rpms/openssl/devel openssl-1.0.0-beta3-camellia-rounds.patch, NONE, 1.1 openssl-1.0.0-beta3-fips.patch, 1.4, 1.5 openssl.spec, 1.141, 1.142 openssl-1.0.0-beta3-cmll-noasm.patch, 1.1, NONE
Tomáš Mráz
tmraz at fedoraproject.org
Wed Sep 30 18:18:48 UTC 2009
- Previous message (by thread): rpms/monodevelop/devel import.log, 1.24, 1.25 monodevelop.spec, 1.44, 1.45
- Next message (by thread): rpms/python-netaddr/devel .cvsignore, 1.12, 1.13 python-netaddr.spec, 1.17, 1.18 sources, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24523
Modified Files:
openssl-1.0.0-beta3-fips.patch openssl.spec
Added Files:
openssl-1.0.0-beta3-camellia-rounds.patch
Removed Files:
openssl-1.0.0-beta3-cmll-noasm.patch
Log Message:
* Wed Sep 30 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.8.beta3
- fix RSA and DSA FIPS selftests
- reenable fixed x86_64 camellia assembler code (#521127)
openssl-1.0.0-beta3-camellia-rounds.patch:
cmll-x86_64.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE openssl-1.0.0-beta3-camellia-rounds.patch ---
diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl.rounds openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl
--- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl.rounds 2009-09-15 12:09:08.000000000 +0200
+++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86_64.pl 2009-09-15 12:09:48.000000000 +0200
@@ -656,7 +656,7 @@ Camellia_cbc_encrypt:
mov %rsi,$out # out argument
mov %r8,%rbx # ivp argument
mov %rcx,$key # key argument
- mov 272(%rcx),$keyend # grandRounds
+ mov 272(%rcx),${keyend}d # grandRounds
mov %r8,$_ivp
mov %rbp,$_rsp
openssl-1.0.0-beta3-fips.patch:
Configure | 14
Makefile.org | 6
crypto/Makefile | 6
crypto/bf/bf_skey.c | 7
crypto/bf/blowfish.h | 4
crypto/bn/Makefile | 4
crypto/bn/bn.h | 11
crypto/bn/bn_x931p.c | 272 ++++++++++
crypto/camellia/Makefile | 4
crypto/camellia/asm/cmll-x86.pl | 7
crypto/camellia/camellia.h | 5
crypto/camellia/cmll_fblk.c | 68 ++
crypto/camellia/cmll_misc.c | 9
crypto/cast/c_skey.c | 7
crypto/cast/cast.h | 4
crypto/crypto.h | 57 ++
crypto/dh/dh.h | 5
crypto/dh/dh_err.c | 3
crypto/dh/dh_gen.c | 18
crypto/dh/dh_key.c | 21
crypto/dsa/dsa.h | 23
crypto/dsa/dsa_gen.c | 19
crypto/dsa/dsa_key.c | 61 ++
crypto/dsa/dsa_ossl.c | 36 +
crypto/err/err_all.c | 6
crypto/evp/digest.c | 60 ++
crypto/evp/e_aes.c | 41 -
crypto/evp/e_camellia.c | 2
crypto/evp/e_des3.c | 24
crypto/evp/e_null.c | 2
crypto/evp/evp.h | 27 -
crypto/evp/evp_enc.c | 69 ++
crypto/evp/evp_err.c | 1
crypto/evp/evp_lib.c | 22
crypto/evp/evp_locl.h | 29 -
crypto/evp/m_dss.c | 2
crypto/evp/m_dss1.c | 2
crypto/evp/m_sha1.c | 15
crypto/evp/names.c | 8
crypto/evp/p_sign.c | 17
crypto/evp/p_verify.c | 17
crypto/fips/Makefile | 81 +++
crypto/fips/cavs/fips_aesavs.c | 939 +++++++++++++++++++++++++++++++++++++
crypto/fips/cavs/fips_desmovs.c | 702 +++++++++++++++++++++++++++
crypto/fips/cavs/fips_dssvs.c | 537 +++++++++++++++++++++
crypto/fips/cavs/fips_rngvs.c | 230 +++++++++
crypto/fips/cavs/fips_rsagtest.c | 390 +++++++++++++++
crypto/fips/cavs/fips_rsastest.c | 370 ++++++++++++++
crypto/fips/cavs/fips_rsavtest.c | 377 ++++++++++++++
crypto/fips/cavs/fips_shatest.c | 388 +++++++++++++++
crypto/fips/cavs/fips_utl.h | 343 +++++++++++++
crypto/fips/fips.c | 419 ++++++++++++++++
crypto/fips/fips.h | 163 ++++++
crypto/fips/fips_aes_selftest.c | 101 +++
crypto/fips/fips_des_selftest.c | 137 +++++
crypto/fips/fips_dsa_selftest.c | 184 +++++++
crypto/fips/fips_hmac_selftest.c | 135 +++++
crypto/fips/fips_rand.c | 410 ++++++++++++++++
crypto/fips/fips_rand.h | 77 +++
crypto/fips/fips_rand_selftest.c | 371 ++++++++++++++
crypto/fips/fips_randtest.c | 248 +++++++++
crypto/fips/fips_rsa_selftest.c | 439 +++++++++++++++++
crypto/fips/fips_rsa_x931g.c | 281 +++++++++++
crypto/fips/fips_sha1_selftest.c | 97 +++
crypto/fips/fips_standalone_sha1.c | 173 ++++++
crypto/fips/fips_test_suite.c | 588 +++++++++++++++++++++++
crypto/fips_err.c | 7
crypto/fips_err.h | 137 +++++
crypto/fips_locl.h | 72 ++
crypto/hmac/hmac.c | 14
crypto/hmac/hmac.h | 1
crypto/md2/md2.h | 3
crypto/md2/md2_dgst.c | 7
crypto/md4/md4.h | 3
crypto/md4/md4_dgst.c | 7
crypto/md5/md5.h | 3
crypto/md5/md5_dgst.c | 7
crypto/mdc2/mdc2.h | 4
crypto/mdc2/mdc2dgst.c | 7
crypto/mem.c | 2
crypto/o_init.c | 80 +++
crypto/opensslconf.h.in | 15
crypto/pkcs12/p12_crt.c | 11
crypto/rand/md_rand.c | 12
crypto/rand/rand.h | 17
crypto/rand/rand_err.c | 17
crypto/rand/rand_lib.c | 17
crypto/rc2/rc2.h | 4
crypto/rc2/rc2_skey.c | 17
crypto/rc4/Makefile | 4
crypto/rc4/asm/rc4-586.pl | 8
crypto/rc4/asm/rc4-s390x.pl | 2
crypto/rc4/asm/rc4-x86_64.pl | 2
crypto/rc4/rc4.h | 3
crypto/rc4/rc4_fblk.c | 75 ++
crypto/rc4/rc4_skey.c | 14
crypto/ripemd/ripemd.h | 3
crypto/ripemd/rmd_dgst.c | 7
crypto/rsa/rsa.h | 28 +
crypto/rsa/rsa_eay.c | 158 ++++--
crypto/rsa/rsa_err.c | 6
crypto/rsa/rsa_gen.c | 104 ++++
crypto/rsa/rsa_lib.c | 87 +--
crypto/rsa/rsa_sign.c | 10
crypto/sha/sha.h | 3
crypto/sha/sha1dgst.c | 4
crypto/sha/sha256.c | 10
crypto/sha/sha512.c | 12
crypto/sha/sha_dgst.c | 6
crypto/sha/sha_locl.h | 7
ssl/s23_clnt.c | 16
ssl/s23_srvr.c | 9
ssl/s3_clnt.c | 6
ssl/s3_enc.c | 4
ssl/s3_srvr.c | 2
ssl/ssl_ciph.c | 7
ssl/ssl_lib.c | 8
ssl/ssltest.c | 35 +
ssl/t1_enc.c | 2
119 files changed, 10121 insertions(+), 180 deletions(-)
Index: openssl-1.0.0-beta3-fips.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl-1.0.0-beta3-fips.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- openssl-1.0.0-beta3-fips.patch 20 Aug 2009 17:22:41 -0000 1.4
+++ openssl-1.0.0-beta3-fips.patch 30 Sep 2009 18:18:48 -0000 1.5
@@ -1,6 +1,6 @@
diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure
---- openssl-1.0.0-beta3/Configure.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/Configure 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/Configure.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/Configure 2009-09-30 13:25:58.000000000 +0200
@@ -654,6 +654,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml
my $processor="";
my $default_ranlib;
@@ -45,7 +45,7 @@ diff -up openssl-1.0.0-beta3/Configure.f
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto/bf/bf_skey.c
--- openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-09-30 13:25:58.000000000 +0200
@@ -59,10 +59,15 @@
#include <stdio.h>
#include <string.h>
@@ -64,8 +64,8 @@ diff -up openssl-1.0.0-beta3/crypto/bf/b
int i;
BF_LONG *p,ri,in[2];
diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypto/bf/blowfish.h
---- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-09-30 13:25:58.000000000 +0200
@@ -104,7 +104,9 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
@@ -78,8 +78,8 @@ diff -up openssl-1.0.0-beta3/crypto/bf/b
void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/bn.h
---- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-09-30 13:25:58.000000000 +0200
@@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n
int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb);
@@ -99,8 +99,8 @@ diff -up openssl-1.0.0-beta3/crypto/bn/b
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,272 @@
+/* bn_x931p.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -376,7 +376,7 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
diff -up openssl-1.0.0-beta3/crypto/bn/Makefile.fips openssl-1.0.0-beta3/crypto/bn/Makefile
--- openssl-1.0.0-beta3/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/bn/Makefile 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/bn/Makefile 2009-09-30 13:25:58.000000000 +0200
@@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li
bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
@@ -395,7 +395,7 @@ diff -up openssl-1.0.0-beta3/crypto/bn/M
diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl
--- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl 2009-08-20 16:54:59.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl 2009-09-30 13:25:58.000000000 +0200
@@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0;
}
&function_end("Camellia_Ekeygen");
@@ -423,8 +423,8 @@ diff -up openssl-1.0.0-beta3/crypto/came
@SBOX=(
diff -up openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips openssl-1.0.0-beta3/crypto/camellia/camellia.h
---- openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips 2009-08-11 18:07:29.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/camellia/camellia.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips 2009-09-30 13:25:56.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/camellia/camellia.h 2009-09-30 13:25:58.000000000 +0200
@@ -88,6 +88,11 @@ struct camellia_key_st
};
typedef struct camellia_key_st CAMELLIA_KEY;
@@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta3/crypto/came
int Camellia_set_key(const unsigned char *userKey, const int bits,
CAMELLIA_KEY *key);
-diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c
---- openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c.fips 2009-08-20 17:01:56.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c 2009-08-20 17:03:21.000000000 +0200
+diff -up /dev/null openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,68 @@
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
@@ -511,7 +511,7 @@ diff -up openssl-1.0.0-beta3/crypto/came
+#endif
diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c
--- openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c 2009-08-20 17:04:10.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c 2009-09-30 13:25:58.000000000 +0200
@@ -52,11 +52,20 @@
#include <openssl/opensslv.h>
#include <openssl/camellia.h>
@@ -535,7 +535,7 @@ diff -up openssl-1.0.0-beta3/crypto/came
return -1;
diff -up openssl-1.0.0-beta3/crypto/camellia/Makefile.fips openssl-1.0.0-beta3/crypto/camellia/Makefile
--- openssl-1.0.0-beta3/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/camellia/Makefile 2009-08-20 17:02:56.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/camellia/Makefile 2009-09-30 13:25:58.000000000 +0200
@@ -23,9 +23,9 @@ APPS=
LIB=$(TOP)/libcrypto.a
@@ -549,8 +549,8 @@ diff -up openssl-1.0.0-beta3/crypto/came
SRC= $(LIBSRC)
diff -up openssl-1.0.0-beta3/crypto/cast/cast.h.fips openssl-1.0.0-beta3/crypto/cast/cast.h
---- openssl-1.0.0-beta3/crypto/cast/cast.h.fips 2009-08-11 18:07:29.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/cast/cast.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/cast/cast.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/cast/cast.h 2009-09-30 13:25:58.000000000 +0200
@@ -83,7 +83,9 @@ typedef struct cast_key_st
int short_key; /* Use reduced rounds for short key */
} CAST_KEY;
@@ -564,7 +564,7 @@ diff -up openssl-1.0.0-beta3/crypto/cast
int enc);
diff -up openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips openssl-1.0.0-beta3/crypto/cast/c_skey.c
--- openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/cast/c_skey.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/cast/c_skey.c 2009-09-30 13:25:58.000000000 +0200
@@ -57,6 +57,11 @@
*/
@@ -587,8 +587,8 @@ diff -up openssl-1.0.0-beta3/crypto/cast
CAST_LONG x[16];
CAST_LONG z[16];
diff -up openssl-1.0.0-beta3/crypto/crypto.h.fips openssl-1.0.0-beta3/crypto/crypto.h
---- openssl-1.0.0-beta3/crypto/crypto.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/crypto.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/crypto.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/crypto.h 2009-09-30 13:25:58.000000000 +0200
@@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin
unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
@@ -661,7 +661,7 @@ diff -up openssl-1.0.0-beta3/crypto/cryp
/* Function codes. */
diff -up openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips openssl-1.0.0-beta3/crypto/dh/dh_err.c
--- openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/dh/dh_err.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dh/dh_err.c 2009-09-30 13:25:58.000000000 +0200
@@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]=
{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
@@ -681,7 +681,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/d
{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
diff -up openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta3/crypto/dh/dh_gen.c
--- openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/dh/dh_gen.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dh/dh_gen.c 2009-09-30 13:25:58.000000000 +0200
@@ -65,6 +65,10 @@
#include "cryptlib.h"
#include <openssl/bn.h>
@@ -715,8 +715,8 @@ diff -up openssl-1.0.0-beta3/crypto/dh/d
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/dh.h
---- openssl-1.0.0-beta3/crypto/dh/dh.h.fips 2009-08-11 18:07:29.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/dh/dh.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/dh/dh.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dh/dh.h 2009-09-30 13:25:58.000000000 +0200
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
@@ -745,7 +745,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/d
}
diff -up openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips openssl-1.0.0-beta3/crypto/dh/dh_key.c
--- openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/dh/dh_key.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dh/dh_key.c 2009-09-30 13:25:58.000000000 +0200
@@ -61,6 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -797,7 +797,7 @@ diff -up openssl-1.0.0-beta3/crypto/dh/d
}
diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c
--- openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c 2009-09-30 13:25:58.000000000 +0200
@@ -77,8 +77,12 @@
#include "cryptlib.h"
#include <openssl/evp.h>
@@ -834,8 +834,8 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/
qsize != SHA256_DIGEST_LENGTH)
/* invalid q size */
diff -up openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips openssl-1.0.0-beta3/crypto/dsa/dsa.h
---- openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/dsa/dsa.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dsa/dsa.h 2009-09-30 13:25:58.000000000 +0200
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
@@ -894,8 +894,8 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/
#ifdef __cplusplus
diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_key.c
--- openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/dsa/dsa_key.c 2009-08-11 18:09:42.000000000 +0200
-@@ -63,9 +63,40 @@
++++ openssl-1.0.0-beta3/crypto/dsa/dsa_key.c 2009-09-30 17:01:34.000000000 +0200
+@@ -63,9 +63,53 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -917,26 +917,39 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/
+
+int fips_check_dsa(DSA *dsa)
+ {
-+ EVP_PKEY pk;
++ EVP_PKEY *pk;
+ unsigned char tbs[] = "DSA Pairwise Check Data";
-+ pk.type = EVP_PKEY_DSA;
-+ pk.pkey.dsa = dsa;
++ int ret = 0;
++
++ if ((pk=EVP_PKEY_new()) == NULL)
++ goto err;
++
++ EVP_PKEY_set1_DSA(pk, dsa);
++
++ if (!fips_pkey_signature_test(pk, tbs, -1,
++ NULL, 0, EVP_sha1(), 0, NULL))
++ goto err;
++
++ ret = 1;
+
-+ if (!fips_pkey_signature_test(&pk, tbs, -1,
-+ NULL, 0, EVP_dss1(), 0, NULL))
++err:
++ if (ret == 0)
+ {
-+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ fips_set_selftest_fail();
-+ return 0;
++ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ }
-+ return 1;
++
++ if (pk)
++ EVP_PKEY_free(pk);
++
++ return ret;
+ }
+#endif
+
int DSA_generate_key(DSA *dsa)
{
if(dsa->meth->dsa_keygen)
-@@ -79,6 +110,14 @@ static int dsa_builtin_keygen(DSA *dsa)
+@@ -79,6 +123,14 @@ static int dsa_builtin_keygen(DSA *dsa)
BN_CTX *ctx=NULL;
BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -951,7 +964,7 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/
if ((ctx=BN_CTX_new()) == NULL) goto err;
if (dsa->priv_key == NULL)
-@@ -117,6 +156,15 @@ static int dsa_builtin_keygen(DSA *dsa)
+@@ -117,6 +169,15 @@ static int dsa_builtin_keygen(DSA *dsa)
dsa->priv_key=priv_key;
dsa->pub_key=pub_key;
@@ -969,7 +982,7 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/
err:
diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c
--- openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c 2009-09-30 13:25:58.000000000 +0200
@@ -65,6 +65,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
@@ -1043,7 +1056,7 @@ diff -up openssl-1.0.0-beta3/crypto/dsa/
}
diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypto/err/err_all.c
--- openssl-1.0.0-beta3/crypto/err/err_all.c.fips 2008-11-24 18:27:06.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/err/err_all.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/err/err_all.c 2009-09-30 13:25:58.000000000 +0200
@@ -96,6 +96,9 @@
#include <openssl/ocsp.h>
#include <openssl/err.h>
@@ -1066,7 +1079,7 @@ diff -up openssl-1.0.0-beta3/crypto/err/
#endif
diff -up openssl-1.0.0-beta3/crypto/evp/digest.c.fips openssl-1.0.0-beta3/crypto/evp/digest.c
--- openssl-1.0.0-beta3/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/digest.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/digest.c 2009-09-30 13:25:58.000000000 +0200
@@ -116,6 +116,7 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -1167,7 +1180,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
ret=ctx->digest->final(ctx,md);
diff -up openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips openssl-1.0.0-beta3/crypto/evp/e_aes.c
--- openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/e_aes.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/e_aes.c 2009-09-30 13:25:58.000000000 +0200
@@ -69,32 +69,29 @@ typedef struct
IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
@@ -1222,7 +1235,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
const unsigned char *iv, int enc)
diff -up openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta3/crypto/evp/e_camellia.c
--- openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/e_camellia.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/e_camellia.c 2009-09-30 13:25:58.000000000 +0200
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks,
EVP_CIPHER_get_asn1_iv,
NULL)
@@ -1234,7 +1247,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
IMPLEMENT_CAMELLIA_CFBR(192,1)
diff -up openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips openssl-1.0.0-beta3/crypto/evp/e_des3.c
--- openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/e_des3.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/e_des3.c 2009-09-30 13:25:58.000000000 +0200
@@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
}
@@ -1281,7 +1294,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff -up openssl-1.0.0-beta3/crypto/evp/e_null.c.fips openssl-1.0.0-beta3/crypto/evp/e_null.c
--- openssl-1.0.0-beta3/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/e_null.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/e_null.c 2009-09-30 13:25:58.000000000 +0200
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
{
NID_undef,
@@ -1293,7 +1306,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
NULL,
diff -up openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta3/crypto/evp/evp_enc.c
--- openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/evp_enc.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/evp_enc.c 2009-09-30 13:25:58.000000000 +0200
@@ -68,8 +68,53 @@
const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
@@ -1388,7 +1401,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
}
diff -up openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips openssl-1.0.0-beta3/crypto/evp/evp_err.c
--- openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/evp_err.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/evp_err.c 2009-09-30 13:25:58.000000000 +0200
@@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
@@ -1398,8 +1411,8 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/evp/evp.h
---- openssl-1.0.0-beta3/crypto/evp/evp.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/evp.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/evp/evp.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/evp.h 2009-09-30 14:40:54.000000000 +0200
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
@@ -1431,7 +1444,18 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
* in FIPS mode */
-@@ -330,6 +332,14 @@ struct evp_cipher_st
+@@ -284,6 +286,10 @@ struct env_md_ctx_st
+ #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
+ #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
+ #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
++#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
++ ((ctx->flags>>16) &0xFFFF) /* seed length */
++#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
++#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
+
+ #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
+
+@@ -330,6 +336,14 @@ struct evp_cipher_st
#define EVP_CIPH_NO_PADDING 0x100
/* cipher handles random key generation */
#define EVP_CIPH_RAND_KEY 0x200
@@ -1446,7 +1470,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
/* ctrl() values */
-@@ -507,6 +517,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ
+@@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ
const unsigned char *salt, const unsigned char *data,
int datal, int count, unsigned char *key,unsigned char *iv);
@@ -1457,7 +1481,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-@@ -1225,6 +1239,7 @@ void ERR_load_EVP_strings(void);
+@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_DIFFERENT_PARAMETERS 153
@@ -1467,7 +1491,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
#define EVP_R_EXPECTING_AN_RSA_KEY 127
diff -up openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta3/crypto/evp/evp_lib.c
--- openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/evp_lib.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/evp_lib.c 2009-09-30 13:25:58.000000000 +0200
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_
if (c->cipher->set_asn1_parameters != NULL)
@@ -1516,8 +1540,8 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
+ return (ctx->flags & flags);
+ }
diff -up openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta3/crypto/evp/evp_locl.h
---- openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/evp_locl.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/evp_locl.h 2009-09-30 13:25:58.000000000 +0200
@@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER
static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
{\
@@ -1567,24 +1591,24 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
struct evp_pkey_ctx_st
{
-diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss1.c
---- openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/m_dss1.c 2009-08-11 18:07:30.000000000 +0200
-@@ -82,7 +82,7 @@ static const EVP_MD dss1_md=
- NID_dsa,
- NID_dsaWithSHA1,
+diff -up openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss.c
+--- openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/m_dss.c 2009-09-30 13:25:58.000000000 +0200
+@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
+ NID_dsaWithSHA,
+ NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_PKEY_DIGEST,
+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
init,
update,
final,
-diff -up openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss.c
---- openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/m_dss.c 2009-08-11 18:07:30.000000000 +0200
-@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
- NID_dsaWithSHA,
- NID_dsaWithSHA,
+diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss1.c
+--- openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/m_dss1.c 2009-09-30 13:25:58.000000000 +0200
+@@ -82,7 +82,7 @@ static const EVP_MD dss1_md=
+ NID_dsa,
+ NID_dsaWithSHA1,
SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_PKEY_DIGEST,
+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
@@ -1593,7 +1617,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
final,
diff -up openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta3/crypto/evp/m_sha1.c
--- openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/evp/m_sha1.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/m_sha1.c 2009-09-30 13:25:58.000000000 +0200
@@ -82,7 +82,8 @@ static const EVP_MD sha1_md=
NID_sha1,
NID_sha1WithRSAEncryption,
@@ -1646,7 +1670,7 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
final512,
diff -up openssl-1.0.0-beta3/crypto/evp/names.c.fips openssl-1.0.0-beta3/crypto/evp/names.c
--- openssl-1.0.0-beta3/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/evp/names.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/names.c 2009-09-30 13:25:58.000000000 +0200
@@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
{
int r;
@@ -1669,9 +1693,77 @@ diff -up openssl-1.0.0-beta3/crypto/evp/
name=OBJ_nid2sn(md->type);
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
if (r == 0) return(0);
+diff -up openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips openssl-1.0.0-beta3/crypto/evp/p_sign.c
+--- openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/evp/p_sign.c 2009-09-30 15:07:14.000000000 +0200
+@@ -61,6 +61,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
++#include <openssl/rsa.h>
+
+ #ifdef undef
+ void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+@@ -101,6 +102,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
+ goto err;
+ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+ goto err;
++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
++ goto err;
++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
++ {
++ int saltlen;
++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
++ goto err;
++ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
++ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
++ saltlen = -1;
++ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
++ saltlen = -2;
++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
++ goto err;
++ }
+ if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+ goto err;
+ *siglen = sltmp;
+diff -up openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips openssl-1.0.0-beta3/crypto/evp/p_verify.c
+--- openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100
++++ openssl-1.0.0-beta3/crypto/evp/p_verify.c 2009-09-30 15:07:27.000000000 +0200
+@@ -61,6 +61,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
++#include <openssl/rsa.h>
+
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+ unsigned int siglen, EVP_PKEY *pkey)
+@@ -86,6 +87,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
+ goto err;
+ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+ goto err;
++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
++ goto err;
++ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
++ {
++ int saltlen;
++ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
++ goto err;
++ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
++ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
++ saltlen = -1;
++ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
++ saltlen = -2;
++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
++ goto err;
++ }
+ i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ err:
+ EVP_PKEY_CTX_free(pkctx);
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,939 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -2613,8 +2705,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_desmovs.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,702 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
@@ -3319,8 +3411,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_dssvs.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,537 @@
+#include <openssl/opensslconf.h>
+
@@ -3860,8 +3952,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rngvs.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
@@ -4094,8 +4186,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsagtest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4488,8 +4580,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsastest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -4862,8 +4954,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_rsavtest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5243,8 +5335,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_shatest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -5635,8 +5727,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_utl.h 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -5982,8 +6074,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips_err.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips_err.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
@@ -5993,8 +6085,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+static void *dummy=&dummy;
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_err.h
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips_err.h 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips_err.h 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,137 @@
+/* crypto/fips_err.h */
+/* ====================================================================
@@ -6134,8 +6226,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+#endif
+ }
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_aes_selftest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -6239,8 +6331,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,419 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -6662,8 +6754,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_des_selftest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,137 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -6803,9 +6895,9 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c 2009-08-11 18:07:30.000000000 +0200
-@@ -0,0 +1,180 @@
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_dsa_selftest.c 2009-09-30 13:25:58.000000000 +0200
+@@ -0,0 +1,184 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -6923,13 +7015,13 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+int FIPS_selftest_dsa()
+ {
-+ DSA *dsa=NULL;
++ DSA *dsa;
+ int counter,i,j, ret = 0;
+ unsigned int slen;
+ unsigned char buf[256];
+ unsigned long h;
+ EVP_MD_CTX mctx;
-+ EVP_PKEY pk;
++ EVP_PKEY *pk = NULL;
+
+ EVP_MD_CTX_init(&mctx);
+
@@ -6958,28 +7050,32 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ if (i != j || memcmp(buf,out_g,i) != 0)
+ goto err;
+ DSA_generate_key(dsa);
-+ pk.type = EVP_PKEY_DSA;
-+ pk.pkey.dsa = dsa;
++
++ if ((pk=EVP_PKEY_new()) == NULL)
++ goto err;
++ EVP_PKEY_assign_DSA(pk, dsa);
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto err;
+ if (!EVP_SignUpdate(&mctx, str1, 20))
+ goto err;
-+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
++ if (!EVP_SignFinal(&mctx, buf, &slen, pk))
+ goto err;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto err;
+ if (!EVP_VerifyUpdate(&mctx, str1, 20))
+ goto err;
-+ if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
++ if (EVP_VerifyFinal(&mctx, buf, slen, pk) != 1)
+ goto err;
+
+ ret = 1;
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
-+ if (dsa)
++ if (pk)
++ EVP_PKEY_free(pk);
++ else if (dsa)
+ DSA_free(dsa);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
@@ -6987,8 +7083,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips.h
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips.h 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips.h 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,163 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -7154,8 +7250,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+#endif
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_hmac_selftest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,135 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
@@ -7293,8 +7389,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ }
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,410 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
@@ -7707,8 +7803,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand.h
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_rand.h 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_rand.h 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,77 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -7788,8 +7884,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+#endif
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_rand_selftest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,371 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -8163,8 +8259,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_randtest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_randtest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_randtest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,248 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
@@ -8415,9 +8511,9 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c 2009-08-11 18:07:30.000000000 +0200
-@@ -0,0 +1,432 @@
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_selftest.c 2009-09-30 13:25:58.000000000 +0200
+@@ -0,0 +1,439 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
+ *
@@ -8759,83 +8855,87 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+int FIPS_selftest_rsa()
+ {
+ int ret = 0;
-+ RSA *key = NULL;
-+ EVP_PKEY pk;
-+ key=RSA_new();
++ RSA *key;
++ EVP_PKEY *pk = NULL;
++
++ if ((key=RSA_new()) == NULL)
++ goto err;
+ setrsakey(key);
-+ pk.type = EVP_PKEY_RSA;
-+ pk.pkey.rsa = key;
++ if ((pk=EVP_PKEY_new()) == NULL)
++ goto err;
++
++ EVP_PKEY_assign_RSA(pk, key);
+
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA1 PKCS#1"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA224 PKCS#1"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA256 PKCS#1"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA384 PKCS#1"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA512 PKCS#1"))
+ goto err;
+
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA1 PSS"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA224 PSS"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA256 PSS"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA384 PSS"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA512 PSS"))
+ goto err;
+
+
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA1 X931"))
+ goto err;
+ /* NB: SHA224 not supported in X9.31 */
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA256 X931"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA384 X931"))
+ goto err;
-+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
++ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA512 X931"))
@@ -8845,14 +8945,17 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+ ret = 1;
+
+ err:
-+ RSA_free(key);
++ if (pk)
++ EVP_PKEY_free(pk);
++ else if (key)
++ RSA_free(key);
+ return ret;
+ }
+
+#endif /* def OPENSSL_FIPS */
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_rsa_x931g.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,281 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
@@ -9136,8 +9239,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+ }
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_sha1_selftest.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,97 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9237,8 +9340,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,173 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -9414,8 +9517,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/fips_test_suite.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,588 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10006,8 +10109,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips_locl.h
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips_locl.h 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips_locl.h 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,72 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
@@ -10082,8 +10185,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+#endif
+#endif
diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/Makefile
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/fips/Makefile 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,81 @@
+#
+# OpenSSL/crypto/fips/Makefile
@@ -10168,7 +10271,7 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips openssl-1.0.0-beta3/crypto/hmac/hmac.c
--- openssl-1.0.0-beta3/crypto/hmac/hmac.c.fips 2008-11-12 04:58:02.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/hmac/hmac.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/hmac/hmac.c 2009-09-30 13:25:58.000000000 +0200
@@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
if (key != NULL)
@@ -10195,8 +10298,8 @@ diff -up openssl-1.0.0-beta3/crypto/hmac
+ }
+
diff -up openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips openssl-1.0.0-beta3/crypto/hmac/hmac.h
---- openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/hmac/hmac.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/hmac/hmac.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/hmac/hmac.h 2009-09-30 13:25:58.000000000 +0200
@@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md
unsigned int *md_len);
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
@@ -10207,7 +10310,7 @@ diff -up openssl-1.0.0-beta3/crypto/hmac
}
diff -up openssl-1.0.0-beta3/crypto/Makefile.fips openssl-1.0.0-beta3/crypto/Makefile
--- openssl-1.0.0-beta3/crypto/Makefile.fips 2009-04-06 16:31:35.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/Makefile 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/Makefile 2009-09-30 13:25:58.000000000 +0200
@@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i
LIB= $(TOP)/libcrypto.a
@@ -10226,9 +10329,47 @@ diff -up openssl-1.0.0-beta3/crypto/Make
ALL= $(GENERAL) $(SRC) $(HEADER)
+diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c 2009-09-30 13:25:58.000000000 +0200
+@@ -61,6 +61,11 @@
+ #include <string.h>
+ #include <openssl/des.h>
+ #include <openssl/mdc2.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+
+ #undef c2l
+ #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
+@@ -75,7 +80,7 @@
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+-int MDC2_Init(MDC2_CTX *c)
++FIPS_NON_FIPS_MD_Init(MDC2)
+ {
+ c->num=0;
+ c->pad_type=1;
+diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2.h
+--- openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/mdc2/mdc2.h 2009-09-30 13:25:58.000000000 +0200
+@@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st
+ int pad_type; /* either 1 or 2, default 1 */
+ } MDC2_CTX;
+
+-
++#ifdef OPENSSL_FIPS
++int private_MDC2_Init(MDC2_CTX *c);
++#endif
+ int MDC2_Init(MDC2_CTX *c);
+ int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+ int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff -up openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta3/crypto/md2/md2_dgst.c
--- openssl-1.0.0-beta3/crypto/md2/md2_dgst.c.fips 2007-08-31 12:12:35.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/md2/md2_dgst.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/md2/md2_dgst.c 2009-09-30 13:25:58.000000000 +0200
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
@@ -10251,8 +10392,8 @@ diff -up openssl-1.0.0-beta3/crypto/md2/
c->num=0;
memset(c->state,0,sizeof c->state);
diff -up openssl-1.0.0-beta3/crypto/md2/md2.h.fips openssl-1.0.0-beta3/crypto/md2/md2.h
---- openssl-1.0.0-beta3/crypto/md2/md2.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/md2/md2.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/md2/md2.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/md2/md2.h 2009-09-30 13:25:58.000000000 +0200
@@ -81,6 +81,9 @@ typedef struct MD2state_st
} MD2_CTX;
@@ -10265,7 +10406,7 @@ diff -up openssl-1.0.0-beta3/crypto/md2/
int MD2_Final(unsigned char *md, MD2_CTX *c);
diff -up openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta3/crypto/md4/md4_dgst.c
--- openssl-1.0.0-beta3/crypto/md4/md4_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/md4/md4_dgst.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/md4/md4_dgst.c 2009-09-30 13:25:58.000000000 +0200
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "md4_locl.h"
@@ -10288,8 +10429,8 @@ diff -up openssl-1.0.0-beta3/crypto/md4/
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
diff -up openssl-1.0.0-beta3/crypto/md4/md4.h.fips openssl-1.0.0-beta3/crypto/md4/md4.h
---- openssl-1.0.0-beta3/crypto/md4/md4.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/md4/md4.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/md4/md4.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/md4/md4.h 2009-09-30 13:25:58.000000000 +0200
@@ -105,6 +105,9 @@ typedef struct MD4state_st
unsigned int num;
} MD4_CTX;
@@ -10302,7 +10443,7 @@ diff -up openssl-1.0.0-beta3/crypto/md4/
int MD4_Final(unsigned char *md, MD4_CTX *c);
diff -up openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta3/crypto/md5/md5_dgst.c
--- openssl-1.0.0-beta3/crypto/md5/md5_dgst.c.fips 2007-01-21 14:07:11.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/md5/md5_dgst.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/md5/md5_dgst.c 2009-09-30 13:25:58.000000000 +0200
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "md5_locl.h"
@@ -10325,8 +10466,8 @@ diff -up openssl-1.0.0-beta3/crypto/md5/
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;
diff -up openssl-1.0.0-beta3/crypto/md5/md5.h.fips openssl-1.0.0-beta3/crypto/md5/md5.h
---- openssl-1.0.0-beta3/crypto/md5/md5.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/md5/md5.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/md5/md5.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/md5/md5.h 2009-09-30 13:25:58.000000000 +0200
@@ -105,6 +105,9 @@ typedef struct MD5state_st
unsigned int num;
} MD5_CTX;
@@ -10337,47 +10478,9 @@ diff -up openssl-1.0.0-beta3/crypto/md5/
int MD5_Init(MD5_CTX *c);
int MD5_Update(MD5_CTX *c, const void *data, size_t len);
int MD5_Final(unsigned char *md, MD5_CTX *c);
-diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c.fips 2004-07-25 21:10:41.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/mdc2/mdc2dgst.c 2009-08-11 18:07:30.000000000 +0200
-@@ -61,6 +61,11 @@
- #include <string.h>
- #include <openssl/des.h>
- #include <openssl/mdc2.h>
-+#include <openssl/err.h>
-+#ifdef OPENSSL_FIPS
-+#include <openssl/fips.h>
-+#endif
-+
-
- #undef c2l
- #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
-@@ -75,7 +80,7 @@
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
- static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
--int MDC2_Init(MDC2_CTX *c)
-+FIPS_NON_FIPS_MD_Init(MDC2)
- {
- c->num=0;
- c->pad_type=1;
-diff -up openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta3/crypto/mdc2/mdc2.h
---- openssl-1.0.0-beta3/crypto/mdc2/mdc2.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/mdc2/mdc2.h 2009-08-11 18:07:30.000000000 +0200
-@@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st
- int pad_type; /* either 1 or 2, default 1 */
- } MDC2_CTX;
-
--
-+#ifdef OPENSSL_FIPS
-+int private_MDC2_Init(MDC2_CTX *c);
-+#endif
- int MDC2_Init(MDC2_CTX *c);
- int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
- int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff -up openssl-1.0.0-beta3/crypto/mem.c.fips openssl-1.0.0-beta3/crypto/mem.c
--- openssl-1.0.0-beta3/crypto/mem.c.fips 2008-11-12 04:57:47.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/mem.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/mem.c 2009-09-30 13:25:58.000000000 +0200
@@ -101,7 +101,7 @@ static void (*free_locked_func)(void *)
/* may be changed as long as 'allow_customize_debug' is set */
@@ -10388,8 +10491,8 @@ diff -up openssl-1.0.0-beta3/crypto/mem.
static void (*malloc_debug_func)(void *,int,const char *,int,int)
= CRYPTO_dbg_malloc;
diff -up /dev/null openssl-1.0.0-beta3/crypto/o_init.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/o_init.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/o_init.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,80 @@
+/* o_init.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10473,7 +10576,7 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+
diff -up openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips openssl-1.0.0-beta3/crypto/opensslconf.h.in
--- openssl-1.0.0-beta3/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/opensslconf.h.in 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/opensslconf.h.in 2009-09-30 13:25:58.000000000 +0200
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
@@ -10497,7 +10600,7 @@ diff -up openssl-1.0.0-beta3/crypto/open
diff -up openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c
--- openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/pkcs12/p12_crt.c 2009-09-30 13:25:58.000000000 +0200
@@ -59,6 +59,10 @@
#include <stdio.h>
#include "cryptlib.h"
@@ -10526,7 +10629,7 @@ diff -up openssl-1.0.0-beta3/crypto/pkcs
if (!iter)
diff -up openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips openssl-1.0.0-beta3/crypto/rand/md_rand.c
--- openssl-1.0.0-beta3/crypto/rand/md_rand.c.fips 2009-01-03 10:25:32.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rand/md_rand.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rand/md_rand.c 2009-09-30 13:25:58.000000000 +0200
@@ -126,6 +126,10 @@
#include <openssl/crypto.h>
@@ -10555,7 +10658,7 @@ diff -up openssl-1.0.0-beta3/crypto/rand
{
diff -up openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips openssl-1.0.0-beta3/crypto/rand/rand_err.c
--- openssl-1.0.0-beta3/crypto/rand/rand_err.c.fips 2006-11-21 22:29:41.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rand/rand_err.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rand/rand_err.c 2009-09-30 13:25:58.000000000 +0200
@@ -70,6 +70,13 @@
static ERR_STRING_DATA RAND_str_functs[]=
@@ -10589,8 +10692,8 @@ diff -up openssl-1.0.0-beta3/crypto/rand
};
diff -up openssl-1.0.0-beta3/crypto/rand/rand.h.fips openssl-1.0.0-beta3/crypto/rand/rand.h
---- openssl-1.0.0-beta3/crypto/rand/rand.h.fips 2009-08-11 18:07:29.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rand/rand.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/rand/rand.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rand/rand.h 2009-09-30 13:25:58.000000000 +0200
@@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
@@ -10622,7 +10725,7 @@ diff -up openssl-1.0.0-beta3/crypto/rand
}
diff -up openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta3/crypto/rand/rand_lib.c
--- openssl-1.0.0-beta3/crypto/rand/rand_lib.c.fips 2008-11-12 04:58:04.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rand/rand_lib.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rand/rand_lib.c 2009-09-30 13:25:58.000000000 +0200
@@ -60,6 +60,12 @@
#include <time.h>
#include "cryptlib.h"
@@ -10657,8 +10760,8 @@ diff -up openssl-1.0.0-beta3/crypto/rand
}
diff -up openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips openssl-1.0.0-beta3/crypto/rc2/rc2.h
---- openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rc2/rc2.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/rc2/rc2.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc2/rc2.h 2009-09-30 13:25:58.000000000 +0200
@@ -79,7 +79,9 @@ typedef struct rc2_key_st
RC2_INT data[64];
} RC2_KEY;
@@ -10672,7 +10775,7 @@ diff -up openssl-1.0.0-beta3/crypto/rc2/
int enc);
diff -up openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c
--- openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c.fips 2007-09-18 23:10:32.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc2/rc2_skey.c 2009-09-30 13:25:58.000000000 +0200
@@ -57,6 +57,11 @@
*/
@@ -10706,9 +10809,31 @@ diff -up openssl-1.0.0-beta3/crypto/rc2/
int i,j;
unsigned char *k;
RC2_INT *ki;
+diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl
+--- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100
++++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl 2009-09-30 13:25:58.000000000 +0200
+@@ -202,4 +202,6 @@ RC4_options:
+ .string "rc4(8x,char)"
+ ___
+
++$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne "");
++
+ print $code;
+diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl
+--- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl 2009-09-30 13:25:58.000000000 +0200
+@@ -499,6 +499,8 @@ ___
+
+ $code =~ s/#([bwd])/$1/gm;
+
++$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne "");
++
+ print $code;
+
+ close STDOUT;
diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl
--- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl.fips 2007-12-02 22:32:03.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-586.pl 2009-09-30 13:25:58.000000000 +0200
@@ -166,8 +166,12 @@ $idx="edx";
&external_label("OPENSSL_ia32cap_P");
@@ -10732,31 +10857,9 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/
# const char *RC4_options(void);
&function_begin_B("RC4_options");
-diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl
---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl.fips 2009-02-12 15:48:49.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-s390x.pl 2009-08-11 18:07:30.000000000 +0200
-@@ -202,4 +202,6 @@ RC4_options:
- .string "rc4(8x,char)"
- ___
-
-+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne "");
-+
- print $code;
-diff -up openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl.fips 2009-04-27 21:31:04.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rc4/asm/rc4-x86_64.pl 2009-08-11 18:07:30.000000000 +0200
-@@ -499,6 +499,8 @@ ___
-
- $code =~ s/#([bwd])/$1/gm;
-
-+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne "");
-+
- print $code;
-
- close STDOUT;
diff -up openssl-1.0.0-beta3/crypto/rc4/Makefile.fips openssl-1.0.0-beta3/crypto/rc4/Makefile
--- openssl-1.0.0-beta3/crypto/rc4/Makefile.fips 2009-02-11 11:01:36.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rc4/Makefile 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc4/Makefile 2009-09-30 13:25:58.000000000 +0200
@@ -21,8 +21,8 @@ TEST=rc4test.c
APPS=
@@ -10769,8 +10872,8 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/
SRC= $(LIBSRC)
diff -up /dev/null openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c
---- /dev/null 2009-07-27 08:39:22.849064505 +0200
-+++ openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c 2009-08-11 18:07:30.000000000 +0200
+--- /dev/null 2009-09-23 10:56:02.148001752 +0200
++++ openssl-1.0.0-beta3/crypto/rc4/rc4_fblk.c 2009-09-30 13:25:58.000000000 +0200
@@ -0,0 +1,75 @@
+/* crypto/rc4/rc4_fblk.c */
+/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
@@ -10848,8 +10951,8 @@ diff -up /dev/null openssl-1.0.0-beta3/c
+#endif
+
diff -up openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips openssl-1.0.0-beta3/crypto/rc4/rc4.h
---- openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rc4/rc4.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/rc4/rc4.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc4/rc4.h 2009-09-30 13:25:58.000000000 +0200
@@ -78,6 +78,9 @@ typedef struct rc4_key_st
@@ -10862,7 +10965,7 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/
unsigned char *outdata);
diff -up openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c
--- openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c.fips 2007-01-21 14:07:13.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rc4/rc4_skey.c 2009-09-30 13:25:58.000000000 +0200
@@ -59,6 +59,11 @@
#include <openssl/rc4.h>
#include "rc4_locl.h"
@@ -10901,8 +11004,8 @@ diff -up openssl-1.0.0-beta3/crypto/rc4/
for (i=0;i<256;i++) cp[i]=i;
diff -up openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta3/crypto/ripemd/ripemd.h
---- openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/ripemd/ripemd.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/ripemd/ripemd.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/ripemd/ripemd.h 2009-09-30 13:25:58.000000000 +0200
@@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st
unsigned int num;
} RIPEMD160_CTX;
@@ -10915,7 +11018,7 @@ diff -up openssl-1.0.0-beta3/crypto/ripe
int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
diff -up openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c
--- openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c.fips 2007-01-21 14:07:13.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/ripemd/rmd_dgst.c 2009-09-30 13:25:58.000000000 +0200
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "rmd_locl.h"
@@ -10939,7 +11042,7 @@ diff -up openssl-1.0.0-beta3/crypto/ripe
c->A=RIPEMD160_A;
diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c
--- openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c.fips 2008-09-14 15:51:44.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rsa/rsa_eay.c 2009-09-30 13:25:58.000000000 +0200
@@ -114,6 +114,8 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -11200,7 +11303,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
}
diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_err.c
--- openssl-1.0.0-beta3/crypto/rsa/rsa_err.c.fips 2008-12-29 17:11:56.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/rsa/rsa_err.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rsa/rsa_err.c 2009-09-30 13:25:58.000000000 +0200
@@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
@@ -11229,8 +11332,8 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c
--- openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c.fips 2007-03-28 02:15:27.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c 2009-08-11 18:07:30.000000000 +0200
-@@ -67,6 +67,77 @@
++++ openssl-1.0.0-beta3/crypto/rsa/rsa_gen.c 2009-09-30 16:55:26.000000000 +0200
+@@ -67,6 +67,82 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -11252,16 +11355,19 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
+ const unsigned char tbs[] = "RSA Pairwise Check Data";
+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
+ int len, ret = 0;
-+ EVP_PKEY pk;
-+ pk.type = EVP_PKEY_RSA;
-+ pk.pkey.rsa = rsa;
++ EVP_PKEY *pk;
++
++ if ((pk=EVP_PKEY_new()) == NULL)
++ goto err;
++
++ EVP_PKEY_set1_RSA(pk, rsa);
+
+ /* Perform pairwise consistency signature test */
-+ if (!fips_pkey_signature_test(&pk, tbs, -1,
++ if (!fips_pkey_signature_test(pk, tbs, -1,
+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
-+ || !fips_pkey_signature_test(&pk, tbs, -1,
++ || !fips_pkey_signature_test(pk, tbs, -1,
+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
-+ || !fips_pkey_signature_test(&pk, tbs, -1,
++ || !fips_pkey_signature_test(pk, tbs, -1,
+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+ goto err;
+ /* Now perform pairwise consistency encrypt/decrypt test */
@@ -11301,6 +11407,8 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
+ OPENSSL_free(ctbuf);
+ if (ptbuf)
+ OPENSSL_free(ptbuf);
++ if (pk)
++ EVP_PKEY_free(pk);
+
+ return ret;
+ }
@@ -11308,7 +11416,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
-@@ -90,6 +161,23 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -90,6 +166,23 @@ static int rsa_builtin_keygen(RSA *rsa,
int bitsp,bitsq,ok= -1,n=0;
BN_CTX *ctx=NULL;
@@ -11332,7 +11440,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
-@@ -201,6 +289,17 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -201,6 +294,17 @@ static int rsa_builtin_keygen(RSA *rsa,
p = rsa->p;
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
@@ -11351,8 +11459,8 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
err:
if (ok == -1)
diff -up openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips openssl-1.0.0-beta3/crypto/rsa/rsa.h
---- openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips 2009-08-11 18:07:29.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rsa/rsa.h 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/crypto/rsa/rsa.h.fips 2009-09-30 13:25:56.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rsa/rsa.h 2009-09-30 13:25:58.000000000 +0200
@@ -74,6 +74,21 @@
#error RSA is disabled.
#endif
@@ -11424,7 +11532,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
#define RSA_R_P_NOT_PRIME 128
diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c
--- openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c.fips 2008-08-06 17:54:14.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rsa/rsa_lib.c 2009-09-30 13:25:58.000000000 +0200
@@ -80,6 +80,13 @@ RSA *RSA_new(void)
void RSA_set_default_method(const RSA_METHOD *meth)
@@ -11556,7 +11664,7 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
- }
diff -up openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c
--- openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c.fips 2007-04-24 03:05:42.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/rsa/rsa_sign.c 2009-09-30 13:25:58.000000000 +0200
@@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch
i2d_X509_SIG(&sig,&p);
s=tmps;
@@ -11588,9 +11696,57 @@ diff -up openssl-1.0.0-beta3/crypto/rsa/
if (i <= 0) goto err;
+diff -up openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha_dgst.c
+--- openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0-beta3/crypto/sha/sha_dgst.c 2009-09-30 13:25:58.000000000 +0200
+@@ -57,6 +57,12 @@
+ */
+
+ #include <openssl/opensslconf.h>
++#include <openssl/crypto.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
++#include <openssl/err.h>
+ #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
+
+ #undef SHA_1
+diff -up openssl-1.0.0-beta3/crypto/sha/sha.h.fips openssl-1.0.0-beta3/crypto/sha/sha.h
+--- openssl-1.0.0-beta3/crypto/sha/sha.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/sha/sha.h 2009-09-30 13:25:58.000000000 +0200
+@@ -106,6 +106,9 @@ typedef struct SHAstate_st
+ } SHA_CTX;
+
+ #ifndef OPENSSL_NO_SHA0
++#ifdef OPENSSL_FIPS
++int private_SHA_Init(SHA_CTX *c);
++#endif
+ int SHA_Init(SHA_CTX *c);
+ int SHA_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA_Final(unsigned char *md, SHA_CTX *c);
+diff -up openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta3/crypto/sha/sha_locl.h
+--- openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/sha/sha_locl.h 2009-09-30 13:25:58.000000000 +0200
+@@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c,
+ #define INIT_DATA_h3 0x10325476UL
+ #define INIT_DATA_h4 0xc3d2e1f0UL
+
++#if defined(SHA_0) && defined(OPENSSL_FIPS)
++FIPS_NON_FIPS_MD_Init(SHA)
++#else
+ int HASH_INIT (SHA_CTX *c)
++#endif
+ {
++#if defined(SHA_1) && defined(OPENSSL_FIPS)
++ FIPS_selftest_check();
++#endif
+ memset (c,0,sizeof(*c));
+ c->h0=INIT_DATA_h0;
+ c->h1=INIT_DATA_h1;
diff -up openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha1dgst.c
--- openssl-1.0.0-beta3/crypto/sha/sha1dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/sha/sha1dgst.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/sha/sha1dgst.c 2009-09-30 13:25:58.000000000 +0200
@@ -63,6 +63,10 @@
#define SHA_1
@@ -11604,7 +11760,7 @@ diff -up openssl-1.0.0-beta3/crypto/sha/
diff -up openssl-1.0.0-beta3/crypto/sha/sha256.c.fips openssl-1.0.0-beta3/crypto/sha/sha256.c
--- openssl-1.0.0-beta3/crypto/sha/sha256.c.fips 2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/sha/sha256.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/sha/sha256.c 2009-09-30 13:25:58.000000000 +0200
@@ -12,12 +12,19 @@
#include <openssl/crypto.h>
@@ -11637,7 +11793,7 @@ diff -up openssl-1.0.0-beta3/crypto/sha/
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
diff -up openssl-1.0.0-beta3/crypto/sha/sha512.c.fips openssl-1.0.0-beta3/crypto/sha/sha512.c
--- openssl-1.0.0-beta3/crypto/sha/sha512.c.fips 2008-12-29 13:35:48.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/sha/sha512.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/crypto/sha/sha512.c 2009-09-30 13:25:58.000000000 +0200
@@ -5,6 +5,10 @@
* ====================================================================
*/
@@ -11678,57 +11834,9 @@ diff -up openssl-1.0.0-beta3/crypto/sha/
asm ("rotrdi %0,%1,%2" \
: "=r"(ret) \
: "r"(a),"K"(n)); ret; })
-diff -up openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta3/crypto/sha/sha_dgst.c
---- openssl-1.0.0-beta3/crypto/sha/sha_dgst.c.fips 2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta3/crypto/sha/sha_dgst.c 2009-08-11 18:07:30.000000000 +0200
-@@ -57,6 +57,12 @@
- */
-
- #include <openssl/opensslconf.h>
-+#include <openssl/crypto.h>
-+#ifdef OPENSSL_FIPS
-+#include <openssl/fips.h>
-+#endif
-+
-+#include <openssl/err.h>
- #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
-
- #undef SHA_1
-diff -up openssl-1.0.0-beta3/crypto/sha/sha.h.fips openssl-1.0.0-beta3/crypto/sha/sha.h
---- openssl-1.0.0-beta3/crypto/sha/sha.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/sha/sha.h 2009-08-11 18:07:30.000000000 +0200
-@@ -106,6 +106,9 @@ typedef struct SHAstate_st
- } SHA_CTX;
-
- #ifndef OPENSSL_NO_SHA0
-+#ifdef OPENSSL_FIPS
-+int private_SHA_Init(SHA_CTX *c);
-+#endif
- int SHA_Init(SHA_CTX *c);
- int SHA_Update(SHA_CTX *c, const void *data, size_t len);
- int SHA_Final(unsigned char *md, SHA_CTX *c);
-diff -up openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta3/crypto/sha/sha_locl.h
---- openssl-1.0.0-beta3/crypto/sha/sha_locl.h.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/crypto/sha/sha_locl.h 2009-08-11 18:07:30.000000000 +0200
-@@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c,
- #define INIT_DATA_h3 0x10325476UL
- #define INIT_DATA_h4 0xc3d2e1f0UL
-
-+#if defined(SHA_0) && defined(OPENSSL_FIPS)
-+FIPS_NON_FIPS_MD_Init(SHA)
-+#else
- int HASH_INIT (SHA_CTX *c)
-+#endif
- {
-+#if defined(SHA_1) && defined(OPENSSL_FIPS)
-+ FIPS_selftest_check();
-+#endif
- memset (c,0,sizeof(*c));
- c->h0=INIT_DATA_h0;
- c->h1=INIT_DATA_h1;
diff -up openssl-1.0.0-beta3/Makefile.org.fips openssl-1.0.0-beta3/Makefile.org
---- openssl-1.0.0-beta3/Makefile.org.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/Makefile.org 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/Makefile.org.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/Makefile.org 2009-09-30 13:25:58.000000000 +0200
@@ -109,6 +109,9 @@ LIBKRB5=
ZLIB_INCLUDE=
LIBZLIB=
@@ -11756,124 +11864,9 @@ diff -up openssl-1.0.0-beta3/Makefile.or
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_clnt.c
---- openssl-1.0.0-beta3/ssl/s23_clnt.c.fips 2009-04-07 19:01:07.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/s23_clnt.c 2009-08-11 18:07:30.000000000 +0200
-@@ -332,6 +332,14 @@ static int ssl23_client_hello(SSL *s)
- version_major = TLS1_VERSION_MAJOR;
- version_minor = TLS1_VERSION_MINOR;
- }
-+#ifdef OPENSSL_FIPS
-+ else if(FIPS_mode())
-+ {
-+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-+ return -1;
-+ }
-+#endif
- else if (version == SSL3_VERSION)
- {
- version_major = SSL3_VERSION_MAJOR;
-@@ -615,6 +623,14 @@ static int ssl23_get_server_hello(SSL *s
- if ((p[2] == SSL3_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_SSLv3))
- {
-+#ifdef OPENSSL_FIPS
-+ if(FIPS_mode())
-+ {
-+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-+ goto err;
-+ }
-+#endif
- s->version=SSL3_VERSION;
- s->method=SSLv3_client_method();
- }
-diff -up openssl-1.0.0-beta3/ssl/s23_srvr.c.fips openssl-1.0.0-beta3/ssl/s23_srvr.c
---- openssl-1.0.0-beta3/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/s23_srvr.c 2009-08-11 18:07:30.000000000 +0200
-@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
- }
- }
-
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && (s->version < TLS1_VERSION))
-+ {
-+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-+ goto err;
-+ }
-+#endif
-+
- if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
- {
- /* we have SSLv3/TLSv1 in an SSLv2 header
-diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt.c
---- openssl-1.0.0-beta3/ssl/s3_clnt.c.fips 2009-06-16 18:39:20.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/s3_clnt.c 2009-08-11 18:07:30.000000000 +0200
-@@ -156,6 +156,10 @@
- #include <openssl/objects.h>
- #include <openssl/evp.h>
- #include <openssl/md5.h>
-+#ifdef OPENSSL_FIPS
-+#include <openssl/fips.h>
-+#endif
-+
- #ifndef OPENSSL_NO_DH
- #include <openssl/dh.h>
- #endif
-@@ -1524,6 +1528,8 @@ int ssl3_get_key_exchange(SSL *s)
- q=md_buf;
- for (num=2; num > 0; num--)
- {
-+ EVP_MD_CTX_set_flags(&md_ctx,
-+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c
---- openssl-1.0.0-beta3/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/s3_enc.c 2009-08-11 18:07:30.000000000 +0200
-@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *
- #endif
- k=0;
- EVP_MD_CTX_init(&m5);
-+ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_MD_CTX_init(&s1);
- for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
- {
-@@ -614,6 +615,8 @@ int ssl3_digest_cached_records(SSL *s)
- if ((mask & s->s3->tmp.new_cipher->algorithm2) && md)
- {
- s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
-+ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
-+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
- EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
- }
-@@ -670,6 +673,7 @@ static int ssl3_handshake_mac(SSL *s, in
- return 0;
- }
- EVP_MD_CTX_init(&ctx);
-+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_MD_CTX_copy_ex(&ctx,d);
- n=EVP_MD_CTX_size(&ctx);
- if (n < 0)
-diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr.c
---- openssl-1.0.0-beta3/ssl/s3_srvr.c.fips 2009-06-26 17:04:22.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/s3_srvr.c 2009-08-11 18:07:30.000000000 +0200
-@@ -1674,6 +1674,8 @@ int ssl3_send_server_key_exchange(SSL *s
- j=0;
- for (num=2; num > 0; num--)
- {
-+ EVP_MD_CTX_set_flags(&md_ctx,
-+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips openssl-1.0.0-beta3/ssl/ssl_ciph.c
--- openssl-1.0.0-beta3/ssl/ssl_ciph.c.fips 2009-04-07 14:10:59.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/ssl_ciph.c 2009-09-30 13:25:58.000000000 +0200
@@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
@@ -11898,7 +11891,7 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_cip
#ifdef CIPHER_DEBUG
diff -up openssl-1.0.0-beta3/ssl/ssl_lib.c.fips openssl-1.0.0-beta3/ssl/ssl_lib.c
--- openssl-1.0.0-beta3/ssl/ssl_lib.c.fips 2009-06-30 13:57:24.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/ssl_lib.c 2009-09-30 13:25:58.000000000 +0200
@@ -1470,6 +1470,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
return(NULL);
}
@@ -11915,8 +11908,8 @@ diff -up openssl-1.0.0-beta3/ssl/ssl_lib
{
SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
diff -up openssl-1.0.0-beta3/ssl/ssltest.c.fips openssl-1.0.0-beta3/ssl/ssltest.c
---- openssl-1.0.0-beta3/ssl/ssltest.c.fips 2009-08-11 18:07:30.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/ssltest.c 2009-08-11 18:07:30.000000000 +0200
+--- openssl-1.0.0-beta3/ssl/ssltest.c.fips 2009-09-30 13:25:57.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/ssltest.c 2009-09-30 13:25:58.000000000 +0200
@@ -265,6 +265,9 @@ static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
@@ -11991,9 +11984,124 @@ diff -up openssl-1.0.0-beta3/ssl/ssltest
if(s->version == TLS1_VERSION)
FIPS_allow_md5(0);
# endif
+diff -up openssl-1.0.0-beta3/ssl/s23_clnt.c.fips openssl-1.0.0-beta3/ssl/s23_clnt.c
+--- openssl-1.0.0-beta3/ssl/s23_clnt.c.fips 2009-04-07 19:01:07.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/s23_clnt.c 2009-09-30 13:25:58.000000000 +0200
+@@ -332,6 +332,14 @@ static int ssl23_client_hello(SSL *s)
+ version_major = TLS1_VERSION_MAJOR;
+ version_minor = TLS1_VERSION_MINOR;
+ }
++#ifdef OPENSSL_FIPS
++ else if(FIPS_mode())
++ {
++ SSLerr(SSL_F_SSL23_CLIENT_HELLO,
++ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
++ return -1;
++ }
++#endif
+ else if (version == SSL3_VERSION)
+ {
+ version_major = SSL3_VERSION_MAJOR;
+@@ -615,6 +623,14 @@ static int ssl23_get_server_hello(SSL *s
+ if ((p[2] == SSL3_VERSION_MINOR) &&
+ !(s->options & SSL_OP_NO_SSLv3))
+ {
++#ifdef OPENSSL_FIPS
++ if(FIPS_mode())
++ {
++ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
++ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
++ goto err;
++ }
++#endif
+ s->version=SSL3_VERSION;
+ s->method=SSLv3_client_method();
+ }
+diff -up openssl-1.0.0-beta3/ssl/s23_srvr.c.fips openssl-1.0.0-beta3/ssl/s23_srvr.c
+--- openssl-1.0.0-beta3/ssl/s23_srvr.c.fips 2008-06-03 04:48:34.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/s23_srvr.c 2009-09-30 13:25:58.000000000 +0200
+@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
+ }
+ }
+
++#ifdef OPENSSL_FIPS
++ if (FIPS_mode() && (s->version < TLS1_VERSION))
++ {
++ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
++ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
++ goto err;
++ }
++#endif
++
+ if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
+ {
+ /* we have SSLv3/TLSv1 in an SSLv2 header
+diff -up openssl-1.0.0-beta3/ssl/s3_clnt.c.fips openssl-1.0.0-beta3/ssl/s3_clnt.c
+--- openssl-1.0.0-beta3/ssl/s3_clnt.c.fips 2009-06-16 18:39:20.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/s3_clnt.c 2009-09-30 13:25:58.000000000 +0200
+@@ -156,6 +156,10 @@
+ #include <openssl/objects.h>
+ #include <openssl/evp.h>
+ #include <openssl/md5.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ #ifndef OPENSSL_NO_DH
+ #include <openssl/dh.h>
+ #endif
+@@ -1524,6 +1528,8 @@ int ssl3_get_key_exchange(SSL *s)
+ q=md_buf;
+ for (num=2; num > 0; num--)
+ {
++ EVP_MD_CTX_set_flags(&md_ctx,
++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx,(num == 2)
+ ?s->ctx->md5:s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+diff -up openssl-1.0.0-beta3/ssl/s3_enc.c.fips openssl-1.0.0-beta3/ssl/s3_enc.c
+--- openssl-1.0.0-beta3/ssl/s3_enc.c.fips 2009-04-16 19:22:50.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/s3_enc.c 2009-09-30 13:25:58.000000000 +0200
+@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *
+ #endif
+ k=0;
+ EVP_MD_CTX_init(&m5);
++ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_MD_CTX_init(&s1);
+ for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
+ {
+@@ -614,6 +615,8 @@ int ssl3_digest_cached_records(SSL *s)
+ if ((mask & s->s3->tmp.new_cipher->algorithm2) && md)
+ {
+ s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
++ EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
+ EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
+ }
+@@ -670,6 +673,7 @@ static int ssl3_handshake_mac(SSL *s, in
+ return 0;
+ }
+ EVP_MD_CTX_init(&ctx);
++ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_MD_CTX_copy_ex(&ctx,d);
+ n=EVP_MD_CTX_size(&ctx);
+ if (n < 0)
+diff -up openssl-1.0.0-beta3/ssl/s3_srvr.c.fips openssl-1.0.0-beta3/ssl/s3_srvr.c
+--- openssl-1.0.0-beta3/ssl/s3_srvr.c.fips 2009-06-26 17:04:22.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/s3_srvr.c 2009-09-30 13:25:58.000000000 +0200
+@@ -1674,6 +1674,8 @@ int ssl3_send_server_key_exchange(SSL *s
+ j=0;
+ for (num=2; num > 0; num--)
+ {
++ EVP_MD_CTX_set_flags(&md_ctx,
++ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx,(num == 2)
+ ?s->ctx->md5:s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
diff -up openssl-1.0.0-beta3/ssl/t1_enc.c.fips openssl-1.0.0-beta3/ssl/t1_enc.c
--- openssl-1.0.0-beta3/ssl/t1_enc.c.fips 2009-04-19 20:03:13.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/t1_enc.c 2009-08-11 18:07:30.000000000 +0200
++++ openssl-1.0.0-beta3/ssl/t1_enc.c 2009-09-30 13:25:58.000000000 +0200
@@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md
HMAC_CTX_init(&ctx);
Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -p -r1.141 -r1.142
--- openssl.spec 4 Sep 2009 12:08:42 -0000 1.141
+++ openssl.spec 30 Sep 2009 18:18:48 -0000 1.142
@@ -23,7 +23,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0
-Release: 0.7.%{beta}%{?dist}
+Release: 0.8.%{beta}%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-%{beta}-usa.tar.bz2
@@ -63,10 +63,10 @@ Patch49: openssl-0.9.8k-algo-doc.patch
Patch50: openssl-1.0.0-beta3-curl.patch
Patch51: openssl-1.0.0-beta3-const.patch
Patch52: openssl-1.0.0-beta3-dss1.patch
-Patch53: openssl-1.0.0-beta3-cmll-noasm.patch
# Backported fixes including security fixes
Patch60: openssl-1.0.0-beta3-namingstr.patch
Patch61: openssl-1.0.0-beta3-namingblk.patch
+Patch62: openssl-1.0.0-beta3-camellia-rounds.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -148,9 +148,9 @@ from other formats to the formats used b
%patch50 -p1 -b .curl
%patch51 -p1 -b .const
%patch52 -p1 -b .dss1
-%patch53 -p1 -b .cmll-noasm
%patch60 -p1 -b .namingstr
%patch61 -p1 -b .namingblk
+%patch62 -p1 -b .cmll-rounds
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -399,6 +399,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipsca
%postun -p /sbin/ldconfig
%changelog
+* Wed Sep 30 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.8.beta3
+- fix RSA and DSA FIPS selftests
+- reenable fixed x86_64 camellia assembler code (#521127)
+
* Fri Sep 4 2009 Tomas Mraz <tmraz at redhat.com> 1.0.0-0.7.beta3
- temporarily disable x86_64 camellia assembler code (#521127)
--- openssl-1.0.0-beta3-cmll-noasm.patch DELETED ---
- Previous message (by thread): rpms/monodevelop/devel import.log, 1.24, 1.25 monodevelop.spec, 1.44, 1.45
- Next message (by thread): rpms/python-netaddr/devel .cvsignore, 1.12, 1.13 python-netaddr.spec, 1.17, 1.18 sources, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list