--- a/components/openssl/openssl-1.0.1-fips-140/Makefile Fri Aug 15 08:10:02 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Fri Aug 15 10:45:58 2014 -0700
@@ -40,7 +40,7 @@
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/openssl
-# OpenSSL FIPS 2.0.5 directory
+# OpenSSL FIPS directory
OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
# Note that the SPARC patch above does not fit this pattern. That is intentional
@@ -150,14 +150,14 @@
# update the files which have been under continuous development. We rather copy
# the files to the right directories and let OpenSSL makefiles build it.
# We also copy some FIPS specific header files needed to build FIPS version
-# of OpenSSL from FIPS module (openssl-fips-ecp-2.0.5).
+# of OpenSSL from FIPS module.
COMPONENT_PRE_BUILD_ACTION = \
( $(LN) -fs $(COMPONENT_DIR)/engines/pkcs11/* $(@D)/engines; \
$(MKDIR) $(@D)/bin; \
- $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/fips.h $(@D)/include/openssl; \
- $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/fipssyms.h $(@D)/include/openssl; \
- $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/rand/fips_rand.h $(@D)/include/openssl; \
- $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-2.0.5/fips/fipsld $(@D)/bin/; \
+ $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fips.h $(@D)/include/openssl; \
+ $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fipssyms.h $(@D)/include/openssl; \
+ $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/rand/fips_rand.h $(@D)/include/openssl; \
+ $(LN) -fs $(OPENSSL_FIPS_DIR)/openssl-fips-ecp-$(IPS_COMPONENT_VERSION)/fips/fipsld $(@D)/bin/; \
$(LN) -fs $(OPENSSL_FIPS_DIR)/build/$(MACH$(BITS))/fips/fips_standalone_sha1 $(@D)/bin/; \
$(LN) -fs $(COMPONENT_DIR)/build/$(MACH$(BITS))/fips_premain_dso $(@D)/bin/;)
--- a/components/openssl/openssl-fips/Makefile Fri Aug 15 08:10:02 2014 -0700
+++ b/components/openssl/openssl-fips/Makefile Fri Aug 15 10:45:58 2014 -0700
@@ -29,11 +29,11 @@
include ../../../make-rules/shared-macros.mk
COMPONENT_NAME = openssl-fips
-COMPONENT_VERSION = 2.0.5
+COMPONENT_VERSION = 2.0.6
COMPONENT_SRC = $(COMPONENT_NAME)-ecp-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:f1abdd0ca1a9467a3eba15564fc2b3447114d1d63020c33cd3210f2a43a5ff4d
+ sha256:861b431c625c27daf440041fd67c0866ebb84b44cc672cf1ea8f23e883518897
COMPONENT_ARCHIVE_URL = http://www.openssl.org/source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/openssl
@@ -64,8 +64,12 @@
FIPS_PATH_32 = $(COMPONENT_DIR)/32:$(COMPONENT_DIR)/gcc:$(PATH)
FIPS_PATH_64 = $(COMPONENT_DIR)/gcc:$(PATH)
+# HMAC-SHA-1 digest of the OpenSSL FIPS tar file is used for the
+# integrity test requirement for the FIPS-140 validation.
+# Note: COMPONENT_ARCHIVE_HASH is a SHA256 digest used by the Userland
+# Consolidation to check the file integrity.
OPENSSL_FIPS_HMAC_KEY = etaonrishdlcupfm
-OPENSSL_FIPS_HMAC = 148e4e127ffef1df80c0ed61bae35b07ec7b7b36
+OPENSSL_FIPS_HMAC = 852f43cd9ae1bd2eba60e4f9f1f266d3c16c0319
# There is a broken link in the tarball which causes cp(1) to fail which would
# fail the whole configure process. It's safer to get rid of the link than