public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: update to upstream version 1.1.0h
@ 2026-06-09 12:44 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 6eb8f6202739823788596c431caa13babe5c8488
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2018-03-29T15:44:09+02:00
Stats : +368/-344 in 9 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/6eb8f6202739823788596c431caa13babe5c8488?branch=rebase_40beta
Log:
update to upstream version 1.1.0h
Add Recommends for openssl-pkcs11
---
diff --git a/.gitignore b/.gitignore
index 8bc067e..c5509e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.0e-hobbled.tar.xz
/openssl-1.1.0f-hobbled.tar.xz
/openssl-1.1.0g-hobbled.tar.xz
+/openssl-1.1.0h-hobbled.tar.xz
diff --git a/ectest.c b/ectest.c
index e91c252..de00680 100644
--- a/ectest.c
+++ b/ectest.c
@@ -962,7 +962,7 @@ int main(int argc, char *argv[])
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
prime_field_tests();
puts("");
diff --git a/openssl-1.1.0-cc-reqs.patch b/openssl-1.1.0-cc-reqs.patch
index 135dc15..05e0edd 100644
--- a/openssl-1.1.0-cc-reqs.patch
+++ b/openssl-1.1.0-cc-reqs.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/rsa_gen.c
---- openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs 2017-05-25 14:46:19.000000000 +0200
-+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:13:45.352475862 +0200
-@@ -85,6 +85,12 @@ static int rsa_builtin_keygen(RSA *rsa,
+diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0h/crypto/rsa/rsa_gen.c
+--- openssl-1.1.0h/crypto/rsa/rsa_gen.c.cc-reqs 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-29 14:37:53.405048562 +0200
+@@ -86,6 +86,12 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
goto err;
@@ -14,7 +14,7 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/r
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
-@@ -107,7 +113,9 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -118,7 +124,9 @@ static int rsa_builtin_keygen(RSA *rsa,
do {
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
@@ -24,4 +24,4 @@ diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/r
+ } while (BN_ucmp(r2, r3) <= 0);
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
+ ERR_set_mark();
diff --git a/openssl-1.1.0-disable-ssl3.patch b/openssl-1.1.0-disable-ssl3.patch
index 267c02c..8dd6aa2 100644
--- a/openssl-1.1.0-disable-ssl3.patch
+++ b/openssl-1.1.0-disable-ssl3.patch
@@ -1,9 +1,9 @@
-diff -up openssl-1.1.0f/apps/s_client.c.disable-ssl3 openssl-1.1.0f/apps/s_client.c
---- openssl-1.1.0f/apps/s_client.c.disable-ssl3 2017-06-05 15:42:44.838853312 +0200
-+++ openssl-1.1.0f/apps/s_client.c 2017-07-17 14:50:06.468821871 +0200
-@@ -1486,6 +1486,9 @@ int s_client_main(int argc, char **argv)
- if (sdebug)
- ssl_ctx_security_debug(ctx, sdebug);
+diff -up openssl-1.1.0h/apps/s_client.c.disable-ssl3 openssl-1.1.0h/apps/s_client.c
+--- openssl-1.1.0h/apps/s_client.c.disable-ssl3 2018-03-29 14:38:39.612133765 +0200
++++ openssl-1.1.0h/apps/s_client.c 2018-03-29 14:41:51.309635904 +0200
+@@ -1489,6 +1489,9 @@ int s_client_main(int argc, char **argv)
+ if (!config_ctx(cctx, ssl_args, ctx))
+ goto end;
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
@@ -11,24 +11,23 @@ diff -up openssl-1.1.0f/apps/s_client.c.disable-ssl3 openssl-1.1.0f/apps/s_clien
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
-diff -up openssl-1.1.0f/apps/s_server.c.disable-ssl3 openssl-1.1.0f/apps/s_server.c
---- openssl-1.1.0f/apps/s_server.c.disable-ssl3 2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/apps/s_server.c 2017-07-17 14:49:50.434447583 +0200
-@@ -1614,6 +1614,10 @@ int s_server_main(int argc, char *argv[]
- }
- if (sdebug)
- ssl_ctx_security_debug(ctx, sdebug);
-+
+diff -up openssl-1.1.0h/apps/s_server.c.disable-ssl3 openssl-1.1.0h/apps/s_server.c
+--- openssl-1.1.0h/apps/s_server.c.disable-ssl3 2018-03-29 14:38:39.613133788 +0200
++++ openssl-1.1.0h/apps/s_server.c 2018-03-29 14:42:27.313481477 +0200
+@@ -1619,6 +1619,9 @@ int s_server_main(int argc, char *argv[]
+ if (!config_ctx(cctx, ssl_args, ctx))
+ goto end;
+
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
-diff -up openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0/ssl/ssl_lib.c
---- openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3 2016-08-25 17:29:22.000000000 +0200
-+++ openssl-1.1.0/ssl/ssl_lib.c 2016-09-08 11:08:05.252082263 +0200
-@@ -2470,6 +2470,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.1.0h/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0h/ssl/ssl_lib.c
+--- openssl-1.1.0h/ssl/ssl_lib.c.disable-ssl3 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:38:39.614133811 +0200
+@@ -2653,6 +2653,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
* or by using the SSL_CONF library.
*/
ret->options |= SSL_OP_NO_COMPRESSION;
@@ -42,19 +41,19 @@ diff -up openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0/ssl/ssl_lib.c
ret->tlsext_status_type = -1;
-diff -up openssl-1.1.0/test/ssl_test.c.disable-ssl3 openssl-1.1.0/test/ssl_test.c
---- openssl-1.1.0/test/ssl_test.c.disable-ssl3 2016-09-08 11:08:05.252082263 +0200
-+++ openssl-1.1.0/test/ssl_test.c 2016-09-08 11:11:44.802005886 +0200
-@@ -258,6 +258,7 @@ static int execute_test(SSL_TEST_FIXTURE
+diff -up openssl-1.1.0h/test/ssl_test.c.disable-ssl3 openssl-1.1.0h/test/ssl_test.c
+--- openssl-1.1.0h/test/ssl_test.c.disable-ssl3 2018-03-29 14:38:39.615133835 +0200
++++ openssl-1.1.0h/test/ssl_test.c 2018-03-29 14:43:37.893139086 +0200
+@@ -277,6 +277,7 @@ static int execute_test(SSL_TEST_FIXTURE
SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(TLS_server_method());
TEST_check(server2_ctx != NULL);
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
}
client_ctx = SSL_CTX_new(TLS_client_method());
-
-@@ -266,11 +267,15 @@ static int execute_test(SSL_TEST_FIXTURE
- resume_client_ctx = SSL_CTX_new(TLS_client_method());
+ TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION));
+@@ -290,11 +291,15 @@ static int execute_test(SSL_TEST_FIXTURE
+ TLS_MAX_VERSION));
TEST_check(resume_server_ctx != NULL);
TEST_check(resume_client_ctx != NULL);
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
@@ -69,10 +68,10 @@ diff -up openssl-1.1.0/test/ssl_test.c.disable-ssl3 openssl-1.1.0/test/ssl_test.
TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
-diff -up openssl-1.1.0/test/ssltest_old.c.disable-ssl3 openssl-1.1.0/test/ssltest_old.c
---- openssl-1.1.0/test/ssltest_old.c.disable-ssl3 2016-08-25 17:29:23.000000000 +0200
-+++ openssl-1.1.0/test/ssltest_old.c 2016-09-08 11:08:05.253082286 +0200
-@@ -1456,6 +1456,11 @@ int main(int argc, char *argv[])
+diff -up openssl-1.1.0h/test/ssltest_old.c.disable-ssl3 openssl-1.1.0h/test/ssltest_old.c
+--- openssl-1.1.0h/test/ssltest_old.c.disable-ssl3 2018-03-27 15:50:41.000000000 +0200
++++ openssl-1.1.0h/test/ssltest_old.c 2018-03-29 14:38:39.615133835 +0200
+@@ -1460,6 +1460,11 @@ int main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch
index aa1e032..d1af923 100644
--- a/openssl-1.1.0-fips.patch
+++ b/openssl-1.1.0-fips.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
---- openssl-1.1.0g/apps/speed.c.fips 2017-11-03 16:17:27.753155253 +0100
-+++ openssl-1.1.0g/apps/speed.c 2017-11-03 16:19:01.490326410 +0100
-@@ -1446,7 +1446,9 @@ int speed_main(int argc, char **argv)
+diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c
+--- openssl-1.1.0h/apps/speed.c.fips 2018-03-29 14:44:24.617236431 +0200
++++ openssl-1.1.0h/apps/speed.c 2018-03-29 15:02:42.171996191 +0200
+@@ -1447,7 +1447,9 @@ int speed_main(int argc, char **argv)
if (strcmp(*argv, "openssl") == 0)
continue;
if (strcmp(*argv, "rsa") == 0) {
@@ -12,7 +12,7 @@ diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] =
rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] =
rsa_doit[R_RSA_15360] = 1;
-@@ -1459,7 +1461,9 @@ int speed_main(int argc, char **argv)
+@@ -1460,7 +1462,9 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_DSA
if (strcmp(*argv, "dsa") == 0) {
@@ -23,7 +23,7 @@ diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
dsa_doit[R_DSA_2048] = 1;
continue;
}
-@@ -1548,15 +1552,21 @@ int speed_main(int argc, char **argv)
+@@ -1549,15 +1553,21 @@ int speed_main(int argc, char **argv)
/* No parameters; turn on everything. */
if ((argc == 0) && !doit[D_EVP]) {
for (i = 0; i < ALGOR_NUM; i++)
@@ -47,8 +47,8 @@ diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
+ dsa_doit[i] = 1;
#endif
#ifndef OPENSSL_NO_EC
- for (i = 0; i < EC_NUM; i++)
-@@ -1605,30 +1615,46 @@ int speed_main(int argc, char **argv)
+ for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++)
+@@ -1606,30 +1616,46 @@ int speed_main(int argc, char **argv)
AES_set_encrypt_key(key24, 192, &aes_ks2);
AES_set_encrypt_key(key32, 256, &aes_ks3);
#ifndef OPENSSL_NO_CAMELLIA
@@ -105,7 +105,7 @@ diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
#endif
#ifndef SIGALRM
# ifndef OPENSSL_NO_DES
-@@ -1889,6 +1915,7 @@ int speed_main(int argc, char **argv)
+@@ -1890,6 +1916,7 @@ int speed_main(int argc, char **argv)
for (i = 0; i < loopargs_len; i++) {
loopargs[i].hctx = HMAC_CTX_new();
@@ -113,10 +113,10 @@ diff -up openssl-1.1.0g/apps/speed.c.fips openssl-1.1.0g/apps/speed.c
if (loopargs[i].hctx == NULL) {
BIO_printf(bio_err, "HMAC malloc failure, exiting...");
exit(1);
-diff -up openssl-1.1.0g/Configure.fips openssl-1.1.0g/Configure
---- openssl-1.1.0g/Configure.fips 2017-11-03 16:17:27.759155391 +0100
-+++ openssl-1.1.0g/Configure 2017-11-03 16:17:27.762155461 +0100
-@@ -312,7 +312,7 @@ $config{sdirs} = [
+diff -up openssl-1.1.0h/Configure.fips openssl-1.1.0h/Configure
+--- openssl-1.1.0h/Configure.fips 2018-03-29 14:44:24.624236595 +0200
++++ openssl-1.1.0h/Configure 2018-03-29 14:44:24.628236689 +0200
+@@ -314,7 +314,7 @@ $config{sdirs} = [
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
"des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
@@ -125,9 +125,9 @@ diff -up openssl-1.1.0g/Configure.fips openssl-1.1.0g/Configure
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
-diff -up openssl-1.1.0g/crypto/bn/bn_rand.c.fips openssl-1.1.0g/crypto/bn/bn_rand.c
---- openssl-1.1.0g/crypto/bn/bn_rand.c.fips 2017-11-02 15:29:02.000000000 +0100
-+++ openssl-1.1.0g/crypto/bn/bn_rand.c 2017-11-03 16:17:27.762155461 +0100
+diff -up openssl-1.1.0h/crypto/bn/bn_rand.c.fips openssl-1.1.0h/crypto/bn/bn_rand.c
+--- openssl-1.1.0h/crypto/bn/bn_rand.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/bn/bn_rand.c 2018-03-29 14:44:24.628236689 +0200
@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
}
@@ -143,9 +143,9 @@ diff -up openssl-1.1.0g/crypto/bn/bn_rand.c.fips openssl-1.1.0g/crypto/bn/bn_ran
if (RAND_bytes(buf, bytes) <= 0)
goto err;
-diff -up openssl-1.1.0g/crypto/dh/dh_err.c.fips openssl-1.1.0g/crypto/dh/dh_err.c
---- openssl-1.1.0g/crypto/dh/dh_err.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dh/dh_err.c 2017-11-03 16:17:27.762155461 +0100
+diff -up openssl-1.1.0h/crypto/dh/dh_err.c.fips openssl-1.1.0h/crypto/dh/dh_err.c
+--- openssl-1.1.0h/crypto/dh/dh_err.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dh/dh_err.c 2018-03-29 14:44:24.628236689 +0200
@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
@@ -168,9 +168,9 @@ diff -up openssl-1.1.0g/crypto/dh/dh_err.c.fips openssl-1.1.0g/crypto/dh/dh_err.
{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
{ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
-diff -up openssl-1.1.0g/crypto/dh/dh_gen.c.fips openssl-1.1.0g/crypto/dh/dh_gen.c
---- openssl-1.1.0g/crypto/dh/dh_gen.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dh/dh_gen.c 2017-11-03 16:17:27.762155461 +0100
+diff -up openssl-1.1.0h/crypto/dh/dh_gen.c.fips openssl-1.1.0h/crypto/dh/dh_gen.c
+--- openssl-1.1.0h/crypto/dh/dh_gen.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dh/dh_gen.c 2018-03-29 14:44:24.628236689 +0200
@@ -16,6 +16,9 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -214,9 +214,9 @@ diff -up openssl-1.1.0g/crypto/dh/dh_gen.c.fips openssl-1.1.0g/crypto/dh/dh_gen.
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.0g/crypto/dh/dh_key.c.fips openssl-1.1.0g/crypto/dh/dh_key.c
---- openssl-1.1.0g/crypto/dh/dh_key.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dh/dh_key.c 2017-11-03 16:17:27.763155484 +0100
+diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key.c
+--- openssl-1.1.0h/crypto/dh/dh_key.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dh/dh_key.c 2018-03-29 14:44:24.628236689 +0200
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
#include "dh_locl.h"
@@ -300,9 +300,9 @@ diff -up openssl-1.1.0g/crypto/dh/dh_key.c.fips openssl-1.1.0g/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0g/crypto/dsa/dsa_err.c.fips openssl-1.1.0g/crypto/dsa/dsa_err.c
---- openssl-1.1.0g/crypto/dsa/dsa_err.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dsa/dsa_err.c 2017-11-03 16:17:27.763155484 +0100
+diff -up openssl-1.1.0h/crypto/dsa/dsa_err.c.fips openssl-1.1.0h/crypto/dsa/dsa_err.c
+--- openssl-1.1.0h/crypto/dsa/dsa_err.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dsa/dsa_err.c 2018-03-29 14:44:24.628236689 +0200
@@ -21,10 +21,13 @@
static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
@@ -330,9 +330,9 @@ diff -up openssl-1.1.0g/crypto/dsa/dsa_err.c.fips openssl-1.1.0g/crypto/dsa/dsa_
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
{ERR_REASON(DSA_R_SEED_LEN_SMALL),
-diff -up openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips openssl-1.1.0g/crypto/dsa/dsa_gen.c
---- openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dsa/dsa_gen.c 2017-11-03 16:17:27.763155484 +0100
+diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_gen.c
+--- openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dsa/dsa_gen.c 2018-03-29 14:44:24.628236689 +0200
@@ -22,12 +22,22 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -494,9 +494,9 @@ diff -up openssl-1.1.0g/crypto/dsa/dsa_gen.c.fips openssl-1.1.0g/crypto/dsa/dsa_
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/dsa/dsa_key.c.fips openssl-1.1.0g/crypto/dsa/dsa_key.c
---- openssl-1.1.0g/crypto/dsa/dsa_key.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dsa/dsa_key.c 2017-11-03 16:17:27.763155484 +0100
+diff -up openssl-1.1.0h/crypto/dsa/dsa_key.c.fips openssl-1.1.0h/crypto/dsa/dsa_key.c
+--- openssl-1.1.0h/crypto/dsa/dsa_key.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dsa/dsa_key.c 2018-03-29 14:44:24.628236689 +0200
@@ -13,10 +13,49 @@
#include <openssl/bn.h>
#include "dsa_locl.h"
@@ -576,9 +576,9 @@ diff -up openssl-1.1.0g/crypto/dsa/dsa_key.c.fips openssl-1.1.0g/crypto/dsa/dsa_
ok = 1;
err:
-diff -up openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0g/crypto/dsa/dsa_ossl.c
---- openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dsa/dsa_ossl.c 2017-11-03 16:17:27.763155484 +0100
+diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa_ossl.c
+--- openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dsa/dsa_ossl.c 2018-03-29 14:44:24.629236712 +0200
@@ -15,6 +15,9 @@
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -638,9 +638,9 @@ diff -up openssl-1.1.0g/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0g/crypto/dsa/dsa
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
return (1);
}
-diff -up openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0g/crypto/dsa/dsa_pmeth.c
---- openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/dsa/dsa_pmeth.c 2017-11-03 16:17:27.763155484 +0100
+diff -up openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0h/crypto/dsa/dsa_pmeth.c
+--- openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/dsa/dsa_pmeth.c 2018-03-29 14:44:24.629236712 +0200
@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
BN_GENCB_free(pcb);
return 0;
@@ -652,9 +652,9 @@ diff -up openssl-1.1.0g/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0g/crypto/dsa/ds
BN_GENCB_free(pcb);
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
-diff -up openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdh_ossl.c
---- openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/ec/ecdh_ossl.c 2017-11-03 16:17:27.764155507 +0100
+diff -up openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdh_ossl.c
+--- openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/ec/ecdh_ossl.c 2018-03-29 14:44:24.629236712 +0200
@@ -33,9 +33,20 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -676,9 +676,9 @@ diff -up openssl-1.1.0g/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdh
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
return 0;
-diff -up openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0g/crypto/ec/ecdsa_ossl.c
---- openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/ec/ecdsa_ossl.c 2017-11-03 16:17:27.764155507 +0100
+diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdsa_ossl.c
+--- openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/ec/ecdsa_ossl.c 2018-03-29 14:44:24.629236712 +0200
@@ -15,6 +15,10 @@
#include <openssl/ec.h>
#include "ec_lcl.h"
@@ -718,9 +718,9 @@ diff -up openssl-1.1.0g/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0g/crypto/ec/ecd
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.1.0g/crypto/ec/ec_key.c.fips openssl-1.1.0g/crypto/ec/ec_key.c
---- openssl-1.1.0g/crypto/ec/ec_key.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/ec/ec_key.c 2017-11-03 16:17:27.764155507 +0100
+diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key.c
+--- openssl-1.1.0h/crypto/ec/ec_key.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/ec/ec_key.c 2018-03-29 14:44:24.630236736 +0200
@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r)
return ((i > 1) ? 1 : 0);
}
@@ -785,9 +785,9 @@ diff -up openssl-1.1.0g/crypto/ec/ec_key.c.fips openssl-1.1.0g/crypto/ec/ec_key.
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
return 0;
}
-diff -up openssl-1.1.0g/crypto/err/err_all.c.fips openssl-1.1.0g/crypto/err/err_all.c
---- openssl-1.1.0g/crypto/err/err_all.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/err/err_all.c 2017-11-03 16:17:27.764155507 +0100
+diff -up openssl-1.1.0h/crypto/err/err_all.c.fips openssl-1.1.0h/crypto/err/err_all.c
+--- openssl-1.1.0h/crypto/err/err_all.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/err/err_all.c 2018-03-29 14:44:24.630236736 +0200
@@ -43,9 +43,6 @@
int err_load_crypto_strings_int(void)
{
@@ -798,9 +798,9 @@ diff -up openssl-1.1.0g/crypto/err/err_all.c.fips openssl-1.1.0g/crypto/err/err_
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
ERR_load_BN_strings() == 0 ||
-diff -up openssl-1.1.0g/crypto/evp/c_allc.c.fips openssl-1.1.0g/crypto/evp/c_allc.c
---- openssl-1.1.0g/crypto/evp/c_allc.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/c_allc.c 2017-11-03 16:17:27.764155507 +0100
+diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_allc.c
+--- openssl-1.1.0h/crypto/evp/c_allc.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/c_allc.c 2018-03-29 14:44:24.630236736 +0200
@@ -17,6 +17,9 @@
void openssl_add_all_ciphers_int(void)
{
@@ -882,9 +882,9 @@ diff -up openssl-1.1.0g/crypto/evp/c_allc.c.fips openssl-1.1.0g/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0g/crypto/evp/c_alld.c.fips openssl-1.1.0g/crypto/evp/c_alld.c
---- openssl-1.1.0g/crypto/evp/c_alld.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/c_alld.c 2017-11-03 16:17:27.764155507 +0100
+diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_alld.c
+--- openssl-1.1.0h/crypto/evp/c_alld.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/c_alld.c 2018-03-29 14:44:24.630236736 +0200
@@ -16,6 +16,9 @@
void openssl_add_all_digests_int(void)
@@ -911,9 +911,9 @@ diff -up openssl-1.1.0g/crypto/evp/c_alld.c.fips openssl-1.1.0g/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.0g/crypto/evp/digest.c.fips openssl-1.1.0g/crypto/evp/digest.c
---- openssl-1.1.0g/crypto/evp/digest.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/digest.c 2017-11-03 16:17:27.765155531 +0100
+diff -up openssl-1.1.0h/crypto/evp/digest.c.fips openssl-1.1.0h/crypto/evp/digest.c
+--- openssl-1.1.0h/crypto/evp/digest.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/digest.c 2018-03-29 14:44:24.630236736 +0200
@@ -14,6 +14,9 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -973,10 +973,10 @@ diff -up openssl-1.1.0g/crypto/evp/digest.c.fips openssl-1.1.0g/crypto/evp/diges
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
if (size != NULL)
-diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.c
---- openssl-1.1.0g/crypto/evp/e_aes.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/e_aes.c 2017-11-03 16:17:27.765155531 +0100
-@@ -1261,9 +1261,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
+diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes.c
+--- openssl-1.1.0h/crypto/evp/e_aes.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/e_aes.c 2018-03-29 14:44:24.631236760 +0200
+@@ -1263,9 +1263,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
return 1;
}
@@ -989,7 +989,7 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
-@@ -1309,6 +1309,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
+@@ -1311,6 +1311,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
@@ -1001,7 +1001,7 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
/* Allocate memory for IV if needed */
if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
-@@ -1769,11 +1774,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
+@@ -1771,11 +1776,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
@@ -1019,7 +1019,7 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -1908,6 +1916,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1910,6 +1918,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
return 0;
if (!out || !in || len < AES_BLOCK_SIZE)
return 0;
@@ -1034,7 +1034,7 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
if (xctx->stream)
(*xctx->stream) (in, out, len,
xctx->xts.key1, xctx->xts.key2,
-@@ -1925,8 +1941,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+@@ -1927,8 +1943,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
| EVP_CIPH_CUSTOM_COPY)
@@ -1047,7 +1047,7 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
-@@ -2190,11 +2208,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
+@@ -2192,11 +2210,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
#define aes_ccm_cleanup NULL
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
@@ -1062,7 +1062,7 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
typedef struct {
union {
-@@ -2287,7 +2305,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
+@@ -2289,7 +2307,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
return rv ? (int)rv : -1;
}
@@ -1071,9 +1071,9 @@ diff -up openssl-1.1.0g/crypto/evp/e_aes.c.fips openssl-1.1.0g/crypto/evp/e_aes.
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-diff -up openssl-1.1.0g/crypto/evp/e_des3.c.fips openssl-1.1.0g/crypto/evp/e_des3.c
---- openssl-1.1.0g/crypto/evp/e_des3.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/e_des3.c 2017-11-03 16:17:27.765155531 +0100
+diff -up openssl-1.1.0h/crypto/evp/e_des3.c.fips openssl-1.1.0h/crypto/evp/e_des3.c
+--- openssl-1.1.0h/crypto/evp/e_des3.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/e_des3.c 2018-03-29 14:44:24.631236760 +0200
@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
# define des_ede3_cbc_cipher des_ede_cbc_cipher
# define des_ede3_ecb_cipher des_ede_ecb_cipher
@@ -1100,9 +1100,9 @@ diff -up openssl-1.1.0g/crypto/evp/e_des3.c.fips openssl-1.1.0g/crypto/evp/e_des
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff -up openssl-1.1.0g/crypto/evp/e_null.c.fips openssl-1.1.0g/crypto/evp/e_null.c
---- openssl-1.1.0g/crypto/evp/e_null.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/e_null.c 2017-11-03 16:17:27.765155531 +0100
+diff -up openssl-1.1.0h/crypto/evp/e_null.c.fips openssl-1.1.0h/crypto/evp/e_null.c
+--- openssl-1.1.0h/crypto/evp/e_null.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/e_null.c 2018-03-29 14:44:24.631236760 +0200
@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
@@ -1113,9 +1113,9 @@ diff -up openssl-1.1.0g/crypto/evp/e_null.c.fips openssl-1.1.0g/crypto/evp/e_nul
null_init_key,
null_cipher,
NULL,
-diff -up openssl-1.1.0g/crypto/evp/evp_enc.c.fips openssl-1.1.0g/crypto/evp/evp_enc.c
---- openssl-1.1.0g/crypto/evp/evp_enc.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/evp_enc.c 2017-11-03 16:17:27.765155531 +0100
+diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_enc.c
+--- openssl-1.1.0h/crypto/evp/evp_enc.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/evp_enc.c 2018-03-29 14:44:24.631236760 +0200
@@ -16,10 +16,19 @@
#include <openssl/engine.h>
#include "internal/evp_int.h"
@@ -1191,9 +1191,9 @@ diff -up openssl-1.1.0g/crypto/evp/evp_enc.c.fips openssl-1.1.0g/crypto/evp/evp_
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if (!ctx->cipher->init(ctx, key, iv, enc))
-diff -up openssl-1.1.0g/crypto/evp/evp_err.c.fips openssl-1.1.0g/crypto/evp/evp_err.c
---- openssl-1.1.0g/crypto/evp/evp_err.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/evp_err.c 2017-11-03 16:17:27.766155554 +0100
+diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_err.c
+--- openssl-1.1.0h/crypto/evp/evp_err.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/evp_err.c 2018-03-29 14:44:24.631236760 +0200
@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[]
{ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
{ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
@@ -1210,7 +1210,7 @@ diff -up openssl-1.1.0g/crypto/evp/evp_err.c.fips openssl-1.1.0g/crypto/evp/evp_
{ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
{ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
-@@ -148,6 +150,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+@@ -150,6 +152,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -1218,9 +1218,9 @@ diff -up openssl-1.1.0g/crypto/evp/evp_err.c.fips openssl-1.1.0g/crypto/evp/evp_
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
-diff -up openssl-1.1.0g/crypto/evp/evp_lib.c.fips openssl-1.1.0g/crypto/evp/evp_lib.c
---- openssl-1.1.0g/crypto/evp/evp_lib.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/evp_lib.c 2017-11-03 16:17:27.766155554 +0100
+diff -up openssl-1.1.0h/crypto/evp/evp_lib.c.fips openssl-1.1.0h/crypto/evp/evp_lib.c
+--- openssl-1.1.0h/crypto/evp/evp_lib.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/evp_lib.c 2018-03-29 14:44:24.631236760 +0200
@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
@@ -1231,9 +1231,9 @@ diff -up openssl-1.1.0g/crypto/evp/evp_lib.c.fips openssl-1.1.0g/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
-diff -up openssl-1.1.0g/crypto/evp/m_sha1.c.fips openssl-1.1.0g/crypto/evp/m_sha1.c
---- openssl-1.1.0g/crypto/evp/m_sha1.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/evp/m_sha1.c 2017-11-03 16:17:27.766155554 +0100
+diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha1.c
+--- openssl-1.1.0h/crypto/evp/m_sha1.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/evp/m_sha1.c 2018-03-29 15:04:23.512375176 +0200
@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = {
NID_sha1,
NID_sha1WithRSAEncryption,
@@ -1243,16 +1243,16 @@ diff -up openssl-1.1.0g/crypto/evp/m_sha1.c.fips openssl-1.1.0g/crypto/evp/m_sha
init,
update,
final,
-@@ -139,7 +139,7 @@ static const EVP_MD sha224_md = {
+@@ -144,7 +144,7 @@ static const EVP_MD sha224_md = {
NID_sha224,
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
- EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
init224,
- update256,
- final256,
-@@ -158,7 +158,7 @@ static const EVP_MD sha256_md = {
+ update224,
+ final224,
+@@ -163,7 +163,7 @@ static const EVP_MD sha256_md = {
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
@@ -1261,16 +1261,16 @@ diff -up openssl-1.1.0g/crypto/evp/m_sha1.c.fips openssl-1.1.0g/crypto/evp/m_sha
init256,
update256,
final256,
-@@ -198,7 +198,7 @@ static const EVP_MD sha384_md = {
+@@ -213,7 +213,7 @@ static const EVP_MD sha384_md = {
NID_sha384,
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
- EVP_MD_FLAG_DIGALGID_ABSENT,
+ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
init384,
- update512,
- final512,
-@@ -217,7 +217,7 @@ static const EVP_MD sha512_md = {
+ update384,
+ final384,
+@@ -232,7 +232,7 @@ static const EVP_MD sha512_md = {
NID_sha512,
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
@@ -1279,9 +1279,9 @@ diff -up openssl-1.1.0g/crypto/evp/m_sha1.c.fips openssl-1.1.0g/crypto/evp/m_sha
init512,
update512,
final512,
-diff -up openssl-1.1.0g/crypto/fips/build.info.fips openssl-1.1.0g/crypto/fips/build.info
---- openssl-1.1.0g/crypto/fips/build.info.fips 2017-11-03 16:17:27.766155554 +0100
-+++ openssl-1.1.0g/crypto/fips/build.info 2017-11-03 16:17:27.766155554 +0100
+diff -up openssl-1.1.0h/crypto/fips/build.info.fips openssl-1.1.0h/crypto/fips/build.info
+--- openssl-1.1.0h/crypto/fips/build.info.fips 2018-03-29 14:44:24.632236783 +0200
++++ openssl-1.1.0h/crypto/fips/build.info 2018-03-29 14:44:24.632236783 +0200
@@ -0,0 +1,15 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
@@ -1298,9 +1298,9 @@ diff -up openssl-1.1.0g/crypto/fips/build.info.fips openssl-1.1.0g/crypto/fips/b
+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
+INCLUDE[fips_standalone_hmac]=../../include
+DEPEND[fips_standalone_hmac]=../../libcrypto
-diff -up openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_aes_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips 2017-11-03 16:17:27.766155554 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_aes_selftest.c 2017-11-03 16:17:27.766155554 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_aes_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200
++++ openssl-1.1.0h/crypto/fips/fips_aes_selftest.c 2018-03-29 14:44:24.632236783 +0200
@@ -0,0 +1,372 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -1674,9 +1674,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0g/cryp
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips.c.fips openssl-1.1.0g/crypto/fips/fips.c
---- openssl-1.1.0g/crypto/fips/fips.c.fips 2017-11-03 16:17:27.766155554 +0100
-+++ openssl-1.1.0g/crypto/fips/fips.c 2017-11-03 16:17:27.766155554 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips.c.fips openssl-1.1.0h/crypto/fips/fips.c
+--- openssl-1.1.0h/crypto/fips/fips.c.fips 2018-03-29 14:44:24.632236783 +0200
++++ openssl-1.1.0h/crypto/fips/fips.c 2018-03-29 14:44:24.632236783 +0200
@@ -0,0 +1,526 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2204,9 +2204,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips.c.fips openssl-1.1.0g/crypto/fips/fips.
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c 2017-11-03 16:17:27.767155577 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200
++++ openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c 2018-03-29 14:44:24.632236783 +0200
@@ -0,0 +1,156 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2364,9 +2364,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0g/cry
+ return rv;
+}
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_des_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_des_selftest.c 2017-11-03 16:17:27.767155577 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_des_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200
++++ openssl-1.1.0h/crypto/fips/fips_des_selftest.c 2018-03-29 14:44:24.632236783 +0200
@@ -0,0 +1,133 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2501,9 +2501,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0g/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_dh_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips 2017-11-03 16:17:27.767155577 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_dh_selftest.c 2017-11-03 16:17:27.767155577 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dh_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips 2018-03-29 14:44:24.633236807 +0200
++++ openssl-1.1.0h/crypto/fips/fips_dh_selftest.c 2018-03-29 14:44:24.633236807 +0200
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2685,9 +2685,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0g/crypt
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c
---- openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips 2017-11-03 16:17:27.767155577 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c 2017-11-03 16:17:27.767155577 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips 2018-03-29 14:44:24.633236807 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c 2018-03-29 14:44:24.633236807 +0200
@@ -0,0 +1,415 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3104,9 +3104,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0g/crypto/f
+
+ return 1;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_hash.c
---- openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips 2017-11-03 16:17:27.767155577 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_hash.c 2017-11-03 16:17:27.767155577 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hash.c
+--- openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips 2018-03-29 14:44:24.633236807 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_hash.c 2018-03-29 14:44:24.633236807 +0200
@@ -0,0 +1,361 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3469,9 +3469,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0g/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c
---- openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips 2017-11-03 16:17:27.768155600 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c 2017-11-03 16:17:27.768155600 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips 2018-03-29 14:44:24.633236807 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c 2018-03-29 14:44:24.633236807 +0200
@@ -0,0 +1,272 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3745,9 +3745,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0g/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips 2017-11-03 16:17:27.768155600 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_lib.c 2017-11-03 16:17:27.768155600 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_lib.c
+--- openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips 2018-03-29 14:44:24.633236807 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_lib.c 2018-03-29 14:44:24.633236807 +0200
@@ -0,0 +1,555 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
@@ -4304,9 +4304,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0g/crypto/f
+ memcpy(dctx->lb, out, dctx->blocklength);
+ return 1;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips 2017-11-03 16:17:27.768155600 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_rand.c 2017-11-03 16:17:27.768155600 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_rand.c
+--- openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips 2018-03-29 14:44:24.633236807 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_rand.c 2018-03-29 14:44:24.633236807 +0200
@@ -0,0 +1,183 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4491,9 +4491,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0g/crypto/
+{
+ return &rand_drbg_meth;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips 2017-11-03 16:17:27.768155600 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c 2017-11-03 16:17:27.768155600 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c 2018-03-29 14:44:24.634236830 +0200
@@ -0,0 +1,828 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5323,9 +5323,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0g/cry
+ FIPS_drbg_free(dctx);
+ return rv;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h
---- openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips 2017-11-03 16:17:27.769155623 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h 2017-11-03 16:17:27.769155623 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips 2018-03-29 14:44:24.634236830 +0200
++++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h 2018-03-29 14:44:24.634236830 +0200
@@ -0,0 +1,1791 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7118,9 +7118,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0g/cry
+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
+ 0xc2, 0xd6, 0xfd, 0xa5
+};
-diff -up openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips 2017-11-03 16:17:27.769155623 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c 2017-11-03 16:17:27.769155623 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200
++++ openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c 2018-03-29 14:44:24.634236830 +0200
@@ -0,0 +1,195 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7317,9 +7317,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0g/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,242 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7563,9 +7563,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0g/cry
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,166 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7733,9 +7733,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0g/cr
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_enc.c.fips openssl-1.1.0g/crypto/fips/fips_enc.c
---- openssl-1.1.0g/crypto/fips/fips_enc.c.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_enc.c 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_enc.c.fips openssl-1.1.0h/crypto/fips/fips_enc.c
+--- openssl-1.1.0h/crypto/fips/fips_enc.c.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_enc.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,189 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -7926,9 +7926,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_enc.c.fips openssl-1.1.0g/crypto/fips/f
+
+ }
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_err.h.fips openssl-1.1.0g/crypto/fips/fips_err.h
---- openssl-1.1.0g/crypto/fips/fips_err.h.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_err.h 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_err.h.fips openssl-1.1.0h/crypto/fips/fips_err.h
+--- openssl-1.1.0h/crypto/fips/fips_err.h.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_err.h 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,196 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -8126,9 +8126,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_err.h.fips openssl-1.1.0g/crypto/fips/f
+#endif
+ return 1;
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_ers.c.fips openssl-1.1.0g/crypto/fips/fips_ers.c
---- openssl-1.1.0g/crypto/fips/fips_ers.c.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_ers.c 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_ers.c.fips openssl-1.1.0h/crypto/fips/fips_ers.c
+--- openssl-1.1.0h/crypto/fips/fips_ers.c.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_ers.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -8137,9 +8137,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_ers.c.fips openssl-1.1.0g/crypto/fips/f
+#else
+static void *dummy = &dummy;
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -8275,9 +8275,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0g/cry
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_locl.h.fips openssl-1.1.0g/crypto/fips/fips_locl.h
---- openssl-1.1.0g/crypto/fips/fips_locl.h.fips 2017-11-03 16:17:27.770155646 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_locl.h 2017-11-03 16:17:27.770155646 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_locl.h.fips openssl-1.1.0h/crypto/fips/fips_locl.h
+--- openssl-1.1.0h/crypto/fips/fips_locl.h.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_locl.h 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8350,9 +8350,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_locl.h.fips openssl-1.1.0g/crypto/fips/
+}
+# endif
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_md.c.fips openssl-1.1.0g/crypto/fips/fips_md.c
---- openssl-1.1.0g/crypto/fips/fips_md.c.fips 2017-11-03 16:17:27.771155670 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_md.c 2017-11-03 16:17:27.771155670 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_md.c.fips openssl-1.1.0h/crypto/fips/fips_md.c
+--- openssl-1.1.0h/crypto/fips/fips_md.c.fips 2018-03-29 14:44:24.635236854 +0200
++++ openssl-1.1.0h/crypto/fips/fips_md.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,144 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -8498,9 +8498,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_md.c.fips openssl-1.1.0g/crypto/fips/fi
+ return NULL;
+ }
+}
-diff -up openssl-1.1.0g/crypto/fips/fips_post.c.fips openssl-1.1.0g/crypto/fips/fips_post.c
---- openssl-1.1.0g/crypto/fips/fips_post.c.fips 2017-11-03 16:17:27.771155670 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_post.c 2017-11-03 16:17:27.771155670 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_post.c.fips openssl-1.1.0h/crypto/fips/fips_post.c
+--- openssl-1.1.0h/crypto/fips/fips_post.c.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_post.c 2018-03-29 14:44:24.635236854 +0200
@@ -0,0 +1,222 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8724,9 +8724,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_post.c.fips openssl-1.1.0g/crypto/fips/
+ return 1;
+}
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0g/crypto/fips/fips_rand_lcl.h
---- openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips 2017-11-03 16:17:27.771155670 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_rand_lcl.h 2017-11-03 16:17:27.771155670 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0h/crypto/fips/fips_rand_lcl.h
+--- openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_rand_lcl.h 2018-03-29 14:44:24.636236877 +0200
@@ -0,0 +1,209 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8937,9 +8937,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0g/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0g/crypto/fips/fips_rand_lib.c
---- openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips 2017-11-03 16:17:27.771155670 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_rand_lib.c 2017-11-03 16:17:27.771155670 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0h/crypto/fips/fips_rand_lib.c
+--- openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_rand_lib.c 2018-03-29 14:44:24.636236877 +0200
@@ -0,0 +1,234 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9175,9 +9175,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0g/crypto/f
+# endif
+}
+
-diff -up openssl-1.1.0g/crypto/fips/fips_randtest.c.fips openssl-1.1.0g/crypto/fips/fips_randtest.c
---- openssl-1.1.0g/crypto/fips/fips_randtest.c.fips 2017-11-03 16:17:27.771155670 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_randtest.c 2017-11-03 16:17:27.771155670 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_randtest.c.fips openssl-1.1.0h/crypto/fips/fips_randtest.c
+--- openssl-1.1.0h/crypto/fips/fips_randtest.c.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_randtest.c 2018-03-29 14:44:24.636236877 +0200
@@ -0,0 +1,247 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
@@ -9426,9 +9426,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_randtest.c.fips openssl-1.1.0g/crypto/f
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips 2017-11-03 16:17:27.772155692 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c 2018-03-29 14:44:24.636236877 +0200
@@ -0,0 +1,578 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -10008,9 +10008,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0g/cryp
+}
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0g/crypto/fips/fips_sha_selftest.c
---- openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips 2017-11-03 16:17:27.772155692 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_sha_selftest.c 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_sha_selftest.c
+--- openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_sha_selftest.c 2018-03-29 14:44:24.636236877 +0200
@@ -0,0 +1,138 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10150,9 +10150,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0g/cryp
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c
---- openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips 2017-11-03 16:17:27.772155692 +0100
-+++ openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips 2018-03-29 14:44:24.636236877 +0200
++++ openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c 2018-03-29 14:44:24.636236877 +0200
@@ -0,0 +1,127 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10281,9 +10281,9 @@ diff -up openssl-1.1.0g/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0g/c
+#endif
+ return 0;
+}
-diff -up openssl-1.1.0g/crypto/hmac/hmac.c.fips openssl-1.1.0g/crypto/hmac/hmac.c
---- openssl-1.1.0g/crypto/hmac/hmac.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/hmac/hmac.c 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/hmac/hmac.c.fips openssl-1.1.0h/crypto/hmac/hmac.c
+--- openssl-1.1.0h/crypto/hmac/hmac.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/hmac/hmac.c 2018-03-29 14:44:24.636236877 +0200
@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
}
@@ -10298,9 +10298,9 @@ diff -up openssl-1.1.0g/crypto/hmac/hmac.c.fips openssl-1.1.0g/crypto/hmac/hmac.
reset = 1;
j = EVP_MD_block_size(md);
OPENSSL_assert(j <= (int)sizeof(ctx->key));
-diff -up openssl-1.1.0g/crypto/include/internal/fips_int.h.fips openssl-1.1.0g/crypto/include/internal/fips_int.h
---- openssl-1.1.0g/crypto/include/internal/fips_int.h.fips 2017-11-03 16:17:27.772155692 +0100
-+++ openssl-1.1.0g/crypto/include/internal/fips_int.h 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/include/internal/fips_int.h.fips openssl-1.1.0h/crypto/include/internal/fips_int.h
+--- openssl-1.1.0h/crypto/include/internal/fips_int.h.fips 2018-03-29 14:44:24.637236901 +0200
++++ openssl-1.1.0h/crypto/include/internal/fips_int.h 2018-03-29 14:44:24.637236901 +0200
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10403,9 +10403,9 @@ diff -up openssl-1.1.0g/crypto/include/internal/fips_int.h.fips openssl-1.1.0g/c
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+#endif
-diff -up openssl-1.1.0g/crypto/o_fips.c.fips openssl-1.1.0g/crypto/o_fips.c
---- openssl-1.1.0g/crypto/o_fips.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/o_fips.c 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/o_fips.c.fips openssl-1.1.0h/crypto/o_fips.c
+--- openssl-1.1.0h/crypto/o_fips.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/o_fips.c 2018-03-29 14:44:24.637236901 +0200
@@ -9,7 +9,10 @@
#include "internal/cryptlib.h"
@@ -10434,9 +10434,9 @@ diff -up openssl-1.1.0g/crypto/o_fips.c.fips openssl-1.1.0g/crypto/o_fips.c
#else
if (r == 0)
return 1;
-diff -up openssl-1.1.0g/crypto/o_init.c.fips openssl-1.1.0g/crypto/o_init.c
---- openssl-1.1.0g/crypto/o_init.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/o_init.c 2017-11-03 16:17:27.772155692 +0100
+diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c
+--- openssl-1.1.0h/crypto/o_init.c.fips 2018-03-27 15:50:38.000000000 +0200
++++ openssl-1.1.0h/crypto/o_init.c 2018-03-29 14:44:24.637236901 +0200
@@ -7,11 +7,50 @@
* https://www.openssl.org/source/license.html
*/
@@ -10523,9 +10523,9 @@ diff -up openssl-1.1.0g/crypto/o_init.c.fips openssl-1.1.0g/crypto/o_init.c
+{
+ OPENSSL_init_library();
+}
-diff -up openssl-1.1.0g/crypto/rand/md_rand.c.fips openssl-1.1.0g/crypto/rand/md_rand.c
---- openssl-1.1.0g/crypto/rand/md_rand.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rand/md_rand.c 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rand/md_rand.c.fips openssl-1.1.0h/crypto/rand/md_rand.c
+--- openssl-1.1.0h/crypto/rand/md_rand.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rand/md_rand.c 2018-03-29 14:44:24.637236901 +0200
@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf
CRYPTO_THREAD_unlock(rand_tmp_lock);
crypto_lock_rand = 1;
@@ -10535,9 +10535,9 @@ diff -up openssl-1.1.0g/crypto/rand/md_rand.c.fips openssl-1.1.0g/crypto/rand/md
RAND_poll();
initialized = 1;
}
-diff -up openssl-1.1.0g/crypto/rand/rand_err.c.fips openssl-1.1.0g/crypto/rand/rand_err.c
---- openssl-1.1.0g/crypto/rand/rand_err.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rand/rand_err.c 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rand/rand_err.c.fips openssl-1.1.0h/crypto/rand/rand_err.c
+--- openssl-1.1.0h/crypto/rand/rand_err.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rand/rand_err.c 2018-03-29 14:44:24.637236901 +0200
@@ -20,10 +20,13 @@
static ERR_STRING_DATA RAND_str_functs[] = {
@@ -10552,9 +10552,9 @@ diff -up openssl-1.1.0g/crypto/rand/rand_err.c.fips openssl-1.1.0g/crypto/rand/r
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
{0, NULL}
};
-diff -up openssl-1.1.0g/crypto/rand/rand_lcl.h.fips openssl-1.1.0g/crypto/rand/rand_lcl.h
---- openssl-1.1.0g/crypto/rand/rand_lcl.h.fips 2017-11-03 16:17:27.577151176 +0100
-+++ openssl-1.1.0g/crypto/rand/rand_lcl.h 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rand/rand_lcl.h.fips openssl-1.1.0h/crypto/rand/rand_lcl.h
+--- openssl-1.1.0h/crypto/rand/rand_lcl.h.fips 2018-03-29 14:44:24.359230371 +0200
++++ openssl-1.1.0h/crypto/rand/rand_lcl.h 2018-03-29 14:44:24.637236901 +0200
@@ -10,7 +10,7 @@
#ifndef HEADER_RAND_LCL_H
# define HEADER_RAND_LCL_H
@@ -10564,9 +10564,9 @@ diff -up openssl-1.1.0g/crypto/rand/rand_lcl.h.fips openssl-1.1.0g/crypto/rand/r
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
# define USE_SHA1_RAND
-diff -up openssl-1.1.0g/crypto/rand/rand_lib.c.fips openssl-1.1.0g/crypto/rand/rand_lib.c
---- openssl-1.1.0g/crypto/rand/rand_lib.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rand/rand_lib.c 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rand/rand_lib.c.fips openssl-1.1.0h/crypto/rand/rand_lib.c
+--- openssl-1.1.0h/crypto/rand/rand_lib.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rand/rand_lib.c 2018-03-29 14:44:24.637236901 +0200
@@ -18,6 +18,8 @@
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
@@ -10704,9 +10704,9 @@ diff -up openssl-1.1.0g/crypto/rand/rand_lib.c.fips openssl-1.1.0g/crypto/rand/r
+}
+
+#endif
-diff -up openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0g/crypto/rsa/rsa_crpt.c
---- openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rsa/rsa_crpt.c 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa_crpt.c
+--- openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_crpt.c 2018-03-29 14:44:24.637236901 +0200
@@ -28,24 +28,52 @@ int RSA_size(const RSA *r)
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
@@ -10760,9 +10760,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0g/crypto/rsa/rsa
return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-diff -up openssl-1.1.0g/crypto/rsa/rsa_err.c.fips openssl-1.1.0g/crypto/rsa/rsa_err.c
---- openssl-1.1.0g/crypto/rsa/rsa_err.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rsa/rsa_err.c 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rsa/rsa_err.c.fips openssl-1.1.0h/crypto/rsa/rsa_err.c
+--- openssl-1.1.0h/crypto/rsa/rsa_err.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_err.c 2018-03-29 14:44:24.638236924 +0200
@@ -21,6 +21,7 @@
static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
@@ -10808,9 +10808,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_err.c.fips openssl-1.1.0g/crypto/rsa/rsa_
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
-diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_gen.c
---- openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips 2017-11-03 16:17:27.755155299 +0100
-+++ openssl-1.1.0g/crypto/rsa/rsa_gen.c 2017-11-03 16:17:27.773155716 +0100
+diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_gen.c
+--- openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips 2018-03-29 14:44:24.620236501 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-29 15:20:36.277287100 +0200
@@ -18,6 +18,75 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
@@ -10887,7 +10887,7 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
BN_GENCB *cb);
-@@ -31,11 +100,284 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -31,11 +100,303 @@ static int rsa_builtin_keygen(RSA *rsa,
*/
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{
@@ -10914,6 +10914,7 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
+ int n = 0;
+ int test = 0;
+ int pbits = bits / 2;
++ unsigned long error = 0;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
@@ -10981,6 +10982,8 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
+ test = 1;
+
++ BN_set_flags(r2, BN_FLG_CONSTTIME);
++
+ retry:
+ /* generate p and q */
+ for (i = 0; i < 5 * pbits; i++) {
@@ -10996,9 +10999,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
+
+ if (!BN_sub(r2, rsa->p, BN_value_one()))
+ goto err;
-+ if (!BN_gcd(r1, r2, rsa->e, ctx))
-+ goto err;
-+ if (BN_is_one(r1)) {
++ ERR_set_mark();
++ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
++ /* GCD == 1 since inverse exists */
+ int r;
+ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
+ cb);
@@ -11007,6 +11010,14 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
+ if (r > 0)
+ break;
+ }
++ error = ERR_peek_last_error();
++ if (ERR_GET_LIB(error) == ERR_LIB_BN
++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
++ /* GCD != 1 */
++ ERR_pop_to_mark();
++ } else {
++ goto err;
++ }
+
+ if (!BN_GENCB_call(cb, 2, n++))
+ goto err;
@@ -11039,9 +11050,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
+
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err;
-+ if (!BN_gcd(r1, r2, rsa->e, ctx))
-+ goto err;
-+ if (BN_is_one(r1)) {
++ ERR_set_mark();
++ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
++ /* GCD == 1 since inverse exists */
+ int r;
+ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
+ cb);
@@ -11050,6 +11061,14 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
+ if (r > 0)
+ break;
+ }
++ error = ERR_peek_last_error();
++ if (ERR_GET_LIB(error) == ERR_LIB_BN
++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
++ /* GCD != 1 */
++ ERR_pop_to_mark();
++ } else {
++ goto err;
++ }
+
+ if (!BN_GENCB_call(cb, 2, n++))
+ goto err;
@@ -11172,9 +11191,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
BN_GENCB *cb)
{
-@@ -43,6 +385,16 @@ static int rsa_builtin_keygen(RSA *rsa,
- int bitsp, bitsq, ok = -1, n = 0;
+@@ -44,6 +405,16 @@ static int rsa_builtin_keygen(RSA *rsa,
BN_CTX *ctx = NULL;
+ unsigned long error = 0;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
@@ -11189,9 +11208,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_gen.c.fips openssl-1.1.0g/crypto/rsa/rsa_
/*
* When generating ridiculously small keys, we can get stuck
* continually regenerating the same prime values.
-diff -up openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips openssl-1.1.0g/crypto/rsa/rsa_lib.c
---- openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rsa/rsa_lib.c 2017-11-03 16:17:27.774155739 +0100
+diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_lib.c
+--- openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_lib.c 2018-03-29 14:44:24.638236924 +0200
@@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
* to deal with which ENGINE it comes from.
*/
@@ -11234,9 +11253,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_lib.c.fips openssl-1.1.0g/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
goto err;
}
-diff -up openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0g/crypto/rsa/rsa_ossl.c
---- openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rsa/rsa_ossl.c 2017-11-03 16:23:05.795985063 +0100
+diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa_ossl.c
+--- openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_ossl.c 2018-03-29 14:44:24.638236924 +0200
@@ -11,6 +11,10 @@
#include "internal/bn_int.h"
#include "rsa_locl.h"
@@ -11353,9 +11372,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0g/crypto/rsa/rsa
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
-diff -up openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips openssl-1.1.0g/crypto/rsa/rsa_sign.c
---- openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips 2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/rsa/rsa_sign.c 2017-11-03 16:17:27.774155739 +0100
+diff -up openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips openssl-1.1.0h/crypto/rsa/rsa_sign.c
+--- openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_sign.c 2018-03-29 14:44:24.638236924 +0200
@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
@@ -11382,9 +11401,9 @@ diff -up openssl-1.1.0g/crypto/rsa/rsa_sign.c.fips openssl-1.1.0g/crypto/rsa/rsa
if (encrypt_len <= 0)
goto err;
-diff -up openssl-1.1.0g/crypto/sha/sha_locl.h.fips openssl-1.1.0g/crypto/sha/sha_locl.h
---- openssl-1.1.0g/crypto/sha/sha_locl.h.fips 2017-11-03 16:17:27.487149091 +0100
-+++ openssl-1.1.0g/crypto/sha/sha_locl.h 2017-11-03 16:17:27.774155739 +0100
+diff -up openssl-1.1.0h/crypto/sha/sha_locl.h.fips openssl-1.1.0h/crypto/sha/sha_locl.h
+--- openssl-1.1.0h/crypto/sha/sha_locl.h.fips 2018-03-29 14:44:24.237227506 +0200
++++ openssl-1.1.0h/crypto/sha/sha_locl.h 2018-03-29 14:44:24.638236924 +0200
@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
int HASH_INIT(SHA_CTX *c)
@@ -11395,9 +11414,9 @@ diff -up openssl-1.1.0g/crypto/sha/sha_locl.h.fips openssl-1.1.0g/crypto/sha/sha
memset(c, 0, sizeof(*c));
c->h0 = INIT_DATA_h0;
c->h1 = INIT_DATA_h1;
-diff -up openssl-1.1.0g/crypto/sha/sha256.c.fips openssl-1.1.0g/crypto/sha/sha256.c
---- openssl-1.1.0g/crypto/sha/sha256.c.fips 2017-11-02 15:29:04.000000000 +0100
-+++ openssl-1.1.0g/crypto/sha/sha256.c 2017-11-03 16:17:27.774155739 +0100
+diff -up openssl-1.1.0h/crypto/sha/sha256.c.fips openssl-1.1.0h/crypto/sha/sha256.c
+--- openssl-1.1.0h/crypto/sha/sha256.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/sha/sha256.c 2018-03-29 14:44:24.639236948 +0200
@@ -18,6 +18,9 @@
int SHA224_Init(SHA256_CTX *c)
@@ -11418,9 +11437,9 @@ diff -up openssl-1.1.0g/crypto/sha/sha256.c.fips openssl-1.1.0g/crypto/sha/sha25
memset(c, 0, sizeof(*c));
c->h[0] = 0x6a09e667UL;
c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.1.0g/crypto/sha/sha512.c.fips openssl-1.1.0g/crypto/sha/sha512.c
---- openssl-1.1.0g/crypto/sha/sha512.c.fips 2017-11-02 15:29:04.000000000 +0100
-+++ openssl-1.1.0g/crypto/sha/sha512.c 2017-11-03 16:17:27.774155739 +0100
+diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha512.c
+--- openssl-1.1.0h/crypto/sha/sha512.c.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/crypto/sha/sha512.c 2018-03-29 14:44:24.639236948 +0200
@@ -62,6 +62,9 @@
int SHA384_Init(SHA512_CTX *c)
@@ -11441,9 +11460,9 @@ diff -up openssl-1.1.0g/crypto/sha/sha512.c.fips openssl-1.1.0g/crypto/sha/sha51
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod
---- openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips 2017-11-02 15:29:04.000000000 +0100
-+++ openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod 2017-11-03 16:17:27.775155762 +0100
+diff -up openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod
+--- openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips 2018-03-27 15:50:39.000000000 +0200
++++ openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod 2018-03-29 14:44:24.639236948 +0200
@@ -29,8 +29,10 @@ B<bits> is the length of the prime p to
For lengths under 2048 bits, the length of q is 160 bits; for lengths
greater than or equal to 2048 bits, the length of q is set to 256 bits.
@@ -11457,9 +11476,9 @@ diff -up openssl-1.1.0g/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.
DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
-diff -up openssl-1.1.0g/include/openssl/crypto.h.fips openssl-1.1.0g/include/openssl/crypto.h
---- openssl-1.1.0g/include/openssl/crypto.h.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/crypto.h 2017-11-03 16:17:27.775155762 +0100
+diff -up openssl-1.1.0h/include/openssl/crypto.h.fips openssl-1.1.0h/include/openssl/crypto.h
+--- openssl-1.1.0h/include/openssl/crypto.h.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/crypto.h 2018-03-29 14:44:24.640236971 +0200
@@ -336,6 +336,11 @@ int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
@@ -11472,9 +11491,9 @@ diff -up openssl-1.1.0g/include/openssl/crypto.h.fips openssl-1.1.0g/include/ope
void OPENSSL_init(void);
struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-diff -up openssl-1.1.0g/include/openssl/dh.h.fips openssl-1.1.0g/include/openssl/dh.h
---- openssl-1.1.0g/include/openssl/dh.h.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/dh.h 2017-11-03 16:17:27.775155762 +0100
+diff -up openssl-1.1.0h/include/openssl/dh.h.fips openssl-1.1.0h/include/openssl/dh.h
+--- openssl-1.1.0h/include/openssl/dh.h.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/dh.h 2018-03-29 14:44:24.640236971 +0200
@@ -30,6 +30,7 @@ extern "C" {
# endif
@@ -11506,9 +11525,9 @@ diff -up openssl-1.1.0g/include/openssl/dh.h.fips openssl-1.1.0g/include/openssl
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
-diff -up openssl-1.1.0g/include/openssl/dsa.h.fips openssl-1.1.0g/include/openssl/dsa.h
---- openssl-1.1.0g/include/openssl/dsa.h.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/dsa.h 2017-11-03 16:17:27.775155762 +0100
+diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openssl/dsa.h
+--- openssl-1.1.0h/include/openssl/dsa.h.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/dsa.h 2018-03-29 14:44:24.641236994 +0200
@@ -36,6 +36,7 @@ extern "C" {
# endif
@@ -11554,9 +11573,9 @@ diff -up openssl-1.1.0g/include/openssl/dsa.h.fips openssl-1.1.0g/include/openss
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
-diff -up openssl-1.1.0g/include/openssl/evp.h.fips openssl-1.1.0g/include/openssl/evp.h
---- openssl-1.1.0g/include/openssl/evp.h.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/evp.h 2017-11-03 16:17:27.775155762 +0100
+diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openssl/evp.h
+--- openssl-1.1.0h/include/openssl/evp.h.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/evp.h 2018-03-29 14:44:24.641236994 +0200
@@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void);
# define EVP_F_AES_OCB_CIPHER 169
# define EVP_F_AES_T4_INIT_KEY 178
@@ -11573,7 +11592,7 @@ diff -up openssl-1.1.0g/include/openssl/evp.h.fips openssl-1.1.0g/include/openss
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
# define EVP_R_ERROR_LOADING_SECTION 165
-@@ -1574,6 +1576,7 @@ int ERR_load_EVP_strings(void);
+@@ -1575,6 +1577,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
@@ -11581,9 +11600,9 @@ diff -up openssl-1.1.0g/include/openssl/evp.h.fips openssl-1.1.0g/include/openss
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-diff -up openssl-1.1.0g/include/openssl/fips.h.fips openssl-1.1.0g/include/openssl/fips.h
---- openssl-1.1.0g/include/openssl/fips.h.fips 2017-11-03 16:17:27.775155762 +0100
-+++ openssl-1.1.0g/include/openssl/fips.h 2017-11-03 16:17:27.775155762 +0100
+diff -up openssl-1.1.0h/include/openssl/fips.h.fips openssl-1.1.0h/include/openssl/fips.h
+--- openssl-1.1.0h/include/openssl/fips.h.fips 2018-03-29 14:44:24.641236994 +0200
++++ openssl-1.1.0h/include/openssl/fips.h 2018-03-29 14:44:24.641236994 +0200
@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11771,9 +11790,9 @@ diff -up openssl-1.1.0g/include/openssl/fips.h.fips openssl-1.1.0g/include/opens
+}
+# endif
+#endif
-diff -up openssl-1.1.0g/include/openssl/fips_rand.h.fips openssl-1.1.0g/include/openssl/fips_rand.h
---- openssl-1.1.0g/include/openssl/fips_rand.h.fips 2017-11-03 16:17:27.776155785 +0100
-+++ openssl-1.1.0g/include/openssl/fips_rand.h 2017-11-03 16:17:27.776155785 +0100
+diff -up openssl-1.1.0h/include/openssl/fips_rand.h.fips openssl-1.1.0h/include/openssl/fips_rand.h
+--- openssl-1.1.0h/include/openssl/fips_rand.h.fips 2018-03-29 14:44:24.641236994 +0200
++++ openssl-1.1.0h/include/openssl/fips_rand.h 2018-03-29 14:44:24.641236994 +0200
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11920,9 +11939,9 @@ diff -up openssl-1.1.0g/include/openssl/fips_rand.h.fips openssl-1.1.0g/include/
+# endif
+# endif
+#endif
-diff -up openssl-1.1.0g/include/openssl/opensslconf.h.in.fips openssl-1.1.0g/include/openssl/opensslconf.h.in
---- openssl-1.1.0g/include/openssl/opensslconf.h.in.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/opensslconf.h.in 2017-11-03 16:17:27.776155785 +0100
+diff -up openssl-1.1.0h/include/openssl/opensslconf.h.in.fips openssl-1.1.0h/include/openssl/opensslconf.h.in
+--- openssl-1.1.0h/include/openssl/opensslconf.h.in.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/opensslconf.h.in 2018-03-29 14:44:24.642237018 +0200
@@ -136,6 +136,11 @@ extern "C" {
#define RC4_INT {- $config{rc4_int} -}
@@ -11935,9 +11954,9 @@ diff -up openssl-1.1.0g/include/openssl/opensslconf.h.in.fips openssl-1.1.0g/inc
#ifdef __cplusplus
}
#endif
-diff -up openssl-1.1.0g/include/openssl/rand.h.fips openssl-1.1.0g/include/openssl/rand.h
---- openssl-1.1.0g/include/openssl/rand.h.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/rand.h 2017-11-03 16:17:27.776155785 +0100
+diff -up openssl-1.1.0h/include/openssl/rand.h.fips openssl-1.1.0h/include/openssl/rand.h
+--- openssl-1.1.0h/include/openssl/rand.h.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/rand.h 2018-03-29 14:44:24.642237018 +0200
@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
#endif
@@ -11962,9 +11981,9 @@ diff -up openssl-1.1.0g/include/openssl/rand.h.fips openssl-1.1.0g/include/opens
# define RAND_R_PRNG_NOT_SEEDED 100
# ifdef __cplusplus
-diff -up openssl-1.1.0g/include/openssl/rsa.h.fips openssl-1.1.0g/include/openssl/rsa.h
---- openssl-1.1.0g/include/openssl/rsa.h.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/include/openssl/rsa.h 2017-11-03 16:17:27.776155785 +0100
+diff -up openssl-1.1.0h/include/openssl/rsa.h.fips openssl-1.1.0h/include/openssl/rsa.h
+--- openssl-1.1.0h/include/openssl/rsa.h.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/include/openssl/rsa.h 2018-03-29 14:44:24.642237018 +0200
@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void);
/* Function codes. */
# define RSA_F_CHECK_PADDING_MD 140
@@ -12009,9 +12028,9 @@ diff -up openssl-1.1.0g/include/openssl/rsa.h.fips openssl-1.1.0g/include/openss
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
-diff -up openssl-1.1.0g/ssl/ssl_ciph.c.fips openssl-1.1.0g/ssl/ssl_ciph.c
---- openssl-1.1.0g/ssl/ssl_ciph.c.fips 2017-11-03 16:17:27.760155415 +0100
-+++ openssl-1.1.0g/ssl/ssl_ciph.c 2017-11-03 16:17:27.776155785 +0100
+diff -up openssl-1.1.0h/ssl/ssl_ciph.c.fips openssl-1.1.0h/ssl/ssl_ciph.c
+--- openssl-1.1.0h/ssl/ssl_ciph.c.fips 2018-03-29 14:44:24.625236619 +0200
++++ openssl-1.1.0h/ssl/ssl_ciph.c 2018-03-29 14:44:24.643237042 +0200
@@ -404,7 +404,8 @@ void ssl_load_ciphers(void)
}
}
@@ -12031,9 +12050,9 @@ diff -up openssl-1.1.0g/ssl/ssl_ciph.c.fips openssl-1.1.0g/ssl/ssl_ciph.c
continue;
if ((c->algorithm_mkey & disabled_mkey) ||
(c->algorithm_auth & disabled_auth) ||
-diff -up openssl-1.1.0g/ssl/ssl_init.c.fips openssl-1.1.0g/ssl/ssl_init.c
---- openssl-1.1.0g/ssl/ssl_init.c.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/ssl/ssl_init.c 2017-11-03 16:17:27.776155785 +0100
+diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c
+--- openssl-1.1.0h/ssl/ssl_init.c.fips 2018-03-27 15:50:40.000000000 +0200
++++ openssl-1.1.0h/ssl/ssl_init.c 2018-03-29 14:44:24.643237042 +0200
@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
@@ -12077,10 +12096,10 @@ diff -up openssl-1.1.0g/ssl/ssl_init.c.fips openssl-1.1.0g/ssl/ssl_init.c
#ifndef OPENSSL_NO_COMP
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-diff -up openssl-1.1.0g/ssl/ssl_lib.c.fips openssl-1.1.0g/ssl/ssl_lib.c
---- openssl-1.1.0g/ssl/ssl_lib.c.fips 2017-11-03 16:17:27.760155415 +0100
-+++ openssl-1.1.0g/ssl/ssl_lib.c 2017-11-03 16:17:27.777155808 +0100
-@@ -2524,13 +2524,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.1.0h/ssl/ssl_lib.c.fips openssl-1.1.0h/ssl/ssl_lib.c
+--- openssl-1.1.0h/ssl/ssl_lib.c.fips 2018-03-29 14:44:24.625236619 +0200
++++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:44:24.643237042 +0200
+@@ -2588,13 +2588,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (ret->param == NULL)
goto err;
@@ -12105,9 +12124,9 @@ diff -up openssl-1.1.0g/ssl/ssl_lib.c.fips openssl-1.1.0g/ssl/ssl_lib.c
}
if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
-diff -up openssl-1.1.0g/test/dsatest.c.fips openssl-1.1.0g/test/dsatest.c
---- openssl-1.1.0g/test/dsatest.c.fips 2017-11-02 15:29:05.000000000 +0100
-+++ openssl-1.1.0g/test/dsatest.c 2017-11-03 16:17:27.777155808 +0100
+diff -up openssl-1.1.0h/test/dsatest.c.fips openssl-1.1.0h/test/dsatest.c
+--- openssl-1.1.0h/test/dsatest.c.fips 2018-03-27 15:50:41.000000000 +0200
++++ openssl-1.1.0h/test/dsatest.c 2018-03-29 14:44:24.644237065 +0200
@@ -32,41 +32,42 @@ int main(int argc, char *argv[])
static int dsa_cb(int p, int n, BN_GENCB *arg);
@@ -12196,10 +12215,10 @@ diff -up openssl-1.1.0g/test/dsatest.c.fips openssl-1.1.0g/test/dsatest.c
goto end;
}
if (h != 2) {
-diff -up openssl-1.1.0g/util/mkdef.pl.fips openssl-1.1.0g/util/mkdef.pl
---- openssl-1.1.0g/util/mkdef.pl.fips 2017-11-02 15:29:06.000000000 +0100
-+++ openssl-1.1.0g/util/mkdef.pl 2017-11-03 16:17:27.777155808 +0100
-@@ -300,6 +300,8 @@ $crypto.=" include/openssl/modes.h";
+diff -up openssl-1.1.0h/util/mkdef.pl.fips openssl-1.1.0h/util/mkdef.pl
+--- openssl-1.1.0h/util/mkdef.pl.fips 2018-03-27 15:50:41.000000000 +0200
++++ openssl-1.1.0h/util/mkdef.pl 2018-03-29 14:44:24.644237065 +0200
+@@ -311,6 +311,8 @@ $crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";
$crypto.=" include/openssl/ct.h";
$crypto.=" include/openssl/kdf.h";
diff --git a/openssl-1.1.0-silent-rnd-write.patch b/openssl-1.1.0-silent-rnd-write.patch
index 79ac878..da4137c 100644
--- a/openssl-1.1.0-silent-rnd-write.patch
+++ b/openssl-1.1.0-silent-rnd-write.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.0g/apps/app_rand.c.silent-rnd-write openssl-1.1.0g/apps/app_rand.c
---- openssl-1.1.0g/apps/app_rand.c.silent-rnd-write 2017-05-25 14:46:17.000000000 +0200
-+++ openssl-1.1.0g/apps/app_rand.c 2018-01-11 18:05:32.332703425 +0100
+diff -up openssl-1.1.0h/apps/app_rand.c.silent-rnd-write openssl-1.1.0h/apps/app_rand.c
+--- openssl-1.1.0h/apps/app_rand.c.silent-rnd-write 2018-03-27 15:50:37.000000000 +0200
++++ openssl-1.1.0h/apps/app_rand.c 2018-03-29 15:27:24.597891091 +0200
@@ -91,6 +91,7 @@ long app_RAND_load_files(char *name)
int app_RAND_write_file(const char *file)
{
@@ -11,7 +11,7 @@ diff -up openssl-1.1.0g/apps/app_rand.c.silent-rnd-write openssl-1.1.0g/apps/app
/*
@@ -103,8 +104,10 @@ int app_RAND_write_file(const char *file
if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
+ file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
- BIO_printf(bio_err, "unable to write 'random state'\n");
- return 0;
diff --git a/openssl-1.1.0-version-add-engines.patch b/openssl-1.1.0-version-add-engines.patch
index 8088f14..f4b7cf9 100644
--- a/openssl-1.1.0-version-add-engines.patch
+++ b/openssl-1.1.0-version-add-engines.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.0-pre5/apps/version.c.version-add-engines openssl-1.1.0-pre5/apps/version.c
---- openssl-1.1.0-pre5/apps/version.c.version-add-engines 2016-07-18 15:25:52.694531409 +0200
-+++ openssl-1.1.0-pre5/apps/version.c 2016-07-18 15:32:53.943062181 +0200
-@@ -153,7 +153,7 @@ int version_main(int argc, char **argv)
+diff -up openssl-1.1.0h/apps/version.c.version-add-engines openssl-1.1.0h/apps/version.c
+--- openssl-1.1.0h/apps/version.c.version-add-engines 2018-03-27 15:50:37.000000000 +0200
++++ openssl-1.1.0h/apps/version.c 2018-03-29 14:33:30.732879537 +0200
+@@ -52,7 +52,7 @@ int version_main(int argc, char **argv)
{
int ret = 1, dirty = 0;
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
@@ -10,16 +10,16 @@ diff -up openssl-1.1.0-pre5/apps/version.c.version-add-engines openssl-1.1.0-pre
char *prog;
OPTION_CHOICE o;
-@@ -190,7 +190,7 @@ int version_main(int argc, char **argv)
+@@ -90,7 +90,7 @@ opthelp:
dirty = version = 1;
break;
case OPT_A:
-- cflags = version = date = platform = dir = engdir = 1;
-+ cflags = version = date = platform = dir = engdir = engines = 1;
+- options = cflags = version = date = platform = dir = engdir = 1;
++ options = cflags = version = date = platform = dir = engdir = engines = 1;
break;
}
}
-@@ -235,6 +235,16 @@ int version_main(int argc, char **argv)
+@@ -139,6 +139,16 @@ opthelp:
printf("%s\n", OpenSSL_version(OPENSSL_DIR));
if (engdir)
printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
diff --git a/openssl.spec b/openssl.spec
index af665df..61eb0cc 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.0g
-Release: 6%{?dist}
+Version: 1.1.0h
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -86,6 +86,7 @@ Summary: A general purpose cryptography library with TLS implementation
Group: System Environment/Libraries
Requires: ca-certificates >= 2008-5
Requires: crypto-policies
+Recommends: openssl-pkcs11%{?_isa}
# Needed obsoletes due to the base/lib subpackage split
Obsoletes: openssl < 1:1.0.1-0.3.beta3
Obsoletes: openssl-fips < 1:1.0.1e-28
@@ -429,6 +430,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Mar 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0h-1
+- update to upstream version 1.1.0h
+- add Recommends for openssl-pkcs11
+
* Fri Feb 23 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.0g-6
- one more try to apply RPM_LD_FLAGS properly (#1541033)
- dropped unneeded starttls xmpp patch (#1417017)
diff --git a/sources b/sources
index 9fdf9a4..b8fb121 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-1.1.0g-hobbled.tar.xz) = 6020086f57a115b7024a0ce320d3a8c95b172c85b8f9825c6190c9974a77be39e2f3c69006f975c466ad419b2217118f887d5973fa6ed4db8254d402cde1d70b
+SHA512 (openssl-1.1.0h-hobbled.tar.xz) = cba4641956d6593f5cf5164bed12fb3acfaa9c24a69d5642cc0267d0918555450a12ddeac6e02b246afa64e7019f35baa0d9302d1f06e3be5555d8340319c5e4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: update to upstream version 1.1.0h Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox