diff --git a/openssl-1.1.1-build.patch b/openssl-1.1.1-build.patch index d82530d4438631287d2fd0ad8714d27ee69ad085..c0ef62b786490e364cf7f213505d4e6c2d878f02 100644 --- a/openssl-1.1.1-build.patch +++ b/openssl-1.1.1-build.patch @@ -1,28 +1,7 @@ -#diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl -#--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200 -#+++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200 -#@@ -680,7 +680,7 @@ uninstall_runtime: -# install_man_docs: -# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) -# @$(ECHO) "*** Installing manpages" -#- $(PERL) $(SRCDIR)/util/process_docs.pl \ -#+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ -# --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) -# -# uninstall_man_docs: -#@@ -692,7 +692,7 @@ uninstall_man_docs: -# install_html_docs: -# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) -# @$(ECHO) "*** Installing HTML manpages" -#- $(PERL) $(SRCDIR)/util/process_docs.pl \ -#+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ -# --destdir=$(DESTDIR)$(HTMLDIR) --type=html -# -# uninstall_html_docs: -diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf ---- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200 -+++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200 -@@ -693,6 +693,7 @@ my %targets = ( +diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf +--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200 ++++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200 +@@ -678,6 +678,7 @@ my %targets = ( cxxflags => add("-m64"), lib_cppflags => add("-DL_ENDIAN"), perlasm_scheme => "linux64le", @@ -30,7 +9,7 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8 }, "linux-armv4" => { -@@ -733,6 +734,7 @@ my %targets = ( +@@ -718,6 +719,7 @@ my %targets = ( "linux-aarch64" => { inherit_from => [ "linux-generic64", asm("aarch64_asm") ], perlasm_scheme => "linux64", @@ -38,3 +17,24 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8 }, "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32", asm("aarch64_asm") ], +diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200 ++++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200 +@@ -823,7 +823,7 @@ uninstall_runtime_libs: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) + + uninstall_man_docs: +@@ -835,7 +835,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + "--destdir=$(DESTDIR)$(HTMLDIR)" --type=html + + uninstall_html_docs: diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index c17f6e837b9b53bcd3c07c67d39a6e3bdeacb20e..aa3d33d16d79d0b26531e55b8a744b1317df1f93 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,18 +1,18 @@ -diff -up openssl-1.1.1e/apps/pkcs12.c.fips openssl-1.1.1e/apps/pkcs12.c ---- openssl-1.1.1e/apps/pkcs12.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/apps/pkcs12.c 2020-03-17 17:30:52.020567497 +0100 -@@ -127,7 +127,7 @@ int pkcs12_main(int argc, char **argv) +diff -up openssl-1.1.1j/apps/pkcs12.c.fips openssl-1.1.1j/apps/pkcs12.c +--- openssl-1.1.1j/apps/pkcs12.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/apps/pkcs12.c 2021-03-03 12:57:42.194734484 +0100 +@@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv) int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; - # ifndef OPENSSL_NO_RC2 + #ifndef OPENSSL_NO_RC2 - int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC; - # else + #else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - # endif -diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c ---- openssl-1.1.1e/apps/speed.c.fips 2020-03-17 17:30:51.997567897 +0100 -+++ openssl-1.1.1e/apps/speed.c 2020-03-17 17:30:52.021567479 +0100 + #endif +diff -up openssl-1.1.1j/apps/speed.c.fips openssl-1.1.1j/apps/speed.c +--- openssl-1.1.1j/apps/speed.c.fips 2021-03-03 12:57:42.185734409 +0100 ++++ openssl-1.1.1j/apps/speed.c 2021-03-03 12:57:42.195734492 +0100 @@ -1593,7 +1593,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { @@ -163,10 +163,10 @@ diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure ---- openssl-1.1.1e/Configure.fips 2020-03-17 17:30:52.015567584 +0100 -+++ openssl-1.1.1e/Configure 2020-03-17 17:30:52.022567462 +0100 -@@ -319,7 +319,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.1j/Configure.fips openssl-1.1.1j/Configure +--- openssl-1.1.1j/Configure.fips 2021-03-03 12:57:42.192734467 +0100 ++++ openssl-1.1.1j/Configure 2021-03-03 12:57:42.195734492 +0100 +@@ -329,7 +329,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", @@ -175,9 +175,9 @@ diff -up openssl-1.1.1e/Configure.fips openssl-1.1.1e/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/cmac/cm_pmeth.c 2020-03-17 17:30:52.022567462 +0100 +diff -up openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1j/crypto/cmac/cm_pmeth.c +--- openssl-1.1.1j/crypto/cmac/cm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/cmac/cm_pmeth.c 2021-03-03 12:57:42.195734492 +0100 @@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD cmac_pkey_meth = { @@ -187,9 +187,9 @@ diff -up openssl-1.1.1e/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1e/crypto/cmac/c pkey_cmac_init, pkey_cmac_copy, pkey_cmac_cleanup, -diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err.c ---- openssl-1.1.1e/crypto/dh/dh_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_err.c 2020-03-17 17:30:52.022567462 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_err.c.fips openssl-1.1.1j/crypto/dh/dh_err.c +--- openssl-1.1.1j/crypto/dh/dh_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_err.c 2021-03-03 12:57:42.195734492 +0100 @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -215,9 +215,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_err.c.fips openssl-1.1.1e/crypto/dh/dh_err. {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen.c ---- openssl-1.1.1e/crypto/dh/dh_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_gen.c 2020-03-17 18:03:31.005320382 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips openssl-1.1.1j/crypto/dh/dh_gen.c +--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 12:57:42.195734492 +0100 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -261,9 +261,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_gen.c.fips openssl-1.1.1e/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key.c ---- openssl-1.1.1e/crypto/dh/dh_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_key.c 2020-03-17 18:03:52.706940641 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips openssl-1.1.1j/crypto/dh/dh_key.c +--- openssl-1.1.1j/crypto/dh/dh_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 13:02:45.963247596 +0100 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_local.h" @@ -274,22 +274,10 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -22,18 +25,32 @@ static int dh_finish(DH *dh); - - int DH_generate_key(DH *dh) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) -+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { -+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); -+ return 0; -+ } -+#endif - return dh->meth->generate_key(dh); - } +@@ -34,6 +37,13 @@ int DH_compute_key(unsigned char *key, c + int ret = 0, i; + volatile size_t npad = 0, mask = 1; - int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { @@ -297,18 +285,10 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. + return 0; + } +#endif - return dh->meth->compute_key(key, pub_key, dh); - } - - int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - int rv, pad; -- rv = dh->meth->compute_key(key, pub_key, dh); -+ rv = DH_compute_key(key, pub_key, dh); - if (rv <= 0) - return rv; - pad = BN_num_bytes(dh->p) - rv; -@@ -82,6 +99,14 @@ static int generate_key(DH *dh) + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; +@@ -109,6 +119,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -323,7 +303,7 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); return 0; -@@ -179,6 +204,13 @@ static int compute_key(unsigned char *ke +@@ -206,6 +224,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -337,7 +317,7 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -228,6 +260,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -255,6 +280,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -347,9 +327,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_key.c.fips openssl-1.1.1e/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pmeth.c ---- openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dh/dh_pmeth.c 2020-03-17 17:30:52.023567444 +0100 +diff -up openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips openssl-1.1.1j/crypto/dh/dh_pmeth.c +--- openssl-1.1.1j/crypto/dh/dh_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dh/dh_pmeth.c 2021-03-03 12:57:42.196734500 +0100 @@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * const EVP_PKEY_METHOD dh_pkey_meth = { @@ -368,9 +348,9 @@ diff -up openssl-1.1.1e/crypto/dh/dh_pmeth.c.fips openssl-1.1.1e/crypto/dh/dh_pm pkey_dh_init, pkey_dh_copy, pkey_dh_cleanup, -diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_err.c ---- openssl-1.1.1e/crypto/dsa/dsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_err.c 2020-03-17 17:30:52.023567444 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_err.c.fips openssl-1.1.1j/crypto/dsa/dsa_err.c +--- openssl-1.1.1j/crypto/dsa/dsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_err.c 2021-03-03 12:57:42.196734500 +0100 @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -402,9 +382,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_err.c.fips openssl-1.1.1e/crypto/dsa/dsa_ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_gen.c ---- openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_gen.c 2020-03-17 18:02:14.626656877 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips openssl-1.1.1j/crypto/dsa/dsa_gen.c +--- openssl-1.1.1j/crypto/dsa/dsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_gen.c 2021-03-03 12:57:42.196734500 +0100 @@ -22,12 +22,22 @@ #include #include @@ -566,9 +546,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_gen.c.fips openssl-1.1.1e/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_key.c ---- openssl-1.1.1e/crypto/dsa/dsa_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_key.c 2020-03-17 18:02:51.103018604 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_key.c.fips openssl-1.1.1j/crypto/dsa/dsa_key.c +--- openssl-1.1.1j/crypto/dsa/dsa_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_key.c 2021-03-03 12:57:42.196734500 +0100 @@ -13,10 +13,49 @@ #include #include "dsa_local.h" @@ -648,9 +628,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_key.c.fips openssl-1.1.1e/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_ossl.c 2020-03-19 17:11:22.037994064 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1j/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1j/crypto/dsa/dsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -14,6 +14,9 @@ #include #include "dsa_local.h" @@ -710,9 +690,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1e/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/dsa/dsa_pmeth.c 2020-03-17 17:30:52.025567409 +0100 +diff -up openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1j/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1j/crypto/dsa/dsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/dsa/dsa_pmeth.c 2021-03-03 12:57:42.196734500 +0100 @@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; @@ -733,9 +713,9 @@ diff -up openssl-1.1.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1e/crypto/dsa/ds pkey_dsa_init, pkey_dsa_copy, pkey_dsa_cleanup, -diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips 2020-03-17 17:30:52.025567409 +0100 -+++ openssl-1.1.1e/crypto/ec/ecdh_ossl.c 2020-03-17 18:01:24.704530440 +0100 +diff -up openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1j/crypto/ec/ecdh_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ecdh_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -19,9 +19,20 @@ #include #include "ec_local.h" @@ -757,9 +737,9 @@ diff -up openssl-1.1.1e/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-17 18:01:41.642234061 +0100 +diff -up openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1j/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1j/crypto/ec/ecdsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ecdsa_ossl.c 2021-03-03 12:57:42.196734500 +0100 @@ -14,6 +14,10 @@ #include "crypto/bn.h" #include "ec_local.h" @@ -799,10 +779,10 @@ diff -up openssl-1.1.1e/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1e/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key.c ---- openssl-1.1.1e/crypto/ec/ec_key.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ec_key.c 2020-03-17 17:30:52.026567392 +0100 -@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY +diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips openssl-1.1.1j/crypto/ec/ec_key.c +--- openssl-1.1.1j/crypto/ec/ec_key.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 12:57:42.196734500 +0100 +@@ -179,14 +179,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -867,9 +847,9 @@ diff -up openssl-1.1.1e/crypto/ec/ec_key.c.fips openssl-1.1.1e/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pmeth.c ---- openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/ec/ec_pmeth.c 2020-03-17 17:30:52.026567392 +0100 +diff -up openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips openssl-1.1.1j/crypto/ec/ec_pmeth.c +--- openssl-1.1.1j/crypto/ec/ec_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/ec/ec_pmeth.c 2021-03-03 12:57:42.197734509 +0100 @@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * const EVP_PKEY_METHOD ec_pkey_meth = { @@ -879,131 +859,9 @@ diff -up openssl-1.1.1e/crypto/ec/ec_pmeth.c.fips openssl-1.1.1e/crypto/ec/ec_pm pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, -diff -up openssl-1.1.1e/crypto/evp/c_allc.c.fips openssl-1.1.1e/crypto/evp/c_allc.c ---- openssl-1.1.1e/crypto/evp/c_allc.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/c_allc.c 2020-03-17 17:30:52.027567375 +0100 -@@ -17,6 +17,9 @@ - void openssl_add_all_ciphers_int(void) - { - -+#ifdef OPENSSL_FIPS -+ if (!FIPS_mode()) { -+#endif - #ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_cfb1()); -@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void) - EVP_add_cipher(EVP_chacha20_poly1305()); - # endif - #endif -+#ifdef OPENSSL_FIPS -+ } else { -+# ifndef OPENSSL_NO_DES -+ EVP_add_cipher(EVP_des_ede3_cfb()); -+ -+ EVP_add_cipher(EVP_des_ede3_ofb()); -+ -+ EVP_add_cipher(EVP_des_ede3_cbc()); -+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); -+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); -+ -+ EVP_add_cipher(EVP_des_ede3()); -+ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); -+ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); -+ EVP_add_cipher(EVP_des_ede3_wrap()); -+ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); -+# endif -+ -+# ifndef OPENSSL_NO_AES -+ EVP_add_cipher(EVP_aes_128_ecb()); -+ EVP_add_cipher(EVP_aes_128_cbc()); -+ EVP_add_cipher(EVP_aes_128_cfb()); -+ EVP_add_cipher(EVP_aes_128_cfb1()); -+ EVP_add_cipher(EVP_aes_128_cfb8()); -+ EVP_add_cipher(EVP_aes_128_ofb()); -+ EVP_add_cipher(EVP_aes_128_ctr()); -+ EVP_add_cipher(EVP_aes_128_gcm()); -+ EVP_add_cipher(EVP_aes_128_xts()); -+ EVP_add_cipher(EVP_aes_128_ccm()); -+ EVP_add_cipher(EVP_aes_128_wrap()); -+ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); -+ EVP_add_cipher(EVP_aes_128_wrap_pad()); -+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); -+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); -+ EVP_add_cipher(EVP_aes_192_ecb()); -+ EVP_add_cipher(EVP_aes_192_cbc()); -+ EVP_add_cipher(EVP_aes_192_cfb()); -+ EVP_add_cipher(EVP_aes_192_cfb1()); -+ EVP_add_cipher(EVP_aes_192_cfb8()); -+ EVP_add_cipher(EVP_aes_192_ofb()); -+ EVP_add_cipher(EVP_aes_192_ctr()); -+ EVP_add_cipher(EVP_aes_192_gcm()); -+ EVP_add_cipher(EVP_aes_192_ccm()); -+ EVP_add_cipher(EVP_aes_192_wrap()); -+ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); -+ EVP_add_cipher(EVP_aes_192_wrap_pad()); -+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); -+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); -+ EVP_add_cipher(EVP_aes_256_ecb()); -+ EVP_add_cipher(EVP_aes_256_cbc()); -+ EVP_add_cipher(EVP_aes_256_cfb()); -+ EVP_add_cipher(EVP_aes_256_cfb1()); -+ EVP_add_cipher(EVP_aes_256_cfb8()); -+ EVP_add_cipher(EVP_aes_256_ofb()); -+ EVP_add_cipher(EVP_aes_256_ctr()); -+ EVP_add_cipher(EVP_aes_256_gcm()); -+ EVP_add_cipher(EVP_aes_256_xts()); -+ EVP_add_cipher(EVP_aes_256_ccm()); -+ EVP_add_cipher(EVP_aes_256_wrap()); -+ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); -+ EVP_add_cipher(EVP_aes_256_wrap_pad()); -+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); -+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -+# endif -+ } -+#endif - } -diff -up openssl-1.1.1e/crypto/evp/c_alld.c.fips openssl-1.1.1e/crypto/evp/c_alld.c ---- openssl-1.1.1e/crypto/evp/c_alld.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/c_alld.c 2020-03-17 17:30:52.027567375 +0100 -@@ -16,6 +16,9 @@ - - void openssl_add_all_digests_int(void) - { -+#ifdef OPENSSL_FIPS -+ if (!FIPS_mode()) { -+#endif - #ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); - #endif -@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void) - EVP_add_digest(EVP_sha3_512()); - EVP_add_digest(EVP_shake128()); - EVP_add_digest(EVP_shake256()); -+#ifdef OPENSSL_FIPS -+ } else { -+ EVP_add_digest(EVP_md5_sha1()); -+ EVP_add_digest(EVP_sha1()); -+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); -+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); -+ EVP_add_digest(EVP_sha512_224()); -+ EVP_add_digest(EVP_sha512_256()); -+ EVP_add_digest(EVP_sha3_224()); -+ EVP_add_digest(EVP_sha3_256()); -+ EVP_add_digest(EVP_sha3_384()); -+ EVP_add_digest(EVP_sha3_512()); -+ EVP_add_digest(EVP_shake128()); -+ EVP_add_digest(EVP_shake256()); -+ } -+#endif - } -diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/digest.c ---- openssl-1.1.1e/crypto/evp/digest.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/digest.c 2020-03-17 17:38:57.528093469 +0100 +diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/digest.c +--- openssl-1.1.1j/crypto/evp/digest.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/digest.c 2021-03-03 12:57:42.197734509 +0100 @@ -14,6 +14,9 @@ #include #include "crypto/evp.h" @@ -1064,9 +922,9 @@ diff -up openssl-1.1.1e/crypto/evp/digest.c.fips openssl-1.1.1e/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes.c ---- openssl-1.1.1e/crypto/evp/e_aes.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_aes.c 2020-03-17 17:30:52.028567357 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_aes.c.fips openssl-1.1.1j/crypto/evp/e_aes.c +--- openssl-1.1.1j/crypto/evp/e_aes.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_aes.c 2021-03-03 12:57:42.197734509 +0100 @@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER * This addresses Rogaway's vulnerability. * See comment in aes_xts_init_key() below. @@ -1189,9 +1047,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_aes.c.fips openssl-1.1.1e/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des3.c ---- openssl-1.1.1e/crypto/evp/e_des3.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_des3.c 2020-03-17 17:30:52.029567340 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_des3.c.fips openssl-1.1.1j/crypto/evp/e_des3.c +--- openssl-1.1.1j/crypto/evp/e_des3.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_des3.c 2021-03-03 12:57:42.197734509 +0100 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1218,9 +1076,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_des3.c.fips openssl-1.1.1e/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_null.c ---- openssl-1.1.1e/crypto/evp/e_null.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/e_null.c 2020-03-17 17:30:52.029567340 +0100 +diff -up openssl-1.1.1j/crypto/evp/e_null.c.fips openssl-1.1.1j/crypto/evp/e_null.c +--- openssl-1.1.1j/crypto/evp/e_null.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/e_null.c 2021-03-03 12:57:42.197734509 +0100 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1231,10 +1089,10 @@ diff -up openssl-1.1.1e/crypto/evp/e_null.c.fips openssl-1.1.1e/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_enc.c ---- openssl-1.1.1e/crypto/evp/evp_enc.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_enc.c 2020-03-17 17:39:52.663129373 +0100 -@@ -17,9 +17,18 @@ +diff -up openssl-1.1.1j/crypto/evp/evp_enc.c.fips openssl-1.1.1j/crypto/evp/evp_enc.c +--- openssl-1.1.1j/crypto/evp/evp_enc.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_enc.c 2021-03-03 12:57:42.197734509 +0100 +@@ -18,9 +18,18 @@ #include #include "crypto/evp.h" #include "evp_local.h" @@ -1253,7 +1111,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (c == NULL) return 1; if (c->cipher != NULL) { -@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX +@@ -40,6 +49,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -1266,7 +1124,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -68,6 +83,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1279,7 +1137,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -137,7 +158,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1288,7 +1146,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; -@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -196,6 +217,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1307,9 +1165,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_enc.c.fips openssl-1.1.1e/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_err.c ---- openssl-1.1.1e/crypto/evp/evp_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_err.c.fips openssl-1.1.1j/crypto/evp/evp_err.c +--- openssl-1.1.1j/crypto/evp/evp_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 12:57:42.198734517 +0100 @@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), "aes_t4_xts_init_key"}, @@ -1326,7 +1184,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -249,6 +251,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -251,6 +253,7 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1334,7 +1192,7 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -274,6 +277,8 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -276,6 +279,8 @@ static const ERR_STRING_DATA EVP_str_rea "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, @@ -1343,9 +1201,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.fips openssl-1.1.1e/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), "xts duplicated keys"}, {0, NULL} -diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_lib.c ---- openssl-1.1.1e/crypto/evp/evp_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/evp_lib.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/evp_lib.c.fips openssl-1.1.1j/crypto/evp/evp_lib.c +--- openssl-1.1.1j/crypto/evp/evp_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/evp_lib.c 2021-03-03 12:57:42.198734517 +0100 @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1356,9 +1214,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_lib.c.fips openssl-1.1.1e/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha1.c ---- openssl-1.1.1e/crypto/evp/m_sha1.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/m_sha1.c 2020-03-17 17:30:52.030567322 +0100 +diff -up openssl-1.1.1j/crypto/evp/m_sha1.c.fips openssl-1.1.1j/crypto/evp/m_sha1.c +--- openssl-1.1.1j/crypto/evp/m_sha1.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/m_sha1.c 2021-03-03 12:57:42.198734517 +0100 @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1422,9 +1280,9 @@ diff -up openssl-1.1.1e/crypto/evp/m_sha1.c.fips openssl-1.1.1e/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha3.c ---- openssl-1.1.1e/crypto/evp/m_sha3.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/m_sha3.c 2020-03-17 17:30:52.031567305 +0100 +diff -up openssl-1.1.1j/crypto/evp/m_sha3.c.fips openssl-1.1.1j/crypto/evp/m_sha3.c +--- openssl-1.1.1j/crypto/evp/m_sha3.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/m_sha3.c 2021-03-03 12:57:42.198734517 +0100 @@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ @@ -1479,9 +1337,9 @@ diff -up openssl-1.1.1e/crypto/evp/m_sha3.c.fips openssl-1.1.1e/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pmeth_lib.c ---- openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/evp/pmeth_lib.c 2020-03-17 17:30:52.031567305 +0100 +diff -up openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips openssl-1.1.1j/crypto/evp/pmeth_lib.c +--- openssl-1.1.1j/crypto/evp/pmeth_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/evp/pmeth_lib.c 2021-03-03 12:57:42.198734517 +0100 @@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE pmeth = ENGINE_get_pkey_meth(e, id); else @@ -1498,9 +1356,9 @@ diff -up openssl-1.1.1e/crypto/evp/pmeth_lib.c.fips openssl-1.1.1e/crypto/evp/pm if (pmeth == NULL) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/build.info ---- openssl-1.1.1e/crypto/fips/build.info.fips 2020-03-17 17:30:52.032567287 +0100 -+++ openssl-1.1.1e/crypto/fips/build.info 2020-03-17 17:30:52.032567287 +0100 +diff -up openssl-1.1.1j/crypto/fips/build.info.fips openssl-1.1.1j/crypto/fips/build.info +--- openssl-1.1.1j/crypto/fips/build.info.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/build.info 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1517,9 +1375,9 @@ diff -up openssl-1.1.1e/crypto/fips/build.info.fips openssl-1.1.1e/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips 2020-03-17 17:30:52.033567270 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_aes_selftest.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_aes_selftest.c.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_aes_selftest.c 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1893,9 +1751,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips.c ---- openssl-1.1.1e/crypto/fips/fips.c.fips 2020-03-17 17:30:52.033567270 +0100 -+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips.c.fips openssl-1.1.1j/crypto/fips/fips.c +--- openssl-1.1.1j/crypto/fips/fips.c.fips 2021-03-03 12:57:42.198734517 +0100 ++++ openssl-1.1.1j/crypto/fips/fips.c 2021-03-03 12:57:42.198734517 +0100 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2303,7 +2161,7 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips. + rv = 0; + + /* Installed == true */ -+ return !rv; ++ return !rv || FIPS_module_mode(); +} + +int FIPS_module_mode_set(int onoff) @@ -2423,9 +2281,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips openssl-1.1.1e/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c 2020-03-17 17:30:52.033567270 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_cmac_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2583,9 +2441,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1e/cry + return rv; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips 2020-03-17 17:30:52.034567253 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_des_selftest.c 2020-03-17 17:30:52.034567253 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_des_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_des_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2720,9 +2578,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1e/cryp + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips 2020-03-17 17:30:52.038567183 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_dh_selftest.c 2020-03-17 17:30:52.038567183 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_dh_selftest.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_dh_selftest.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2904,9 +2762,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1e/crypt + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips 2020-03-17 17:30:52.040567148 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c 2020-03-17 17:30:52.039567165 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_ctr.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3314,9 +3172,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1e/crypto/f + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips 2020-03-17 17:30:52.041567130 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_hash.c 2020-03-17 17:30:52.040567148 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_hash.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hash.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3672,9 +3530,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1e/crypto/ + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips 2020-03-17 17:30:52.042567113 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c 2020-03-17 17:30:52.042567113 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_hmac.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3938,9 +3796,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1e/crypto/ + + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips 2020-03-17 17:30:52.043567095 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_lib.c 2020-03-17 17:30:52.043567095 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_lib.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_lib.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4470,9 +4328,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1e/crypto/f +{ + /* Just backwards compatibility API call with no effect. */ +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips 2020-03-17 17:30:52.044567078 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_rand.c 2020-03-17 17:30:52.044567078 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_rand.c.fips 2021-03-03 12:57:42.199734525 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_rand.c 2021-03-03 12:57:42.199734525 +0100 @@ -0,0 +1,185 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4659,9 +4517,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1e/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips 2020-03-17 17:30:52.044567078 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-17 17:30:52.044567078 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5491,9 +5349,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1e/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips 2020-03-17 17:30:52.045567061 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h 2020-03-17 17:30:52.045567061 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_drbg_selftest.h 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7286,9 +7144,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1e/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_dsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7485,9 +7343,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1e/cryp + return ret; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ecdh_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7731,9 +7589,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1e/cry +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips 2020-03-17 17:30:52.046567043 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c 2020-03-17 17:30:52.046567043 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c.fips 2021-03-03 12:57:42.200734534 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ecdsa_selftest.c 2021-03-03 12:57:42.200734534 +0100 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7901,9 +7759,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1e/cr +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/fips_err.h ---- openssl-1.1.1e/crypto/fips/fips_err.h.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_err.h 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_err.h.fips openssl-1.1.1j/crypto/fips/fips_err.h +--- openssl-1.1.1j/crypto/fips/fips_err.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_err.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,197 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8102,9 +7960,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_err.h.fips openssl-1.1.1e/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/fips_ers.c ---- openssl-1.1.1e/crypto/fips/fips_ers.c.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_ers.c 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_ers.c.fips openssl-1.1.1j/crypto/fips/fips_ers.c +--- openssl-1.1.1j/crypto/fips/fips_ers.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_ers.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,7 @@ +#include + @@ -8113,9 +7971,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_ers.c.fips openssl-1.1.1e/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips 2020-03-17 17:30:52.047567026 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c 2020-03-17 17:30:52.047567026 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_hmac_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8251,9 +8109,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1e/cry + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/fips_locl.h ---- openssl-1.1.1e/crypto/fips/fips_locl.h.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_locl.h 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_locl.h.fips openssl-1.1.1j/crypto/fips/fips_locl.h +--- openssl-1.1.1j/crypto/fips/fips_locl.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_locl.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8326,9 +8184,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_locl.h.fips openssl-1.1.1e/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/fips_post.c ---- openssl-1.1.1e/crypto/fips/fips_post.c.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_post.c.fips openssl-1.1.1j/crypto/fips/fips_post.c +--- openssl-1.1.1j/crypto/fips/fips_post.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_post.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,224 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8554,9 +8412,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_post.c.fips openssl-1.1.1e/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips 2020-03-17 17:30:52.048567008 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rand_lcl.h 2020-03-17 17:30:52.048567008 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1j/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1j/crypto/fips/fips_rand_lcl.h.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rand_lcl.h 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8761,9 +8619,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1e/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips 2020-03-17 17:30:52.049566991 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rand_lib.c 2020-03-17 17:30:52.049566991 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1j/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1j/crypto/fips/fips_rand_lib.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rand_lib.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8999,9 +8857,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1e/crypto/f +# endif +} + -diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips 2020-03-17 17:30:52.049566991 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c 2020-03-17 17:30:52.049566991 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_rsa_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9341,9 +9199,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_sha_selftest.c 2020-03-17 17:30:52.050566973 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1j/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1j/crypto/fips/fips_sha_selftest.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_sha_selftest.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,223 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9568,9 +9426,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1e/cryp +} + +#endif -diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c 2020-03-17 17:30:52.050566973 +0100 +diff -up openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c.fips 2021-03-03 12:57:42.201734542 +0100 ++++ openssl-1.1.1j/crypto/fips/fips_standalone_hmac.c 2021-03-03 12:57:42.201734542 +0100 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9699,9 +9557,9 @@ diff -up openssl-1.1.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1e/c +#endif + return 0; +} -diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac.c ---- openssl-1.1.1e/crypto/hmac/hmac.c.fips 2020-03-17 17:30:52.050566973 +0100 -+++ openssl-1.1.1e/crypto/hmac/hmac.c 2020-03-17 17:38:16.969802663 +0100 +diff -up openssl-1.1.1j/crypto/hmac/hmac.c.fips openssl-1.1.1j/crypto/hmac/hmac.c +--- openssl-1.1.1j/crypto/hmac/hmac.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/hmac/hmac.c 2021-03-03 12:57:42.202734550 +0100 @@ -44,6 +44,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo return 0; @@ -9716,9 +9574,9 @@ diff -up openssl-1.1.1e/crypto/hmac/hmac.c.fips openssl-1.1.1e/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); -diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/hmac/hm_pmeth.c 2020-03-17 17:30:52.051566956 +0100 +diff -up openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1j/crypto/hmac/hm_pmeth.c +--- openssl-1.1.1j/crypto/hmac/hm_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/hmac/hm_pmeth.c 2021-03-03 12:57:42.202734550 +0100 @@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD hmac_pkey_meth = { @@ -9728,111 +9586,9 @@ diff -up openssl-1.1.1e/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1e/crypto/hmac/h pkey_hmac_init, pkey_hmac_copy, pkey_hmac_cleanup, -diff -up openssl-1.1.1e/include/crypto/fips.h.fips openssl-1.1.1e/include/crypto/fips.h ---- openssl-1.1.1e/include/crypto/fips.h.fips 2020-03-17 17:30:52.051566956 +0100 -+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 17:30:52.051566956 +0100 -@@ -0,0 +1,98 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+# error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+int FIPS_module_mode_set(int onoff); -+int FIPS_module_mode(void); -+int FIPS_module_installed(void); -+int FIPS_selftest_sha1(void); -+int FIPS_selftest_sha2(void); -+int FIPS_selftest_sha3(void); -+int FIPS_selftest_aes_ccm(void); -+int FIPS_selftest_aes_gcm(void); -+int FIPS_selftest_aes_xts(void); -+int FIPS_selftest_aes(void); -+int FIPS_selftest_des(void); -+int FIPS_selftest_rsa(void); -+int FIPS_selftest_dsa(void); -+int FIPS_selftest_ecdsa(void); -+int FIPS_selftest_ecdh(void); -+int FIPS_selftest_dh(void); -+void FIPS_drbg_stick(int onoff); -+int FIPS_selftest_hmac(void); -+int FIPS_selftest_drbg(void); -+int FIPS_selftest_cmac(void); -+ -+int fips_pkey_signature_test(EVP_PKEY *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, -+ unsigned int katlen, -+ const EVP_MD *digest, -+ unsigned int md_flags, const char *fail_str); -+ -+int fips_cipher_test(EVP_CIPHER_CTX *ctx, -+ const EVP_CIPHER *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, int len); -+ -+void fips_set_selftest_fail(void); -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); -+ -+#endif -diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c ---- openssl-1.1.1e/crypto/o_fips.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/o_fips.c 2020-03-17 17:30:52.052566939 +0100 +diff -up openssl-1.1.1j/crypto/o_fips.c.fips openssl-1.1.1j/crypto/o_fips.c +--- openssl-1.1.1j/crypto/o_fips.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/o_fips.c 2021-03-03 12:57:42.202734550 +0100 @@ -8,17 +8,28 @@ */ @@ -9862,10 +9618,10 @@ diff -up openssl-1.1.1e/crypto/o_fips.c.fips openssl-1.1.1e/crypto/o_fips.c return 0; +#endif } -diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c ---- openssl-1.1.1e/crypto/o_init.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/o_init.c 2020-03-17 17:30:52.052566939 +0100 -@@ -7,8 +7,68 @@ +diff -up openssl-1.1.1j/crypto/o_init.c.fips openssl-1.1.1j/crypto/o_init.c +--- openssl-1.1.1j/crypto/o_init.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/o_init.c 2021-03-03 12:57:42.202734550 +0100 +@@ -7,8 +7,69 @@ * https://www.openssl.org/source/license.html */ @@ -9891,16 +9647,20 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c + char buf[2] = "0"; + int fd; + -+ /* Ensure the selftests always run */ -+ /* XXX: TO SOLVE - premature initialization due to selftests */ -+ FIPS_mode_set(1); -+ + if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { + buf[0] = '1'; + } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; + close(fd); + } ++ ++ if (buf[0] != '1' && !FIPS_module_installed()) ++ return; ++ ++ /* Ensure the selftests always run */ ++ /* XXX: TO SOLVE - premature initialization due to selftests */ ++ FIPS_mode_set(1); ++ + /* Failure reading the fips mode switch file means just not + * switching into FIPS mode. We would break too many things + * otherwise.. @@ -9925,18 +9685,15 @@ diff -up openssl-1.1.1e/crypto/o_init.c.fips openssl-1.1.1e/crypto/o_init.c + if (done) + return; + done = 1; -+ if (!FIPS_module_installed()) { -+ return; -+ } + init_fips_mode(); +} +#endif /* * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/rand_lib.c ---- openssl-1.1.1e/crypto/rand/rand_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rand/rand_lib.c 2020-03-17 17:35:56.471259207 +0100 +diff -up openssl-1.1.1j/crypto/rand/rand_lib.c.fips openssl-1.1.1j/crypto/rand/rand_lib.c +--- openssl-1.1.1j/crypto/rand/rand_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rand/rand_lib.c 2021-03-03 12:57:42.202734550 +0100 @@ -16,6 +16,10 @@ #include "internal/thread_once.h" #include "rand_local.h" @@ -9948,7 +9705,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/r #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -961,3 +965,15 @@ int RAND_status(void) +@@ -959,3 +963,15 @@ int RAND_status(void) return meth->status(); return 0; } @@ -9964,9 +9721,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_lib.c.fips openssl-1.1.1e/crypto/rand/r + return 1; +} +#endif -diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_crpt.c 2020-03-17 17:30:52.055566886 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1j/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1j/crypto/rsa/rsa_crpt.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_crpt.c 2021-03-03 12:57:42.202734550 +0100 @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10020,9 +9777,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1e/crypto/rsa/rsa return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_err.c ---- openssl-1.1.1e/crypto/rsa/rsa_err.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_err.c 2020-03-17 17:30:52.055566886 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_err.c.fips openssl-1.1.1j/crypto/rsa/rsa_err.c +--- openssl-1.1.1j/crypto/rsa/rsa_err.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_err.c 2021-03-03 12:57:42.202734550 +0100 @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -10091,9 +9848,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_err.c.fips openssl-1.1.1e/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_gen.c ---- openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_gen.c 2020-03-17 17:33:55.560367363 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips openssl-1.1.1j/crypto/rsa/rsa_gen.c +--- openssl-1.1.1j/crypto/rsa/rsa_gen.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_gen.c 2021-03-03 12:57:42.202734550 +0100 @@ -18,6 +18,76 @@ #include "internal/cryptlib.h" #include @@ -10486,9 +10243,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_gen.c.fips openssl-1.1.1e/crypto/rsa/rsa_ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_lib.c ---- openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_lib.c 2020-03-17 17:30:52.056566869 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips openssl-1.1.1j/crypto/rsa/rsa_lib.c +--- openssl-1.1.1j/crypto/rsa/rsa_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_lib.c 2021-03-03 12:57:42.203734558 +0100 @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10531,9 +10288,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_lib.c.fips openssl-1.1.1e/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_ossl.c 2020-03-17 17:34:32.289726964 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1j/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1j/crypto/rsa/rsa_ossl.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_ossl.c 2021-03-03 12:57:42.203734558 +0100 @@ -12,6 +12,10 @@ #include "rsa_local.h" #include "internal/constant_time.h" @@ -10650,9 +10407,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1e/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_pmeth.c 2020-03-17 17:30:52.056566869 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1j/crypto/rsa/rsa_pmeth.c +--- openssl-1.1.1j/crypto/rsa/rsa_pmeth.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_pmeth.c 2021-03-03 12:57:42.203734558 +0100 @@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD rsa_pkey_meth = { @@ -10671,9 +10428,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1e/crypto/rsa/rs pkey_rsa_init, pkey_rsa_copy, pkey_rsa_cleanup, -diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa_sign.c ---- openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/rsa/rsa_sign.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips openssl-1.1.1j/crypto/rsa/rsa_sign.c +--- openssl-1.1.1j/crypto/rsa/rsa_sign.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/rsa/rsa_sign.c 2021-03-03 12:57:42.203734558 +0100 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10700,9 +10457,9 @@ diff -up openssl-1.1.1e/crypto/rsa/rsa_sign.c.fips openssl-1.1.1e/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha256.c ---- openssl-1.1.1e/crypto/sha/sha256.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/sha/sha256.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha256.c.fips openssl-1.1.1j/crypto/sha/sha256.c +--- openssl-1.1.1j/crypto/sha/sha256.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/sha/sha256.c 2021-03-03 12:57:42.203734558 +0100 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10723,9 +10480,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha256.c.fips openssl-1.1.1e/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha512.c ---- openssl-1.1.1e/crypto/sha/sha512.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/crypto/sha/sha512.c 2020-03-17 17:30:52.057566851 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha512.c.fips openssl-1.1.1j/crypto/sha/sha512.c +--- openssl-1.1.1j/crypto/sha/sha512.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/crypto/sha/sha512.c 2021-03-03 12:57:42.203734558 +0100 @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10746,9 +10503,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha512.c.fips openssl-1.1.1e/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sha_local.h ---- openssl-1.1.1e/crypto/sha/sha_local.h.fips 2020-03-17 17:30:51.766571925 +0100 -+++ openssl-1.1.1e/crypto/sha/sha_local.h 2020-03-17 17:31:00.996410998 +0100 +diff -up openssl-1.1.1j/crypto/sha/sha_local.h.fips openssl-1.1.1j/crypto/sha/sha_local.h +--- openssl-1.1.1j/crypto/sha/sha_local.h.fips 2021-03-03 12:57:41.941732391 +0100 ++++ openssl-1.1.1j/crypto/sha/sha_local.h 2021-03-03 12:57:42.203734558 +0100 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -10759,9 +10516,9 @@ diff -up openssl-1.1.1e/crypto/sha/sha_local.h.fips openssl-1.1.1e/crypto/sha/sh memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod 2020-03-17 17:31:00.996410998 +0100 +diff -up openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/doc/man3/DSA_generate_parameters.pod 2021-03-03 12:57:42.203734558 +0100 @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10775,9 +10532,111 @@ diff -up openssl-1.1.1e/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1e DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/openssl/crypto.h ---- openssl-1.1.1e/include/openssl/crypto.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/crypto.h 2020-03-17 17:31:00.997410980 +0100 +diff -up openssl-1.1.1j/include/crypto/fips.h.fips openssl-1.1.1j/include/crypto/fips.h +--- openssl-1.1.1j/include/crypto/fips.h.fips 2021-03-03 12:57:42.202734550 +0100 ++++ openssl-1.1.1j/include/crypto/fips.h 2021-03-03 12:57:42.202734550 +0100 +@@ -0,0 +1,98 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++int FIPS_module_mode_set(int onoff); ++int FIPS_module_mode(void); ++int FIPS_module_installed(void); ++int FIPS_selftest_sha1(void); ++int FIPS_selftest_sha2(void); ++int FIPS_selftest_sha3(void); ++int FIPS_selftest_aes_ccm(void); ++int FIPS_selftest_aes_gcm(void); ++int FIPS_selftest_aes_xts(void); ++int FIPS_selftest_aes(void); ++int FIPS_selftest_des(void); ++int FIPS_selftest_rsa(void); ++int FIPS_selftest_dsa(void); ++int FIPS_selftest_ecdsa(void); ++int FIPS_selftest_ecdh(void); ++int FIPS_selftest_dh(void); ++void FIPS_drbg_stick(int onoff); ++int FIPS_selftest_hmac(void); ++int FIPS_selftest_drbg(void); ++int FIPS_selftest_cmac(void); ++ ++int fips_pkey_signature_test(EVP_PKEY *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, ++ unsigned int katlen, ++ const EVP_MD *digest, ++ unsigned int md_flags, const char *fail_str); ++ ++int fips_cipher_test(EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, int len); ++ ++void fips_set_selftest_fail(void); ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); ++ ++#endif +diff -up openssl-1.1.1j/include/openssl/crypto.h.fips openssl-1.1.1j/include/openssl/crypto.h +--- openssl-1.1.1j/include/openssl/crypto.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/crypto.h 2021-03-03 12:57:42.204734567 +0100 @@ -331,6 +331,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10790,9 +10649,9 @@ diff -up openssl-1.1.1e/include/openssl/crypto.h.fips openssl-1.1.1e/include/ope void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/openssl/dherr.h ---- openssl-1.1.1e/include/openssl/dherr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dherr.h 2020-03-17 17:31:00.998410963 +0100 +diff -up openssl-1.1.1j/include/openssl/dherr.h.fips openssl-1.1.1j/include/openssl/dherr.h +--- openssl-1.1.1j/include/openssl/dherr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dherr.h 2021-03-03 12:57:42.204734567 +0100 @@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 @@ -10818,9 +10677,9 @@ diff -up openssl-1.1.1e/include/openssl/dherr.h.fips openssl-1.1.1e/include/open # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl/dh.h ---- openssl-1.1.1e/include/openssl/dh.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dh.h 2020-03-17 17:31:00.998410963 +0100 +diff -up openssl-1.1.1j/include/openssl/dh.h.fips openssl-1.1.1j/include/openssl/dh.h +--- openssl-1.1.1j/include/openssl/dh.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dh.h 2021-03-03 12:57:42.204734567 +0100 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10829,9 +10688,9 @@ diff -up openssl-1.1.1e/include/openssl/dh.h.fips openssl-1.1.1e/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/openssl/dsaerr.h ---- openssl-1.1.1e/include/openssl/dsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dsaerr.h 2020-03-17 17:31:00.999410945 +0100 +diff -up openssl-1.1.1j/include/openssl/dsaerr.h.fips openssl-1.1.1j/include/openssl/dsaerr.h +--- openssl-1.1.1j/include/openssl/dsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dsaerr.h 2021-03-03 12:57:42.204734567 +0100 @@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 @@ -10858,9 +10717,9 @@ diff -up openssl-1.1.1e/include/openssl/dsaerr.h.fips openssl-1.1.1e/include/ope # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openssl/dsa.h ---- openssl-1.1.1e/include/openssl/dsa.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/dsa.h 2020-03-17 17:31:01.000410928 +0100 +diff -up openssl-1.1.1j/include/openssl/dsa.h.fips openssl-1.1.1j/include/openssl/dsa.h +--- openssl-1.1.1j/include/openssl/dsa.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/dsa.h 2021-03-03 12:57:42.204734567 +0100 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -10869,10 +10728,10 @@ diff -up openssl-1.1.1e/include/openssl/dsa.h.fips openssl-1.1.1e/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/openssl/evperr.h ---- openssl-1.1.1e/include/openssl/evperr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-17 17:31:01.000410928 +0100 -@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1j/include/openssl/evperr.h.fips openssl-1.1.1j/include/openssl/evperr.h +--- openssl-1.1.1j/include/openssl/evperr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 12:57:42.204734567 +0100 +@@ -22,14 +22,15 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 @@ -10891,7 +10750,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 -@@ -142,6 +143,7 @@ int ERR_load_EVP_strings(void); +@@ -140,6 +141,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -10899,7 +10758,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -185,6 +187,7 @@ int ERR_load_EVP_strings(void); +@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -10907,7 +10766,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -@@ -200,6 +203,7 @@ int ERR_load_EVP_strings(void); +@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 @@ -10916,9 +10775,9 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.fips openssl-1.1.1e/include/ope +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif -diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openssl/evp.h ---- openssl-1.1.1e/include/openssl/evp.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/evp.h 2020-03-17 17:31:01.001410911 +0100 +diff -up openssl-1.1.1j/include/openssl/evp.h.fips openssl-1.1.1j/include/openssl/evp.h +--- openssl-1.1.1j/include/openssl/evp.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/evp.h 2021-03-03 12:57:42.204734567 +0100 @@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 @@ -10929,9 +10788,9 @@ diff -up openssl-1.1.1e/include/openssl/evp.h.fips openssl-1.1.1e/include/openss const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/openssl/fips.h ---- openssl-1.1.1e/include/openssl/fips.h.fips 2020-03-17 17:31:01.002410893 +0100 -+++ openssl-1.1.1e/include/openssl/fips.h 2020-03-17 17:31:01.002410893 +0100 +diff -up openssl-1.1.1j/include/openssl/fips.h.fips openssl-1.1.1j/include/openssl/fips.h +--- openssl-1.1.1j/include/openssl/fips.h.fips 2021-03-03 12:57:42.204734567 +0100 ++++ openssl-1.1.1j/include/openssl/fips.h 2021-03-03 12:57:42.204734567 +0100 @@ -0,0 +1,187 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11120,9 +10979,9 @@ diff -up openssl-1.1.1e/include/openssl/fips.h.fips openssl-1.1.1e/include/opens +} +# endif +#endif -diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/openssl/fips_rand.h ---- openssl-1.1.1e/include/openssl/fips_rand.h.fips 2020-03-17 17:31:01.003410876 +0100 -+++ openssl-1.1.1e/include/openssl/fips_rand.h 2020-03-17 17:31:01.003410876 +0100 +diff -up openssl-1.1.1j/include/openssl/fips_rand.h.fips openssl-1.1.1j/include/openssl/fips_rand.h +--- openssl-1.1.1j/include/openssl/fips_rand.h.fips 2021-03-03 12:57:42.204734567 +0100 ++++ openssl-1.1.1j/include/openssl/fips_rand.h 2021-03-03 12:57:42.204734567 +0100 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11269,10 +11128,10 @@ diff -up openssl-1.1.1e/include/openssl/fips_rand.h.fips openssl-1.1.1e/include/ +# endif +# endif +#endif -diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/include/openssl/opensslconf.h.in ---- openssl-1.1.1e/include/openssl/opensslconf.h.in.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/opensslconf.h.in 2020-03-17 17:31:01.003410876 +0100 -@@ -150,6 +150,11 @@ extern "C" { +diff -up openssl-1.1.1j/include/openssl/opensslconf.h.in.fips openssl-1.1.1j/include/openssl/opensslconf.h.in +--- openssl-1.1.1j/include/openssl/opensslconf.h.in.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/opensslconf.h.in 2021-03-03 12:57:42.205734575 +0100 +@@ -155,6 +155,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11284,9 +11143,9 @@ diff -up openssl-1.1.1e/include/openssl/opensslconf.h.in.fips openssl-1.1.1e/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/openssl/randerr.h ---- openssl-1.1.1e/include/openssl/randerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/randerr.h 2020-03-17 17:31:01.004410858 +0100 +diff -up openssl-1.1.1j/include/openssl/randerr.h.fips openssl-1.1.1j/include/openssl/randerr.h +--- openssl-1.1.1j/include/openssl/randerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/randerr.h 2021-03-03 12:57:42.205734575 +0100 @@ -38,6 +38,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 @@ -11295,9 +11154,9 @@ diff -up openssl-1.1.1e/include/openssl/randerr.h.fips openssl-1.1.1e/include/op # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/openssl/rand.h ---- openssl-1.1.1e/include/openssl/rand.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/rand.h 2020-03-17 17:31:01.004410858 +0100 +diff -up openssl-1.1.1j/include/openssl/rand.h.fips openssl-1.1.1j/include/openssl/rand.h +--- openssl-1.1.1j/include/openssl/rand.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/rand.h 2021-03-03 12:57:42.205734575 +0100 @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11310,9 +11169,9 @@ diff -up openssl-1.1.1e/include/openssl/rand.h.fips openssl-1.1.1e/include/opens #ifdef __cplusplus } -diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/openssl/rsaerr.h ---- openssl-1.1.1e/include/openssl/rsaerr.h.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/include/openssl/rsaerr.h 2020-03-17 17:31:01.005410841 +0100 +diff -up openssl-1.1.1j/include/openssl/rsaerr.h.fips openssl-1.1.1j/include/openssl/rsaerr.h +--- openssl-1.1.1j/include/openssl/rsaerr.h.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/include/openssl/rsaerr.h 2021-03-03 12:57:42.205734575 +0100 @@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 @@ -11368,9 +11227,9 @@ diff -up openssl-1.1.1e/include/openssl/rsaerr.h.fips openssl-1.1.1e/include/ope # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c ---- openssl-1.1.1e/ssl/s3_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/s3_lib.c 2020-03-17 17:31:01.007410806 +0100 +diff -up openssl-1.1.1j/ssl/s3_lib.c.fips openssl-1.1.1j/ssl/s3_lib.c +--- openssl-1.1.1j/ssl/s3_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 12:57:42.205734575 +0100 @@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { SSL_AEAD, TLS1_3_VERSION, TLS1_3_VERSION, @@ -11470,9 +11329,9 @@ diff -up openssl-1.1.1e/ssl/s3_lib.c.fips openssl-1.1.1e/ssl/s3_lib.c SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, -diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c ---- openssl-1.1.1e/ssl/ssl_ciph.c.fips 2020-03-17 17:30:52.017567549 +0100 -+++ openssl-1.1.1e/ssl/ssl_ciph.c 2020-03-17 17:31:01.008410788 +0100 +diff -up openssl-1.1.1j/ssl/ssl_ciph.c.fips openssl-1.1.1j/ssl/ssl_ciph.c +--- openssl-1.1.1j/ssl/ssl_ciph.c.fips 2021-03-03 12:57:42.193734476 +0100 ++++ openssl-1.1.1j/ssl/ssl_ciph.c 2021-03-03 12:57:42.206734583 +0100 @@ -387,7 +387,7 @@ int ssl_load_ciphers(void) } } @@ -11511,9 +11370,9 @@ diff -up openssl-1.1.1e/ssl/ssl_ciph.c.fips openssl-1.1.1e/ssl/ssl_ciph.c if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c ---- openssl-1.1.1e/ssl/ssl_init.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/ssl_init.c 2020-03-17 17:31:01.009410771 +0100 +diff -up openssl-1.1.1j/ssl/ssl_init.c.fips openssl-1.1.1j/ssl/ssl_init.c +--- openssl-1.1.1j/ssl/ssl_init.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/ssl_init.c 2021-03-03 12:57:42.206734583 +0100 @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11557,10 +11416,10 @@ diff -up openssl-1.1.1e/ssl/ssl_init.c.fips openssl-1.1.1e/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c ---- openssl-1.1.1e/ssl/ssl_lib.c.fips 2020-03-17 17:30:52.018567531 +0100 -+++ openssl-1.1.1e/ssl/ssl_lib.c 2020-03-17 17:31:01.011410736 +0100 -@@ -2970,6 +2970,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1j/ssl/ssl_lib.c.fips openssl-1.1.1j/ssl/ssl_lib.c +--- openssl-1.1.1j/ssl/ssl_lib.c.fips 2021-03-03 12:57:42.193734476 +0100 ++++ openssl-1.1.1j/ssl/ssl_lib.c 2021-03-03 12:57:42.206734583 +0100 +@@ -2973,6 +2973,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11572,7 +11431,7 @@ diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; -@@ -3026,13 +3031,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -3029,13 +3034,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -11597,10 +11456,10 @@ diff -up openssl-1.1.1e/ssl/ssl_lib.c.fips openssl-1.1.1e/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h ---- openssl-1.1.1e/ssl/ssl_local.h.fips 2020-03-17 17:30:51.842570600 +0100 -+++ openssl-1.1.1e/ssl/ssl_local.h 2020-03-17 17:31:10.740241108 +0100 -@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st { +diff -up openssl-1.1.1j/ssl/ssl_local.h.fips openssl-1.1.1j/ssl/ssl_local.h +--- openssl-1.1.1j/ssl/ssl_local.h.fips 2021-03-03 12:57:42.100733706 +0100 ++++ openssl-1.1.1j/ssl/ssl_local.h 2021-03-03 12:57:42.206734583 +0100 +@@ -1515,6 +1515,7 @@ typedef struct tls_group_info_st { # define TLS_CURVE_PRIME 0x0 # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 @@ -11608,9 +11467,9 @@ diff -up openssl-1.1.1e/ssl/ssl_local.h.fips openssl-1.1.1e/ssl/ssl_local.h typedef struct cert_pkey_st CERT_PKEY; -diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c ---- openssl-1.1.1e/ssl/t1_lib.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/ssl/t1_lib.c 2020-03-17 17:31:10.741241091 +0100 +diff -up openssl-1.1.1j/ssl/t1_lib.c.fips openssl-1.1.1j/ssl/t1_lib.c +--- openssl-1.1.1j/ssl/t1_lib.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 12:57:42.207734591 +0100 @@ -159,11 +159,11 @@ static const TLS_GROUP_INFO nid_list[] = {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ @@ -11636,9 +11495,9 @@ diff -up openssl-1.1.1e/ssl/t1_lib.c.fips openssl-1.1.1e/ssl/t1_lib.c ctmp[0] = curve >> 8; ctmp[1] = curve & 0xff; return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c ---- openssl-1.1.1e/test/dsatest.c.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/dsatest.c 2020-03-17 17:31:10.741241091 +0100 +diff -up openssl-1.1.1j/test/dsatest.c.fips openssl-1.1.1j/test/dsatest.c +--- openssl-1.1.1j/test/dsatest.c.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/dsatest.c 2021-03-03 12:57:42.207734591 +0100 @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11721,9 +11580,9 @@ diff -up openssl-1.1.1e/test/dsatest.c.fips openssl-1.1.1e/test/dsatest.c goto end; if (!TEST_int_eq(h, 2)) goto end; -diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt ---- openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips 2020-03-17 15:31:17.000000000 +0100 -+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt 2020-03-17 17:31:10.742241073 +0100 +diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt +--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpciph.txt 2021-03-03 12:57:42.207734591 +0100 @@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 @@ -11732,13 +11591,13 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1 Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 -diff -up openssl-1.1.1e/util/libcrypto.num.fips openssl-1.1.1e/util/libcrypto.num ---- openssl-1.1.1e/util/libcrypto.num.fips 2020-03-17 17:31:10.744241038 +0100 -+++ openssl-1.1.1e/util/libcrypto.num 2020-03-17 17:32:37.851722261 +0100 -@@ -4587,3 +4587,38 @@ EVP_PKEY_meth_set_digestverify - EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION: - EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION: - RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA +diff -up openssl-1.1.1j/util/libcrypto.num.fips openssl-1.1.1j/util/libcrypto.num +--- openssl-1.1.1j/util/libcrypto.num.fips 2021-02-16 16:24:01.000000000 +0100 ++++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 12:57:42.208734600 +0100 +@@ -4591,3 +4591,38 @@ X509_ALGOR_copy + X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: + X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: + EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC +FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: +FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: +FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1l.tar.gz b/openssl-1.1.1l.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..81be7f98f0cb9158bea8a594298fc21fb6c6082f Binary files /dev/null and b/openssl-1.1.1l.tar.gz differ diff --git a/openssl.spec b/openssl.spec index 09630bb7054785109935461e3aee086da661bdbe..38deb8a3dfa933a73517b119d439b5f057e46a40 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,31 +1,31 @@ %define soversion 1.1 Name: openssl Epoch: 1 -Version: 1.1.1f -Release: 9 +Version: 1.1.1l +Release: 1 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ -Source0: https://www.openssl.org/source/old/1.1.1/%{name}-%{version}.tar.gz +Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz Source1: Makefile.certificate Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch -Patch3: CVE-2020-1967.patch -Patch4: CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch -Patch5: CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch -Patch6: CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch -Patch7: CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch -Patch8: CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch -Patch9: CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch -Patch10: CVE-2021-23840.patch -Patch11: CVE-2021-23841.patch -Patch12: CVE-2021-3449.patch -Patch13: CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch -Patch14: CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch -Patch15: CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch -Patch16: CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch -Patch17: CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch -Patch18: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch +#Patch3: CVE-2020-1967.patch +#Patch4: CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch +#Patch5: CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch +#Patch6: CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch +#Patch7: CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch +#Patch8: CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch +#Patch9: CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch +#Patch10: CVE-2021-23840.patch +#Patch11: CVE-2021-23841.patch +#Patch12: CVE-2021-3449.patch +#Patch13: CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch +#Patch14: CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch +#Patch15: CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch +#Patch16: CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch +#Patch17: CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch +#Patch18: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel @@ -202,6 +202,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Wed Dec 8 2021 lujie42 - 1:1.1.1l-1 +- update openssl-1.1.1f to openssl-1.1.1l + * Fri Sep 24 2021 openEuler Buildteam - 1:1.1.1f-9 - bugfix Overflow when printing Thawte Strong Extranet @@ -220,7 +223,7 @@ make test || : * Wed Mar 10 2021 openEuler Buildteam - 1:1.1.1f-4 - fix CVE-2021-23840 and CVE-2021-23841 -* Mon Jan 19 2021 openEuler Buildteam - 1:1.1.1f-3 +* Tue Jan 19 2021 openEuler Buildteam - 1:1.1.1f-3 - fix CVE-2020-1971 * Fri Sep 11 2020 Liquor - 1:1.1.1f-2