public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: update to the 1.1.1e release
Date: Tue, 09 Jun 2026 12:44:40 GMT [thread overview]
Message-ID: <178100908033.1.449437681915410189.rpms-openssl-c11b71fd2fd6@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : c11b71fd2fd6fbbf60bff5c09de3e366172c8c38
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2020-03-19T17:44:25+01:00
Stats : +1438/-1354 in 17 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/c11b71fd2fd6fbbf60bff5c09de3e366172c8c38?branch=rebase_40beta
Log:
update to the 1.1.1e release
add selftest of the RAND_DRBG implementation
fix incorrect error return value from FIPS_selftest_dsa
---
diff --git a/.gitignore b/.gitignore
index f5aac5a..d7d7167 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1b-hobbled.tar.xz
/openssl-1.1.1c-hobbled.tar.xz
/openssl-1.1.1d-hobbled.tar.xz
+/openssl-1.1.1e-hobbled.tar.xz
diff --git a/ec_curve.c b/ec_curve.c
index 342765a..9171ed4 100644
--- a/ec_curve.c
+++ b/ec_curve.c
@@ -9,7 +9,7 @@
*/
#include <string.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/opensslconf.h>
diff --git a/ectest.c b/ectest.c
index ef4e6b9..c16642e 100644
--- a/ectest.c
+++ b/ectest.c
@@ -1116,7 +1116,8 @@ static int parameter_test(void)
unsigned char *buf = NULL;
int r = 0, len;
- if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1))
+ /* must use a curve without a special group method */
+ if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp256k1))
|| !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
|| !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
|| !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
@@ -1324,7 +1325,107 @@ static int cardinality_test(int n)
BN_CTX_free(ctx);
return ret;
}
-#endif
+
+/*
+ * Helper for ec_point_hex2point_test
+ *
+ * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given
+ * (group,P) pair.
+ *
+ * If P is NULL use point at infinity.
+ */
+static ossl_inline
+int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P,
+ point_conversion_form_t form,
+ BN_CTX *bnctx)
+{
+ int ret = 0;
+ EC_POINT *Q = NULL, *Pinf = NULL;
+ char *hex = NULL;
+
+ if (P == NULL) {
+ /* If P is NULL use point at infinity. */
+ if (!TEST_ptr(Pinf = EC_POINT_new(group))
+ || !TEST_true(EC_POINT_set_to_infinity(group, Pinf)))
+ goto err;
+ P = Pinf;
+ }
+
+ if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx))
+ || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx))
+ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx)))
+ goto err;
+
+ /*
+ * The next check is most likely superfluous, as EC_POINT_cmp should already
+ * cover this.
+ * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity,
+ * so we include it anyway!
+ */
+ if (Pinf != NULL
+ && !TEST_true(EC_POINT_is_at_infinity(group, Q)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ EC_POINT_free(Pinf);
+ OPENSSL_free(hex);
+ EC_POINT_free(Q);
+
+ return ret;
+}
+
+/*
+ * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex()
+ */
+static int ec_point_hex2point_test(int id)
+{
+ int ret = 0, nid;
+ EC_GROUP *group = NULL;
+ const EC_POINT *G = NULL;
+ EC_POINT *P = NULL;
+ BN_CTX * bnctx = NULL;
+
+ /* Do some setup */
+ nid = curves[id].nid;
+ if (!TEST_ptr(bnctx = BN_CTX_new())
+ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
+ || !TEST_ptr(G = EC_GROUP_get0_generator(group))
+ || !TEST_ptr(P = EC_POINT_dup(G, group)))
+ goto err;
+
+ if (!TEST_true(ec_point_hex2point_test_helper(group, P,
+ POINT_CONVERSION_COMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
+ POINT_CONVERSION_COMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, P,
+ POINT_CONVERSION_UNCOMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
+ POINT_CONVERSION_UNCOMPRESSED,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, P,
+ POINT_CONVERSION_HYBRID,
+ bnctx))
+ || !TEST_true(ec_point_hex2point_test_helper(group, NULL,
+ POINT_CONVERSION_HYBRID,
+ bnctx)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ EC_POINT_free(P);
+ EC_GROUP_free(group);
+ BN_CTX_free(bnctx);
+
+ return ret;
+}
+
+#endif /* OPENSSL_NO_EC */
int setup_tests(void)
{
@@ -1350,6 +1451,7 @@ int setup_tests(void)
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len);
+ ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
#endif /* OPENSSL_NO_EC */
return 1;
}
diff --git a/openssl-1.1.1-aes-asm.patch b/openssl-1.1.1-aes-asm.patch
deleted file mode 100644
index 65b8213..0000000
--- a/openssl-1.1.1-aes-asm.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-commit 61cc715240d2d3f9511ca88043a3e9797c11482f
-Author: Richard Levitte <levitte@openssl.org>
-Date: Thu Oct 3 08:28:31 2019 +0200
-
- Define AESNI_ASM if AESNI assembler is included, and use it
-
- Because we have cases where basic assembler support isn't present, but
- AESNI asssembler support is, we need a separate macro that indicates
- that, and use it.
-
- Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
- Reviewed-by: Paul Dale <paul.dale@oracle.com>
- (Merged from https://github.com/openssl/openssl/pull/10080)
-
-diff --git a/Configure b/Configure
-index 811bee81f5..f498ac2f81 100755
---- a/Configure
-+++ b/Configure
-@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) {
- }
- if ($target{aes_asm_src}) {
- push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
-+ push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
- # aes-ctr.fake is not a real file, only indication that assembler
- # module implements AES_ctr32_encrypt...
- push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index c9f5969162..27c36b46e7 100644
---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
-@@ -33,7 +33,7 @@ typedef struct {
-
- #define NO_PAYLOAD_LENGTH ((size_t)-1)
-
--#if defined(AES_ASM) && ( \
-+#if defined(AESNI_ASM) && ( \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) )
-
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
-index d5178313ae..cc622b6faa 100644
---- a/crypto/evp/e_aes_cbc_hmac_sha256.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
-@@ -34,7 +34,7 @@ typedef struct {
-
- # define NO_PAYLOAD_LENGTH ((size_t)-1)
-
--#if defined(AES_ASM) && ( \
-+#if defined(AESNI_ASM) && ( \
- defined(__x86_64) || defined(__x86_64__) || \
- defined(_M_AMD64) || defined(_M_X64) )
-
-@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
- {
- return NULL;
- }
--#endif
-+#endif /* AESNI_ASM */
diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch
index b25dffb..f1d7618 100644
--- a/openssl-1.1.1-evp-kdf.patch
+++ b/openssl-1.1.1-evp-kdf.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err/openssl.txt
---- openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/err/openssl.txt 2019-09-13 15:45:01.723001323 +0200
+diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt
+--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-19 16:04:11.299063517 +0100
@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
@@ -51,7 +51,7 @@ diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
-@@ -2273,6 +2296,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
+@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
@@ -59,7 +59,7 @@ diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
-@@ -2309,6 +2333,7 @@ KDF_R_MISSING_SEED:106:missing seed
+@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
KDF_R_VALUE_ERROR:108:value error
KDF_R_VALUE_MISSING:102:value missing
@@ -67,9 +67,9 @@ diff -up openssl-1.1.1d/crypto/err/openssl.txt.evp-kdf openssl-1.1.1d/crypto/err
OBJ_R_OID_EXISTS:102:oid exists
OBJ_R_UNKNOWN_NID:101:unknown nid
OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
-diff -up openssl-1.1.1d/crypto/evp/build.info.evp-kdf openssl-1.1.1d/crypto/evp/build.info
---- openssl-1.1.1d/crypto/evp/build.info.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/build.info 2019-09-13 15:39:20.268982830 +0200
+diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info
+--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/build.info 2020-03-19 16:04:11.300063500 +0100
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@@ -80,35 +80,36 @@ diff -up openssl-1.1.1d/crypto/evp/build.info.evp-kdf openssl-1.1.1d/crypto/evp/
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c cmeth_lib.c
-diff -up openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c
---- openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c 2019-09-13 15:39:20.268982830 +0200
-@@ -14,8 +14,8 @@
+diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
+--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2020-03-19 16:04:11.300063500 +0100
++++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-19 16:16:46.497967633 +0100
+@@ -14,9 +14,9 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
--# include "evp_locl.h"
- # include "internal/evp_int.h"
-+# include "evp_locl.h"
- # include "internal/chacha.h"
+-# include "evp_local.h"
+ # include "crypto/evp.h"
+ # include "crypto/chacha.h"
++# include "evp_local.h"
typedef struct {
-diff -up openssl-1.1.1d/crypto/evp/encode.c.evp-kdf openssl-1.1.1d/crypto/evp/encode.c
---- openssl-1.1.1d/crypto/evp/encode.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/encode.c 2019-09-13 15:39:20.268982830 +0200
+ union {
+diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c
+--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf 2020-03-19 16:04:11.301063483 +0100
++++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-19 16:14:13.147628683 +0100
@@ -11,8 +11,8 @@
#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
--#include "evp_locl.h"
- #include "internal/evp_int.h"
-+#include "evp_locl.h"
+-#include "evp_local.h"
+ #include "crypto/evp.h"
++#include "evp_local.h"
static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table);
-diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/evp_err.c
---- openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf 2019-09-13 15:39:20.226983569 +0200
-+++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-13 15:44:00.070076961 +0200
+diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c
+--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf 2020-03-19 16:04:11.218064919 +0100
++++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-19 16:04:11.302063465 +0100
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
"EVP_EncryptFinal_ex"},
@@ -134,7 +135,7 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/e
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
{0, NULL}
};
-@@ -240,6 +245,8 @@ static const ERR_STRING_DATA EVP_str_rea
+@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
@@ -143,9 +144,9 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1d/crypto/evp/e
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
-diff -up openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1d/crypto/evp/evp_locl.h
---- openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf 2019-09-13 15:39:19.820990718 +0200
-+++ openssl-1.1.1d/crypto/evp/evp_locl.h 2019-09-13 15:39:24.144914578 +0200
+diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h
+--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf 2020-03-19 16:04:10.657074629 +0100
++++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-19 16:04:20.722900404 +0100
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
} /* EVP_CIPHER_CTX */ ;
@@ -158,20 +159,20 @@ diff -up openssl-1.1.1d/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1d/crypto/evp/
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md,
-diff -up openssl-1.1.1d/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1d/crypto/evp/evp_pbe.c
---- openssl-1.1.1d/crypto/evp/evp_pbe.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/evp_pbe.c 2019-09-13 15:39:24.145914561 +0200
+diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c
+--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100
++++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-19 16:11:56.425001210 +0100
@@ -12,6 +12,7 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
-+#include "internal/evp_int.h"
- #include "evp_locl.h"
++#include "crypto/evp.h"
+ #include "evp_local.h"
/* Password based encryption (PBE) functions */
-diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/kdf_lib.c
---- openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf 2019-09-13 15:39:24.146914543 +0200
-+++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2019-09-13 15:39:24.146914543 +0200
+diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c
+--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100
++++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-19 16:04:20.723900386 +0100
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -190,10 +191,10 @@ diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/k
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include <openssl/kdf.h>
-+#include "internal/asn1_int.h"
-+#include "internal/evp_int.h"
++#include "crypto/asn1.h"
++#include "crypto/evp.h"
+#include "internal/numbers.h"
-+#include "evp_locl.h"
++#include "evp_local.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+
@@ -338,9 +339,9 @@ diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1d/crypto/evp/k
+ return ctx->kmeth->derive(ctx->impl, key, keylen);
+}
+
-diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/p5_crpt2.c
---- openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/p5_crpt2.c 2019-09-13 15:39:24.147914525 +0200
+diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c
+--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-19 16:17:48.822886126 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -355,13 +356,13 @@ diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/
-# include <openssl/x509.h>
-# include <openssl/evp.h>
-# include <openssl/hmac.h>
--# include "evp_locl.h"
+-# include "evp_local.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include <openssl/hmac.h>
-+#include "internal/evp_int.h"
-+#include "evp_locl.h"
++#include "crypto/evp.h"
++#include "evp_local.h"
/* set this to print out info about the keygen algorithm */
/* #define OPENSSL_DEBUG_PKCS5V2 */
@@ -489,9 +490,9 @@ diff -up openssl-1.1.1d/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1d/crypto/evp/
}
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-diff -up openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1d/crypto/evp/pbe_scrypt.c
---- openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c 2019-09-13 15:39:24.150914473 +0200
+diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c
+--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-19 16:04:20.725900352 +0100
@@ -7,135 +7,12 @@
* https://www.openssl.org/source/license.html
*/
@@ -762,9 +763,9 @@ diff -up openssl-1.1.1d/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1d/crypto/ev
}
+
#endif
-diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/pkey_kdf.c
---- openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf 2019-09-13 15:39:24.154914402 +0200
-+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c 2019-09-13 15:39:24.154914402 +0200
+diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c
+--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf 2020-03-19 16:04:20.726900334 +0100
++++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-19 16:04:20.725900352 +0100
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -780,7 +781,7 @@ diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/kdf.h>
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+
+static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
+{
@@ -1021,45 +1022,17 @@ diff -up openssl-1.1.1d/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1d/crypto/evp/
+ pkey_kdf_ctrl_str
+};
+
-diff -up openssl-1.1.1d/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1d/crypto/include/internal/evp_int.h
---- openssl-1.1.1d/crypto/include/internal/evp_int.h.evp-kdf 2019-09-13 15:39:19.873989785 +0200
-+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2019-09-13 15:39:24.155914384 +0200
-@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
- extern const EVP_PKEY_METHOD poly1305_pkey_meth;
- extern const EVP_PKEY_METHOD siphash_pkey_meth;
-
-+/* struct evp_kdf_impl_st is defined by the implementation */
-+typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
-+typedef struct {
-+ int type;
-+ EVP_KDF_IMPL *(*new) (void);
-+ void (*free) (EVP_KDF_IMPL *impl);
-+ void (*reset) (EVP_KDF_IMPL *impl);
-+ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
-+ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
-+ size_t (*size) (EVP_KDF_IMPL *impl);
-+ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
-+} EVP_KDF_METHOD;
-+
-+extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
-+extern const EVP_KDF_METHOD scrypt_kdf_meth;
-+extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
-+extern const EVP_KDF_METHOD hkdf_kdf_meth;
-+
- struct evp_md_st {
- int type;
- int pkey_type;
-diff -up openssl-1.1.1d/crypto/kdf/build.info.evp-kdf openssl-1.1.1d/crypto/kdf/build.info
---- openssl-1.1.1d/crypto/kdf/build.info.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/kdf/build.info 2019-09-13 15:39:24.156914367 +0200
+diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info
+--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-19 16:04:32.347699194 +0100
@@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- tls1_prf.c kdf_err.c hkdf.c scrypt.c
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
-diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf.c
---- openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/kdf/hkdf.c 2019-09-13 15:39:24.158914332 +0200
+diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c
+--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-19 16:06:59.757147720 +0100
@@ -8,32 +8,33 @@
*/
@@ -1067,11 +1040,10 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
+#include <stdarg.h>
#include <string.h>
#include <openssl/hmac.h>
--#include <openssl/kdf.h>
+ #include <openssl/kdf.h>
#include <openssl/evp.h>
-+#include <openssl/kdf.h>
#include "internal/cryptlib.h"
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
+#include "kdf_local.h"
#define HKDF_MAXBUF 1024
@@ -1192,18 +1164,18 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
return 1;
- if (p1 < 0)
-- return 0;
--
-- if (kctx->salt != NULL)
-- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
--
-- kctx->salt = OPENSSL_memdup(p2, p1);
-- if (kctx->salt == NULL)
+ OPENSSL_free(impl->salt);
+ impl->salt = OPENSSL_memdup(p, len);
+ if (impl->salt == NULL)
return 0;
+- if (kctx->salt != NULL)
+- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+-
+- kctx->salt = OPENSSL_memdup(p2, p1);
+- if (kctx->salt == NULL)
+- return 0;
+-
- kctx->salt_len = p1;
+ impl->salt_len = len;
return 1;
@@ -1321,14 +1293,14 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
+static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl)
{
- HKDF_PKEY_CTX *kctx = ctx->data;
--
++ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
++ return SIZE_MAX;
+
- OPENSSL_clear_free(kctx->key, kctx->key_len);
- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
- OPENSSL_cleanse(kctx->info, kctx->info_len);
- memset(kctx, 0, sizeof(*kctx));
-+ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
-+ return SIZE_MAX;
-
+-
- return 1;
+ if (impl->md == NULL) {
+ KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST);
@@ -1526,9 +1498,9 @@ diff -up openssl-1.1.1d/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1d/crypto/kdf/hkdf
err:
OPENSSL_cleanse(prev, sizeof(prev));
-diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_err.c
---- openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2019-09-13 15:39:24.159914314 +0200
+diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c
+--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-19 16:04:32.349699159 +0100
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
@@ -1584,9 +1556,9 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1d/crypto/kdf/k
{0, NULL}
};
-diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_local.h
---- openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf 2019-09-13 15:39:24.160914297 +0200
-+++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2019-09-13 15:39:24.160914297 +0200
+diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h
+--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf 2020-03-19 16:04:32.349699159 +0100
++++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-19 16:04:32.349699159 +0100
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -1610,9 +1582,9 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1d/crypto/kdf
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
+ int cmd, const char *md_name);
+
-diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/kdf_util.c
---- openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf 2019-09-13 15:39:24.161914279 +0200
-+++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2019-09-13 15:39:24.160914297 +0200
+diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c
+--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf 2020-03-19 16:04:32.350699142 +0100
++++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-19 16:04:32.350699142 +0100
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -1629,7 +1601,7 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+#include "internal/numbers.h"
+#include "kdf_local.h"
+
@@ -1687,9 +1659,9 @@ diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1d/crypto/kdf/
+ return call_ctrl(ctrl, impl, cmd, md);
+}
+
-diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pbkdf2.c
---- openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf 2019-09-13 15:39:24.162914261 +0200
-+++ openssl-1.1.1d/crypto/kdf/pbkdf2.c 2019-09-13 15:39:24.162914261 +0200
+diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c
+--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf 2020-03-19 16:04:32.374698727 +0100
++++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-19 16:04:32.374698727 +0100
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -1707,7 +1679,7 @@ diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pb
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+#include "kdf_local.h"
+
+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl);
@@ -1955,22 +1927,21 @@ diff -up openssl-1.1.1d/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1d/crypto/kdf/pb
+ HMAC_CTX_free(hctx_tpl);
+ return ret;
+}
-diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/scrypt.c
---- openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/kdf/scrypt.c 2019-09-13 15:39:24.164914226 +0200
-@@ -8,25 +8,34 @@
+diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c
+--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-19 16:11:06.215872475 +0100
+@@ -8,25 +8,35 @@
*/
#include <stdlib.h>
+#include <stdarg.h>
#include <string.h>
--#include <openssl/hmac.h>
--#include <openssl/kdf.h>
+ #include <openssl/hmac.h>
+ #include <openssl/kdf.h>
#include <openssl/evp.h>
-#include "internal/cryptlib.h"
-+#include <openssl/kdf.h>
+#include <openssl/err.h>
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
+#include "internal/numbers.h"
+#include "kdf_local.h"
@@ -1999,7 +1970,7 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
/* Custom uint64_t parser since we do not have strtoull */
static int atou64(const char *nptr, uint64_t *result)
-@@ -53,51 +62,53 @@ static int atou64(const char *nptr, uint
+@@ -53,51 +63,53 @@ static int atou64(const char *nptr, uint
return 1;
}
@@ -2084,7 +2055,7 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
if (new_buflen > 0) {
*buffer = OPENSSL_memdup(new_buffer, new_buflen);
-@@ -105,7 +116,7 @@ static int pkey_scrypt_set_membuf(unsign
+@@ -105,7 +117,7 @@ static int pkey_scrypt_set_membuf(unsign
*buffer = OPENSSL_malloc(1);
}
if (*buffer == NULL) {
@@ -2093,7 +2064,7 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
return 0;
}
-@@ -118,149 +129,378 @@ static int is_power_of_two(uint64_t valu
+@@ -118,149 +130,378 @@ static int is_power_of_two(uint64_t valu
return (value != 0) && ((value & (value - 1)) == 0);
}
@@ -2546,9 +2517,9 @@ diff -up openssl-1.1.1d/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1d/crypto/kdf/sc
+}
#endif
-diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/tls1_prf.c
---- openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/kdf/tls1_prf.c 2019-09-13 15:39:24.167914173 +0200
+diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c
+--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-19 16:10:32.317460707 +0100
@@ -8,11 +8,15 @@
*/
@@ -2556,10 +2527,9 @@ diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/
+#include <stdarg.h>
+#include <string.h>
#include "internal/cryptlib.h"
--#include <openssl/kdf.h>
+ #include <openssl/kdf.h>
#include <openssl/evp.h>
-+#include <openssl/kdf.h>
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
+#include "kdf_local.h"
+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl);
@@ -2659,15 +2629,15 @@ diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/
- kctx->seclen = p1;
+
+ impl->seclen = len;
++ return 1;
++
++ case EVP_KDF_CTRL_RESET_TLS_SEED:
++ OPENSSL_cleanse(impl->seed, impl->seedlen);
++ impl->seedlen = 0;
return 1;
- case EVP_PKEY_CTRL_TLS_SEED:
- if (p1 == 0 || p2 == NULL)
-+ case EVP_KDF_CTRL_RESET_TLS_SEED:
-+ OPENSSL_cleanse(impl->seed, impl->seedlen);
-+ impl->seedlen = 0;
-+ return 1;
-+
+ case EVP_KDF_CTRL_ADD_TLS_SEED:
+ p = va_arg(args, const unsigned char *);
+ len = va_arg(args, size_t);
@@ -2832,9 +2802,9 @@ diff -up openssl-1.1.1d/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1d/crypto/kdf/
OPENSSL_clear_free(tmp, olen);
return 0;
}
-diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
---- openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2019-09-13 15:39:24.169914138 +0200
-+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2019-09-13 15:39:24.169914138 +0200
+diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
+--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100
++++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-19 16:04:32.377698675 +0100
@@ -0,0 +1,217 @@
+=pod
+
@@ -3053,9 +3023,9 @@ diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1d/doc/man3
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
---- openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2019-09-13 15:39:24.171914103 +0200
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod 2019-09-13 15:39:24.171914103 +0200
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
+--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100
++++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-19 16:04:32.377698675 +0100
@@ -0,0 +1,180 @@
+=pod
+
@@ -3237,9 +3207,9 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1d/doc/man
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
---- openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2019-09-13 15:39:24.172914085 +0200
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod 2019-09-13 15:39:24.172914085 +0200
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
+--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
++++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-19 16:04:32.378698658 +0100
@@ -0,0 +1,78 @@
+=pod
+
@@ -3319,9 +3289,9 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1d/doc/m
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
---- openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2019-09-13 15:39:24.173914068 +0200
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod 2019-09-13 15:39:24.173914068 +0200
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
+--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
++++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-19 16:04:32.378698658 +0100
@@ -0,0 +1,149 @@
+=pod
+
@@ -3472,9 +3442,9 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1d/doc/m
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff -up openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
---- openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2019-09-13 15:39:24.174914050 +0200
-+++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-09-13 15:39:24.174914050 +0200
+diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
+--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
++++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-19 16:04:32.378698658 +0100
@@ -0,0 +1,142 @@
+=pod
+
@@ -3618,9 +3588,37 @@ diff -up openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1d/doc
+L<https://www.openssl.org/source/license.html>.
+
+=cut
-diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/openssl/evperr.h
---- openssl-1.1.1d/include/openssl/evperr.h.evp-kdf 2019-09-13 15:39:20.242983287 +0200
-+++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-13 15:42:42.818424742 +0200
+diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h
+--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/crypto/evp.h 2020-03-19 16:04:32.347699194 +0100
+@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
+ extern const EVP_PKEY_METHOD poly1305_pkey_meth;
+ extern const EVP_PKEY_METHOD siphash_pkey_meth;
+
++/* struct evp_kdf_impl_st is defined by the implementation */
++typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
++typedef struct {
++ int type;
++ EVP_KDF_IMPL *(*new) (void);
++ void (*free) (EVP_KDF_IMPL *impl);
++ void (*reset) (EVP_KDF_IMPL *impl);
++ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
++ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
++ size_t (*size) (EVP_KDF_IMPL *impl);
++ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
++} EVP_KDF_METHOD;
++
++extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
++extern const EVP_KDF_METHOD scrypt_kdf_meth;
++extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
++extern const EVP_KDF_METHOD hkdf_kdf_meth;
++
+ struct evp_md_st {
+ int type;
+ int pkey_type;
+diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h
+--- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf 2020-03-19 16:04:11.250064365 +0100
++++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-19 16:04:32.379698640 +0100
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
@@ -3645,7 +3643,7 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/
# define EVP_F_UPDATE 173
/*
-@@ -180,6 +185,7 @@ int ERR_load_EVP_strings(void);
+@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
@@ -3653,9 +3651,9 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.evp-kdf openssl-1.1.1d/include/
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
-diff -up openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf openssl-1.1.1d/include/openssl/kdferr.h
---- openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/kdferr.h 2019-09-13 15:39:34.856725957 +0200
+diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h
+--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-19 16:04:32.379698640 +0100
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
/*
* KDF function codes.
@@ -3695,9 +3693,9 @@ diff -up openssl-1.1.1d/include/openssl/kdferr.h.evp-kdf openssl-1.1.1d/include/
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
#endif
-diff -up openssl-1.1.1d/include/openssl/kdf.h.evp-kdf openssl-1.1.1d/include/openssl/kdf.h
---- openssl-1.1.1d/include/openssl/kdf.h.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/kdf.h 2019-09-13 15:39:34.857725939 +0200
+diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h
+--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-19 16:04:32.380698623 +0100
@@ -10,10 +10,50 @@
#ifndef HEADER_KDF_H
# define HEADER_KDF_H
@@ -3776,9 +3774,9 @@ diff -up openssl-1.1.1d/include/openssl/kdf.h.evp-kdf openssl-1.1.1d/include/ope
}
# endif
#endif
-diff -up openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1d/include/openssl/ossl_typ.h
---- openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/ossl_typ.h 2019-09-13 15:39:34.858725922 +0200
+diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h
+--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-19 16:04:32.381698606 +0100
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@@ -3788,9 +3786,9 @@ diff -up openssl-1.1.1d/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1d/includ
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
typedef struct hmac_ctx_st HMAC_CTX;
-diff -up openssl-1.1.1d/test/build.info.evp-kdf openssl-1.1.1d/test/build.info
---- openssl-1.1.1d/test/build.info.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/build.info 2019-09-13 15:39:34.861725869 +0200
+diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
+--- openssl-1.1.1e/test/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/build.info 2020-03-19 16:04:32.381698606 +0100
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test bio_memleak_test \
@@ -3812,9 +3810,9 @@ diff -up openssl-1.1.1d/test/build.info.evp-kdf openssl-1.1.1d/test/build.info
SOURCE[x509_time_test]=x509_time_test.c
INCLUDE[x509_time_test]=../include
DEPEND[x509_time_test]=../libcrypto libtestutil.a
-diff -up openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf openssl-1.1.1d/test/evp_kdf_test.c
---- openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf 2019-09-13 15:39:34.862725851 +0200
-+++ openssl-1.1.1d/test/evp_kdf_test.c 2019-09-13 15:39:34.862725851 +0200
+diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c
+--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf 2020-03-19 16:04:32.382698588 +0100
++++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-19 16:04:32.382698588 +0100
@@ -0,0 +1,237 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@@ -4053,9 +4051,9 @@ diff -up openssl-1.1.1d/test/evp_kdf_test.c.evp-kdf openssl-1.1.1d/test/evp_kdf_
+#endif
+ return 1;
+}
-diff -up openssl-1.1.1d/test/evp_test.c.evp-kdf openssl-1.1.1d/test/evp_test.c
---- openssl-1.1.1d/test/evp_test.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/evp_test.c 2019-09-13 15:39:34.865725798 +0200
+diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
+--- openssl-1.1.1e/test/evp_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/evp_test.c 2020-03-19 16:04:32.383698571 +0100
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
encode_test_run,
};
@@ -4267,9 +4265,9 @@ diff -up openssl-1.1.1d/test/evp_test.c.evp-kdf openssl-1.1.1d/test/evp_test.c
&keypair_test_method,
&keygen_test_method,
&mac_test_method,
-diff -up openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1d/test/pkey_meth_kdf_test.c
---- openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/pkey_meth_kdf_test.c 2019-09-13 15:39:34.867725763 +0200
+diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c
+--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-19 16:04:32.386698519 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -4473,9 +4471,9 @@ diff -up openssl-1.1.1d/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1d/test/pk
}
#endif
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
---- openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-13 15:39:34.870725710 +0200
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
+--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-19 16:04:32.388698484 +0100
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@@ -4874,9 +4872,9 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
+Ctrl.digest = digest:sha512
+Output = 00ef42cdbfc98d29db20976608e455567fdddf14
+
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
---- openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2019-09-13 15:39:34.873725658 +0200
-+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-09-13 15:39:34.872725675 +0200
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
+--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2020-03-19 16:04:32.389698467 +0100
++++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-19 16:04:32.389698467 +0100
@@ -0,0 +1,305 @@
+#
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -5183,9 +5181,9 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
+Ctrl.p = p:1
+Result = INTERNAL_ERROR
+
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
---- openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf 2019-09-13 15:39:34.875725622 +0200
-+++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t 2019-09-13 15:39:34.875725622 +0200
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
+--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf 2020-03-19 16:04:32.390698450 +0100
++++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-19 16:04:32.390698450 +0100
@@ -0,0 +1,13 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -5200,9 +5198,9 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1d/te
+use OpenSSL::Test::Simple;
+
+simple_test("test_evp_kdf", "evp_kdf_test");
-diff -up openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1d/test/recipes/30-test_evp.t
---- openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/recipes/30-test_evp.t 2019-09-13 15:39:34.876725605 +0200
+diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t
+--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-19 16:04:32.390698450 +0100
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
setup("test_evp");
@@ -5212,10 +5210,10 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1d/test/r
"evpcase.txt", "evpccmcavs.txt" );
plan tests => scalar(@files);
-diff -up openssl-1.1.1d/util/libcrypto.num.evp-kdf openssl-1.1.1d/util/libcrypto.num
---- openssl-1.1.1d/util/libcrypto.num.evp-kdf 2019-09-13 15:39:20.248983182 +0200
-+++ openssl-1.1.1d/util/libcrypto.num 2019-09-13 15:39:34.881725517 +0200
-@@ -4617,3 +4617,11 @@ FIPS_drbg_get_strength
+diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num
+--- openssl-1.1.1e/util/libcrypto.num.evp-kdf 2020-03-19 16:04:11.263064140 +0100
++++ openssl-1.1.1e/util/libcrypto.num 2020-03-19 16:04:32.392698415 +0100
+@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
@@ -5227,9 +5225,9 @@ diff -up openssl-1.1.1d/util/libcrypto.num.evp-kdf openssl-1.1.1d/util/libcrypto
+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
-diff -up openssl-1.1.1d/util/private.num.evp-kdf openssl-1.1.1d/util/private.num
---- openssl-1.1.1d/util/private.num.evp-kdf 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/util/private.num 2019-09-13 15:39:34.883725481 +0200
+diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num
+--- openssl-1.1.1e/util/private.num.evp-kdf 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/util/private.num 2020-03-19 16:04:32.393698398 +0100
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
CRYPTO_EX_free datatype
CRYPTO_EX_new datatype
diff --git a/openssl-1.1.1-fips-crng-test.patch b/openssl-1.1.1-fips-crng-test.patch
index 9be5c30..80daf84 100644
--- a/openssl-1.1.1-fips-crng-test.patch
+++ b/openssl-1.1.1-fips-crng-test.patch
@@ -1,33 +1,15 @@
-diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1d/crypto/include/internal/rand_int.h
---- openssl-1.1.1d/crypto/include/internal/rand_int.h.crng-test 2019-09-13 16:03:54.572238927 +0200
-+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2019-09-13 16:03:54.966232056 +0200
-@@ -48,6 +48,14 @@ size_t rand_drbg_get_additional_data(RAN
-
- void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
-
-+/* CRNG test entropy filter callbacks. */
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+ unsigned char **pout,
-+ int entropy, size_t min_len, size_t max_len,
-+ int prediction_resistance);
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+ unsigned char *out, size_t outlen);
-+
- /*
- * RAND_POOL functions
- */
-diff -up openssl-1.1.1d/crypto/rand/build.info.crng-test openssl-1.1.1d/crypto/rand/build.info
---- openssl-1.1.1d/crypto/rand/build.info.crng-test 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rand/build.info 2019-09-13 16:03:54.968232021 +0200
+diff -up openssl-1.1.1e/crypto/rand/build.info.crng-test openssl-1.1.1e/crypto/rand/build.info
+--- openssl-1.1.1e/crypto/rand/build.info.crng-test 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rand/build.info 2020-03-19 16:45:52.286627241 +0100
@@ -1,4 +1,4 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- randfile.c rand_lib.c rand_err.c rand_egd.c \
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
-diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1d/crypto/rand/drbg_lib.c
---- openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2019-09-13 16:03:54.969232004 +0200
+diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1e/crypto/rand/drbg_lib.c
+--- openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test 2020-03-19 16:45:52.246627936 +0100
++++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-19 16:45:52.286627241 +0100
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
@@ -51,9 +33,9 @@ diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1d/crypto/r
#ifndef RAND_DRBG_GET_RANDOM_NONCE
drbg->get_nonce = rand_drbg_get_nonce;
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
-diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/crypto/rand/rand_crng_test.c
---- openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test 2019-09-13 16:03:54.969232004 +0200
-+++ openssl-1.1.1d/crypto/rand/rand_crng_test.c 2019-09-13 16:15:20.834271063 +0200
+diff -up openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1e/crypto/rand/rand_crng_test.c
+--- openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test 2020-03-19 16:45:52.286627241 +0100
++++ openssl-1.1.1e/crypto/rand/rand_crng_test.c 2020-03-19 16:45:52.286627241 +0100
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
@@ -71,9 +53,9 @@ diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/cr
+
+#include <string.h>
+#include <openssl/evp.h>
-+#include "internal/rand_int.h"
++#include "crypto/rand.h"
+#include "internal/thread_once.h"
-+#include "rand_lcl.h"
++#include "rand_local.h"
+
+static RAND_POOL *crngt_pool;
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
@@ -173,9 +155,9 @@ diff -up openssl-1.1.1d/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1d/cr
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
-diff -up openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1d/crypto/rand/rand_lcl.h
---- openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test 2019-09-13 16:03:54.653237514 +0200
-+++ openssl-1.1.1d/crypto/rand/rand_lcl.h 2019-09-13 16:03:54.969232004 +0200
+diff -up openssl-1.1.1e/crypto/rand/rand_local.h.crng-test openssl-1.1.1e/crypto/rand/rand_local.h
+--- openssl-1.1.1e/crypto/rand/rand_local.h.crng-test 2020-03-19 16:45:51.930633424 +0100
++++ openssl-1.1.1e/crypto/rand/rand_local.h 2020-03-19 16:46:03.601430727 +0100
@@ -33,7 +33,15 @@
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
@@ -225,9 +207,27 @@ diff -up openssl-1.1.1d/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1d/crypto/r
+int rand_crngt_single_init(void);
+
#endif
-diff -up openssl-1.1.1d/test/drbgtest.c.crng-test openssl-1.1.1d/test/drbgtest.c
---- openssl-1.1.1d/test/drbgtest.c.crng-test 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/drbgtest.c 2019-09-13 16:03:54.969232004 +0200
+diff -up openssl-1.1.1e/include/crypto/rand.h.crng-test openssl-1.1.1e/include/crypto/rand.h
+--- openssl-1.1.1e/include/crypto/rand.h.crng-test 2020-03-19 16:45:52.250627866 +0100
++++ openssl-1.1.1e/include/crypto/rand.h 2020-03-19 16:45:52.285627258 +0100
+@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
+
+ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+
++/* CRNG test entropy filter callbacks. */
++size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
++ unsigned char **pout,
++ int entropy, size_t min_len, size_t max_len,
++ int prediction_resistance);
++void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
++ unsigned char *out, size_t outlen);
++
+ /*
+ * RAND_POOL functions
+ */
+diff -up openssl-1.1.1e/test/drbgtest.c.crng-test openssl-1.1.1e/test/drbgtest.c
+--- openssl-1.1.1e/test/drbgtest.c.crng-test 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/drbgtest.c 2020-03-19 16:46:03.604430675 +0100
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
return t->noncelen;
}
diff --git a/openssl-1.1.1-fips-drbg-selftest.patch b/openssl-1.1.1-fips-drbg-selftest.patch
new file mode 100644
index 0000000..262e7c3
--- /dev/null
+++ b/openssl-1.1.1-fips-drbg-selftest.patch
@@ -0,0 +1,585 @@
+diff -up openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1e/crypto/fips/fips_post.c
+--- openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest 2020-03-19 17:07:51.096676537 +0100
++++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-19 17:07:51.209674565 +0100
+@@ -67,12 +67,18 @@
+
+ # include <openssl/fips.h>
+ # include "crypto/fips.h"
++# include "crypto/rand.h"
+ # include "fips_locl.h"
+
+ /* Run all selftests */
+ int FIPS_selftest(void)
+ {
+ int rv = 1;
++ if (!rand_drbg_selftest()) {
++ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
++ ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
++ rv = 0;
++ }
+ if (!FIPS_selftest_drbg())
+ rv = 0;
+ if (!FIPS_selftest_sha1())
+diff -up openssl-1.1.1e/crypto/rand/build.info.drbg-selftest openssl-1.1.1e/crypto/rand/build.info
+--- openssl-1.1.1e/crypto/rand/build.info.drbg-selftest 2020-03-19 17:07:51.179675088 +0100
++++ openssl-1.1.1e/crypto/rand/build.info 2020-03-19 17:08:14.005276610 +0100
+@@ -1,4 +1,4 @@
+ LIBS=../../libcrypto
+ SOURCE[../../libcrypto]=\
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
+- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
++ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
+diff -up openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1e/crypto/rand/drbg_selftest.c
+--- openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest 2020-03-19 17:08:14.011276505 +0100
++++ openssl-1.1.1e/crypto/rand/drbg_selftest.c 2020-03-19 17:08:14.011276505 +0100
+@@ -0,0 +1,537 @@
++/*
++ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <string.h>
++#include <stddef.h>
++#include "internal/nelem.h"
++#include <openssl/crypto.h>
++#include <openssl/err.h>
++#include <openssl/rand_drbg.h>
++#include <openssl/obj_mac.h>
++#include "internal/thread_once.h"
++#include "crypto/rand.h"
++
++typedef struct test_ctx_st {
++ const unsigned char *entropy;
++ size_t entropylen;
++ int entropycnt;
++ const unsigned char *nonce;
++ size_t noncelen;
++ int noncecnt;
++} TEST_CTX;
++
++static int app_data_index = -1;
++static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
++DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
++{
++ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
++
++ return 1;
++}
++
++enum drbg_kat_type {
++ NO_RESEED,
++ PR_FALSE,
++ PR_TRUE
++};
++
++enum drbg_df {
++ USE_DF,
++ NO_DF,
++ NA
++};
++
++struct drbg_kat_no_reseed {
++ size_t count;
++ const unsigned char *entropyin;
++ const unsigned char *nonce;
++ const unsigned char *persstr;
++ const unsigned char *addin1;
++ const unsigned char *addin2;
++ const unsigned char *retbytes;
++};
++
++struct drbg_kat_pr_false {
++ size_t count;
++ const unsigned char *entropyin;
++ const unsigned char *nonce;
++ const unsigned char *persstr;
++ const unsigned char *entropyinreseed;
++ const unsigned char *addinreseed;
++ const unsigned char *addin1;
++ const unsigned char *addin2;
++ const unsigned char *retbytes;
++};
++
++struct drbg_kat_pr_true {
++ size_t count;
++ const unsigned char *entropyin;
++ const unsigned char *nonce;
++ const unsigned char *persstr;
++ const unsigned char *entropyinpr1;
++ const unsigned char *addin1;
++ const unsigned char *entropyinpr2;
++ const unsigned char *addin2;
++ const unsigned char *retbytes;
++};
++
++struct drbg_kat {
++ enum drbg_kat_type type;
++ enum drbg_df df;
++ int nid;
++
++ size_t entropyinlen;
++ size_t noncelen;
++ size_t persstrlen;
++ size_t addinlen;
++ size_t retbyteslen;
++
++ const void *t;
++};
++
++/*
++ * Excerpt from test/drbg_cavs_data.c
++ * DRBG test vectors from:
++ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
++ */
++
++static const unsigned char kat1308_entropyin[] = {
++ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
++ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
++ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
++ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
++};
++static const unsigned char kat1308_nonce[] = {0};
++static const unsigned char kat1308_persstr[] = {
++ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
++ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
++ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
++ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
++};
++static const unsigned char kat1308_addin0[] = {
++ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
++ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
++ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
++ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
++};
++static const unsigned char kat1308_addin1[] = {
++ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
++ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
++ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
++ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
++};
++static const unsigned char kat1308_retbits[] = {
++ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
++ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
++ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
++ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
++ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
++ 0x26, 0x32, 0xd0, 0xb8,
++};
++static const struct drbg_kat_no_reseed kat1308_t = {
++ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
++ kat1308_addin0, kat1308_addin1, kat1308_retbits
++};
++static const struct drbg_kat kat1308 = {
++ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
++};
++
++static const unsigned char kat1465_entropyin[] = {
++ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
++ 0x87, 0xbe, 0xaa, 0xc0,
++};
++static const unsigned char kat1465_nonce[] = {
++ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
++};
++static const unsigned char kat1465_persstr[] = {0};
++static const unsigned char kat1465_entropyinreseed[] = {
++ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
++ 0x1f, 0x4b, 0x7b, 0x51,
++};
++static const unsigned char kat1465_addinreseed[] = {
++ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
++ 0x61, 0x9f, 0x26, 0x5f,
++};
++static const unsigned char kat1465_addin0[] = {
++ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
++ 0x10, 0x5a, 0x73, 0x9c,
++};
++static const unsigned char kat1465_addin1[] = {
++ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
++ 0x47, 0x99, 0x1f, 0xeb,
++};
++static const unsigned char kat1465_retbits[] = {
++ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
++ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
++ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
++ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
++ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
++ 0x58, 0xdb, 0x27, 0xba,
++};
++static const struct drbg_kat_pr_false kat1465_t = {
++ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
++ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
++ kat1465_addin1, kat1465_retbits
++};
++static const struct drbg_kat kat1465 = {
++ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
++};
++
++static const unsigned char kat3146_entropyin[] = {
++ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
++ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
++};
++static const unsigned char kat3146_nonce[] = {
++ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
++ 0x50, 0x86, 0xca, 0xca,
++};
++static const unsigned char kat3146_persstr[] = {0};
++static const unsigned char kat3146_entropyinpr1[] = {
++ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
++ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
++};
++static const unsigned char kat3146_addinpr1[] = {
++ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
++ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
++ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
++};
++static const unsigned char kat3146_entropyinpr2[] = {
++ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
++ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
++};
++static const unsigned char kat3146_addinpr2[] = {
++ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
++ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
++ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
++};
++static const unsigned char kat3146_retbits[] = {
++ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
++ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
++ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
++ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
++ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
++ 0xd4, 0x30, 0x73, 0xbb,
++};
++static const struct drbg_kat_pr_true kat3146_t = {
++ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
++ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
++ kat3146_addinpr2, kat3146_retbits
++};
++static const struct drbg_kat kat3146 = {
++ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
++};
++
++static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
++
++static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
++
++static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
++ int entropy, size_t min_len, size_t max_len,
++ int prediction_resistance)
++{
++ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
++
++ t->entropycnt++;
++ *pout = (unsigned char *)t->entropy;
++ return t->entropylen;
++}
++
++static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
++ int entropy, size_t min_len, size_t max_len)
++{
++ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
++
++ t->noncecnt++;
++ *pout = (unsigned char *)t->nonce;
++ return t->noncelen;
++}
++
++/*
++ * Do a single NO_RESEED KAT:
++ *
++ * Instantiate
++ * Generate Random Bits (pr=false)
++ * Generate Random Bits (pr=false)
++ * Uninstantiate
++ *
++ * Return 0 on failure.
++ */
++static int single_kat_no_reseed(const struct drbg_kat *td)
++{
++ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
++ RAND_DRBG *drbg = NULL;
++ unsigned char *buff = NULL;
++ unsigned int flags = 0;
++ int failures = 0;
++ TEST_CTX t;
++
++ if (td->df != USE_DF)
++ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
++
++ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
++ return 0;
++
++ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
++ kat_nonce, NULL)) {
++ failures++;
++ goto err;
++ }
++ memset(&t, 0, sizeof(t));
++ t.entropy = data->entropyin;
++ t.entropylen = td->entropyinlen;
++ t.nonce = data->nonce;
++ t.noncelen = td->noncelen;
++ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
++
++ buff = OPENSSL_malloc(td->retbyteslen);
++ if (buff == NULL) {
++ failures++;
++ goto err;
++ }
++
++ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
++ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
++ data->addin1, td->addinlen)
++ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
++ data->addin2, td->addinlen)
++ || memcmp(data->retbytes, buff,
++ td->retbyteslen) != 0)
++ failures++;
++
++err:
++ OPENSSL_free(buff);
++ RAND_DRBG_uninstantiate(drbg);
++ RAND_DRBG_free(drbg);
++ return failures == 0;
++}
++
++/*-
++ * Do a single PR_FALSE KAT:
++ *
++ * Instantiate
++ * Reseed
++ * Generate Random Bits (pr=false)
++ * Generate Random Bits (pr=false)
++ * Uninstantiate
++ *
++ * Return 0 on failure.
++ */
++static int single_kat_pr_false(const struct drbg_kat *td)
++{
++ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
++ RAND_DRBG *drbg = NULL;
++ unsigned char *buff = NULL;
++ unsigned int flags = 0;
++ int failures = 0;
++ TEST_CTX t;
++
++ if (td->df != USE_DF)
++ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
++
++ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
++ return 0;
++
++ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
++ kat_nonce, NULL)) {
++ failures++;
++ goto err;
++ }
++ memset(&t, 0, sizeof(t));
++ t.entropy = data->entropyin;
++ t.entropylen = td->entropyinlen;
++ t.nonce = data->nonce;
++ t.noncelen = td->noncelen;
++ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
++
++ buff = OPENSSL_malloc(td->retbyteslen);
++ if (buff == NULL) {
++ failures++;
++ goto err;
++ }
++
++ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
++ failures++;
++
++ t.entropy = data->entropyinreseed;
++ t.entropylen = td->entropyinlen;
++
++ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
++ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
++ data->addin1, td->addinlen)
++ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
++ data->addin2, td->addinlen)
++ || memcmp(data->retbytes, buff,
++ td->retbyteslen) != 0)
++ failures++;
++
++err:
++ OPENSSL_free(buff);
++ RAND_DRBG_uninstantiate(drbg);
++ RAND_DRBG_free(drbg);
++ return failures == 0;
++}
++
++/*-
++ * Do a single PR_TRUE KAT:
++ *
++ * Instantiate
++ * Generate Random Bits (pr=true)
++ * Generate Random Bits (pr=true)
++ * Uninstantiate
++ *
++ * Return 0 on failure.
++ */
++static int single_kat_pr_true(const struct drbg_kat *td)
++{
++ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
++ RAND_DRBG *drbg = NULL;
++ unsigned char *buff = NULL;
++ unsigned int flags = 0;
++ int failures = 0;
++ TEST_CTX t;
++
++ if (td->df != USE_DF)
++ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
++
++ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
++ return 0;
++
++ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
++ kat_nonce, NULL)) {
++ failures++;
++ goto err;
++ }
++ memset(&t, 0, sizeof(t));
++ t.nonce = data->nonce;
++ t.noncelen = td->noncelen;
++ t.entropy = data->entropyin;
++ t.entropylen = td->entropyinlen;
++ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
++
++ buff = OPENSSL_malloc(td->retbyteslen);
++ if (buff == NULL) {
++ failures++;
++ goto err;
++ }
++
++ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
++ failures++;
++
++ t.entropy = data->entropyinpr1;
++ t.entropylen = td->entropyinlen;
++
++ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
++ data->addin1, td->addinlen))
++ failures++;
++
++ t.entropy = data->entropyinpr2;
++ t.entropylen = td->entropyinlen;
++
++ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
++ data->addin2, td->addinlen)
++ || memcmp(data->retbytes, buff,
++ td->retbyteslen) != 0)
++ failures++;
++
++err:
++ OPENSSL_free(buff);
++ RAND_DRBG_uninstantiate(drbg);
++ RAND_DRBG_free(drbg);
++ return failures == 0;
++}
++
++static int test_kats(int i)
++{
++ const struct drbg_kat *td = drbg_test[i];
++ int rv = 0;
++
++ switch (td->type) {
++ case NO_RESEED:
++ if (!single_kat_no_reseed(td))
++ goto err;
++ break;
++ case PR_FALSE:
++ if (!single_kat_pr_false(td))
++ goto err;
++ break;
++ case PR_TRUE:
++ if (!single_kat_pr_true(td))
++ goto err;
++ break;
++ default: /* cant happen */
++ goto err;
++ }
++ rv = 1;
++err:
++ return rv;
++}
++
++/*-
++ * Do one expected-error test:
++ *
++ * Instantiate with no entropy supplied
++ *
++ * Return 0 on failure.
++ */
++static int test_drbg_sanity(const struct drbg_kat *td)
++{
++ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
++ RAND_DRBG *drbg = NULL;
++ unsigned int flags = 0;
++ int failures = 0;
++ TEST_CTX t;
++
++ if (td->df != USE_DF)
++ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
++
++ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
++ return 0;
++
++ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
++ kat_nonce, NULL)) {
++ failures++;
++ goto err;
++ }
++ memset(&t, 0, sizeof(t));
++ t.entropy = data->entropyin;
++ t.entropylen = 0; /* No entropy */
++ t.nonce = data->nonce;
++ t.noncelen = td->noncelen;
++ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
++
++ ERR_set_mark();
++ /* This must fail. */
++ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
++ failures++;
++ RAND_DRBG_uninstantiate(drbg);
++ ERR_pop_to_mark();
++
++err:
++ RAND_DRBG_free(drbg);
++ return failures == 0;
++}
++
++
++int rand_drbg_selftest(void)
++{
++ int i;
++
++ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
++ return 0;
++
++ for (i = 0; i < drbg_test_nelem; i++) {
++ if (test_kats(i) <= 0)
++ return 0;
++ }
++
++ if (test_drbg_sanity(&kat1465) <= 0)
++ return 0;
++
++ return 1;
++}
+diff -up openssl-1.1.1e/include/crypto/rand.h.drbg-selftest openssl-1.1.1e/include/crypto/rand.h
+--- openssl-1.1.1e/include/crypto/rand.h.drbg-selftest 2020-03-19 17:07:51.182675036 +0100
++++ openssl-1.1.1e/include/crypto/rand.h 2020-03-19 17:08:14.004276627 +0100
+@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
+ */
+ void rand_pool_keep_random_devices_open(int keep);
+
++/*
++ * Perform the DRBG KAT selftests
++ */
++int rand_drbg_selftest(void);
++
+ #endif
diff --git a/openssl-1.1.1-fips-post-rand.patch b/openssl-1.1.1-fips-post-rand.patch
index 02d7df3..18a01fe 100644
--- a/openssl-1.1.1-fips-post-rand.patch
+++ b/openssl-1.1.1-fips-post-rand.patch
@@ -1,11 +1,11 @@
-diff -up openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand openssl-1.1.1d/crypto/fips/fips.c
---- openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand 2019-09-13 16:15:52.656716089 +0200
-+++ openssl-1.1.1d/crypto/fips/fips.c 2019-09-13 16:44:33.217852364 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
+--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
++++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
@@ -68,6 +68,7 @@
# include <openssl/fips.h>
# include "internal/thread_once.h"
-+# include "internal/rand_int.h"
++# include "crypto/rand.h"
# ifndef PATH_MAX
# define PATH_MAX 1024
@@ -51,32 +51,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand openssl-1.1.1d/crypto/
ret = 1;
goto end;
}
-diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/fips_int.h
---- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand 2019-09-13 16:15:52.666715914 +0200
-+++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2019-09-13 16:15:52.690715496 +0200
-@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
-
-+int fips_in_post(void);
-+
- int fips_pkey_signature_test(EVP_PKEY *pkey,
- const unsigned char *tbs, int tbslen,
- const unsigned char *kat,
-diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/rand_int.h
---- openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand 2019-09-13 16:15:52.307722175 +0200
-+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2019-09-13 16:41:47.133736023 +0200
-@@ -24,6 +24,7 @@
- typedef struct rand_pool_st RAND_POOL;
-
- void rand_cleanup_int(void);
-+void rand_force_reseed(void);
- void rand_drbg_cleanup_int(void);
- void drbg_delete_thread_state(void);
-
-diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1d/crypto/rand/drbg_lib.c
---- openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2019-09-13 16:44:04.808345620 +0200
+diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
+--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
}
@@ -98,14 +75,14 @@ diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1d/cry
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
-diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/crypto/rand/rand_unix.c
---- openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rand/rand_unix.c 2019-09-13 16:15:52.690715496 +0200
+diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
+--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
@@ -17,10 +17,12 @@
#include <openssl/crypto.h>
- #include "rand_lcl.h"
- #include "internal/rand_int.h"
-+#include "internal/fips_int.h"
+ #include "rand_local.h"
+ #include "crypto/rand.h"
++#include "crypto/fips.h"
#include <stdio.h>
#include "internal/dso.h"
#ifdef __linux
@@ -114,7 +91,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
# ifdef DEVRANDOM_WAIT
# include <sys/shm.h>
# include <sys/utsname.h>
-@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf,
+@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
*/
@@ -123,7 +100,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
{
/*
* Note: 'buflen' equals the size of the buffer which is used by the
-@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf,
+@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
* - Linux since 3.17 with glibc 2.25
* - FreeBSD since 12.0 (1200061)
*/
@@ -131,7 +108,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf,
+@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
if (p_getentropy.p != NULL)
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
# endif
@@ -145,7 +122,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
return sysctl_random(buf, buflen);
# else
-@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
size_t entropy_available;
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
@@ -155,7 +132,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
{
size_t bytes_needed;
unsigned char *buffer;
-@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
@@ -164,7 +141,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
if (bytes > 0) {
rand_pool_add_end(pool, bytes, 8 * bytes);
bytes_needed -= bytes;
-@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
int attempts = 3;
const int fd = get_random_device(i);
@@ -176,7 +153,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
return entropy_available;
}
# endif
@@ -187,3 +164,26 @@ diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/cr
return rand_pool_entropy_available(pool);
# endif
}
+diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
+--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
++++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
+@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
+ int FIPS_selftest_drbg(void);
+ int FIPS_selftest_cmac(void);
+
++int fips_in_post(void);
++
+ int fips_pkey_signature_test(EVP_PKEY *pkey,
+ const unsigned char *tbs, int tbslen,
+ const unsigned char *kat,
+diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
+--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
+@@ -24,6 +24,7 @@
+ typedef struct rand_pool_st RAND_POOL;
+
+ void rand_cleanup_int(void);
++void rand_force_reseed(void);
+ void rand_drbg_cleanup_int(void);
+ void drbg_delete_thread_state(void);
+
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index 4c43d17..c17f6e8 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.1.1d/apps/pkcs12.c.fips openssl-1.1.1d/apps/pkcs12.c
---- openssl-1.1.1d/apps/pkcs12.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/apps/pkcs12.c 2019-09-13 15:13:11.022525640 +0200
-@@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv)
+diff -up openssl-1.1.1e/apps/pkcs12.c.fips openssl-1.1.1e/apps/pkcs12.c
+--- openssl-1.1.1e/apps/pkcs12.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/apps/pkcs12.c 2020-03-17 17:30:52.020567497 +0100
+@@ -127,7 +127,7 @@ int pkcs12_main(int argc, char **argv)
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
# ifndef OPENSSL_NO_RC2
@@ -10,10 +10,10 @@ diff -up openssl-1.1.1d/apps/pkcs12.c.fips openssl-1.1.1d/apps/pkcs12.c
# else
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
# endif
-diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
---- openssl-1.1.1d/apps/speed.c.fips 2019-10-03 16:51:22.019915908 +0200
-+++ openssl-1.1.1d/apps/speed.c 2019-10-03 17:40:09.909994582 +0200
-@@ -1595,7 +1595,8 @@ int speed_main(int argc, char **argv)
+diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c
+--- openssl-1.1.1e/apps/speed.c.fips 2020-03-17 17:30:51.997567897 +0100
++++ openssl-1.1.1e/apps/speed.c 2020-03-17 17:30:52.021567479 +0100
+@@ -1593,7 +1593,8 @@ int speed_main(int argc, char **argv)
continue;
if (strcmp(*argv, "rsa") == 0) {
for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
@@ -23,7 +23,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
continue;
}
if (found(*argv, rsa_choices, &i)) {
-@@ -1605,7 +1606,9 @@ int speed_main(int argc, char **argv)
+@@ -1603,7 +1604,9 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_DSA
if (strcmp(*argv, "dsa") == 0) {
@@ -34,7 +34,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
dsa_doit[R_DSA_2048] = 1;
continue;
}
-@@ -1636,19 +1639,21 @@ int speed_main(int argc, char **argv)
+@@ -1634,19 +1637,21 @@ int speed_main(int argc, char **argv)
}
if (strcmp(*argv, "ecdh") == 0) {
for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
@@ -60,7 +60,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
eddsa_doit[i] = 2;
continue;
}
-@@ -1737,23 +1742,31 @@ int speed_main(int argc, char **argv)
+@@ -1735,23 +1740,31 @@ int speed_main(int argc, char **argv)
/* No parameters; turn on everything. */
if ((argc == 0) && !doit[D_EVP]) {
for (i = 0; i < ALGOR_NUM; i++)
@@ -98,7 +98,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
#endif
}
for (i = 0; i < ALGOR_NUM; i++)
-@@ -1801,30 +1814,46 @@ int speed_main(int argc, char **argv)
+@@ -1799,30 +1812,46 @@ int speed_main(int argc, char **argv)
AES_set_encrypt_key(key24, 192, &aes_ks2);
AES_set_encrypt_key(key32, 256, &aes_ks3);
#ifndef OPENSSL_NO_CAMELLIA
@@ -155,7 +155,7 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
#endif
#ifndef SIGALRM
# ifndef OPENSSL_NO_DES
-@@ -2122,6 +2151,7 @@ int speed_main(int argc, char **argv)
+@@ -2120,6 +2149,7 @@ int speed_main(int argc, char **argv)
for (i = 0; i < loopargs_len; i++) {
loopargs[i].hctx = HMAC_CTX_new();
@@ -163,10 +163,10 @@ diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c
if (loopargs[i].hctx == NULL) {
BIO_printf(bio_err, "HMAC malloc failure, exiting...");
exit(1);
-diff -up openssl-1.1.1d/Configure.fips openssl-1.1.1d/Configure
---- openssl-1.1.1d/Configure.fips 2019-09-13 15:13:11.017525727 +0200
-+++ openssl-1.1.1d/Configure 2019-09-13 15:13:11.023525622 +0200
-@@ -307,7 +307,7 @@ $config{sdirs} = [
+diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure
+--- openssl-1.1.1e/Configure.fips 2020-03-17 17:30:52.015567584 +0100
++++ openssl-1.1.1e/Configure 2020-03-17 17:30:52.022567462 +0100
+@@ -319,7 +319,7 @@ $config{sdirs} = [
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
"des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
@@ -175,9 +175,9 @@ diff -up openssl-1.1.1d/Configure.fips openssl-1.1.1d/Configure
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
];
-diff -up openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1d/crypto/cmac/cm_pmeth.c
---- openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/cmac/cm_pmeth.c 2019-09-13 15:13:11.023525622 +0200
+diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/cm_pmeth.c
+--- openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/cmac/cm_pmeth.c 2020-03-17 17:30:52.022567462 +0100
@@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
const EVP_PKEY_METHOD cmac_pkey_meth = {
@@ -187,9 +187,9 @@ diff -up openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1d/crypto/cmac/c
pkey_cmac_init,
pkey_cmac_copy,
pkey_cmac_cleanup,
-diff -up openssl-1.1.1d/crypto/dh/dh_err.c.fips openssl-1.1.1d/crypto/dh/dh_err.c
---- openssl-1.1.1d/crypto/dh/dh_err.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dh/dh_err.c 2019-09-13 15:13:11.023525622 +0200
+diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err.c
+--- openssl-1.1.1e/crypto/dh/dh_err.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dh/dh_err.c 2020-03-17 17:30:52.022567462 +0100
@@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
@@ -215,13 +215,13 @@ diff -up openssl-1.1.1d/crypto/dh/dh_err.c.fips openssl-1.1.1d/crypto/dh/dh_err.
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
-diff -up openssl-1.1.1d/crypto/dh/dh_gen.c.fips openssl-1.1.1d/crypto/dh/dh_gen.c
---- openssl-1.1.1d/crypto/dh/dh_gen.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dh/dh_gen.c 2019-09-13 15:13:11.023525622 +0200
+diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen.c
+--- openssl-1.1.1e/crypto/dh/dh_gen.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dh/dh_gen.c 2020-03-17 18:03:31.005320382 +0100
@@ -16,6 +16,9 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
- #include "dh_locl.h"
+ #include "dh_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
@@ -261,13 +261,13 @@ diff -up openssl-1.1.1d/crypto/dh/dh_gen.c.fips openssl-1.1.1d/crypto/dh/dh_gen.
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
-diff -up openssl-1.1.1d/crypto/dh/dh_key.c.fips openssl-1.1.1d/crypto/dh/dh_key.c
---- openssl-1.1.1d/crypto/dh/dh_key.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dh/dh_key.c 2019-09-13 15:13:11.024525605 +0200
+diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key.c
+--- openssl-1.1.1e/crypto/dh/dh_key.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dh/dh_key.c 2020-03-17 18:03:52.706940641 +0100
@@ -11,6 +11,9 @@
#include "internal/cryptlib.h"
- #include "dh_locl.h"
- #include "internal/bn_int.h"
+ #include "dh_local.h"
+ #include "crypto/bn.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
@@ -347,9 +347,9 @@ diff -up openssl-1.1.1d/crypto/dh/dh_key.c.fips openssl-1.1.1d/crypto/dh/dh_key.
dh->flags |= DH_FLAG_CACHE_MONT_P;
return 1;
}
-diff -up openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips openssl-1.1.1d/crypto/dh/dh_pmeth.c
---- openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dh/dh_pmeth.c 2019-09-13 15:13:11.024525605 +0200
+diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pmeth.c
+--- openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dh/dh_pmeth.c 2020-03-17 17:30:52.023567444 +0100
@@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
const EVP_PKEY_METHOD dh_pkey_meth = {
@@ -368,9 +368,9 @@ diff -up openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips openssl-1.1.1d/crypto/dh/dh_pm
pkey_dh_init,
pkey_dh_copy,
pkey_dh_cleanup,
-diff -up openssl-1.1.1d/crypto/dsa/dsa_err.c.fips openssl-1.1.1d/crypto/dsa/dsa_err.c
---- openssl-1.1.1d/crypto/dsa/dsa_err.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dsa/dsa_err.c 2019-09-13 15:14:33.737079876 +0200
+diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_err.c
+--- openssl-1.1.1e/crypto/dsa/dsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dsa/dsa_err.c 2020-03-17 17:30:52.023567444 +0100
@@ -16,12 +16,15 @@
static const ERR_STRING_DATA DSA_str_functs[] = {
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"},
@@ -402,13 +402,13 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_err.c.fips openssl-1.1.1d/crypto/dsa/dsa_
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
-diff -up openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips openssl-1.1.1d/crypto/dsa/dsa_gen.c
---- openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dsa/dsa_gen.c 2019-09-13 15:13:11.046525220 +0200
+diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_gen.c
+--- openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dsa/dsa_gen.c 2020-03-17 18:02:14.626656877 +0100
@@ -22,12 +22,22 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
- #include "dsa_locl.h"
+ #include "dsa_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
@@ -566,16 +566,16 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips openssl-1.1.1d/crypto/dsa/dsa_
+}
+
+#endif
-diff -up openssl-1.1.1d/crypto/dsa/dsa_key.c.fips openssl-1.1.1d/crypto/dsa/dsa_key.c
---- openssl-1.1.1d/crypto/dsa/dsa_key.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dsa/dsa_key.c 2019-09-13 15:13:11.046525220 +0200
+diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_key.c
+--- openssl-1.1.1e/crypto/dsa/dsa_key.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dsa/dsa_key.c 2020-03-17 18:02:51.103018604 +0100
@@ -13,10 +13,49 @@
#include <openssl/bn.h>
- #include "dsa_locl.h"
+ #include "dsa_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+
+static int fips_check_dsa(DSA *dsa)
+{
@@ -648,12 +648,12 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_key.c.fips openssl-1.1.1d/crypto/dsa/dsa_
ok = 1;
err:
-diff -up openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1d/crypto/dsa/dsa_ossl.c
---- openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dsa/dsa_ossl.c 2019-09-13 15:13:11.047525203 +0200
+diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa_ossl.c
+--- openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dsa/dsa_ossl.c 2020-03-19 17:11:22.037994064 +0100
@@ -14,6 +14,9 @@
#include <openssl/sha.h>
- #include "dsa_locl.h"
+ #include "dsa_local.h"
#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
@@ -710,10 +710,10 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1d/crypto/dsa/dsa
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
return 1;
}
-diff -up openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1d/crypto/dsa/dsa_pmeth.c
---- openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/dsa/dsa_pmeth.c 2019-09-13 15:13:11.047525203 +0200
-@@ -215,8 +215,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
+diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/dsa_pmeth.c
+--- openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/dsa/dsa_pmeth.c 2020-03-17 17:30:52.025567409 +0100
+@@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
BN_GENCB_free(pcb);
return 0;
}
@@ -724,7 +724,7 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1d/crypto/dsa/ds
BN_GENCB_free(pcb);
if (ret)
EVP_PKEY_assign_DSA(pkey, dsa);
-@@ -245,7 +245,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
+@@ -241,7 +241,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
const EVP_PKEY_METHOD dsa_pkey_meth = {
EVP_PKEY_DSA,
@@ -733,12 +733,12 @@ diff -up openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1d/crypto/dsa/ds
pkey_dsa_init,
pkey_dsa_copy,
pkey_dsa_cleanup,
-diff -up openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdh_ossl.c
---- openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/ec/ecdh_ossl.c 2019-09-13 15:13:11.047525203 +0200
+diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh_ossl.c
+--- openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips 2020-03-17 17:30:52.025567409 +0100
++++ openssl-1.1.1e/crypto/ec/ecdh_ossl.c 2020-03-17 18:01:24.704530440 +0100
@@ -19,9 +19,20 @@
#include <openssl/ec.h>
- #include "ec_lcl.h"
+ #include "ec_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
@@ -757,12 +757,12 @@ diff -up openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdh
if (ecdh->group->meth->ecdh_compute_key == NULL) {
ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
return 0;
-diff -up openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
---- openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c 2019-09-13 15:13:11.047525203 +0200
+diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdsa_ossl.c
+--- openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-17 18:01:41.642234061 +0100
@@ -14,6 +14,10 @@
- #include "internal/bn_int.h"
- #include "ec_lcl.h"
+ #include "crypto/bn.h"
+ #include "ec_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
@@ -799,9 +799,9 @@ diff -up openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1d/crypto/ec/ecd
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
-diff -up openssl-1.1.1d/crypto/ec/ec_key.c.fips openssl-1.1.1d/crypto/ec/ec_key.c
---- openssl-1.1.1d/crypto/ec/ec_key.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/ec/ec_key.c 2019-09-13 15:13:11.048525186 +0200
+diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key.c
+--- openssl-1.1.1e/crypto/ec/ec_key.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/ec/ec_key.c 2020-03-17 17:30:52.026567392 +0100
@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY
return eckey->engine;
}
@@ -809,7 +809,7 @@ diff -up openssl-1.1.1d/crypto/ec/ec_key.c.fips openssl-1.1.1d/crypto/ec/ec_key.
+#ifdef OPENSSL_FIPS
+
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+
+static int fips_check_ec(EC_KEY *key)
+{
@@ -867,9 +867,9 @@ diff -up openssl-1.1.1d/crypto/ec/ec_key.c.fips openssl-1.1.1d/crypto/ec/ec_key.
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
return 0;
}
-diff -up openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips openssl-1.1.1d/crypto/ec/ec_pmeth.c
---- openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/ec/ec_pmeth.c 2019-09-13 15:13:11.048525186 +0200
+diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pmeth.c
+--- openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/ec/ec_pmeth.c 2020-03-17 17:30:52.026567392 +0100
@@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
const EVP_PKEY_METHOD ec_pkey_meth = {
@@ -879,9 +879,9 @@ diff -up openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips openssl-1.1.1d/crypto/ec/ec_pm
pkey_ec_init,
pkey_ec_copy,
pkey_ec_cleanup,
-diff -up openssl-1.1.1d/crypto/evp/c_allc.c.fips openssl-1.1.1d/crypto/evp/c_allc.c
---- openssl-1.1.1d/crypto/evp/c_allc.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/c_allc.c 2019-09-13 15:13:11.048525186 +0200
+diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c
+--- openssl-1.1.1e/crypto/evp/c_allc.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/c_allc.c 2020-03-17 17:30:52.027567375 +0100
@@ -17,6 +17,9 @@
void openssl_add_all_ciphers_int(void)
{
@@ -963,9 +963,9 @@ diff -up openssl-1.1.1d/crypto/evp/c_allc.c.fips openssl-1.1.1d/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.1d/crypto/evp/c_alld.c.fips openssl-1.1.1d/crypto/evp/c_alld.c
---- openssl-1.1.1d/crypto/evp/c_alld.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/c_alld.c 2019-09-13 15:13:11.048525186 +0200
+diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c
+--- openssl-1.1.1e/crypto/evp/c_alld.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/c_alld.c 2020-03-17 17:30:52.027567375 +0100
@@ -16,6 +16,9 @@
void openssl_add_all_digests_int(void)
@@ -1001,13 +1001,13 @@ diff -up openssl-1.1.1d/crypto/evp/c_alld.c.fips openssl-1.1.1d/crypto/evp/c_all
+ }
+#endif
}
-diff -up openssl-1.1.1d/crypto/evp/digest.c.fips openssl-1.1.1d/crypto/evp/digest.c
---- openssl-1.1.1d/crypto/evp/digest.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/digest.c 2019-09-13 15:13:11.049525168 +0200
+diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c
+--- openssl-1.1.1e/crypto/evp/digest.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/digest.c 2020-03-17 17:38:57.528093469 +0100
@@ -14,6 +14,9 @@
#include <openssl/engine.h>
- #include "internal/evp_int.h"
- #include "evp_locl.h"
+ #include "crypto/evp.h"
+ #include "evp_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
@@ -1064,9 +1064,9 @@ diff -up openssl-1.1.1d/crypto/evp/digest.c.fips openssl-1.1.1d/crypto/evp/diges
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
if (size != NULL)
-diff -up openssl-1.1.1d/crypto/evp/e_aes.c.fips openssl-1.1.1d/crypto/evp/e_aes.c
---- openssl-1.1.1d/crypto/evp/e_aes.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/e_aes.c 2019-09-13 17:19:00.558994569 +0200
+diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes.c
+--- openssl-1.1.1e/crypto/evp/e_aes.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/e_aes.c 2020-03-17 17:30:52.028567357 +0100
@@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER
* This addresses Rogaway's vulnerability.
* See comment in aes_xts_init_key() below.
@@ -1189,9 +1189,9 @@ diff -up openssl-1.1.1d/crypto/evp/e_aes.c.fips openssl-1.1.1d/crypto/evp/e_aes.
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
-diff -up openssl-1.1.1d/crypto/evp/e_des3.c.fips openssl-1.1.1d/crypto/evp/e_des3.c
---- openssl-1.1.1d/crypto/evp/e_des3.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/e_des3.c 2019-09-13 15:13:11.050525151 +0200
+diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des3.c
+--- openssl-1.1.1e/crypto/evp/e_des3.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/e_des3.c 2020-03-17 17:30:52.029567340 +0100
@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
# define des_ede3_cbc_cipher des_ede_cbc_cipher
# define des_ede3_ecb_cipher des_ede_ecb_cipher
@@ -1218,9 +1218,9 @@ diff -up openssl-1.1.1d/crypto/evp/e_des3.c.fips openssl-1.1.1d/crypto/evp/e_des
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
-diff -up openssl-1.1.1d/crypto/evp/e_null.c.fips openssl-1.1.1d/crypto/evp/e_null.c
---- openssl-1.1.1d/crypto/evp/e_null.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/e_null.c 2019-09-13 15:13:11.051525133 +0200
+diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_null.c
+--- openssl-1.1.1e/crypto/evp/e_null.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/e_null.c 2020-03-17 17:30:52.029567340 +0100
@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
const unsigned char *in, size_t inl);
static const EVP_CIPHER n_cipher = {
@@ -1231,30 +1231,28 @@ diff -up openssl-1.1.1d/crypto/evp/e_null.c.fips openssl-1.1.1d/crypto/evp/e_nul
null_init_key,
null_cipher,
NULL,
-diff -up openssl-1.1.1d/crypto/evp/evp_enc.c.fips openssl-1.1.1d/crypto/evp/evp_enc.c
---- openssl-1.1.1d/crypto/evp/evp_enc.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/evp_enc.c 2019-09-13 15:13:11.051525133 +0200
-@@ -17,10 +17,19 @@
+diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_enc.c
+--- openssl-1.1.1e/crypto/evp/evp_enc.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/evp_enc.c 2020-03-17 17:39:52.663129373 +0100
+@@ -17,9 +17,18 @@
#include <openssl/engine.h>
- #include "internal/evp_int.h"
- #include "evp_locl.h"
+ #include "crypto/evp.h"
+ #include "evp_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
{
-- if (c == NULL)
+#ifdef OPENSSL_FIPS
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_EVP_CIPHER_CTX_RESET, FIPS_R_FIPS_SELFTEST_FAILED);
+ return 0;
+ }
+#endif
-+ if (c == NULL)
+ if (c == NULL)
return 1;
if (c->cipher != NULL) {
- if (c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
@@ -1309,9 +1307,9 @@ diff -up openssl-1.1.1d/crypto/evp/evp_enc.c.fips openssl-1.1.1d/crypto/evp/evp_
if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if (!ctx->cipher->init(ctx, key, iv, enc))
-diff -up openssl-1.1.1d/crypto/evp/evp_err.c.fips openssl-1.1.1d/crypto/evp/evp_err.c
---- openssl-1.1.1d/crypto/evp/evp_err.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-13 15:25:47.290298192 +0200
+diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_err.c
+--- openssl-1.1.1e/crypto/evp/evp_err.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-17 17:30:52.030567322 +0100
@@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun
{ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0),
"aes_t4_xts_init_key"},
@@ -1328,7 +1326,7 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.fips openssl-1.1.1d/crypto/evp/evp_
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
"error loading section"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
-@@ -248,6 +250,7 @@ static const ERR_STRING_DATA EVP_str_rea
+@@ -249,6 +251,7 @@ static const ERR_STRING_DATA EVP_str_rea
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
"private key encode error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -1336,7 +1334,7 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.fips openssl-1.1.1d/crypto/evp/evp_
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
-@@ -273,6 +276,8 @@ static const ERR_STRING_DATA EVP_str_rea
+@@ -274,6 +277,8 @@ static const ERR_STRING_DATA EVP_str_rea
"wrap mode not allowed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
"wrong final block length"},
@@ -1345,9 +1343,9 @@ diff -up openssl-1.1.1d/crypto/evp/evp_err.c.fips openssl-1.1.1d/crypto/evp/evp_
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
"xts duplicated keys"},
{0, NULL}
-diff -up openssl-1.1.1d/crypto/evp/evp_lib.c.fips openssl-1.1.1d/crypto/evp/evp_lib.c
---- openssl-1.1.1d/crypto/evp/evp_lib.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/evp_lib.c 2019-09-13 15:13:11.051525133 +0200
+diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_lib.c
+--- openssl-1.1.1e/crypto/evp/evp_lib.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/evp_lib.c 2020-03-17 17:30:52.030567322 +0100
@@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
@@ -1358,9 +1356,9 @@ diff -up openssl-1.1.1d/crypto/evp/evp_lib.c.fips openssl-1.1.1d/crypto/evp/evp_
return ctx->cipher->do_cipher(ctx, out, in, inl);
}
-diff -up openssl-1.1.1d/crypto/evp/m_sha1.c.fips openssl-1.1.1d/crypto/evp/m_sha1.c
---- openssl-1.1.1d/crypto/evp/m_sha1.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/m_sha1.c 2019-09-13 15:13:11.052525116 +0200
+diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha1.c
+--- openssl-1.1.1e/crypto/evp/m_sha1.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/m_sha1.c 2020-03-17 17:30:52.030567322 +0100
@@ -95,7 +95,7 @@ static const EVP_MD sha1_md = {
NID_sha1,
NID_sha1WithRSAEncryption,
@@ -1424,9 +1422,9 @@ diff -up openssl-1.1.1d/crypto/evp/m_sha1.c.fips openssl-1.1.1d/crypto/evp/m_sha
init512,
update512,
final512,
-diff -up openssl-1.1.1d/crypto/evp/m_sha3.c.fips openssl-1.1.1d/crypto/evp/m_sha3.c
---- openssl-1.1.1d/crypto/evp/m_sha3.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/m_sha3.c 2019-09-13 15:13:11.052525116 +0200
+diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha3.c
+--- openssl-1.1.1e/crypto/evp/m_sha3.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/m_sha3.c 2020-03-17 17:30:52.031567305 +0100
@@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void)
NID_sha3_##bitlen, \
NID_RSA_SHA3_##bitlen, \
@@ -1481,9 +1479,9 @@ diff -up openssl-1.1.1d/crypto/evp/m_sha3.c.fips openssl-1.1.1d/crypto/evp/m_sha
shake_init, \
sha3_update, \
sha3_final, \
-diff -up openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips openssl-1.1.1d/crypto/evp/pmeth_lib.c
---- openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/evp/pmeth_lib.c 2019-09-13 15:13:11.052525116 +0200
+diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pmeth_lib.c
+--- openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/evp/pmeth_lib.c 2020-03-17 17:30:52.031567305 +0100
@@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE
pmeth = ENGINE_get_pkey_meth(e, id);
else
@@ -1500,9 +1498,9 @@ diff -up openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips openssl-1.1.1d/crypto/evp/pm
if (pmeth == NULL) {
#ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.1.1d/crypto/fips/build.info.fips openssl-1.1.1d/crypto/fips/build.info
---- openssl-1.1.1d/crypto/fips/build.info.fips 2019-09-13 15:13:11.052525116 +0200
-+++ openssl-1.1.1d/crypto/fips/build.info 2019-09-13 15:13:11.052525116 +0200
+diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/build.info
+--- openssl-1.1.1e/crypto/fips/build.info.fips 2020-03-17 17:30:52.032567287 +0100
++++ openssl-1.1.1e/crypto/fips/build.info 2020-03-17 17:30:52.032567287 +0100
@@ -0,0 +1,15 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
@@ -1519,9 +1517,9 @@ diff -up openssl-1.1.1d/crypto/fips/build.info.fips openssl-1.1.1d/crypto/fips/b
+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
+INCLUDE[fips_standalone_hmac]=../../include
+DEPEND[fips_standalone_hmac]=../../libcrypto
-diff -up openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_aes_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_aes_selftest.c 2019-09-13 15:13:11.053525098 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_aes_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips 2020-03-17 17:30:52.033567270 +0100
++++ openssl-1.1.1e/crypto/fips/fips_aes_selftest.c 2020-03-17 17:30:52.033567270 +0100
@@ -0,0 +1,372 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -1576,7 +1574,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1d/cryp
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+#endif
+
+#ifdef OPENSSL_FIPS
@@ -1895,9 +1893,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1d/cryp
+}
+
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips.c.fips openssl-1.1.1d/crypto/fips/fips.c
---- openssl-1.1.1d/crypto/fips/fips.c.fips 2019-09-13 15:13:11.053525098 +0200
-+++ openssl-1.1.1d/crypto/fips/fips.c 2019-09-13 15:13:11.053525098 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips.c
+--- openssl-1.1.1e/crypto/fips/fips.c.fips 2020-03-17 17:30:52.033567270 +0100
++++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 17:30:52.033567270 +0100
@@ -0,0 +1,526 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2425,9 +2423,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips.c.fips openssl-1.1.1d/crypto/fips/fips.
+}
+
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c 2019-09-13 15:13:11.053525098 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100
++++ openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c 2020-03-17 17:30:52.033567270 +0100
@@ -0,0 +1,156 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2481,7 +2479,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1d/cry
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
+#include <openssl/cmac.h>
+#include "fips_locl.h"
+
@@ -2585,9 +2583,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1d/cry
+ return rv;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_des_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_des_selftest.c 2019-09-13 15:13:11.053525098 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_des_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100
++++ openssl-1.1.1e/crypto/fips/fips_des_selftest.c 2020-03-17 17:30:52.034567253 +0100
@@ -0,0 +1,133 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -2642,7 +2640,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1d/cryp
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+#endif
+#include <openssl/opensslconf.h>
+
@@ -2722,9 +2720,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1d/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_dh_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips 2019-09-13 15:13:11.055525063 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_dh_selftest.c 2019-09-13 15:13:11.055525063 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dh_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips 2020-03-17 17:30:52.038567183 +0100
++++ openssl-1.1.1e/crypto/fips/fips_dh_selftest.c 2020-03-17 17:30:52.038567183 +0100
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -2906,9 +2904,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1d/crypt
+ return ret;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c
---- openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips 2019-09-13 15:13:11.055525063 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c 2019-09-13 15:13:11.055525063 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips 2020-03-17 17:30:52.040567148 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c 2020-03-17 17:30:52.039567165 +0100
@@ -0,0 +1,406 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3316,9 +3314,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1d/crypto/f
+
+ return 1;
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_hash.c
---- openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips 2019-09-13 15:13:11.056525046 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_hash.c 2019-09-13 15:13:11.056525046 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hash.c
+--- openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips 2020-03-17 17:30:52.041567130 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_hash.c 2020-03-17 17:30:52.040567148 +0100
@@ -0,0 +1,354 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3379,7 +3377,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1d/crypto/
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
+#include <openssl/fips_rand.h>
+#include "fips_rand_lcl.h"
+
@@ -3674,9 +3672,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1d/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c
---- openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips 2019-09-13 15:13:11.056525046 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c 2019-09-13 15:13:11.056525046 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips 2020-03-17 17:30:52.042567113 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c 2020-03-17 17:30:52.042567113 +0100
@@ -0,0 +1,262 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -3940,9 +3938,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1d/crypto/
+
+ return 1;
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips 2019-09-13 15:13:11.056525046 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_lib.c 2019-09-13 15:13:11.056525046 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_lib.c
+--- openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips 2020-03-17 17:30:52.043567095 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_lib.c 2020-03-17 17:30:52.043567095 +0100
@@ -0,0 +1,528 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
@@ -4000,7 +3998,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1d/crypto/f
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
+#include <openssl/fips_rand.h>
+#include "fips_locl.h"
+#include "fips_rand_lcl.h"
@@ -4472,9 +4470,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1d/crypto/f
+{
+ /* Just backwards compatibility API call with no effect. */
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips 2019-09-13 15:13:11.056525046 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_rand.c 2019-09-13 15:13:11.056525046 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_rand.c
+--- openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips 2020-03-17 17:30:52.044567078 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_rand.c 2020-03-17 17:30:52.044567078 +0100
@@ -0,0 +1,185 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4661,9 +4659,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1d/crypto/
+{
+ return &rand_drbg_meth;
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips 2019-09-13 15:13:11.057525028 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c 2019-09-13 15:13:11.057525028 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips 2020-03-17 17:30:52.044567078 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-17 17:30:52.044567078 +0100
@@ -0,0 +1,828 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5493,9 +5491,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1d/cry
+ FIPS_drbg_free(dctx);
+ return rv;
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h
---- openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips 2019-09-13 15:13:11.057525028 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h 2019-09-13 15:13:11.057525028 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips 2020-03-17 17:30:52.045567061 +0100
++++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h 2020-03-17 17:30:52.045567061 +0100
@@ -0,0 +1,1791 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7288,9 +7286,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1d/cry
+ 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
+ 0xc2, 0xd6, 0xfd, 0xa5
+};
-diff -up openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips 2019-09-13 15:13:11.057525028 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c 2019-09-13 15:13:11.057525028 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100
++++ openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c 2020-03-17 17:30:52.046567043 +0100
@@ -0,0 +1,195 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -7345,7 +7343,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1d/cryp
+#include <openssl/crypto.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
@@ -7487,9 +7485,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1d/cryp
+ return ret;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips 2019-09-13 15:13:11.058525011 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c 2019-09-13 15:13:11.058525011 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100
++++ openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c 2020-03-17 17:30:52.046567043 +0100
@@ -0,0 +1,242 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7644,24 +7642,24 @@ diff -up openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1d/cry
+ d = BN_bin2bn(ecd->d1, ecd->d1len, d);
+
+ if (!x || !y || !d || !ztmp) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
+ ec1 = EC_KEY_new_by_curve_name(ecd->curve);
+ if (!ec1) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
+
+ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
+ if (!EC_KEY_set_private_key(ec1, d)) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
@@ -7669,30 +7667,30 @@ diff -up openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1d/cry
+ y = BN_bin2bn(ecd->y2, ecd->y2len, y);
+
+ if (!x || !y) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
+ ec2 = EC_KEY_new_by_curve_name(ecd->curve);
+ if (!ec2) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
+
+ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
+ ecp = EC_KEY_get0_public_key(ec2);
+ if (!ecp) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
+ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) {
-+ rv = -1;
++ rv = 0;
+ goto err;
+ }
+
@@ -7733,9 +7731,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1d/cry
+}
+
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips 2019-09-13 15:13:11.058525011 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c 2019-09-13 15:13:11.058525011 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100
++++ openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c 2020-03-17 17:30:52.046567043 +0100
@@ -0,0 +1,166 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -7798,7 +7796,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1d/cr
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
@@ -7903,9 +7901,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1d/cr
+}
+
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_err.h.fips openssl-1.1.1d/crypto/fips/fips_err.h
---- openssl-1.1.1d/crypto/fips/fips_err.h.fips 2019-09-13 15:13:11.058525011 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_err.h 2019-09-13 15:13:11.058525011 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/fips_err.h
+--- openssl-1.1.1e/crypto/fips/fips_err.h.fips 2020-03-17 17:30:52.047567026 +0100
++++ openssl-1.1.1e/crypto/fips/fips_err.h 2020-03-17 17:30:52.047567026 +0100
@@ -0,0 +1,197 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -8104,9 +8102,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_err.h.fips openssl-1.1.1d/crypto/fips/f
+#endif
+ return 1;
+}
-diff -up openssl-1.1.1d/crypto/fips/fips_ers.c.fips openssl-1.1.1d/crypto/fips/fips_ers.c
---- openssl-1.1.1d/crypto/fips/fips_ers.c.fips 2019-09-13 15:13:11.058525011 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_ers.c 2019-09-13 15:13:11.058525011 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/fips_ers.c
+--- openssl-1.1.1e/crypto/fips/fips_ers.c.fips 2020-03-17 17:30:52.047567026 +0100
++++ openssl-1.1.1e/crypto/fips/fips_ers.c 2020-03-17 17:30:52.047567026 +0100
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -8115,9 +8113,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_ers.c.fips openssl-1.1.1d/crypto/fips/f
+#else
+static void *dummy = &dummy;
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips 2019-09-13 15:13:11.059524993 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c 2019-09-13 15:13:11.059524993 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips 2020-03-17 17:30:52.047567026 +0100
++++ openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c 2020-03-17 17:30:52.047567026 +0100
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -8253,9 +8251,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1d/cry
+ return 1;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_locl.h.fips openssl-1.1.1d/crypto/fips/fips_locl.h
---- openssl-1.1.1d/crypto/fips/fips_locl.h.fips 2019-09-13 15:13:11.059524993 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_locl.h 2019-09-13 15:13:11.059524993 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/fips_locl.h
+--- openssl-1.1.1e/crypto/fips/fips_locl.h.fips 2020-03-17 17:30:52.048567008 +0100
++++ openssl-1.1.1e/crypto/fips/fips_locl.h 2020-03-17 17:30:52.048567008 +0100
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8328,9 +8326,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_locl.h.fips openssl-1.1.1d/crypto/fips/
+}
+# endif
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_post.c.fips openssl-1.1.1d/crypto/fips/fips_post.c
---- openssl-1.1.1d/crypto/fips/fips_post.c.fips 2019-09-13 15:13:11.059524993 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_post.c 2019-09-13 15:13:11.059524993 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/fips_post.c
+--- openssl-1.1.1e/crypto/fips/fips_post.c.fips 2020-03-17 17:30:52.048567008 +0100
++++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-17 17:30:52.048567008 +0100
@@ -0,0 +1,224 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8400,7 +8398,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_post.c.fips openssl-1.1.1d/crypto/fips/
+/* Power on self test (POST) support functions */
+
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+# include "fips_locl.h"
+
+/* Run all selftests */
@@ -8556,9 +8554,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_post.c.fips openssl-1.1.1d/crypto/fips/
+ return 1;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1d/crypto/fips/fips_rand_lcl.h
---- openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips 2019-09-13 15:13:11.060524976 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_rand_lcl.h 2019-09-13 15:13:11.060524976 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/fips/fips_rand_lcl.h
+--- openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips 2020-03-17 17:30:52.048567008 +0100
++++ openssl-1.1.1e/crypto/fips/fips_rand_lcl.h 2020-03-17 17:30:52.048567008 +0100
@@ -0,0 +1,203 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -8763,9 +8761,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1d/crypto/f
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
-diff -up openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1d/crypto/fips/fips_rand_lib.c
---- openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips 2019-09-13 15:13:11.060524976 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_rand_lib.c 2019-09-13 15:13:11.060524976 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/fips/fips_rand_lib.c
+--- openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips 2020-03-17 17:30:52.049566991 +0100
++++ openssl-1.1.1e/crypto/fips/fips_rand_lib.c 2020-03-17 17:30:52.049566991 +0100
@@ -0,0 +1,234 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -8827,7 +8825,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1d/crypto/f
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
+#include <openssl/fips_rand.h>
+#include "e_os.h"
+
@@ -9001,9 +8999,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1d/crypto/f
+# endif
+}
+
-diff -up openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips 2019-09-13 15:13:11.060524976 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c 2019-09-13 15:13:11.060524976 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips 2020-03-17 17:30:52.049566991 +0100
++++ openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c 2020-03-17 17:30:52.049566991 +0100
@@ -0,0 +1,338 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
@@ -9058,7 +9056,7 @@ diff -up openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1d/cryp
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+#endif
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
@@ -9343,9 +9341,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1d/cryp
+}
+
+#endif /* def OPENSSL_FIPS */
-diff -up openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_sha_selftest.c
---- openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips 2019-09-13 15:13:11.060524976 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_sha_selftest.c 2019-09-13 15:13:11.060524976 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_sha_selftest.c
+--- openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips 2020-03-17 17:30:52.050566973 +0100
++++ openssl-1.1.1e/crypto/fips/fips_sha_selftest.c 2020-03-17 17:30:52.050566973 +0100
@@ -0,0 +1,223 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9570,9 +9568,9 @@ diff -up openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1d/cryp
+}
+
+#endif
-diff -up openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c
---- openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips 2019-09-13 15:13:11.061524958 +0200
-+++ openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c 2019-09-13 15:13:11.061524958 +0200
+diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips 2020-03-17 17:30:52.050566973 +0100
++++ openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c 2020-03-17 17:30:52.050566973 +0100
@@ -0,0 +1,127 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9701,10 +9699,10 @@ diff -up openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1d/c
+#endif
+ return 0;
+}
-diff -up openssl-1.1.1d/crypto/hmac/hmac.c.fips openssl-1.1.1d/crypto/hmac/hmac.c
---- openssl-1.1.1d/crypto/hmac/hmac.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/hmac/hmac.c 2019-09-13 15:13:11.061524958 +0200
-@@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
+diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac.c
+--- openssl-1.1.1e/crypto/hmac/hmac.c.fips 2020-03-17 17:30:52.050566973 +0100
++++ openssl-1.1.1e/crypto/hmac/hmac.c 2020-03-17 17:38:16.969802663 +0100
+@@ -44,6 +44,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
return 0;
if (key != NULL) {
@@ -9716,11 +9714,11 @@ diff -up openssl-1.1.1d/crypto/hmac/hmac.c.fips openssl-1.1.1d/crypto/hmac/hmac.
+ goto err;
+#endif
reset = 1;
+
j = EVP_MD_block_size(md);
- if (!ossl_assert(j <= (int)sizeof(ctx->key)))
-diff -up openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1d/crypto/hmac/hm_pmeth.c
---- openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/hmac/hm_pmeth.c 2019-09-13 15:13:11.061524958 +0200
+diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/hm_pmeth.c
+--- openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/hmac/hm_pmeth.c 2020-03-17 17:30:52.051566956 +0100
@@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
const EVP_PKEY_METHOD hmac_pkey_meth = {
@@ -9730,9 +9728,9 @@ diff -up openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1d/crypto/hmac/h
pkey_hmac_init,
pkey_hmac_copy,
pkey_hmac_cleanup,
-diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips openssl-1.1.1d/crypto/include/internal/fips_int.h
---- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips 2019-09-13 15:13:11.061524958 +0200
-+++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2019-09-13 15:13:11.061524958 +0200
+diff -up openssl-1.1.1e/include/crypto/fips.h.fips openssl-1.1.1e/include/crypto/fips.h
+--- openssl-1.1.1e/include/crypto/fips.h.fips 2020-03-17 17:30:52.051566956 +0100
++++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 17:30:52.051566956 +0100
@@ -0,0 +1,98 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9832,14 +9830,14 @@ diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips openssl-1.1.1d/c
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+#endif
-diff -up openssl-1.1.1d/crypto/o_fips.c.fips openssl-1.1.1d/crypto/o_fips.c
---- openssl-1.1.1d/crypto/o_fips.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/o_fips.c 2019-09-13 15:13:11.061524958 +0200
+diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c
+--- openssl-1.1.1e/crypto/o_fips.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/o_fips.c 2020-03-17 17:30:52.052566939 +0100
@@ -8,17 +8,28 @@
*/
#include "internal/cryptlib.h"
-+#include "internal/fips_int.h"
++#include "crypto/fips.h"
int FIPS_mode(void)
{
@@ -9864,9 +9862,9 @@ diff -up openssl-1.1.1d/crypto/o_fips.c.fips openssl-1.1.1d/crypto/o_fips.c
return 0;
+#endif
}
-diff -up openssl-1.1.1d/crypto/o_init.c.fips openssl-1.1.1d/crypto/o_init.c
---- openssl-1.1.1d/crypto/o_init.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/o_init.c 2019-09-13 15:13:11.062524941 +0200
+diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c
+--- openssl-1.1.1e/crypto/o_init.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/o_init.c 2020-03-17 17:30:52.052566939 +0100
@@ -7,8 +7,68 @@
* https://www.openssl.org/source/license.html
*/
@@ -9884,7 +9882,7 @@ diff -up openssl-1.1.1d/crypto/o_init.c.fips openssl-1.1.1d/crypto/o_init.c
+# include <stdlib.h>
+# include <openssl/rand.h>
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
@@ -9936,12 +9934,12 @@ diff -up openssl-1.1.1d/crypto/o_init.c.fips openssl-1.1.1d/crypto/o_init.c
/*
* Perform any essential OpenSSL initialization operations. Currently does
-diff -up openssl-1.1.1d/crypto/rand/rand_lib.c.fips openssl-1.1.1d/crypto/rand/rand_lib.c
---- openssl-1.1.1d/crypto/rand/rand_lib.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rand/rand_lib.c 2019-09-13 15:13:11.062524941 +0200
+diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/rand_lib.c
+--- openssl-1.1.1e/crypto/rand/rand_lib.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rand/rand_lib.c 2020-03-17 17:35:56.471259207 +0100
@@ -16,6 +16,10 @@
#include "internal/thread_once.h"
- #include "rand_lcl.h"
+ #include "rand_local.h"
#include "e_os.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
@@ -9950,7 +9948,7 @@ diff -up openssl-1.1.1d/crypto/rand/rand_lib.c.fips openssl-1.1.1d/crypto/rand/r
#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
-@@ -959,3 +963,15 @@ int RAND_status(void)
+@@ -961,3 +965,15 @@ int RAND_status(void)
return meth->status();
return 0;
}
@@ -9966,9 +9964,9 @@ diff -up openssl-1.1.1d/crypto/rand/rand_lib.c.fips openssl-1.1.1d/crypto/rand/r
+ return 1;
+}
+#endif
-diff -up openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1d/crypto/rsa/rsa_crpt.c
---- openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_crpt.c 2019-09-13 15:13:11.062524941 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa_crpt.c
+--- openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_crpt.c 2020-03-17 17:30:52.055566886 +0100
@@ -27,24 +27,52 @@ int RSA_size(const RSA *r)
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
@@ -10022,9 +10020,9 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1d/crypto/rsa/rsa
return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
}
-diff -up openssl-1.1.1d/crypto/rsa/rsa_err.c.fips openssl-1.1.1d/crypto/rsa/rsa_err.c
---- openssl-1.1.1d/crypto/rsa/rsa_err.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_err.c 2019-09-13 15:13:11.062524941 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_err.c
+--- openssl-1.1.1e/crypto/rsa/rsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_err.c 2020-03-17 17:30:52.055566886 +0100
@@ -16,6 +16,8 @@
static const ERR_STRING_DATA RSA_str_functs[] = {
{ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"},
@@ -10093,16 +10091,16 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_err.c.fips openssl-1.1.1d/crypto/rsa/rsa_
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
"unsupported signature type"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"},
-diff -up openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips openssl-1.1.1d/crypto/rsa/rsa_gen.c
---- openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_gen.c 2019-09-13 15:13:11.063524923 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_gen.c
+--- openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_gen.c 2020-03-17 17:33:55.560367363 +0100
@@ -18,6 +18,76 @@
#include "internal/cryptlib.h"
#include <openssl/bn.h>
- #include "rsa_locl.h"
+ #include "rsa_local.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
-+# include "internal/fips_int.h"
++# include "crypto/fips.h"
+
+int fips_check_rsa(RSA *rsa)
+{
@@ -10488,9 +10486,9 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips openssl-1.1.1d/crypto/rsa/rsa_
static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
BN_GENCB *cb)
{
-diff -up openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips openssl-1.1.1d/crypto/rsa/rsa_lib.c
---- openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_lib.c 2019-09-13 15:13:11.063524923 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_lib.c
+--- openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_lib.c 2020-03-17 17:30:52.056566869 +0100
@@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
* to deal with which ENGINE it comes from.
*/
@@ -10533,12 +10531,12 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips openssl-1.1.1d/crypto/rsa/rsa_
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
goto err;
}
-diff -up openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1d/crypto/rsa/rsa_ossl.c
---- openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_ossl.c 2019-09-13 15:13:11.063524923 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa_ossl.c
+--- openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_ossl.c 2020-03-17 17:34:32.289726964 +0100
@@ -12,6 +12,10 @@
- #include "rsa_locl.h"
- #include "internal/constant_time_locl.h"
+ #include "rsa_local.h"
+ #include "internal/constant_time.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
@@ -10652,9 +10650,9 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1d/crypto/rsa/rsa
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
-diff -up openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1d/crypto/rsa/rsa_pmeth.c
---- openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_pmeth.c 2019-09-13 15:13:11.063524923 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rsa_pmeth.c
+--- openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_pmeth.c 2020-03-17 17:30:52.056566869 +0100
@@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
const EVP_PKEY_METHOD rsa_pkey_meth = {
@@ -10673,9 +10671,9 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1d/crypto/rsa/rs
pkey_rsa_init,
pkey_rsa_copy,
pkey_rsa_cleanup,
-diff -up openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips openssl-1.1.1d/crypto/rsa/rsa_sign.c
---- openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/rsa/rsa_sign.c 2019-09-13 15:13:11.064524906 +0200
+diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa_sign.c
+--- openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/rsa/rsa_sign.c 2020-03-17 17:30:52.057566851 +0100
@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
unsigned char *tmps = NULL;
const unsigned char *encoded = NULL;
@@ -10702,9 +10700,9 @@ diff -up openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips openssl-1.1.1d/crypto/rsa/rsa
if (encrypt_len <= 0)
goto err;
-diff -up openssl-1.1.1d/crypto/sha/sha256.c.fips openssl-1.1.1d/crypto/sha/sha256.c
---- openssl-1.1.1d/crypto/sha/sha256.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/sha/sha256.c 2019-09-13 15:13:11.064524906 +0200
+diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha256.c
+--- openssl-1.1.1e/crypto/sha/sha256.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/sha/sha256.c 2020-03-17 17:30:52.057566851 +0100
@@ -18,6 +18,9 @@
int SHA224_Init(SHA256_CTX *c)
@@ -10725,9 +10723,9 @@ diff -up openssl-1.1.1d/crypto/sha/sha256.c.fips openssl-1.1.1d/crypto/sha/sha25
memset(c, 0, sizeof(*c));
c->h[0] = 0x6a09e667UL;
c->h[1] = 0xbb67ae85UL;
-diff -up openssl-1.1.1d/crypto/sha/sha512.c.fips openssl-1.1.1d/crypto/sha/sha512.c
---- openssl-1.1.1d/crypto/sha/sha512.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/sha/sha512.c 2019-09-13 15:13:11.064524906 +0200
+diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha512.c
+--- openssl-1.1.1e/crypto/sha/sha512.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/sha/sha512.c 2020-03-17 17:30:52.057566851 +0100
@@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c)
int SHA384_Init(SHA512_CTX *c)
@@ -10748,9 +10746,9 @@ diff -up openssl-1.1.1d/crypto/sha/sha512.c.fips openssl-1.1.1d/crypto/sha/sha51
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
-diff -up openssl-1.1.1d/crypto/sha/sha_locl.h.fips openssl-1.1.1d/crypto/sha/sha_locl.h
---- openssl-1.1.1d/crypto/sha/sha_locl.h.fips 2019-09-13 15:13:10.837528873 +0200
-+++ openssl-1.1.1d/crypto/sha/sha_locl.h 2019-09-13 15:13:11.064524906 +0200
+diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sha_local.h
+--- openssl-1.1.1e/crypto/sha/sha_local.h.fips 2020-03-17 17:30:51.766571925 +0100
++++ openssl-1.1.1e/crypto/sha/sha_local.h 2020-03-17 17:31:00.996410998 +0100
@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
int HASH_INIT(SHA_CTX *c)
@@ -10761,9 +10759,9 @@ diff -up openssl-1.1.1d/crypto/sha/sha_locl.h.fips openssl-1.1.1d/crypto/sha/sha
memset(c, 0, sizeof(*c));
c->h0 = INIT_DATA_h0;
c->h1 = INIT_DATA_h1;
-diff -up openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod
---- openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod 2019-09-13 15:13:11.064524906 +0200
+diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod
+--- openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod 2020-03-17 17:31:00.996410998 +0100
@@ -30,8 +30,10 @@ B<bits> is the length of the prime p to
For lengths under 2048 bits, the length of q is 160 bits; for lengths
greater than or equal to 2048 bits, the length of q is set to 256 bits.
@@ -10777,9 +10775,9 @@ diff -up openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1d
DSA_generate_parameters_ex() places the iteration count in
*B<counter_ret> and a counter used for finding a generator in
-diff -up openssl-1.1.1d/include/openssl/crypto.h.fips openssl-1.1.1d/include/openssl/crypto.h
---- openssl-1.1.1d/include/openssl/crypto.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/crypto.h 2019-09-13 15:13:11.065524888 +0200
+diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/openssl/crypto.h
+--- openssl-1.1.1e/include/openssl/crypto.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/crypto.h 2020-03-17 17:31:00.997410980 +0100
@@ -331,6 +331,11 @@ int OPENSSL_isservice(void);
int FIPS_mode(void);
int FIPS_mode_set(int r);
@@ -10792,9 +10790,9 @@ diff -up openssl-1.1.1d/include/openssl/crypto.h.fips openssl-1.1.1d/include/ope
void OPENSSL_init(void);
# ifdef OPENSSL_SYS_UNIX
void OPENSSL_fork_prepare(void);
-diff -up openssl-1.1.1d/include/openssl/dherr.h.fips openssl-1.1.1d/include/openssl/dherr.h
---- openssl-1.1.1d/include/openssl/dherr.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/dherr.h 2019-09-13 15:13:11.065524888 +0200
+diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/openssl/dherr.h
+--- openssl-1.1.1e/include/openssl/dherr.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/dherr.h 2020-03-17 17:31:00.998410963 +0100
@@ -36,6 +36,9 @@ int ERR_load_DH_strings(void);
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
@@ -10820,9 +10818,9 @@ diff -up openssl-1.1.1d/include/openssl/dherr.h.fips openssl-1.1.1d/include/open
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
-diff -up openssl-1.1.1d/include/openssl/dh.h.fips openssl-1.1.1d/include/openssl/dh.h
---- openssl-1.1.1d/include/openssl/dh.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/dh.h 2019-09-13 15:13:11.065524888 +0200
+diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl/dh.h
+--- openssl-1.1.1e/include/openssl/dh.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/dh.h 2020-03-17 17:31:00.998410963 +0100
@@ -31,6 +31,7 @@ extern "C" {
# endif
@@ -10831,9 +10829,9 @@ diff -up openssl-1.1.1d/include/openssl/dh.h.fips openssl-1.1.1d/include/openssl
# define DH_FLAG_CACHE_MONT_P 0x01
-diff -up openssl-1.1.1d/include/openssl/dsaerr.h.fips openssl-1.1.1d/include/openssl/dsaerr.h
---- openssl-1.1.1d/include/openssl/dsaerr.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/dsaerr.h 2019-09-13 15:16:32.263008157 +0200
+diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/openssl/dsaerr.h
+--- openssl-1.1.1e/include/openssl/dsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/dsaerr.h 2020-03-17 17:31:00.999410945 +0100
@@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void);
*/
# define DSA_F_DSAPARAMS_PRINT 100
@@ -10860,9 +10858,9 @@ diff -up openssl-1.1.1d/include/openssl/dsaerr.h.fips openssl-1.1.1d/include/ope
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
-diff -up openssl-1.1.1d/include/openssl/dsa.h.fips openssl-1.1.1d/include/openssl/dsa.h
---- openssl-1.1.1d/include/openssl/dsa.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/dsa.h 2019-09-13 15:13:11.065524888 +0200
+diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openssl/dsa.h
+--- openssl-1.1.1e/include/openssl/dsa.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/dsa.h 2020-03-17 17:31:01.000410928 +0100
@@ -31,6 +31,7 @@ extern "C" {
# endif
@@ -10871,9 +10869,9 @@ diff -up openssl-1.1.1d/include/openssl/dsa.h.fips openssl-1.1.1d/include/openss
# define DSA_FLAG_CACHE_MONT_P 0x01
# if OPENSSL_API_COMPAT < 0x10100000L
-diff -up openssl-1.1.1d/include/openssl/evperr.h.fips openssl-1.1.1d/include/openssl/evperr.h
---- openssl-1.1.1d/include/openssl/evperr.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-13 15:18:17.552167810 +0200
+diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/openssl/evperr.h
+--- openssl-1.1.1e/include/openssl/evperr.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-17 17:31:01.000410928 +0100
@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void);
* EVP function codes.
*/
@@ -10901,7 +10899,7 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.fips openssl-1.1.1d/include/ope
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
# define EVP_R_ERROR_LOADING_SECTION 165
-@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void);
+@@ -185,6 +187,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
@@ -10909,7 +10907,7 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.fips openssl-1.1.1d/include/ope
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
-@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void);
+@@ -200,6 +203,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
@@ -10918,9 +10916,9 @@ diff -up openssl-1.1.1d/include/openssl/evperr.h.fips openssl-1.1.1d/include/ope
+# define EVP_R_XTS_DUPLICATED_KEYS 192
#endif
-diff -up openssl-1.1.1d/include/openssl/evp.h.fips openssl-1.1.1d/include/openssl/evp.h
---- openssl-1.1.1d/include/openssl/evp.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/evp.h 2019-09-13 15:13:11.066524871 +0200
+diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openssl/evp.h
+--- openssl-1.1.1e/include/openssl/evp.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/evp.h 2020-03-17 17:31:01.001410911 +0100
@@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP
*/
# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4
@@ -10931,9 +10929,9 @@ diff -up openssl-1.1.1d/include/openssl/evp.h.fips openssl-1.1.1d/include/openss
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
-diff -up openssl-1.1.1d/include/openssl/fips.h.fips openssl-1.1.1d/include/openssl/fips.h
---- openssl-1.1.1d/include/openssl/fips.h.fips 2019-09-13 15:13:11.066524871 +0200
-+++ openssl-1.1.1d/include/openssl/fips.h 2019-09-13 15:13:11.066524871 +0200
+diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/openssl/fips.h
+--- openssl-1.1.1e/include/openssl/fips.h.fips 2020-03-17 17:31:01.002410893 +0100
++++ openssl-1.1.1e/include/openssl/fips.h 2020-03-17 17:31:01.002410893 +0100
@@ -0,0 +1,187 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11122,9 +11120,9 @@ diff -up openssl-1.1.1d/include/openssl/fips.h.fips openssl-1.1.1d/include/opens
+}
+# endif
+#endif
-diff -up openssl-1.1.1d/include/openssl/fips_rand.h.fips openssl-1.1.1d/include/openssl/fips_rand.h
---- openssl-1.1.1d/include/openssl/fips_rand.h.fips 2019-09-13 15:13:11.066524871 +0200
-+++ openssl-1.1.1d/include/openssl/fips_rand.h 2019-09-13 15:13:11.066524871 +0200
+diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/openssl/fips_rand.h
+--- openssl-1.1.1e/include/openssl/fips_rand.h.fips 2020-03-17 17:31:01.003410876 +0100
++++ openssl-1.1.1e/include/openssl/fips_rand.h 2020-03-17 17:31:01.003410876 +0100
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -11271,9 +11269,9 @@ diff -up openssl-1.1.1d/include/openssl/fips_rand.h.fips openssl-1.1.1d/include/
+# endif
+# endif
+#endif
-diff -up openssl-1.1.1d/include/openssl/opensslconf.h.in.fips openssl-1.1.1d/include/openssl/opensslconf.h.in
---- openssl-1.1.1d/include/openssl/opensslconf.h.in.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/opensslconf.h.in 2019-09-13 15:13:11.067524853 +0200
+diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/include/openssl/opensslconf.h.in
+--- openssl-1.1.1e/include/openssl/opensslconf.h.in.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/opensslconf.h.in 2020-03-17 17:31:01.003410876 +0100
@@ -150,6 +150,11 @@ extern "C" {
#define RC4_INT {- $config{rc4_int} -}
@@ -11286,10 +11284,10 @@ diff -up openssl-1.1.1d/include/openssl/opensslconf.h.in.fips openssl-1.1.1d/inc
#ifdef __cplusplus
}
#endif
-diff -up openssl-1.1.1d/include/openssl/randerr.h.fips openssl-1.1.1d/include/openssl/randerr.h
---- openssl-1.1.1d/include/openssl/randerr.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/randerr.h 2019-09-13 15:13:11.067524853 +0200
-@@ -37,6 +37,7 @@ int ERR_load_RAND_strings(void);
+diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/openssl/randerr.h
+--- openssl-1.1.1e/include/openssl/randerr.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/randerr.h 2020-03-17 17:31:01.004410858 +0100
+@@ -38,6 +38,7 @@ int ERR_load_RAND_strings(void);
# define RAND_F_RAND_DRBG_SET 104
# define RAND_F_RAND_DRBG_SET_DEFAULTS 121
# define RAND_F_RAND_DRBG_UNINSTANTIATE 118
@@ -11297,9 +11295,9 @@ diff -up openssl-1.1.1d/include/openssl/randerr.h.fips openssl-1.1.1d/include/op
# define RAND_F_RAND_LOAD_FILE 111
# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122
# define RAND_F_RAND_POOL_ADD 103
-diff -up openssl-1.1.1d/include/openssl/rand.h.fips openssl-1.1.1d/include/openssl/rand.h
---- openssl-1.1.1d/include/openssl/rand.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/rand.h 2019-09-13 15:13:11.067524853 +0200
+diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/openssl/rand.h
+--- openssl-1.1.1e/include/openssl/rand.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/rand.h 2020-03-17 17:31:01.004410858 +0100
@@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
# endif
@@ -11312,9 +11310,9 @@ diff -up openssl-1.1.1d/include/openssl/rand.h.fips openssl-1.1.1d/include/opens
#ifdef __cplusplus
}
-diff -up openssl-1.1.1d/include/openssl/rsaerr.h.fips openssl-1.1.1d/include/openssl/rsaerr.h
---- openssl-1.1.1d/include/openssl/rsaerr.h.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/include/openssl/rsaerr.h 2019-09-13 15:13:11.067524853 +0200
+diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/openssl/rsaerr.h
+--- openssl-1.1.1e/include/openssl/rsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/include/openssl/rsaerr.h 2020-03-17 17:31:01.005410841 +0100
@@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void);
*/
# define RSA_F_CHECK_PADDING_MD 140
@@ -11370,9 +11368,9 @@ diff -up openssl-1.1.1d/include/openssl/rsaerr.h.fips openssl-1.1.1d/include/ope
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
# define RSA_R_VALUE_MISSING 147
# define RSA_R_WRONG_SIGNATURE_LENGTH 119
-diff -up openssl-1.1.1d/ssl/s3_lib.c.fips openssl-1.1.1d/ssl/s3_lib.c
---- openssl-1.1.1d/ssl/s3_lib.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/ssl/s3_lib.c 2019-10-03 16:53:51.140362311 +0200
+diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c
+--- openssl-1.1.1e/ssl/s3_lib.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/ssl/s3_lib.c 2020-03-17 17:31:01.007410806 +0100
@@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = {
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
@@ -11472,9 +11470,9 @@ diff -up openssl-1.1.1d/ssl/s3_lib.c.fips openssl-1.1.1d/ssl/s3_lib.c
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
-diff -up openssl-1.1.1d/ssl/ssl_ciph.c.fips openssl-1.1.1d/ssl/ssl_ciph.c
---- openssl-1.1.1d/ssl/ssl_ciph.c.fips 2019-09-13 15:13:11.019525692 +0200
-+++ openssl-1.1.1d/ssl/ssl_ciph.c 2019-09-13 15:13:11.068524836 +0200
+diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c
+--- openssl-1.1.1e/ssl/ssl_ciph.c.fips 2020-03-17 17:30:52.017567549 +0100
++++ openssl-1.1.1e/ssl/ssl_ciph.c 2020-03-17 17:31:01.008410788 +0100
@@ -387,7 +387,7 @@ int ssl_load_ciphers(void)
}
}
@@ -11513,9 +11511,9 @@ diff -up openssl-1.1.1d/ssl/ssl_ciph.c.fips openssl-1.1.1d/ssl/ssl_ciph.c
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
-diff -up openssl-1.1.1d/ssl/ssl_init.c.fips openssl-1.1.1d/ssl/ssl_init.c
---- openssl-1.1.1d/ssl/ssl_init.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/ssl/ssl_init.c 2019-09-13 15:13:11.068524836 +0200
+diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c
+--- openssl-1.1.1e/ssl/ssl_init.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/ssl/ssl_init.c 2020-03-17 17:31:01.009410771 +0100
@@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
@@ -11559,10 +11557,10 @@ diff -up openssl-1.1.1d/ssl/ssl_init.c.fips openssl-1.1.1d/ssl/ssl_init.c
#ifndef OPENSSL_NO_COMP
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
-diff -up openssl-1.1.1d/ssl/ssl_lib.c.fips openssl-1.1.1d/ssl/ssl_lib.c
---- openssl-1.1.1d/ssl/ssl_lib.c.fips 2019-09-13 15:13:11.019525692 +0200
-+++ openssl-1.1.1d/ssl/ssl_lib.c 2019-09-13 15:13:11.069524818 +0200
-@@ -2916,6 +2916,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c
+--- openssl-1.1.1e/ssl/ssl_lib.c.fips 2020-03-17 17:30:52.018567531 +0100
++++ openssl-1.1.1e/ssl/ssl_lib.c 2020-03-17 17:31:01.011410736 +0100
+@@ -2970,6 +2970,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
return NULL;
@@ -11574,7 +11572,7 @@ diff -up openssl-1.1.1d/ssl/ssl_lib.c.fips openssl-1.1.1d/ssl/ssl_lib.c
if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
goto err;
-@@ -2972,13 +2977,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+@@ -3026,13 +3031,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (ret->param == NULL)
goto err;
@@ -11599,9 +11597,9 @@ diff -up openssl-1.1.1d/ssl/ssl_lib.c.fips openssl-1.1.1d/ssl/ssl_lib.c
}
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
-diff -up openssl-1.1.1d/ssl/ssl_locl.h.fips openssl-1.1.1d/ssl/ssl_locl.h
---- openssl-1.1.1d/ssl/ssl_locl.h.fips 2019-09-13 15:13:10.901527755 +0200
-+++ openssl-1.1.1d/ssl/ssl_locl.h 2019-09-13 15:13:11.069524818 +0200
+diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h
+--- openssl-1.1.1e/ssl/ssl_local.h.fips 2020-03-17 17:30:51.842570600 +0100
++++ openssl-1.1.1e/ssl/ssl_local.h 2020-03-17 17:31:10.740241108 +0100
@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st {
# define TLS_CURVE_PRIME 0x0
# define TLS_CURVE_CHAR2 0x1
@@ -11610,10 +11608,10 @@ diff -up openssl-1.1.1d/ssl/ssl_locl.h.fips openssl-1.1.1d/ssl/ssl_locl.h
typedef struct cert_pkey_st CERT_PKEY;
-diff -up openssl-1.1.1d/ssl/t1_lib.c.fips openssl-1.1.1d/ssl/t1_lib.c
---- openssl-1.1.1d/ssl/t1_lib.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/ssl/t1_lib.c 2019-09-13 15:13:11.069524818 +0200
-@@ -158,11 +158,11 @@ static const TLS_GROUP_INFO nid_list[] =
+diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c
+--- openssl-1.1.1e/ssl/t1_lib.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/ssl/t1_lib.c 2020-03-17 17:31:10.741241091 +0100
+@@ -159,11 +159,11 @@ static const TLS_GROUP_INFO nid_list[] =
{NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
{NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
{NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
@@ -11629,7 +11627,7 @@ diff -up openssl-1.1.1d/ssl/t1_lib.c.fips openssl-1.1.1d/ssl/t1_lib.c
{NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
{NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
{NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
-@@ -257,6 +257,8 @@ int tls_curve_allowed(SSL *s, uint16_t c
+@@ -258,6 +258,8 @@ int tls_curve_allowed(SSL *s, uint16_t c
if (cinfo->flags & TLS_CURVE_CHAR2)
return 0;
# endif
@@ -11638,9 +11636,9 @@ diff -up openssl-1.1.1d/ssl/t1_lib.c.fips openssl-1.1.1d/ssl/t1_lib.c
ctmp[0] = curve >> 8;
ctmp[1] = curve & 0xff;
return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
-diff -up openssl-1.1.1d/test/dsatest.c.fips openssl-1.1.1d/test/dsatest.c
---- openssl-1.1.1d/test/dsatest.c.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/dsatest.c 2019-09-13 15:13:11.070524801 +0200
+diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c
+--- openssl-1.1.1e/test/dsatest.c.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/dsatest.c 2020-03-17 17:31:10.741241091 +0100
@@ -24,41 +24,42 @@
#ifndef OPENSSL_NO_DSA
static int dsa_cb(int p, int n, BN_GENCB *arg);
@@ -11723,9 +11721,9 @@ diff -up openssl-1.1.1d/test/dsatest.c.fips openssl-1.1.1d/test/dsatest.c
goto end;
if (!TEST_int_eq(h, 2))
goto end;
-diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt
---- openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt 2019-09-13 15:13:11.070524801 +0200
+diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt
+--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt 2020-03-17 17:31:10.742241073 +0100
@@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000
IV = 00000000000000000000000000000000
Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
@@ -11734,13 +11732,13 @@ diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1
Cipher = aes-128-xts
Key = 1111111111111111111111111111111122222222222222222222222222222222
-diff -up openssl-1.1.1d/util/libcrypto.num.fips openssl-1.1.1d/util/libcrypto.num
---- openssl-1.1.1d/util/libcrypto.num.fips 2019-09-13 15:13:11.071524783 +0200
-+++ openssl-1.1.1d/util/libcrypto.num 2019-09-13 15:15:39.895923481 +0200
-@@ -4582,3 +4582,38 @@ OPENSSL_INIT_set_config_file_flags
- EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
- X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION:
- X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION:
+diff -up openssl-1.1.1e/util/libcrypto.num.fips openssl-1.1.1e/util/libcrypto.num
+--- openssl-1.1.1e/util/libcrypto.num.fips 2020-03-17 17:31:10.744241038 +0100
++++ openssl-1.1.1e/util/libcrypto.num 2020-03-17 17:32:37.851722261 +0100
+@@ -4587,3 +4587,38 @@ EVP_PKEY_meth_set_digestverify
+ EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION:
+ EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION:
+ RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA
+FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION:
+FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION:
+FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION:
diff --git a/openssl-1.1.1-intel-cet.patch b/openssl-1.1.1-intel-cet.patch
index c3ce4c6..a95bf9c 100644
--- a/openssl-1.1.1-intel-cet.patch
+++ b/openssl-1.1.1-intel-cet.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl
---- openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl 2020-02-17 12:00:19.011235601 +0100
+diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
+--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100
@@ -275,6 +275,7 @@ $code.=<<___;
.align 16
${PREFIX}_encrypt:
@@ -25,41 +25,23 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
-@@ -984,6 +987,8 @@ $code.=<<___;
- .type aesni_ccm64_encrypt_blocks,\@function,6
+@@ -985,6 +988,7 @@ $code.=<<___;
.align 16
aesni_ccm64_encrypt_blocks:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
-@@ -1066,6 +1071,7 @@ $code.=<<___ if ($win64);
- ___
- $code.=<<___;
- ret
-+.cfi_endproc
- .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
- ___
- ######################################################################
-@@ -1074,6 +1080,8 @@ $code.=<<___;
- .type aesni_ccm64_decrypt_blocks,\@function,6
+@@ -1077,6 +1081,7 @@ $code.=<<___;
.align 16
aesni_ccm64_decrypt_blocks:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
-@@ -1173,6 +1181,7 @@ $code.=<<___ if ($win64);
- ___
- $code.=<<___;
- ret
-+.cfi_endproc
- .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
- ___
- }\f
-@@ -1199,6 +1208,7 @@ $code.=<<___;
+@@ -1203,6 +1208,7 @@ $code.=<<___;
.align 16
aesni_ctr32_encrypt_blocks:
.cfi_startproc
@@ -67,7 +49,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
cmp \$1,$len
jne .Lctr32_bulk
-@@ -1771,6 +1781,7 @@ $code.=<<___;
+@@ -1775,6 +1781,7 @@ $code.=<<___;
.align 16
aesni_xts_encrypt:
.cfi_startproc
@@ -75,7 +57,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
lea (%rsp),%r11 # frame pointer
.cfi_def_cfa_register %r11
push %rbp
-@@ -2254,6 +2265,7 @@ $code.=<<___;
+@@ -2258,6 +2265,7 @@ $code.=<<___;
.align 16
aesni_xts_decrypt:
.cfi_startproc
@@ -83,7 +65,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
lea (%rsp),%r11 # frame pointer
.cfi_def_cfa_register %r11
push %rbp
-@@ -2779,6 +2791,7 @@ $code.=<<___;
+@@ -2783,6 +2791,7 @@ $code.=<<___;
.align 32
aesni_ocb_encrypt:
.cfi_startproc
@@ -91,51 +73,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
lea (%rsp),%rax
push %rbx
.cfi_push %rbx
-@@ -3031,6 +3044,7 @@ $code.=<<___;
- .type __ocb_encrypt6,\@abi-omnipotent
- .align 32
- __ocb_encrypt6:
-+.cfi_startproc
- pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
- movdqu ($L_p,$i1),@offset[1]
- movdqa @offset[0],@offset[2]
-@@ -3128,11 +3142,13 @@ __ocb_encrypt6:
- aesenclast @offset[4],$inout4
- aesenclast @offset[5],$inout5
- ret
-+.cfi_endproc
- .size __ocb_encrypt6,.-__ocb_encrypt6
-
- .type __ocb_encrypt4,\@abi-omnipotent
- .align 32
- __ocb_encrypt4:
-+.cfi_startproc
- pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
- movdqu ($L_p,$i1),@offset[1]
- movdqa @offset[0],@offset[2]
-@@ -3197,11 +3213,13 @@ __ocb_encrypt4:
- aesenclast @offset[2],$inout2
- aesenclast @offset[3],$inout3
- ret
-+.cfi_endproc
- .size __ocb_encrypt4,.-__ocb_encrypt4
-
- .type __ocb_encrypt1,\@abi-omnipotent
- .align 32
- __ocb_encrypt1:
-+.cfi_startproc
- pxor @offset[5],$inout5 # offset_i
- pxor $rndkey0l,$inout5 # offset_i ^ round[0]
- pxor $inout0,$checksum # accumulate checksum
-@@ -3232,6 +3250,7 @@ __ocb_encrypt1:
-
- aesenclast $inout5,$inout0
- ret
-+.cfi_endproc
- .size __ocb_encrypt1,.-__ocb_encrypt1
-
- .globl aesni_ocb_decrypt
-@@ -3239,6 +3258,7 @@ __ocb_encrypt1:
+@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
.align 32
aesni_ocb_decrypt:
.cfi_startproc
@@ -143,51 +81,7 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
lea (%rsp),%rax
push %rbx
.cfi_push %rbx
-@@ -3513,6 +3533,7 @@ $code.=<<___;
- .type __ocb_decrypt6,\@abi-omnipotent
- .align 32
- __ocb_decrypt6:
-+.cfi_startproc
- pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
- movdqu ($L_p,$i1),@offset[1]
- movdqa @offset[0],@offset[2]
-@@ -3604,11 +3625,13 @@ __ocb_decrypt6:
- aesdeclast @offset[4],$inout4
- aesdeclast @offset[5],$inout5
- ret
-+.cfi_endproc
- .size __ocb_decrypt6,.-__ocb_decrypt6
-
- .type __ocb_decrypt4,\@abi-omnipotent
- .align 32
- __ocb_decrypt4:
-+.cfi_startproc
- pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
- movdqu ($L_p,$i1),@offset[1]
- movdqa @offset[0],@offset[2]
-@@ -3669,11 +3692,13 @@ __ocb_decrypt4:
- aesdeclast @offset[2],$inout2
- aesdeclast @offset[3],$inout3
- ret
-+.cfi_endproc
- .size __ocb_decrypt4,.-__ocb_decrypt4
-
- .type __ocb_decrypt1,\@abi-omnipotent
- .align 32
- __ocb_decrypt1:
-+.cfi_startproc
- pxor @offset[5],$inout5 # offset_i
- pxor $rndkey0l,$inout5 # offset_i ^ round[0]
- pxor $inout5,$inout0 # input ^ round[0] ^ offset_i
-@@ -3703,6 +3728,7 @@ __ocb_decrypt1:
-
- aesdeclast $inout5,$inout0
- ret
-+.cfi_endproc
- .size __ocb_decrypt1,.-__ocb_decrypt1
- ___
- } }}
-@@ -3721,6 +3747,7 @@ $code.=<<___;
+@@ -3737,6 +3747,7 @@ $code.=<<___;
.align 16
${PREFIX}_cbc_encrypt:
.cfi_startproc
@@ -195,25 +89,9 @@ diff -up openssl-1.1.1d/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1d/
test $len,$len # check length
jz .Lcbc_ret
-@@ -4637,7 +4664,6 @@ __aesni_set_encrypt_key:
- add \$8,%rsp
- .cfi_adjust_cfa_offset -8
- ret
--.cfi_endproc
- .LSEH_end_set_encrypt_key:
- \f
- .align 16
-@@ -4708,6 +4734,7 @@ __aesni_set_encrypt_key:
- shufps \$0b10101010,%xmm1,%xmm1 # critical path
- xorps %xmm1,%xmm2
- ret
-+.cfi_endproc
- .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
- .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key
- ___
-diff -up openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl
---- openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl 2020-02-17 11:55:07.374557249 +0100
+diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
+--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
.align 16
${PREFIX}_set_encrypt_key:
@@ -254,9 +132,9 @@ diff -up openssl-1.1.1d/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1d/
xchg $key,$len
___
($len,$key)=($key,$len);
-diff -up openssl-1.1.1d/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1d/crypto/async/arch/async_posix.c
---- openssl-1.1.1d/crypto/async/arch/async_posix.c.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/async/arch/async_posix.c 2020-02-17 11:55:07.374557249 +0100
+diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
+--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
int async_fibre_makecontext(async_fibre *fibre)
@@ -267,9 +145,9 @@ diff -up openssl-1.1.1d/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1d
if (getcontext(&fibre->fibre) == 0) {
fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
if (fibre->fibre.uc_stack.ss_sp != NULL) {
-diff -up openssl-1.1.1d/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1d/crypto/async/arch/async_posix.h
---- openssl-1.1.1d/crypto/async/arch/async_posix.h.intel-cet 2020-02-17 11:55:06.600570492 +0100
-+++ openssl-1.1.1d/crypto/async/arch/async_posix.h 2020-02-17 11:55:07.374557249 +0100
+diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
+--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100
++++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100
@@ -25,17 +25,33 @@
# define ASYNC_POSIX
# define ASYNC_ARCH
@@ -313,10 +191,10 @@ diff -up openssl-1.1.1d/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1d
return 1;
}
-diff -up openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl
---- openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl 2020-02-17 11:55:07.375557232 +0100
-@@ -677,6 +677,7 @@ $code.=<<___;
+diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
+--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
+@@ -685,6 +685,7 @@ $code.=<<___;
.align 16
Camellia_cbc_encrypt:
.cfi_startproc
@@ -324,9 +202,9 @@ diff -up openssl-1.1.1d/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1
cmp \$0,%rdx
je .Lcbc_abort
push %rbx
-diff -up openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl
---- openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl 2020-02-17 11:55:07.375557232 +0100
+diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
+--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
@@ -239,6 +239,7 @@ $code=<<___;
.align 16
gcm_gmult_4bit:
@@ -375,9 +253,9 @@ diff -up openssl-1.1.1d/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1
___
if ($avx) {
my ($Xip,$Htbl,$inp,$len)=@_4args;
-diff -up openssl-1.1.1d/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1d/crypto/perlasm/cbc.pl
---- openssl-1.1.1d/crypto/perlasm/cbc.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/perlasm/cbc.pl 2020-02-17 11:55:07.375557232 +0100
+diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
+--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100
@@ -165,21 +165,28 @@ sub cbc
&jmp_ptr($count);
@@ -407,9 +285,9 @@ diff -up openssl-1.1.1d/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1d/crypto/pe
&movb(&LB("ecx"), &BP(0,$in,"",0));
&set_label("ejend");
-diff -up openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl
---- openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl 2020-02-17 11:55:07.375557232 +0100
+diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
+--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100
@@ -101,6 +101,33 @@ elsif (!$gas)
$decor="\$L\$";
}
@@ -452,9 +330,9 @@ diff -up openssl-1.1.1d/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1d/
print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
print "END\n" if ($masm);
-diff -up openssl-1.1.1d/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1d/crypto/perlasm/x86gas.pl
---- openssl-1.1.1d/crypto/perlasm/x86gas.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/perlasm/x86gas.pl 2020-02-17 11:55:07.376557215 +0100
+diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
+--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100
@@ -124,6 +124,7 @@ sub ::function_begin_B
push(@out,".align\t$align\n");
push(@out,"$func:\n");
@@ -490,292 +368,72 @@ diff -up openssl-1.1.1d/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1d/crypto
}
sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
-diff -up openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl
---- openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-02-17 11:55:07.376557215 +0100
-+++ openssl-1.1.1d/crypto/poly1305/asm/poly1305-x86_64.pl 2020-02-17 12:02:12.295308065 +0100
-@@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /mas
- $avx = ($1>=10) + ($1>=12);
- }
-
--if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
-+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
- $avx = ($2>=3.0) + ($2>3.0);
- }
-
-@@ -168,6 +168,7 @@ $code.=<<___;
- .type poly1305_init,\@function,3
- .align 32
- poly1305_init:
-+.cfi_startproc
- xor %rax,%rax
- mov %rax,0($ctx) # initialize hash value
- mov %rax,8($ctx)
-@@ -219,6 +220,7 @@ $code.=<<___;
- mov \$1,%eax
- .Lno_key:
- ret
-+.cfi_endproc
- .size poly1305_init,.-poly1305_init
-
- .type poly1305_blocks,\@function,4
-@@ -298,6 +300,7 @@ $code.=<<___;
- .type poly1305_emit,\@function,3
- .align 32
- poly1305_emit:
-+.cfi_startproc
- .Lemit:
- mov 0($ctx),%r8 # load hash value
- mov 8($ctx),%r9
-@@ -318,6 +321,7 @@ poly1305_emit:
- mov %rcx,8($mac)
-
- ret
-+.cfi_endproc
- .size poly1305_emit,.-poly1305_emit
- ___
- if ($avx) {
-@@ -342,15 +346,18 @@ $code.=<<___;
- .type __poly1305_block,\@abi-omnipotent
- .align 32
- __poly1305_block:
-+.cfi_startproc
- ___
- &poly1305_iteration();
- $code.=<<___;
- ret
-+.cfi_endproc
- .size __poly1305_block,.-__poly1305_block
-
- .type __poly1305_init_avx,\@abi-omnipotent
- .align 32
- __poly1305_init_avx:
-+.cfi_startproc
- mov $r0,$h0
- mov $r1,$h1
- xor $h2,$h2
-@@ -508,6 +515,7 @@ __poly1305_init_avx:
-
- lea -48-64($ctx),$ctx # size [de-]optimization
- ret
-+.cfi_endproc
- .size __poly1305_init_avx,.-__poly1305_init_avx
-
- .type poly1305_blocks_avx,\@function,4
-@@ -1373,6 +1381,7 @@ $code.=<<___;
- .type poly1305_emit_avx,\@function,3
- .align 32
- poly1305_emit_avx:
-+.cfi_startproc
- cmpl \$0,20($ctx) # is_base2_26?
- je .Lemit
-
-@@ -1423,6 +1432,7 @@ poly1305_emit_avx:
- mov %rcx,8($mac)
-
- ret
-+.cfi_endproc
- .size poly1305_emit_avx,.-poly1305_emit_avx
- ___
-
-@@ -2741,6 +2751,7 @@ $code.=<<___;
- .type poly1305_init_base2_44,\@function,3
- .align 32
- poly1305_init_base2_44:
-+.cfi_startproc
- xor %rax,%rax
- mov %rax,0($ctx) # initialize hash value
- mov %rax,8($ctx)
-@@ -2782,6 +2793,7 @@ ___
- $code.=<<___;
- mov \$1,%eax
- ret
-+.cfi_endproc
- .size poly1305_init_base2_44,.-poly1305_init_base2_44
- ___
- {
-@@ -2793,6 +2805,8 @@ $code.=<<___;
- .type poly1305_blocks_vpmadd52,\@function,4
+diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
+--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100
++++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100
+@@ -2806,6 +2806,7 @@ $code.=<<___;
.align 32
poly1305_blocks_vpmadd52:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
shr \$4,$len
jz .Lno_data_vpmadd52 # too short
-@@ -2899,6 +2913,7 @@ poly1305_blocks_vpmadd52:
-
- .Lno_data_vpmadd52:
- ret
-+.cfi_endproc
- .size poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52
- ___
- }
-@@ -2916,6 +2931,7 @@ $code.=<<___;
- .type poly1305_blocks_vpmadd52_4x,\@function,4
- .align 32
- poly1305_blocks_vpmadd52_4x:
-+.cfi_startproc
- shr \$4,$len
- jz .Lno_data_vpmadd52_4x # too short
-
-@@ -3340,6 +3356,7 @@ poly1305_blocks_vpmadd52_4x:
-
- .Lno_data_vpmadd52_4x:
- ret
-+.cfi_endproc
- .size poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x
- ___
- }
-@@ -3358,6 +3375,7 @@ $code.=<<___;
- .type poly1305_blocks_vpmadd52_8x,\@function,4
- .align 32
- poly1305_blocks_vpmadd52_8x:
-+.cfi_startproc
- shr \$4,$len
- jz .Lno_data_vpmadd52_8x # too short
-
-@@ -3713,6 +3731,7 @@ $code.=<<___;
-
- .Lno_data_vpmadd52_8x:
- ret
-+.cfi_endproc
- .size poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x
- ___
- }
-@@ -3720,6 +3739,8 @@ $code.=<<___;
- .type poly1305_emit_base2_44,\@function,3
+@@ -3739,6 +3740,7 @@ $code.=<<___;
.align 32
poly1305_emit_base2_44:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
mov 0($ctx),%r8 # load hash value
mov 8($ctx),%r9
mov 16($ctx),%r10
-@@ -3750,6 +3771,7 @@ poly1305_emit_base2_44:
- mov %rcx,8($mac)
-
- ret
-+.cfi_endproc
- .size poly1305_emit_base2_44,.-poly1305_emit_base2_44
- ___
- } } }
-@@ -3800,6 +3822,7 @@ $code.=<<___;
- .type xor128_encrypt_n_pad,\@abi-omnipotent
- .align 16
- xor128_encrypt_n_pad:
-+.cfi_startproc
- sub $otp,$inp
- sub $otp,$out
- mov $len,%r10 # put len aside
-@@ -3841,12 +3864,14 @@ xor128_encrypt_n_pad:
- .Ldone_enc:
- mov $otp,%rax
- ret
-+.cfi_endproc
- .size xor128_encrypt_n_pad,.-xor128_encrypt_n_pad
-
- .globl xor128_decrypt_n_pad
- .type xor128_decrypt_n_pad,\@abi-omnipotent
+diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
+--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100
++++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100
+@@ -140,6 +140,7 @@ $code=<<___;
.align 16
- xor128_decrypt_n_pad:
-+.cfi_startproc
- sub $otp,$inp
- sub $otp,$out
- mov $len,%r10 # put len aside
-@@ -3892,6 +3917,7 @@ xor128_decrypt_n_pad:
- .Ldone_dec:
- mov $otp,%rax
- ret
-+.cfi_endproc
- .size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad
- ___
- }
-diff -up openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-02-17 11:55:07.377557198 +0100
-+++ openssl-1.1.1d/crypto/rc4/asm/rc4-x86_64.pl 2020-02-17 12:03:09.117341235 +0100
-@@ -138,11 +138,13 @@ $code=<<___;
- .globl RC4
- .type RC4,\@function,4
- .align 16
--RC4: or $len,$len
-+RC4:
-+.cfi_startproc
+ RC4:
+ .cfi_startproc
+ endbranch
-+ or $len,$len
+ or $len,$len
jne .Lentry
ret
- .Lentry:
--.cfi_startproc
- push %rbx
- .cfi_push %rbx
- push %r12
-@@ -453,6 +455,8 @@ $code.=<<___;
- .type RC4_set_key,\@function,3
+@@ -455,6 +456,7 @@ $code.=<<___;
.align 16
RC4_set_key:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
lea 8($dat),$dat
lea ($inp,$len),$inp
neg $len
-@@ -519,12 +523,15 @@ RC4_set_key:
- mov %eax,-8($dat)
- mov %eax,-4($dat)
- ret
-+.cfi_endproc
- .size RC4_set_key,.-RC4_set_key
-
- .globl RC4_options
- .type RC4_options,\@abi-omnipotent
+@@ -529,6 +531,7 @@ RC4_set_key:
.align 16
RC4_options:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
lea .Lopts(%rip),%rax
mov OPENSSL_ia32cap_P(%rip),%edx
bt \$20,%edx
-@@ -537,6 +544,7 @@ RC4_options:
- add \$12,%rax
- .Ldone:
- ret
-+.cfi_endproc
- .align 64
- .Lopts:
- .asciz "rc4(8x,int)"
-diff -up openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1d/crypto/x86_64cpuid.pl
---- openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet 2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/crypto/x86_64cpuid.pl 2020-02-17 12:04:04.921391729 +0100
-@@ -39,6 +39,8 @@ print<<___;
- .type OPENSSL_atomic_add,\@abi-omnipotent
+diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
+--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100
+@@ -40,6 +40,7 @@ print<<___;
.align 16
OPENSSL_atomic_add:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
movl ($arg1),%eax
.Lspin: leaq ($arg2,%rax),%r8
.byte 0xf0 # lock
-@@ -47,16 +49,20 @@ OPENSSL_atomic_add:
- movl %r8d,%eax
- .byte 0x48,0x98 # cltq/cdqe
- ret
-+.cfi_endproc
- .size OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
- .globl OPENSSL_rdtsc
- .type OPENSSL_rdtsc,\@abi-omnipotent
+@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
.align 16
OPENSSL_rdtsc:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
rdtsc
shl \$32,%rdx
or %rdx,%rax
- ret
-+.cfi_endproc
- .size OPENSSL_rdtsc,.-OPENSSL_rdtsc
-
- .globl OPENSSL_ia32_cpuid
-@@ -64,6 +70,7 @@ OPENSSL_rdtsc:
+@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
.align 16
OPENSSL_ia32_cpuid:
.cfi_startproc
@@ -783,40 +441,31 @@ diff -up openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1d/crypto/x8
mov %rbx,%r8 # save %rbx
.cfi_register %rbx,%r8
-@@ -232,6 +239,8 @@ OPENSSL_ia32_cpuid:
- .type OPENSSL_cleanse,\@abi-omnipotent
+@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
.align 16
OPENSSL_cleanse:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
xor %rax,%rax
cmp \$15,$arg2
jae .Lot
-@@ -261,12 +270,15 @@ OPENSSL_cleanse:
- cmp \$0,$arg2
- jne .Little
- ret
-+.cfi_endproc
- .size OPENSSL_cleanse,.-OPENSSL_cleanse
-
- .globl CRYPTO_memcmp
- .type CRYPTO_memcmp,\@abi-omnipotent
+@@ -274,6 +278,7 @@ OPENSSL_cleanse:
.align 16
CRYPTO_memcmp:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
xor %rax,%rax
xor %r10,%r10
cmp \$0,$arg3
-@@ -295,6 +307,7 @@ CRYPTO_memcmp:
- shr \$63,%rax
- .Lno_data:
- ret
-+.cfi_endproc
- .size CRYPTO_memcmp,.-CRYPTO_memcmp
- ___
-
-@@ -303,6 +316,8 @@ print<<___ if (!$win64);
+@@ -312,6 +317,7 @@ print<<___ if (!$win64);
+ .align 16
+ OPENSSL_wipe_cpu:
+ .cfi_startproc
++ endbranch
+ pxor %xmm0,%xmm0
+ pxor %xmm1,%xmm1
+ pxor %xmm2,%xmm2
+@@ -346,6 +352,8 @@ print<<___ if ($win64);
.type OPENSSL_wipe_cpu,\@abi-omnipotent
.align 16
OPENSSL_wipe_cpu:
@@ -825,61 +474,27 @@ diff -up openssl-1.1.1d/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1d/crypto/x8
pxor %xmm0,%xmm0
pxor %xmm1,%xmm1
pxor %xmm2,%xmm2
-@@ -329,6 +344,7 @@ OPENSSL_wipe_cpu:
- xorq %r11,%r11
- leaq 8(%rsp),%rax
- ret
-+.cfi_endproc
- .size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
- ___
- print<<___ if ($win64);
-@@ -365,6 +381,8 @@ print<<___;
- .type OPENSSL_instrument_bus,\@abi-omnipotent
+@@ -376,6 +384,7 @@ print<<___;
.align 16
OPENSSL_instrument_bus:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
mov $arg1,$out # tribute to Win64
mov $arg2,$cnt
mov $arg2,$max
-@@ -391,12 +409,15 @@ OPENSSL_instrument_bus:
-
- mov $max,%rax
- ret
-+.cfi_endproc
- .size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
-
- .globl OPENSSL_instrument_bus2
- .type OPENSSL_instrument_bus2,\@abi-omnipotent
+@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
.align 16
OPENSSL_instrument_bus2:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
mov $arg1,$out # tribute to Win64
mov $arg2,$cnt
mov $arg3,$max
-@@ -439,6 +460,7 @@ OPENSSL_instrument_bus2:
- mov $redzone(%rsp),%rax
- sub $cnt,%rax
- ret
-+.cfi_endproc
- .size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
- ___
- }
-@@ -450,6 +472,8 @@ print<<___;
- .type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
+@@ -465,6 +475,7 @@ print<<___;
.align 16
OPENSSL_ia32_${rdop}_bytes:
-+.cfi_startproc
+ .cfi_startproc
+ endbranch
xor %rax, %rax # return value
cmp \$0,$arg2
je .Ldone_${rdop}_bytes
-@@ -486,6 +510,7 @@ OPENSSL_ia32_${rdop}_bytes:
- .Ldone_${rdop}_bytes:
- xor %r10,%r10 # Clear sensitive data from register
- ret
-+.cfi_endproc
- .size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
- ___
- }
diff --git a/openssl-1.1.1-krb5-kdf.patch b/openssl-1.1.1-krb5-kdf.patch
index 01afa9c..249a5c5 100644
--- a/openssl-1.1.1-krb5-kdf.patch
+++ b/openssl-1.1.1-krb5-kdf.patch
@@ -67,9 +67,9 @@ diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.krb5-kdf openssl-1.1.1d/crypto/evp/
};
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-diff -up openssl-1.1.1d/crypto/include/internal/evp_int.h.krb5-kdf openssl-1.1.1d/crypto/include/internal/evp_int.h
---- openssl-1.1.1d/crypto/include/internal/evp_int.h.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
-+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2019-11-14 15:07:05.342094129 +0100
+diff -up openssl-1.1.1d/include/crypto/evp.h.krb5-kdf openssl-1.1.1d/include/crypto/evp.h
+--- openssl-1.1.1d/include/crypto/evp.h.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
++++ openssl-1.1.1d/include/crypto/evp.h 2019-11-14 15:07:05.342094129 +0100
@@ -130,6 +130,9 @@ extern const EVP_KDF_METHOD scrypt_kdf_m
extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
extern const EVP_KDF_METHOD hkdf_kdf_meth;
@@ -129,7 +129,7 @@ diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kb
+
+#include "internal/numbers.h"
+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+#include "kdf_local.h"
+
+#include "e_os.h"
@@ -741,7 +741,7 @@ diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/
+#include <openssl/kdf.h>
+
+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+#include "kdf_local.h"
+
+/* KRB5 KDF defined in RFC 3961, Section 5.1 */
@@ -1155,7 +1155,7 @@ diff -up openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/s
#include <openssl/kdf.h>
+#include "internal/numbers.h"
#include "internal/cryptlib.h"
- #include "internal/evp_int.h"
+ #include "crypto/evp.h"
#include "kdf_local.h"
@@ -68,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u
p = va_arg(args, const unsigned char *);
@@ -1218,7 +1218,7 @@ diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/ss
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+#include "kdf_local.h"
+
+struct evp_kdf_impl_st {
diff --git a/openssl-1.1.1-s390x-update.patch b/openssl-1.1.1-s390x-update.patch
index f46c1a5..83061af 100644
--- a/openssl-1.1.1-s390x-update.patch
+++ b/openssl-1.1.1-s390x-update.patch
@@ -1,13 +1,6 @@
-diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl
---- openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl 2019-05-06 10:54:00.035367605 +0200
-@@ -1,5 +1,5 @@
- #! /usr/bin/env perl
--# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the OpenSSL license (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
+diff -up openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl
+--- openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 16:45:05.483440129 +0100
@@ -20,41 +20,53 @@
#
# 3 times faster than compiler-generated code.
@@ -472,7 +465,7 @@ diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1
+ vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5);
+ vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5);
}
--close STDOUT;
+-close STDOUT or die "error closing STDOUT: $!";
+
+PERLASM_BEGIN($output);
+
@@ -1290,9 +1283,9 @@ diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1
+ALIGN (4);
+
+PERLASM_END();
-diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/crypto/perlasm/s390x.pm
---- openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update 2019-05-06 10:54:00.037367571 +0200
-+++ openssl-1.1.1b/crypto/perlasm/s390x.pm 2019-05-06 10:54:00.038367554 +0200
+diff -up openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1e/crypto/perlasm/s390x.pm
+--- openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update 2020-03-19 16:20:22.039227394 +0100
++++ openssl-1.1.1e/crypto/perlasm/s390x.pm 2020-03-19 16:20:22.039227394 +0100
@@ -0,0 +1,3060 @@
+#!/usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -4354,9 +4347,9 @@ diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/cryp
+}
+
+1;
-diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl
---- openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl 2019-05-06 10:54:00.036367588 +0200
+diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl
+--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2020-03-19 16:20:22.041227359 +0100
++++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl 2020-03-19 16:23:22.364098257 +0100
@@ -24,204 +24,961 @@
#
# On side note, z13 enables vector base 2^26 implementation...
@@ -5494,11 +5487,11 @@ diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update opens
+STRING ("\"Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
-print $code;
--close STDOUT;
+-close STDOUT or die "error closing STDOUT: $!";
+PERLASM_END();
-diff -up openssl-1.1.1b/crypto/poly1305/build.info.s390x-update openssl-1.1.1b/crypto/poly1305/build.info
---- openssl-1.1.1b/crypto/poly1305/build.info.s390x-update 2019-05-06 10:54:00.036367588 +0200
-+++ openssl-1.1.1b/crypto/poly1305/build.info 2019-05-06 10:56:14.964105164 +0200
+diff -up openssl-1.1.1e/crypto/poly1305/build.info.s390x-update openssl-1.1.1e/crypto/poly1305/build.info
+--- openssl-1.1.1e/crypto/poly1305/build.info.s390x-update 2020-03-17 15:31:17.000000000 +0100
++++ openssl-1.1.1e/crypto/poly1305/build.info 2020-03-19 16:20:22.042227342 +0100
@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=..
GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
INCLUDE[poly1305-mips.o]=..
diff --git a/openssl-1.1.1-ssh-kdf.patch b/openssl-1.1.1-ssh-kdf.patch
index 08f02ac..1bf71c4 100644
--- a/openssl-1.1.1-ssh-kdf.patch
+++ b/openssl-1.1.1-ssh-kdf.patch
@@ -51,10 +51,10 @@ index 05f5cec3a9..811fe727f6 100644
};
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
-diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
+diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index a109e561b3..8c313c65ac 100644
---- a/crypto/include/internal/evp_int.h
-+++ b/crypto/include/internal/evp_int.h
+--- a/include/crypto/evp.h
++++ b/include/crypto/evp.h
@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
extern const EVP_KDF_METHOD scrypt_kdf_meth;
extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
@@ -119,7 +119,7 @@ index 0000000000..24f37cbed4
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include "internal/cryptlib.h"
-+#include "internal/evp_int.h"
++#include "crypto/evp.h"
+#include "kdf_local.h"
+
+/* See RFC 4253, Section 7.2 */
diff --git a/openssl-1.1.1-upstream-sync.patch b/openssl-1.1.1-upstream-sync.patch
deleted file mode 100644
index 86448a0..0000000
--- a/openssl-1.1.1-upstream-sync.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-commit 515c728dbaa92211d2eafb0041ab9fcd258fdc41
-Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Date: Mon Sep 9 19:12:25 2019 +0200
-
- Fix potential memory leaks with BN_to_ASN1_INTEGER
-
- Reviewed-by: Paul Dale <paul.dale@oracle.com>
- Reviewed-by: Matt Caswell <matt@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/9833)
-
- (cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09)
-
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 1ce1181fc1..7cbf8de981 100644
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
- unsigned char *buffer = NULL;
- const EC_POINT *point = NULL;
- point_conversion_form_t form;
-+ ASN1_INTEGER *orig;
-
- if (params == NULL) {
- if ((ret = ECPARAMETERS_new()) == NULL) {
-@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
- ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
- goto err;
- }
-- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
-+ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
- if (ret->order == NULL) {
-+ ret->order = orig;
- ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
- goto err;
- }
-@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
- /* set the cofactor (optional) */
- tmp = EC_GROUP_get0_cofactor(group);
- if (tmp != NULL) {
-- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
-+ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
- if (ret->cofactor == NULL) {
-+ ret->cofactor = orig;
- ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
- goto err;
- }
-diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
-index 089f2ae29f..ef2d64826f 100644
---- a/crypto/x509v3/v3_asid.c
-+++ b/crypto/x509v3/v3_asid.c
-@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
- static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
- {
- ASN1_INTEGER *a_max_plus_one = NULL;
-+ ASN1_INTEGER *orig;
- BIGNUM *bn = NULL;
- int i, ret = 0;
-
-@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
- */
- if ((bn == NULL && (bn = BN_new()) == NULL) ||
- ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-- !BN_add_word(bn, 1) ||
-- (a_max_plus_one =
-- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
-+ !BN_add_word(bn, 1)) {
-+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
-+ ERR_R_MALLOC_FAILURE);
-+ goto done;
-+ }
-+
-+ if ((a_max_plus_one =
-+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
-+ a_max_plus_one = orig;
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
- ERR_R_MALLOC_FAILURE);
- goto done;
-@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
- static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
- {
- ASN1_INTEGER *a_max_plus_one = NULL;
-+ ASN1_INTEGER *orig;
- BIGNUM *bn = NULL;
- int i, ret = 0;
-
-@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
- */
- if ((bn == NULL && (bn = BN_new()) == NULL) ||
- ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-- !BN_add_word(bn, 1) ||
-- (a_max_plus_one =
-- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
-+ !BN_add_word(bn, 1)) {
-+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-+ ERR_R_MALLOC_FAILURE);
-+ goto done;
-+ }
-+
-+ if ((a_max_plus_one =
-+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
-+ a_max_plus_one = orig;
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
- ERR_R_MALLOC_FAILURE);
- goto done;
-commit 86ed78676c660b553696cc10c682962522dfeb6c
-Author: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu Sep 12 12:27:36 2019 +0200
-
- BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
-
- There can be data to write in output buffer and data to read that were
- not yet read in the input stream.
-
- Fixes #9866
-
- Reviewed-by: Richard Levitte <levitte@openssl.org>
- (Merged from https://github.com/openssl/openssl/pull/9877)
-
- (cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95)
-
-diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
-index d688deee5f..7c1be358fd 100644
---- a/crypto/comp/c_zlib.c
-+++ b/crypto/comp/c_zlib.c
-@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
- BIO_copy_next_retry(b);
- break;
-
-+ case BIO_CTRL_WPENDING:
-+ if (ctx->obuf == NULL)
-+ return 0;
-+
-+ if (ctx->odone) {
-+ ret = ctx->ocount;
-+ } else {
-+ ret = ctx->ocount;
-+ if (ret == 0)
-+ /* Unknown amount pending but we are not finished */
-+ ret = 1;
-+ }
-+ if (ret == 0)
-+ ret = BIO_ctrl(next, cmd, num, ptr);
-+ break;
-+
-+ case BIO_CTRL_PENDING:
-+ ret = ctx->zin.avail_in;
-+ if (ret == 0)
-+ ret = BIO_ctrl(next, cmd, num, ptr);
-+ break;
-+
- default:
- ret = BIO_ctrl(next, cmd, num, ptr);
- break;
diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch
index cbecb90..8404d7f 100644
--- a/openssl-1.1.1-version-override.patch
+++ b/openssl-1.1.1-version-override.patch
@@ -1,12 +1,12 @@
-diff -up openssl-1.1.1d/include/openssl/opensslv.h.version-override openssl-1.1.1d/include/openssl/opensslv.h
---- openssl-1.1.1d/include/openssl/opensslv.h.version-override 2019-09-13 15:26:32.606500244 +0200
-+++ openssl-1.1.1d/include/openssl/opensslv.h 2019-09-13 15:27:03.805950866 +0200
+diff -up openssl-1.1.1e/include/openssl/opensslv.h.version-override openssl-1.1.1e/include/openssl/opensslv.h
+--- openssl-1.1.1e/include/openssl/opensslv.h.version-override 2020-03-17 18:05:00.750749987 +0100
++++ openssl-1.1.1e/include/openssl/opensslv.h 2020-03-17 18:05:41.404038619 +0100
@@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta)
*/
- # define OPENSSL_VERSION_NUMBER 0x1010104fL
--# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d 10 Sep 2019"
-+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d FIPS 10 Sep 2019"
+ # define OPENSSL_VERSION_NUMBER 0x1010105fL
+-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e 17 Mar 2020"
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e FIPS 17 Mar 2020"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/openssl.spec b/openssl.spec
index 91f3492..80af3b9 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.1d
-Release: 7%{?dist}
+Version: 1.1.1e
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -64,12 +64,11 @@ Patch49: openssl-1.1.1-evp-kdf.patch
Patch50: openssl-1.1.1-ssh-kdf.patch
Patch60: openssl-1.1.1-krb5-kdf.patch
Patch61: openssl-1.1.1-intel-cet.patch
+Patch65: openssl-1.1.1-fips-drbg-selftest.patch
# Backported fixes including security fixes
-Patch51: openssl-1.1.1-upstream-sync.patch
Patch52: openssl-1.1.1-s390x-update.patch
Patch53: openssl-1.1.1-fips-crng-test.patch
Patch54: openssl-1.1.1-regression-fixes.patch
-Patch55: openssl-1.1.1-aes-asm.patch
License: OpenSSL
URL: http://www.openssl.org/
@@ -167,13 +166,12 @@ cp %{SOURCE13} test/
%patch48 -p1 -b .fips-post-rand
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf
-%patch51 -p1 -b .upstream-sync
%patch52 -p1 -b .s390x-update
%patch53 -p1 -b .crng-test
%patch54 -p1 -b .regression
-%patch55 -p1 -b .aes-asm
%patch60 -p1 -b .krb5-kdf
%patch61 -p1 -b .intel-cet
+%patch65 -p1 -b .drbg-selftest
%build
@@ -460,6 +458,11 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
+* Wed Mar 18 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1e-1
+- update to the 1.1.1e release
+- add selftest of the RAND_DRBG implementation
+- fix incorrect error return value from FIPS_selftest_dsa
+
* Mon Feb 17 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-7
- apply Intel CET support patches by hjl (#1788699)
diff --git a/sources b/sources
index 787f150..323aa7a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-1.1.1d-hobbled.tar.xz) = c350e4669b82dcbc7fcc997726e376392e2ee0c92c37a952eb02369f05780a8d1b0c265f6264ce0e7619e44200d2d057e3fdcb0fe22c168dfb28e9381841fc00
+SHA512 (openssl-1.1.1e-hobbled.tar.xz) = b0b415b376e12d7a74eeb915315741a9d4d3cef953969edb632d4683ea088e607ebeba37c4be0c781ca839ec20c108166faf5e228d7642217f86f7ab1a3ef15a
reply other threads:[~2026-06-09 12:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100908033.1.449437681915410189.rpms-openssl-c11b71fd2fd6@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox