diff --git a/CVE-2019-1551.patch b/CVE-2019-1551.patch new file mode 100644 index 0000000..320fd43 --- /dev/null +++ b/CVE-2019-1551.patch @@ -0,0 +1,757 @@ +From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Wed, 4 Dec 2019 12:48:21 +0100 +Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr + +There is an overflow bug in the x64_64 Montgomery squaring procedure used in +exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis +suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a +result of this defect would be very difficult to perform and are not believed +likely. Attacks against DH512 are considered just feasible. However, for an +attack the target would have to re-use the DH512 private key, which is not +recommended anyway. Also applications directly using the low level API +BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. + +CVE-2019-1551 + +Reviewed-by: Paul Dale +Reviewed-by: Bernd Edlinger +(Merged from https://github.com/openssl/openssl/pull/10575) +--- + crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++++++--------------------- + 1 file changed, 197 insertions(+), 184 deletions(-) + +diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl +index b1797b6..7534d5c 100755 +--- a/crypto/bn/asm/rsaz-x86_64.pl ++++ b/crypto/bn/asm/rsaz-x86_64.pl +@@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul + subq \$128+24, %rsp + .cfi_adjust_cfa_offset 128+24 + .Lsqr_body: +- movq $mod, %rbp # common argument ++ movq $mod, %xmm1 # common off-load + movq ($inp), %rdx + movq 8($inp), %rax + movq $n0, 128(%rsp) +@@ -134,7 +134,8 @@ $code.=<<___; + .Loop_sqr: + movl $times,128+8(%rsp) + #first iteration +- movq %rdx, %rbx ++ movq %rdx, %rbx # 0($inp) ++ mov %rax, %rbp # 8($inp) + mulq %rdx + movq %rax, %r8 + movq 16($inp), %rax +@@ -173,31 +174,29 @@ $code.=<<___; + mulq %rbx + addq %rax, %r14 + movq %rbx, %rax +- movq %rdx, %r15 +- adcq \$0, %r15 ++ adcq \$0, %rdx + +- addq %r8, %r8 #shlq \$1, %r8 +- movq %r9, %rcx +- adcq %r9, %r9 #shld \$1, %r8, %r9 ++ xorq %rcx,%rcx # rcx:r8 = r8 << 1 ++ addq %r8, %r8 ++ movq %rdx, %r15 ++ adcq \$0, %rcx + + mulq %rax +- movq %rax, (%rsp) +- addq %rdx, %r8 +- adcq \$0, %r9 ++ addq %r8, %rdx ++ adcq \$0, %rcx + +- movq %r8, 8(%rsp) +- shrq \$63, %rcx ++ movq %rax, (%rsp) ++ movq %rdx, 8(%rsp) + + #second iteration +- movq 8($inp), %r8 + movq 16($inp), %rax +- mulq %r8 ++ mulq %rbp + addq %rax, %r10 + movq 24($inp), %rax + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r11 + movq 32($inp), %rax + adcq \$0, %rdx +@@ -205,7 +204,7 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r12 + movq 40($inp), %rax + adcq \$0, %rdx +@@ -213,7 +212,7 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r13 + movq 48($inp), %rax + adcq \$0, %rdx +@@ -221,7 +220,7 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r14 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -229,39 +228,39 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + +- mulq %r8 ++ mulq %rbp + addq %rax, %r15 +- movq %r8, %rax ++ movq %rbp, %rax + adcq \$0, %rdx + addq %rbx, %r15 +- movq %rdx, %r8 +- movq %r10, %rdx +- adcq \$0, %r8 ++ adcq \$0, %rdx + +- add %rdx, %rdx +- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 +- movq %r11, %rbx +- adcq %r11, %r11 #shld \$1, %r10, %r11 ++ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 ++ addq %r9, %r9 ++ movq %rdx, %r8 ++ adcq %r10, %r10 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ movq 16($inp), %rbp ++ adcq \$0, %rdx + addq %rax, %r9 ++ movq 24($inp), %rax + adcq %rdx, %r10 +- adcq \$0, %r11 ++ adcq \$0, %rbx + + movq %r9, 16(%rsp) + movq %r10, 24(%rsp) +- shrq \$63, %rbx + + #third iteration +- movq 16($inp), %r9 +- movq 24($inp), %rax +- mulq %r9 ++ mulq %rbp + addq %rax, %r12 + movq 32($inp), %rax + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 ++ mulq %rbp + addq %rax, %r13 + movq 40($inp), %rax + adcq \$0, %rdx +@@ -269,7 +268,7 @@ $code.=<<___; + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 ++ mulq %rbp + addq %rax, %r14 + movq 48($inp), %rax + adcq \$0, %rdx +@@ -277,9 +276,7 @@ $code.=<<___; + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 +- movq %r12, %r10 +- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 ++ mulq %rbp + addq %rax, %r15 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -287,36 +284,40 @@ $code.=<<___; + movq %rdx, %rcx + adcq \$0, %rcx + +- mulq %r9 +- shrq \$63, %r10 ++ mulq %rbp + addq %rax, %r8 +- movq %r9, %rax ++ movq %rbp, %rax + adcq \$0, %rdx + addq %rcx, %r8 +- movq %rdx, %r9 +- adcq \$0, %r9 ++ adcq \$0, %rdx + +- movq %r13, %rcx +- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 ++ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 ++ addq %r11, %r11 ++ movq %rdx, %r9 ++ adcq %r12, %r12 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ movq 24($inp), %r10 ++ adcq \$0, %rdx + addq %rax, %r11 ++ movq 32($inp), %rax + adcq %rdx, %r12 +- adcq \$0, %r13 ++ adcq \$0, %rcx + + movq %r11, 32(%rsp) + movq %r12, 40(%rsp) +- shrq \$63, %rcx + + #fourth iteration +- movq 24($inp), %r10 +- movq 32($inp), %rax ++ mov %rax, %r11 # 32($inp) + mulq %r10 + addq %rax, %r14 + movq 40($inp), %rax + movq %rdx, %rbx + adcq \$0, %rbx + ++ mov %rax, %r12 # 40($inp) + mulq %r10 + addq %rax, %r15 + movq 48($inp), %rax +@@ -325,9 +326,8 @@ $code.=<<___; + movq %rdx, %rbx + adcq \$0, %rbx + ++ mov %rax, %rbp # 48($inp) + mulq %r10 +- movq %r14, %r12 +- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 + addq %rax, %r8 + movq 56($inp), %rax + adcq \$0, %rdx +@@ -336,32 +336,33 @@ $code.=<<___; + adcq \$0, %rbx + + mulq %r10 +- shrq \$63, %r12 + addq %rax, %r9 + movq %r10, %rax + adcq \$0, %rdx + addq %rbx, %r9 +- movq %rdx, %r10 +- adcq \$0, %r10 ++ adcq \$0, %rdx + +- movq %r15, %rbx +- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 ++ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 ++ addq %r13, %r13 ++ movq %rdx, %r10 ++ adcq %r14, %r14 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ adcq \$0, %rdx + addq %rax, %r13 ++ movq %r12, %rax # 40($inp) + adcq %rdx, %r14 +- adcq \$0, %r15 ++ adcq \$0, %rbx + + movq %r13, 48(%rsp) + movq %r14, 56(%rsp) +- shrq \$63, %rbx + + #fifth iteration +- movq 32($inp), %r11 +- movq 40($inp), %rax + mulq %r11 + addq %rax, %r8 +- movq 48($inp), %rax ++ movq %rbp, %rax # 48($inp) + movq %rdx, %rcx + adcq \$0, %rcx + +@@ -369,97 +370,99 @@ $code.=<<___; + addq %rax, %r9 + movq 56($inp), %rax + adcq \$0, %rdx +- movq %r8, %r12 +- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 + addq %rcx, %r9 + movq %rdx, %rcx + adcq \$0, %rcx + ++ mov %rax, %r14 # 56($inp) + mulq %r11 +- shrq \$63, %r12 + addq %rax, %r10 + movq %r11, %rax + adcq \$0, %rdx + addq %rcx, %r10 +- movq %rdx, %r11 +- adcq \$0, %r11 ++ adcq \$0, %rdx + +- movq %r9, %rcx +- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 ++ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 ++ addq %r15, %r15 ++ movq %rdx, %r11 ++ adcq %r8, %r8 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ adcq \$0, %rdx + addq %rax, %r15 ++ movq %rbp, %rax # 48($inp) + adcq %rdx, %r8 +- adcq \$0, %r9 ++ adcq \$0, %rcx + + movq %r15, 64(%rsp) + movq %r8, 72(%rsp) +- shrq \$63, %rcx + + #sixth iteration +- movq 40($inp), %r12 +- movq 48($inp), %rax + mulq %r12 + addq %rax, %r10 +- movq 56($inp), %rax ++ movq %r14, %rax # 56($inp) + movq %rdx, %rbx + adcq \$0, %rbx + + mulq %r12 + addq %rax, %r11 + movq %r12, %rax +- movq %r10, %r15 +- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 + adcq \$0, %rdx +- shrq \$63, %r15 + addq %rbx, %r11 +- movq %rdx, %r12 +- adcq \$0, %r12 ++ adcq \$0, %rdx + +- movq %r11, %rbx +- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 ++ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 ++ addq %r9, %r9 ++ movq %rdx, %r12 ++ adcq %r10, %r10 ++ adcq \$0, %rbx + + mulq %rax ++ addq %rcx, %rax ++ adcq \$0, %rdx + addq %rax, %r9 ++ movq %r14, %rax # 56($inp) + adcq %rdx, %r10 +- adcq \$0, %r11 ++ adcq \$0, %rbx + + movq %r9, 80(%rsp) + movq %r10, 88(%rsp) + + #seventh iteration +- movq 48($inp), %r13 +- movq 56($inp), %rax +- mulq %r13 ++ mulq %rbp + addq %rax, %r12 +- movq %r13, %rax +- movq %rdx, %r13 +- adcq \$0, %r13 ++ movq %rbp, %rax ++ adcq \$0, %rdx + +- xorq %r14, %r14 +- shlq \$1, %rbx +- adcq %r12, %r12 #shld \$1, %rbx, %r12 +- adcq %r13, %r13 #shld \$1, %r12, %r13 +- adcq %r14, %r14 #shld \$1, %r13, %r14 ++ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 ++ addq %r11, %r11 ++ movq %rdx, %r13 ++ adcq %r12, %r12 ++ adcq \$0, %rcx + + mulq %rax ++ addq %rbx, %rax ++ adcq \$0, %rdx + addq %rax, %r11 ++ movq %r14, %rax # 56($inp) + adcq %rdx, %r12 +- adcq \$0, %r13 ++ adcq \$0, %rcx + + movq %r11, 96(%rsp) + movq %r12, 104(%rsp) + + #eighth iteration +- movq 56($inp), %rax ++ xorq %rbx, %rbx # rbx:r13 = r13 << 1 ++ addq %r13, %r13 ++ adcq \$0, %rbx ++ + mulq %rax +- addq %rax, %r13 ++ addq %rcx, %rax + adcq \$0, %rdx +- +- addq %rdx, %r14 +- +- movq %r13, 112(%rsp) +- movq %r14, 120(%rsp) ++ addq %r13, %rax ++ adcq %rbx, %rdx + + movq (%rsp), %r8 + movq 8(%rsp), %r9 +@@ -469,6 +472,10 @@ $code.=<<___; + movq 40(%rsp), %r13 + movq 48(%rsp), %r14 + movq 56(%rsp), %r15 ++ movq %xmm1, %rbp ++ ++ movq %rax, 112(%rsp) ++ movq %rdx, 120(%rsp) + + call __rsaz_512_reduce + +@@ -500,9 +507,9 @@ $code.=<<___; + .Loop_sqrx: + movl $times,128+8(%rsp) + movq $out, %xmm0 # off-load +- movq %rbp, %xmm1 # off-load + #first iteration + mulx %rax, %r8, %r9 ++ mov %rax, %rbx + + mulx 16($inp), %rcx, %r10 + xor %rbp, %rbp # cf=0, of=0 +@@ -510,40 +517,39 @@ $code.=<<___; + mulx 24($inp), %rax, %r11 + adcx %rcx, %r9 + +- mulx 32($inp), %rcx, %r12 ++ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 + adcx %rax, %r10 + +- mulx 40($inp), %rax, %r13 ++ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 + adcx %rcx, %r11 + +- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 ++ mulx 48($inp), %rcx, %r14 + adcx %rax, %r12 + adcx %rcx, %r13 + +- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 ++ mulx 56($inp), %rax, %r15 + adcx %rax, %r14 + adcx %rbp, %r15 # %rbp is 0 + +- mov %r9, %rcx +- shld \$1, %r8, %r9 +- shl \$1, %r8 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx +- adcx %rdx, %r8 +- mov 8($inp), %rdx +- adcx %rbp, %r9 ++ mulx %rdx, %rax, $out ++ mov %rbx, %rdx # 8($inp) ++ xor %rcx, %rcx ++ adox %r8, %r8 ++ adcx $out, %r8 ++ adox %rbp, %rcx ++ adcx %rbp, %rcx + + mov %rax, (%rsp) + mov %r8, 8(%rsp) + + #second iteration +- mulx 16($inp), %rax, %rbx ++ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx + adox %rax, %r10 + adcx %rbx, %r11 + +- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 ++ mulx 24($inp), $out, %r8 + adox $out, %r11 ++ .byte 0x66 + adcx %r8, %r12 + + mulx 32($inp), %rax, %rbx +@@ -561,24 +567,25 @@ $code.=<<___; + .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 + adox $out, %r15 + adcx %rbp, %r8 ++ mulx %rdx, %rax, $out + adox %rbp, %r8 ++ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx + +- mov %r11, %rbx +- shld \$1, %r10, %r11 +- shld \$1, %rcx, %r10 +- +- xor %ebp,%ebp +- mulx %rdx, %rax, %rcx +- mov 16($inp), %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r9, %r9 ++ adcx %rbp, $out ++ adox %r10, %r10 + adcx %rax, %r9 +- adcx %rcx, %r10 +- adcx %rbp, %r11 ++ adox %rbp, %rbx ++ adcx $out, %r10 ++ adcx %rbp, %rbx + + mov %r9, 16(%rsp) + .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) + + #third iteration +- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 ++ mulx 24($inp), $out, %r9 + adox $out, %r12 + adcx %r9, %r13 + +@@ -586,7 +593,7 @@ $code.=<<___; + adox %rax, %r13 + adcx %rcx, %r14 + +- mulx 40($inp), $out, %r9 ++ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 + adox $out, %r14 + adcx %r9, %r15 + +@@ -594,27 +601,28 @@ $code.=<<___; + adox %rax, %r15 + adcx %rcx, %r8 + +- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 ++ mulx 56($inp), $out, %r9 + adox $out, %r8 + adcx %rbp, %r9 ++ mulx %rdx, %rax, $out + adox %rbp, %r9 ++ mov 24($inp), %rdx + +- mov %r13, %rcx +- shld \$1, %r12, %r13 +- shld \$1, %rbx, %r12 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rcx, %rcx ++ adcx %rbx, %rax ++ adox %r11, %r11 ++ adcx %rbp, $out ++ adox %r12, %r12 + adcx %rax, %r11 +- adcx %rdx, %r12 +- mov 24($inp), %rdx +- adcx %rbp, %r13 ++ adox %rbp, %rcx ++ adcx $out, %r12 ++ adcx %rbp, %rcx + + mov %r11, 32(%rsp) +- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) ++ mov %r12, 40(%rsp) + + #fourth iteration +- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx ++ mulx 32($inp), %rax, %rbx + adox %rax, %r14 + adcx %rbx, %r15 + +@@ -629,25 +637,25 @@ $code.=<<___; + mulx 56($inp), $out, %r10 + adox $out, %r9 + adcx %rbp, %r10 ++ mulx %rdx, %rax, $out + adox %rbp, %r10 ++ mov 32($inp), %rdx + +- .byte 0x66 +- mov %r15, %rbx +- shld \$1, %r14, %r15 +- shld \$1, %rcx, %r14 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r13, %r13 ++ adcx %rbp, $out ++ adox %r14, %r14 + adcx %rax, %r13 +- adcx %rdx, %r14 +- mov 32($inp), %rdx +- adcx %rbp, %r15 ++ adox %rbp, %rbx ++ adcx $out, %r14 ++ adcx %rbp, %rbx + + mov %r13, 48(%rsp) + mov %r14, 56(%rsp) + + #fifth iteration +- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 ++ mulx 40($inp), $out, %r11 + adox $out, %r8 + adcx %r11, %r9 + +@@ -658,18 +666,19 @@ $code.=<<___; + mulx 56($inp), $out, %r11 + adox $out, %r10 + adcx %rbp, %r11 ++ mulx %rdx, %rax, $out ++ mov 40($inp), %rdx + adox %rbp, %r11 + +- mov %r9, %rcx +- shld \$1, %r8, %r9 +- shld \$1, %rbx, %r8 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rcx, %rcx ++ adcx %rbx, %rax ++ adox %r15, %r15 ++ adcx %rbp, $out ++ adox %r8, %r8 + adcx %rax, %r15 +- adcx %rdx, %r8 +- mov 40($inp), %rdx +- adcx %rbp, %r9 ++ adox %rbp, %rcx ++ adcx $out, %r8 ++ adcx %rbp, %rcx + + mov %r15, 64(%rsp) + mov %r8, 72(%rsp) +@@ -682,18 +691,19 @@ $code.=<<___; + .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 + adox $out, %r11 + adcx %rbp, %r12 ++ mulx %rdx, %rax, $out + adox %rbp, %r12 ++ mov 48($inp), %rdx + +- mov %r11, %rbx +- shld \$1, %r10, %r11 +- shld \$1, %rcx, %r10 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r9, %r9 ++ adcx %rbp, $out ++ adox %r10, %r10 + adcx %rax, %r9 +- adcx %rdx, %r10 +- mov 48($inp), %rdx +- adcx %rbp, %r11 ++ adcx $out, %r10 ++ adox %rbp, %rbx ++ adcx %rbp, %rbx + + mov %r9, 80(%rsp) + mov %r10, 88(%rsp) +@@ -703,31 +713,31 @@ $code.=<<___; + adox %rax, %r12 + adox %rbp, %r13 + +- xor %r14, %r14 +- shld \$1, %r13, %r14 +- shld \$1, %r12, %r13 +- shld \$1, %rbx, %r12 +- +- xor %ebp, %ebp +- mulx %rdx, %rax, %rdx +- adcx %rax, %r11 +- adcx %rdx, %r12 ++ mulx %rdx, %rax, $out ++ xor %rcx, %rcx + mov 56($inp), %rdx +- adcx %rbp, %r13 ++ adcx %rbx, %rax ++ adox %r11, %r11 ++ adcx %rbp, $out ++ adox %r12, %r12 ++ adcx %rax, %r11 ++ adox %rbp, %rcx ++ adcx $out, %r12 ++ adcx %rbp, %rcx + + .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) + .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) + + #eighth iteration + mulx %rdx, %rax, %rdx +- adox %rax, %r13 +- adox %rbp, %rdx ++ xor %rbx, %rbx ++ adcx %rcx, %rax ++ adox %r13, %r13 ++ adcx %rbp, %rdx ++ adox %rbp, %rbx ++ adcx %r13, %rax ++ adcx %rdx, %rbx + +- .byte 0x66 +- add %rdx, %r14 +- +- movq %r13, 112(%rsp) +- movq %r14, 120(%rsp) + movq %xmm0, $out + movq %xmm1, %rbp + +@@ -741,6 +751,9 @@ $code.=<<___; + movq 48(%rsp), %r14 + movq 56(%rsp), %r15 + ++ movq %rax, 112(%rsp) ++ movq %rbx, 120(%rsp) ++ + call __rsaz_512_reducex + + addq 64(%rsp), %r8 +-- +1.7.12.4 + diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch index 3ff5aa4..9063069 100644 --- a/openssl-1.1.1-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c ---- openssl-1.1.1b/apps/pkcs12.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/apps/pkcs12.c 2019-05-24 12:08:40.524523735 +0200 +diff -up openssl-1.1.1d/apps/pkcs12.c.fips openssl-1.1.1d/apps/pkcs12.c +--- openssl-1.1.1d/apps/pkcs12.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/apps/pkcs12.c 2019-09-13 15:13:11.022525640 +0200 @@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv) int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; @@ -10,10 +10,10 @@ diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c # else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; # endif -diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c ---- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200 -+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200 -@@ -1592,7 +1592,8 @@ int speed_main(int argc, char **argv) +diff -up openssl-1.1.1d/apps/speed.c.fips openssl-1.1.1d/apps/speed.c +--- openssl-1.1.1d/apps/speed.c.fips 2019-10-03 16:51:22.019915908 +0200 ++++ openssl-1.1.1d/apps/speed.c 2019-10-03 17:40:09.909994582 +0200 +@@ -1595,7 +1595,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) @@ -23,7 +23,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c continue; } if (found(*argv, rsa_choices, &i)) { -@@ -1602,7 +1603,9 @@ int speed_main(int argc, char **argv) +@@ -1605,7 +1606,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -34,7 +34,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1633,19 +1636,21 @@ int speed_main(int argc, char **argv) +@@ -1636,19 +1639,21 @@ int speed_main(int argc, char **argv) } if (strcmp(*argv, "ecdh") == 0) { for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) @@ -60,7 +60,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c eddsa_doit[i] = 2; continue; } -@@ -1734,23 +1739,30 @@ int speed_main(int argc, char **argv) +@@ -1737,23 +1742,31 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -87,16 +87,18 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) ecdsa_doit[loop] = 1; for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) - ecdh_doit[loop] = 1; +- ecdh_doit[loop] = 1; - for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) - eddsa_doit[loop] = 1; ++ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448)) ++ ecdh_doit[loop] = 1; + if (!FIPS_mode()) + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) -@@ -1798,30 +1810,46 @@ int speed_main(int argc, char **argv) +@@ -1801,30 +1814,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -153,7 +155,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -2118,6 +2146,7 @@ int speed_main(int argc, char **argv) +@@ -2122,6 +2151,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -161,10 +163,10 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.1b/Configure.fips openssl-1.1.1b/Configure ---- openssl-1.1.1b/Configure.fips 2019-02-28 11:30:06.775746246 +0100 -+++ openssl-1.1.1b/Configure 2019-02-28 11:30:06.779746172 +0100 -@@ -313,7 +313,7 @@ $config{sdirs} = [ +diff -up openssl-1.1.1d/Configure.fips openssl-1.1.1d/Configure +--- openssl-1.1.1d/Configure.fips 2019-09-13 15:13:11.017525727 +0200 ++++ openssl-1.1.1d/Configure 2019-09-13 15:13:11.023525622 +0200 +@@ -307,7 +307,7 @@ $config{sdirs} = [ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", @@ -173,9 +175,9 @@ diff -up openssl-1.1.1b/Configure.fips openssl-1.1.1b/Configure "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1b/crypto/cmac/cm_pmeth.c ---- openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/cmac/cm_pmeth.c 2019-05-06 14:55:32.866749109 +0200 +diff -up openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1d/crypto/cmac/cm_pmeth.c +--- openssl-1.1.1d/crypto/cmac/cm_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/cmac/cm_pmeth.c 2019-09-13 15:13:11.023525622 +0200 @@ -129,7 +129,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD cmac_pkey_meth = { @@ -185,9 +187,9 @@ diff -up openssl-1.1.1b/crypto/cmac/cm_pmeth.c.fips openssl-1.1.1b/crypto/cmac/c pkey_cmac_init, pkey_cmac_copy, pkey_cmac_cleanup, -diff -up openssl-1.1.1b/crypto/dh/dh_err.c.fips openssl-1.1.1b/crypto/dh/dh_err.c ---- openssl-1.1.1b/crypto/dh/dh_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_err.c 2019-02-28 11:30:06.779746172 +0100 +diff -up openssl-1.1.1d/crypto/dh/dh_err.c.fips openssl-1.1.1d/crypto/dh/dh_err.c +--- openssl-1.1.1d/crypto/dh/dh_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_err.c 2019-09-13 15:13:11.023525622 +0200 @@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), @@ -213,9 +215,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_err.c.fips openssl-1.1.1b/crypto/dh/dh_err. {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen.c ---- openssl-1.1.1b/crypto/dh/dh_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_gen.c 2019-02-28 11:30:06.780746153 +0100 +diff -up openssl-1.1.1d/crypto/dh/dh_gen.c.fips openssl-1.1.1d/crypto/dh/dh_gen.c +--- openssl-1.1.1d/crypto/dh/dh_gen.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_gen.c 2019-09-13 15:13:11.023525622 +0200 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -240,7 +242,7 @@ diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen. if (ret->meth->generate_params) return ret->meth->generate_params(ret, prime_len, generator, cb); return dh_builtin_genparams(ret, prime_len, generator, cb); -@@ -62,6 +72,18 @@ static int dh_builtin_genparams(DH *ret, +@@ -65,6 +75,18 @@ static int dh_builtin_genparams(DH *ret, int g, ok = -1; BN_CTX *ctx = NULL; @@ -259,9 +261,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_gen.c.fips openssl-1.1.1b/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key.c ---- openssl-1.1.1b/crypto/dh/dh_key.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_key.c 2019-02-28 11:30:06.780746153 +0100 +diff -up openssl-1.1.1d/crypto/dh/dh_key.c.fips openssl-1.1.1d/crypto/dh/dh_key.c +--- openssl-1.1.1d/crypto/dh/dh_key.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_key.c 2019-09-13 15:13:11.024525605 +0200 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -321,7 +323,7 @@ diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key. if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); return 0; -@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke +@@ -179,6 +204,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -335,7 +337,7 @@ diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -228,6 +260,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -345,9 +347,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_key.c.fips openssl-1.1.1b/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips openssl-1.1.1b/crypto/dh/dh_pmeth.c ---- openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dh/dh_pmeth.c 2019-05-06 14:57:29.184723430 +0200 +diff -up openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips openssl-1.1.1d/crypto/dh/dh_pmeth.c +--- openssl-1.1.1d/crypto/dh/dh_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dh/dh_pmeth.c 2019-09-13 15:13:11.024525605 +0200 @@ -480,7 +480,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX * const EVP_PKEY_METHOD dh_pkey_meth = { @@ -366,9 +368,9 @@ diff -up openssl-1.1.1b/crypto/dh/dh_pmeth.c.fips openssl-1.1.1b/crypto/dh/dh_pm pkey_dh_init, pkey_dh_copy, pkey_dh_cleanup, -diff -up openssl-1.1.1b/crypto/dsa/dsa_err.c.fips openssl-1.1.1b/crypto/dsa/dsa_err.c ---- openssl-1.1.1b/crypto/dsa/dsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_err.c 2019-02-28 11:30:06.798745819 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_err.c.fips openssl-1.1.1d/crypto/dsa/dsa_err.c +--- openssl-1.1.1d/crypto/dsa/dsa_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_err.c 2019-09-13 15:14:33.737079876 +0200 @@ -16,12 +16,15 @@ static const ERR_STRING_DATA DSA_str_functs[] = { {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, @@ -385,22 +387,24 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_err.c.fips openssl-1.1.1b/crypto/dsa/dsa_ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, -@@ -51,9 +54,12 @@ static const ERR_STRING_DATA DSA_str_rea +@@ -51,11 +54,14 @@ static const ERR_STRING_DATA DSA_str_rea {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_INVALID), "key size invalid"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), + "missing private key"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, -diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_gen.c ---- openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_gen.c 2019-02-28 11:30:06.799745800 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips openssl-1.1.1d/crypto/dsa/dsa_gen.c +--- openssl-1.1.1d/crypto/dsa/dsa_gen.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_gen.c 2019-09-13 15:13:11.046525220 +0200 @@ -22,12 +22,22 @@ #include #include @@ -440,7 +444,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ } } -@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -309,7 +325,7 @@ int dsa_builtin_paramgen2(DSA *ret, size int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { @@ -449,7 +453,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ unsigned char *seed = NULL, *seed_tmp = NULL; unsigned char md[EVP_MAX_MD_SIZE]; int mdsize; -@@ -333,6 +349,20 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -332,6 +348,20 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; } @@ -459,7 +463,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ + goto err; + } + -+ if (FIPS_mode() && (L != 1024 || N != 160) && ++ if (FIPS_mode() && + (L != 2048 || N != 224) && (L != 2048 || N != 256) && + (L != 3072 || N != 256)) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID); @@ -470,7 +474,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); -@@ -433,9 +463,10 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -432,9 +462,10 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; /* Provided seed didn't produce a prime: error */ if (seed_in) { @@ -484,7 +488,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ } /* do a callback call */ -@@ -521,11 +552,14 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -520,11 +551,14 @@ int dsa_builtin_paramgen2(DSA *ret, size if (counter >= (int)(4 * L)) break; } @@ -499,7 +503,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ } end: if (!BN_GENCB_call(cb, 2, 1)) -@@ -596,7 +630,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -595,7 +629,7 @@ int dsa_builtin_paramgen2(DSA *ret, size BN_free(ret->g); ret->g = BN_dup(g); if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { @@ -508,7 +512,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ goto err; } if (counter_ret != NULL) -@@ -614,3 +648,53 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -612,3 +646,53 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX_free(mctx); return ok; } @@ -562,9 +566,9 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_gen.c.fips openssl-1.1.1b/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.1b/crypto/dsa/dsa_key.c.fips openssl-1.1.1b/crypto/dsa/dsa_key.c ---- openssl-1.1.1b/crypto/dsa/dsa_key.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_key.c 2019-02-28 11:30:06.799745800 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_key.c.fips openssl-1.1.1d/crypto/dsa/dsa_key.c +--- openssl-1.1.1d/crypto/dsa/dsa_key.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_key.c 2019-09-13 15:13:11.046525220 +0200 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -644,9 +648,9 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_key.c.fips openssl-1.1.1b/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa_ossl.c ---- openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_ossl.c 2019-02-28 11:30:06.800745781 +0100 +diff -up openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1d/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1d/crypto/dsa/dsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_ossl.c 2019-09-13 15:13:11.047525203 +0200 @@ -14,6 +14,9 @@ #include #include "dsa_locl.h" @@ -657,7 +661,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -73,6 +76,19 @@ static DSA_SIG *dsa_do_sign(const unsign +@@ -77,6 +80,19 @@ static DSA_SIG *dsa_do_sign(const unsign goto err; } @@ -677,7 +681,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa ret = DSA_SIG_new(); if (ret == NULL) goto err; -@@ -301,6 +317,18 @@ static int dsa_do_verify(const unsigned +@@ -315,6 +331,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -696,7 +700,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -389,6 +417,9 @@ static int dsa_do_verify(const unsigned +@@ -403,6 +431,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -706,10 +710,10 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1b/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return 1; } -diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/dsa/dsa_pmeth.c 2019-02-28 11:30:06.800745781 +0100 -@@ -211,8 +211,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT +diff -up openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1d/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1d/crypto/dsa/dsa_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/dsa/dsa_pmeth.c 2019-09-13 15:13:11.047525203 +0200 +@@ -215,8 +215,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; } @@ -720,7 +724,7 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -@@ -241,7 +241,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX +@@ -245,7 +245,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD dsa_pkey_meth = { EVP_PKEY_DSA, @@ -729,9 +733,9 @@ diff -up openssl-1.1.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1b/crypto/dsa/ds pkey_dsa_init, pkey_dsa_copy, pkey_dsa_cleanup, -diff -up openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdh_ossl.c ---- openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ecdh_ossl.c 2019-02-28 11:30:06.801745763 +0100 +diff -up openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1d/crypto/ec/ecdh_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ecdh_ossl.c 2019-09-13 15:13:11.047525203 +0200 @@ -19,9 +19,20 @@ #include #include "ec_lcl.h" @@ -753,9 +757,9 @@ diff -up openssl-1.1.1b/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ecdsa_ossl.c 2019-02-28 11:30:06.801745763 +0100 +diff -up openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1d/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1d/crypto/ec/ecdsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c 2019-09-13 15:13:11.047525203 +0200 @@ -14,6 +14,10 @@ #include "internal/bn_int.h" #include "ec_lcl.h" @@ -767,7 +771,7 @@ diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecd int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -159,6 +163,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns +@@ -163,6 +167,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns ECDSA_SIG *ret; const BIGNUM *priv_key; @@ -781,7 +785,7 @@ diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecd group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); -@@ -317,6 +328,13 @@ int ossl_ecdsa_verify_sig(const unsigned +@@ -325,6 +336,13 @@ int ossl_ecdsa_verify_sig(const unsigned const EC_GROUP *group; const EC_POINT *pub_key; @@ -795,9 +799,9 @@ diff -up openssl-1.1.1b/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1b/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.1b/crypto/ec/ec_key.c.fips openssl-1.1.1b/crypto/ec/ec_key.c ---- openssl-1.1.1b/crypto/ec/ec_key.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ec_key.c 2019-02-28 11:30:06.802745744 +0100 +diff -up openssl-1.1.1d/crypto/ec/ec_key.c.fips openssl-1.1.1d/crypto/ec/ec_key.c +--- openssl-1.1.1d/crypto/ec/ec_key.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ec_key.c 2019-09-13 15:13:11.048525186 +0200 @@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY return eckey->engine; } @@ -863,10 +867,10 @@ diff -up openssl-1.1.1b/crypto/ec/ec_key.c.fips openssl-1.1.1b/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips openssl-1.1.1b/crypto/ec/ec_pmeth.c ---- openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/ec/ec_pmeth.c 2019-05-06 14:47:34.651077251 +0200 -@@ -434,7 +434,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * +diff -up openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips openssl-1.1.1d/crypto/ec/ec_pmeth.c +--- openssl-1.1.1d/crypto/ec/ec_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/ec/ec_pmeth.c 2019-09-13 15:13:11.048525186 +0200 +@@ -438,7 +438,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX * const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, @@ -875,9 +879,9 @@ diff -up openssl-1.1.1b/crypto/ec/ec_pmeth.c.fips openssl-1.1.1b/crypto/ec/ec_pm pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, -diff -up openssl-1.1.1b/crypto/evp/c_allc.c.fips openssl-1.1.1b/crypto/evp/c_allc.c ---- openssl-1.1.1b/crypto/evp/c_allc.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/c_allc.c 2019-02-28 11:30:06.802745744 +0100 +diff -up openssl-1.1.1d/crypto/evp/c_allc.c.fips openssl-1.1.1d/crypto/evp/c_allc.c +--- openssl-1.1.1d/crypto/evp/c_allc.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/c_allc.c 2019-09-13 15:13:11.048525186 +0200 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -959,9 +963,9 @@ diff -up openssl-1.1.1b/crypto/evp/c_allc.c.fips openssl-1.1.1b/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_alld.c ---- openssl-1.1.1b/crypto/evp/c_alld.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/c_alld.c 2019-02-28 11:30:06.803745726 +0100 +diff -up openssl-1.1.1d/crypto/evp/c_alld.c.fips openssl-1.1.1d/crypto/evp/c_alld.c +--- openssl-1.1.1d/crypto/evp/c_alld.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/c_alld.c 2019-09-13 15:13:11.048525186 +0200 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -997,9 +1001,9 @@ diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/digest.c ---- openssl-1.1.1c/crypto/evp/digest.c.fips 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/crypto/evp/digest.c 2019-05-29 15:47:59.220499971 +0200 +diff -up openssl-1.1.1d/crypto/evp/digest.c.fips openssl-1.1.1d/crypto/evp/digest.c +--- openssl-1.1.1d/crypto/evp/digest.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/digest.c 2019-09-13 15:13:11.049525168 +0200 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -1060,95 +1064,28 @@ diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes.c ---- openssl-1.1.1b/crypto/evp/e_aes.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_aes.c 2019-05-06 16:32:41.631668333 +0200 -@@ -387,22 +387,33 @@ static int aesni_xts_init_key(EVP_CIPHER - return 1; - - if (key) { -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ const int bits = bytes * 8; -+ -+ /* -+ * Verify that the two keys are different. -+ * -+ * This addresses Rogaway's vulnerability. -+ * See comment in aes_xts_init_key() below. -+ */ -+ if (memcmp(key, key + bytes, bytes) == 0) { -+ EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); -+ return 0; -+ } -+ - /* key_len is two AES keys */ - if (enc) { -- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aesni_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_encrypt; - xctx->stream = aesni_xts_encrypt; - } else { -- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aesni_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_decrypt; - xctx->stream = aesni_xts_decrypt; +diff -up openssl-1.1.1d/crypto/evp/e_aes.c.fips openssl-1.1.1d/crypto/evp/e_aes.c +--- openssl-1.1.1d/crypto/evp/e_aes.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_aes.c 2019-09-13 17:19:00.558994569 +0200 +@@ -397,7 +397,7 @@ static int aesni_xts_init_key(EVP_CIPHER + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ +- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ++ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; } - -- aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aesni_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -791,7 +802,21 @@ static int aes_t4_xts_init_key(EVP_CIPHE - return 1; - - if (key) { -- int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ const int bits = bytes * 8; -+ -+ /* -+ * Verify that the two keys are different. -+ * -+ * This addresses Rogaway's vulnerability. -+ * See comment in aes_xts_init_key() below. -+ */ -+ if (memcmp(key, key + bytes, bytes) == 0) { -+ EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); -+ return 0; -+ } -+ - xctx->stream = NULL; - /* key_len is two AES keys */ - if (enc) { -@@ -808,8 +833,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE - return 0; - } - } else { -- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: -@@ -823,9 +847,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE - } +@@ -817,7 +817,7 @@ static int aes_t4_xts_init_key(EVP_CIPHE + * This addresses Rogaway's vulnerability. + * See comment in aes_xts_init_key() below. + */ +- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ++ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; } - -- aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aes_t4_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -2794,9 +2816,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX +@@ -2833,9 +2833,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -1161,7 +1098,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { -@@ -2826,6 +2848,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -2869,6 +2869,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; @@ -1173,8 +1110,8 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { if (gctx->iv != c->iv) -@@ -3275,11 +3302,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX - | EVP_CIPH_CUSTOM_COPY) +@@ -3318,11 +3323,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX + | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) @@ -1191,123 +1128,16 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -3313,8 +3343,33 @@ static int aes_xts_init_key(EVP_CIPHER_C - if (!iv && !key) - return 1; - -- if (key) -+ if (key) { - do { -+ /* The key is two half length keys in reality */ -+ const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; -+ const int bits = bytes * 8; -+ -+ /* -+ * Verify that the two keys are different. -+ * -+ * This addresses the vulnerability described in Rogaway's -+ * September 2004 paper: -+ * -+ * "Efficient Instantiations of Tweakable Blockciphers and -+ * Refinements to Modes OCB and PMAC". -+ * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf) -+ * -+ * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states -+ * that: -+ * "The check for Key_1 != Key_2 shall be done at any place -+ * BEFORE using the keys in the XTS-AES algorithm to process -+ * data with them." -+ */ -+ if (memcmp(key, key + bytes, bytes) == 0) { -+ EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); -+ return 0; -+ } -+ - #ifdef AES_XTS_ASM - xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; - #else -@@ -3324,26 +3379,20 @@ static int aes_xts_init_key(EVP_CIPHER_C - #ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - if (enc) { -- HWAES_set_encrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_encrypt; - # ifdef HWAES_xts_encrypt - xctx->stream = HWAES_xts_encrypt; - # endif - } else { -- HWAES_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_decrypt; - # ifdef HWAES_xts_decrypt - xctx->stream = HWAES_xts_decrypt; - #endif - } - -- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) HWAES_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -3358,20 +3407,14 @@ static int aes_xts_init_key(EVP_CIPHER_C - #ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - if (enc) { -- vpaes_set_encrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_encrypt; - } else { -- vpaes_set_decrypt_key(key, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_decrypt; - } - -- vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) vpaes_encrypt; - - xctx->xts.key1 = &xctx->ks1; -@@ -3381,22 +3424,19 @@ static int aes_xts_init_key(EVP_CIPHER_C - (void)0; /* terminate potentially open 'else' */ - - if (enc) { -- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ AES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_encrypt; - } else { -- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks1.ks); -+ AES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_decrypt; +@@ -3380,7 +3388,7 @@ static int aes_xts_init_key(EVP_CIPHER_C + * BEFORE using the keys in the XTS-AES algorithm to process + * data with them." + */ +- if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { ++ if (CRYPTO_memcmp(key, key + bytes, bytes) == 0) { + EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS); + return 0; } - -- AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, -- EVP_CIPHER_CTX_key_length(ctx) * 4, -- &xctx->ks2.ks); -+ AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) AES_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } while (0); -+ } - - if (iv) { - xctx->xts.key2 = &xctx->ks2; -@@ -3414,6 +3454,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -3484,6 +3492,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; @@ -1322,7 +1152,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, -@@ -3431,8 +3479,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -3501,8 +3517,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) @@ -1335,7 +1165,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -3697,11 +3747,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX +@@ -3772,11 +3790,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX #define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, @@ -1350,7 +1180,7 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. typedef struct { union { -@@ -3794,7 +3844,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT +@@ -3869,7 +3887,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT return rv ? (int)rv : -1; } @@ -1359,9 +1189,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_aes.c.fips openssl-1.1.1b/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.1b/crypto/evp/e_des3.c.fips openssl-1.1.1b/crypto/evp/e_des3.c ---- openssl-1.1.1b/crypto/evp/e_des3.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_des3.c 2019-02-28 11:30:06.804745707 +0100 +diff -up openssl-1.1.1d/crypto/evp/e_des3.c.fips openssl-1.1.1d/crypto/evp/e_des3.c +--- openssl-1.1.1d/crypto/evp/e_des3.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_des3.c 2019-09-13 15:13:11.050525151 +0200 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1388,9 +1218,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_des3.c.fips openssl-1.1.1b/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.1b/crypto/evp/e_null.c.fips openssl-1.1.1b/crypto/evp/e_null.c ---- openssl-1.1.1b/crypto/evp/e_null.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/e_null.c 2019-02-28 11:30:06.805745688 +0100 +diff -up openssl-1.1.1d/crypto/evp/e_null.c.fips openssl-1.1.1d/crypto/evp/e_null.c +--- openssl-1.1.1d/crypto/evp/e_null.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/e_null.c 2019-09-13 15:13:11.051525133 +0200 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1401,9 +1231,9 @@ diff -up openssl-1.1.1b/crypto/evp/e_null.c.fips openssl-1.1.1b/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.fips openssl-1.1.1b/crypto/evp/evp_enc.c ---- openssl-1.1.1b/crypto/evp/evp_enc.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-02-28 11:30:06.805745688 +0100 +diff -up openssl-1.1.1d/crypto/evp/evp_enc.c.fips openssl-1.1.1d/crypto/evp/evp_enc.c +--- openssl-1.1.1d/crypto/evp/evp_enc.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_enc.c 2019-09-13 15:13:11.051525133 +0200 @@ -17,10 +17,19 @@ #include #include "internal/evp_int.h" @@ -1479,27 +1309,18 @@ diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.fips openssl-1.1.1b/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_err.c ---- openssl-1.1.1b/crypto/evp/evp_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-05-06 16:41:08.565739361 +0200 -@@ -15,11 +15,16 @@ - - static const ERR_STRING_DATA EVP_str_functs[] = { - {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), -+ "aes_t4_xts_init_key"}, +diff -up openssl-1.1.1d/crypto/evp/evp_err.c.fips openssl-1.1.1d/crypto/evp/evp_err.c +--- openssl-1.1.1d/crypto/evp/evp_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-13 15:25:47.290298192 +0200 +@@ -23,6 +23,7 @@ static const ERR_STRING_DATA EVP_str_fun + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0), + "aes_t4_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, - {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, -@@ -179,6 +180,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -186,6 +187,7 @@ static const ERR_STRING_DATA EVP_str_rea "different key types"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, @@ -1507,7 +1328,7 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), "error loading section"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), -@@ -241,6 +243,7 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -248,6 +250,7 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -1515,20 +1336,18 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.fips openssl-1.1.1b/crypto/evp/evp_ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, -@@ -266,6 +269,10 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -273,6 +276,8 @@ static const ERR_STRING_DATA EVP_str_rea "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), + "xts data unit is too large"}, -+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), -+ "xts duplicated keys"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), + "xts duplicated keys"}, {0, NULL} - }; - -diff -up openssl-1.1.1b/crypto/evp/evp_lib.c.fips openssl-1.1.1b/crypto/evp/evp_lib.c ---- openssl-1.1.1b/crypto/evp/evp_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/evp_lib.c 2019-02-28 11:30:06.806745670 +0100 +diff -up openssl-1.1.1d/crypto/evp/evp_lib.c.fips openssl-1.1.1d/crypto/evp/evp_lib.c +--- openssl-1.1.1d/crypto/evp/evp_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_lib.c 2019-09-13 15:13:11.051525133 +0200 @@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) @@ -1539,9 +1358,9 @@ diff -up openssl-1.1.1b/crypto/evp/evp_lib.c.fips openssl-1.1.1b/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.1b/crypto/evp/m_sha1.c.fips openssl-1.1.1b/crypto/evp/m_sha1.c ---- openssl-1.1.1b/crypto/evp/m_sha1.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/m_sha1.c 2019-02-28 11:30:06.806745670 +0100 +diff -up openssl-1.1.1d/crypto/evp/m_sha1.c.fips openssl-1.1.1d/crypto/evp/m_sha1.c +--- openssl-1.1.1d/crypto/evp/m_sha1.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/m_sha1.c 2019-09-13 15:13:11.052525116 +0200 @@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, @@ -1605,10 +1424,10 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha1.c.fips openssl-1.1.1b/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha3.c ---- openssl-1.1.1b/crypto/evp/m_sha3.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/m_sha3.c 2019-05-06 16:12:23.012851747 +0200 -@@ -292,7 +292,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) +diff -up openssl-1.1.1d/crypto/evp/m_sha3.c.fips openssl-1.1.1d/crypto/evp/m_sha3.c +--- openssl-1.1.1d/crypto/evp/m_sha3.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/m_sha3.c 2019-09-13 15:13:11.052525116 +0200 +@@ -295,7 +295,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ @@ -1617,7 +1436,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha s390x_sha3_init, \ s390x_sha3_update, \ s390x_sha3_final, \ -@@ -305,7 +305,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) +@@ -308,7 +308,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ @@ -1626,7 +1445,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha sha3_init, \ sha3_update, \ sha3_final, \ -@@ -326,7 +326,7 @@ const EVP_MD *EVP_shake##bitlen(void) +@@ -329,7 +329,7 @@ const EVP_MD *EVP_shake##bitlen(void) NID_shake##bitlen, \ 0, \ bitlen / 8, \ @@ -1635,7 +1454,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha s390x_shake_init, \ s390x_sha3_update, \ s390x_shake_final, \ -@@ -340,7 +340,7 @@ const EVP_MD *EVP_shake##bitlen(void) +@@ -343,7 +343,7 @@ const EVP_MD *EVP_shake##bitlen(void) NID_shake##bitlen, \ 0, \ bitlen / 8, \ @@ -1644,7 +1463,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -@@ -364,7 +364,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) +@@ -367,7 +367,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) NID_sha3_##bitlen, \ NID_RSA_SHA3_##bitlen, \ bitlen / 8, \ @@ -1653,7 +1472,7 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha sha3_init, \ sha3_update, \ sha3_final, \ -@@ -383,7 +383,7 @@ const EVP_MD *EVP_shake##bitlen(void) +@@ -386,7 +386,7 @@ const EVP_MD *EVP_shake##bitlen(void) NID_shake##bitlen, \ 0, \ bitlen / 8, \ @@ -1662,9 +1481,9 @@ diff -up openssl-1.1.1b/crypto/evp/m_sha3.c.fips openssl-1.1.1b/crypto/evp/m_sha shake_init, \ sha3_update, \ sha3_final, \ -diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pmeth_lib.c ---- openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/evp/pmeth_lib.c 2019-05-06 15:11:33.207095983 +0200 +diff -up openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips openssl-1.1.1d/crypto/evp/pmeth_lib.c +--- openssl-1.1.1d/crypto/evp/pmeth_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/pmeth_lib.c 2019-09-13 15:13:11.052525116 +0200 @@ -131,7 +131,15 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKE pmeth = ENGINE_get_pkey_meth(e, id); else @@ -1681,9 +1500,9 @@ diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pm if (pmeth == NULL) { #ifndef OPENSSL_NO_ENGINE -diff -up openssl-1.1.1b/crypto/fips/build.info.fips openssl-1.1.1b/crypto/fips/build.info ---- openssl-1.1.1b/crypto/fips/build.info.fips 2019-02-28 11:30:06.806745670 +0100 -+++ openssl-1.1.1b/crypto/fips/build.info 2019-02-28 11:30:06.806745670 +0100 +diff -up openssl-1.1.1d/crypto/fips/build.info.fips openssl-1.1.1d/crypto/fips/build.info +--- openssl-1.1.1d/crypto/fips/build.info.fips 2019-09-13 15:13:11.052525116 +0200 ++++ openssl-1.1.1d/crypto/fips/build.info 2019-09-13 15:13:11.052525116 +0200 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1700,9 +1519,9 @@ diff -up openssl-1.1.1b/crypto/fips/build.info.fips openssl-1.1.1b/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips 2019-02-28 11:30:06.807745651 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_aes_selftest.c 2019-02-28 11:30:06.807745651 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_aes_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_aes_selftest.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2076,9 +1895,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1b/cryp +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips.c.fips openssl-1.1.1b/crypto/fips/fips.c ---- openssl-1.1.1b/crypto/fips/fips.c.fips 2019-02-28 11:30:06.807745651 +0100 -+++ openssl-1.1.1b/crypto/fips/fips.c 2019-02-28 11:30:06.807745651 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips.c.fips openssl-1.1.1d/crypto/fips/fips.c +--- openssl-1.1.1d/crypto/fips/fips.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2606,9 +2425,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips.c.fips openssl-1.1.1b/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c 2019-02-28 11:30:06.808745633 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_cmac_selftest.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2766,9 +2585,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1b/cry + return rv; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_des_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips 2019-02-28 11:30:06.808745633 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_des_selftest.c 2019-02-28 11:30:06.808745633 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_des_selftest.c.fips 2019-09-13 15:13:11.053525098 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_des_selftest.c 2019-09-13 15:13:11.053525098 +0200 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2903,9 +2722,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1b/cryp + return ret; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips 2019-02-28 11:30:06.810745596 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_dh_selftest.c 2019-02-28 11:30:06.810745596 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_dh_selftest.c.fips 2019-09-13 15:13:11.055525063 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_dh_selftest.c 2019-09-13 15:13:11.055525063 +0200 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3087,9 +2906,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1b/crypt + return ret; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips 2019-02-28 11:30:06.811745577 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c 2019-02-28 11:30:06.811745577 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c.fips 2019-09-13 15:13:11.055525063 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_ctr.c 2019-09-13 15:13:11.055525063 +0200 @@ -0,0 +1,406 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3497,9 +3316,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1b/crypto/f + + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips 2019-02-28 11:30:06.811745577 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_hash.c 2019-02-28 11:30:06.811745577 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_hash.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_hash.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,354 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3855,9 +3674,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1b/crypto/ + + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips 2019-02-28 11:30:06.811745577 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c 2019-02-28 11:30:06.811745577 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_hmac.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,262 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4121,9 +3940,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1b/crypto/ + + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips 2019-02-28 11:30:06.812745558 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_lib.c 2019-02-28 11:30:06.812745558 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_lib.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_lib.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,528 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4653,9 +4472,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1b/crypto/f +{ + /* Just backwards compatibility API call with no effect. */ +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips 2019-02-28 11:30:06.812745558 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_rand.c 2019-02-28 11:30:06.812745558 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_rand.c.fips 2019-09-13 15:13:11.056525046 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_rand.c 2019-09-13 15:13:11.056525046 +0200 @@ -0,0 +1,185 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4842,9 +4661,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1b/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips 2019-02-28 11:30:06.812745558 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c 2019-02-28 11:30:06.812745558 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c.fips 2019-09-13 15:13:11.057525028 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c 2019-09-13 15:13:11.057525028 +0200 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5674,9 +5493,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1b/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips 2019-02-28 11:30:06.813745540 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h 2019-02-28 11:30:06.813745540 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h.fips 2019-09-13 15:13:11.057525028 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.h 2019-09-13 15:13:11.057525028 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7469,9 +7288,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1b/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c 2019-02-28 11:30:06.814745521 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c.fips 2019-09-13 15:13:11.057525028 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c 2019-09-13 15:13:11.057525028 +0200 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7668,9 +7487,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1b/cryp + return ret; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c 2019-02-28 11:30:06.814745521 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7914,9 +7733,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1b/cry +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips 2019-02-28 11:30:06.814745521 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c 2019-02-28 11:30:06.814745521 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_ecdsa_selftest.c 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8084,9 +7903,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1b/cr +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_err.h.fips openssl-1.1.1b/crypto/fips/fips_err.h ---- openssl-1.1.1b/crypto/fips/fips_err.h.fips 2019-05-06 16:08:46.792598211 +0200 -+++ openssl-1.1.1b/crypto/fips/fips_err.h 2019-05-06 16:19:56.403993551 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips_err.h.fips openssl-1.1.1d/crypto/fips/fips_err.h +--- openssl-1.1.1d/crypto/fips/fips_err.h.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_err.h 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,197 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8285,9 +8104,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_err.h.fips openssl-1.1.1b/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.1b/crypto/fips/fips_ers.c.fips openssl-1.1.1b/crypto/fips/fips_ers.c ---- openssl-1.1.1b/crypto/fips/fips_ers.c.fips 2019-02-28 11:30:06.815745503 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_ers.c 2019-02-28 11:30:06.815745503 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_ers.c.fips openssl-1.1.1d/crypto/fips/fips_ers.c +--- openssl-1.1.1d/crypto/fips/fips_ers.c.fips 2019-09-13 15:13:11.058525011 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_ers.c 2019-09-13 15:13:11.058525011 +0200 @@ -0,0 +1,7 @@ +#include + @@ -8296,9 +8115,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_ers.c.fips openssl-1.1.1b/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips 2019-02-28 11:30:06.815745503 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c 2019-02-28 11:30:06.815745503 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c.fips 2019-09-13 15:13:11.059524993 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_hmac_selftest.c 2019-09-13 15:13:11.059524993 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8434,9 +8253,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1b/cry + return 1; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_locl.h.fips openssl-1.1.1b/crypto/fips/fips_locl.h ---- openssl-1.1.1b/crypto/fips/fips_locl.h.fips 2019-02-28 11:30:06.815745503 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_locl.h 2019-02-28 11:30:06.815745503 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_locl.h.fips openssl-1.1.1d/crypto/fips/fips_locl.h +--- openssl-1.1.1d/crypto/fips/fips_locl.h.fips 2019-09-13 15:13:11.059524993 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_locl.h 2019-09-13 15:13:11.059524993 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8509,9 +8328,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_locl.h.fips openssl-1.1.1b/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_post.c.fips openssl-1.1.1b/crypto/fips/fips_post.c ---- openssl-1.1.1b/crypto/fips/fips_post.c.fips 2019-05-06 16:08:46.794598177 +0200 -+++ openssl-1.1.1b/crypto/fips/fips_post.c 2019-05-06 16:08:46.794598177 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips_post.c.fips openssl-1.1.1d/crypto/fips/fips_post.c +--- openssl-1.1.1d/crypto/fips/fips_post.c.fips 2019-09-13 15:13:11.059524993 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_post.c 2019-09-13 15:13:11.059524993 +0200 @@ -0,0 +1,224 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8737,9 +8556,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_post.c.fips openssl-1.1.1b/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1b/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips 2019-02-28 11:30:06.816745484 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_rand_lcl.h 2019-02-28 11:30:06.816745484 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1d/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1d/crypto/fips/fips_rand_lcl.h.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_rand_lcl.h 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,203 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8944,9 +8763,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1b/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1b/crypto/fips/fips_rand_lib.c ---- openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips 2019-02-28 11:30:06.816745484 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_rand_lib.c 2019-02-28 11:30:06.816745484 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1d/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1d/crypto/fips/fips_rand_lib.c.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_rand_lib.c 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9182,9 +9001,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1b/crypto/f +# endif +} + -diff -up openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips 2019-02-28 11:30:06.816745484 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c 2019-02-28 11:30:06.816745484 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_rsa_selftest.c 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,338 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -9524,9 +9343,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1b/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1b/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips 2019-05-06 16:08:46.795598159 +0200 -+++ openssl-1.1.1b/crypto/fips/fips_sha_selftest.c 2019-05-06 17:35:40.211316880 +0200 +diff -up openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1d/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1d/crypto/fips/fips_sha_selftest.c.fips 2019-09-13 15:13:11.060524976 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_sha_selftest.c 2019-09-13 15:13:11.060524976 +0200 @@ -0,0 +1,223 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9751,9 +9570,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1b/cryp +} + +#endif -diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips 2019-02-28 11:30:06.817745466 +0100 -+++ openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c.fips 2019-09-13 15:13:11.061524958 +0200 ++++ openssl-1.1.1d/crypto/fips/fips_standalone_hmac.c 2019-09-13 15:13:11.061524958 +0200 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -9882,9 +9701,9 @@ diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/c +#endif + return 0; +} -diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac.c ---- openssl-1.1.1c/crypto/hmac/hmac.c.fips 2019-05-29 15:46:19.138261106 +0200 -+++ openssl-1.1.1c/crypto/hmac/hmac.c 2019-05-29 15:49:09.508263133 +0200 +diff -up openssl-1.1.1d/crypto/hmac/hmac.c.fips openssl-1.1.1d/crypto/hmac/hmac.c +--- openssl-1.1.1d/crypto/hmac/hmac.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/hmac/hmac.c 2019-09-13 15:13:11.061524958 +0200 @@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo return 0; @@ -9899,9 +9718,9 @@ diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac. reset = 1; j = EVP_MD_block_size(md); if (!ossl_assert(j <= (int)sizeof(ctx->key))) -diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/hm_pmeth.c ---- openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/hmac/hm_pmeth.c 2019-05-06 14:56:01.123257022 +0200 +diff -up openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1d/crypto/hmac/hm_pmeth.c +--- openssl-1.1.1d/crypto/hmac/hm_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/hmac/hm_pmeth.c 2019-09-13 15:13:11.061524958 +0200 @@ -180,7 +180,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C const EVP_PKEY_METHOD hmac_pkey_meth = { @@ -9911,9 +9730,9 @@ diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/h pkey_hmac_init, pkey_hmac_copy, pkey_hmac_cleanup, -diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/crypto/include/internal/fips_int.h ---- openssl-1.1.1b/crypto/include/internal/fips_int.h.fips 2019-02-28 11:30:06.817745466 +0100 -+++ openssl-1.1.1b/crypto/include/internal/fips_int.h 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips openssl-1.1.1d/crypto/include/internal/fips_int.h +--- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips 2019-09-13 15:13:11.061524958 +0200 ++++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2019-09-13 15:13:11.061524958 +0200 @@ -0,0 +1,98 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10013,9 +9832,9 @@ diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.1b/crypto/o_fips.c.fips openssl-1.1.1b/crypto/o_fips.c ---- openssl-1.1.1b/crypto/o_fips.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/o_fips.c 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/o_fips.c.fips openssl-1.1.1d/crypto/o_fips.c +--- openssl-1.1.1d/crypto/o_fips.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/o_fips.c 2019-09-13 15:13:11.061524958 +0200 @@ -8,17 +8,28 @@ */ @@ -10045,9 +9864,9 @@ diff -up openssl-1.1.1b/crypto/o_fips.c.fips openssl-1.1.1b/crypto/o_fips.c return 0; +#endif } -diff -up openssl-1.1.1b/crypto/o_init.c.fips openssl-1.1.1b/crypto/o_init.c ---- openssl-1.1.1b/crypto/o_init.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/o_init.c 2019-02-28 11:30:06.817745466 +0100 +diff -up openssl-1.1.1d/crypto/o_init.c.fips openssl-1.1.1d/crypto/o_init.c +--- openssl-1.1.1d/crypto/o_init.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/o_init.c 2019-09-13 15:13:11.062524941 +0200 @@ -7,8 +7,68 @@ * https://www.openssl.org/source/license.html */ @@ -10117,9 +9936,9 @@ diff -up openssl-1.1.1b/crypto/o_init.c.fips openssl-1.1.1b/crypto/o_init.c /* * Perform any essential OpenSSL initialization operations. Currently does -diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/rand_lib.c ---- openssl-1.1.1b/crypto/rand/rand_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rand/rand_lib.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rand/rand_lib.c.fips openssl-1.1.1d/crypto/rand/rand_lib.c +--- openssl-1.1.1d/crypto/rand/rand_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rand/rand_lib.c 2019-09-13 15:13:11.062524941 +0200 @@ -16,6 +16,10 @@ #include "internal/thread_once.h" #include "rand_lcl.h" @@ -10131,7 +9950,7 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/r #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ -@@ -857,3 +861,15 @@ int RAND_status(void) +@@ -959,3 +963,15 @@ int RAND_status(void) return meth->status(); return 0; } @@ -10147,9 +9966,9 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lib.c.fips openssl-1.1.1b/crypto/rand/r + return 1; +} +#endif -diff -up openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1b/crypto/rsa/rsa_crpt.c ---- openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_crpt.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1d/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1d/crypto/rsa/rsa_crpt.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_crpt.c 2019-09-13 15:13:11.062524941 +0200 @@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -10203,9 +10022,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1b/crypto/rsa/rsa return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_err.c ---- openssl-1.1.1b/crypto/rsa/rsa_err.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_err.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_err.c.fips openssl-1.1.1d/crypto/rsa/rsa_err.c +--- openssl-1.1.1d/crypto/rsa/rsa_err.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_err.c 2019-09-13 15:13:11.062524941 +0200 @@ -16,6 +16,8 @@ static const ERR_STRING_DATA RSA_str_functs[] = { {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, @@ -10248,7 +10067,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, {0, NULL} }; -@@ -181,6 +192,7 @@ static const ERR_STRING_DATA RSA_str_rea +@@ -183,6 +194,7 @@ static const ERR_STRING_DATA RSA_str_rea "mp exponent not congruent to d"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, @@ -10256,7 +10075,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), -@@ -189,6 +201,8 @@ static const ERR_STRING_DATA RSA_str_rea +@@ -191,6 +203,8 @@ static const ERR_STRING_DATA RSA_str_rea "n does not equal p q"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, @@ -10265,7 +10084,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), -@@ -224,6 +238,8 @@ static const ERR_STRING_DATA RSA_str_rea +@@ -226,6 +240,8 @@ static const ERR_STRING_DATA RSA_str_rea "unsupported mask algorithm"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"}, @@ -10274,9 +10093,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_err.c.fips openssl-1.1.1b/crypto/rsa/rsa_ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, -diff -up openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips openssl-1.1.1b/crypto/rsa/rsa_gen.c ---- openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_gen.c 2019-02-28 11:30:06.818745447 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips openssl-1.1.1d/crypto/rsa/rsa_gen.c +--- openssl-1.1.1d/crypto/rsa/rsa_gen.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_gen.c 2019-09-13 15:13:11.063524923 +0200 @@ -18,6 +18,76 @@ #include "internal/cryptlib.h" #include @@ -10669,9 +10488,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_gen.c.fips openssl-1.1.1b/crypto/rsa/rsa_ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -diff -up openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips openssl-1.1.1b/crypto/rsa/rsa_lib.c ---- openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_lib.c 2019-02-28 11:30:06.819745428 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips openssl-1.1.1d/crypto/rsa/rsa_lib.c +--- openssl-1.1.1d/crypto/rsa/rsa_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_lib.c 2019-09-13 15:13:11.063524923 +0200 @@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ @@ -10714,9 +10533,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_lib.c.fips openssl-1.1.1b/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa_ossl.c ---- openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_ossl.c 2019-02-28 11:31:57.315691372 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1d/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1d/crypto/rsa/rsa_ossl.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_ossl.c 2019-09-13 15:13:11.063524923 +0200 @@ -12,6 +12,10 @@ #include "rsa_locl.h" #include "internal/constant_time_locl.h" @@ -10764,7 +10583,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -@@ -247,6 +273,22 @@ static int rsa_ossl_private_encrypt(int +@@ -246,6 +272,22 @@ static int rsa_ossl_private_encrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -10787,7 +10606,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -377,6 +419,22 @@ static int rsa_ossl_private_decrypt(int +@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -10810,7 +10629,7 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -500,6 +558,22 @@ static int rsa_ossl_public_decrypt(int f +@@ -507,6 +565,22 @@ static int rsa_ossl_public_decrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -10833,9 +10652,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1b/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1b/crypto/rsa/rsa_pmeth.c ---- openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips 2019-05-06 14:48:26.514174053 +0200 -+++ openssl-1.1.1b/crypto/rsa/rsa_pmeth.c 2019-05-06 14:45:46.732956649 +0200 +diff -up openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1d/crypto/rsa/rsa_pmeth.c +--- openssl-1.1.1d/crypto/rsa/rsa_pmeth.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_pmeth.c 2019-09-13 15:13:11.063524923 +0200 @@ -756,7 +756,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX const EVP_PKEY_METHOD rsa_pkey_meth = { @@ -10854,9 +10673,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.1.1b/crypto/rsa/rs pkey_rsa_init, pkey_rsa_copy, pkey_rsa_cleanup, -diff -up openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips openssl-1.1.1b/crypto/rsa/rsa_sign.c ---- openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/rsa/rsa_sign.c 2019-02-28 11:30:06.819745428 +0100 +diff -up openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips openssl-1.1.1d/crypto/rsa/rsa_sign.c +--- openssl-1.1.1d/crypto/rsa/rsa_sign.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/rsa/rsa_sign.c 2019-09-13 15:13:11.064524906 +0200 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -10883,9 +10702,9 @@ diff -up openssl-1.1.1b/crypto/rsa/rsa_sign.c.fips openssl-1.1.1b/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.1b/crypto/sha/sha256.c.fips openssl-1.1.1b/crypto/sha/sha256.c ---- openssl-1.1.1b/crypto/sha/sha256.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/sha/sha256.c 2019-02-28 11:30:06.819745428 +0100 +diff -up openssl-1.1.1d/crypto/sha/sha256.c.fips openssl-1.1.1d/crypto/sha/sha256.c +--- openssl-1.1.1d/crypto/sha/sha256.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/sha/sha256.c 2019-09-13 15:13:11.064524906 +0200 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -10906,9 +10725,9 @@ diff -up openssl-1.1.1b/crypto/sha/sha256.c.fips openssl-1.1.1b/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.1b/crypto/sha/sha512.c.fips openssl-1.1.1b/crypto/sha/sha512.c ---- openssl-1.1.1b/crypto/sha/sha512.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/crypto/sha/sha512.c 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/crypto/sha/sha512.c.fips openssl-1.1.1d/crypto/sha/sha512.c +--- openssl-1.1.1d/crypto/sha/sha512.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/sha/sha512.c 2019-09-13 15:13:11.064524906 +0200 @@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) @@ -10929,9 +10748,9 @@ diff -up openssl-1.1.1b/crypto/sha/sha512.c.fips openssl-1.1.1b/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.1b/crypto/sha/sha_locl.h.fips openssl-1.1.1b/crypto/sha/sha_locl.h ---- openssl-1.1.1b/crypto/sha/sha_locl.h.fips 2019-02-28 11:30:06.628748979 +0100 -+++ openssl-1.1.1b/crypto/sha/sha_locl.h 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/crypto/sha/sha_locl.h.fips openssl-1.1.1d/crypto/sha/sha_locl.h +--- openssl-1.1.1d/crypto/sha/sha_locl.h.fips 2019-09-13 15:13:10.837528873 +0200 ++++ openssl-1.1.1d/crypto/sha/sha_locl.h 2019-09-13 15:13:11.064524906 +0200 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -10942,9 +10761,9 @@ diff -up openssl-1.1.1b/crypto/sha/sha_locl.h.fips openssl-1.1.1b/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod ---- openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/doc/man3/DSA_generate_parameters.pod 2019-09-13 15:13:11.064524906 +0200 @@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -10958,9 +10777,9 @@ diff -up openssl-1.1.1b/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1b DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.1b/include/openssl/crypto.h.fips openssl-1.1.1b/include/openssl/crypto.h ---- openssl-1.1.1b/include/openssl/crypto.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/crypto.h 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/include/openssl/crypto.h.fips openssl-1.1.1d/include/openssl/crypto.h +--- openssl-1.1.1d/include/openssl/crypto.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/crypto.h 2019-09-13 15:13:11.065524888 +0200 @@ -331,6 +331,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -10973,10 +10792,10 @@ diff -up openssl-1.1.1b/include/openssl/crypto.h.fips openssl-1.1.1b/include/ope void OPENSSL_init(void); # ifdef OPENSSL_SYS_UNIX void OPENSSL_fork_prepare(void); -diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/openssl/dherr.h ---- openssl-1.1.1b/include/openssl/dherr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dherr.h 2019-02-28 11:30:06.820745410 +0100 -@@ -32,6 +32,9 @@ int ERR_load_DH_strings(void); +diff -up openssl-1.1.1d/include/openssl/dherr.h.fips openssl-1.1.1d/include/openssl/dherr.h +--- openssl-1.1.1d/include/openssl/dherr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dherr.h 2019-09-13 15:13:11.065524888 +0200 +@@ -36,6 +36,9 @@ int ERR_load_DH_strings(void); # define DH_F_DH_CMS_DECRYPT 114 # define DH_F_DH_CMS_SET_PEERKEY 115 # define DH_F_DH_CMS_SET_SHARED_INFO 116 @@ -10986,7 +10805,7 @@ diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/open # define DH_F_DH_METH_DUP 117 # define DH_F_DH_METH_NEW 118 # define DH_F_DH_METH_SET1_NAME 119 -@@ -69,12 +72,14 @@ int ERR_load_DH_strings(void); +@@ -73,12 +76,14 @@ int ERR_load_DH_strings(void); # define DH_R_INVALID_PARAMETER_NID 114 # define DH_R_INVALID_PUBKEY 102 # define DH_R_KDF_PARAMETER_ERROR 112 @@ -11001,9 +10820,9 @@ diff -up openssl-1.1.1b/include/openssl/dherr.h.fips openssl-1.1.1b/include/open # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.1b/include/openssl/dh.h.fips openssl-1.1.1b/include/openssl/dh.h ---- openssl-1.1.1b/include/openssl/dh.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dh.h 2019-02-28 11:30:06.820745410 +0100 +diff -up openssl-1.1.1d/include/openssl/dh.h.fips openssl-1.1.1d/include/openssl/dh.h +--- openssl-1.1.1d/include/openssl/dh.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dh.h 2019-09-13 15:13:11.065524888 +0200 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -11012,10 +10831,10 @@ diff -up openssl-1.1.1b/include/openssl/dh.h.fips openssl-1.1.1b/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -diff -up openssl-1.1.1b/include/openssl/dsaerr.h.fips openssl-1.1.1b/include/openssl/dsaerr.h ---- openssl-1.1.1b/include/openssl/dsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dsaerr.h 2019-02-28 11:30:06.821745391 +0100 -@@ -25,8 +25,11 @@ int ERR_load_DSA_strings(void); +diff -up openssl-1.1.1d/include/openssl/dsaerr.h.fips openssl-1.1.1d/include/openssl/dsaerr.h +--- openssl-1.1.1d/include/openssl/dsaerr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dsaerr.h 2019-09-13 15:16:32.263008157 +0200 +@@ -29,8 +29,11 @@ int ERR_load_DSA_strings(void); */ # define DSA_F_DSAPARAMS_PRINT 100 # define DSA_F_DSAPARAMS_PRINT_FP 101 @@ -11027,22 +10846,23 @@ diff -up openssl-1.1.1b/include/openssl/dsaerr.h.fips openssl-1.1.1b/include/ope # define DSA_F_DSA_DO_SIGN 112 # define DSA_F_DSA_DO_VERIFY 113 # define DSA_F_DSA_METH_DUP 127 -@@ -56,9 +59,12 @@ int ERR_load_DSA_strings(void); +@@ -60,10 +63,13 @@ int ERR_load_DSA_strings(void); # define DSA_R_DECODE_ERROR 104 # define DSA_R_INVALID_DIGEST_TYPE 106 # define DSA_R_INVALID_PARAMETERS 112 +# define DSA_R_KEY_SIZE_INVALID 201 +# define DSA_R_KEY_SIZE_TOO_SMALL 202 # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MISSING_PRIVATE_KEY 111 # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NO_PARAMETERS_SET 107 +# define DSA_R_NON_FIPS_DSA_METHOD 200 # define DSA_R_PARAMETER_ENCODING_ERROR 105 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.1b/include/openssl/dsa.h.fips openssl-1.1.1b/include/openssl/dsa.h ---- openssl-1.1.1b/include/openssl/dsa.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/dsa.h 2019-02-28 11:30:06.821745391 +0100 +diff -up openssl-1.1.1d/include/openssl/dsa.h.fips openssl-1.1.1d/include/openssl/dsa.h +--- openssl-1.1.1d/include/openssl/dsa.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/dsa.h 2019-09-13 15:13:11.065524888 +0200 @@ -31,6 +31,7 @@ extern "C" { # endif @@ -11051,26 +10871,29 @@ diff -up openssl-1.1.1b/include/openssl/dsa.h.fips openssl-1.1.1b/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/openssl/evperr.h ---- openssl-1.1.1b/include/openssl/evperr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/evperr.h 2019-05-06 16:40:21.324571446 +0200 -@@ -20,11 +20,15 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1d/include/openssl/evperr.h.fips openssl-1.1.1d/include/openssl/evperr.h +--- openssl-1.1.1d/include/openssl/evperr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-13 15:18:17.552167810 +0200 +@@ -24,14 +24,15 @@ int ERR_load_EVP_strings(void); * EVP function codes. */ # define EVP_F_AESNI_INIT_KEY 165 +-# define EVP_F_AESNI_XTS_INIT_KEY 207 +# define EVP_F_AESNI_XTS_INIT_KEY 233 # define EVP_F_AES_GCM_CTRL 196 # define EVP_F_AES_INIT_KEY 133 # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 +-# define EVP_F_AES_T4_XTS_INIT_KEY 208 +# define EVP_F_AES_T4_XTS_INIT_KEY 234 # define EVP_F_AES_WRAP_CIPHER 170 +-# define EVP_F_AES_XTS_INIT_KEY 209 +# define EVP_F_AES_XTS_CIPHER 229 +# define EVP_F_AES_XTS_INIT_KEY 235 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_ARIA_CCM_INIT_KEY 175 # define EVP_F_ARIA_GCM_CTRL 197 -@@ -133,6 +134,7 @@ int ERR_load_EVP_strings(void); +@@ -142,6 +143,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -11078,7 +10901,7 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/ope # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -175,6 +177,7 @@ int ERR_load_EVP_strings(void); +@@ -184,6 +186,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -11086,18 +10909,19 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.fips openssl-1.1.1b/include/ope # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -@@ -190,5 +193,7 @@ int ERR_load_EVP_strings(void); +@@ -199,6 +202,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_SALT_TYPE 126 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +-# define EVP_R_XTS_DUPLICATED_KEYS 183 +# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191 +# define EVP_R_XTS_DUPLICATED_KEYS 192 #endif -diff -up openssl-1.1.1b/include/openssl/evp.h.fips openssl-1.1.1b/include/openssl/evp.h ---- openssl-1.1.1b/include/openssl/evp.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/evp.h 2019-05-06 14:54:13.213136281 +0200 -@@ -1319,6 +1319,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP +diff -up openssl-1.1.1d/include/openssl/evp.h.fips openssl-1.1.1d/include/openssl/evp.h +--- openssl-1.1.1d/include/openssl/evp.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/evp.h 2019-09-13 15:13:11.066524871 +0200 +@@ -1324,6 +1324,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 @@ -11107,9 +10931,9 @@ diff -up openssl-1.1.1b/include/openssl/evp.h.fips openssl-1.1.1b/include/openss const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -diff -up openssl-1.1.1b/include/openssl/fips.h.fips openssl-1.1.1b/include/openssl/fips.h ---- openssl-1.1.1b/include/openssl/fips.h.fips 2019-05-06 16:08:46.800598073 +0200 -+++ openssl-1.1.1b/include/openssl/fips.h 2019-05-06 16:43:12.874549821 +0200 +diff -up openssl-1.1.1d/include/openssl/fips.h.fips openssl-1.1.1d/include/openssl/fips.h +--- openssl-1.1.1d/include/openssl/fips.h.fips 2019-09-13 15:13:11.066524871 +0200 ++++ openssl-1.1.1d/include/openssl/fips.h 2019-09-13 15:13:11.066524871 +0200 @@ -0,0 +1,187 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11298,9 +11122,9 @@ diff -up openssl-1.1.1b/include/openssl/fips.h.fips openssl-1.1.1b/include/opens +} +# endif +#endif -diff -up openssl-1.1.1b/include/openssl/fips_rand.h.fips openssl-1.1.1b/include/openssl/fips_rand.h ---- openssl-1.1.1b/include/openssl/fips_rand.h.fips 2019-02-28 11:30:06.821745391 +0100 -+++ openssl-1.1.1b/include/openssl/fips_rand.h 2019-02-28 11:30:06.821745391 +0100 +diff -up openssl-1.1.1d/include/openssl/fips_rand.h.fips openssl-1.1.1d/include/openssl/fips_rand.h +--- openssl-1.1.1d/include/openssl/fips_rand.h.fips 2019-09-13 15:13:11.066524871 +0200 ++++ openssl-1.1.1d/include/openssl/fips_rand.h 2019-09-13 15:13:11.066524871 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11447,9 +11271,9 @@ diff -up openssl-1.1.1b/include/openssl/fips_rand.h.fips openssl-1.1.1b/include/ +# endif +# endif +#endif -diff -up openssl-1.1.1b/include/openssl/opensslconf.h.in.fips openssl-1.1.1b/include/openssl/opensslconf.h.in ---- openssl-1.1.1b/include/openssl/opensslconf.h.in.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/opensslconf.h.in 2019-02-28 11:30:06.822745372 +0100 +diff -up openssl-1.1.1d/include/openssl/opensslconf.h.in.fips openssl-1.1.1d/include/openssl/opensslconf.h.in +--- openssl-1.1.1d/include/openssl/opensslconf.h.in.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/opensslconf.h.in 2019-09-13 15:13:11.067524853 +0200 @@ -150,6 +150,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11462,10 +11286,10 @@ diff -up openssl-1.1.1b/include/openssl/opensslconf.h.in.fips openssl-1.1.1b/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.1b/include/openssl/randerr.h.fips openssl-1.1.1b/include/openssl/randerr.h ---- openssl-1.1.1b/include/openssl/randerr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/randerr.h 2019-02-28 11:30:06.822745372 +0100 -@@ -35,6 +35,7 @@ int ERR_load_RAND_strings(void); +diff -up openssl-1.1.1d/include/openssl/randerr.h.fips openssl-1.1.1d/include/openssl/randerr.h +--- openssl-1.1.1d/include/openssl/randerr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/randerr.h 2019-09-13 15:13:11.067524853 +0200 +@@ -37,6 +37,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_DRBG_SET 104 # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 # define RAND_F_RAND_DRBG_UNINSTANTIATE 118 @@ -11473,9 +11297,9 @@ diff -up openssl-1.1.1b/include/openssl/randerr.h.fips openssl-1.1.1b/include/op # define RAND_F_RAND_LOAD_FILE 111 # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 # define RAND_F_RAND_POOL_ADD 103 -diff -up openssl-1.1.1b/include/openssl/rand.h.fips openssl-1.1.1b/include/openssl/rand.h ---- openssl-1.1.1b/include/openssl/rand.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/rand.h 2019-02-28 11:30:06.822745372 +0100 +diff -up openssl-1.1.1d/include/openssl/rand.h.fips openssl-1.1.1d/include/openssl/rand.h +--- openssl-1.1.1d/include/openssl/rand.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/rand.h 2019-09-13 15:13:11.067524853 +0200 @@ -69,6 +69,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) # endif @@ -11488,10 +11312,10 @@ diff -up openssl-1.1.1b/include/openssl/rand.h.fips openssl-1.1.1b/include/opens #ifdef __cplusplus } -diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/openssl/rsaerr.h ---- openssl-1.1.1b/include/openssl/rsaerr.h.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/include/openssl/rsaerr.h 2019-02-28 11:30:06.822745372 +0100 -@@ -21,6 +21,7 @@ int ERR_load_RSA_strings(void); +diff -up openssl-1.1.1d/include/openssl/rsaerr.h.fips openssl-1.1.1d/include/openssl/rsaerr.h +--- openssl-1.1.1d/include/openssl/rsaerr.h.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/include/openssl/rsaerr.h 2019-09-13 15:13:11.067524853 +0200 +@@ -25,6 +25,7 @@ int ERR_load_RSA_strings(void); */ # define RSA_F_CHECK_PADDING_MD 140 # define RSA_F_ENCODE_PKCS1 146 @@ -11499,7 +11323,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_OLD_RSA_PRIV_DECODE 147 # define RSA_F_PKEY_PSS_INIT 165 -@@ -35,6 +36,8 @@ int ERR_load_RSA_strings(void); +@@ -39,6 +40,8 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_CHECK_KEY_EX 160 # define RSA_F_RSA_CMS_DECRYPT 159 # define RSA_F_RSA_CMS_VERIFY 158 @@ -11508,7 +11332,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_F_RSA_ITEM_VERIFY 148 # define RSA_F_RSA_METH_DUP 161 # define RSA_F_RSA_METH_NEW 162 -@@ -72,10 +75,16 @@ int ERR_load_RSA_strings(void); +@@ -76,10 +79,16 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_PRINT_FP 116 # define RSA_F_RSA_PRIV_DECODE 150 # define RSA_F_RSA_PRIV_ENCODE 138 @@ -11525,7 +11349,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_F_RSA_SIGN 117 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 # define RSA_F_RSA_VERIFY 119 -@@ -132,10 +141,12 @@ int ERR_load_RSA_strings(void); +@@ -137,10 +146,12 @@ int ERR_load_RSA_strings(void); # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 # define RSA_R_MP_R_NOT_PRIME 170 # define RSA_R_NO_PUBLIC_EXPONENT 140 @@ -11538,7 +11362,7 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -@@ -155,6 +166,7 @@ int ERR_load_RSA_strings(void); +@@ -160,6 +171,7 @@ int ERR_load_RSA_strings(void); # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 @@ -11546,9 +11370,111 @@ diff -up openssl-1.1.1b/include/openssl/rsaerr.h.fips openssl-1.1.1b/include/ope # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 # define RSA_R_VALUE_MISSING 147 # define RSA_R_WRONG_SIGNATURE_LENGTH 119 -diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c ---- openssl-1.1.1b/ssl/ssl_ciph.c.fips 2019-02-28 11:30:06.776746228 +0100 -+++ openssl-1.1.1b/ssl/ssl_ciph.c 2019-02-28 11:30:06.822745372 +0100 +diff -up openssl-1.1.1d/ssl/s3_lib.c.fips openssl-1.1.1d/ssl/s3_lib.c +--- openssl-1.1.1d/ssl/s3_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/ssl/s3_lib.c 2019-10-03 16:53:51.140362311 +0200 +@@ -43,7 +43,7 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, +@@ -58,7 +58,7 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384, + 256, + 256, +@@ -92,7 +92,7 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, +@@ -634,7 +634,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -650,7 +650,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +@@ -666,7 +666,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -682,7 +682,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +@@ -794,7 +794,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -810,7 +810,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +@@ -890,7 +890,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, +@@ -906,7 +906,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, +- SSL_NOT_DEFAULT | SSL_HIGH, ++ SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, +diff -up openssl-1.1.1d/ssl/ssl_ciph.c.fips openssl-1.1.1d/ssl/ssl_ciph.c +--- openssl-1.1.1d/ssl/ssl_ciph.c.fips 2019-09-13 15:13:11.019525692 +0200 ++++ openssl-1.1.1d/ssl/ssl_ciph.c 2019-09-13 15:13:11.068524836 +0200 @@ -387,7 +387,7 @@ int ssl_load_ciphers(void) } } @@ -11577,7 +11503,7 @@ diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || (c->algorithm_enc & disabled_enc) || -@@ -1670,7 +1675,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1671,7 +1676,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * to the resulting precedence to the STACK_OF(SSL_CIPHER). */ for (curr = head; curr != NULL; curr = curr->next) { @@ -11587,9 +11513,9 @@ diff -up openssl-1.1.1b/ssl/ssl_ciph.c.fips openssl-1.1.1b/ssl/ssl_ciph.c if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); -diff -up openssl-1.1.1b/ssl/ssl_init.c.fips openssl-1.1.1b/ssl/ssl_init.c ---- openssl-1.1.1b/ssl/ssl_init.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/ssl/ssl_init.c 2019-02-28 11:30:06.823745354 +0100 +diff -up openssl-1.1.1d/ssl/ssl_init.c.fips openssl-1.1.1d/ssl/ssl_init.c +--- openssl-1.1.1d/ssl/ssl_init.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/ssl/ssl_init.c 2019-09-13 15:13:11.068524836 +0200 @@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); @@ -11633,10 +11559,10 @@ diff -up openssl-1.1.1b/ssl/ssl_init.c.fips openssl-1.1.1b/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c ---- openssl-1.1.1b/ssl/ssl_lib.c.fips 2019-02-28 11:30:06.776746228 +0100 -+++ openssl-1.1.1b/ssl/ssl_lib.c 2019-02-28 11:30:06.823745354 +0100 -@@ -2908,6 +2908,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1d/ssl/ssl_lib.c.fips openssl-1.1.1d/ssl/ssl_lib.c +--- openssl-1.1.1d/ssl/ssl_lib.c.fips 2019-09-13 15:13:11.019525692 +0200 ++++ openssl-1.1.1d/ssl/ssl_lib.c 2019-09-13 15:13:11.069524818 +0200 +@@ -2916,6 +2916,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) return NULL; @@ -11648,7 +11574,7 @@ diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; -@@ -2964,13 +2969,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +@@ -2972,13 +2977,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -11673,10 +11599,10 @@ diff -up openssl-1.1.1b/ssl/ssl_lib.c.fips openssl-1.1.1b/ssl/ssl_lib.c } if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h ---- openssl-1.1.1c/ssl/ssl_locl.h.fips 2019-06-03 16:44:58.963560101 +0200 -+++ openssl-1.1.1c/ssl/ssl_locl.h 2019-06-24 14:43:19.547353076 +0200 -@@ -1507,6 +1507,7 @@ typedef struct tls_group_info_st { +diff -up openssl-1.1.1d/ssl/ssl_locl.h.fips openssl-1.1.1d/ssl/ssl_locl.h +--- openssl-1.1.1d/ssl/ssl_locl.h.fips 2019-09-13 15:13:10.901527755 +0200 ++++ openssl-1.1.1d/ssl/ssl_locl.h 2019-09-13 15:13:11.069524818 +0200 +@@ -1516,6 +1516,7 @@ typedef struct tls_group_info_st { # define TLS_CURVE_PRIME 0x0 # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 @@ -11684,10 +11610,10 @@ diff -up openssl-1.1.1c/ssl/ssl_locl.h.fips openssl-1.1.1c/ssl/ssl_locl.h typedef struct cert_pkey_st CERT_PKEY; -diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c ---- openssl-1.1.1c/ssl/t1_lib.c.fips 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/ssl/t1_lib.c 2019-06-24 14:49:00.638576235 +0200 -@@ -156,11 +156,11 @@ static const TLS_GROUP_INFO nid_list[] = +diff -up openssl-1.1.1d/ssl/t1_lib.c.fips openssl-1.1.1d/ssl/t1_lib.c +--- openssl-1.1.1d/ssl/t1_lib.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/ssl/t1_lib.c 2019-09-13 15:13:11.069524818 +0200 +@@ -158,11 +158,11 @@ static const TLS_GROUP_INFO nid_list[] = {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */ {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */ @@ -11703,7 +11629,7 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ -@@ -255,6 +255,8 @@ int tls_curve_allowed(SSL *s, uint16_t c +@@ -257,6 +257,8 @@ int tls_curve_allowed(SSL *s, uint16_t c if (cinfo->flags & TLS_CURVE_CHAR2) return 0; # endif @@ -11712,9 +11638,9 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips openssl-1.1.1c/ssl/t1_lib.c ctmp[0] = curve >> 8; ctmp[1] = curve & 0xff; return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); -diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c ---- openssl-1.1.1b/test/dsatest.c.fips 2019-02-26 15:15:30.000000000 +0100 -+++ openssl-1.1.1b/test/dsatest.c 2019-02-28 11:30:06.824745335 +0100 +diff -up openssl-1.1.1d/test/dsatest.c.fips openssl-1.1.1d/test/dsatest.c +--- openssl-1.1.1d/test/dsatest.c.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/dsatest.c 2019-09-13 15:13:11.070524801 +0200 @@ -24,41 +24,42 @@ #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); @@ -11797,10 +11723,10 @@ diff -up openssl-1.1.1b/test/dsatest.c.fips openssl-1.1.1b/test/dsatest.c goto end; if (!TEST_int_eq(h, 2)) goto end; -diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt ---- openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-05-06 16:08:46.857597085 +0200 -+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt 2019-05-06 16:35:37.917563292 +0200 -@@ -1184,6 +1184,7 @@ Key = 0000000000000000000000000000000000 +diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt +--- openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt.fips 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpciph.txt 2019-09-13 15:13:11.070524801 +0200 +@@ -1206,6 +1206,7 @@ Key = 0000000000000000000000000000000000 IV = 00000000000000000000000000000000 Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e @@ -11808,13 +11734,13 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1 Cipher = aes-128-xts Key = 1111111111111111111111111111111122222222222222222222222222222222 -diff -up openssl-1.1.1c/util/libcrypto.num.fips openssl-1.1.1c/util/libcrypto.num ---- openssl-1.1.1c/util/libcrypto.num.fips 2019-05-29 15:46:19.154260824 +0200 -+++ openssl-1.1.1c/util/libcrypto.num 2019-05-29 15:50:10.390191805 +0200 -@@ -4580,3 +4580,38 @@ EVP_PKEY_meth_get_digest_custom - OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO - OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO +diff -up openssl-1.1.1d/util/libcrypto.num.fips openssl-1.1.1d/util/libcrypto.num +--- openssl-1.1.1d/util/libcrypto.num.fips 2019-09-13 15:13:11.071524783 +0200 ++++ openssl-1.1.1d/util/libcrypto.num 2019-09-13 15:15:39.895923481 +0200 +@@ -4582,3 +4582,38 @@ OPENSSL_INIT_set_config_file_flags EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE + X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION: + X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION: +FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: +FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: +FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1c.tar.gz b/openssl-1.1.1d.tar.gz similarity index 53% rename from openssl-1.1.1c.tar.gz rename to openssl-1.1.1d.tar.gz index 874978a..216017a 100644 Binary files a/openssl-1.1.1c.tar.gz and b/openssl-1.1.1d.tar.gz differ diff --git a/openssl.spec b/openssl.spec index 39a2c47..8a84337 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,8 +1,8 @@ %define soversion 1.1 Name: openssl Epoch: 1 -Version: 1.1.1c -Release: 5 +Version: 1.1.1d +Release: 1 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -13,6 +13,7 @@ Source3: renew-dummy-cert # Support lib64 Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch +Patch6000: CVE-2019-1551.patch BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel @@ -36,12 +37,7 @@ Provides: openssl-static openssl-static%{?_isa} %description devel %{summary}. -%package help -Summary: Man pages for openssl -BuildArch: noarch - -%description help -%{summary}. +%package_help %prep %autosetup -n %{name}-%{version} -p1 @@ -157,6 +153,9 @@ make test || : %changelog +* Mon Dec 16 2019 openEuler Buildteam - 1:1.1.1d-1 +- update to 1:1.1.1d + * Thu Nov 21 2019 openEuler Buildteam - 1:1.1.1c-5 - enable sm2 and sm4