Accepting request 786956 from home:vitezslav_cizek:branches:security:tls
- Update to 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Update bunch of patches as the internal crypto headers got reorganized - drop openssl-1_1-CVE-2019-1551.patch (upstream) - openssl dgst: default to SHA256 only when called without a digest, OBS-URL: https://build.opensuse.org/request/show/786956 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
This commit is contained in:
parent
8e4d5710d8
commit
32ced036f1
@ -13,17 +13,10 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
crypto/chacha/build.info | 1 +
|
||||
2 files changed, 558 insertions(+), 259 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1c/crypto/chacha/asm/chacha-s390x.pl
|
||||
Index: openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1c.orig/crypto/chacha/asm/chacha-s390x.pl 2019-06-06 12:15:57.271195550 +0200
|
||||
+++ openssl-1.1.1c/crypto/chacha/asm/chacha-s390x.pl 2019-06-06 12:16:43.787489780 +0200
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
--- openssl-1.1.1e.orig/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 11:43:25.650616856 +0100
|
||||
+++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 11:43:40.614692484 +0100
|
||||
@@ -20,41 +20,46 @@
|
||||
#
|
||||
# 3 times faster than compiler-generated code.
|
||||
@ -859,7 +852,7 @@ Index: openssl-1.1.1c/crypto/chacha/asm/chacha-s390x.pl
|
||||
+SIZE ("_s390x_chacha_novx",".-_s390x_chacha_novx");
|
||||
+}
|
||||
}
|
||||
-close STDOUT;
|
||||
-close STDOUT or die "error closing STDOUT: $!";
|
||||
+################
|
||||
+
|
||||
+ALIGN (64);
|
||||
|
@ -942,7 +942,7 @@ index 21ca86055e..390f9eefe7 100755
|
||||
-$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm;
|
||||
-
|
||||
-print $code;
|
||||
-close STDOUT;
|
||||
-close STDOUT or die "error closing STDOUT: $!";
|
||||
+GLOBL ("poly1305_emit");
|
||||
+TYPE ("poly1305_emit","\@function");
|
||||
+ALIGN (16);
|
||||
|
@ -1,7 +1,7 @@
|
||||
Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
Index: openssl-1.1.1e/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/err/openssl.txt 2020-01-23 13:45:11.124632385 +0100
|
||||
+++ openssl-1.1.1d/crypto/err/openssl.txt 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 14:37:07.940876078 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -753,6 +753,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
|
||||
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
|
||||
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
|
||||
@ -52,7 +52,7 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
|
||||
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
|
||||
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
|
||||
@@ -2280,6 +2303,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
|
||||
@@ -2284,6 +2307,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
|
||||
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
|
||||
operation not supported for this keytype
|
||||
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
|
||||
@ -60,7 +60,7 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
|
||||
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
|
||||
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
|
||||
@@ -2316,6 +2340,7 @@ KDF_R_MISSING_SEED:106:missing seed
|
||||
@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed
|
||||
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
|
||||
KDF_R_VALUE_ERROR:108:value error
|
||||
KDF_R_VALUE_MISSING:102:value missing
|
||||
@ -68,10 +68,10 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
OBJ_R_OID_EXISTS:102:oid exists
|
||||
OBJ_R_UNKNOWN_NID:101:unknown nid
|
||||
OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
|
||||
Index: openssl-1.1.1d/crypto/evp/build.info
|
||||
Index: openssl-1.1.1e/crypto/evp/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/build.info 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/build.info 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/evp/build.info 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-20 14:37:08.204877468 +0100
|
||||
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
|
||||
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
|
||||
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
|
||||
@ -82,38 +82,10 @@ Index: openssl-1.1.1d/crypto/evp/build.info
|
||||
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
|
||||
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
|
||||
e_chacha20_poly1305.c cmeth_lib.c
|
||||
Index: openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c
|
||||
Index: openssl-1.1.1e/crypto/evp/evp_err.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/e_chacha20_poly1305.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c 2020-01-23 13:45:11.468634429 +0100
|
||||
@@ -14,8 +14,8 @@
|
||||
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/objects.h>
|
||||
-# include "evp_locl.h"
|
||||
# include "internal/evp_int.h"
|
||||
+# include "evp_locl.h"
|
||||
# include "internal/chacha.h"
|
||||
|
||||
typedef struct {
|
||||
Index: openssl-1.1.1d/crypto/evp/encode.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/encode.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/encode.c 2020-01-23 13:45:11.468634429 +0100
|
||||
@@ -11,8 +11,8 @@
|
||||
#include <limits.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
-#include "evp_locl.h"
|
||||
#include "internal/evp_int.h"
|
||||
+#include "evp_locl.h"
|
||||
|
||||
static unsigned char conv_ascii2bin(unsigned char a,
|
||||
const unsigned char *table);
|
||||
Index: openssl-1.1.1d/crypto/evp/evp_err.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/evp_err.c 2020-01-23 13:45:11.228633003 +0100
|
||||
+++ openssl-1.1.1d/crypto/evp/evp_err.c 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/evp/evp_err.c 2020-03-20 14:37:08.036876583 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-20 14:37:08.204877468 +0100
|
||||
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
|
||||
"EVP_EncryptFinal_ex"},
|
||||
@ -139,7 +111,7 @@ Index: openssl-1.1.1d/crypto/evp/evp_err.c
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -240,6 +245,8 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
"operation not supported for this keytype"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
|
||||
"operaton not initialized"},
|
||||
@ -148,10 +120,10 @@ Index: openssl-1.1.1d/crypto/evp/evp_err.c
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
|
||||
"partially overlapping buffers"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
|
||||
Index: openssl-1.1.1d/crypto/evp/evp_locl.h
|
||||
Index: openssl-1.1.1e/crypto/evp/evp_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/evp_locl.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/evp_locl.h 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/evp/evp_local.h 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-20 16:12:26.722928201 +0100
|
||||
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
|
||||
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
|
||||
} /* EVP_CIPHER_CTX */ ;
|
||||
@ -164,22 +136,22 @@ Index: openssl-1.1.1d/crypto/evp/evp_locl.h
|
||||
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
|
||||
int passlen, ASN1_TYPE *param,
|
||||
const EVP_CIPHER *c, const EVP_MD *md,
|
||||
Index: openssl-1.1.1d/crypto/evp/evp_pbe.c
|
||||
Index: openssl-1.1.1e/crypto/evp/evp_pbe.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/evp_pbe.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/evp_pbe.c 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/evp/evp_pbe.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-20 14:37:08.204877468 +0100
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/x509.h>
|
||||
+#include "internal/evp_int.h"
|
||||
#include "evp_locl.h"
|
||||
+#include "crypto/evp.h"
|
||||
#include "evp_local.h"
|
||||
|
||||
/* Password based encryption (PBE) functions */
|
||||
Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
|
||||
Index: openssl-1.1.1e/crypto/evp/kdf_lib.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2020-01-23 13:45:31.704754695 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -0,0 +1,165 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -198,10 +170,10 @@ Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/x509v3.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/asn1_int.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/asn1.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "internal/numbers.h"
|
||||
+#include "evp_locl.h"
|
||||
+#include "evp_local.h"
|
||||
+
|
||||
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
|
||||
+
|
||||
@ -346,10 +318,10 @@ Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
|
||||
+ return ctx->kmeth->derive(ctx->impl, key, keylen);
|
||||
+}
|
||||
+
|
||||
Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
|
||||
Index: openssl-1.1.1e/crypto/evp/p5_crpt2.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/p5_crpt2.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/p5_crpt2.c 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/evp/p5_crpt2.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -364,13 +336,13 @@ Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
|
||||
-# include <openssl/x509.h>
|
||||
-# include <openssl/evp.h>
|
||||
-# include <openssl/hmac.h>
|
||||
-# include "evp_locl.h"
|
||||
-# include "evp_local.h"
|
||||
+#include <openssl/x509.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/hmac.h>
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "evp_locl.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "evp_local.h"
|
||||
|
||||
/* set this to print out info about the keygen algorithm */
|
||||
/* #define OPENSSL_DEBUG_PKCS5V2 */
|
||||
@ -498,10 +470,10 @@ Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
|
||||
}
|
||||
|
||||
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
|
||||
Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
|
||||
Index: openssl-1.1.1e/crypto/evp/pbe_scrypt.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/evp/pbe_scrypt.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/evp/pbe_scrypt.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -7,135 +7,12 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
@ -772,10 +744,10 @@ Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
|
||||
}
|
||||
+
|
||||
#endif
|
||||
Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
|
||||
Index: openssl-1.1.1e/crypto/evp/pkey_kdf.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c 2020-01-23 13:45:11.468634429 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-20 16:11:56.326769377 +0100
|
||||
@@ -0,0 +1,255 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -791,7 +763,7 @@ Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+
|
||||
+static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
|
||||
+{
|
||||
@ -1032,10 +1004,10 @@ Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
|
||||
+ pkey_kdf_ctrl_str
|
||||
+};
|
||||
+
|
||||
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
|
||||
Index: openssl-1.1.1e/include/crypto/evp.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/include/crypto/evp.h 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
|
||||
extern const EVP_PKEY_METHOD poly1305_pkey_meth;
|
||||
extern const EVP_PKEY_METHOD siphash_pkey_meth;
|
||||
@ -1061,19 +1033,19 @@ Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
|
||||
struct evp_md_st {
|
||||
int type;
|
||||
int pkey_type;
|
||||
Index: openssl-1.1.1d/crypto/kdf/build.info
|
||||
Index: openssl-1.1.1e/crypto/kdf/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/kdf/build.info 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/kdf/build.info 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/kdf/build.info 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -1,3 +1,3 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- tls1_prf.c kdf_err.c hkdf.c scrypt.c
|
||||
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
|
||||
Index: openssl-1.1.1d/crypto/kdf/hkdf.c
|
||||
Index: openssl-1.1.1e/crypto/kdf/hkdf.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/kdf/hkdf.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/kdf/hkdf.c 2020-01-23 13:45:11.468634429 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/kdf/hkdf.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -8,32 +8,33 @@
|
||||
*/
|
||||
|
||||
@ -1085,7 +1057,7 @@ Index: openssl-1.1.1d/crypto/kdf/hkdf.c
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
|
||||
#define HKDF_MAXBUF 1024
|
||||
@ -1540,10 +1512,10 @@ Index: openssl-1.1.1d/crypto/kdf/hkdf.c
|
||||
|
||||
err:
|
||||
OPENSSL_cleanse(prev, sizeof(prev));
|
||||
Index: openssl-1.1.1d/crypto/kdf/kdf_err.c
|
||||
Index: openssl-1.1.1e/crypto/kdf/kdf_err.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/kdf/kdf_err.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/kdf/kdf_err.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
@ -1599,10 +1571,10 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_err.c
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
Index: openssl-1.1.1d/crypto/kdf/kdf_local.h
|
||||
Index: openssl-1.1.1e/crypto/kdf/kdf_local.h
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2020-01-23 13:45:11.468634429 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,22 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1626,10 +1598,10 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_local.h
|
||||
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
|
||||
+ int cmd, const char *md_name);
|
||||
+
|
||||
Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
|
||||
Index: openssl-1.1.1e/crypto/kdf/kdf_util.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2020-01-23 13:45:11.468634429 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1646,7 +1618,7 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "internal/numbers.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
@ -1704,10 +1676,10 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
|
||||
+ return call_ctrl(ctrl, impl, cmd, md);
|
||||
+}
|
||||
+
|
||||
Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
|
||||
Index: openssl-1.1.1e/crypto/kdf/pbkdf2.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/kdf/pbkdf2.c 2020-01-23 13:45:11.468634429 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,264 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1725,7 +1697,7 @@ Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl);
|
||||
@ -1973,10 +1945,10 @@ Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
|
||||
+ HMAC_CTX_free(hctx_tpl);
|
||||
+ return ret;
|
||||
+}
|
||||
Index: openssl-1.1.1d/crypto/kdf/scrypt.c
|
||||
Index: openssl-1.1.1e/crypto/kdf/scrypt.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/kdf/scrypt.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/kdf/scrypt.c 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/kdf/scrypt.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -8,25 +8,34 @@
|
||||
*/
|
||||
|
||||
@ -1989,7 +1961,7 @@ Index: openssl-1.1.1d/crypto/kdf/scrypt.c
|
||||
-#include "internal/cryptlib.h"
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/err.h>
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "internal/numbers.h"
|
||||
+#include "kdf_local.h"
|
||||
|
||||
@ -2565,10 +2537,10 @@ Index: openssl-1.1.1d/crypto/kdf/scrypt.c
|
||||
+}
|
||||
|
||||
#endif
|
||||
Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
|
||||
Index: openssl-1.1.1e/crypto/kdf/tls1_prf.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/kdf/tls1_prf.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/kdf/tls1_prf.c 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/kdf/tls1_prf.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -8,11 +8,15 @@
|
||||
*/
|
||||
|
||||
@ -2579,7 +2551,7 @@ Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
|
||||
-#include <openssl/kdf.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
|
||||
+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl);
|
||||
@ -2852,10 +2824,10 @@ Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
|
||||
OPENSSL_clear_free(tmp, olen);
|
||||
return 0;
|
||||
}
|
||||
Index: openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
|
||||
Index: openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2020-01-23 13:45:11.472634451 +0100
|
||||
+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,217 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3074,10 +3046,10 @@ Index: openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
Index: openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
|
||||
Index: openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod 2020-01-23 13:45:11.472634451 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,180 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3259,10 +3231,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
Index: openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
Index: openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod 2020-01-23 13:45:11.472634451 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,78 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3342,10 +3314,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
Index: openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
Index: openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod 2020-01-23 13:45:11.472634451 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,149 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3496,10 +3468,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
Index: openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
Index: openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-01-23 13:45:11.472634451 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -0,0 +1,142 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3643,10 +3615,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
Index: openssl-1.1.1d/include/openssl/evperr.h
|
||||
Index: openssl-1.1.1e/include/openssl/evperr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/evperr.h 2020-01-23 13:45:11.344633691 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/evperr.h 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/include/openssl/evperr.h 2020-03-20 14:37:08.084876835 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-20 14:37:08.208877488 +0100
|
||||
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
|
||||
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
||||
@ -3671,7 +3643,7 @@ Index: openssl-1.1.1d/include/openssl/evperr.h
|
||||
# define EVP_F_UPDATE 173
|
||||
|
||||
/*
|
||||
@@ -180,6 +185,7 @@ int ERR_load_EVP_strings(void);
|
||||
@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
|
||||
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
||||
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
||||
@ -3679,10 +3651,10 @@ Index: openssl-1.1.1d/include/openssl/evperr.h
|
||||
# define EVP_R_PARTIALLY_OVERLAPPING 162
|
||||
# define EVP_R_PBKDF2_ERROR 181
|
||||
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
|
||||
Index: openssl-1.1.1d/include/openssl/kdferr.h
|
||||
Index: openssl-1.1.1e/include/openssl/kdferr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/kdferr.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/include/openssl/kdferr.h 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/include/openssl/kdferr.h 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
|
||||
/*
|
||||
* KDF function codes.
|
||||
@ -3722,10 +3694,10 @@ Index: openssl-1.1.1d/include/openssl/kdferr.h
|
||||
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
|
||||
|
||||
#endif
|
||||
Index: openssl-1.1.1d/include/openssl/kdf.h
|
||||
Index: openssl-1.1.1e/include/openssl/kdf.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/kdf.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/include/openssl/kdf.h 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/include/openssl/kdf.h 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -10,10 +10,50 @@
|
||||
#ifndef HEADER_KDF_H
|
||||
# define HEADER_KDF_H
|
||||
@ -3804,10 +3776,10 @@ Index: openssl-1.1.1d/include/openssl/kdf.h
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
Index: openssl-1.1.1d/include/openssl/ossl_typ.h
|
||||
Index: openssl-1.1.1e/include/openssl/ossl_typ.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/ossl_typ.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/include/openssl/ossl_typ.h 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/include/openssl/ossl_typ.h 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
|
||||
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
|
||||
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
||||
@ -3817,10 +3789,10 @@ Index: openssl-1.1.1d/include/openssl/ossl_typ.h
|
||||
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
|
||||
|
||||
typedef struct hmac_ctx_st HMAC_CTX;
|
||||
Index: openssl-1.1.1d/test/build.info
|
||||
Index: openssl-1.1.1e/test/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/build.info 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/build.info 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/test/build.info 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/build.info 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
|
||||
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
|
||||
bio_callback_test bio_memleak_test \
|
||||
@ -3842,10 +3814,10 @@ Index: openssl-1.1.1d/test/build.info
|
||||
SOURCE[x509_time_test]=x509_time_test.c
|
||||
INCLUDE[x509_time_test]=../include
|
||||
DEPEND[x509_time_test]=../libcrypto libtestutil.a
|
||||
Index: openssl-1.1.1d/test/evp_kdf_test.c
|
||||
Index: openssl-1.1.1e/test/evp_kdf_test.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/test/evp_kdf_test.c 2020-01-23 13:45:11.472634451 +0100
|
||||
+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -0,0 +1,237 @@
|
||||
+/*
|
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4084,10 +4056,10 @@ Index: openssl-1.1.1d/test/evp_kdf_test.c
|
||||
+#endif
|
||||
+ return 1;
|
||||
+}
|
||||
Index: openssl-1.1.1d/test/evp_test.c
|
||||
Index: openssl-1.1.1e/test/evp_test.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/evp_test.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/evp_test.c 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/test/evp_test.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/evp_test.c 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
|
||||
encode_test_run,
|
||||
};
|
||||
@ -4299,10 +4271,10 @@ Index: openssl-1.1.1d/test/evp_test.c
|
||||
&keypair_test_method,
|
||||
&keygen_test_method,
|
||||
&mac_test_method,
|
||||
Index: openssl-1.1.1d/test/pkey_meth_kdf_test.c
|
||||
Index: openssl-1.1.1e/test/pkey_meth_kdf_test.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/pkey_meth_kdf_test.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/pkey_meth_kdf_test.c 2020-01-23 13:45:11.472634451 +0100
|
||||
--- openssl-1.1.1e.orig/test/pkey_meth_kdf_test.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4506,10 +4478,10 @@ Index: openssl-1.1.1d/test/pkey_meth_kdf_test.c
|
||||
}
|
||||
#endif
|
||||
|
||||
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2020-01-23 13:45:31.704754695 +0100
|
||||
--- openssl-1.1.1e.orig/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-20 16:12:06.574822921 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4908,10 +4880,10 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
+Ctrl.digest = digest:sha512
|
||||
+Output = 00ef42cdbfc98d29db20976608e455567fdddf14
|
||||
+
|
||||
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-01-23 13:45:11.476634476 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -0,0 +1,305 @@
|
||||
+#
|
||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -5218,10 +5190,10 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
+Ctrl.p = p:1
|
||||
+Result = INTERNAL_ERROR
|
||||
+
|
||||
Index: openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
|
||||
Index: openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t 2020-01-23 13:45:11.476634476 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -0,0 +1,13 @@
|
||||
+#! /usr/bin/env perl
|
||||
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -5236,10 +5208,10 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
|
||||
+use OpenSSL::Test::Simple;
|
||||
+
|
||||
+simple_test("test_evp_kdf", "evp_kdf_test");
|
||||
Index: openssl-1.1.1d/test/recipes/30-test_evp.t
|
||||
Index: openssl-1.1.1e/test/recipes/30-test_evp.t
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/test/recipes/30-test_evp.t 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/recipes/30-test_evp.t 2020-01-23 13:45:11.476634476 +0100
|
||||
--- openssl-1.1.1e.orig/test/recipes/30-test_evp.t 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
||||
setup("test_evp");
|
||||
|
||||
@ -5249,11 +5221,11 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp.t
|
||||
"evpcase.txt", "evpccmcavs.txt" );
|
||||
|
||||
plan tests => scalar(@files);
|
||||
Index: openssl-1.1.1d/util/libcrypto.num
|
||||
Index: openssl-1.1.1e/util/libcrypto.num
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/util/libcrypto.num 2020-01-23 13:45:11.348633716 +0100
|
||||
+++ openssl-1.1.1d/util/libcrypto.num 2020-01-23 13:45:11.476634476 +0100
|
||||
@@ -4617,3 +4617,11 @@ FIPS_drbg_get_strength
|
||||
--- openssl-1.1.1e.orig/util/libcrypto.num 2020-03-20 14:37:08.088876857 +0100
|
||||
+++ openssl-1.1.1e/util/libcrypto.num 2020-03-20 16:11:58.798782289 +0100
|
||||
@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
|
||||
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
|
||||
@ -5265,10 +5237,10 @@ Index: openssl-1.1.1d/util/libcrypto.num
|
||||
+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
|
||||
Index: openssl-1.1.1d/util/private.num
|
||||
Index: openssl-1.1.1e/util/private.num
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/util/private.num 2020-01-23 13:45:11.032631836 +0100
|
||||
+++ openssl-1.1.1d/util/private.num 2020-01-23 13:45:11.476634476 +0100
|
||||
--- openssl-1.1.1e.orig/util/private.num 2020-03-20 14:37:07.856875635 +0100
|
||||
+++ openssl-1.1.1e/util/private.num 2020-03-20 14:37:08.212877511 +0100
|
||||
@@ -22,6 +22,7 @@ CRYPTO_EX_dup
|
||||
CRYPTO_EX_free datatype
|
||||
CRYPTO_EX_new datatype
|
||||
@ -5277,3 +5249,31 @@ Index: openssl-1.1.1d/util/private.num
|
||||
EVP_PKEY_gen_cb datatype
|
||||
EVP_PKEY_METHOD datatype
|
||||
EVP_PKEY_ASN1_METHOD datatype
|
||||
Index: openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/evp/e_chacha20_poly1305.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-20 16:12:44.271019899 +0100
|
||||
@@ -14,8 +14,8 @@
|
||||
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/objects.h>
|
||||
-# include "evp_local.h"
|
||||
# include "crypto/evp.h"
|
||||
+# include "evp_local.h"
|
||||
# include "crypto/chacha.h"
|
||||
|
||||
typedef struct {
|
||||
Index: openssl-1.1.1e/crypto/evp/encode.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/evp/encode.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-20 16:15:09.491778701 +0100
|
||||
@@ -11,8 +11,8 @@
|
||||
#include <limits.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
-#include "evp_local.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "evp_local.h"
|
||||
|
||||
static unsigned char conv_ascii2bin(unsigned char a,
|
||||
const unsigned char *table);
|
||||
|
@ -1,7 +1,7 @@
|
||||
Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
|
||||
Index: openssl-1.1.1d/include/crypto/rand.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/rand_int.h 2020-01-23 13:45:11.368633835 +0100
|
||||
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2020-01-23 13:45:11.384633930 +0100
|
||||
--- openssl-1.1.1d.orig/include/crypto/rand.h 2020-01-23 13:45:11.368633835 +0100
|
||||
+++ openssl-1.1.1d/include/crypto/rand.h 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||
@ -75,9 +75,9 @@ Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "internal/rand_int.h"
|
||||
+#include "crypto/rand.h"
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "rand_lcl.h"
|
||||
+#include "rand_local.h"
|
||||
+
|
||||
+static RAND_POOL *crngt_pool;
|
||||
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
|
||||
@ -177,10 +177,10 @@ Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
|
||||
+{
|
||||
+ OPENSSL_secure_clear_free(out, outlen);
|
||||
+}
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_lcl.h
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/rand_lcl.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_lcl.h 2020-01-23 13:45:11.384633930 +0100
|
||||
--- openssl-1.1.1d.orig/crypto/rand/rand_local.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_local.h 2020-01-23 13:45:11.384633930 +0100
|
||||
@@ -33,7 +33,15 @@
|
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||
|
@ -1,12 +1,12 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
Index: openssl-1.1.1e/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.232633025 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:48.216852822 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/fips/fips.c 2020-03-20 14:08:12.235758574 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-20 14:08:13.787766679 +0100
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "internal/thread_once.h"
|
||||
+# include "internal/rand_int.h"
|
||||
+# include "crypto/rand.h"
|
||||
|
||||
# ifndef PATH_MAX
|
||||
# define PATH_MAX 1024
|
||||
@ -52,10 +52,10 @@ Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
Index: openssl-1.1.1d/crypto/include/internal/fips_int.h
|
||||
Index: openssl-1.1.1e/include/crypto/fips_int.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/fips_int.h 2020-01-23 13:45:11.336633643 +0100
|
||||
+++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2020-01-23 13:45:11.368633835 +0100
|
||||
--- openssl-1.1.1e.orig/include/crypto/fips_int.h 2020-03-20 14:08:12.239758595 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/fips_int.h 2020-03-20 14:08:13.787766679 +0100
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
@ -65,10 +65,10 @@ Index: openssl-1.1.1d/crypto/include/internal/fips_int.h
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
|
||||
Index: openssl-1.1.1e/include/crypto/rand.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/rand_int.h 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2020-01-23 13:45:53.964886989 +0100
|
||||
--- openssl-1.1.1e.orig/include/crypto/rand.h 2020-03-20 14:08:12.239758595 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-20 14:08:13.791766699 +0100
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
@ -77,10 +77,10 @@ Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
|
||||
void rand_drbg_cleanup_int(void);
|
||||
void drbg_delete_thread_state(void);
|
||||
|
||||
Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
|
||||
Index: openssl-1.1.1e/crypto/rand/drbg_lib.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/drbg_lib.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2020-01-23 13:45:53.964886989 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/rand/drbg_lib.c 2020-03-20 14:08:12.239758595 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-20 14:08:13.791766699 +0100
|
||||
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
@ -102,15 +102,15 @@ Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
|
||||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
Index: openssl-1.1.1e/crypto/rand/rand_unix.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/rand_unix.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_unix.c 2020-01-23 13:45:11.368633835 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/rand/rand_unix.c 2020-03-20 14:08:12.239758595 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-20 14:08:41.763912735 +0100
|
||||
@@ -17,10 +17,12 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include "rand_lcl.h"
|
||||
#include "internal/rand_int.h"
|
||||
+#include "internal/fips_int.h"
|
||||
#include "rand_local.h"
|
||||
#include "crypto/rand.h"
|
||||
+#include "crypto/fips_int.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#ifdef __linux
|
||||
@ -119,7 +119,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
# ifdef DEVRANDOM_WAIT
|
||||
# include <sys/shm.h>
|
||||
# include <sys/utsname.h>
|
||||
@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
@ -128,7 +128,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
*/
|
||||
@ -136,7 +136,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
@ -150,7 +150,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t entropy_available;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
@ -160,7 +160,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
{
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@ -169,7 +169,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
@ -181,7 +181,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -51,10 +51,10 @@ Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
|
||||
};
|
||||
|
||||
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
|
||||
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
|
||||
Index: openssl-1.1.1d/include/crypto/evp.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h 2020-01-23 13:45:11.468634429 +0100
|
||||
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2020-01-23 13:45:11.488634548 +0100
|
||||
--- openssl-1.1.1d.orig/include/crypto/evp.h 2020-01-23 13:45:11.468634429 +0100
|
||||
+++ openssl-1.1.1d/include/crypto/evp.h 2020-01-23 13:45:11.488634548 +0100
|
||||
@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_m
|
||||
extern const EVP_KDF_METHOD scrypt_kdf_meth;
|
||||
extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
|
||||
@ -118,7 +118,7 @@ Index: openssl-1.1.1d/crypto/kdf/sshkdf.c
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+/* See RFC 4253, Section 7.2 */
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
|
||||
size 8845861
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13oWoACgkQ2cTSbQ5g
|
||||
RJH0Agf+IekQXtSPsrn/5RMgXFGSyK+S1BpFhyoJRvDocVZAxwgvd4F1fcYkFVXH
|
||||
5+Q6o6s6tIDb+VkuIajcDxTQvrFoXKWMbsFsu3NBAan5R0OlYINRYtXULg0ZqQv4
|
||||
zxclCSLQTpuMyptuGGbg0/8+9IAhGFk2XSA5EEI+SC6lswRQiT7p6dbULj4CvH3m
|
||||
7mqovojAAaEJpgfG8b+L+QBJ4XId99uC6tiLM1tTMCsn1ErLsTd366fzEpC1w12a
|
||||
V/gWQ1mVs+bmSRySPx8mO4CpHfhAI+sZrSsWG+UXP9Guf9YKHFLJDiSrX7EmvszR
|
||||
B+/LvZqce4iCnwCUoIuYhxM6EybDdQ==
|
||||
=v5CI
|
||||
-----END PGP SIGNATURE-----
|
3
openssl-1.1.1e.tar.gz
Normal file
3
openssl-1.1.1e.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe
|
||||
size 9792634
|
11
openssl-1.1.1e.tar.gz.asc
Normal file
11
openssl-1.1.1e.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl5w3zsACgkQ2cTSbQ5g
|
||||
RJGAhAgAuX8zgGf2QK/fx1H1zmyR3j0oetXHb+tohlqITZYWl1V3nG4rciL0awOI
|
||||
vBXNFQHKLBC+yY8AwXUqymGyOUTCEANT+ENeC9bfKigoEgo26V+bMzkU5dST3khy
|
||||
scaYT4TEAjNVHeDb3Bt5jh8H/dNeUIKKan9ng29zrSfSHd7nXMEgPQMCgxSLdyYQ
|
||||
Ej1VnFhuIc4e6I4tXWPUUhG3jqezpuOJi6h29DUg3mG+4UIyFXAUJr8vIg3ldasG
|
||||
/A1QNVRMKROUHe1Bhm5v6zS7p9OnVHPkXPcoJTtIaciIU4wGMeeo/zoEgng+opin
|
||||
X5+7jkfapyP9z+7CSl85BcrW3xrK+g==
|
||||
=+Xvm
|
||||
-----END PGP SIGNATURE-----
|
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,48 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 20 11:58:08 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Update to 1.1.1e
|
||||
* Properly detect EOF while reading in libssl. Previously if we hit an EOF
|
||||
while reading in libssl then we would report an error back to the
|
||||
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
|
||||
an error to the stack (which means we instead return SSL_ERROR_SSL) and
|
||||
therefore give a hint as to what went wrong.
|
||||
* Check that ed25519 and ed448 are allowed by the security level. Previously
|
||||
signature algorithms not using an MD were not being checked that they were
|
||||
allowed by the security level.
|
||||
* Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
|
||||
was not quite right. The behaviour was not consistent between resumption
|
||||
and normal handshakes, and also not quite consistent with historical
|
||||
behaviour. The behaviour in various scenarios has been clarified and
|
||||
it has been updated to make it match historical behaviour as closely as
|
||||
possible.
|
||||
* Corrected the documentation of the return values from the EVP_DigestSign*
|
||||
set of functions. The documentation mentioned negative values for some
|
||||
errors, but this was never the case, so the mention of negative values
|
||||
was removed.
|
||||
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
|
||||
The presence of this system service is determined at run-time.
|
||||
* Added newline escaping functionality to a filename when using openssl dgst.
|
||||
This output format is to replicate the output format found in the '*sum'
|
||||
checksum programs. This aims to preserve backward compatibility.
|
||||
* Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
|
||||
the first value.
|
||||
- Update bunch of patches as the internal crypto headers got reorganized
|
||||
- drop openssl-1_1-CVE-2019-1551.patch (upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 20 10:22:27 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- openssl dgst: default to SHA256 only when called without a digest,
|
||||
not when it couldn't be found (bsc#1166189)
|
||||
* add openssl-unknown_dgst.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 4 08:23:23 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Limit the DRBG selftests to not deplete entropy (bsc#1165274)
|
||||
* update openssl-fips_selftest_upstream_drbg.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 26 13:28:14 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
||||
%define _rname openssl
|
||||
Name: openssl-1_1
|
||||
# Don't forget to update the version in the "openssl" package!
|
||||
Version: 1.1.1d
|
||||
Version: 1.1.1e
|
||||
Release: 0
|
||||
Summary: Secure Sockets and Transport Layer Security
|
||||
License: OpenSSL
|
||||
@ -50,9 +50,6 @@ Patch10: 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
|
||||
Patch11: 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch
|
||||
Patch12: 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
|
||||
Patch13: 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
|
||||
# OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551
|
||||
# PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64
|
||||
Patch15: openssl-1_1-CVE-2019-1551.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1152695 jsc#SLE-7861 Support for CPACF enhancements - part 1 (crypto)
|
||||
Patch16: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
|
||||
Patch17: openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
|
||||
@ -85,6 +82,7 @@ Patch43: openssl-keep_EVP_KDF_functions_version.patch
|
||||
Patch44: openssl-fips_fix_selftests_return_value.patch
|
||||
Patch45: openssl-fips-add-SHA3-selftest.patch
|
||||
Patch46: openssl-fips_selftest_upstream_drbg.patch
|
||||
Patch47: openssl-unknown_dgst.patch
|
||||
# PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto)
|
||||
Patch50: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
|
||||
Patch51: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
|
||||
|
@ -13,7 +13,7 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9348)
|
||||
---
|
||||
crypto/ec/ec2_smpl.c | 3 +
|
||||
crypto/ec/ec_lcl.h | 15 +++++
|
||||
crypto/ec/ec_local.h | 15 +++++
|
||||
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
|
||||
crypto/ec/ecp_mont.c | 3 +
|
||||
crypto/ec/ecp_nist.c | 3 +
|
||||
@ -27,10 +27,10 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
include/openssl/ecerr.h | 1 +
|
||||
13 files changed, 119 insertions(+), 36 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ec2_smpl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec2_smpl.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ec2_smpl.c 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ec2_smpl.c 2020-03-20 13:03:17.247276054 +0100
|
||||
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -41,10 +41,10 @@ Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
ec_GF2m_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
Index: openssl-1.1.1e/crypto/ec/ec_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ec_local.h 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ec_local.h 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -179,6 +179,14 @@ struct ec_method_st {
|
||||
/* custom ECDH operation */
|
||||
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
|
||||
@ -74,13 +74,13 @@ Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
|
||||
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
|
||||
const uint8_t public_key[32], const uint8_t private_key[32]);
|
||||
Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecdsa_ossl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecdsa_ossl.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:54.463471314 +0100
|
||||
@@ -14,6 +14,41 @@
|
||||
#include "internal/bn_int.h"
|
||||
#include "ec_lcl.h"
|
||||
#include "crypto/bn.h"
|
||||
#include "ec_local.h"
|
||||
|
||||
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
+ BIGNUM **rp)
|
||||
@ -359,10 +359,10 @@ Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
|
||||
goto err;
|
||||
}
|
||||
/* if the signature is correct u1 is equal to sig->r */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_mont.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_mont.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_mont.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_mont.c 2020-03-20 13:03:13.823258089 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_mont.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -373,10 +373,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nist.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nist.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nist.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nist.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nist.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -387,10 +387,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistp224.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
||||
ec_key_simple_generate_public_key,
|
||||
0, /* keycopy */
|
||||
@ -401,11 +401,11 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
||||
ecdh_simple_compute_key,
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistp256.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp256.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
||||
@@ -1809,6 +1809,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
@ -415,11 +415,11 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistp521.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp521.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
||||
@@ -1651,6 +1651,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
@ -429,11 +429,11 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_nistz256.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistz256.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
||||
@@ -1689,6 +1689,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
@ -443,10 +443,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
|
||||
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_s390x_nistp.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
NULL, /* keycopy */ \
|
||||
NULL, /* keyfinish */ \
|
||||
@ -457,10 +457,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
NULL, /* field_inverse_mod_ord */ \
|
||||
ec_GFp_simple_blind_coordinates, \
|
||||
ec_GFp_simple_ladder_pre, \
|
||||
Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_smpl.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ecp_smpl.c
|
||||
+++ openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_smpl.c 2020-03-20 13:03:13.827258110 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_smpl.c 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -471,10 +471,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
Index: openssl-1.1.1e/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
|
||||
+++ openssl-1.1.1d/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:03:13.831258131 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
||||
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
||||
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
||||
@ -493,7 +493,7 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
|
||||
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
|
||||
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
|
||||
@@ -2130,6 +2134,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
||||
@@ -2133,6 +2137,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
||||
EC_R_CANNOT_INVERT:165:cannot invert
|
||||
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
|
||||
@ -501,10 +501,10 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
||||
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
|
||||
EC_R_DECODE_ERROR:142:decode error
|
||||
Index: openssl-1.1.1d/include/openssl/ecerr.h
|
||||
Index: openssl-1.1.1e/include/openssl/ecerr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
|
||||
+++ openssl-1.1.1d/include/openssl/ecerr.h
|
||||
--- openssl-1.1.1e.orig/include/openssl/ecerr.h 2020-03-20 13:03:13.831258131 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/ecerr.h 2020-03-20 13:03:17.251276075 +0100
|
||||
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_ECDSA_SIGN_EX 254
|
||||
# define EC_F_ECDSA_SIGN_SETUP 248
|
||||
@ -515,7 +515,7 @@ Index: openssl-1.1.1d/include/openssl/ecerr.h
|
||||
# define EC_F_ECDSA_VERIFY 253
|
||||
# define EC_F_ECD_ITEM_VERIFY 270
|
||||
# define EC_F_ECKEY_PARAM2TYPE 223
|
||||
@@ -185,6 +186,7 @@ int ERR_load_EC_strings(void);
|
||||
@@ -185,6 +188,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_O2I_ECPUBLICKEY 152
|
||||
# define EC_F_OLD_EC_PRIV_DECODE 222
|
||||
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
|
||||
@ -523,7 +523,7 @@ Index: openssl-1.1.1d/include/openssl/ecerr.h
|
||||
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
|
||||
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
|
||||
# define EC_F_PKEY_ECD_CTRL 271
|
||||
@@ -212,6 +214,7 @@ int ERR_load_EC_strings(void);
|
||||
@@ -212,6 +216,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_R_CANNOT_INVERT 165
|
||||
# define EC_R_COORDINATES_OUT_OF_RANGE 146
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
|
||||
|
@ -14,7 +14,7 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
---
|
||||
crypto/ec/build.info | 3 +-
|
||||
crypto/ec/ec_curve.c | 42 +++++---
|
||||
crypto/ec/ec_lcl.h | 5 +
|
||||
crypto/ec/ec_local.h | 5 +
|
||||
crypto/ec/ecp_s390x_nistp.c | 197 ++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 234 insertions(+), 13 deletions(-)
|
||||
create mode 100644 crypto/ec/ecp_s390x_nistp.c
|
||||
@ -65,10 +65,10 @@ Index: openssl-1.1.1d/crypto/ec/ec_curve.c
|
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
EC_GFp_nistp256_method,
|
||||
#else
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_local.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_local.h
|
||||
@@ -587,6 +587,11 @@ int ec_group_simple_order_bits(const EC_
|
||||
*/
|
||||
const EC_METHOD *EC_GFp_nistz256_method(void);
|
||||
@ -98,7 +98,7 @@ Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
|
||||
+#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include "ec_lcl.h"
|
||||
+#include "ec_local.h"
|
||||
+#include "s390x_arch.h"
|
||||
+
|
||||
+/* Size of parameter blocks */
|
||||
|
@ -1,7 +1,7 @@
|
||||
Index: openssl-1.1.1d/crypto/fips/drbgtest.c
|
||||
Index: openssl-1.1.1e/crypto/fips/drbgtest.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/fips/drbgtest.c 2020-02-26 19:21:37.798616477 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/drbgtest.c 2020-03-20 14:15:42.114115340 +0100
|
||||
@@ -0,0 +1,1178 @@
|
||||
+/*
|
||||
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -20,8 +20,8 @@ Index: openssl-1.1.1d/crypto/fips/drbgtest.c
|
||||
+#include <openssl/obj_mac.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/aes.h>
|
||||
+#include "../crypto/rand/rand_lcl.h"
|
||||
+#include "../crypto/include/internal/rand_int.h"
|
||||
+#include "../crypto/rand/rand_local.h"
|
||||
+#include "../include/crypto/rand.h"
|
||||
+
|
||||
+#if defined(_WIN32)
|
||||
+# include <windows.h>
|
||||
@ -1181,10 +1181,10 @@ Index: openssl-1.1.1d/crypto/fips/drbgtest.c
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
Index: openssl-1.1.1d/crypto/fips/drbgtest.h
|
||||
Index: openssl-1.1.1e/crypto/fips/drbgtest.h
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ openssl-1.1.1d/crypto/fips/drbgtest.h 2020-02-26 14:33:10.746715249 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/drbgtest.h 2020-03-20 14:15:42.114115340 +0100
|
||||
@@ -0,0 +1,579 @@
|
||||
+/*
|
||||
+ * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1765,10 +1765,10 @@ Index: openssl-1.1.1d/crypto/fips/drbgtest.h
|
||||
+ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67,
|
||||
+ 0xf6, 0x02, 0x32, 0xe2
|
||||
+};
|
||||
Index: openssl-1.1.1d/crypto/fips/fips_post.c
|
||||
Index: openssl-1.1.1e/crypto/fips/fips_post.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips_post.c 2020-02-26 14:33:10.438713461 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips_post.c 2020-02-26 16:44:09.488165757 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/fips/fips_post.c 2020-03-20 14:15:40.018104341 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-20 14:15:42.114115340 +0100
|
||||
@@ -51,7 +51,6 @@
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
@ -1777,22 +1777,10 @@ Index: openssl-1.1.1d/crypto/fips/fips_post.c
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/hmac.h>
|
||||
Index: openssl-1.1.1d/crypto/rand/rand_lib.c
|
||||
Index: openssl-1.1.1e/crypto/fips/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/rand/rand_lib.c 2020-02-26 14:33:10.442713484 +0100
|
||||
+++ openssl-1.1.1d/crypto/rand/rand_lib.c 2020-02-26 16:43:50.992058552 +0100
|
||||
@@ -18,7 +18,6 @@
|
||||
#include "e_os.h"
|
||||
#ifdef OPENSSL_FIPS
|
||||
# include <openssl/fips.h>
|
||||
-# include <openssl/fips_rand.h>
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
Index: openssl-1.1.1d/crypto/fips/build.info
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/build.info 2020-02-26 16:41:37.415284331 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/build.info 2020-02-26 16:42:55.943739496 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/fips/build.info 2020-03-20 14:15:40.018104341 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/build.info 2020-03-20 14:15:42.114115340 +0100
|
||||
@@ -2,7 +2,7 @@ LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \
|
||||
@ -1802,10 +1790,10 @@ Index: openssl-1.1.1d/crypto/fips/build.info
|
||||
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
||||
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
||||
fips_dh_selftest.c fips_ers.c
|
||||
Index: openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c
|
||||
Index: openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips_drbg_selftest.c 2020-02-26 16:41:37.415284331 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c 2020-02-26 16:42:55.943739496 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/fips/fips_drbg_selftest.c 2020-03-20 14:15:40.018104341 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-20 14:15:42.114115340 +0100
|
||||
@@ -774,6 +774,7 @@ int FIPS_drbg_health_check(DRBG_CTX *dct
|
||||
return rv;
|
||||
}
|
||||
@ -1822,10 +1810,10 @@ Index: openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c
|
||||
|
||||
int FIPS_selftest_drbg_all(void)
|
||||
{
|
||||
Index: openssl-1.1.1d/crypto/fips/fips.c
|
||||
Index: openssl-1.1.1e/crypto/fips/fips.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-02-26 14:33:10.642714645 +0100
|
||||
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-02-26 16:44:16.508206446 +0100
|
||||
--- openssl-1.1.1e.orig/crypto/fips/fips.c 2020-03-20 14:15:40.018104341 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-20 14:15:42.114115340 +0100
|
||||
@@ -50,7 +50,6 @@
|
||||
#define _GNU_SOURCE
|
||||
|
||||
|
@ -15,16 +15,16 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
crypto/err/openssl.txt | 2 +
|
||||
2 files changed, 200 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
|
||||
index 0b03d7fd04..be81f0b8f0 100644
|
||||
--- a/crypto/ec/ecp_s390x_nistp.c
|
||||
+++ b/crypto/ec/ecp_s390x_nistp.c
|
||||
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:13:44.618571104 +0100
|
||||
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:14:20.398759363 +0100
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/rand.h>
|
||||
#include "ec_lcl.h"
|
||||
#include "ec_local.h"
|
||||
#include "s390x_arch.h"
|
||||
|
||||
@@ -28,6 +29,15 @@
|
||||
@ -207,7 +207,7 @@ index 0b03d7fd04..be81f0b8f0 100644
|
||||
#define EC_GFP_S390X_NISTP_METHOD(bits) \
|
||||
\
|
||||
static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
|
||||
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mu
|
||||
S390X_SIZE_P##bits); \
|
||||
} \
|
||||
\
|
||||
@ -237,7 +237,7 @@ index 0b03d7fd04..be81f0b8f0 100644
|
||||
const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
{ \
|
||||
static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
|
||||
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
NULL, /* keyfinish */ \
|
||||
ecdh_simple_compute_key, \
|
||||
ecdsa_simple_sign_setup, \
|
||||
@ -248,7 +248,7 @@ index 0b03d7fd04..be81f0b8f0 100644
|
||||
NULL, /* field_inverse_mod_ord */ \
|
||||
ec_GFp_simple_blind_coordinates, \
|
||||
ec_GFp_simple_ladder_pre, \
|
||||
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
|
||||
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
|
||||
}; \
|
||||
static const EC_METHOD *ret; \
|
||||
\
|
||||
@ -263,11 +263,11 @@ index 0b03d7fd04..be81f0b8f0 100644
|
||||
ret = &EC_GFp_s390x_nistp##bits##_meth; \
|
||||
else \
|
||||
ret = EC_GFp_mont_method(); \
|
||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||
index 035bd729f3..5d5981035c 100644
|
||||
--- a/crypto/err/openssl.txt
|
||||
+++ b/crypto/err/openssl.txt
|
||||
@@ -554,6 +554,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
Index: openssl-1.1.1e/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:13:44.618571104 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:14:02.446664907 +0100
|
||||
@@ -499,6 +499,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
||||
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
||||
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
||||
@ -276,6 +276,3 @@ index 035bd729f3..5d5981035c 100644
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
||||
--
|
||||
2.24.0
|
||||
|
||||
|
@ -16,7 +16,7 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
crypto/dsa/dsa_pmeth.c | 7 +-
|
||||
crypto/ec/build.info | 2 +-
|
||||
crypto/ec/ec_curve.c | 12 +-
|
||||
crypto/ec/ec_lcl.h | 2 +-
|
||||
crypto/ec/ec_local.h | 2 +-
|
||||
crypto/ec/ec_pmeth.c | 7 +-
|
||||
crypto/ec/ecx_meth.c | 672 +++++++++++++++++++++++++++++-
|
||||
crypto/err/openssl.txt | 6 +
|
||||
@ -122,10 +122,10 @@ Index: openssl-1.1.1d/crypto/ec/ec_curve.c
|
||||
EC_GFp_s390x_nistp256_method,
|
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
EC_GFp_nistp256_method,
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
Index: openssl-1.1.1d/crypto/ec/ec_local.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
|
||||
--- openssl-1.1.1d.orig/crypto/ec/ec_local.h
|
||||
+++ openssl-1.1.1d/crypto/ec/ec_local.h
|
||||
@@ -595,7 +595,7 @@ int ec_group_simple_order_bits(const EC_
|
||||
*/
|
||||
const EC_METHOD *EC_GFp_nistz256_method(void);
|
||||
@ -938,7 +938,7 @@ Index: openssl-1.1.1d/crypto/evp/pmeth_lib.c
|
||||
--- openssl-1.1.1d.orig/crypto/evp/pmeth_lib.c
|
||||
+++ openssl-1.1.1d/crypto/evp/pmeth_lib.c
|
||||
@@ -17,60 +17,67 @@
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
#include "internal/numbers.h"
|
||||
|
||||
+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
|
||||
@ -1068,10 +1068,10 @@ Index: openssl-1.1.1d/crypto/evp/pmeth_lib.c
|
||||
if (app_pkey_methods == NULL)
|
||||
return NULL;
|
||||
idx -= OSSL_NELEM(standard_methods);
|
||||
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
|
||||
Index: openssl-1.1.1d/include/crypto/evp.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h
|
||||
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h
|
||||
--- openssl-1.1.1d.orig/include/crypto/evp.h
|
||||
+++ openssl-1.1.1d/include/crypto/evp.h
|
||||
@@ -93,24 +93,24 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
|
||||
|
||||
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
|
||||
|
@ -19,10 +19,10 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
crypto/s390xcpuid.pl | 31 ++-
|
||||
3 files changed, 556 insertions(+), 13 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1d/crypto/s390x_arch.h
|
||||
Index: openssl-1.1.1e/crypto/s390x_arch.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
|
||||
+++ openssl-1.1.1d/crypto/s390x_arch.h
|
||||
--- openssl-1.1.1e.orig/crypto/s390x_arch.h 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/s390x_arch.h 2020-03-20 17:29:30.459520742 +0100
|
||||
@@ -49,6 +49,9 @@ struct OPENSSL_s390xcap_st {
|
||||
|
||||
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
@ -75,15 +75,15 @@ Index: openssl-1.1.1d/crypto/s390x_arch.h
|
||||
# define S390X_TRNG 114
|
||||
|
||||
/* Register 0 Flags */
|
||||
Index: openssl-1.1.1d/crypto/s390xcap.c
|
||||
Index: openssl-1.1.1e/crypto/s390xcap.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcap.c
|
||||
+++ openssl-1.1.1d/crypto/s390xcap.c
|
||||
--- openssl-1.1.1e.orig/crypto/s390xcap.c 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/s390xcap.c 2020-03-20 17:29:58.011664305 +0100
|
||||
@@ -13,15 +13,51 @@
|
||||
#include <setjmp.h>
|
||||
#include <signal.h>
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "internal/ctype.h"
|
||||
+#include "crypto/ctype.h"
|
||||
#include "s390x_arch.h"
|
||||
|
||||
+#define LEN 128
|
||||
@ -636,10 +636,10 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
|
||||
+ free(buff);
|
||||
+ return rc;
|
||||
}
|
||||
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
Index: openssl-1.1.1e/crypto/s390xcpuid.pl
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
|
||||
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
|
||||
--- openssl-1.1.1e.orig/crypto/s390xcpuid.pl 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/s390xcpuid.pl 2020-03-20 17:29:30.459520742 +0100
|
||||
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
|
||||
stg %r0,S390X_STFLE+16(%r4)
|
||||
|
@ -6,7 +6,7 @@ Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
|
||||
|
||||
#ifdef S390X_EC_ASM
|
||||
# include "s390x_arch.h"
|
||||
+# include "internal/constant_time_locl.h"
|
||||
+# include "internal/constant_time.h"
|
||||
|
||||
static void s390x_x25519_mod_p(unsigned char u[32])
|
||||
{
|
||||
@ -61,10 +61,10 @@ Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
|
||||
|
||||
s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
|
||||
param.x448.d_src[63] &= 252;
|
||||
Index: openssl-1.1.1d/include/internal/constant_time_locl.h
|
||||
Index: openssl-1.1.1d/include/internal/constant_timeh
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/include/internal/constant_time_locl.h
|
||||
+++ openssl-1.1.1d/include/internal/constant_time_locl.h
|
||||
--- openssl-1.1.1d.orig/include/internal/constant_time.h
|
||||
+++ openssl-1.1.1d/include/internal/constant_time.h
|
||||
@@ -353,6 +353,34 @@ static ossl_inline void constant_time_co
|
||||
}
|
||||
|
||||
|
15
openssl-unknown_dgst.patch
Normal file
15
openssl-unknown_dgst.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Index: openssl-1.1.1d/apps/dgst.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1d.orig/apps/dgst.c 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/apps/dgst.c 2020-03-20 11:20:27.618536409 +0100
|
||||
@@ -95,6 +95,10 @@ int dgst_main(int argc, char **argv)
|
||||
prog = opt_progname(argv[0]);
|
||||
buf = app_malloc(BUFSIZE, "I/O buffer");
|
||||
md = EVP_get_digestbyname(prog);
|
||||
+ if (md == NULL && strcmp(prog, "dgst") != 0) {
|
||||
+ BIO_printf(bio_err, "%s is not a known digest\n", prog);
|
||||
+ goto end;
|
||||
+ }
|
||||
|
||||
prog = opt_init(argc, argv, dgst_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
Loading…
Reference in New Issue
Block a user