public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: update to upstream version 1.1.0g
Date: Tue, 09 Jun 2026 12:44:04 GMT [thread overview]
Message-ID: <178100904405.1.15766168694791589917.rpms-openssl-e85d72778f88@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : e85d72778f88ab13338b1b06ac828376f9106613
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2017-11-03T16:57:03+01:00
Stats : +377/-535 in 9 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/e85d72778f88ab13338b1b06ac828376f9106613?branch=rebase_40beta
Log:
update to upstream version 1.1.0g
---
diff --git a/openssl-1.1.0-afalg-eventfd2.patch b/openssl-1.1.0-afalg-eventfd2.patch
deleted file mode 100644
index 2d4cbe9..0000000
--- a/openssl-1.1.0-afalg-eventfd2.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.1.0b/engines/afalg/e_afalg.c.eventfd2 openssl-1.1.0b/engines/afalg/e_afalg.c
---- openssl-1.1.0b/engines/afalg/e_afalg.c.eventfd2 2016-09-26 11:46:07.000000000 +0200
-+++ openssl-1.1.0b/engines/afalg/e_afalg.c 2016-10-11 10:56:00.884185249 +0200
-@@ -104,7 +104,7 @@ static ossl_inline int io_setup(unsigned
-
- static ossl_inline int eventfd(int n)
- {
-- return syscall(__NR_eventfd, n);
-+ return syscall(__NR_eventfd2, n, 0);
- }
-
- static ossl_inline int io_destroy(aio_context_t ctx)
diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch
index 8d00f64..bedd957 100644
--- a/openssl-1.1.0-build.patch
+++ b/openssl-1.1.0-build.patch
@@ -38,12 +38,12 @@ diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configu
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
-diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt
---- openssl-1.1.0f/test/evptests.txt.build 2017-05-25 14:46:21.000000000 +0200
-+++ openssl-1.1.0f/test/evptests.txt 2017-06-02 15:05:49.422161136 +0200
-@@ -3690,14 +3690,6 @@ PublicKey=Bob-25519-PUBLIC
- MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
- -----END PUBLIC KEY-----
+diff -up openssl-1.1.0g/test/evptests.txt.build openssl-1.1.0g/test/evptests.txt
+--- openssl-1.1.0g/test/evptests.txt.build 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/test/evptests.txt 2017-11-03 16:37:01.253671494 +0100
+@@ -3707,14 +3707,6 @@ MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+D
+
+ PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC
-Derive=Alice-25519
-PeerKey=Bob-25519-PUBLIC
@@ -56,7 +56,7 @@ diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt
# Illegal sign/verify operations with X25519 key
Sign=Alice-25519
-@@ -3710,6 +3702,14 @@ Result = KEYOP_INIT_ERROR
+@@ -3727,6 +3719,14 @@ Result = KEYOP_INIT_ERROR
Function = EVP_PKEY_verify_init
Reason = operation not supported for this keytype
diff --git a/openssl-1.1.0-dtls-failure.patch b/openssl-1.1.0-dtls-failure.patch
deleted file mode 100644
index 180a1a5..0000000
--- a/openssl-1.1.0-dtls-failure.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 290cfa823fb3afea5b36ed17113ffb4f675d0165 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 20 Jun 2017 16:36:30 +0100
-Subject: [PATCH] Fix DTLS failure when used in a build which has SCTP enabled
-
-The value of BIO_CTRL_DGRAM_SET_PEEK_MODE was clashing with the value for
-BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. In an SCTP enabled build
-BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE was used unconditionally with
-the reasoning that it would be ignored if SCTP wasn't in use. Unfortunately
-due to this clash, this wasn't the case. The BIO ended up going into peek
-mode and was continually reading the same data over and over - throwing it
-away as a replay.
-
-Fixes #3723
----
- crypto/bio/bss_dgram.c | 9 +++++++++
- include/openssl/bio.h | 7 ++++---
- ssl/statem/statem.c | 8 ++++----
- 3 files changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
-index 7ef4281..4070f20 100644
---- a/crypto/bio/bss_dgram.c
-+++ b/crypto/bio/bss_dgram.c
-@@ -787,6 +787,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
- case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
- ret = dgram_get_mtu_overhead(data);
- break;
-+
-+ /*
-+ * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
-+ * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
-+ * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
-+ * value has been updated to a non-clashing value. However to preserve
-+ * binary compatiblity we now respond to both the old value and the new one
-+ */
-+ case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
- case BIO_CTRL_DGRAM_SET_PEEK_MODE:
- data->peekmode = (unsigned int)num;
- break;
-diff --git a/include/openssl/bio.h b/include/openssl/bio.h
-index 0955b76..5f8f83a 100644
---- a/include/openssl/bio.h
-+++ b/include/openssl/bio.h
-@@ -126,11 +126,10 @@ extern "C" {
-
- # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
-
--# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50
--
-+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
-+# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
- # ifndef OPENSSL_NO_SCTP
- /* SCTP stuff */
--# define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
- # define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY 51
- # define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY 52
- # define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD 53
-@@ -143,6 +142,8 @@ extern "C" {
- # define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN 70
- # endif
-
-+# define BIO_CTRL_DGRAM_SET_PEEK_MODE 71
-+
- /* modifiers */
- # define BIO_FP_READ 0x02
- # define BIO_FP_WRITE 0x04
-diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
-index 52beac7..9eab8ce 100644
---- a/ssl/statem/statem.c
-+++ b/ssl/statem/statem.c
-@@ -300,10 +300,10 @@ static int state_machine(SSL *s, int server)
- return -1;
- }
- #ifndef OPENSSL_NO_SCTP
-- if (SSL_IS_DTLS(s)) {
-+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- /*
- * Notify SCTP BIO socket to enter handshake mode and prevent stream
-- * identifier other than 0. Will be ignored if no SCTP is used.
-+ * identifier other than 0.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
- st->in_handshake, NULL);
-@@ -421,10 +421,10 @@ static int state_machine(SSL *s, int server)
- st->in_handshake--;
-
- #ifndef OPENSSL_NO_SCTP
-- if (SSL_IS_DTLS(s)) {
-+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
- /*
- * Notify SCTP BIO socket to leave handshake mode and allow stream
-- * identifier other than 0. Will be ignored if no SCTP is used.
-+ * identifier other than 0.
- */
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
- st->in_handshake, NULL);
---
-2.9.3
-
diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch
index 3362a20..aa1e032 100644
--- a/openssl-1.1.0-fips.patch
+++ b/openssl-1.1.0-fips.patch
@@ -1,9 +1,9 @@
-diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c
---- openssl-1.1.0f/apps/speed.c.fips 2017-06-02 14:14:25.449420942 +0200
-+++ openssl-1.1.0f/apps/speed.c 2017-06-02 14:14:25.457421131 +0200
-@@ -1448,7 +1448,9 @@ int speed_main(int argc, char **argv)
- }
- # endif
+diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
+--- openssl-1.1.0g/apps/speed.c.fips 2017-11-03 16:17:27.753155253 +0100
++++ openssl-1.1.0g/apps/speed.c 2017-11-03 16:19:01.490326410 +0100
+@@ -1446,7 +1446,9 @@ int speed_main(int argc, char **argv)
+ if (strcmp(*argv, "openssl") == 0)
+ continue;
if (strcmp(*argv, "rsa") == 0) {
- rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] =
+ if (!FIPS_mode())
@@ -12,7 +12,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
rsa_doit[R_RSA_15360] = 1;
-@@ -1461,7 +1463,9 @@ int speed_main(int argc, char **argv)
+@@ -1459,7 +1461,9 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_DSA
if (strcmp(*argv, "dsa") == 0) {
@@ -23,7 +23,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c
dsa_doit[R_DSA_2048] = 1;
continue;
}
-@@ -1550,15 +1554,21 @@ int speed_main(int argc, char **argv)
+@@ -1548,15 +1552,21 @@ int speed_main(int argc, char **argv)
/* No parameters; turn on everything. */
if ((argc == 0) && !doit[D_EVP]) {
for (i = 0; i < ALGOR_NUM; i++)
@@ -48,7 +48,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c
#endif
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
-@@ -1607,30 +1617,46 @@ int speed_main(int argc, char **argv)
+@@ -1605,30 +1615,46 @@ int speed_main(int argc, char **argv)
AES_set_encrypt_key(key24, 192, &aes_ks2);
AES_set_encrypt_key(key32, 256, &aes_ks3);
#ifndef OPENSSL_NO_CAMELLIA
@@ -105,7 +105,7 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c
#endif
#ifndef SIGALRM
# ifndef OPENSSL_NO_DES
-@@ -1891,6 +1917,7 @@ int speed_main(int argc, char **argv)
+@@ -1889,6 +1915,7 @@ int speed_main(int argc, char **argv)
for (i = 0; i < loopargs_len; i++) {
loopargs[i].hctx = HMAC_CTX_new();
@@ -113,10 +113,10 @@ diff -up openssl-1.1.0f/apps/speed.c.fips openssl-1.1.0f/apps/speed.c
if (loopargs[i].hctx == NULL) {
BIO_printf(bio_err, "HMAC malloc failure, exiting...");
exit(1);
-diff -up openssl-1.1.0f/Configure.fips openssl-1.1.0f/Configure
---- openssl-1.1.0f/Configure.fips 2017-06-02 14:14:25.455421083 +0200
-+++ openssl-1.1.0f/Configure 2017-06-02 14:14:25.458421154 +0200
-@@ -314,7 +314,7 @@ $config{sdirs} = [
+diff -up openssl-1.1.0g/Configure.fips openssl-1.1.0g/Configure
+--- openssl-1.1.0g/Configure.fips 2017-11-03 16:17:27.759155391 +0100
++++ openssl-1.1.0g/Configure 2017-11-03 16:17:27.762155461 +0100
+@@ -312,7 +312,7 @@ $config{sdirs} = [
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
"des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
@@ -125,9 +125,9 @@ diff -up openssl-1.1.0f/Configure.fips openssl-1.1.0f/Configure
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
-diff -up openssl-1.1.0f/crypto/bn/bn_rand.c.fips openssl-1.1.0f/crypto/bn/bn_rand.c
---- openssl-1.1.0f/crypto/bn/bn_rand.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/bn/bn_rand.c 2017-06-02 14:14:25.458421154 +0200
+diff -up openssl-1.1.0g/crypto/bn/bn_rand.c.fips openssl-1.1.0g/crypto/bn/bn_rand.c
+--- openssl-1.1.0g/crypto/bn/bn_rand.c.fips 2017-11-02 15:29:02.000000000 +0100
++++ openssl-1.1.0g/crypto/bn/bn_rand.c 2017-11-03 16:17:27.762155461 +0100
@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
}
@@ -143,9 +143,9 @@ diff -up openssl-1.1.0f/crypto/bn/bn_rand.c.fips openssl-1.1.0f/crypto/bn/bn_ran
if (RAND_bytes(buf, bytes) <= 0)
goto err;
-diff -up openssl-1.1.0f/crypto/dh/dh_err.c.fips openssl-1.1.0f/crypto/dh/dh_err.c
---- openssl-1.1.0f/crypto/dh/dh_err.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dh/dh_err.c 2017-06-02 14:14:25.458421154 +0200
+diff -up openssl-1.1.0g/crypto/dh/dh_err.c.fips openssl-1.1.0g/crypto/dh/dh_err.c
+--- openssl-1.1.0g/crypto/dh/dh_err.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dh/dh_err.c 2017-11-03 16:17:27.762155461 +0100
@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
@@ -168,9 +168,9 @@ diff -up openssl-1.1.0f/crypto/dh/dh_err.c.fips openssl-1.1.0f/crypto/dh/dh_err.
{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
{ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
-diff -up openssl-1.1.0f/crypto/dh/dh_gen.c.fips openssl-1.1.0f/crypto/dh/dh_gen.c
---- openssl-1.1.0f/crypto/dh/dh_gen.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dh/dh_gen.c 2017-06-02 14:14:25.458421154 +0200
+diff -up openssl-1.1.0g/crypto/dh/dh_gen.c.fips openssl-1.1.0g/crypto/dh/dh_gen.c
+--- openssl-1.1.0g/crypto/dh/dh_gen.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dh/dh_gen.c 2017-11-03 16:17:27.762155461 +0100
@@ -16,6 +16,9 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -214,9 +214,9 @@ diff -up openssl-1.1.0f/crypto/dh/dh_gen.c.fips openssl-1.1.0f/crypto/dh/dh_gen.
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.c
---- openssl-1.1.0f/crypto/dh/dh_key.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dh/dh_key.c 2017-06-02 14:14:25.458421154 +0200
+diff -up openssl-1.1.0g/crypto/dh/dh_key.c.fips openssl-1.1.0g/crypto/dh/dh_key.c
+--- openssl-1.1.0g/crypto/dh/dh_key.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dh/dh_key.c 2017-11-03 16:17:27.763155484 +0100
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
#include "dh_locl.h"
@@ -261,7 +261,7 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
-@@ -70,6 +87,14 @@ static int generate_key(DH *dh)
+@@ -82,6 +99,14 @@ static int generate_key(DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
@@ -276,7 +276,7 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-@@ -153,6 +178,13 @@ static int compute_key(unsigned char *ke
+@@ -165,6 +190,13 @@ static int compute_key(unsigned char *ke
DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
goto err;
}
@@ -290,7 +290,7 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.
ctx = BN_CTX_new();
if (ctx == NULL)
-@@ -204,6 +236,9 @@ static int dh_bn_mod_exp(const DH *dh, B
+@@ -216,6 +248,9 @@ static int dh_bn_mod_exp(const DH *dh, B
static int dh_init(DH *dh)
{
@@ -300,9 +300,9 @@ diff -up openssl-1.1.0f/crypto/dh/dh_key.c.fips openssl-1.1.0f/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0f/crypto/dsa/dsa_err.c.fips openssl-1.1.0f/crypto/dsa/dsa_err.c
---- openssl-1.1.0f/crypto/dsa/dsa_err.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dsa/dsa_err.c 2017-06-02 14:14:25.458421154 +0200
+diff -up openssl-1.1.0g/crypto/dsa/dsa_err.c.fips openssl-1.1.0g/crypto/dsa/dsa_err.c
+--- openssl-1.1.0g/crypto/dsa/dsa_err.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dsa/dsa_err.c 2017-11-03 16:17:27.763155484 +0100
@@ -21,10 +21,13 @@
static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -330,9 +330,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_err.c.fips openssl-1.1.0f/crypto/dsa/dsa_
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
{ERR_REASON(DSA_R_SEED_LEN_SMALL),
-diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_gen.c
---- openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dsa/dsa_gen.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips openssl-1.1.0g/crypto/dsa/dsa_gen.c
+--- openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dsa/dsa_gen.c 2017-11-03 16:17:27.763155484 +0100
@@ -22,12 +22,22 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -402,7 +402,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
-@@ -418,9 +448,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -420,9 +450,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
goto err;
/* Provided seed didn't produce a prime: error */
if (seed_in) {
@@ -416,7 +416,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_
}
/* do a callback call */
-@@ -506,11 +537,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -508,11 +539,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
if (counter >= (int)(4 * L))
break;
}
@@ -431,7 +431,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_
}
end:
if (!BN_GENCB_call(cb, 2, 1))
-@@ -581,7 +615,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -583,7 +617,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
BN_free(ret->g);
ret->g = BN_dup(g);
if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
@@ -440,7 +440,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_
goto err;
}
if (counter_ret != NULL)
-@@ -599,3 +633,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -601,3 +635,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
EVP_MD_CTX_free(mctx);
return ok;
}
@@ -494,9 +494,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_gen.c.fips openssl-1.1.0f/crypto/dsa/dsa_
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/dsa/dsa_key.c.fips openssl-1.1.0f/crypto/dsa/dsa_key.c
---- openssl-1.1.0f/crypto/dsa/dsa_key.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dsa/dsa_key.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/dsa/dsa_key.c.fips openssl-1.1.0g/crypto/dsa/dsa_key.c
+--- openssl-1.1.0g/crypto/dsa/dsa_key.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dsa/dsa_key.c 2017-11-03 16:17:27.763155484 +0100
@@ -13,10 +13,49 @@
#include <openssl/bn.h>
#include "dsa_locl.h"
@@ -576,9 +576,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_key.c.fips openssl-1.1.0f/crypto/dsa/dsa_
ok = 1;
err:
-diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa_ossl.c
---- openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dsa/dsa_ossl.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0g/crypto/dsa/dsa_ossl.c
+--- openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dsa/dsa_ossl.c 2017-11-03 16:17:27.763155484 +0100
@@ -15,6 +15,9 @@
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -589,7 +589,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-@@ -56,6 +59,19 @@ static DSA_SIG *dsa_do_sign(const unsign
+@@ -68,6 +71,19 @@ static DSA_SIG *dsa_do_sign(const unsign
DSA_SIG *ret = NULL;
int rv = 0;
@@ -609,7 +609,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa
m = BN_new();
xr = BN_new();
if (m == NULL || xr == NULL)
-@@ -239,6 +255,18 @@ static int dsa_do_verify(const unsigned
+@@ -266,6 +282,18 @@ static int dsa_do_verify(const unsigned
DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
return -1;
}
@@ -628,7 +628,7 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa
if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
-@@ -327,6 +355,9 @@ static int dsa_do_verify(const unsigned
+@@ -354,6 +382,9 @@ static int dsa_do_verify(const unsigned
static int dsa_init(DSA *dsa)
{
@@ -638,9 +638,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0f/crypto/dsa/dsa
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0f/crypto/dsa/dsa_pmeth.c
---- openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/dsa/dsa_pmeth.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0g/crypto/dsa/dsa_pmeth.c
+--- openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/dsa/dsa_pmeth.c 2017-11-03 16:17:27.763155484 +0100
@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
BN_GENCB_free(pcb);
return 0;
@@ -652,9 +652,9 @@ diff -up openssl-1.1.0f/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0f/crypto/dsa/ds
BN_GENCB_free(pcb);
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
-diff -up openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdh_ossl.c
---- openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/ec/ecdh_ossl.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdh_ossl.c
+--- openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/ec/ecdh_ossl.c 2017-11-03 16:17:27.764155507 +0100
@@ -33,9 +33,20 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -676,9 +676,9 @@ diff -up openssl-1.1.0f/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdh
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
return 0;
-diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecdsa_ossl.c
---- openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/ec/ecdsa_ossl.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdsa_ossl.c
+--- openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/ec/ecdsa_ossl.c 2017-11-03 16:17:27.764155507 +0100
@@ -15,6 +15,10 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -690,7 +690,7 @@ diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecd
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
unsigned char *sig, unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
-@@ -203,6 +207,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
+@@ -217,6 +221,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
ECDSA_SIG *ret;
const BIGNUM *priv_key;
@@ -704,7 +704,7 @@ diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecd
group = EC_KEY_get0_group(eckey);
priv_key = EC_KEY_get0_private_key(eckey);
-@@ -352,6 +363,13 @@ int ossl_ecdsa_verify_sig(const unsigned
+@@ -366,6 +377,13 @@ int ossl_ecdsa_verify_sig(const unsigned
const EC_GROUP *group;
const EC_POINT *pub_key;
@@ -718,9 +718,9 @@ diff -up openssl-1.1.0f/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0f/crypto/ec/ecd
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.1.0f/crypto/ec/ec_key.c.fips openssl-1.1.0f/crypto/ec/ec_key.c
---- openssl-1.1.0f/crypto/ec/ec_key.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/ec/ec_key.c 2017-06-02 14:14:25.459421178 +0200
+diff -up openssl-1.1.0g/crypto/ec/ec_key.c.fips openssl-1.1.0g/crypto/ec/ec_key.c
+--- openssl-1.1.0g/crypto/ec/ec_key.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/ec/ec_key.c 2017-11-03 16:17:27.764155507 +0100
@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r)
return ((i > 1) ? 1 : 0);
}
@@ -785,9 +785,9 @@ diff -up openssl-1.1.0f/crypto/ec/ec_key.c.fips openssl-1.1.0f/crypto/ec/ec_key.
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
return 0;
}
-diff -up openssl-1.1.0f/crypto/err/err_all.c.fips openssl-1.1.0f/crypto/err/err_all.c
---- openssl-1.1.0f/crypto/err/err_all.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/err/err_all.c 2017-06-02 14:14:25.460421201 +0200
+diff -up openssl-1.1.0g/crypto/err/err_all.c.fips openssl-1.1.0g/crypto/err/err_all.c
+--- openssl-1.1.0g/crypto/err/err_all.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/err/err_all.c 2017-11-03 16:17:27.764155507 +0100
@@ -43,9 +43,6 @@
int err_load_crypto_strings_int(void)
{
@@ -798,9 +798,9 @@ diff -up openssl-1.1.0f/crypto/err/err_all.c.fips openssl-1.1.0f/crypto/err/err_
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
ERR_load_BN_strings() == 0 ||
-diff -up openssl-1.1.0f/crypto/evp/c_allc.c.fips openssl-1.1.0f/crypto/evp/c_allc.c
---- openssl-1.1.0f/crypto/evp/c_allc.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/c_allc.c 2017-06-02 14:14:25.460421201 +0200
+diff -up openssl-1.1.0g/crypto/evp/c_allc.c.fips openssl-1.1.0g/crypto/evp/c_allc.c
+--- openssl-1.1.0g/crypto/evp/c_allc.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/c_allc.c 2017-11-03 16:17:27.764155507 +0100
@@ -17,6 +17,9 @@
void openssl_add_all_ciphers_int(void)
{
@@ -882,9 +882,9 @@ diff -up openssl-1.1.0f/crypto/evp/c_allc.c.fips openssl-1.1.0f/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0f/crypto/evp/c_alld.c.fips openssl-1.1.0f/crypto/evp/c_alld.c
---- openssl-1.1.0f/crypto/evp/c_alld.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/c_alld.c 2017-06-02 14:14:25.460421201 +0200
+diff -up openssl-1.1.0g/crypto/evp/c_alld.c.fips openssl-1.1.0g/crypto/evp/c_alld.c
+--- openssl-1.1.0g/crypto/evp/c_alld.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/c_alld.c 2017-11-03 16:17:27.764155507 +0100
@@ -16,6 +16,9 @@
void openssl_add_all_digests_int(void)
@@ -911,9 +911,9 @@ diff -up openssl-1.1.0f/crypto/evp/c_alld.c.fips openssl-1.1.0f/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0f/crypto/evp/digest.c.fips openssl-1.1.0f/crypto/evp/digest.c
---- openssl-1.1.0f/crypto/evp/digest.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/digest.c 2017-06-02 14:14:25.460421201 +0200
+diff -up openssl-1.1.0g/crypto/evp/digest.c.fips openssl-1.1.0g/crypto/evp/digest.c
+--- openssl-1.1.0g/crypto/evp/digest.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/digest.c 2017-11-03 16:17:27.765155531 +0100
@@ -14,6 +14,9 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -973,9 +973,9 @@ diff -up openssl-1.1.0f/crypto/evp/digest.c.fips openssl-1.1.0f/crypto/evp/diges
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
if (size != NULL)
-diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes.c
---- openssl-1.1.0f/crypto/evp/e_aes.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/e_aes.c 2017-06-02 14:14:25.460421201 +0200
+diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.c
+--- openssl-1.1.0g/crypto/evp/e_aes.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/e_aes.c 2017-11-03 16:17:27.765155531 +0100
@@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
return 1;
}
@@ -1047,7 +1047,7 @@ diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes.
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -2189,11 +2207,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
+@@ -2190,11 +2208,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
#define aes_ccm_cleanup NULL
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
@@ -1062,7 +1062,7 @@ diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes.
typedef struct {
union {
-@@ -2286,7 +2304,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
+@@ -2287,7 +2305,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
return rv ? (int)rv : -1;
}
@@ -1071,9 +1071,9 @@ diff -up openssl-1.1.0f/crypto/evp/e_aes.c.fips openssl-1.1.0f/crypto/evp/e_aes.
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-diff -up openssl-1.1.0f/crypto/evp/e_des3.c.fips openssl-1.1.0f/crypto/evp/e_des3.c
---- openssl-1.1.0f/crypto/evp/e_des3.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/e_des3.c 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/evp/e_des3.c.fips openssl-1.1.0g/crypto/evp/e_des3.c
+--- openssl-1.1.0g/crypto/evp/e_des3.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/e_des3.c 2017-11-03 16:17:27.765155531 +0100
@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
# define des_ede3_cbc_cipher des_ede_cbc_cipher
# define des_ede3_ecb_cipher des_ede_ecb_cipher
@@ -1100,9 +1100,9 @@ diff -up openssl-1.1.0f/crypto/evp/e_des3.c.fips openssl-1.1.0f/crypto/evp/e_des
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff -up openssl-1.1.0f/crypto/evp/e_null.c.fips openssl-1.1.0f/crypto/evp/e_null.c
---- openssl-1.1.0f/crypto/evp/e_null.c.fips 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/e_null.c 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/evp/e_null.c.fips openssl-1.1.0g/crypto/evp/e_null.c
+--- openssl-1.1.0g/crypto/evp/e_null.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/e_null.c 2017-11-03 16:17:27.765155531 +0100
@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
@@ -1113,9 +1113,9 @@ diff -up openssl-1.1.0f/crypto/evp/e_null.c.fips openssl-1.1.0f/crypto/evp/e_nul
null_init_key,
null_cipher,
NULL,
-diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_enc.c
---- openssl-1.1.0f/crypto/evp/evp_enc.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/evp_enc.c 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/evp/evp_enc.c.fips openssl-1.1.0g/crypto/evp/evp_enc.c
+--- openssl-1.1.0g/crypto/evp/evp_enc.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/evp_enc.c 2017-11-03 16:17:27.765155531 +0100
@@ -16,10 +16,19 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -1150,7 +1150,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_
return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
}
-@@ -65,6 +80,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -66,6 +81,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
enc = 1;
ctx->encrypt = enc;
}
@@ -1163,7 +1163,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_
#ifndef OPENSSL_NO_ENGINE
/*
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
-@@ -134,7 +155,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -135,7 +156,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
}
ctx->key_len = cipher->key_len;
/* Preserve wrap enable flag, zero everything else */
@@ -1172,7 +1172,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
ctx->cipher = NULL;
-@@ -193,6 +214,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+@@ -194,6 +215,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
return 0;
}
}
@@ -1191,9 +1191,9 @@ diff -up openssl-1.1.0f/crypto/evp/evp_enc.c.fips openssl-1.1.0f/crypto/evp/evp_
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if (!ctx->cipher->init(ctx, key, iv, enc))
-diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_err.c
---- openssl-1.1.0f/crypto/evp/evp_err.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/evp_err.c 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/evp/evp_err.c.fips openssl-1.1.0g/crypto/evp/evp_err.c
+--- openssl-1.1.0g/crypto/evp/evp_err.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/evp_err.c 2017-11-03 16:17:27.766155554 +0100
@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
{ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
@@ -1202,7 +1202,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_
{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
{ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
-@@ -109,6 +110,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -111,6 +112,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
@@ -1210,7 +1210,7 @@ diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_
{ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
{ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
-@@ -144,6 +146,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -148,6 +150,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -1218,9 +1218,9 @@ diff -up openssl-1.1.0f/crypto/evp/evp_err.c.fips openssl-1.1.0f/crypto/evp/evp_
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-diff -up openssl-1.1.0f/crypto/evp/evp_lib.c.fips openssl-1.1.0f/crypto/evp/evp_lib.c
---- openssl-1.1.0f/crypto/evp/evp_lib.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/evp_lib.c 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/evp/evp_lib.c.fips openssl-1.1.0g/crypto/evp/evp_lib.c
+--- openssl-1.1.0g/crypto/evp/evp_lib.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/evp_lib.c 2017-11-03 16:17:27.766155554 +0100
@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
@@ -1231,9 +1231,9 @@ diff -up openssl-1.1.0f/crypto/evp/evp_lib.c.fips openssl-1.1.0f/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
-diff -up openssl-1.1.0f/crypto/evp/m_sha1.c.fips openssl-1.1.0f/crypto/evp/m_sha1.c
---- openssl-1.1.0f/crypto/evp/m_sha1.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/evp/m_sha1.c 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/evp/m_sha1.c.fips openssl-1.1.0g/crypto/evp/m_sha1.c
+--- openssl-1.1.0g/crypto/evp/m_sha1.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/evp/m_sha1.c 2017-11-03 16:17:27.766155554 +0100
@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = {
NID_sha1,
NID_sha1WithRSAEncryption,
@@ -1279,9 +1279,9 @@ diff -up openssl-1.1.0f/crypto/evp/m_sha1.c.fips openssl-1.1.0f/crypto/evp/m_sha
init512,
update512,
final512,
-diff -up openssl-1.1.0f/crypto/fips/build.info.fips openssl-1.1.0f/crypto/fips/build.info
---- openssl-1.1.0f/crypto/fips/build.info.fips 2017-06-02 14:14:25.461421225 +0200
-+++ openssl-1.1.0f/crypto/fips/build.info 2017-06-02 14:14:25.461421225 +0200
+diff -up openssl-1.1.0g/crypto/fips/build.info.fips openssl-1.1.0g/crypto/fips/build.info
+--- openssl-1.1.0g/crypto/fips/build.info.fips 2017-11-03 16:17:27.766155554 +0100
++++ openssl-1.1.0g/crypto/fips/build.info 2017-11-03 16:17:27.766155554 +0100
@@ -0,0 +1,15 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
@@ -1298,9 +1298,9 @@ diff -up openssl-1.1.0f/crypto/fips/build.info.fips openssl-1.1.0f/crypto/fips/b
+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
+INCLUDE[fips_standalone_hmac]=../../include
+DEPEND[fips_standalone_hmac]=../../libcrypto
-diff -up openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_aes_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_aes_selftest.c 2017-06-02 14:14:25.462421248 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_aes_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips 2017-11-03 16:17:27.766155554 +0100
++++ openssl-1.1.0g/crypto/fips/fips_aes_selftest.c 2017-11-03 16:17:27.766155554 +0100
@@ -0,0 +1,372 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -1674,9 +1674,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0f/cryp
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips.c.fips openssl-1.1.0f/crypto/fips/fips.c
---- openssl-1.1.0f/crypto/fips/fips.c.fips 2017-06-02 14:14:25.462421248 +0200
-+++ openssl-1.1.0f/crypto/fips/fips.c 2017-06-02 14:14:25.462421248 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips.c.fips openssl-1.1.0g/crypto/fips/fips.c
+--- openssl-1.1.0g/crypto/fips/fips.c.fips 2017-11-03 16:17:27.766155554 +0100
++++ openssl-1.1.0g/crypto/fips/fips.c 2017-11-03 16:17:27.766155554 +0100
@@ -0,0 +1,526 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2204,9 +2204,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips.c.fips openssl-1.1.0f/crypto/fips/fips.
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c 2017-06-02 14:14:25.462421248 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100
++++ openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c 2017-11-03 16:17:27.767155577 +0100
@@ -0,0 +1,156 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2364,9 +2364,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0f/cry
+ return rv;
+}
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_des_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_des_selftest.c 2017-06-02 14:14:25.462421248 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_des_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100
++++ openssl-1.1.0g/crypto/fips/fips_des_selftest.c 2017-11-03 16:17:27.767155577 +0100
@@ -0,0 +1,133 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2501,9 +2501,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0f/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_dh_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips 2017-06-02 14:14:25.462421248 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_dh_selftest.c 2017-06-02 14:14:25.462421248 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_dh_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100
++++ openssl-1.1.0g/crypto/fips/fips_dh_selftest.c 2017-11-03 16:17:27.767155577 +0100
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2685,9 +2685,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0f/crypt
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c
---- openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips 2017-06-02 14:14:25.463421272 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c 2017-06-02 14:14:25.463421272 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips 2017-11-03 16:17:27.767155577 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c 2017-11-03 16:17:27.767155577 +0100
@@ -0,0 +1,415 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3104,9 +3104,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0f/crypto/f
+
+ return 1;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_hash.c
---- openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips 2017-06-02 14:14:25.463421272 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_hash.c 2017-06-02 14:14:25.463421272 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_hash.c
+--- openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips 2017-11-03 16:17:27.767155577 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_hash.c 2017-11-03 16:17:27.767155577 +0100
@@ -0,0 +1,361 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3469,9 +3469,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0f/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c
---- openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips 2017-06-02 14:14:25.463421272 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c 2017-06-02 14:14:25.463421272 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips 2017-11-03 16:17:27.768155600 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c 2017-11-03 16:17:27.768155600 +0100
@@ -0,0 +1,272 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3745,9 +3745,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0f/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips 2017-06-02 14:14:25.463421272 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_lib.c 2017-06-02 14:14:25.463421272 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_lib.c
+--- openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips 2017-11-03 16:17:27.768155600 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_lib.c 2017-11-03 16:17:27.768155600 +0100
@@ -0,0 +1,555 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
@@ -4304,9 +4304,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0f/crypto/f
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips 2017-06-02 14:14:25.463421272 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_rand.c 2017-06-02 14:14:25.463421272 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_rand.c
+--- openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips 2017-11-03 16:17:27.768155600 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_rand.c 2017-11-03 16:17:27.768155600 +0100
@@ -0,0 +1,183 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4491,9 +4491,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0f/crypto/
+{
+ return &rand_drbg_meth;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips 2017-06-02 14:14:25.464421296 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c 2017-06-02 14:14:25.464421296 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips 2017-11-03 16:17:27.768155600 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c 2017-11-03 16:17:27.768155600 +0100
@@ -0,0 +1,828 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5323,9 +5323,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0f/cry
+ FIPS_drbg_free(dctx);
+ return rv;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h
---- openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips 2017-06-02 14:14:25.465421319 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h 2017-06-02 14:14:25.465421319 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips 2017-11-03 16:17:27.769155623 +0100
++++ openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h 2017-11-03 16:17:27.769155623 +0100
@@ -0,0 +1,1791 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7118,9 +7118,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0f/cry
+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
+ 0xc2, 0xd6, 0xfd, 0xa5
+};
-diff -up openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c 2017-06-02 14:14:25.465421319 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips 2017-11-03 16:17:27.769155623 +0100
++++ openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c 2017-11-03 16:17:27.769155623 +0100
@@ -0,0 +1,195 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7317,9 +7317,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0f/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c 2017-06-02 14:14:25.465421319 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,242 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7563,9 +7563,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0f/cry
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips 2017-06-02 14:14:25.465421319 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c 2017-06-02 14:14:25.465421319 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,166 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7733,9 +7733,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0f/cr
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_enc.c.fips openssl-1.1.0f/crypto/fips/fips_enc.c
---- openssl-1.1.0f/crypto/fips/fips_enc.c.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_enc.c 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_enc.c.fips openssl-1.1.0g/crypto/fips/fips_enc.c
+--- openssl-1.1.0g/crypto/fips/fips_enc.c.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_enc.c 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,189 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -7926,9 +7926,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_enc.c.fips openssl-1.1.0f/crypto/fips/f
+
+ }
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_err.h.fips openssl-1.1.0f/crypto/fips/fips_err.h
---- openssl-1.1.0f/crypto/fips/fips_err.h.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_err.h 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_err.h.fips openssl-1.1.0g/crypto/fips/fips_err.h
+--- openssl-1.1.0g/crypto/fips/fips_err.h.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_err.h 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,196 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -8126,9 +8126,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_err.h.fips openssl-1.1.0f/crypto/fips/f
+#endif
+ return 1;
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_ers.c.fips openssl-1.1.0f/crypto/fips/fips_ers.c
---- openssl-1.1.0f/crypto/fips/fips_ers.c.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_ers.c 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_ers.c.fips openssl-1.1.0g/crypto/fips/fips_ers.c
+--- openssl-1.1.0g/crypto/fips/fips_ers.c.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_ers.c 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -8137,9 +8137,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_ers.c.fips openssl-1.1.0f/crypto/fips/f
+#else
+static void *dummy = &dummy;
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -8275,9 +8275,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0f/cry
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_locl.h.fips openssl-1.1.0f/crypto/fips/fips_locl.h
---- openssl-1.1.0f/crypto/fips/fips_locl.h.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_locl.h 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_locl.h.fips openssl-1.1.0g/crypto/fips/fips_locl.h
+--- openssl-1.1.0g/crypto/fips/fips_locl.h.fips 2017-11-03 16:17:27.770155646 +0100
++++ openssl-1.1.0g/crypto/fips/fips_locl.h 2017-11-03 16:17:27.770155646 +0100
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8350,9 +8350,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_locl.h.fips openssl-1.1.0f/crypto/fips/
+}
+# endif
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_md.c.fips openssl-1.1.0f/crypto/fips/fips_md.c
---- openssl-1.1.0f/crypto/fips/fips_md.c.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_md.c 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_md.c.fips openssl-1.1.0g/crypto/fips/fips_md.c
+--- openssl-1.1.0g/crypto/fips/fips_md.c.fips 2017-11-03 16:17:27.771155670 +0100
++++ openssl-1.1.0g/crypto/fips/fips_md.c 2017-11-03 16:17:27.771155670 +0100
@@ -0,0 +1,144 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -8498,9 +8498,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_md.c.fips openssl-1.1.0f/crypto/fips/fi
+ return NULL;
+ }
+}
-diff -up openssl-1.1.0f/crypto/fips/fips_post.c.fips openssl-1.1.0f/crypto/fips/fips_post.c
---- openssl-1.1.0f/crypto/fips/fips_post.c.fips 2017-06-02 14:14:25.466421343 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_post.c 2017-06-02 14:14:25.466421343 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_post.c.fips openssl-1.1.0g/crypto/fips/fips_post.c
+--- openssl-1.1.0g/crypto/fips/fips_post.c.fips 2017-11-03 16:17:27.771155670 +0100
++++ openssl-1.1.0g/crypto/fips/fips_post.c 2017-11-03 16:17:27.771155670 +0100
@@ -0,0 +1,222 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8724,9 +8724,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_post.c.fips openssl-1.1.0f/crypto/fips/
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0f/crypto/fips/fips_rand_lcl.h
---- openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips 2017-06-02 14:14:25.467421366 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_rand_lcl.h 2017-06-02 14:14:25.467421366 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0g/crypto/fips/fips_rand_lcl.h
+--- openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips 2017-11-03 16:17:27.771155670 +0100
++++ openssl-1.1.0g/crypto/fips/fips_rand_lcl.h 2017-11-03 16:17:27.771155670 +0100
@@ -0,0 +1,209 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8937,9 +8937,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0f/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0f/crypto/fips/fips_rand_lib.c
---- openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips 2017-06-02 14:14:25.467421366 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_rand_lib.c 2017-06-02 14:14:25.467421366 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0g/crypto/fips/fips_rand_lib.c
+--- openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips 2017-11-03 16:17:27.771155670 +0100
++++ openssl-1.1.0g/crypto/fips/fips_rand_lib.c 2017-11-03 16:17:27.771155670 +0100
@@ -0,0 +1,234 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9175,9 +9175,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0f/crypto/f
+# endif
+}
+
-diff -up openssl-1.1.0f/crypto/fips/fips_randtest.c.fips openssl-1.1.0f/crypto/fips/fips_randtest.c
---- openssl-1.1.0f/crypto/fips/fips_randtest.c.fips 2017-06-02 14:14:25.467421366 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_randtest.c 2017-06-02 14:14:25.467421366 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_randtest.c.fips openssl-1.1.0g/crypto/fips/fips_randtest.c
+--- openssl-1.1.0g/crypto/fips/fips_randtest.c.fips 2017-11-03 16:17:27.771155670 +0100
++++ openssl-1.1.0g/crypto/fips/fips_randtest.c 2017-11-03 16:17:27.771155670 +0100
@@ -0,0 +1,247 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
@@ -9426,9 +9426,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_randtest.c.fips openssl-1.1.0f/crypto/f
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips 2017-06-02 14:14:25.467421366 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c 2017-06-02 14:14:25.467421366 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips 2017-11-03 16:17:27.772155692 +0100
++++ openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c 2017-11-03 16:17:27.772155692 +0100
@@ -0,0 +1,578 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -10008,9 +10008,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0f/cryp
+}
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0f/crypto/fips/fips_sha_selftest.c
---- openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips 2017-06-02 14:14:25.467421366 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_sha_selftest.c 2017-06-02 14:14:25.467421366 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_sha_selftest.c
+--- openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips 2017-11-03 16:17:27.772155692 +0100
++++ openssl-1.1.0g/crypto/fips/fips_sha_selftest.c 2017-11-03 16:17:27.772155692 +0100
@@ -0,0 +1,138 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10150,9 +10150,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0f/cryp
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c
---- openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips 2017-06-02 14:14:25.468421390 +0200
-+++ openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips 2017-11-03 16:17:27.772155692 +0100
++++ openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c 2017-11-03 16:17:27.772155692 +0100
@@ -0,0 +1,127 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10281,9 +10281,9 @@ diff -up openssl-1.1.0f/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0f/c
+#endif
+ return 0;
+}
-diff -up openssl-1.1.0f/crypto/hmac/hmac.c.fips openssl-1.1.0f/crypto/hmac/hmac.c
---- openssl-1.1.0f/crypto/hmac/hmac.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/hmac/hmac.c 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/hmac/hmac.c.fips openssl-1.1.0g/crypto/hmac/hmac.c
+--- openssl-1.1.0g/crypto/hmac/hmac.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/hmac/hmac.c 2017-11-03 16:17:27.772155692 +0100
@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
}
@@ -10298,9 +10298,9 @@ diff -up openssl-1.1.0f/crypto/hmac/hmac.c.fips openssl-1.1.0f/crypto/hmac/hmac.
reset = 1;
j = EVP_MD_block_size(md);
OPENSSL_assert(j <= (int)sizeof(ctx->key));
-diff -up openssl-1.1.0f/crypto/include/internal/fips_int.h.fips openssl-1.1.0f/crypto/include/internal/fips_int.h
---- openssl-1.1.0f/crypto/include/internal/fips_int.h.fips 2017-06-02 14:14:25.468421390 +0200
-+++ openssl-1.1.0f/crypto/include/internal/fips_int.h 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/include/internal/fips_int.h.fips openssl-1.1.0g/crypto/include/internal/fips_int.h
+--- openssl-1.1.0g/crypto/include/internal/fips_int.h.fips 2017-11-03 16:17:27.772155692 +0100
++++ openssl-1.1.0g/crypto/include/internal/fips_int.h 2017-11-03 16:17:27.772155692 +0100
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10403,9 +10403,9 @@ diff -up openssl-1.1.0f/crypto/include/internal/fips_int.h.fips openssl-1.1.0f/c
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+#endif
-diff -up openssl-1.1.0f/crypto/o_fips.c.fips openssl-1.1.0f/crypto/o_fips.c
---- openssl-1.1.0f/crypto/o_fips.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/o_fips.c 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/o_fips.c.fips openssl-1.1.0g/crypto/o_fips.c
+--- openssl-1.1.0g/crypto/o_fips.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/o_fips.c 2017-11-03 16:17:27.772155692 +0100
@@ -9,7 +9,10 @@
#include "internal/cryptlib.h"
@@ -10434,9 +10434,9 @@ diff -up openssl-1.1.0f/crypto/o_fips.c.fips openssl-1.1.0f/crypto/o_fips.c
#else
if (r == 0)
return 1;
-diff -up openssl-1.1.0f/crypto/o_init.c.fips openssl-1.1.0f/crypto/o_init.c
---- openssl-1.1.0f/crypto/o_init.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/o_init.c 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/o_init.c.fips openssl-1.1.0g/crypto/o_init.c
+--- openssl-1.1.0g/crypto/o_init.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/o_init.c 2017-11-03 16:17:27.772155692 +0100
@@ -7,11 +7,50 @@
* https://www.openssl.org/source/license.html
*/
@@ -10523,9 +10523,9 @@ diff -up openssl-1.1.0f/crypto/o_init.c.fips openssl-1.1.0f/crypto/o_init.c
+{
+ OPENSSL_init_library();
+}
-diff -up openssl-1.1.0f/crypto/rand/md_rand.c.fips openssl-1.1.0f/crypto/rand/md_rand.c
---- openssl-1.1.0f/crypto/rand/md_rand.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rand/md_rand.c 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/rand/md_rand.c.fips openssl-1.1.0g/crypto/rand/md_rand.c
+--- openssl-1.1.0g/crypto/rand/md_rand.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rand/md_rand.c 2017-11-03 16:17:27.773155716 +0100
@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf
CRYPTO_THREAD_unlock(rand_tmp_lock);
crypto_lock_rand = 1;
@@ -10535,9 +10535,9 @@ diff -up openssl-1.1.0f/crypto/rand/md_rand.c.fips openssl-1.1.0f/crypto/rand/md
RAND_poll();
initialized = 1;
}
-diff -up openssl-1.1.0f/crypto/rand/rand_err.c.fips openssl-1.1.0f/crypto/rand/rand_err.c
---- openssl-1.1.0f/crypto/rand/rand_err.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rand/rand_err.c 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/rand/rand_err.c.fips openssl-1.1.0g/crypto/rand/rand_err.c
+--- openssl-1.1.0g/crypto/rand/rand_err.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rand/rand_err.c 2017-11-03 16:17:27.773155716 +0100
@@ -20,10 +20,13 @@
static ERR_STRING_DATA RAND_str_functs[] = {
@@ -10552,9 +10552,9 @@ diff -up openssl-1.1.0f/crypto/rand/rand_err.c.fips openssl-1.1.0f/crypto/rand/r
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
{0, NULL}
};
-diff -up openssl-1.1.0f/crypto/rand/rand_lcl.h.fips openssl-1.1.0f/crypto/rand/rand_lcl.h
---- openssl-1.1.0f/crypto/rand/rand_lcl.h.fips 2017-06-02 14:14:25.303417501 +0200
-+++ openssl-1.1.0f/crypto/rand/rand_lcl.h 2017-06-02 14:14:25.468421390 +0200
+diff -up openssl-1.1.0g/crypto/rand/rand_lcl.h.fips openssl-1.1.0g/crypto/rand/rand_lcl.h
+--- openssl-1.1.0g/crypto/rand/rand_lcl.h.fips 2017-11-03 16:17:27.577151176 +0100
++++ openssl-1.1.0g/crypto/rand/rand_lcl.h 2017-11-03 16:17:27.773155716 +0100
@@ -10,7 +10,7 @@
#ifndef HEADER_RAND_LCL_H
# define HEADER_RAND_LCL_H
@@ -10564,9 +10564,9 @@ diff -up openssl-1.1.0f/crypto/rand/rand_lcl.h.fips openssl-1.1.0f/crypto/rand/r
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
# define USE_SHA1_RAND
-diff -up openssl-1.1.0f/crypto/rand/rand_lib.c.fips openssl-1.1.0f/crypto/rand/rand_lib.c
---- openssl-1.1.0f/crypto/rand/rand_lib.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rand/rand_lib.c 2017-06-02 14:14:25.469421413 +0200
+diff -up openssl-1.1.0g/crypto/rand/rand_lib.c.fips openssl-1.1.0g/crypto/rand/rand_lib.c
+--- openssl-1.1.0g/crypto/rand/rand_lib.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rand/rand_lib.c 2017-11-03 16:17:27.773155716 +0100
@@ -18,6 +18,8 @@
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
@@ -10704,9 +10704,9 @@ diff -up openssl-1.1.0f/crypto/rand/rand_lib.c.fips openssl-1.1.0f/crypto/rand/r
+}
+
+#endif
-diff -up openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0f/crypto/rsa/rsa_crpt.c
---- openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_crpt.c 2017-06-02 14:14:25.469421413 +0200
+diff -up openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0g/crypto/rsa/rsa_crpt.c
+--- openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rsa/rsa_crpt.c 2017-11-03 16:17:27.773155716 +0100
@@ -28,24 +28,52 @@ int RSA_size(const RSA *r)
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
@@ -10760,9 +10760,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0f/crypto/rsa/rsa
return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-diff -up openssl-1.1.0f/crypto/rsa/rsa_err.c.fips openssl-1.1.0f/crypto/rsa/rsa_err.c
---- openssl-1.1.0f/crypto/rsa/rsa_err.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_err.c 2017-06-02 14:14:25.469421413 +0200
+diff -up openssl-1.1.0g/crypto/rsa/rsa_err.c.fips openssl-1.1.0g/crypto/rsa/rsa_err.c
+--- openssl-1.1.0g/crypto/rsa/rsa_err.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rsa/rsa_err.c 2017-11-03 16:17:27.773155716 +0100
@@ -21,6 +21,7 @@
static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
@@ -10808,9 +10808,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_err.c.fips openssl-1.1.0f/crypto/rsa/rsa_
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
-diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips openssl-1.1.0f/crypto/rsa/rsa_gen.c
---- openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips 2017-06-02 14:14:25.451420989 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:18:19.933947715 +0200
+diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_gen.c
+--- openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips 2017-11-03 16:17:27.755155299 +0100
++++ openssl-1.1.0g/crypto/rsa/rsa_gen.c 2017-11-03 16:17:27.773155716 +0100
@@ -18,6 +18,75 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -11189,23 +11189,10 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.fips openssl-1.1.0f/crypto/rsa/rsa_
/*
* When generating ridiculously small keys, we can get stuck
* continually regenerating the same prime values.
-diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_lib.c
---- openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_lib.c 2017-06-02 14:14:25.469421413 +0200
-@@ -26,6 +26,12 @@ RSA *RSA_new(void)
-
- void RSA_set_default_method(const RSA_METHOD *meth)
- {
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
-+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
-+ return;
-+ }
-+#endif
- default_RSA_meth = meth;
- }
-
-@@ -54,6 +60,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
+diff -up openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips openssl-1.1.0g/crypto/rsa/rsa_lib.c
+--- openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rsa/rsa_lib.c 2017-11-03 16:17:27.774155739 +0100
+@@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
* to deal with which ENGINE it comes from.
*/
const RSA_METHOD *mtmp;
@@ -11218,7 +11205,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_
mtmp = rsa->meth;
if (mtmp->finish)
mtmp->finish(rsa);
-@@ -86,7 +98,6 @@ RSA *RSA_new_method(ENGINE *engine)
+@@ -64,7 +70,6 @@ RSA *RSA_new_method(ENGINE *engine)
ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
@@ -11226,7 +11213,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_
if (engine) {
if (!ENGINE_init(engine)) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-@@ -103,8 +114,19 @@ RSA *RSA_new_method(ENGINE *engine)
+@@ -81,8 +86,19 @@ RSA *RSA_new_method(ENGINE *engine)
}
}
#endif
@@ -11247,9 +11234,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_lib.c.fips openssl-1.1.0f/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
goto err;
}
-diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa_ossl.c
---- openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_ossl.c 2017-06-02 14:14:25.470421437 +0200
+diff -up openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0g/crypto/rsa/rsa_ossl.c
+--- openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rsa/rsa_ossl.c 2017-11-03 16:23:05.795985063 +0100
@@ -11,6 +11,10 @@
#include "internal/bn_int.h"
#include "rsa_locl.h"
@@ -11258,10 +11245,23 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa
+# include <openssl/fips.h>
+#endif
+
- #ifndef RSA_NULL
-
static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
-@@ -56,6 +60,22 @@ static int rsa_ossl_public_encrypt(int f
+ unsigned char *to, RSA *rsa, int padding);
+ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+@@ -45,6 +49,12 @@ static const RSA_METHOD *default_RSA_met
+
+ void RSA_set_default_method(const RSA_METHOD *meth)
+ {
++#ifdef OPENSSL_FIPS
++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
++ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
++ return;
++ }
++#endif
+ default_RSA_meth = meth;
+ }
+
+@@ -66,6 +76,22 @@ static int rsa_ossl_public_encrypt(int f
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
@@ -11284,7 +11284,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
-@@ -235,6 +255,22 @@ static int rsa_ossl_private_encrypt(int
+@@ -245,6 +271,22 @@ static int rsa_ossl_private_encrypt(int
BIGNUM *unblind = NULL;
BN_BLINDING *blinding = NULL;
@@ -11307,7 +11307,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa
if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
-@@ -370,6 +406,22 @@ static int rsa_ossl_private_decrypt(int
+@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int
BIGNUM *unblind = NULL;
BN_BLINDING *blinding = NULL;
@@ -11330,7 +11330,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa
if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
-@@ -494,6 +546,22 @@ static int rsa_ossl_public_decrypt(int f
+@@ -504,6 +562,22 @@ static int rsa_ossl_public_decrypt(int f
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
@@ -11353,9 +11353,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0f/crypto/rsa/rsa
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
-diff -up openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips openssl-1.1.0f/crypto/rsa/rsa_sign.c
---- openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_sign.c 2017-06-02 14:14:25.470421437 +0200
+diff -up openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips openssl-1.1.0g/crypto/rsa/rsa_sign.c
+--- openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rsa/rsa_sign.c 2017-11-03 16:17:27.774155739 +0100
@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
@@ -11382,9 +11382,9 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_sign.c.fips openssl-1.1.0f/crypto/rsa/rsa
if (encrypt_len <= 0)
goto err;
-diff -up openssl-1.1.0f/crypto/sha/sha_locl.h.fips openssl-1.1.0f/crypto/sha/sha_locl.h
---- openssl-1.1.0f/crypto/sha/sha_locl.h.fips 2017-06-02 14:14:25.232415827 +0200
-+++ openssl-1.1.0f/crypto/sha/sha_locl.h 2017-06-02 14:14:25.470421437 +0200
+diff -up openssl-1.1.0g/crypto/sha/sha_locl.h.fips openssl-1.1.0g/crypto/sha/sha_locl.h
+--- openssl-1.1.0g/crypto/sha/sha_locl.h.fips 2017-11-03 16:17:27.487149091 +0100
++++ openssl-1.1.0g/crypto/sha/sha_locl.h 2017-11-03 16:17:27.774155739 +0100
@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
int HASH_INIT(SHA_CTX *c)
@@ -11395,9 +11395,9 @@ diff -up openssl-1.1.0f/crypto/sha/sha_locl.h.fips openssl-1.1.0f/crypto/sha/sha
memset(c, 0, sizeof(*c));
c->h0 = INIT_DATA_h0;
c->h1 = INIT_DATA_h1;
-diff -up openssl-1.1.0f/crypto/sha/sha256.c.fips openssl-1.1.0f/crypto/sha/sha256.c
---- openssl-1.1.0f/crypto/sha/sha256.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/sha/sha256.c 2017-06-02 14:14:25.470421437 +0200
+diff -up openssl-1.1.0g/crypto/sha/sha256.c.fips openssl-1.1.0g/crypto/sha/sha256.c
+--- openssl-1.1.0g/crypto/sha/sha256.c.fips 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/crypto/sha/sha256.c 2017-11-03 16:17:27.774155739 +0100
@@ -18,6 +18,9 @@
int SHA224_Init(SHA256_CTX *c)
@@ -11418,9 +11418,9 @@ diff -up openssl-1.1.0f/crypto/sha/sha256.c.fips openssl-1.1.0f/crypto/sha/sha25
memset(c, 0, sizeof(*c));
c->h[0] = 0x6a09e667UL;
c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.1.0f/crypto/sha/sha512.c.fips openssl-1.1.0f/crypto/sha/sha512.c
---- openssl-1.1.0f/crypto/sha/sha512.c.fips 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/sha/sha512.c 2017-06-02 14:14:25.470421437 +0200
+diff -up openssl-1.1.0g/crypto/sha/sha512.c.fips openssl-1.1.0g/crypto/sha/sha512.c
+--- openssl-1.1.0g/crypto/sha/sha512.c.fips 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/crypto/sha/sha512.c 2017-11-03 16:17:27.774155739 +0100
@@ -62,6 +62,9 @@
int SHA384_Init(SHA512_CTX *c)
@@ -11441,9 +11441,9 @@ diff -up openssl-1.1.0f/crypto/sha/sha512.c.fips openssl-1.1.0f/crypto/sha/sha51
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod
---- openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod 2017-06-02 14:14:25.470421437 +0200
+diff -up openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod
+--- openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod 2017-11-03 16:17:27.775155762 +0100
@@ -29,8 +29,10 @@ B<bits> is the length of the prime p to
For lengths under 2048 bits, the length of q is 160 bits; for lengths
greater than or equal to 2048 bits, the length of q is set to 256 bits.
@@ -11457,10 +11457,10 @@ diff -up openssl-1.1.0f/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.
DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
-diff -up openssl-1.1.0f/include/openssl/crypto.h.fips openssl-1.1.0f/include/openssl/crypto.h
---- openssl-1.1.0f/include/openssl/crypto.h.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/crypto.h 2017-06-02 14:14:25.470421437 +0200
-@@ -332,6 +332,11 @@ int OPENSSL_isservice(void);
+diff -up openssl-1.1.0g/include/openssl/crypto.h.fips openssl-1.1.0g/include/openssl/crypto.h
+--- openssl-1.1.0g/include/openssl/crypto.h.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/crypto.h 2017-11-03 16:17:27.775155762 +0100
+@@ -336,6 +336,11 @@ int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
@@ -11472,9 +11472,9 @@ diff -up openssl-1.1.0f/include/openssl/crypto.h.fips openssl-1.1.0f/include/ope
void OPENSSL_init(void);
struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-diff -up openssl-1.1.0f/include/openssl/dh.h.fips openssl-1.1.0f/include/openssl/dh.h
---- openssl-1.1.0f/include/openssl/dh.h.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/dh.h 2017-06-02 14:14:25.471421461 +0200
+diff -up openssl-1.1.0g/include/openssl/dh.h.fips openssl-1.1.0g/include/openssl/dh.h
+--- openssl-1.1.0g/include/openssl/dh.h.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/dh.h 2017-11-03 16:17:27.775155762 +0100
@@ -30,6 +30,7 @@ extern "C" {
# endif
@@ -11506,9 +11506,9 @@ diff -up openssl-1.1.0f/include/openssl/dh.h.fips openssl-1.1.0f/include/openssl
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
-diff -up openssl-1.1.0f/include/openssl/dsa.h.fips openssl-1.1.0f/include/openssl/dsa.h
---- openssl-1.1.0f/include/openssl/dsa.h.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/dsa.h 2017-06-02 14:14:25.471421461 +0200
+diff -up openssl-1.1.0g/include/openssl/dsa.h.fips openssl-1.1.0g/include/openssl/dsa.h
+--- openssl-1.1.0g/include/openssl/dsa.h.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/dsa.h 2017-11-03 16:17:27.775155762 +0100
@@ -36,6 +36,7 @@ extern "C" {
# endif
@@ -11554,10 +11554,10 @@ diff -up openssl-1.1.0f/include/openssl/dsa.h.fips openssl-1.1.0f/include/openss
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
-diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openssl/evp.h
---- openssl-1.1.0f/include/openssl/evp.h.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/evp.h 2017-06-02 14:14:25.471421461 +0200
-@@ -1458,6 +1458,7 @@ int ERR_load_EVP_strings(void);
+diff -up openssl-1.1.0g/include/openssl/evp.h.fips openssl-1.1.0g/include/openssl/evp.h
+--- openssl-1.1.0g/include/openssl/evp.h.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/evp.h 2017-11-03 16:17:27.775155762 +0100
+@@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void);
# define EVP_F_AES_OCB_CIPHER 169
# define EVP_F_AES_T4_INIT_KEY 178
# define EVP_F_AES_WRAP_CIPHER 170
@@ -11565,7 +11565,7 @@ diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openss
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_CAMELLIA_INIT_KEY 159
# define EVP_F_CHACHA20_POLY1305_CTRL 182
-@@ -1534,6 +1535,7 @@ int ERR_load_EVP_strings(void);
+@@ -1539,6 +1540,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
# define EVP_R_DECODE_ERROR 114
@@ -11573,7 +11573,7 @@ diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openss
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
# define EVP_R_ERROR_LOADING_SECTION 165
-@@ -1568,6 +1570,7 @@ int ERR_load_EVP_strings(void);
+@@ -1574,6 +1576,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
@@ -11581,9 +11581,9 @@ diff -up openssl-1.1.0f/include/openssl/evp.h.fips openssl-1.1.0f/include/openss
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-diff -up openssl-1.1.0f/include/openssl/fips.h.fips openssl-1.1.0f/include/openssl/fips.h
---- openssl-1.1.0f/include/openssl/fips.h.fips 2017-06-02 14:14:25.471421461 +0200
-+++ openssl-1.1.0f/include/openssl/fips.h 2017-06-02 14:14:25.471421461 +0200
+diff -up openssl-1.1.0g/include/openssl/fips.h.fips openssl-1.1.0g/include/openssl/fips.h
+--- openssl-1.1.0g/include/openssl/fips.h.fips 2017-11-03 16:17:27.775155762 +0100
++++ openssl-1.1.0g/include/openssl/fips.h 2017-11-03 16:17:27.775155762 +0100
@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11771,9 +11771,9 @@ diff -up openssl-1.1.0f/include/openssl/fips.h.fips openssl-1.1.0f/include/opens
+}
+# endif
+#endif
-diff -up openssl-1.1.0f/include/openssl/fips_rand.h.fips openssl-1.1.0f/include/openssl/fips_rand.h
---- openssl-1.1.0f/include/openssl/fips_rand.h.fips 2017-06-02 14:14:25.471421461 +0200
-+++ openssl-1.1.0f/include/openssl/fips_rand.h 2017-06-02 14:14:25.471421461 +0200
+diff -up openssl-1.1.0g/include/openssl/fips_rand.h.fips openssl-1.1.0g/include/openssl/fips_rand.h
+--- openssl-1.1.0g/include/openssl/fips_rand.h.fips 2017-11-03 16:17:27.776155785 +0100
++++ openssl-1.1.0g/include/openssl/fips_rand.h 2017-11-03 16:17:27.776155785 +0100
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11920,9 +11920,9 @@ diff -up openssl-1.1.0f/include/openssl/fips_rand.h.fips openssl-1.1.0f/include/
+# endif
+# endif
+#endif
-diff -up openssl-1.1.0f/include/openssl/opensslconf.h.in.fips openssl-1.1.0f/include/openssl/opensslconf.h.in
---- openssl-1.1.0f/include/openssl/opensslconf.h.in.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/opensslconf.h.in 2017-06-02 14:14:25.472421484 +0200
+diff -up openssl-1.1.0g/include/openssl/opensslconf.h.in.fips openssl-1.1.0g/include/openssl/opensslconf.h.in
+--- openssl-1.1.0g/include/openssl/opensslconf.h.in.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/opensslconf.h.in 2017-11-03 16:17:27.776155785 +0100
@@ -136,6 +136,11 @@ extern "C" {
#define RC4_INT {- $config{rc4_int} -}
@@ -11935,9 +11935,9 @@ diff -up openssl-1.1.0f/include/openssl/opensslconf.h.in.fips openssl-1.1.0f/inc
#ifdef __cplusplus
}
#endif
-diff -up openssl-1.1.0f/include/openssl/rand.h.fips openssl-1.1.0f/include/openssl/rand.h
---- openssl-1.1.0f/include/openssl/rand.h.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/rand.h 2017-06-02 14:14:25.472421484 +0200
+diff -up openssl-1.1.0g/include/openssl/rand.h.fips openssl-1.1.0g/include/openssl/rand.h
+--- openssl-1.1.0g/include/openssl/rand.h.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/rand.h 2017-11-03 16:17:27.776155785 +0100
@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
#endif
@@ -11962,9 +11962,9 @@ diff -up openssl-1.1.0f/include/openssl/rand.h.fips openssl-1.1.0f/include/opens
# define RAND_R_PRNG_NOT_SEEDED 100
# ifdef __cplusplus
-diff -up openssl-1.1.0f/include/openssl/rsa.h.fips openssl-1.1.0f/include/openssl/rsa.h
---- openssl-1.1.0f/include/openssl/rsa.h.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/rsa.h 2017-06-02 14:14:25.472421484 +0200
+diff -up openssl-1.1.0g/include/openssl/rsa.h.fips openssl-1.1.0g/include/openssl/rsa.h
+--- openssl-1.1.0g/include/openssl/rsa.h.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/include/openssl/rsa.h 2017-11-03 16:17:27.776155785 +0100
@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void);
/* Function codes. */
# define RSA_F_CHECK_PADDING_MD 140
@@ -12009,9 +12009,9 @@ diff -up openssl-1.1.0f/include/openssl/rsa.h.fips openssl-1.1.0f/include/openss
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
-diff -up openssl-1.1.0f/ssl/ssl_ciph.c.fips openssl-1.1.0f/ssl/ssl_ciph.c
---- openssl-1.1.0f/ssl/ssl_ciph.c.fips 2017-06-02 14:14:25.456421107 +0200
-+++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-06-02 14:14:25.472421484 +0200
+diff -up openssl-1.1.0g/ssl/ssl_ciph.c.fips openssl-1.1.0g/ssl/ssl_ciph.c
+--- openssl-1.1.0g/ssl/ssl_ciph.c.fips 2017-11-03 16:17:27.760155415 +0100
++++ openssl-1.1.0g/ssl/ssl_ciph.c 2017-11-03 16:17:27.776155785 +0100
@@ -404,7 +404,8 @@ void ssl_load_ciphers(void)
}
}
@@ -12031,9 +12031,9 @@ diff -up openssl-1.1.0f/ssl/ssl_ciph.c.fips openssl-1.1.0f/ssl/ssl_ciph.c
continue;
if ((c->algorithm_mkey & disabled_mkey) ||
(c->algorithm_auth & disabled_auth) ||
-diff -up openssl-1.1.0f/ssl/ssl_init.c.fips openssl-1.1.0f/ssl/ssl_init.c
---- openssl-1.1.0f/ssl/ssl_init.c.fips 2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/ssl/ssl_init.c 2017-06-02 14:14:25.472421484 +0200
+diff -up openssl-1.1.0g/ssl/ssl_init.c.fips openssl-1.1.0g/ssl/ssl_init.c
+--- openssl-1.1.0g/ssl/ssl_init.c.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/ssl/ssl_init.c 2017-11-03 16:17:27.776155785 +0100
@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
@@ -12077,10 +12077,10 @@ diff -up openssl-1.1.0f/ssl/ssl_init.c.fips openssl-1.1.0f/ssl/ssl_init.c
#ifndef OPENSSL_NO_COMP
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-diff -up openssl-1.1.0f/ssl/ssl_lib.c.fips openssl-1.1.0f/ssl/ssl_lib.c
---- openssl-1.1.0f/ssl/ssl_lib.c.fips 2017-06-02 14:14:25.456421107 +0200
-+++ openssl-1.1.0f/ssl/ssl_lib.c 2017-06-02 14:14:25.473421508 +0200
-@@ -2413,13 +2413,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.1.0g/ssl/ssl_lib.c.fips openssl-1.1.0g/ssl/ssl_lib.c
+--- openssl-1.1.0g/ssl/ssl_lib.c.fips 2017-11-03 16:17:27.760155415 +0100
++++ openssl-1.1.0g/ssl/ssl_lib.c 2017-11-03 16:17:27.777155808 +0100
+@@ -2524,13 +2524,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (ret->param == NULL)
goto err;
@@ -12105,9 +12105,9 @@ diff -up openssl-1.1.0f/ssl/ssl_lib.c.fips openssl-1.1.0f/ssl/ssl_lib.c
}
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
-diff -up openssl-1.1.0f/test/dsatest.c.fips openssl-1.1.0f/test/dsatest.c
---- openssl-1.1.0f/test/dsatest.c.fips 2017-05-25 14:46:21.000000000 +0200
-+++ openssl-1.1.0f/test/dsatest.c 2017-06-02 14:14:25.473421508 +0200
+diff -up openssl-1.1.0g/test/dsatest.c.fips openssl-1.1.0g/test/dsatest.c
+--- openssl-1.1.0g/test/dsatest.c.fips 2017-11-02 15:29:05.000000000 +0100
++++ openssl-1.1.0g/test/dsatest.c 2017-11-03 16:17:27.777155808 +0100
@@ -32,41 +32,42 @@ int main(int argc, char *argv[])
static int dsa_cb(int p, int n, BN_GENCB *arg);
@@ -12196,10 +12196,10 @@ diff -up openssl-1.1.0f/test/dsatest.c.fips openssl-1.1.0f/test/dsatest.c
goto end;
}
if (h != 2) {
-diff -up openssl-1.1.0f/util/mkdef.pl.fips openssl-1.1.0f/util/mkdef.pl
---- openssl-1.1.0f/util/mkdef.pl.fips 2017-05-25 14:46:21.000000000 +0200
-+++ openssl-1.1.0f/util/mkdef.pl 2017-06-02 14:14:25.473421508 +0200
-@@ -298,6 +298,8 @@ $crypto.=" include/openssl/modes.h";
+diff -up openssl-1.1.0g/util/mkdef.pl.fips openssl-1.1.0g/util/mkdef.pl
+--- openssl-1.1.0g/util/mkdef.pl.fips 2017-11-02 15:29:06.000000000 +0100
++++ openssl-1.1.0g/util/mkdef.pl 2017-11-03 16:17:27.777155808 +0100
+@@ -300,6 +300,8 @@ $crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";
$crypto.=" include/openssl/ct.h";
$crypto.=" include/openssl/kdf.h";
diff --git a/openssl-1.1.0-manfix.patch b/openssl-1.1.0-manfix.patch
index 347d57a..53fc603 100644
--- a/openssl-1.1.0-manfix.patch
+++ b/openssl-1.1.0-manfix.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0-pre5/doc/apps/ec.pod.manfix openssl-1.1.0-pre5/doc/apps/ec.pod
---- openssl-1.1.0-pre5/doc/apps/ec.pod.manfix 2016-04-19 16:57:55.000000000 +0200
-+++ openssl-1.1.0-pre5/doc/apps/ec.pod 2016-07-20 15:13:07.874678467 +0200
-@@ -100,10 +100,6 @@ prints out the public, private key compo
+diff -up openssl-1.1.0g/doc/apps/ec.pod.manfix openssl-1.1.0g/doc/apps/ec.pod
+--- openssl-1.1.0g/doc/apps/ec.pod.manfix 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/doc/apps/ec.pod 2017-11-03 16:09:31.714027145 +0100
+@@ -101,10 +101,6 @@ prints out the public, private key compo
this option prevents output of the encoded version of the key.
@@ -12,10 +12,10 @@ diff -up openssl-1.1.0-pre5/doc/apps/ec.pod.manfix openssl-1.1.0-pre5/doc/apps/e
=item B<-pubin>
by default a private key is read from the input file: with this option a
-diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/apps/openssl.pod
---- openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix 2016-04-19 16:57:55.000000000 +0200
-+++ openssl-1.1.0-pre5/doc/apps/openssl.pod 2016-07-20 15:14:57.596163046 +0200
-@@ -163,7 +163,7 @@ Create or examine a netscape certificate
+diff -up openssl-1.1.0g/doc/apps/openssl.pod.manfix openssl-1.1.0g/doc/apps/openssl.pod
+--- openssl-1.1.0g/doc/apps/openssl.pod.manfix 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/doc/apps/openssl.pod 2017-11-03 16:11:48.478245311 +0100
+@@ -170,7 +170,7 @@ Create or examine a Netscape certificate
Online Certificate Status Protocol utility.
@@ -24,7 +24,7 @@ diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/a
Generation of hashed passwords.
-@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
+@@ -198,7 +198,7 @@ Public key algorithm parameter managemen
Public key algorithm cryptographic operation utility.
@@ -33,15 +33,19 @@ diff -up openssl-1.1.0-pre5/doc/apps/openssl.pod.manfix openssl-1.1.0-pre5/doc/a
Generate pseudo-random bytes.
-@@ -401,9 +401,9 @@ L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
- L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
- L<enc(1)>, L<engine(1)>, L<gendsa(1)>, L<genpkey(1)>,
- L<genrsa(1)>, L<nseq(1)>, L<openssl(1)>,
+@@ -432,13 +432,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
+ L<ec(1)>, L<ecparam(1)>,
+ L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
+ L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
-L<passwd(1)>,
-+L<sslpasswd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
--L<rand(1)>, L<req(1)>, L<rsa(1)>,
-+L<sslrand(1)>, L<req(1)>, L<rsa(1)>,
+ L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>,
+-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
++L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
- L<s_server(1)>, L<s_time(1)>,
- L<smime(1)>, L<spkac(1)>,
+ L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
+ L<smime(1)>, L<speed(1)>, L<spkac(1)>,
++L<sslpasswd(1)>, L<sslrand(1)>,
+ L<ts(1)>,
+ L<verify(1)>, L<version(1)>, L<x509(1)>,
+ L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
diff --git a/openssl-1.1.0-no-weak-verify.patch b/openssl-1.1.0-no-weak-verify.patch
index 406d7a0..59439af 100644
--- a/openssl-1.1.0-no-weak-verify.patch
+++ b/openssl-1.1.0-no-weak-verify.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.0f/crypto/asn1/a_verify.c
---- openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/crypto/asn1/a_verify.c 2017-06-26 16:26:49.496989272 +0200
+diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/crypto/asn1/a_verify.c
+--- openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify 2017-11-02 15:29:02.000000000 +0100
++++ openssl-1.1.0g/crypto/asn1/a_verify.c 2017-11-03 16:15:46.125801341 +0100
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
@@ -10,8 +10,8 @@ diff -up openssl-1.1.0f/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.0f/cry
+
#include <stdio.h>
#include <time.h>
-
-@@ -129,6 +132,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
+ #include <sys/types.h>
+@@ -126,6 +129,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
if (ret != 2)
goto err;
ret = -1;
diff --git a/openssl-1.1.0-secure-getenv.patch b/openssl-1.1.0-secure-getenv.patch
index 2f73499..2fb8ae6 100644
--- a/openssl-1.1.0-secure-getenv.patch
+++ b/openssl-1.1.0-secure-getenv.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0b/crypto/conf/conf_api.c
---- openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
-+++ openssl-1.1.0b/crypto/conf/conf_api.c 2016-09-26 15:19:19.420705501 +0200
+diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c
+--- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100
++++ openssl-1.1.0g/crypto/conf/conf_api.c 2017-11-03 16:12:31.826265323 +0100
@@ -9,6 +9,8 @@
/* Part of the code in here was originally in conf.c, which is now removed */
@@ -28,9 +28,9 @@ diff -up openssl-1.1.0b/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0b/cryp
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
-diff -up openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0b/crypto/conf/conf_mod.c
---- openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
-+++ openssl-1.1.0b/crypto/conf/conf_mod.c 2016-09-26 15:19:19.421705524 +0200
+diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c
+--- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100
++++ openssl-1.1.0g/crypto/conf/conf_mod.c 2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@@ -49,9 +49,9 @@ diff -up openssl-1.1.0b/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0b/cryp
if (file)
return OPENSSL_strdup(file);
-diff -up openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0b/crypto/engine/eng_list.c
---- openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
-+++ openssl-1.1.0b/crypto/engine/eng_list.c 2016-09-26 15:19:19.421705524 +0200
+diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c
+--- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/engine/eng_list.c 2017-11-03 16:12:31.827265347 +0100
@@ -13,6 +13,8 @@
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
@@ -70,9 +70,9 @@ diff -up openssl-1.1.0b/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0b/cr
load_dir = ENGINESDIR;
iterator = ENGINE_by_id("dynamic");
if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/crypto/rand/randfile.c
---- openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv 2016-09-26 11:46:05.000000000 +0200
-+++ openssl-1.1.0b/crypto/rand/randfile.c 2016-09-26 15:22:17.427882518 +0200
+diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c
+--- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100
++++ openssl-1.1.0g/crypto/rand/randfile.c 2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@@ -82,7 +82,7 @@ diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/cryp
#include "internal/cryptlib.h"
#include <errno.h>
-@@ -319,10 +321,10 @@ const char *RAND_file_name(char *buf, si
+@@ -317,10 +319,10 @@ const char *RAND_file_name(char *buf, si
if (OPENSSL_issetugid() != 0) {
use_randfile = 0;
} else {
@@ -95,9 +95,9 @@ diff -up openssl-1.1.0b/crypto/rand/randfile.c.secure-getenv openssl-1.1.0b/cryp
}
}
#endif
-diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto/x509/by_dir.c
---- openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv 2016-09-26 11:46:06.000000000 +0200
-+++ openssl-1.1.0b/crypto/x509/by_dir.c 2016-09-26 15:19:19.421705524 +0200
+diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c
+--- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/crypto/x509/by_dir.c 2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@@ -107,7 +107,7 @@ diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto
#include <stdio.h>
#include <time.h>
#include <errno.h>
-@@ -80,7 +82,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
+@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
@@ -116,9 +116,9 @@ diff -up openssl-1.1.0b/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0b/crypto
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
else
-diff -up openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv openssl-1.1.0b/crypto/x509/by_file.c
---- openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv 2016-09-26 11:46:06.000000000 +0200
-+++ openssl-1.1.0b/crypto/x509/by_file.c 2016-09-26 15:19:19.421705524 +0200
+diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c
+--- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100
++++ openssl-1.1.0g/crypto/x509/by_file.c 2017-11-03 16:14:13.230649686 +0100
@@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html
*/
@@ -132,8 +132,8 @@ diff -up openssl-1.1.0b/crypto/x509/by_file.c.secure-getenv openssl-1.1.0b/crypt
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
-- file = (char *)getenv(X509_get_default_cert_file_env());
-+ file = (char *)secure_getenv(X509_get_default_cert_file_env());
+- file = getenv(X509_get_default_cert_file_env());
++ file = secure_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
diff --git a/openssl-1.1.0-thread-local.patch b/openssl-1.1.0-thread-local.patch
deleted file mode 100644
index a51062a..0000000
--- a/openssl-1.1.0-thread-local.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From c8ec34109cab8c92685958ddfef0776a4b3b8460 Mon Sep 17 00:00:00 2001
-From: Rich Salz <rsalz@openssl.org>
-Date: Wed, 31 May 2017 12:14:55 -0400
-Subject: [PATCH] Only release thread-local key if we created it.
-
-Thanks to Jan Alexander Steffens for finding the bug and confirming the
-fix.
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/3592)
-(cherry picked from commit 73bc53708c386c1ea85941d345721e23dc61c05c)
----
- crypto/err/err.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/err/err.c b/crypto/err/err.c
-index f866f2f..c55f849 100644
---- a/crypto/err/err.c
-+++ b/crypto/err/err.c
-@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
- #endif
-
- static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
-+static int set_err_thread_local;
- static CRYPTO_THREAD_LOCAL err_thread_local;
-
- static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
-@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
-
- void err_cleanup(void)
- {
-- CRYPTO_THREAD_cleanup_local(&err_thread_local);
-+ if (set_err_thread_local != 0)
-+ CRYPTO_THREAD_cleanup_local(&err_thread_local);
- CRYPTO_THREAD_lock_free(err_string_lock);
- err_string_lock = NULL;
- }
-@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid)
-
- DEFINE_RUN_ONCE_STATIC(err_do_init)
- {
-+ set_err_thread_local = 1;
- return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
- }
-
---
-2.9.3
-
diff --git a/openssl.spec b/openssl.spec
index 90f20fb..ab7e6c3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.0f
-Release: 9%{?dist}
+Version: 1.1.0g
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -58,12 +58,9 @@ Patch39: openssl-1.1.0-cc-reqs.patch
Patch40: openssl-1.1.0-disable-ssl3.patch
Patch41: openssl-1.1.0-system-cipherlist.patch
Patch42: openssl-1.1.0-fips.patch
-Patch43: openssl-1.1.0-afalg-eventfd2.patch
Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
Patch45: openssl-1.1.0-weak-ciphers.patch
# Backported fixes including security fixes
-Patch70: openssl-1.1.0-thread-local.patch
-Patch71: openssl-1.1.0-dtls-failure.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -157,18 +154,14 @@ cp %{SOURCE13} test/
%patch35 -p1 -b .chil
%patch36 -p1 -b .secure-getenv
%patch37 -p1 -b .curves
-%patch38 -p1 -b .no-md5-verify
+%patch38 -p1 -b .no-weak-verify
%patch39 -p1 -b .cc-reqs
%patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist
%patch42 -p1 -b .fips
-%patch43 -p1 -b .eventfd2
%patch44 -p1 -b .preserve-nl
%patch45 -p1 -b .weak-ciphers
-%patch70 -p1 -b .thread-local
-%patch71 -p1 -b .dtls-failure
-
%build
# Figure out which flags we want to use.
# default
@@ -235,6 +228,8 @@ sslarch=linux-generic64
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
+export HASHBANGPERL=/usr/bin/perl
+
# ia64, x86_64, ppc are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
@@ -436,6 +431,9 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
+* Fri Nov 3 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-1
+- update to upstream version 1.1.0g
+
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.0f-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
reply other threads:[~2026-06-09 12:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100904405.1.15766168694791589917.rpms-openssl-e85d72778f88@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox