1.1.0c/include/opens
# define RAND_R_PRNG_NOT_SEEDED 100
# ifdef __cplusplus
-diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openssl/rsa.h
---- openssl-1.1.0c/include/openssl/rsa.h.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/include/openssl/rsa.h 2016-11-11 13:38:20.076500173 +0100
+diff -up openssl-1.1.0d/include/openssl/rsa.h.fips openssl-1.1.0d/include/openssl/rsa.h
+--- openssl-1.1.0d/include/openssl/rsa.h.fips 2017-01-26 14:10:25.000000000 +0100
++++ openssl-1.1.0d/include/openssl/rsa.h 2017-01-26 16:02:29.061333753 +0100
@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void);
/* Function codes. */
# define RSA_F_CHECK_PADDING_MD 140
@@ -11982,7 +11973,7 @@ diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openss
# define RSA_F_INT_RSA_VERIFY 145
# define RSA_F_OLD_RSA_PRIV_DECODE 147
# define RSA_F_PKEY_RSA_CTRL 143
-@@ -474,6 +475,7 @@ int ERR_load_RSA_strings(void);
+@@ -475,6 +476,7 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_CHECK_KEY 123
# define RSA_F_RSA_CHECK_KEY_EX 160
# define RSA_F_RSA_CMS_DECRYPT 159
@@ -11990,7 +11981,7 @@ diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openss
# define RSA_F_RSA_ITEM_VERIFY 148
# define RSA_F_RSA_METH_DUP 161
# define RSA_F_RSA_METH_NEW 162
-@@ -508,9 +510,15 @@ int ERR_load_RSA_strings(void);
+@@ -509,9 +511,15 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_PRINT 115
# define RSA_F_RSA_PRINT_FP 116
# define RSA_F_RSA_PRIV_ENCODE 138
@@ -12006,7 +11997,7 @@ diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openss
# define RSA_F_RSA_SIGN 117
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
# define RSA_F_RSA_VERIFY 119
-@@ -557,9 +565,11 @@ int ERR_load_RSA_strings(void);
+@@ -558,9 +566,11 @@ int ERR_load_RSA_strings(void);
# define RSA_R_LAST_OCTET_INVALID 134
# define RSA_R_MODULUS_TOO_LARGE 105
# define RSA_R_NO_PUBLIC_EXPONENT 140
@@ -12018,9 +12009,9 @@ diff -up openssl-1.1.0c/include/openssl/rsa.h.fips openssl-1.1.0c/include/openss
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
-diff -up openssl-1.1.0c/ssl/ssl_ciph.c.fips openssl-1.1.0c/ssl/ssl_ciph.c
---- openssl-1.1.0c/ssl/ssl_ciph.c.fips 2016-11-30 15:31:14.000000000 +0100
-+++ openssl-1.1.0c/ssl/ssl_ciph.c 2016-12-02 16:01:58.250067386 +0100
+diff -up openssl-1.1.0d/ssl/ssl_ciph.c.fips openssl-1.1.0d/ssl/ssl_ciph.c
+--- openssl-1.1.0d/ssl/ssl_ciph.c.fips 2017-01-26 16:02:29.011335091 +0100
++++ openssl-1.1.0d/ssl/ssl_ciph.c 2017-01-26 16:02:29.062333726 +0100
@@ -404,7 +404,8 @@ void ssl_load_ciphers(void)
}
}
@@ -12040,9 +12031,9 @@ diff -up openssl-1.1.0c/ssl/ssl_ciph.c.fips openssl-1.1.0c/ssl/ssl_ciph.c
continue;
if ((c->algorithm_mkey & disabled_mkey) ||
(c->algorithm_auth & disabled_auth) ||
-diff -up openssl-1.1.0c/ssl/ssl_init.c.fips openssl-1.1.0c/ssl/ssl_init.c
---- openssl-1.1.0c/ssl/ssl_init.c.fips 2016-11-10 15:03:46.000000000 +0100
-+++ openssl-1.1.0c/ssl/ssl_init.c 2016-11-11 13:31:51.379604771 +0100
+diff -up openssl-1.1.0d/ssl/ssl_init.c.fips openssl-1.1.0d/ssl/ssl_init.c
+--- openssl-1.1.0d/ssl/ssl_init.c.fips 2017-01-26 14:10:25.000000000 +0100
++++ openssl-1.1.0d/ssl/ssl_init.c 2017-01-26 16:02:29.062333726 +0100
@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
@@ -12086,9 +12077,9 @@ diff -up openssl-1.1.0c/ssl/ssl_init.c.fips openssl-1.1.0c/ssl/ssl_init.c
#ifndef OPENSSL_NO_COMP
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-diff -up openssl-1.1.0c/ssl/ssl_lib.c.fips openssl-1.1.0c/ssl/ssl_lib.c
---- openssl-1.1.0c/ssl/ssl_lib.c.fips 2016-11-30 15:31:14.000000000 +0100
-+++ openssl-1.1.0c/ssl/ssl_lib.c 2016-12-02 16:31:12.108604595 +0100
+diff -up openssl-1.1.0d/ssl/ssl_lib.c.fips openssl-1.1.0d/ssl/ssl_lib.c
+--- openssl-1.1.0d/ssl/ssl_lib.c.fips 2017-01-26 16:02:29.012335064 +0100
++++ openssl-1.1.0d/ssl/ssl_lib.c 2017-01-26 16:02:29.063333699 +0100
@@ -2405,13 +2405,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (ret->param == NULL)
goto err;
@@ -12114,9 +12105,9 @@ diff -up openssl-1.1.0c/ssl/ssl_lib.c.fips openssl-1.1.0c/ssl/ssl_lib.c
}
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
-diff -up openssl-1.1.0c/test/dsatest.c.fips openssl-1.1.0c/test/dsatest.c
---- openssl-1.1.0c/test/dsatest.c.fips 2016-11-10 15:03:47.000000000 +0100
-+++ openssl-1.1.0c/test/dsatest.c 2016-11-11 13:31:51.380604793 +0100
+diff -up openssl-1.1.0d/test/dsatest.c.fips openssl-1.1.0d/test/dsatest.c
+--- openssl-1.1.0d/test/dsatest.c.fips 2017-01-26 14:10:25.000000000 +0100
++++ openssl-1.1.0d/test/dsatest.c 2017-01-26 16:02:29.063333699 +0100
@@ -32,41 +32,42 @@ int main(int argc, char *argv[])
static int dsa_cb(int p, int n, BN_GENCB *arg);
@@ -12205,9 +12196,9 @@ diff -up openssl-1.1.0c/test/dsatest.c.fips openssl-1.1.0c/test/dsatest.c
goto end;
}
if (h != 2) {
-diff -up openssl-1.1.0c/util/mkdef.pl.fips openssl-1.1.0c/util/mkdef.pl
---- openssl-1.1.0c/util/mkdef.pl.fips 2016-11-10 15:03:47.000000000 +0100
-+++ openssl-1.1.0c/util/mkdef.pl 2016-11-11 13:31:51.380604793 +0100
+diff -up openssl-1.1.0d/util/mkdef.pl.fips openssl-1.1.0d/util/mkdef.pl
+--- openssl-1.1.0d/util/mkdef.pl.fips 2017-01-26 14:10:26.000000000 +0100
++++ openssl-1.1.0d/util/mkdef.pl 2017-01-26 16:02:29.064333673 +0100
@@ -307,6 +307,8 @@ $crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";
$crypto.=" include/openssl/ct.h";
diff --git a/openssl-1.1.0-sslread-revert.patch b/openssl-1.1.0-sslread-revert.patch
deleted file mode 100644
index aae3922..0000000
--- a/openssl-1.1.0-sslread-revert.patch
+++ /dev/null
@@ -1,288 +0,0 @@
-From 11f1fd4b0d1b3aef5c79b843d081dbb9bcd0b85f Mon Sep 17 00:00:00 2001
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Tue, 15 Nov 2016 18:58:52 +0100
-Subject: [PATCH] Make SSL_read and SSL_write return the old behaviour and
- document it.
-
-Backport of beacb0f0c1ae7b0542fe053b95307f515b578eb7, revert of
-122580ef71e4e5f355a1a104c9bfb36feee43759
-
-Fixes: #1903
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-
-GH: #1966
----
- doc/ssl/SSL_get_error.pod | 22 +++++++++---------
- doc/ssl/SSL_read.pod | 29 +++++++++---------------
- doc/ssl/SSL_write.pod | 19 +++++++---------
- ssl/record/rec_layer_s3.c | 14 ++++--------
- test/asynciotest.c | 57 ++++++++++++++++++++++++++++++++++-------------
- 5 files changed, 75 insertions(+), 66 deletions(-)
-
-diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod
-index ddd72f7..47d2358 100644
---- a/doc/ssl/SSL_get_error.pod
-+++ b/doc/ssl/SSL_get_error.pod
-@@ -38,12 +38,13 @@ if and only if B<ret E<gt> 0>.
-
- =item SSL_ERROR_ZERO_RETURN
-
--The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
--or TLS 1.0, this result code is returned only if a closure
--alert has occurred in the protocol, i.e. if the connection has been
--closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
--does not necessarily indicate that the underlying transport
--has been closed.
-+The TLS/SSL connection has been closed.
-+If the protocol version is SSL 3.0 or higher, this result code is returned only
-+if a closure alert has occurred in the protocol, i.e. if the connection has been
-+closed cleanly.
-+Note that in this case B<SSL_ERROR_ZERO_RETURN> does not necessarily
-+indicate that the underlying transport has been closed.
-+
-
- =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
-
-@@ -111,12 +112,9 @@ thread has completed.
-
- =item SSL_ERROR_SYSCALL
-
--Some I/O error occurred. The OpenSSL error queue may contain more
--information on the error. If the error queue is empty
--(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
--about the error: If B<ret == 0>, an EOF was observed that violates
--the protocol. If B<ret == -1>, the underlying B<BIO> reported an
--I/O error (for socket I/O on Unix systems, consult B<errno> for details).
-+Some non-recoverable I/O error occurred.
-+The OpenSSL error queue may contain more information on the error.
-+For socket I/O on Unix systems, consult B<errno> for details.
-
- =item SSL_ERROR_SSL
-
-diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
-index 8dff244..20ccf40 100644
---- a/doc/ssl/SSL_read.pod
-+++ b/doc/ssl/SSL_read.pod
-@@ -81,28 +81,21 @@ The following return values can occur:
-
- =over 4
-
--=item E<gt>0
-+=item E<gt> 0
-
--The read operation was successful; the return value is the number of
--bytes actually read from the TLS/SSL connection.
-+The read operation was successful.
-+The return value is the number of bytes actually read from the TLS/SSL
-+connection.
-
--=item Z<>0
-+=item Z<><= 0
-
--The read operation was not successful. The reason may either be a clean
--shutdown due to a "close notify" alert sent by the peer (in which case
--the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
--(see L<SSL_shutdown(3)>,
--L<SSL_set_shutdown(3)>). It is also possible, that
--the peer simply shut down the underlying transport and the shutdown is
--incomplete. Call SSL_get_error() with the return value B<ret> to find out,
--whether an error occurred or the connection was shut down cleanly
--(SSL_ERROR_ZERO_RETURN).
-+The read operation was not successful, because either the connection was closed,
-+an error occurred or action must be taken by the calling process.
-+Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason.
-
--=item E<lt>0
--
--The read operation was not successful, because either an error occurred
--or action must be taken by the calling process. Call SSL_get_error() with the
--return value B<ret> to find out the reason.
-+Old documentation indicated a difference between 0 and -1, and that -1 was
-+retryable.
-+You should instead call SSL_get_error() to find out if it's retryable.
-
- =back
-
-diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
-index 5ab0790..ef3b92a 100644
---- a/doc/ssl/SSL_write.pod
-+++ b/doc/ssl/SSL_write.pod
-@@ -74,23 +74,20 @@ The following return values can occur:
-
- =over 4
-
--=item E<gt>0
-+=item E<gt> 0
-
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
-
--=item Z<>0
-+=item Z<><= 0
-
--The write operation was not successful. Probably the underlying connection
--was closed. Call SSL_get_error() with the return value B<ret> to find out,
--whether an error occurred or the connection was shut down cleanly
--(SSL_ERROR_ZERO_RETURN).
-+The write operation was not successful, because either the connection was
-+closed, an error occurred or action must be taken by the calling process.
-+Call SSL_get_error() with the return value B<ret> to find out the reason.
-
--=item E<lt>0
--
--The write operation was not successful, because either an error occurred
--or action must be taken by the calling process. Call SSL_get_error() with the
--return value B<ret> to find out the reason.
-+Old documentation indicated a difference between 0 and -1, and that -1 was
-+retryable.
-+You should instead call SSL_get_error() to find out if it's retryable.
-
- =back
-
-diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
-index 28de7c3..1270a5f 100644
---- a/ssl/record/rec_layer_s3.c
-+++ b/ssl/record/rec_layer_s3.c
-@@ -178,10 +178,7 @@ const char *SSL_rstate_string(const SSL *s)
- }
-
- /*
-- * Return values are as per SSL_read(), i.e.
-- * >0 The number of read bytes
-- * 0 Failure (not retryable)
-- * <0 Failure (may be retryable)
-+ * Return values are as per SSL_read()
- */
- int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
- {
-@@ -312,7 +309,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
- if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
- if (len + left == 0)
- ssl3_release_read_buffer(s);
-- return -1;
-+ return i;
- }
- left += i;
- /*
-@@ -882,10 +879,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-
- /* if s->s3->wbuf.left != 0, we need to call this
- *
-- * Return values are as per SSL_read(), i.e.
-- * >0 The number of read bytes
-- * 0 Failure (not retryable)
-- * <0 Failure (may be retryable)
-+ * Return values are as per SSL_write()
- */
- int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len)
-@@ -936,7 +930,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- */
- SSL3_BUFFER_set_left(&wb[currbuf], 0);
- }
-- return -1;
-+ return i;
- }
- SSL3_BUFFER_add_offset(&wb[currbuf], i);
- SSL3_BUFFER_add_left(&wb[currbuf], -i);
-diff --git a/test/asynciotest.c b/test/asynciotest.c
-index 0d382d7..133e3d5 100644
---- a/test/asynciotest.c
-+++ b/test/asynciotest.c
-@@ -85,7 +85,7 @@ static int async_free(BIO *bio)
- static int async_read(BIO *bio, char *out, int outl)
- {
- struct async_ctrs *ctrs;
-- int ret = 0;
-+ int ret = -1;
- BIO *next = BIO_next(bio);
-
- if (outl <= 0)
-@@ -120,7 +120,7 @@ static int async_read(BIO *bio, char *ou
- static int async_write(BIO *bio, const char *in, int inl)
- {
- struct async_ctrs *ctrs;
-- int ret = 0;
-+ int ret = -1;
- size_t written = 0;
- BIO *next = BIO_next(bio);
-
-@@ -297,32 +297,59 @@ int main(int argc, char *argv[])
- * we hit at least one async event in both reading and writing
- */
- for (j = 0; j < 2; j++) {
-+ int len;
-+
- /*
- * Write some test data. It should never take more than 2 attempts
-- * (the first one might be a retryable fail). A zero return from
-- * SSL_write() is a non-retryable failure, so fail immediately if
-- * we get that.
-+ * (the first one might be a retryable fail).
- */
-- for (ret = -1, i = 0; ret < 0 && i < 2 * sizeof(testdata); i++)
-- ret = SSL_write(clientssl, testdata, sizeof(testdata));
-- if (ret <= 0) {
-- printf("Test %d failed: Failed to write app data\n", test);
-+ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
-+ i++) {
-+ ret = SSL_write(clientssl, testdata + len,
-+ sizeof(testdata) - len);
-+ if (ret > 0) {
-+ len += ret;
-+ } else {
-+ int ssl_error = SSL_get_error(clientssl, ret);
-+
-+ if (ssl_error == SSL_ERROR_SYSCALL ||
-+ ssl_error == SSL_ERROR_SSL) {
-+ printf("Test %d failed: Failed to write app data\n", test);
-+ err = -1;
-+ goto end;
-+ }
-+ }
-+ }
-+ if (len != sizeof(testdata)) {
-+ err = -1;
-+ printf("Test %d failed: Failed to write all app data\n", test);
- goto end;
- }
- /*
- * Now read the test data. It may take more attemps here because
- * it could fail once for each byte read, including all overhead
-- * bytes from the record header/padding etc. Fail immediately if we
-- * get a zero return from SSL_read().
-+ * bytes from the record header/padding etc.
- */
-- for (ret = -1, i = 0; ret < 0 && i < MAX_ATTEMPTS; i++)
-- ret = SSL_read(serverssl, buf, sizeof(buf));
-- if (ret <= 0) {
-- printf("Test %d failed: Failed to read app data\n", test);
-- goto end;
-+ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
-+ i < MAX_ATTEMPTS; i++)
-+ {
-+ ret = SSL_read(serverssl, buf + len, sizeof(buf) - len);
-+ if (ret > 0) {
-+ len += ret;
-+ } else {
-+ int ssl_error = SSL_get_error(serverssl, ret);
-+
-+ if (ssl_error == SSL_ERROR_SYSCALL ||
-+ ssl_error == SSL_ERROR_SSL) {
-+ printf("Test %d failed: Failed to read app data\n", test);
-+ err = -1;
-+ goto end;
-+ }
-+ }
- }
-- if (ret != sizeof(testdata)
-+ if (len != sizeof(testdata)
- || memcmp(buf, testdata, sizeof(testdata)) != 0) {
-+ err = -1;
- printf("Test %d failed: Unexpected app data received\n", test);
- goto end;
- }
---
-2.5.5
-
diff --git a/openssl.spec b/openssl.spec
index 2e053d7..75d63f3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.0c
-Release: 5%{?dist}
+Version: 1.1.0d
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -61,8 +61,6 @@ Patch42: openssl-1.1.0-fips.patch
Patch43: openssl-1.1.0-afalg-eventfd2.patch
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
# Backported fixes including security fixes
-Patch60: openssl-1.1.0-sslread-revert.patch
-Patch61: openssl-1.1.0-cert-req.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -163,8 +161,6 @@ cp %{SOURCE13} test/
%patch43 -p1 -b .eventfd2
%patch44 -p1 -b .preserve-nl
-%patch60 -p1 -b .sslread-revert
-%patch61 -p1 -b .cert-req
%build
# Figure out which flags we want to use.
@@ -432,6 +428,9 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Jan 26 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0d-1
+- update to upstream version 1.1.0d
+
* Thu Dec 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-5
- preserve new line in fd BIO BIO_gets() as other BIOs do
diff --git a/sources b/sources
index cd74e22..e0f4a59 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-9e8c736f47938e0dc2f28893cd96c912 openssl-1.1.0c-hobbled.tar.xz
+SHA512 (openssl-1.1.0d-hobbled.tar.xz) = 375cecff07762593606d5e3ea145cf3dfad8ab5ce2fa2b696ffa2fbff9b45b929259f481c44d1db475183030e70eb443ae8c73ee9257fb766597032b27654349
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: update to upstream version 1.1.0d Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox